I am learning php (please be gentle with me - I am a front-end dev trying to learn the dark art of PHP) I know this script fails to have the correct measures in for security etc etc but I am using as a base to get me going. I fail to spot any errors in my script but for some reason when I hit register the page refreshes blank with no errors and show nothing in the DB to suggest it has been inserted successfully?
Real wanting somebody to cast an eye over this and see whats going wrong.
<?php
$page_title = 'Register';
include ('includes/header.html');
if ($_SERVER ['REQUEST_METHOD'] == 'POST')
{
require ('../connect_db.php');
$errors = array();
// Takes value provided in first name input field
if(empty($_POST['first_name']))
{ $errors[] = 'Enter your first name here'; }
else
{ $fn = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); }
// Takes value provided in last name input field
if(empty($_POST['last_name']))
{ $errors[] = 'Enter your last name here'; }
else
{ $fn = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); }
// Takes value provided in email input field
if(empty($_POST['email']))
{ $errors[] = 'Enter your email address'; }
else
{ $ln = mysqli_real_escape_string($dbc, trim($_POST['email'])); }
// Takes value provided in passwor input field & then checks if they match
if(empty($_POST['pass1']))
{
if($_POST[ 'pass1' ] != $_POST[ 'pass2' ])
{ $errors[] = 'Passwords do not match.'; }
else
{ $p = mysqli_real_escape_string($dbc, trim( $_POST['pass1'])); }
}
else{ $errors[] = 'Enter your password.'; }
//This then checks to see if the email is already registered
if($empty( $errors ))
{
$q = "SELECT user_id FROM users WHERE email='$e'";
$r = mysqli_query ($dbc, $q);
if(mysqli_num_rows($r) !=0 )
{ $errors[] = 'Email address already registered. <a href="login.php">Login</a>'; }
}
//The information will then be stored into the database when successful
if($empty( $errors ))
{
$q = "INSERT INTO users (first_name, last_name, email, pass, reg_date) VALUES ('$fn,'$in','$e', SHA1('$p'), NOW() )";
$r = mysqli_query ($dbc, $q);
if( $r )
{
echo '<h1>Registered!</h1>
<p>You are now registered.</hp
<p><a href="login.php">Login</a></p>';
}
mysqli_close( $dbc );
include ('includes/footer.html');
exit();
}
//Appended statement to show any errors that may occur
else
{
echo '<h1>Error!</h1>
<p id="err_msg">The following error(s) occured:<br>';
foreach ( $errors as $msg )
{
echo "- $msg<br>";
}
echo 'Please try again</p>';
mysqli_close( $dbc );
}
}
?>
<!-- Form begins here -->
<h1>Register</h1>
<form action="register.php" method="POST">
<p>
First name: <input type="text" name="first_name" value="<?php echo $_POST[ 'first_name' ]; ?>"><br><br>
Last name: <input type="text" name="last_name" value="<?php echo $_POST[ 'last_name' ]; ?>"><br><br>
Email Address: <input type="text" name="email" value="<?php echo $_POST[ 'email' ]; ?>"><br><br>
Password: <input type="text" name="pass1" value="<?php echo $_POST[ 'pass1' ]; ?>"><br><br>
Confirm Password: <input type="pass2" name="password" value="<?php echo $_POST[ 'pass2' ]; ?>"><br><br>
</p>
<input type="submit" value="Register"></p>
</form>
My connect file is sat in the root and I know it has a valid connection. (I hope that isn't the issue anyway)
