<?php
$conn=mysqli_connect("localhost", "root", "","users");
if (!$conn) {
echo "Bad connection!!!";
}
$user_name=$_POST['user_name'];
$user_password=$_POST['user_password'];
$sql_check=mysqli_query($conn, "SELECT user_name, password FROM user_info WHERE user_name='$user_name' AND password='$user_password'") or die("Bad sql query");
if (mysqli_num_rows($sql_check)>0) {
echo "user exists";
}
else {
$sql_insert=mysqli_query($conn, "INSERT INTO user_info (id, user_name, password) VALUES (null,'$user_name', '$user_password')");
echo "New user added!!!";
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<form method="POST" action="pdo_konekcija.php">
<input type="text" name="user_name">
<input type="password" name="user_name">
<input type="submit" name="btn_submit" value="REGISTER">
</form>
</body>
</html>
I have basic form for user registration. I can't figure best way for checking if the user exists or not, so if not I want to register new user as you can see from sql statements. How can I include hash() for password for the user_password field? Both fields must be filled for checking and registering process. Can I use this kind of mysql I procedural way for preventing sql injection or not? I am building register/login from scratch so need help, thank you all.