The code below is meant to insert values into a MySQL Database if the passwords match, the username or email isn't used already. This code is called from ajax on another page. When it is called, the page redirects me to register.php instead of being completed on the backend by ajax. Does anybody see any issues that could be causing this? It doesn't give me any errors, just a blank white page.
$user = strip_tags(htmlspecialchars($_POST['user'], ENT_QUOTES));
$pass = strip_tags(htmlspecialchars($_POST['pass'], ENT_QUOTES));
$cpass = strip_tags(htmlspecialchars($_POST['cpass'], ENT_QUOTES));
$age = strip_tags(htmlspecialchars($_POST['age'], ENT_QUOTES));
$email = strip_tags(htmlspecialchars($_POST['email'], ENT_QUOTES));
$country = strip_tags(htmlspecialchars($_POST['count'], ENT_QUOTES));
$lang = strip_tags(htmlspecialchars($_POST['lang'], ENT_QUOTES));
$mdpass = md5($pass);
$mdcpass = md5($cpass);
$created = Date("Y-m-d");
$result = mysql_query("SELECT username,email FROM tableName WHERE username = '$user'");
while ($row = mysql_fetch_array($result))
{
if ($row['username']>0) {
echo 'nvuname';
}
elseif ($row['email']>0)
{
echo 'nvemail';
}
else
{
if ($mdpass == $mdcpass && $age>>14)
{
mysql_query("INSERT INTO tableName (username, pword, email,created,admin,rnumenab,autoreload,country,mailenab,updates,lang) VALUES ($user, $mdpass, $email, $created,'0','1','1',$country,'1','0',$lang)");
echo 'success';
}
}
JavaScript:
$("#regsubmit").click(function() {
var action = $("#mainReg").attr('action');
var form_data = {
user: $("#user-reg").val(),
pass: $("#pass-reg").val(),
cpass: $("#cpass-reg").val(),
email: $("#email").val(),
age: $("#age").val()
};
$.ajax({
type: "POST",
url: action,
data: form_data,
success: function(result)
{
if(result=='success') {
$('#register-action').animate({
opacity : '-=1',
bottom : '-=60%'
}, 600);
$('#register-action-bckgnd').hide();
$('.message').fadeOut(600);
} else {
$('.regerror').fadeIn(600);
}
}
});
return false;
});
Thanks, and if you see any issues please let me know. Thank you so much!
Also:How do I sanitize my inputs so no HTML tags are included or did the strip_tags do that? Thanks.
EDIT: It now works and submits the page doesn't reload, but it always returns error instead of success even if I am sure I am using an open email, username. Turns out I had ('$age') instead of ('#age'). Ideas?