2

I am currently working on a register page for my website. I just need some help as i'm unsure why when i enter the registration details (only 2 fields) it goes to the thank you page, but when i check my database there is not new record under USERS. Below is my code:

<?php

$host="*********"; // Host name 
$username="**********"; // Mysql username 
$password="**********"; // Mysql password 
$db_name="arihealthinfo"; // Database name 
$tbl_name="USERS"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$ParticipantID=$_POST["ParticipantID"];
$password=$_POST["UserPass"];

$sql = "SELECT ID FROM USERS WHERE ID = '$participantID'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

if($count==0)
    {
        $sql = "INSERT INTO USERS (ID, PASSWORD) VALUES ('$participantID', '$password')"; 
        echo "Thank you for registering, you can now login:";
        ?>
        <a href= http://www.arihealth.info/index.php>Login Page.</a>
        <?php
    } else {
        echo "Your ID has already been registered:";
        ?>
        <a href= http://www.arihealth.info/registerphp.php>Register Here.</a>
        <?php
    }
?>
CM25
  • 103
  • 1
  • 1
  • 11

1 Answers1

5

Because you just write your query not execute it. Use mysql_query()

$sql = "INSERT INTO USERS (ID, PASSWORD) VALUES ('$participantID', '$password')"; 
mysql_query($sql);

Also

$participantID!=$ParticipantID

Change your select query to

$sql = "SELECT ID FROM USERS WHERE ID = '$ParticipantID'";

Your query is open for sql injection check How can I prevent SQL injection in PHP?

Don't store plain password in to database check

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/faq.passwords.php

Note :- mysql is deprecated instead use mysqli OR PDO

Community
  • 1
  • 1
Saty
  • 22,443
  • 7
  • 33
  • 51
  • @Saty Thanks it is now inserting the records into the database. But what i noticed now is that it does not check to see if the ID exists prior to insertion. So i had a record in the database with ID = 111111111, when i tried to register with that same ID it simple inserted it into the database as 111111112 instead of rejecting the insert and resorting to the else clause. – CM25 Nov 26 '15 at 07:24
  • Check is your id is set auto incremented in phpmyadmin – Saty Nov 26 '15 at 07:27
  • i removed A.I, but now it just changes the ID to 0. @Saty – CM25 Nov 26 '15 at 07:30
  • Now try to insert new value into database – Saty Nov 26 '15 at 07:38
  • @Saty for some reason now everytime i try to register a new user it goes to the else clause and says that ID has already been taken. This is after making 1 successful record. – CM25 Nov 26 '15 at 07:39
  • When i delete all records now, and try to reenter a new user. It resets the ID to 0 aswell. – CM25 Nov 26 '15 at 07:41
  • Try with different different id and check – Saty Nov 26 '15 at 07:42
  • still same error, after i add 1 user in there (user id for first insert resets to 0 for some reason) i can't add anymore because it keeps going to my else clause and saying there is already a user by that ID – CM25 Nov 26 '15 at 07:44
  • So, the table i have is to store user login credentials (ID, PASSWORD). At the moment when i register a user (While the table is empty) it resets the ID i entered to 0. After that when i try to add another set of ID and PASSWORD it wont insert and it goes to the the ELSE clause in my php that states a user by that ID has already been created. – CM25 Nov 26 '15 at 07:49
  • In select query check `$ParticipantID=$_POST["ParticipantID"];` `$sql = "SELECT ID FROM USERS WHERE ID = '$ParticipantID'"`; – Saty Nov 26 '15 at 07:53
  • `$participantID!=$ParticipantID` check youe select query – Saty Nov 26 '15 at 07:59