Signup registration is not registering users to the database record?

Question

I am creating a signup registration to connect to the database record. Somehow instead it does not and when I inspect the element from the browser no error, but from the signup.php it goes through else check when there are no password match found.

<pre><?php
    
$showAlert = false;
$showError = false;
$exists=false;
    
if($_SERVER["REQUEST_METHOD"] == "POST") {
    
    // Include file which makes the
    // Database Connection.
    include 'db_config.php';
    
    $username = $_POST["username"];
    $password = $_POST["password"];
    $cpassword = $_POST["cpassword"];
            
    
    $sql = "Select * from signup where username='$username'";
    
    $result = mysqli_query($conn, $sql);
    
    $num = mysqli_num_rows($result);
    
    // This sql query is use to check if
    // the username is already present
    // or not in our Database
    if($num == 0) {
        if(($password == $cpassword) && $exists==false) {
    
            $hash = password_hash($password,
                                PASSWORD_DEFAULT);
                
            // Password Hashing is used here.
            $sql = "INSERT INTO `signup` ( `username`,
                `password`, `date`) VALUES ('$username',
                '$hash', current_timestamp())";
    
            $result = mysqli_query($conn, $sql);
    
            if ($result) {
                $showAlert = true;
            }
        }
        else {
            $showError = "Passwords do not match";
        }   
    }// end if
    
if($num>0)
{
    $exists="Username not available";
}
    
}//end if
    
?>

<?php
    
    if($showAlert) {
    
        echo ' <div class="alert alert-success 
            alert-dismissible fade show" role="alert">
    
            Success! Your account is 
            now created and you can login. 
            <button type="button" class="close"
                data-dismiss="alert" aria-label="Close"> 
                <span aria-hidden="true">×</span> 
            </button> 
        </div> '; 
    }
    
    if($showError) {
    
        echo ' <div class="alert alert-danger 
            alert-dismissible fade show" role="alert"> 
        Error! '. $showError.'
    
       <button type="button" class="close" 
            data-dismiss="alert aria-label="Close">
            <span aria-hidden="true">×</span> 
       </button> 
     </div> '; 
   }
        
    if($exists) {
        echo ' <div class="alert alert-danger 
            alert-dismissible fade show" role="alert">
    
        Error! '. $exists.'
        <button type="button" class="close" 
            data-dismiss="alert" aria-label="Close"> 
            <span aria-hidden="true">×</span> 
        </button>
       </div> '; 
     }
   
?>

// Front end using boostrap
<form action="signup.php" method="post" class="relative z-5  wow fadeInUp">
                            <div class="form-group relative mb-25 mb-sm-20">
                                <input type="text" class="form-control input-lg input-white shadow-5" id="username" placeholder="Username" name="username" required>
                                <i class="far fa-user transform-v-center"></i>
                            </div>
                            <div class="form-group relative mb-25 mb-sm-20">

Is your column wide enough for a hashed password? You should use Prepared Statements instead of concatenating variables into your query like that, for all sorts of reasons. — droopsnoot, Feb 26 '23 at 18:06
It's better to set the username to be unique in your table definition and then just insert the new user and handle the error. The way you are doing this would conceivably allow two users to sign up with the same username. — droopsnoot, Feb 26 '23 at 18:07
I'm also not sure why you check `if(($password == $cpassword) && $exists==false) {` as you don't change `$exists` to reflect existence until much later in the code. — droopsnoot, Feb 26 '23 at 18:10
If your `date` column is always going to be the current-timestamp, give it that as a default value in your table definition and leave it out of the query altogether. — droopsnoot, Feb 26 '23 at 18:11
@droopsnoot you right you on to something there, because i should be a position to allow all new users instead of two users. Let me try and amend this logic and test again — Bunny Egg, Feb 26 '23 at 18:20
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) — Dharman, Feb 26 '23 at 19:19

score -2 · Answer 1 · answered Feb 26 '23 at 22:03

-2

try this

$sql = 'Select Count(*) as record from signup where username="'.$username.'"'
$data=mysql_fetch_assoc($sql);
echo $data['record'];

answered Feb 26 '23 at 22:03

alexandros

22
5

1

No, don't do this. It uses the old-style `mysql_query` call that hasn't been a part of the PHP language for years. New code needs to be written using Prepared Statements, not by sticking user-supplied data into queries. – droopsnoot Feb 27 '23 at 08:50
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/security.database.sql-injection) and should use [parameterized prepared statements](https://stackoverflow.com/q/60174/9193372). – Syscall Feb 27 '23 at 23:25
`mysql_*` extension is **deprecated. Do not use.** – Syscall Feb 27 '23 at 23:26

Signup registration is not registering users to the database record?

1 Answers1