Registeration problem

samad125

Hello i am new to php and facing problem the following code is not working fine for me when i put username and password it post blank username and password into database neither it is searching for users that already exist before tell me where i am wrong

<?php

error_reporting(0);

$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="test1"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$query = "SELECT * FROM members WHERE username='".$HTTP_POST_VARS['username']."'";

$results = mysql_query($query);

if(mysql_num_rows($results) > 0) {
echo "Sorry, but the username you chose is already taken";
} else {
$query = "INSERT INTO members(username,password) VALUES('".$HTTP_POST_VARS['username']."','".$HTTP_POST_VARS['password']."')";

$results = mysql_query($query);

			echo "Your details have been added Thankyou For registering";

}
?>

Emma

I'm guessing that as $HTTP_POST_VARS is deprecated it may have something to do with it. Look at the PHP manual for more information php.net/manual/en/reserved.variables.post.php.

johanafm

And also have a look at http://xkcd.com/327/

User supplied input really can screw you over badly. Either sanitize input data, or use prepared statements.

vividona

use $_POST['username'] instead of $HTTP_POST_VARS['username']

$query = "SELECT * FROM members WHERE username='".$_POST['username']."' AND password='".$_POST['password']."'";
$results = mysql_query($query);

if(mysql_num_rows($results) > 0) {
echo "Sorry, but the username you chose is already taken";
} else {
$query = "INSERT INTO members(username,password) VALUES('".$_POST['username']."','".$_POST['password']."')";
$results = mysql_query($query);

echo "Your details have been added Thankyou For registering";