PHP not submitting user details to database?

Question

On my site I have a registration form. Users only need to enter an Email, Password and re enter their password.

However, even when I have filled in all of the fields, I still get an error echoed saying I haven't filled in the forms. I don't understand what I have done wrong (relatively new to PHP)

Please note I have not tried to sanitize user inputs, therefore I know my code will be vulnerable to SQL Injections!!!

<?php
include("database.php");
include("requirements.php");

if(isset($_POST['register'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$confpassword = $_POST['confpassword'];
}

if(isset($password) && isset($email) && isset($confpassword)){
if($password != '' && $email != '' && $confpassword != ''){
    if($password == $confpassword){
        if(strlen($password) <= 20 && strlen($password) >= 6){
            if(strlen($email) > 6){
                $hash = password_hash($password, PASSWORD_DEFAULT);             
                $insert_user = mysqli_query($con, "INSERT INTO users (email, password, salt) VALUES ('".$email."', '".$password."', '".$salt."')");
                    if($insert_user)
                    {
                    echo "Thank you for registering, you can now login to your account and create a listing.";
                    }
                    else
                    {
                    echo "Sorry there was an error - please try again later. If the issue continues please contact support.";
                    }
                }
                else
                {
                echo "You need to insert an email.";
                }
            }
            else
            {
            echo "The entered email address needs to be above 6 characters.";
            }
        }
        else
        {
        echo "The password must be between 6 and 20 characters long.";
        }
    }
    else
    {
    echo "The two passwords you have entered do not match.";
    }
}
else
{
echo "You have not inserted all of the required fields that were needed.";
}

It just skips to the end saying "You have not inserted all of the required fields that were needed." and doesn't even try to query the database.

Database.php just has the connection to database information (Table, password etc.)

Thank you!

Answer 1

By the way, I did a copy of your code, and called it using :

<form action="test.php" method="post">
    <input type="text" name="email" />
    <input type="text" name="password" />
    <input type="text" name="confpassword" />
    <input type="submit" name="register" />
</form>

It works perfectly. I think your mistake is in your HTML form.

Answer 2

I would try to manually assign the values to the PHP variables ($email, $password, $confpassword).

    if(isset($_POST['register'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$confpassword = $_POST['confpassword'];
}

//Test variables
$email = 'test@email.com';
$password = 'testpassword';
$confpassword = 'testpassword';

if(isset($password) && isset($email) && isset($confpassword)){
if($password != '' && $email != '' && $confpassword != ''){

Once you submit the form, if that works fine you know the problem is with your $_POST data getting assigned to the PHP variables. If that does not work you know there is an issue with your logic and how it handles the variables. That will at least narrow down where you need to look.

Answer 3

In order to understand what's happening, you should use the "var_dump($variable)" function at the beggining of your code. It's a debug function that displays the content of a variable (usefull for arrays).

1) If only one of the fields is empty, the name of this field has a problem somewhere.

2) If all the fields are empty, your form or your submit button have a problem.

Just a tip : Instead of using "isset" and then check if your fields are filled, you could use "!empty($variable)", it does exactely the same, in one function call ;)

Lemur