User registration via OOP and Mysql

Question

I am building a registration page for adding users updating their details and as well as logging them in. I am using OOP style to do this. I was following a screen-cast but decided to go all the way. The problem I am having is that I cannot register any user and I am not sure of why its not adding them to the database. Here is my code:

DATABASE.PHP

<?php
equire 'includes/config.php';
class Database {
    private $conn;
    function __construct() {
        $this->conn = new mysqli(DB_SERVER,DB_USER,DB_PASSWORD,DB_NAME) or die(mysqli_error()) ;
    }
function addUser() {
        $query = 
            "INSERT INTO users VALUES(?,?,?,?,?,?,?)";

        if ($stmt = $this->conn->prepare($query)) {
            $stmt->bind_param('sssssss');
            $stmt->execute();
        }

    }

On my Ste users class I have the following:

SITE_USERS.PHP

require 'Database.php';

class siteRegisters {
function register_users($data) {
        $mysql = new Database();
        $ensure_registration = $mysql->addUser($data);

        if ($ensure_registration) {
            $_SESSION['status'] = 'authorised';
            header("location: admin.php");
        }else return "You could not be registered!";
    }

everytime I try to ad a new user I always get the error of "You could not be registered!" My form looks like this:

session_start();
require_once 'classes/siteUsers.php';
$registeres = new siteRegisters();
if ($_POST && 
   !empty($_POST['name']) && !empty($_POST['lastname']) && 
   !empty($_POST['username']) && !empty($_POST['password']) &&
   !empty($_POST['company']) &&  !empty($_POST['email']) &&
   !empty($_POST['phone'])
){
$response = $registeres->register_users($data);
   }
?>
    <form action="" method="post" />
    <fieldset>
  <?php
     if (isset($response)) echo "<h4 class'alert'>". $response ."</h4>";
 ?>
   <dl>
   <dt><label for="name">Name:</label></dt>
   <dd><input type="text" name="name" size="32"  title="Please fill in your Name" /></dd>

  //And so on 

Any Helpful ideas? Please ? I

Answer 1

You're calling register_users() with $data but at this point $data does not exist:

$registeres = new siteRegisters();
if ($_POST && 
   !empty($_POST['name']) && !empty($_POST['lastname']) && 
   !empty($_POST['username']) && !empty($_POST['password']) &&
   !empty($_POST['company']) &&  !empty($_POST['email']) &&
   !empty($_POST['phone'])
){
$response = $registeres->register_users($data);
   }

It looks like you want to pass the $_POST array instead like

$response = $registeres->register_users($_POST);

Answer 2

You sould use ? for params, is what bind_params expect.

You don't need that fprintf, ... what you are doing is concatenating the strings of the data from the user with the SQL. So wen bind_param is executed, stuff like the email is already on the SQL.

Answer 3

$query = sprintf(
    "INSERT INTO users VALUES('',%s,%s,%s,%s,%s,%s,%s)",
    $data['name'], $data['lastname'],
    $data['username'], $data['password'],
    $data['company'], $data['email'],
    $data['phone']
);

Why do you have the sprintf here when you already have bound parameters (the right way to do it) later? Take it out.

$query = "INSERT INTO users VALUES('', ?, ?, ?, ?, ?, ?, ?)";

---

Next, you're passing the undefined variable $data to $registeres->register_users(). Try something like:

if(!empty($_POST['name'])     && !empty($_POST['lastname']) && 
   !empty($_POST['username']) && !empty($_POST['password']) &&
   !empty($_POST['company'])  && !empty($_POST['email'])    &&
   !empty($_POST['phone'])
) {
    $response = $registeres->register_users($_POST);
}