Beginner Sign up page php code problem


#1

Im currently quite new to php programming and am having a tough time finding an error somewhere in my code, the code is for a sign up page. however since converting the code from basic sql to prepared statements i cant get it to function. Any help would be appreciated, Thank you.

[php]<?php
ob_start();
session_start();
if( isset($_SESSION[‘user’])!="" ){
header(“Location: Profile.php”);
}
include_once ‘Config.php’;

$error = false;

if ( isset($_POST[‘btn-signup’]) ) {

// clean user inputs to prevent sql injections
$name = trim($_POST[‘name’]);
$name = strip_tags($name);
$name = htmlspecialchars($name);

$email = trim($_POST[‘email’]);
$email = strip_tags($email);
$email = htmlspecialchars($email);

$pass = trim($_POST[‘pass’]);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);

// basic name validation
if (empty($name)) {
$error = true;
$nameError = “Please enter your full name.”;
} else if (strlen($name) < 3) {
$error = true;
$nameError = “Name must have atleat 3 characters.”;
} else if (!preg_match("/^[a-zA-Z ]+$/",$name)) {
$error = true;
$nameError = “Name must contain alphabets and space.”;
}

// email validation
if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
$error = true;
$emailError = “Please enter valid email address.”;
} else {
// check if email already exists
$query = “SELECT Email FROM ‘Users’ WHERE Email=’$email’”;
$result = mysqli_query($db,$query);
$count = mysqli_num_rows($result);
if($count!=0){
$error = true;
$emailError = “Provided Email is already in use.”;
}
}
// password validation
if (empty($pass)){
$error = true;
$passError = “Please enter password.”;
} else if(strlen($pass) < 6) {
$error = true;
$passError = “Password must have atleast 6 characters.”;
}

// password encrypt using SHA256()
$password = hash(‘sha256’, $pass);

// if there’s no error, continue to signup
if( !$error ) {

if ($insert_stmt = $db->prepare(“INSERT INTO Users (Username, Password, Email) VALUES (’$name’ ,’$password’ ,’$email’)”)) {
$insert_stmt->bind_param($username, $password, $email);
$insert_stmt->execute();
if($stmt->execute()){
$result = $stmt->get_result();
}
}

if ($result) {
$errTyp = “success”;
$errMSG = “Successfully registered, you may login now”;
unset($name);
unset($email);
unset($pass);
} else {
$errTyp = “danger”;
$errMSG = “Something went wrong, try again later…”;
}

}

}
?>[/php]