I am trying to create a basic login system. So far I have is a user able to signup. I am using the prepared statement and pdo method. This is the function where I am handling the signups. The where not exists clause is not working. It is giving me an error. Any help will be huge. Thanks in advance. Here is the code I have so far:
<?php
require_once('config.php');
// Should return a PDO
function db_connect() {
try {
// TODO
// try to open database connection using constants set in config.php
// return $pdo;
$servername = DBHOST;
$databasename = DBNAME;
$user = DBUSER;
$password = DBPASS;
$connectionString = "mysql:host=$servername;dbname=$databasename;";
$pdo = new PDO($connectionString,$user,$password);
$pdo -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $pdo;
}
catch (PDOException $e)
{
die($e->getMessage());
}
}
// Handle form submission
function signup() {
global $pdo;
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// TODO
// Prepare the submitted form data and insert it to the database
$username = $_POST['user'];
$userpass = $_POST['pass'];
$statement = $pdo->prepare("INSERT INTO signup(username,password) VALUES(':user',':pass')
SELECT * FROM signup WHERE NOT EXISTS (SELECT * FROM signup WHERE username='$username' AND password='$userpass')
LIMIT 1;
");
$statement->bindValue(':user',$username);
$statement->bindValue(':pass',$userpass);
$statement->execute();
echo "<script type='text/javascript'>";
echo "alert('Signup successful')";
echo "</script>";
}
}