Register form process

General PHP Help
#1

With the following code

<?php
extract($_POST);
include("database.php");
$sql=mysqli_query($conn,"SELECT * FROM register where Email='$email'");
if(mysqli_num_rows($sql)>0)
{
    echo "Email Id Already Exists"; 
	exit;
}
else(isset($_POST['save']))
{
    $file = rand(1000,100000)."-".$_FILES['file']['name'];
    $file_loc = $_FILES['file']['tmp_name'];
    $folder="upload/";
    $new_file_name = strtolower($file);
    $final_file=str_replace(' ','-',$new_file_name);
    if(move_uploaded_file($file_loc,$folder.$final_file))
    {
        $query="INSERT INTO register(First_Name, Last_Name, Email, Password, File ) VALUES ('$first_name', '$last_name', '$email', 'md5($pass)', '$final_file')";
        $sql=mysqli_query($conn,$query)or die("Could Not Perform the Query");
        header ("Location: login.php?status=success");
    }
    else 
    {
		echo "Error.Please try again";
	}
}

?>

There is still an error output of syntax error on line 11, please help, what’s wrong with my code

#2

So, first, welcome to the site! Glad you could find us.

Now, we have no idea which is line 11. Normally, you would alter the bad line and add a comment like:
echo “Email Id Already Exists”; // ***** THIS LINE FAILS *****
Or, something that tells us what you need help with.

Also, the extract() function is very unsafe. It let’s hackers access your database. They can place code into your input fields on your form and damage or delete your database. You should not use that in a live webpage. You should look into using the filter_input() functions. They protect your site from hackers, at least with form inputs.

#3

One more comment on form inputs…

Normally you handle forms like this:

if($_SERVER[‘REQUEST_METHOD’] == ‘POST’) { // Use this to see if the form is posted

Inside this clause, you check each of your inputs with if(isset($_POST[“form-field-name”]) {

Inside that clause, you acquire the data using $somevariable = filter_input(INPUT_POST, “field-name”);

This process protects your data from hackers.

#4

An else cannot have an expression after it. If you need to test a condition at that point, you would use an elseif(). However, the existing logic makes no sense. That point is the else for the mysqli_num_rows test. There’s no logical reason to be testing if a post variable exists there. ALL the form processing code should be inside of a single conditional statement that has detected if a post method form has been submitted.

#5

$file = rand(1000,100000)."-".$_FILES[‘file’][‘name’];

This extraction is line 11

#6

Thanks Alex
Actually, I’m new to php
But I have a set of coffee similar to what you have posted.
Then I will need a guide, I tried it together with the validations in between, but I doesn’t worked accordingly on submit button.

#7

Remove the quotes. You are passing the data and do not need them changed into strings.

#8

Loosely, this:

Would be written something like this:

//  Check if user posted the form...
if($_SERVER[‘REQUEST_METHOD’] == ‘POST’) {
   $error_message = "";  //  Empty out error messages
   //  Validate all inputs one by one...
   if(isset($_POST["first_name"]) {
      $first_name = filter_input(INPUT_POST, "first_name");
   } else {
      $error_message .= "First name is missing, please enter it!<br>";
   }
   if(isset($_POST["last_name"]) {
      $last_name = filter_input(INPUT_POST, "last_name");
   } else {
      $error_message .= "Last name is missing, what is it?<br>";
   }
   if( isset...   Handle each input.  You can also check if each is correct format but, another post for that
   //  All inputs are validated.  If no errors, process the data...
   if($error_message=="") {
      //  No errors, not process the data saving to database, etc...
   } else {
      echo "Some fields have errors or missing data!  Please note these and fix them:<br>" . $error_message . "<br>";
   }
}

This is just the basics to give you an idea how to handle it. You would also need to check for things like if the email address contains an @ or not, if names include invalid special characters. There is a lot you can do for validation, but, the basic is to just make sure they are filled in. You can also do this with Javascript in very cool ways. I just posted that to help someone else with forcing the user to enter all of the fields on a form.

Just more info since you said you were a beginner… Hope all this helps!

#9

Thanks for your time
Regards

Sponsor our Newsletter | Privacy Policy | Terms of Service