[theshowtekfan]

when i try to make a registration system it displays that the user is already registered before even entering anything

whats wrong with this code ?

$username = (isset($_POST['username'])) ? $_POST['username'] : null;
$mail = (isset($_POST['mail'])) ? $_POST['mail'] : null;
$password = (isset($_POST['password'])) ? $_POST['password'] : null;
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$mail = mysql_real_escape_string($mail);
$password = SHA1($password, SALT);

if(isset($username,$password,$mail)) {
$query = "SELECT * FROM users WHERE username='".$username."' OR mail='".$mail."' ";
$fetch = mysql_query($query);
$rows = mysql_num_rows($fetch);

if (isset($username) AND $rows == 1) {
echo ("username or e-mail is already Registered.");
}
else {
$query = "INSERT into users (username,password,mail) VALUES ($username,$password,$mail)";
mysql_query($query);
echo("User Registrated sucessfully");
}
}

[EnvXOwner]

Nevermind. Previous answer:

Spoiler

You're doing $rows == 1. It should be something like $rows['username'] for that part. That's basically what I can see from quickly scanning it.

What I don't understand is why you're doing the isset when setting the variables, when you're doing it again on line 9. Save yourself the trouble/confusion by $_POST variables

This post has been edited by EnvXOwner: 19 December 2011 - 03:50 PM

[Dormilich]

that shouldn’t be happening due to line #9. do a var_dump() on $_POST and your SQL query to check what variables you use.

hm, if the variables are empty (which are not caught by isset()), you would insert empty values, which will in turn give you 1 row when you test with empty values … just thinking.

Quote

You're doing $rows == 1. It should be something like $rows['username'] for that part.

why that, $rows is not a result row, it’s an integer returned from mysql_num_rows(). just because everyone calls his/her result set $row/$rows doesn’t mean that someone may use that name for something different.

This post has been edited by Dormilich: 19 December 2011 - 03:49 PM

[EnvXOwner]

Dormilich, on 19 December 2011 - 05:46 PM, said:

Quote

You're doing $rows == 1. It should be something like $rows['username'] for that part.

why that, $rows is not a result row, it’s an integer returned from mysql_num_rows(). just because everyone calls his/her result set $row/$rows doesn’t mean that someone may use that name for something different.

lol I caught it before you I did that by quickly scanning his code (the formatting looks awful here). That's why I edited my post saying nevermind, but I kept what I posted in a spoiler.

[theshowtekfan]

yea okay ima do a vardump anyways i know that my formatting is awfull im using notepad++ and xampp what else should i use to get proper formatting ?

[theshowtekfan]

ok this is the output of a var_dump();

string(0) "" string(20) "Ú9£î^kK 2U¿ï•`�¯Ø " string(0) "" 

and i found out that its not saying that the user is already registered but "user successfully registered" xD


anyone got a clue ?

[Dormilich]

you should get indentation.

um, it would help to know, what variables you dumped there …

This post has been edited by Dormilich: 19 December 2011 - 04:19 PM

[EnvXOwner]

You know, you could just press tab

[theshowtekfan]

Dormilich, on 19 December 2011 - 04:18 PM, said:

you should get indentation.

um, it would help to know, what variables you dumped there …

yea see for urself

here's the whole script

<?php
include('config.php');

$username = (isset($_POST['username'])) ? $_POST['username'] : null;
$mail = (isset($_POST['mail'])) ? $_POST['mail'] : null;
$password = (isset($_POST['password'])) ? $_POST['password'] : null;
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$mail = mysql_real_escape_string($mail);
$password = SHA1($password, SALT);

if(isset($username,$password,$mail)) {
$query = "SELECT * FROM users WHERE username='".$username."' OR mail='".$mail."' ";
$fetch = mysql_query($query);
$rows = mysql_num_rows($fetch);

if (isset($username) AND $rows == 1) {
echo ("username or e-mail is already Registered.");
}
else {
$query = "INSERT into users (username,password,mail) VALUES ($username,$password,$mail)";
mysql_query($query);
echo("User Registrated sucessfully");
var_dump($username);
var_dump($password);
var_dump($mail);
}
}

else {
echo ("Please fill in all fields before Registering.");
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>
<?php echo(booter_name);?> - Registration
</title>
</head>
<body>
<div id="main_frame">
<p>Desired username: <input type="text" maxlength="20" name="username" /></p><br>
<p>Desired password: <input type="password" maxlength="20" name="password" /></p><br>
<p>e-mail address: <input type="text" maxlength="20" name="mail" /></p><br>
<input type="submit" value="Register" />
</div>
</body>
</html>

[Dormilich]

no wonder that didn’t work. you need <form> tags to define a form.

and you are also aware that you echo your comments outside of the HTML document?

besides that, though you check whether the variables are set, you never check whether they are empty (or even valid).

[theshowtekfan]

yea this is not a finished script.... thats why im working on coding it atm lol

[Dormilich]

you need to get the HTML in order before you can proceed with PHP. because it will provide the input for the script.

[theshowtekfan]

ik lol i have done this plenty of times before xD thats why i ws all upset and did not know why my "php" did not work i was not even thinking it could be my html xd