I've been trying to create a membership website for practice. Now, what happens is that when the first new user tries to register on my website by filling appropriate fields in the forms, I can successfully insert data into mysql database but for the 2nd new user the die("couldn't insert data") executes and the data like email ID, username etc won't be loaded into the the database. In case I delete the record of the 1st user by going into the phpmyadmin, I can then again successfully register but can't do it as the 2nd new user. I've provided the code below, hope it makes sense to all of you.
<?php include_once("scripts/global.php");
$message="";
if(isset($_POST['username'])){
$username=$_POST['username'];
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$email=$_POST['email'];
$pass1=$_POST['pass1'];
$pass2=$_POST['pass2'];
//error handling
if((!$username)||(!$fname)||(!$lname)||(!$email)||(!$pass1)||(!$pass2)){
$message="Please Fill in all the details properly";
}else{
if($pass1!=$pass2){
$message="Your Password fields don't match";
}
else{
//securing data
$username=preg_replace("#[^0-9a-z]#i","",$username);
$fname=preg_replace("#[^0-9a-z]#i","",$fname);
$lname=preg_replace("#[^0-9a-z]#i","",$lname);
$pass1=sha1($pass1);
$email=mysql_real_escape_string($email);
//checking for the duplicates
$user_query=mysql_query("SELECT username FROM members WHERE username='$username'LIMIT 1 ")or die("couldn't check username");
$count_username=mysql_num_rows($user_query);
$email_query=mysql_query("SELECT email FROM members WHERE email='$email'LIMIT 1 ")or die("couldn't check username");
$count_email=mysql_num_rows($email_query);
if($count_username>0){
$message="Your username is already in use";
}
else if($count_email>0){
$message="Your email id is already in use";
}
else
// insert the members
{ $ip_address=$_SERVER['REMOTE_ADDR'];
$query = mysql_query("INSERT INTO members(username,firstname,lastname,email,password,ip_address,sign_up_date)VALUES('$username','$fname','$lname','$email','$pass1','$ip_address',now())") or die("Couldn't insert data");
$member_id=mysql_insert_id();
mkdir("users/$member_id",0755);
$message="You've now been registered";
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>register to my website</title>
<link rel="stylesheet" href="global.css" type="text/css">
</head>
<body>
<div class="container">
<h1>Register here by filling in the fields below</h1>
<p><?php print("$message");?></p>
<a href="login.php">login</a> | <a href="#">Register</a>
<form action="register.php" method="post">
<input type="text" name="username" placeholder="username"/><br/>
<input type="text" name="fname" placeholder="Firstname"/><br/>
<input type="text" name="lname" placeholder="Lastname"/><br/>
<input type="text" name="email" placeholder="Email address"/><br/>
<input type="password" name="pass1" placeholder="password"/><br/>
<input type="password" name="pass2" placeholder="validate password"/><br/>
<input type="submit" value="Register"/>
</form>
</div>
</body>
</html></div>
This is the column list in question:
username,firstname,lastname,email,password,ip_address,sign_up_date
You have a problem with that. Which column is unique and duplicated? My best bet would be that ip_address is unique and the second row you intend to insert has the same ip address, since you are testing from the same machine. If it is unique, then you have a mistake. What happens if some people try to register from a large network (school, for instance) having the same ip address?
Proposed solution: modify the table so ip address will no longer be unique. However, you should check the errors mysql is throwing in your direction.
$query = mysql_query("INSERT INTO members(username,firstname,lastname,email,password,ip_address,sign_up_date)VALUES('$username','$fname','$lname','$email','$pass1','$ip_address',now())") or die("Couldn't insert data");
Remove single quotes for int values like ip_address.