mysqli query results not getting inserted in the database

0
votes

I'm working on a register page for my website. I'm maintaining a database of 7 fields in PHPMyAdmin (id, username, password, email, active, code and date). I'm using the code and active field for implementing e-mail activation. The registration form takes 4 parameters (name, e-mail, password and re-type password) using post method and passes the information on submission of button to the PHP code to check whether the user is new, e-mail ID should be new and also checks for the empty fields after clicking the submit button. The PHP code looks like this:

if($_POST['registerbtn']){
//checking each fields
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];

if($getuser){
    if($getemail){
        if($getpass){
            if($getretypepass){
                if($getpass === $getretypepass){
                    if((strlen($getemail) >= 7)&& (strstr($getemail, "@")) && (strstr($getemail, "."))){
                        $con= mysqli_connect("localhost", "root", "", "web" );
                        $query= mysqli_query($con, "SELECT * FROM users WHERE username='$getuser'");
                        $numrows= mysqli_num_rows($query);
                        if($numrows == 0){
                            $query= mysqli_query($con, "SELECT * FROM users WHERE email='$getemail'");
                            $numrows= mysqli_num_rows($query);
                        if($numrows == 0){

                            $password = md5(md5("dfhXjh".$getpass."12asdss"));
                            $date = date("F d, Y");
                            $code = md5(rand());
                            mysqli_query($con, "INSERT INTO users (`id`, `username`, `password`, `email`, `active`, `code`, `date`) VALUES(
                            '', '$getuser', '$password', $getemail', '0', '$code', '$date')"); //This statement
                            $query= mysqli_query($con, "SELECT * FROM users WHERE username = '$getuser'");
                            $numrows= mysqli_num_rows($query);
                            if($numrows == 1){
                                $site ="http://localhost/web";
                                $webmaster ="Ace <[email protected]>";
                                $headers ="From: $webmaster";
                                $subject ="Activate your account";
                                $message = "Thanks for registering. Click the link below to activate your account.\n";
                                $message .="$site/activate.php?user=$getuser&code=$code \n";
                                $message .="You must activate your account to login.";

                                if( mail($getemail, $subject, $message, $headers) ){
                                    $errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>";
                                    $getuser = "";
                                    $getemail = "";

                                }
                                else
                                    $errormsg = "An error has occured. Activation mail not sent.";

                            }
                            else
                            $errormsg= "An error occured. Account was not created.";
                        }
                        else
                        $errormsg="A user with that e-mail already exists.";    
                        }
                        else
                        $errormsg="A user with that username already exists.";

                        mysqli_close($con);
                    }
                    else
                    $errormsg= "You must enter a valid e-mail address.";
                }
                else
                $errormsg= "Passwords did not match.";
            }
            else
            $errormsg= "You must re-type your password.";
        }
    else
    $errormsg= "You must enter your password.";
    }
        else
        $errormsg= "You must enter your e-mail.";
}
else
$errormsg = "You must enter your user name.";}

When I'm inserting the new user after encrypting the password, generating the code for activation link and setting active to zero, it's not getting inserted into the database (Refer this statement comment). I am not able to figure out and ultimately, the message is displayed "An error occured. Account not created."

2
phpmysqlmysqli
Sidenote: I hope this isn't intended for a live site but for educational purposes only. MD5 is old and considered "broken". Use something that's more 21st century such as password_hash() You can "md5" till the cows come home, it won't help you. You're also open to SQL injection. - Funk Forty Niner
You don't need to specify ID in your insert statement, since I presume it auto-increments. The way you're specifying it here may be your issue. - jackel414

2 Answers

0
votes

I'm going to presume that the 'id' column is your primary key for this table and therefore is set to auto-increment. Given that - you shouldn't be specifying it in your insert statement. It will also likely be a required field in the database, and so trying to set it to '', as you're doing here, will result in an error.

0
votes

finally figured out the mistake. Before the insert statement, I did not check if the connection exists or not. Along with that, the insert statement had to be modified a bit as shown.

if($con){mysqli_query($con, "INSERT INTO users (`id`, `username`, `password`, `email`, `active`, `code`, `date`) VALUES('', '".$getuser."', '".$password."', '".$getemail."', '0', '".$code."', '".$date."')");} else echo "Connection lost.";