javascript - Does not show error when registering on website PHP -


i have database setup , i'm making site user has register username, email , password. however, reason, whenever click on register without entering information, still registers database without showing error. here code.

<?php  // first execute our common code connection database , start session require("common.php");  // if statement checks determine whether registration form has been submitted // if has, registration code run, otherwise form displayed if(!empty($_post)) {     // ensure user has entered non-empty username     if(empty($_post['username']))     {         // note die() terrible way of handling user errors         // this.  better display error form         // , allow user correct mistake.  however,         // exercise implement yourself.         $username_error = "please enter username";     }      // ensure user has entered non-empty password     if(empty($_post['password']))     {         $password_error = "please enter password";     }      // make sure user entered valid e-mail address     // filter_var useful php function validating form input, see:     // http://us.php.net/manual/en/function.filter-var.php     // http://us.php.net/manual/en/filter.filters.php     if(!filter_var($_post['email'], filter_validate_email))     {        $invalid_email = "invalid email";     }      // use sql query see whether username entered     // user in use.  select query used retrieve data database.     // :username special token, substitute real value in place when     // execute query.     $query = "         select             1         users                     username = :username     ";      // contains definitions special tokens place in     // our sql query.  in case, defining value token     // :username.  possible insert $_post['username'] directly     // $query string; doing insecure , opens     // code sql injection exploits.  using tokens prevents this.     // more information on sql injections, see wikipedia:     // http://en.wikipedia.org/wiki/sql_injection     $query_params = array(         ':username' => $_post['username']     );      try     {         // these 2 statements run query against database table.         $stmt = $db->prepare($query);         $result = $stmt->execute($query_params);     }     catch(pdoexception $ex)     {         // note: on production website, should not output $ex->getmessage().         // may provide attacker helpful information code.          die("failed run query: " . $ex->getmessage());     }      // fetch() method returns array representing "next" row     // selected results, or false if there no more rows fetch.     $row = $stmt->fetch();      // if row returned, know matching username found in     // database , should not allow user continue.     if($row)     {         $username_exist = "this username exists!";     }      // perform same type of check email address, in order     // ensure unique.     $query = "         select             1         users                     email = :email     ";      $query_params = array(         ':email' => $_post['email']     );      try     {         $stmt = $db->prepare($query);         $result = $stmt->execute($query_params);     }     catch(pdoexception $ex)     {         die("failed run query: " . $ex->getmessage());     }      $row = $stmt->fetch();      if($row)     {         $email_registered = "this email registered!";     }      // insert query used add new rows database table.     // again, using special tokens (technically called parameters)     // protect against sql injection attacks.     $query = "         insert users (             username,             password,             salt,             email         ) values (             :username,             :password,             :salt,             :email         )     ";      // salt randomly generated here protect again brute force attacks     // , rainbow table attacks.  following statement generates hex     // representation of 8 byte salt.  representing in hex provides     // no additional security, makes easier humans read.     // more information:     // http://en.wikipedia.org/wiki/salt_%28cryptography%29     // http://en.wikipedia.org/wiki/brute-force_attack     // http://en.wikipedia.org/wiki/rainbow_table     $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));      // hashes password salt can stored securely     // in database.  output of next statement 64 byte hex     // string representing 32 byte sha256 hash of password.  original     // password cannot recovered hash.  more information:     // http://en.wikipedia.org/wiki/cryptographic_hash_function     $password = hash('sha256', $_post['password'] . $salt);      // next hash hash value 65536 more times.  purpose of     // protect against brute force attacks.  attacker must compute hash 65537     // times each guess make against password, whereas if password     // hashed once attacker have been able make 65537 different      // guesses in same amount of time instead of one.     for($round = 0; $round < 65536; $round++)     {         $password = hash('sha256', $password . $salt);     }      // here prepare our tokens insertion sql query.  not     // store original password; hashed version of it.  store     // salt (in plaintext form; not security risk).     $query_params = array(         ':username' => $_post['username'],         ':password' => $password,         ':salt' => $salt,         ':email' => $_post['email']     );      try     {         // execute query create user         $stmt = $db->prepare($query);         $result = $stmt->execute($query_params);     }     catch(pdoexception $ex)     {         // note: on production website, should not output $ex->getmessage().         // may provide attacker helpful information code.          die("failed run query: " . $ex->getmessage());     }      // redirects user login page after register     header("location: login.php");      // calling die or exit after performing redirect using header function     // critical.  rest of php script continue execute ,     // sent user if not die or exit.     die("redirecting login.php"); } ?>

that php code. below html code. please tell me mistake can make sure change it.

now since there issue not html tags being supported in stackoverflow, have posted in pastebin.

http://pastebin.com/rb8zqadp

the problem don't exit program when error occurs keeps running , executes query.

you may try add variable determines if there error , skip mysql query.

$iserror = false; if(empty($username)) {    $iserror = true; }  if($iserror) {     // handle error }else{     // execute query }

or put if statements php function , throw exception when error occurs , handle try{} catch() statement.

function testsomething($username) {   if(empty($username))     throw new exception("no username"); }  try {   testsomething("");   // execute query }catch(exception $ex) {   // handle error   echo $ex->getmessage(); // prints no username }

but may put "throw new exception("message")" try statement , stop executing program , jump catch statement.


Comments

Post a Comment

Popular posts from this blog

php - Submit Form Data without Reloading page -

i know question has been asked , answered bunch of times life of me can not solution work on code. believe if redo code, work properly, , in retrospect time i've spent on issue should have redone code...but beyond deadline , have working prototype up... can advise how update multiple forms on single page without reloading page? horrible @ php , complete noob js/jquery/ajax @ best. html/php in single file , believe causing me problems/is largest obstacle @ getting ajax form processing work. basically, want users to: select teams multiple dropdowns in form group 1 (league champs) , on update update db newly selected team without reloadding page. edit team scores per match , on score submit/update, update db new scores. for each requirement there multiple forms (1 each leagues, 1 each per match) have set class on each form id. everything works via php, form submission reloads page each time submitted , not ideal. i have tried ajax code here http://scotch.io/tutoria
Read more

linux - Rails running on virtual machine in Windows -

the reason why want switch ubuntu people said gems works better on linux on windows. i don't want macbook pro rails development since love windows , cannot stand lack of apps mac. moreover, people saying ubuntu "better" mac: http://www.reddit.com/r/ubuntu/comments/1bgj1s/are_there_advantages_of_ubuntu_over_os_x_for/ does virtual box work enough doesn't have lag @ all? using i7-3517u cpu 8gb memory. need program in environment lag-free , not sluggish. or there alternatives recommend? i unsure permission settings or complicated stuffs regarding terminal. i'll using terminal develop. i'm still quite new here development in linux. please kind me >< thanks. @holyxiaoxin pretty sure should asking on superuser instead. nevertheless, suggest install ubuntu in partition instead of running virtual machine. here's guide https://help.ubuntu.com/community/windowsdualboot also, yes. developing in virtual machine accurate, @ end experiment w
Read more

php - $params->set Array between square bracket -

i'm using k2 in joomla 3.3. i'm trying set params (items ids ) module k2_content item.php file. result must between brackets, like: ["96","68"] my code is: $query = "select * #__k2_items extra_fields_search = '$myautor' , catid !=1 " ; $db->setquery($query); $losautores = $db->loadobjectlist(); $result = array(); foreach ($losautores $key => $value) { $result[] = '" '.$value->id.' "'; } $string_version = implode(',', $result); $autoresfinal = '['.$string_version.']'; if test using print, looks ok. passing var pramas, 1064 error. $params->set('items', $autoresfinal); to test tried $autoresfinal = ["96","68"]; and works fine. idea why doesn't work? thank you. if assign ["x","y"] assigning an array . here transforming array in st
Read more