PHP registration form
Hi All,
I am currently undertaking a web development project and require some help!
I am coding a simple registration form which I use to connect to a MySQL database and insert all the details in. The registration form is set up and works fine but when I submit the form I get a 500 error saying the registration action script could not be displayed.
The code for both pages is as below:
Form:
And the register script:
The structure is as follows:
ROOT>html>register.php
ROOT>process>register.php
the process folder is where the action script lives.
The website is located at http://www.gunnersclub.co.uk/html/register.php
Any help is greatly appreciated!
I am currently undertaking a web development project and require some help!
I am coding a simple registration form which I use to connect to a MySQL database and insert all the details in. The registration form is set up and works fine but when I submit the form I get a 500 error saying the registration action script could not be displayed.
The code for both pages is as below:
Form:
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>The Gunners Club Crosby - Register</title>
<link href="../css/common.css" rel="stylesheet" type="text/css">
<link href="../css/contact.css" rel="stylesheet" type="text/css">
</head>
<body>
<div class="container">
<div class="header">
<a href="#"><img src="../img/logo.png" alt="The gunners regiment logo" id="logo"/></a>
<h1>The Gunners Club</h1>
<div class="userpanel">
<a href="./login.php">Login</a>
<a href="./register.php">Register</a>
</div>
</div>
<div class="topnav">
<ul>
<li><a href="../index.php">Home</a></li>
<li><a href="./history.php">History</a></li>
<li><a href="./findus.php">Find Us</a></li>
<li><a href="./contact.php">Contact Us</a></li>
<li><a href="./members.php">Members Area</a></li>
</ul>
</div>
<div class="rightbar">
<ul class="nav">
<li>Announcement 1 - This is the most recent announcement on the site and will be pulled from a database.</li>
<li>Announcement 2 - This is the second most recent announcement on the site and will be pulled from a database.</li>
<li>Announcement 3 - This is the third most recent announcement on the site and will be pulled from a database.</li>
<li>Announcement 4 - This is the forth most recent announcement on the site and will be pulled from a database.</li>
<li>Announcement 5 - This is the fifth most recent announcement on the site and will be pulled from a database.</li>
<li>Announcement 6 - This is the sixth most recent announcement on the site and will be pulled from a database.</li>
</ul>
</div>
<div class="content">
<h1>Register as an Applicant</h1>
<form id="register" name="register" method="post" action="../process/register.php" autocomplete="on">
<label>Title: </label><select name="title" id="title"><option value="Mr.">Mr.</option><option value="Dr.">Dr.</option><option value="Prof.">Prof.</option></select>
<label>First name: </label><input type="text" name="firstname" id="firstname" autofocus required><br>
<label>Last name: </label><input type="text" name="lastname" id="lastname" required><br>
<label>Date of Birth: </label><input type="date" name="dob" id="dob" required><br>
<label>Telephone: </label><input type="tel" name="tel" id="tel" required><br>
<label>E-mail: </label><input type="email" name="email" id="email" required autocomplete="off"><br>
<label>Password: </label><input type="password" name="pass" id="pass" required autocomplete="off"><br>
<label></label><input type="submit" name="register" id="register" value="Register">
</form>
</div>
<div class="footer">
<p>This is the footer for the page</p>
</div>
</div>
</body>
</html>And the register script:
<?php
//config settings
$host = 'mysite.co.uk.mysql';
$user = 'myuser';
$password = 'mypass';
$database = 'mydb';
$errorstring = "";
$dbconn = mysql_connect($host,$user,$password) or die('Could not connect to server as configuration details are incorrect');
//sanitize data
$title = trim($_POST['title']);
$firstname = trim($_POST['firstname']);
$lastname = trim($_POST['lastname']);
$dob = trim($_POST['dob']);
$tel = trim($_POST['tel']);
$email = trim($_POST['email']);
if (empty($_POST['title']) {
$errorstring = "You must enter a title"
die($errorstring};
if (empty($_POST['firstname']) {$errorstring = "You must enter a firstname"
die($errorstring};
if (empty($_POST['lastname']) {$errorstring = "You must enter a lastname"
die($errorstring};
if (empty($_POST['dob']) {$errorstring = "You must enter a date of birth"
die($errorstring};
if (empty($_POST['tel']) {$errorstring = "You must enter a telephone number"
die($errorstring};
if (empty($_POST['email']) {$errorstring = "You must enter an email address"
die($errorstring};
//protect against sql injection
$title = mysql_real_escape_string($_POST['title']);
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$dob = mysql_real_escape_string($_POST['dob']);
$tel = mysql_real_escape_string($_POST['tel']);
$email = mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass = md5($password);
//register script
if(isset($_POST['register']))
{
$insertquery = "insert into tbluser(title,firstname,lastname,dob,tel,email,password)values('$title','$firstname','$lastname','$dob','$tel','$email','$pass')";
$runquery = mysql_query($query);
header('location:register_success.php');
}
?>The structure is as follows:
ROOT>html>register.php
ROOT>process>register.php
the process folder is where the action script lives.
The website is located at http://www.gunnersclub.co.uk/html/register.php
Any help is greatly appreciated!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you enabled all errors this might give a real error message.
error_reporting( E_ALL ); // beginning of the code.
error_reporting( E_ALL ); // beginning of the code.
Wow, I just looked around the site a bit. Suggest you move all of the scripts under the WWW root directory. You shouldn't be getting a 500 server error at all, but the directory organization and link structure seems like it could be simplified to your advantage.
I would also do your PHP data insert on the same page. Why a separate page to perform the function?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK,
Thanks for all the replies guys I have managed to move a little further.
I have used dimmergeek's solution but I can't quite see what you changed?
It now works and sends to the registration success page but no records are added to the database. I have also amended line 49 to just use one variable, please see this code:
The problem I have now is that no records are added to the table for some reason. I click register and get a success page but in phpmyadmin on that table it returns zero rows back to me when i select all from the table.
My host is one.com
GaryC123: I have enabled error reporting but i receive no error regarding the insert statement on my table.
Slick812: The permissions are fine I have left the processing for the registration and I no longer get a 500 error. Also all the validation is done in HTML 5 this is where the datepicker field is coming from not javascript.
Dimmergeek: I thought it was good practice to pass html fields to a seperate php processing page is this not the case?
I do have an index on the table which is an auto increment but this shouldn't affect records being added should it?
Any more ideas guys???
Thanks for all the replies guys I have managed to move a little further.
I have used dimmergeek's solution but I can't quite see what you changed?
It now works and sends to the registration success page but no records are added to the database. I have also amended line 49 to just use one variable, please see this code:
<?php
error_reporting( E_ALL );
//config settings
$host = 'mysite.co.uk.mysql';
$user = 'myuser';
$password = 'thisismypassword';
$database = 'mydb';
$errorstring = "";
$dbconn = mysql_connect($host,$user,$password) or die('Could not connect to server as configuration details are incorrect');
//sanitize data
$title = trim($_POST["title"]);
$firstname = trim($_POST["firstname"]);
$lastname = trim($_POST["lastname"]);
$dob = trim($_POST["dob"]);
$tel = trim($_POST["tel"]);
$email = trim($_POST["email"]);
if (empty($title))
{
$errorstring = "You must enter a title";
die($errorstring);
}
if (empty($firstname)) {
$errorstring = "You must enter a firstname";
die($errorstring);
}
if (empty($lastname)) {
$errorstring = "You must enter a lastname";
die($errorstring);
}
if (empty($dob)) {
$errorstring = "You must enter a date of birth";
die($errorstring);
}
if (empty($tel)) {
$errorstring = "You must enter a telephone number";
die($errorstring);
}
if (empty($email)) {
$errorstring = "You must enter an email address";
die($errorstring);
}
//protect against sql injection
$title = mysql_real_escape_string($_POST['title']);
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$dob = mysql_real_escape_string($_POST['dob']);
$tel = mysql_real_escape_string($_POST['tel']);
$email = mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass = md5($password);
//register script
if(isset($_POST['register']))
{
$runquery = mysql_query(insert into tbluser(title,firstname,lastname,dob,tel,email,password)values('$title','$firstname','$lastname','$dob','$tel','$email','$pass'));
header('location:./register_success.php');
}
?>The problem I have now is that no records are added to the table for some reason. I click register and get a success page but in phpmyadmin on that table it returns zero rows back to me when i select all from the table.
My host is one.com
GaryC123: I have enabled error reporting but i receive no error regarding the insert statement on my table.
Slick812: The permissions are fine I have left the processing for the registration and I no longer get a 500 error. Also all the validation is done in HTML 5 this is where the datepicker field is coming from not javascript.
Dimmergeek: I thought it was good practice to pass html fields to a seperate php processing page is this not the case?
I do have an index on the table which is an auto increment but this shouldn't affect records being added should it?
Any more ideas guys???
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There are a couple of things you might want to add to the script. First of all, MySQL (in any of its versions and extensions) is not a black box. It returns all sorts of values to your PHP script, and the PHP programmer must write tests for these return values. Example:
$dbconn = mysql_connect($host,$user,
How would you know whether the mysql_connect() function worked? You would go to the php.net web site and read the description of the function. It would tell you what the possible return values might be. Usually php.net will tell you how to test the return values and detect errors, including how to visualize the errors.
Another example:
$runquery = mysql_query(insert into tbluser(title,firstname,la
This statement failed, but because your script is not looking for errors, you get a blank response instead of an error message than can help you fix the problem. Here are my two top suggestions for this script.
1. Add error_reporting(E_ALL); to the top of the script
2. Follow the guidance in this article that shows how to test for success or failure of a query and how to visualize the errors, if any.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
And overall, here is my suggestion for you to get started in PHP and MySQL. It won't happen overnight, but if you give yourself the advantage of some structured learning, you will be way ahead of those poor folks who try to learn PHP by copying examples found at random on the internet, or by trial and error.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
$dbconn = mysql_connect($host,$user,
How would you know whether the mysql_connect() function worked? You would go to the php.net web site and read the description of the function. It would tell you what the possible return values might be. Usually php.net will tell you how to test the return values and detect errors, including how to visualize the errors.
Another example:
$runquery = mysql_query(insert into tbluser(title,firstname,la
This statement failed, but because your script is not looking for errors, you get a blank response instead of an error message than can help you fix the problem. Here are my two top suggestions for this script.
1. Add error_reporting(E_ALL); to the top of the script
2. Follow the guidance in this article that shows how to test for success or failure of a query and how to visualize the errors, if any.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
And overall, here is my suggestion for you to get started in PHP and MySQL. It won't happen overnight, but if you give yourself the advantage of some structured learning, you will be way ahead of those poor folks who try to learn PHP by copying examples found at random on the internet, or by trial and error.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
ASKER
Thanks for all the advice guys! Basically I am developing my first PHP site for a uni module which I wish I never took now! I am going to get reading on the PHP site tonight to get error checking and everything sorted! My next problem is making the site compatible with all browsers as it currently only works in IE7 but I will look at that another day!
Slick thank you for your help with my code I have made some amendments as you said and can see that it is the insert query that is failing. When adding data to a table with an auto increment for the ID do you have to specify it in the INSERT query or should it just automatically add its data in?
This is the new code below:
I will definitely need to get onto the error checking tonight!
Slick thank you for your help with my code I have made some amendments as you said and can see that it is the insert query that is failing. When adding data to a table with an auto increment for the ID do you have to specify it in the INSERT query or should it just automatically add its data in?
This is the new code below:
<?php
if(isset($_POST['register']))
{
error_reporting( E_ALL );
//sanitize data
$title = trim($_POST["title"]);
$firstname = trim($_POST["firstname"]);
$lastname = trim($_POST["lastname"]);
$dob = trim($_POST["dob"]);
$tel = trim($_POST["tel"]);
$email = trim($_POST["email"]);
if (empty($title))
{
$errorstring = "You must enter a title";
die($errorstring);
}
if (empty($firstname)) {
$errorstring = "You must enter a firstname";
die($errorstring);
}
if (empty($lastname)) {
$errorstring = "You must enter a lastname";
die($errorstring);
}
if (empty($dob)) {
$errorstring = "You must enter a date of birth";
die($errorstring);
}
if (empty($tel)) {
$errorstring = "You must enter a telephone number";
die($errorstring);
}
if (empty($email)) {
$errorstring = "You must enter an email address";
die($errorstring);
}
//protect against sql injection
$title = mysql_real_escape_string($_POST['title']);
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$dob = mysql_real_escape_string($_POST['dob']);
$tel = mysql_real_escape_string($_POST['tel']);
$email = mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass = md5($password);
//config settings
$host = 'gunnersclub.co.uk.mysql';
$user = 'gunnersclub_co_';
$password = 'A0308c1991';
$database = 'gunnersclub_co_';
$errorstring = "";
$dbconn = mysql_connect($host,$user,$password) or die('Could not connect to server as configuration details are incorrect');
//register script
$runquery = mysql_query("insert into tbluser(title,firstname,lastname,dob, tel,email,password) values('$title','$firstname','$lastname','$dob','$tel','$email','$pass')");
if (!$runquery) die("ERROR, mysql_query FAILED!");
//header('location:./register_success.php');
}
?>I will definitely need to get onto the error checking tonight!
ASKER
I am pretty sure that the $runquery variable is not being set for some reason....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ahh I see now I haven't set a database I have also narrowed the issue down to the mysql real escape for some reason this is returning a null to my variable I will get back later when I am back on it!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi All,
Thank you for all the help!
I took your advice and decided to switch to mysqli and also added some error checking to each step of the insert process. Below is the final code for the page, however this will probably be edited later in the project to be converted to an object oriented approach. Are there any other suggestions I should add in whilst I am here looking at it??
Once again thank you for all the help and pointers and I will be using the man pages and other documentation suggested in future!
Thank you for all the help!
I took your advice and decided to switch to mysqli and also added some error checking to each step of the insert process. Below is the final code for the page, however this will probably be edited later in the project to be converted to an object oriented approach. Are there any other suggestions I should add in whilst I am here looking at it??
<?php
error_reporting( E_ALL );
if(isset($_POST['register']))
{
//config settings
$host = mysite.co.uk.mysql';
$user = 'myuser';
$password = 'mypassword';
$database = 'mydb';
$errorstring = "";
//sanitize data
$title = trim($_POST["title"]);
$firstname = trim($_POST["firstname"]);
$lastname = trim($_POST["lastname"]);
$dob = trim($_POST["dob"]);
$tel = trim($_POST["tel"]);
$email = trim($_POST["email"]);
if (empty($title))
{
$errorstring = "You must enter a title";
die($errorstring);
}
if (empty($firstname)) {
$errorstring = "You must enter a firstname";
die($errorstring);
}
if (empty($lastname)) {
$errorstring = "You must enter a lastname";
die($errorstring);
}
if (empty($dob)) {
$errorstring = "You must enter a date of birth";
die($errorstring);
}
if (empty($tel)) {
$errorstring = "You must enter a telephone number";
die($errorstring);
}
if (empty($email)) {
$errorstring = "You must enter an email address";
die($errorstring);
}
//create database connection
$con=mysqli_connect($host,$user,$password,$database);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//protect against SQL injection
$title = mysqli_real_escape_string($con, $title);
$firstname = mysqli_real_escape_string($con, $firstname);
$lastname = mysqli_real_escape_string($con, $lastname);
$dob = mysqli_real_escape_string($con, $dob);
$tel = mysqli_real_escape_string($con, $tel);
$email = mysqli_real_escape_string($con, $email);
$pass = mysqli_real_escape_string($_POST['pass']);
$pass = md5($pass);
//register script
$sql="INSERT INTO tbluser (title, firstname, lastname,dob,tel,email,password)
VALUES
('$title','$firstname','$lastname','$dob','$tel','$email','$pass')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
header('location:./register_success.php');
}
?>Once again thank you for all the help and pointers and I will be using the man pages and other documentation suggested in future!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Slick,
Cheers for the feedback. To get this to display in a red div would i need to run the process from the actual register page rather than using a separate script?
Ray - the OOP code you provided is great! I won't implement this just yet as I will be learning OOP PHP in the next few weeks at university so would prefer to understand it first, I can read quite a lot of it but would prefer to fluently understand the content of it. The man pages you provided will be extremely helpful, I will give these a read tomorrow when i get a chance.
Thanks for all the help so far everyone, Starting to think I may actually pass this module!
Cheers for the feedback. To get this to display in a red div would i need to run the process from the actual register page rather than using a separate script?
Ray - the OOP code you provided is great! I won't implement this just yet as I will be learning OOP PHP in the next few weeks at university so would prefer to understand it first, I can read quite a lot of it but would prefer to fluently understand the content of it. The man pages you provided will be extremely helpful, I will give these a read tomorrow when i get a chance.
Thanks for all the help so far everyone, Starting to think I may actually pass this module!
you say - "run the process from the actual register page rather than using a separate script?", , I can not tell from what you have posted, but running a separate "Module" as you say, could be inefficient for your code efforts, if there are user input errors you need to display them AND have the Form there to correct their entries, preferably filled OUT with the OLD correct input (so they do not have to re-type), I almost always have ALL PHP functioning for input testing and database insert ON the PHP registration page, if I need other CMS or MVC modules, or database or verification Class php files , then these are added as PHP include to the registration page.
I would recommend that you delay jumping in to trying OOP PHP, until you are very familiar wid PHP, I have tried to show-teach Object programming to some, and they did not have the general programming and PHP skills to make any sense of the OOP. PHP is NOT an object oriented language, and can do very great web sites without a single line of OOP code, althouh OOP does have some advantages ONLY if you know how to use them.
I would recommend that you delay jumping in to trying OOP PHP, until you are very familiar wid PHP, I have tried to show-teach Object programming to some, and they did not have the general programming and PHP skills to make any sense of the OOP. PHP is NOT an object oriented language, and can do very great web sites without a single line of OOP code, althouh OOP does have some advantages ONLY if you know how to use them.
PHP is NOT an object oriented language,I'll give you that at PHP3 and PHP4, but about 8 years ago at PHP5, the OOP model matured. A lot.
That said, OOP design and OOP notation are not at all the same thing. The MySQLi extension in OOP notation gives a much easier path to MySQL code conversion because the function calls have the arguments in the same order as the older and obsolete MySQL extension. If you convert procedural MySQL to procedural MySQLi you will have to change the function call arguments in every single query. If you listen to the little voices in your head you will surely see that the PHP Gods are saying, "STOP writing procedural code!" And that is very good advice!
ASKER
I will have a look at OO when I get a chance. I think my main priority is learning PHP properly first! One final thing. On this registration form I have now switched to using a SHA-512 hash function for the time being to make it slightly more secure (I will be using salts etc at a later date). For some reason for different strings I always get the same hash which means this is what is stored in the database. The hash is:
cf83e1357eefb8bdf1542850d6
And the code is:
Any ideas? The hash works fine on my login form and generates a different hash correctly!
cf83e1357eefb8bdf1542850d6
And the code is:
<?php
error_reporting( E_ALL );
if(isset($_POST['register']))
{
//config settings
$host = '';
$user = '';
$password = '';
$database = '';
$errorstring = "";
//sanitize data
$title = trim($_POST["title"]);
$firstname = trim($_POST["firstname"]);
$lastname = trim($_POST["lastname"]);
$dob = trim($_POST["dob"]);
$tel = trim($_POST["tel"]);
$email = trim($_POST["email"]);
if (empty($title))
{
$errorstring = "You must enter a title";
die($errorstring);
}
if (empty($firstname)) {
$errorstring = "You must enter a firstname";
die($errorstring);
}
if (empty($lastname)) {
$errorstring = "You must enter a lastname";
die($errorstring);
}
if (empty($dob)) {
$errorstring = "You must enter a date of birth";
die($errorstring);
}
if (empty($tel)) {
$errorstring = "You must enter a telephone number";
die($errorstring);
}
if (empty($email)) {
$errorstring = "You must enter an email address";
die($errorstring);
}
//create database connection
$con=mysqli_connect($host,$user,$password,$database);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//protect against SQL injection
$title = mysqli_real_escape_string($con, $title);
$firstname = mysqli_real_escape_string($con, $firstname);
$lastname = mysqli_real_escape_string($con, $lastname);
$dob = mysqli_real_escape_string($con, $dob);
$tel = mysqli_real_escape_string($con, $tel);
$email = mysqli_real_escape_string($con, $email);
$pass = mysqli_real_escape_string($_POST['pass']);
$pass = hash('sha512',$pass);
//register script
$sql="INSERT INTO tbluser (userid,title,firstname,lastname,dob,tel,email,password)
VALUES
('','$title','$firstname','$lastname','$dob','$tel','$email','$pass')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
header('location:./register_success.php');
}
?>Any ideas? The hash works fine on my login form and generates a different hash correctly!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@Ray_Paseur, I do not agree with your PHP gods statement at all NONE, but I guess that my programming Gods are not your programming Gods
you might consider not trying to push PHP tech on people that do not understand that tech
you might consider not trying to push PHP tech on people that do not understand that tech
ASKER
Thanks for the help all, It's now up and running sort of and I used the procedural approach for now. I will look into an OO approach at a later date. This is only a test site so will not actually be used, it's all about showing PHP, HTML5, CSS3, javascript and google API use. Thanks for the help anyway I will allocate points now.
ASKER
Thanks everyone great help!
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
What is the value of $runquery on line 49 of the register script?
Who is your hosting company?