Record inserting into database even with form validation in place for empty fields

If I run this code and leave the password blank it will give an error and not insert anything. If I enter a password and leave the email address field empty, it still submits into the database (empty record in email column) but still shows me the error on the page that I must enter an email address. I can't figure out why this is happening. Also, the page does not redirect if signup is successful.

$error = "";
$success = "";

if (isset($_POST['submit'])) {
	
	if (!$_POST['email']) {
		
		$error .="Your email address is required<br>";
	}
	
	if ($_POST['email'] && filter_var($_POST["email"], FILTER_VALIDATE_EMAIL) === false) {

            $error .= "The email address is invalid.<br>";

        }
	
	if (!$_POST['password']) {
		
		$error .="Please enter a password<br>";
		
		
	} 
	
	else {
			
		
	$sql = "SELECT email FROM `users` WHERE email = '".$link->real_escape_string($_POST['email'])."' LIMIT 1";
		
			$result = $link->query($sql);
		
		if($result->num_rows > 0) {

			$error .= "The email, " .$_POST['email']. " ,is already taken";
			
		} else {
			
			$stmt = $link->prepare("INSERT INTO users (email, password) VALUES (?, ?)");
			$stmt->bind_param("ss", $email, $password);
			$email = htmlentities($_POST['email'], ENT_QUOTES);
			$password = trim(password_hash($password, PASSWORD_BCRYPT, [12]));
			$stmt->execute();
			$stmt->close();
                        header:("location: welcome.php");
		}
		
	}

}

Open in new window

LVL 1
Black SulfurAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Mukesh YadavConnect With a Mentor Full Stack DeveloperCommented:
Try this ;)

Instead of else use if condition to check for errors

So, replace
} else {

Open in new window

with
if(empty($error)){

Open in new window

0
 
Black SulfurAuthor Commented:
Excellent, that worked! What about the redirect though? It still doesn't redirect.
0
 
Olaf DoschkeSoftware DeveloperCommented:
Try the full url. See https://en.wikipedia.org/wiki/HTTP_location 
It's true, that the updated HTTP 1.1 specifications...allow(ing) the use of relative URLs in Location headers, but it can't hurt to specify the full url.

Also, do you see errors in error log? Your code does not output anything, which is fine, but if there is anything, even just a space outside of <?php ?> before you send a header, you get an error.

Also things output afterwards may hinder it to work. Put an exit; after sending the header.

Bye, Olaf.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
Black SulfurAuthor Commented:
Hi Olaf,

Using exit keeps the url at register.php so it doesn't redirect but the page becomes blank. I get no errors as far as I can see. if I use the full URL (I am running on localhost) it still doesn't redirect.

Do you have a suggestion or method you would use to check for errors just in case I am missing something?
0
 
Black SulfurAuthor Commented:
never mind, I see what I did wrong.

I had header:("

instead of header(

:)
0
 
Olaf DoschkeSoftware DeveloperCommented:
OK, I didn't spot that, too. It surely caused an error. You might have error display off, if this is your productive website, for development every error should be reported.

Bye, Olaf.
0
All Courses

From novice to tech pro — start learning today.