I have updated my users’ table with the following information and included updated codes for my html form and signup page… but for some reason, it is not inserting the select option:
<?php
include_once 'header.php';
?>
<section class="main-container">
<div class="main-wrapper">
<h2>Signup</h2>
<form class="signup-form" action="includes/signup2.php" method="POST">
<input type="text" name="first" placeholder="Firstname">
<input type="text" name="last" placeholder="Lastname">
<input type="text" name="email" placeholder="E-mail">
<input type="text" name="uid" placeholder="Username">
<input type="password" name="pwd" placeholder="Password">
<select name="subscriptionplan1">
<option value="none">Subscriptionplan1</option>
<option value="primer">Primer Level: Free</option>
<option value="level 1">Level 1: $50/month or $400/year</option>
<option value="level 2">Level 2: $50/month or $400/year</option>
<option value="level 3">Level 3: $50/month or $400/year</option>
</select>
<select name="subscriptionplan2">
<option value="none">Subscriptionplan2</option>
<option value="primer">Primer Level: Free</option>
<option value="level 1">Level 1: $50/month or $400/year</option>
<option value="level 2">Level 2: $50/month or $400/year</option>
<option value="level 3">Level 3: $50/month or $400/year</option>
</select>
<select name="subscriptionplan3">
<option value="none">Subscriptionplan3</option>
<option value="primer">Primer Level: Free</option>
<option value="level 1">Level 1: $50/month or $400/year</option>
<option value="level 2">Level 2: $50/month or $400/year</option>
<option value="level 3">Level 3: $50/month or $400/year</option>
</select>
<select name="subscriptionplan4">
<option value="none">Subscriptionplan4</option>
<option value="primer">Primer Level: Free</option>
<option value="level 1">Level 1: $50/month or $400/year</option>
<option value="level 2">Level 2: $50/month or $400/year</option>
<option value="level 3">Level 3: $50/month or $400/year</option>
</select>
<button type="submit" name="submit">Sign up</button>
</form>
</div>
</section>
<?php
include_once 'footer.php';
?>
This is page where informations are inserted… Everything is inserting fine except for the select option…
<?php
if (!isset($_POST['submit'])) {
header("Location: ../signup.php");
exit();
} else {
include_once 'dbh.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email =mysqli_real_escape_string($conn, $_POST['email']) ;
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$password = mysqli_real_escape_string($conn, $_POST['pwd']);
$subscriptionplan1 = mysqli_real_escape_string($conn, $_POST['
subscriptionplan1']);
$subscriptionplan2 = mysqli_real_escape_string($conn, $_POST['
subscriptionplan2']);
$subscriptionplan3 = mysqli_real_escape_string($conn, $_POST['
subscriptionplan3']);
$subscriptionplan4 = mysqli_real_escape_string($conn, $_POST['
subscriptionplan4']);
$user_activate = mysqli_real_escape_string($conn, $user_activate = 0);
//Error handlers...
if (empty($first) || empty($last) || empty($email) || empty($uid)|| empty($password)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check if input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Checking for valid emails
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
if (Strlen($password) < 5) {
header("Location: ../signup.php?signup=invvalidlength");
exit();
} else {
if(!preg_match('/^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{8,20}$/', $password)) {
header ("Location: ../signup.php?signup=notalphanumeric");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
// Supply a random generated token for email activation
$token = 'qqewreqreqwsdfdfdafcbvcQERFGHFGHGFHRETERTDF!@#$%^^()';
$token = str_shuffle($token);
$token = substr($token, 0, 10);
//Hashing the password
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
//Insert the user into the database
$sql ="INSERT INTO users (user_first, user_last, user_email, user_uid, user_password, user_permission, subscriptionplan1, subscriptionplan2, subscriptionplan3, subscriptionplan4, user_token, user_activate) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd', '$user_permission', '$subscriptionplan1', '$subscriptionplan2', '$subscriptionplan3', '$subscriptionplan4', '$token', '$user_activate');";
$name = $first .$last;
$to = $email;
$header = 'From: example@example.com';
$subject = 'Email activation is required';
$message = <<<EMAIL
Hello $first $last,
Thanks for registering with PianoCourse101!
Please activate your account below before you
can login. Activate your account by clicking
on the following link below....
http://localhost/loginsystem/includes/activate.php?email=$to&activatetoken=$token
EMAIL;
mail($to, $subject, $message, $header);
mysqli_query($conn, $sql);
// insert into permissions table
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
}
}
}
I will be using prepared statement in the future…
I read somewhere that it has somethin to do with an array… do I need a {}?
This is weird because when I wrote the code without the mysqli_real_escape_string… then it works… Is this because I am not using prepared statement? Just like to know why it won’t work with mysqli_real_escape_string…