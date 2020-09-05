nothing
Nothing at all? How far through your code does it get? Do you get any error messages?
(Also can you format the code so it’s readable please, use three back-ticks either side of the block of code or the
</> button in the editor. Can’t read it at the moment to see what the issue might be.)
Also, typo here:
<input type="password" name="senha id="senha" class="txt" maxlength="30">
which would alter things if your password cannot be blank.
when I click to register goes to http://localhost/login%20cadastro/register.php?go=cadastrar but then when I go to the database there is nothing
And have you added some debug “echo” statements through to code to see which lines of code it executes and where it stops? If you run the query from phpmyadmin with the same data, does it work?
Also here:
$query1 = mysqli_fetch_row(mysqli_query("SELECT * FROM reglog WHERE reglog = '$user'"));
if ($query1 == 1){
Where does
$user come from? And do you have a column called
reglog? You don’t populate that in your insert query. And why would the return from that query be 1? Surely it would be an array?
No you haven’t done any of those things, or no, you have tried but none of the echo statements appear? Or no, the query doesn’t work in phpmyadmin either?
no nothing
I’m not very good at php and html. so I do not understand much, but I went to get this code to youtube. this in Portugues.
To be frank, you need to be careful where you learn from as a beginner. This video is teaching some very bad coding habits, it is not up to modern standards and opens huge security holes.
Oh, here’s another problem:
if(@_GET['go'] == 'cadastrar'){
that @ symbol is wrong, it should read:
if($_GET['go'] == 'cadastrar'){
and that would stop any of the stuff inside your if clause from working. Surprised you don’t get an error message though.
the errors work but give an error, and not in to make the registration, says to fill in all the fields but I fill
OK, if you’re getting an error that says you haven’t filled in the fields, that will stop your queries working. Did you fix the typo (incorrect quotes) that I mentioned in post #4? That typo would alter the name of your password field, and mean that when you check the intended name, it will be empty.
Before you use this code anywhere, you appear to be storing plain-text passwords in your database - you really don’t want to do that. Use
password_hash() to store them, and
password_verify() to verify when the user is logging in.
No, because I couldn’t figure it out, and I forgot to say I didn’t.
can explain better?
You don’t close the quotes after you specify the name. Look here:
<input type="password" name="senha id="senha" class="txt" maxlength="30">
^
So the result is that field is called “senha id”, and will produce `$_POST[‘senha id’]. That is, I think it will - I’ve never tried field names with a space in them.
I’d have expected a parse error unless you have a similar problem somewhere else to balance it out. Or is it a typo in the post, not in your actual code? Either way, you can
var_dump($_POST) to see what you are receiving from the form when it is submitted.
Not still giving error | Notice: Undefined index: go in C:xampphtdocslogin registerregister.php on line 46
Which is line 46?
yes it’s line 46
No, @Gandalf means can you show us which line of your code is line 46? Highlight it in the original post, or post it separately.
But, I think I know which line it is, presumably you’ve now fixed it to read
if ($_GET['go'] == 'cadastrar'){
and this error means that you’re trying to access an array element called “go” which does not exist. You should read up on the
isset() function to see how to get rid of it. I presume you get the error when you first open the page, not when you submit the form.
I must say the way you decide whether the form is submitted is rather strange, to my relatively inexperienced eyes at least. Most people look at whether the button is set, but the more recommended way these days seems to be
if ($_SERVER['REQUEST_METHOD'] == "POST") {
Normally I’d see that before you draw the form, rather than afterwards, unless the form handling code is in a separate file. It’s difficult to tell from the original post.
I don’t see why you are sending a form with both POST and GET variables, unless that’s needed somewhere else too.
Maybe I missed something but looking at your code you seem to be connecting to a database called reglog and updating a table called reglog. Is this correct or are you confusing the table and the database?
OPs second image is a query
select * from reglog in something like phpmyadmin, and it’s not showing an error, just showing no data. So presumably the table does have that name.
There are two main issues I see. First of all, you are following a very bad tutorial. It’s from 6 years ago, and was already outdated and bad practice back in 2014 when it was made. The person who made this has no idea what they are doing.
The second issue is, you made a number of errors copying the code from the tutorial. But the first issue negates this one, because you don’t want tocopy the code from this tutorial. Just about everything it shows is absolutely the wrong way to do things. If I can say anything good about it, it is a superb example of how not to do things.
<?php
$con = mysqli_connect("localhost", "root", "") or die("Não foi possível conectar com o servidor de dados!");
mysqli_select_db($con, "reglog") or die("banco de dados nao localizado");
?>
First of all, I would say, forget mysqli. Use PDO to connect to your database, it is much nicer to use and more powerful. Find a good tutorial on how to connect using PDO.
<table id="cad_table">
Don’t use tables for layout, it’s bad HTML. That’s not what tables are for. Use CSS to lay out your page.
<input type="text" name="email" id="email" class="txt">
Using the
Adding the
required and
minlength attributes to appropriate inputs will do the same.
This will stop honest users, with supporting browsers getting as far as the validation in the form processing, without filling the form properly.
<?php
if(@_GET['go'] == 'cadastrar'){
If you are going to put the form processing in the same file as the actual form, put it at the top, before the HTML content.
Don’t use a query string to check if the form has been submitted, use:-
if ($_SERVER['REQUEST_METHOD'] == "POST") {
…as @droopsnoot suggests. Using a query string to trigger any kind of action like a database insert is a bad idea. Bots can follow the URL and trigger it.
$nome = $_POST['nome'];
$login = $_POST['login'];
$email = $_POST['email'];
$senha = $_POST['senha'];
Copying a varialbe from one to another is pointless. It’s like taking a cup of coffee, then pouring it into another cup before drinking it. There is not point.
It’s fine if you want to do something useful though:-
$nome = trim($_POST['nome']);
…to remove whitespace.
if(empty($nome)){
echo "<script>alert(Preencha todos os campos!'); history.back();</script>";
}
In the validation, you only check for empty values, yet your form has some
maxlength attributes that are ignored here. Any client site validation must be backed up by server side validation.
Min and Max lengths can easily be checked with
strlen(), preferrably after trimming.
I’m not keen on the script alert errors. A user will only see the first thing they got wrong. I prefer to build an array of errors to dis play to the user when they get back to the form.
if(strlen(trim($_POST['login'])) > $maxlen) {
$errors[] = "The Login input was too long!" ;
}
For things like email adresses, there are special functions to validate those:-
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$errors[] = "Please enter a valid email address!" ;
}
While we are processing the inputs, one very important point already brough up by @droopsnoot about passwords. Never store plain text passwords. If When a hacker hacks your database, and they will if you follow that tutorial, they will see the full list as plain as if you published it on your site.
Use
password_hash(), nothing else, to hash it.
$password = password_hash($_POST['senha']);
Here is the part where you check for an existing, duplicate account:-
$query1 = mysqli_fetch_row(mysqli_query("SELECT * FROM reglog WHERE reglog = '$user'"));
if ($query1 == 1){
echo "<script>alert('Login ja existe'); history.back();</script>";
}
But there is no varialbe called
$user, I presume you mean
$login, as the error says “Login ja existe”.
Also there is no
reglog column in the table image.
Add to this, the actual tutorial uses
mysql_num_rows to get a row count. But I don’t suggest you follw that.
Set up the table so certain columns are Unique, that way you don’t have to check, the insert will just fail to execute and a test can pick that up.
Now for the actual insert query.
mysqli_query("insert into reglog (nome, email, login, senha) values ('$nome','$login','$email','$senha')");
Never Ever put user input directly into a database query. This is prone to SQL injection. You must use prepared statements.
With PDO, it can look something like this:-
$sql = $db->prepare("INSERT INTO reglog (nome, email, login, senha) VALUES (?, ?, ?, ?)" ;
First prepare, using placeholders for the actual data.
$sql->execute([$nome, $email, $login, $password]) ;
Then execute, passing in the data as an array.
Did I miss something out? Probably…