There are two main issues I see. First of all, you are following a very bad tutorial. It’s from 6 years ago, and was already outdated and bad practice back in 2014 when it was made. The person who made this has no idea what they are doing.

The second issue is, you made a number of errors copying the code from the tutorial. But the first issue negates this one, because you don’t want tocopy the code from this tutorial. Just about everything it shows is absolutely the wrong way to do things. If I can say anything good about it, it is a superb example of how not to do things.

<?php $con = mysqli_connect("localhost", "root", "") or die("Não foi possível conectar com o servidor de dados!"); mysqli_select_db($con, "reglog") or die("banco de dados nao localizado"); ?>

First of all, I would say, forget mysqli. Use PDO to connect to your database, it is much nicer to use and more powerful. Find a good tutorial on how to connect using PDO.

<table id="cad_table">

Don’t use tables for layout, it’s bad HTML. That’s not what tables are for. Use CSS to lay out your page.

<input type="text" name="email" id="email" class="txt">

Using the email input type here will offer in-form validation in supporting browsers.

Adding the required and minlength attributes to appropriate inputs will do the same.

This will stop honest users, with supporting browsers getting as far as the validation in the form processing, without filling the form properly.

<?php if(@_GET['go'] == 'cadastrar'){

If you are going to put the form processing in the same file as the actual form, put it at the top, before the HTML content.

Don’t use a query string to check if the form has been submitted, use:-

if ($_SERVER['REQUEST_METHOD'] == "POST") {

…as @droopsnoot suggests. Using a query string to trigger any kind of action like a database insert is a bad idea. Bots can follow the URL and trigger it.

$nome = $_POST['nome']; $login = $_POST['login']; $email = $_POST['email']; $senha = $_POST['senha'];

Copying a varialbe from one to another is pointless. It’s like taking a cup of coffee, then pouring it into another cup before drinking it. There is not point.

It’s fine if you want to do something useful though:-

$nome = trim($_POST['nome']);

…to remove whitespace.

if(empty($nome)){ echo "<script>alert(Preencha todos os campos!'); history.back();</script>"; }

In the validation, you only check for empty values, yet your form has some maxlength attributes that are ignored here. Any client site validation must be backed up by server side validation.

Min and Max lengths can easily be checked with strlen() , preferrably after trimming.

I’m not keen on the script alert errors. A user will only see the first thing they got wrong. I prefer to build an array of errors to dis play to the user when they get back to the form.

if(strlen(trim($_POST['login'])) > $maxlen) { $errors[] = "The Login input was too long!" ; }

For things like email adresses, there are special functions to validate those:-

if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ $errors[] = "Please enter a valid email address!" ; }

While we are processing the inputs, one very important point already brough up by @droopsnoot about passwords. Never store plain text passwords. If When a hacker hacks your database, and they will if you follow that tutorial, they will see the full list as plain as if you published it on your site.

Use password_hash() , nothing else, to hash it.

$password = password_hash($_POST['senha']);

Here is the part where you check for an existing, duplicate account:-

$query1 = mysqli_fetch_row(mysqli_query("SELECT * FROM reglog WHERE reglog = '$user'")); if ($query1 == 1){ echo "<script>alert('Login ja existe'); history.back();</script>"; }

But there is no varialbe called $user , I presume you mean $login , as the error says “Login ja existe”.

Also there is no reglog column in the table image.

Add to this, the actual tutorial uses mysql_num_rows to get a row count. But I don’t suggest you follw that.

Set up the table so certain columns are Unique, that way you don’t have to check, the insert will just fail to execute and a test can pick that up.

Now for the actual insert query.

mysqli_query("insert into reglog (nome, email, login, senha) values ('$nome','$login','$email','$senha')");

Never Ever put user input directly into a database query. This is prone to SQL injection. You must use prepared statements.

With PDO, it can look something like this:-

$sql = $db->prepare("INSERT INTO reglog (nome, email, login, senha) VALUES (?, ?, ?, ?)" ;

First prepare, using placeholders for the actual data.

$sql->execute([$nome, $email, $login, $password]) ;

Then execute, passing in the data as an array.

Did I miss something out? Probably…