How to set up the correct operation of the registration script?

I

ingeniero2018-03-22 13:21:55

PHP

ingeniero, 2018-03-22 13:21:55

Hey! Can you tell me how to make registration work correctly? The check for the presence of a login and e-mail in the database does not work (registers everyone in a row).
Code link: https://pastebin.com/E93DUaBp

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

F

FanatPHP, 2018-03-22
@ingeniero

Your problem lies in the barbaric way you work with requests.
The great writer Mark Twain, back in the century before last, wrote about a fool who did not find a better use for the royal seal, except for chopping nuts. Don't be like this fool.
PDO should be used in a human way, and not cracked with nuts. All queries must be executed through prepared expressions .
This is what your code should actually look like:

if (empty($errors)) {
 
    $stmt = $db->prepare("SELECT count(*) FROM users WHERE email = ? OR login = ?");
    $stmt->execute([$email, $login]);
    $count = $stmt->fetchColumn();
 
    // Если найдены, значит логин/эмайл заняты, не регистрируенм, а выводим ошибку
    if ($count > 0) {
           exit("email или login занят!");    
    } else {
           $sql = "INSERT INTO users (login, email, password) VALUES (?,?,?)";
           $db->prepare($sql)->execute([$login, $email, $password]);
 
           echo '<div class="okreged">Вы успешно зарегистрированы! <a href = "/test/index.php">Перейти на главную</a></div>';
    }
 }

K

Kirill Gorelov, 2018-03-22
@Kirill-Gorelov

I rewrote the user check piece like this

$query="SELECT id FROM users WHERE email = ' . $email. ' AND = ' . $login . '";
      $query_res = $db->query($query);
       // Если найдены, значит логин/эмайл заняты, не регистрируенм, а выводим ошибку
         if (!isset($query_res['id'])) {регистрируем}

And see what it outputs