Jump to content
This site uses cookies! Learn More

This site uses cookies!

armedunity.com uses cookies to improve user experience.

By continuing to use this site, you agree to allow us to store cookies on your computer.

  • 0
Sign in to follow this  
Logystone

What's wrong with my register.php code!?

Question

Please login or register to see this code.

and i get these errors! 


Notice: Undefined index: user in /storage/ssd1/342/6725777/public_html/register.php on line 3

Notice: Undefined index: email in /storage/ssd1/342/6725777/public_html/register.php on line 4

Notice: Undefined index: password in /storage/ssd1/342/6725777/public_html/register.php on line 5

Warning: mysqli_select_db() expects parameter 1 to be mysqli, string given in /storage/ssd1/342/6725777/public_html/register.php on line 11

Warning: mysqli_query() expects at least 2 parameters, 1 given in /storage/ssd1/342/6725342/public_html/register.php on line 17

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /storage/ssd1/342/6725342/public_html/register.php on line 18

Notice: Undefined variable: password in /storage/ssd1/342/6725342/public_html/register.php on line 22

Warning: mysqli_query() expects at least 2 parameters, 1 given in /storage/ssd1/342/6725342/public_html/register.php on line 22

Warning: mysqli_error() expects exactly 1 parameter, 0 given in /storage/ssd1/342/6725342/public_html/register.php on line 26
Error:

Share this post


Link to post
Share on other sites

9 answers to this question

Recommended Posts

  • 0

What are you writing your php in? Are you writing it online or in an application?

Share this post


Link to post
Share on other sites
  • 0

There are a few things wrong with your script.

 

1) There is no need to select a database in a separate variable. This should be done while initiating the connection to the server. I have provided an example below. Make sure that you remove the if statement that includes the '$db_select' variable. The if statement basically would exit the script if a database was found and the rest of the script would not run.

Please login or register to see this code.

Now that you have your connection initiated you can move on.

 

2) While creating a query you also have to include the connection. Here is an example.

Please login or register to see this code.

3) When you are inserting the user information into the database, you are inserting the $password variable which is not hashed. Make sure to replace $password with $pass to insert the hashed password into the database.

 

Security Advice

This script is not secure at all. Use a more advanced encryption method than MD5. Try using BCRYPT. Also, use prepared statements. This script is not safe at all.

  • Thanks 1

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)

omard2000 is correct and his point about prepared statments needs to be emphasised much more. It is by far the biggest problem with your code and is much much more important than hashing. You need to protect your code against  SQL Injection attacks.

 

By this I mean the following:

In your code what happens if someone uses the username: "    asdf ' , 'asdf', 'asdf'); DROP TABLE 'userinfo';       "

Then the query executed would have this username inserted and look like this:

Please login or register to see this code.

The first part will insert some stuff into the table which you don't want. But, don't worry about that because the 'DROP TABLE' statement will remove the entire table from your database!!!!!! The stuff at the end won't make sense to the server and will be ignored.

You might be thinking 'but nobody is ever going to try that'. Actually ... they will. It is one of the very first things an attacker will try. They could take your entire database down and get hold of all your data and it would be easy for them. It's called a SQL injection attack and luckily msqli contains a way to avoid it: Please login or register to see this link.

 

You can find more information about SQL injection attacks here: Please login or register to see this link.

 

Edit: Just realised nobody has actually mentioned your errors.

The first 3 errors are because your first 3 lines are trying to get information from a HTTP POST request but the information isnt actually included in the request. Maybe you are using a GET Request by mistake. To learn more about different types of HTTP request methods look here: Please login or register to see this link.

You can also use this to make sure the request is actually a POST request:

Please login or register to see this code.

For the rest of your errors, try googling them. For example, googling ' mysqli_query() expects at least 2 parameters ' will take you to this question which has your answer:

Please login or register to see this link.

Edited by randomrabbit
  • Thanks 1

Share this post


Link to post
Share on other sites
  • 0
Please login or register to see this quote.

Gotcha. :)

Share this post


Link to post
Share on other sites
  • 0
Please login or register to see this quote.

I'll pm you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×