Check mysqli Insert Query excuted ok and display message and send email

Question

I am creating a registration form for a project, nothing secure or advanced, i am still fairly new to php etc.

I insert the data needed to into a login table and a customer tbl, the data inserts fine. But i cant get the code to check that its worked and fire off a an email and display a message to the user.

I have tried using a value retrieved from the database which would only be there is the user registered successfuly.

if($userID != null)
            {
                $msg1 = "Thank You! you are now registered, please check your email for a verification link to verify your new account! ";
                $col1 = "green";
                //require_once "Mail.php";
                require_once "inc/email.php";

            }

I have also tried this

if($query)
            {
                $msg1 = "Thank You! you are now registered, please check your email for a verification link to verify your new account! ";
                $col1 = "green";
                //require_once "Mail.php";
                require_once "inc/email.php";

        }

Thanks,

Edit - Here is all the code,

    <?php

    include ("inc/mysql.php");  
    error_reporting(0);
    $msg = "";
    $col = 'green';

    function test_input($data){
            $data = trim($data);
            $data = stripslashes($data);
            $data = htmlspecialchars($data);
        return $data;
    }

    // define variables and set to empty values
    $name = $email = $chkemail = $password = $chkpassword =$address = $towncity = $postcode = "";

//Required field validation

if ($_SERVER["REQUEST_METHOD"] == "POST") {
           if (empty($_POST["name"])) {
                $msg = "Name is required";
                $col = 'red';
          } else {
                $name = test_input($_POST["name"]);
          }

          if (empty($_POST["email"])) {
                $msg = "Email is required";
                $col = 'red';
          } else {
                $email = test_input($_POST["email"]);
          }

          if (empty($_POST["chkemail"])) {
                $msg = "Please confirm your email address";
                $col = 'red';
          } else {
                $chkemail = test_input($_POST["chkemail"]);
          }

          if (empty($_POST["password"])){
                $msg = "Please enter a password";
                $col = 'red';
          } 

          if (empty($_POST["chkpassword"])){
                $msg = "Please confirm your password ";
                $col = 'red';
          } else{
                $chkpassword = test_input($_POST["chkpassword"]);
                if(($_POST["password"]) != $chkpassword) {
                    $msg = "Please check your password is correct";
                    $col = 'red';
                } else{
                    $password = test_input($_POST["password"]);
                }
          }

          if (empty($_POST["address"])) {
                $msg = "Please enter the first line of your address";
                $col = 'red';
          } else {
            $address = test_input($_POST["address"]);
          }

          if (empty($_POST["towncity"])) {
                $msg = "Please enter the first line of your Town or City";
                $col = 'red';
          } else {
            $towncity= test_input($_POST["towncity"]);
          }

          if (empty($_POST["postcode"])) {
                $msg = "Please enter your postcode";
                $col = 'red';
          } else {
            $postcode = test_input($_POST["postcode"]);
            $customerVeri = "N";

            if($customerVeri == "N"){
            $name = mysqli_real_escape_string($db, $name);
            $email = mysqli_real_escape_string($db, $email);
            $password = mysqli_real_escape_string($db, $password);
            $password = md5($password.substr($email,0,3));
            $chkpassword = md5($password.substr($email,0,3));
            $verifyLink = md5(substr($name,0,3).substr($email,0,3));



            $sql="SELECT customerEmail FROM customer_tbl WHERE customerEmail='$email'";
            $result=mysqli_query($db,$sql);
            $row=mysqli_fetch_array($result,MYSQLI_ASSOC);
            if(mysqli_num_rows($result) == 1)
            {   
                $msg1 = "Sorry...This email already exists, please enter another or login...";
                $col1 = "red";
            }
            else
            {
            $query = mysqli_query($db, "INSERT INTO login_tbl (customerEmail, customerPassword)VALUES ('$email', '$password')");

            $sql="SELECT userID FROM login_tbl WHERE customerEmail='$email'";
            $result=mysqli_query($db,$sql);
            $row=mysqli_fetch_array($result,MYSQLI_ASSOC);
            $userID = $row['userID'];

            $query2 = mysqli_query($db, "INSERT INTO customer_tbl (customerName, userID, customerEmail, customerPassword, customerAddress, customerTowncity, customerPostcode, customerVerified, customerVerifiedlink)VALUES ('$name', '$userID', '$email', '$password','$address','$towncity','$postcode','$customerVeri','$verifyLink')");
            echo("Error description: " . mysqli_error($db));
        }

          }
          }
}

    if($userID != null)
            {
                $msg1 = "Thank You! you are now registered, please check your email for a verification link to verify your new account! ";
                $col1 = "green";
                //require_once "Mail.php";
                require_once "inc/email.php";

            }

echo '<div style="color:'.$col.'">';
echo $msg;
echo '</div>';

echo '<div style="color:'.$col1.'">';
echo $msg1;
echo '</div>';

?>

make sure your query didn't fail you as we don't know what it looks like. Check for errors with its respective API and via PHP. — Funk Forty Niner, Sep 07 '16 at 15:41
What happens with this code? You don't enter the `if`, the email doesn't send, etc. I see nothing in this code sending an email or displaying a notice. — chris85, Sep 07 '16 at 15:41
The query does fire as i can see every piece of data it inserts in the database? — Brent Hobson, Sep 07 '16 at 15:44
or do `else{ echo "Something didn't fire..."; }` if you see that, then your conditional statement failed. — Funk Forty Niner, Sep 07 '16 at 15:44
then something inside `email.php` is supposed to be sending off mail. If you say the query works, then I don't know where to throw myself here. Maybe you're just missing an echo here `echo $msg1;` — Funk Forty Niner, Sep 07 '16 at 15:46
***You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Sep 07 '16 at 15:57
Not entirely bothered about security, its not being released to the public domain! — Brent Hobson, Sep 07 '16 at 16:00
I hate when people say *"I'm not that far along..."* or *"This site will not be public..."* or *"It's only for school, so security doesn't matter..."*. If teachers and professors are not talking about security from day one, they're doing it wrong. Challenge them. They're teaching sloppy and dangerous coding practices which students will have to unlearn later. I also hate it when folks say, *"I'll add security later..."* or *"Security isn't important now..."* or *"Ignore the security risk..."*. If you don't have time to do it right the first time, when will you find the time to add it later? — Jay Blanchard, Sep 07 '16 at 16:05
Sorry if I came across rude, The project only specifies a working shop and i have already queried about security and was told that it won't get my any extra marks. So I'm aiming for the bare minimum including write up and if I have time to kill I will sort it! — Brent Hobson, Sep 07 '16 at 17:21

score 0 · Answer 1 · answered Sep 07 '16 at 20:54

0

Seems there was no issue, but instead an issue with the email.php that stopped the rest of the statement being executed. Now to pick that to bits. Sometimes a few hours away from the screen is all it needs!

Thanks all that answered..

answered Sep 07 '16 at 20:54

Brent Hobson

33
1
6

score -2 · Answer 2 · answered Sep 07 '16 at 15:45

You shouldn't check every statement for the success

The modern programming doesn't work this way. Any statement can report an error in case one occurs. While if there was no error, then everything went all right.

So, just get rid of all conditions and send your email.

Check mysqli Insert Query excuted ok and display message and send email

2 Answers2