0v3k Shi3ld3r 0v3k Shi3ld3r - 4 months ago 9
MySQL Question

Duplication of Credentials When Register

Can anyone see why my code inserts register credentials twice in my table,

action_registration.php
. I'm currently learning how to make my login more secure as I was testing I noticed that the input for registration is inserted twice to my table.

<?php

if (isset($_POST['register'])){

// connection handler link
$conreg = new mysqli('localhost', 'x', '123456', 'db.x.x');

// in case theres no link to connection
if (mysqli_connect_error()){
echo mysqli_connect_error();
exit();
} // end error if

else // when connection is okay
{
echo "we good on connection so far";
echo "<br>";

} // end else connection okay

$userreg = $_POST['username'];

$passreg =$_POST['password'];
$phash = sha1(sha1($passreg."salt")."salt");

$emailreg = $_POST['email'];

$sqlreg = "INSERT INTO tbl1 (`username` , `password`, `email` , `comment_value`, `Member_Since`) VALUES (?,?,?,'1' , now() ) ";

// prepare link, and function statement
$stmtreg = $conreg->prepare($sqlreg);

// bind variable parameters
mysqli_stmt_bind_param($stmtreg, "sss", $userreg , $phash , $emailreg ); // bind variables s' is a string for username , s' is a string for password

if ( !mysqli_execute($stmtreg) )
{

echo "Died on bind variable parameters";
die( 'stmt error: '.mysqli_stmt_error($stmtreg) );

} // end error if

mysqli_stmt_execute($stmtreg); //excute the preapared register statement

//$cookie_value = $user;
//setcookie($cookie_name , $cookie_value, time() + (2000), "/");

//header("Location: reg_.php");
echo '<font color="green">Please Login Now</font>';

} // end isset register

?>


The form calls
action_registration.php
:

<table>
<form action ="actions/action_registration.php" method="POST" >
<tr>
<td> Username :</td>
<td><input type="text" placeholder="Username" id="username" name="username"> </td>
</tr>

<tr>
<td>Password :</td>
<td><input type="password" placeholder="Password" id="password" name="password" > </td>
</tr>

<tr>
<td> Email :</td>
<td><input type="text" placeholder="Email"id="email" name="email" size="20"/></td>
<br/>
</tr>
<tr>
<td><td>
<input type="submit" name="register" value="Register"></td> </tr>
</table>
</form>

Answer

You are executing the query twice:

if  ( !mysqli_execute($stmtreg) ) //<--here
{

echo "Died on  bind variable parameters";   
die( 'stmt error: '.mysqli_stmt_error($stmtreg) );

} // end error if


mysqli_stmt_execute($stmtreg); //<-- and here

You can simply drop the second call.

You should probably change the 1st call to use mysqli_stmt_execute as well, mysqli_execute is just an alias: http://php.net/manual/en/function.mysqli-execute.php