Help with a PHP Register script!

[RichardGv]

The reason that the form don't appear is so... Minor.
Line 78:

Code:

<input type='password' name='password' value='>

Pay attention that you forgot a single-quote after "value". I think that's the reason why it did not work on my Firefox.

Also, tidy format and clean indentations are important programming habits because they can save much time when debugging parsing errors, and accelerate the process of reading codes.

strip_tags does nothing to SQL injection, so you need to be a bit careful and make sure magic_quotes_gpc are enabled. Or you are probably going to have great fun:

(A comic about SQL Injection, from xkcd.com)

Your script lacks proper isset() / empty() tests to input variable, and that's going to cause a huge amount of annoying PHP warnings (Notice: Undefined index: XXX).

Give me a minute. I'm writing a refined version. I will update this post soon.

---

A refined version I wrote:
(Attention: I don't know that much about PHP and I cannot guarantee anything about this version.)

PHP Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us" xml:lang="en-us">

<head>
    <title>Registration</title>
    
    <meta http-equiv="content-type" content="application/xhtml+xml; charset=utf-8" />
    <meta name="robots" content="noindex, nofollow" />
</head>

<body>
<?php
define('FULLNAME_MAX', 25);
define('FULLNAME_MIN', 3);
define('USERNAME_MAX', 25);
define('USERNAME_MIN', 3);
define('PASSWORD_MAX', 25);
define('PASSWORD_MIN', 6);

if(empty($_POST['submit'])
        || empty($_POST['fullname'])
        || empty($_POST['username'])
        || empty($_POST['password'])
        || empty($_POST['repeatpwd'])
        || !($fullname = trim($_POST['fullname']))
        || !($username = trim($_POST['username']))
        || !($password = trim($_POST['password']))
        || !($repeatpwd = trim($_POST['repeatpwd']))
        || $password != $repeatpwd
        || strlen($fullname) >= FULLNAME_MAX
        || strlen($fullname) <= FULLNAME_MIN
        || strlen($username) >= USERNAME_MAX
        || strlen($username) <= USERNAME_MIN
        || strlen($password) >= PASSWORD_MAX
        || strlen($password) <= PASSWORD_MIN
        ) {
?>
    <h2>Registration</h2>
    <form action='register.php' method='POST'>
        <table>
            <tr>
                <td>Full Name:</td>
                <td>
                    <input type='text' name='fullname' value='' />
                </td>
            </tr>
            <tr>
                <td>Username:</td>
                <td>
                    <input type='text' name='username' value='' />
                </td>
            </tr>
            <tr>
                <td>Password:</td>
                <td>
                    <input type='password' name='password' value='' />
                </td>
            </tr>
            <tr>
                <td>Repeat Password:</td>
                <td>
                    <input type='password' name='repeatpwd' />
                </td>
            </tr>
        </table>
        <p><input type='submit' name='submit' value='Register' /></p>
    </form>
<?php
}
else {
    if(!get_magic_quotes_gpc()) {
        $username = addslashes(strip_tags($username));
        $fullname = addslashes(strip_tags($fullname));
    }
    $date = date ("Y-m-d");
    $password = md5($password);
    
    $connect = mysqli_connect ("localhost","cameron_cameron","MYPASSHERE", 'cameron_user');
    if(mysqli_connect_errno()) {
        // Connection error handling
    }
    $result = mysqli_query ($db,
    "INSERT INTO users VALUES ('','$fullname','$username','$password','$date')"
    );
    echo "<p>Congrats! You've been registered! You may now <a href='index.php'>login</a></p>";
}

?>
</body>

</html>