Bootstrap 5 registration form with PHP, MySQL and password hash
Include connection at top of page. The trim_data function will strip out and html tags that users may try to insert into your database.
$fl = "../"; //this is for folder location for my custom js and css files
include '../includes/header.php'; //database connection included in header.
function trim_data($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
When form is submitted put errors into an array for output on submission.
if(isset($_POST['submit']))
{
$errors = array();
if(!empty($_POST['name']))
{
$name = trim_data($_POST['name']);
}
else
{
$errors['name'] = Name required;
}
if(empty($_POST['email']))
{
$errors['email'] = Email required;
}
Check database to see if users email address and/or username is already registered. This is a great way to prevent duplicate accounts.
else
{
if(!empty($_POST['email']))
{
$email = trim_data($_POST['email']);
//check if email is registered
$sql = "SELECT email FROM users WHERE email = '$email'";
$statement = $db->prepare($sql);
$statement->execute();
$result = $statement->fetchAll();
$total_row = $statement->rowCount();
if($total_row > 0)
{
$errors['email'] = "The email you entered is already registered. Try again";
}
else
{
$email = trim_data($_POST['email']);
}
}
}
if(empty($_POST['username']))
{
$errors['username'] = "Username required";
}
else
{
if(!empty($_POST['username']))
{
$username = trim_data($_POST['username']);
//check if email is registered
$sql = "SELECT username FROM users WHERE username = '$username'";
$statement = $db->prepare($sql);
$statement->execute();
$result = $statement->fetchAll();
$total_row = $statement->rowCount();
if($total_row > 0)
{
$errors['username'] = "The username you entered is already registered. Try again";
}
else
{
$username = trim_data($_POST['username']);
}
}
}
Hash password so that actual password is not inserted into database.
if(!empty($_POST['password']))
{
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
}
else
{
$errors['password'] = "Password required";
}
Insert user level and users IP address into database and count any errors for output. Once all is correct insert all data into database.
$ip = $_SERVER['REMOTE_ADDR']; //optional
$user_level = 'user'; //or whatever you want
$total_errors = count($errors);
if($total_errors > 0)
{
$reg_failed = implode("\n", $errors);
}
else
{
$sql = "INSERT INTO users (name, email, username, password, ip, user_level) VALUES (:name, :email, :username, :password, :ip, :user_level)";
$statement = $db->prepare($sql);
$statement->bindParam(':name', $name, PDO::PARAM_STR);
$statement->bindParam(':email', $email, PDO::PARAM_STR);
$statement->bindParam(':username', $username, PDO::PARAM_STR);
$statement->bindParam(':password', $password, PDO::PARAM_STR);
$statement->bindParam(':ip', $ip, PDO::PARAM_STR);
$statement->bindParam(':user_level', $user_level, PDO::PARAM_STR);
try
{
$statement->execute();
$success = "You are now registered. You can now log in";
}
catch(PDOException $e)
{
echo $e;
$failed = "Registration failed. Please try again";
}
}
$db = null;
}
Completed block of PHP code
$fl = "../"; //this is for folder location for my custom js and css files
include '../includes/header.php'; //database connection included in header.
function trim_data($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if(isset($_POST['submit']))
{
$errors = array();
if(!empty($_POST['name']))
{
$name= trim_data($_POST['name']);
}
else
{
$errors['name'] = Name required;
}
if(empty($_POST['email']))
{
$errors['email'] = Email required;
}
else
{
if(!empty($_POST['email']))
{
$email = trim_data($_POST['email']);
//check if email is registered
$sql = "SELECT email FROM users WHERE email = '$email'";
$statement = $db->prepare($sql);
$statement->execute();
$result = $statement->fetchAll();
$total_row = $statement->rowCount();
if($total_row > 0)
{
$errors['email'] = "The email you entered is already registered. Try again";
}
else
{
$email = trim_data($_POST['email']);
}
}
}
if(empty($_POST['username']))
{
$errors['username'] = "Username required";
}
else
{
if(!empty($_POST['username']))
{
$username = trim_data($_POST['username']);
//check if email is registered
$sql = "SELECT username FROM users WHERE username = '$username'";
$statement = $db->prepare($sql);
$statement->execute();
$result = $statement->fetchAll();
$total_row = $statement->rowCount();
if($total_row > 0)
{
$errors['username'] = "The username you entered is already registered. Try again";
}
else
{
$username = trim_data($_POST['username']);
}
}
}
if(!empty($_POST['password']))
{
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
}
else
{
$errors['password'] = "Password required";
}
$ip = $_SERVER['REMOTE_ADDR']; //optional
$user_level = 'user'; //or whatever you want
$total_errors = count($errors);
if($total_errors > 0)
{
$reg_failed = implode("\n", $errors);
}
else
{
$sql = "INSERT INTO users (name, email, username, password, ip, user_level) VALUES (:name, :email, :username, :password, :ip, :user_level)";
$statement = $db->prepare($sql);
$statement->bindParam(':name', $name, PDO::PARAM_STR);
$statement->bindParam(':email', $email, PDO::PARAM_STR);
$statement->bindParam(':username', $username, PDO::PARAM_STR);
$statement->bindParam(':password', $password, PDO::PARAM_STR);
$statement->bindParam(':ip', $ip, PDO::PARAM_STR);
$statement->bindParam(':user_level', $user_level, PDO::PARAM_STR);
try
{
$statement->execute();
$success = "You are now registered. You can now log in";
}
catch(PDOException $e)
{
echo $e;
$failed = "Registration failed. Please try again";
}
}
$db = null;
}
Place this bock of code above the form tags. These will output errors and success alerts
if(isset($success))
{
echo $success;
}
if(isset($failed))
{
echo $failed;
}
if(isset($reg_failed))
{
echo $reg_failed;
}