Home arrow PHP arrow Page 3 - Building Site Registration for Web Application Security

Username and Password - PHP

In this article we will be exploring the registration script of our site. This script is responsible for registering new users for the website. We will also be looking at database security; since the registration script also uses a database table, we will implement some of the concepts that we will be discussing. This article is the sixth part of an eight-part series on web application security.

  1. Building Site Registration for Web Application Security
  2. The Code Explained
  3. Username and Password
  4. The HTML Form continued
By: David Web
Rating: starstarstarstarstar / 5
October 27, 2008

print this article



We then compare the two passwords that the user provided in the form. This is just to make sure that the passwords match before we insert it into the database:

if("$pw1" !== "$pw2" ){

print "your confirmation password has been mistyped or is empty,please try again";

$conf="your confirmation password has been mistyped or is empty,please try again";



The next step is to check that the user name which the new user provided does not already exist in the database. To do this we need to connect to the database server, and then run a query to see if the username is found:

//connect to the db server , check if uname exist


$query="Select name from user where uname='$name'";

$result= mysql_query($query);

We use the $num variable to see if the query returned any results. If there are results, then it means that there already is a name that is the same as the one provided by the user, in which case an appropriate error message is sent:


if ($num > 0) {//Username already exist

print "The username is already taken,please try again";

$taken="The username is already taken,please try again";

print "<p><a href=http://localhost/loginscript/register.php>Click here to try again.</a></p>";


Otherwise, the name provided by the user does not exists in the database, so the new details of the user are inserted in the database, the appropriate query string value is set, and the user is directed to the login page:


//if username does not exist insert user details

$query="INSERT INTO users (uname, pw,email) VALUES ('$name',password('$pw1'),'$email')"

if (@mysql_query ($query)) {

//print "Your details have been added";







The HTML form is responsible for collecting the registration information from the user. The actual form code is detailed and explained below. 

The first line in the code declares the form header, which includes the name of the form, the method that the form uses to send information, onsubmit and finally the name of the script that processes the form data:

<form name="form1" action="register.php" method="post" onSubmit="return checkform(this)" >

A table is then created that will contain the actual form elements:

<table width="657" border="0">


<td width="122"><div align="left">Name</div></td>

The first element of the form takes the name of the user:

<td width="525"><input name="name" type="text" size="40"></td>



>>> More PHP Articles          >>> More By David Web

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates


Dev Shed Tutorial Topics: