Evaluating the registration script

Well, if you only check the login, then why *just write

$sql = mysql_query("SELECT login FROM ".$table."
    WHERE `login` =  '".mysql_real_escape_string($login)."'");
  • to everything, well, registration is clear, but if the user forgot the password, how can he restore it? where is the insertion of emailat least?

Something like that.


Answer 1, authority 100%

From blunders:

  1. error_reporting(E_ALL);– Must be at the very top
  2. if ($login == '' or $pass == '')– Should be before we started doing anything with the base
  3. if (mysql_num_rows ($sql) > 0)replace with if ($sql !== FALSE and mysql_num_rows ($sql) > 0)or even check $sql !== FALSEseparately, as it may happen that SELECT returned an error

From what can be improved:

  1. Don’t do it every time: mysql_real_escape_string($login), but do it once
  2. if (isset ($_POST['ok']))
    replace with if( isset($_SERVER,$_SERVER['REQUEST_METHOD']) and $_SERVER['REQUEST_METHOD'] == 'POST' )

Answer 2, authority 100%

I would swap blocks for filling in the fields (you need to do it first) and checking if the nickname is busy. And in the filling check, I would put three equalities, not two (the check still goes to an empty space, and not to a numerical zero).
Moreover, the login must immediately be translated into a variable in mysql_real_escape_string().
Before that, it’s true to cut off characters that should not be (forbidden), but in general, everything is more or less normal.


Answer 3

One of the rules, after sending the data, for example, by POST, redirect to the page with the output of the operation result. Otherwise, when you press F5 again, a shocking window about resending data will pop up.