Well, if you only check the login, then why *just write
$sql = mysql_query("SELECT login FROM ".$table." WHERE `login` = '".mysql_real_escape_string($login)."'");
- to everything, well, registration is clear, but if the user forgot the password, how can he restore it? where is the insertion of emailat least?
Something like that.
Answer 1, authority 100%
error_reporting(E_ALL);– Must be at the very top
if ($login == '' or $pass == '')– Should be before we started doing anything with the base
if (mysql_num_rows ($sql) > 0)replace with
if ($sql !== FALSE and mysql_num_rows ($sql) > 0)or even check
$sql !== FALSEseparately, as it may happen that SELECT returned an error
From what can be improved:
- Don’t do it every time:
mysql_real_escape_string($login), but do it once
if (isset ($_POST['ok']))
if( isset($_SERVER,$_SERVER['REQUEST_METHOD']) and $_SERVER['REQUEST_METHOD'] == 'POST' )
Answer 2, authority 100%
I would swap blocks for filling in the fields (you need to do it first) and checking if the nickname is busy. And in the filling check, I would put three equalities, not two (the check still goes to an empty space, and not to a numerical zero).
Moreover, the login must immediately be translated into a variable in
Before that, it’s true to cut off characters that should not be (forbidden), but in general, everything is more or less normal.
One of the rules, after sending the data, for example, by POST, redirect to the page with the output of the operation result. Otherwise, when you press F5 again, a shocking window about resending data will pop up.