real_escape_string($_POST['username']); $email = $mysqli->real_escape_string($_POST['email']); $password = md5($_POST['password']); //md5 has password for security $avatar_path = $mysqli->real_escape_string('images/'.$_FILES['avatar']['name']); //make sure the file type is image if (preg_match("!image!",$_FILES['avatar']['type'])) { //copy image to images/ folder if (copy($_FILES['avatar']['tmp_name'], $avatar_path)){ //set session variables $_SESSION['username'] = $username; $_SESSION['avatar'] = $avatar_path; //insert user data into database $sql = "INSERT INTO users (username, email, password, avatar) " . "VALUES ('$username', '$email', '$password', '$avatar_path')"; //if the query is successsful, redirect to welcome.php page, done! if ($mysqli->query($sql) === true){ $_SESSION['message'] = "Registration succesful! Added $username to the database!"; header("location: welcome.php"); } else { $_SESSION['message'] = 'User could not be added to the database!'; } $mysqli->close(); } else { $_SESSION['message'] = 'File upload failed!'; } } else { $_SESSION['message'] = 'Please only upload GIF, JPG or PNG images!'; } } else { $_SESSION['message'] = 'Two passwords do not match!'; } } ?>

Create an account