



<section class="content-header">
<div class="container">
<div class="row latest-job margin-top-50 margin-bottom-20 bg-white">
<h1 class="text-center margin-bottom-20">CREATE YOUR PROFILE</h1>
<form method="post" id="registerCandidates" action="adduser.php" enctype="multipart/form-data">
<div class="col-md-6 latest-job ">
<div class="form-group">
<input class="form-control input-lg" type="text" id="fname" name="fname" placeholder="First Name *" required>
<div class="form-group">
<input class="form-control input-lg" type="text" id="lname" name="lname" placeholder="Last Name *" required>
<div class="form-group">
<input class="form-control input-lg" type="text" id="email" name="email" placeholder="Email *" required>
<div class="form-group">
<textarea class="form-control input-lg" rows="4" id="aboutme" name="aboutme" placeholder="Brief intro about yourself *" required></textarea>
<div class="form-group">
<label>Date Of Birth</label>
<input class="form-control input-lg" type="date" id="dob" min="1960-01-01" max="1999-01-31" name="dob" placeholder="Date Of Birth">
<div class="form-group">
<input class="form-control input-lg" type="text" id="age" name="age" placeholder="Age" readonly>
<div class="form-group">
<label>Passing Year</label>
<input class="form-control input-lg" type="date" id="passingyear" name="passingyear" placeholder="Passing Year">
<div class="form-group">
<input class="form-control input-lg" type="text" id="qualification" name="qualification" placeholder="Highest Qualification">
<div class="form-group">
<input class="form-control input-lg" type="text" id="stream" name="stream" placeholder="Stream">
<div class="form-group checkbox">
<label><input type="checkbox"> I accept terms & conditions</label>
<div class="form-group">
<button class="btn btn-flat btn-success">Register</button>
//If User already registered with this email then show error message.
if(isset($_SESSION['registerError'])) {
<div class="form-group">
<label style="color: red;">Email Already Exists! Choose A Different Email!</label>
unset($_SESSION['registerError']); }
<?php if(isset($_SESSION['uploadError'])) { ?>
<div class="form-group">
<label style="color: red;"><?php echo $_SESSION['uploadError']; ?></label>
<?php unset($_SESSION['uploadError']); } ?>     
<div class="col-md-6 latest-job ">
<div class="form-group">
<input class="form-control input-lg" type="password" id="password" name="password" placeholder="Password *" required>
<div class="form-group">
<input class="form-control input-lg" type="password" id="cpassword" name="cpassword" placeholder="Confirm Password *" required>
<div id="passwordError" class="btn btn-flat btn-danger hide-me" >
Password Mismatch!! 
<div class="form-group">
<input class="form-control input-lg" type="text" id="contactno" name="contactno" minlength="10" maxlength="10" onkeypress="return validatePhone(event);" placeholder="Phone Number">
<div class="form-group">
<textarea class="form-control input-lg" rows="4" id="address" name="address" placeholder="Address"></textarea>
<div class="form-group">
<input class="form-control input-lg" type="text" id="city" name="city" placeholder="City">
<div class="form-group">
<input class="form-control input-lg" type="text" id="state" name="state" placeholder="State">
<div class="form-group">
<textarea class="form-control input-lg" rows="4" id="skills" name="skills" placeholder="Enter Skills"></textarea>
<div class="form-group">
<input class="form-control input-lg" type="text" id="designation" name="designation" placeholder="Designation">
<div class="form-group">
<label style="color: red;">File Format PDF Only!</label>
<input type="file" name="resume" class="btn btn-flat btn-danger" required>



//To Handle Session Variables on This Page
//Including Database Connection From db.php file to avoid rewriting in all files
//If user clicked register button
if(isset($_POST)) {
	//Escape Special Characters In String First
	$firstname = mysqli_real_escape_string($conn, $_POST['fname']);
	$lastname = mysqli_real_escape_string($conn, $_POST['lname']);
	$address = mysqli_real_escape_string($conn, $_POST['address']);
	$city = mysqli_real_escape_string($conn, $_POST ['city']);
	$state = mysqli_real_escape_string($conn, $_POST ['state']);
	$contactno = mysqli_real_escape_string($conn, $_POST ['contactno']);
	$qualification = mysqli_real_escape_string($conn, $_POST ['qualification']);
	$stream = mysqli_real_escape_string ($conn, $_POST['stream']);
	$passingyear = mysqli_real_escape_string($conn, $_POST['passingyear']);
	$dob = mysqli_real_escape_string($conn, $_POST['dob']);
	$age = mysqli_real_escape_string($conn, $_POST['age']);
	$designation = mysqli_real_escape_string($conn, $_POST['designation']);
	$aboutme = mysqli_real_escape_string($conn, $_POST['aboutme']);
	$skills = mysqli_real_escape_string($conn, $_POST['skills']);
	$email = mysqli_real_escape_string($conn, $_POST['email']);
	$password = mysqli_real_escape_string($conn, $_POST['password']);
	//Encrypt Password
	$password = base64_encode(strrev(md5($password)));
	//sql query to check if email already exists or not
	$sql = "SELECT email FROM users WHERE email='$email'";
	$result = $conn->query($sql);
	//if email not found then we can insert new data
	if($result->num_rows == 0) {
			//This variable is used to catch errors doing upload process. False means there is some error and we need to notify that user.
		$uploadOk = true;
		//Folder where you want to save your image. THIS FOLDER MUST BE CREATED BEFORE TRYING
		$folder_dir = "uploads/resume/";
		//Getting Basename of file. So if your file location is Documents/New Folder/myResume.pdf then base name will return myResume.pdf
		$base = basename($_FILES['resume']['name']); 
		//This will get us extension of your file. So myimage.pdf will return pdf. If it was image.doc then this will return doc.
		$imageFileType = pathinfo($base, PATHINFO_EXTENSION); 
		//Setting a random non repeatable file name. Uniqid will create a unique name based on current timestamp. We are using this because no two files can be of same name as it will overwrite.
		$file = uniqid() . "." . $resumeFileType; 
		//This is where your files will be saved so in this case it will be uploads/image/newfilename
		$filename = $folder_dir .$file;  
		//We check if file is saved to our temp location or not.
		if(file_exists($_FILES['resume']['tmp_name'])) { 
			//Next we need to check if file type is of our allowed extention or not. I have only allowed pdf. You can allow doc, jpg etc. 
			if($resumeFileType == "pdf")  {
				//Next we need to check file size with our limit size. I have set the limit size to 5MB. Note if you set higher than 2MB then you must change your php.ini configuration and change upload_max_filesize and restart your server
				if($_FILES['resume']['size'] < 500000) { // File size is less than 5MB
					//If all above condition are met then copy file from server temp location to uploads folder.
					move_uploaded_file($_FILES["resume"]["tmp_name"], $filename);
				} else {
					//Size Error
					$_SESSION['uploadError'] = "Wrong Size. Max Size Allowed : 5MB";
					$uploadOk = false;
			} else {
				//Format Error
				$_SESSION['uploadError'] = "Wrong Size. Max Size Allowed : 5MB ";
				$uploadOk = false;
		} else {
				//File not copied to temp location error.
				$_SESSION['uploadError'] = "Something Went Wrong. File Not Uploaded. Try Again.";
				$uploadOk = false;
		//If there is any error then redirect back.
		if($uploadOk == false) {
			header("Location: register-candidates.php");
		//sql new registration insert query
				$sql = "INSERT INTO users(firstname, lastname, email, password, address, city, state, contactno, qualification, stream, passingyear, dob, age, designation, resume, hash, aboutme, skills) VALUES ('$firstname', '$lastname', '$email', '$password', '$address', '$city', '$state', '$contactno', '$qualification', '$stream', '$passingyear', '$dob', '$age', '$designation', '$file', '$hash', '$aboutme', '$skills')";
		if($conn->query($sql)===TRUE) {
			//If data inserted successfully then Set some session variables for easy reference and redirect to company login
			$_SESSION['registerCompleted'] = true;
			header("Location: login-candidates.php");
		} else {
			//If data failed to insert then show that error. Note: This condition should not come unless we as a developer make mistake or someone tries to hack their way in and mess up :D
			echo "Error " . $sql . "<br>" . $conn->error;
	} else {
		//if email found in database then show email already exists error.
		$_SESSION['registerError'] = true;
		header("Location: register-candidates.php");
	//Close database connection. Not compulsory but good practice.
} else {
	//redirect them back to register page if they didn't click register button
	header("Location: register-candidates.php");



  • 尝试从ManagementInterface中的SQL命令直接插入数据
  • 当您到达register.php时,尝试对从表单中获得的每个输入回显$var|var_dump($var(
  • 试着看看你是否达到了你的条件,比如if(isset($_POST["var"]&&!empty($_POST["var"]((,但如果你能回显它们,它就不在这里了,你必须搜索





