made register secure (hopefuly) and added the actual forms

register.php

@@ -4,28 +4,33 @@ require_once 'config.php';
 
 // Handle registration form submission
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    $username = $_POST['username'];
-    $email = $_POST['email'];
-    $password = $_POST['password'];
-
-    // Hash the password
-    $hashed_password = password_hash($password, PASSWORD_DEFAULT);
-
-    // Prepare and execute the SQL query using prepared statements
-    $query = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
-    $stmt = $mysqli->prepare($query);
-    $stmt->bind_param("sss", $username, $email, $hashed_password);
-
-    // Execute the statement
-    $result = $stmt->execute();
-
-    if ($result) {
-        echo "Registration successful. <a href='login.html'>Login here</a>.";
+    // Validate that required fields are provided
+    if (empty($_POST['username']) || empty($_POST['email']) || empty($_POST['password'])) {
+        echo "Please provide all required fields (username, email, and password).";
     } else {
-        echo "Error: " . $mysqli->error;
-    }
+        $username = $_POST['username'];
+        $email = $_POST['email'];
+        $password = $_POST['password'];
 
-    // Close the statement
-    $stmt->close();
+        // Hash the password
+        $hashed_password = password_hash($password, PASSWORD_DEFAULT);
+
+        // Prepare and execute the SQL query using prepared statements
+        $query = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
+        $stmt = $mysqli->prepare($query);
+        $stmt->bind_param("sss", $username, $email, $hashed_password);
+
+        // Execute the statement
+        $result = $stmt->execute();
+
+        if ($result) {
+            echo "Registration successful. <a href='login.html'>Login here</a>.";
+        } else {
+            echo "Error: " . $mysqli->error;
+        }
+
+        // Close the statement
+        $stmt->close();
+    }
 }
 ?>