Mysql error..

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Drachlen
Forum Contributor
Posts: 153
Joined: Fri Apr 25, 2003 1:16 am

Mysql error..

Post by Drachlen »

Okay, this is my first time working with mysql, and of course, i have a problem. Heres the code:

Code: Select all

<?php
    $link = mysql_connect("localhost", "*", "*")
        or die("Could not connect");

    mysql_select_db("game") or die("Could not select database");

mysql_query("INSERT INTO users (username,password,email) VALUES ('$username','$password','$email') or die("Error creating account");
    mysql_close($link);
?>
And the error:
Parse error: parse error in C:\apache\htdocs\my\1.php on line 7

After you type in name, password, and email, it forwards to this page to add the information..
nasr
Forum Newbie
Posts: 13
Joined: Wed Jun 25, 2003 9:29 pm
Location: Cali

Post by nasr »

I think this is what you need to do...

Code: Select all

<?php
$link = mysql_connect("localhost", "*", "*") or die("could not connect");

mysql_select_db("game", $link) or die("Could not select database");

mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')", $link); or die ("Error creating account");

mysql_close($link);
?>
Nas... :roll:
Last edited by nasr on Wed Jun 25, 2003 10:28 pm, edited 1 time in total.
Drachlen
Forum Contributor
Posts: 153
Joined: Fri Apr 25, 2003 1:16 am

Post by Drachlen »

Thanks man, it works now. How would i go about making sure 2 people cant make the same account name, and how could i display the contents of the table?
nasr
Forum Newbie
Posts: 13
Joined: Wed Jun 25, 2003 9:29 pm
Location: Cali

Post by nasr »

If you did a search in this forum you woul've found a lot of topics about your questions. Also the MYSQL.ORG website has a lot of good info. You should check it out.

to check if the user already exists.

viewtopic.php?t=8640&highlight=sign


to retrieve data from mysql.

http://www.mysql.com/doc/en/SELECT.html


Nas. :roll:
nasr
Forum Newbie
Posts: 13
Joined: Wed Jun 25, 2003 9:29 pm
Location: Cali

Post by nasr »

and this one is from PHP.net

http://us3.php.net/manual/en/ref.msql.php



Nas. :roll:
Drachlen
Forum Contributor
Posts: 153
Joined: Fri Apr 25, 2003 1:16 am

Post by Drachlen »

Thank you, once again.. got a new problem though...

Heres the code:

Code: Select all

<body bgcolor=#879FAD>
<center><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
<?php
$file = "disp.php";

    $link = mysql_connect("localhost", "Drachlen", "*")
        or die("Could not connect");
    mysql_select_db("game", $link) or die("Could not select database");
$name_check = mysql_query("SELECT username FROM users WHERE username='$username'", $link) or die(mysql_error());


if($password == '' or $username == '' or $email == '') {
echo "<font color=white>Please press the back button and fill in all the required boxes.";

}
if (mysql_num_rows($name_check) == 1) {
echo "<font color=white>The username you submitted is already taken. Please use the back button and type in a new one.";

} else {
include($file);
mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')", $link) or die("Could not select database");
    mysql_close($link);
}
?>
When i dont type in all boxes, it displays the message which says to go back, along with the include file... It also allows me to type in the same name multiple times... I might not even have my table set up right, i know i have all 3 fields, but when i was using phpmyadmin to make it, i left their values all type: tinyint(30), is this a problem?
Flood
Forum Newbie
Posts: 11
Joined: Wed Jun 25, 2003 4:52 pm

Post by Flood »

Hi!

If I have understood it well, you have used field types TINYINT(30) to store strings? If so, I will refer you to http://www.mysql.com/doc/en/Numeric_types.html. What you should use instead is VARCHAR for instance...

Something different, you should be careful when selecting tuples in the database, through your query "SELECT username FROM users WHERE username='$username'"; with something like that, I can - and I certainly am not the only one in this case - a priori have any kind of information about your database or at least bypass your login page... Have a look at function like addSlashes for instance; you will understand better what I mean then...
And you should not launch the request if you do not receive any value for $username...
Then, you should replace =='' by functions such as empty or isset... and perhaps use a regular expression to check that the email syntax is correct :)
Lastly, my piece of advise is to use $_POST['variable_name'] instead of directly $variable_name...

Hope it helps.

/Flood[/b]
Drachlen
Forum Contributor
Posts: 153
Joined: Fri Apr 25, 2003 1:16 am

Post by Drachlen »

I appreciate everyones help very much. Flood, most of the stuff you said i had trouble adding... I fixed the tinyint thing, and made sure the script used die() when it didnt work. Here is the new and improved WORKING script, but im not sure what you meant about someone being able to bypass... I dont have the login page made yet, not sure how either. Heres the code:

Code: Select all

<body bgcolor=#879FAD>
<center><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
<?php
$_POST['username'] = addslashes($_POST['username']);
$_POST['password'] = addslashes($_POST['password']);
$_POST['email'] = addslashes($_POST['email']);
$file = "disp.php";

if($password == '' or $username == '' or $email == '') {
echo "<font color=white>Please press the back button and fill in all the required fields.";
die();
}

    $link = mysql_connect("localhost", "Drachlen", "*")
        or die("Could not connect");
    mysql_select_db("game", $link) or die("Could not select database");
$name_check = mysql_query("SELECT username FROM users WHERE username='$username'", $link) or die(mysql_error());



if (mysql_num_rows($name_check) == 1) {
echo "<font color=white>The username you submitted is already taken. Please use the back button and type in a new one.";
die();
} else {
include($file);
mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')", $link) or die("Could not select database");
    mysql_close($link);
}
?>
Everything is working, but when i tried modifying the variables that were going to be written into the table it messed up, not sure how i would add the $_POST part.. Also, how could i add isset or empty to the string im currently using with all the 'or' statements? And yes, i do have a code to check if the email is valid, and ill eventually have it dispatch an email with a validation link, but not going to worry about that yet.

Also, incase this is needed, here is disp.php:

Code: Select all

<?php
echo "
<table border=0 cellspacing=1 cellpadding=0 width=150>
<tr>
<td colspan=2 bgcolor=#3D4E57><center><font color=#AABCC6>Account Information:</td>
</tr>
<tr>
<td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;&nbsp;Name:</td><td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;$username&nbsp;&nbsp;</td>
</tr>
<tr>
<td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;&nbsp;Password:</td><td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;$password&nbsp;&nbsp;</td>
</tr>
<tr>
<td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;&nbsp;E-mail:</td><td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;$email&nbsp;&nbsp;</td>
</tr>
</tr>
</table>
";

?>
Thanks so much everyone, this is actually working out alot better than i thought it would, when i look at mysql it looks foreign, but now im starting to understand it.
Drachlen
Forum Contributor
Posts: 153
Joined: Fri Apr 25, 2003 1:16 am

Post by Drachlen »

Okay, I've added some more stuff, and i searched like you suggested, i couldnt find anything adressing this.. I want to use the sessions, but connecting to the table that holds all the info..

Here is my create account page, i dont know why im posting it really, it works perfectly, maybe it will be useful to others, or you can see some areas that should be coded different...

Code: Select all

<body bgcolor=#879FAD>
<center><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
<?php
$_POST['username'] = addslashes($_POST['username']);
$_POST['password'] = addslashes($_POST['password']);
$_POST['email'] = addslashes($_POST['email']);
$file = "disp.php";

function is_email_valid($email) {  

  if(eregi("^[a-z0-9._-]+@+[a-z0-9._-]+.+[a-z]{2,3}$", $email)) return TRUE;  

  else return FALSE;  

} 
if (is_email_valid($email)) { 
} else {
echo "<font color=white>You must use a proper email. Please press the back button and type in a new one.";
die();
}
function is_username_valid($username) {  

  if(eregi("^[a-z0-9]", $username)) return TRUE;  

  else return FALSE;  

} 
if (is_username_valid($username)) { 
} else {
echo "<font color=white>The username you have entered contains invalid characters. Please press the back button and type in a new one.";
die();
}
if($password == '') {
echo "<font color=white>Please press the back button and fill in all the required fields.";
die();
}

    $link = mysql_connect("localhost", "Drachlen", "*")
        or die("Could not connect");
    mysql_select_db("game", $link) or die("Could not select database");
$name_check = mysql_query("SELECT username FROM users WHERE username='$username'", $link) or die(mysql_error());



if (mysql_num_rows($name_check) == 1) {
echo "<font color=white>The username you submitted is already taken. Please use the back button and type in a new one.";
die();
} else {
include($file);
mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')", $link) or die("Could not select database");
    mysql_close($link);
}
?>
Drachlen
Forum Contributor
Posts: 153
Joined: Fri Apr 25, 2003 1:16 am

Post by Drachlen »

Okay.. I got a working script for displaying the fields from the table, but it doesnt display EVERY one... Its also confusing to arrange them.. What do i need to change to display every row?

Code: Select all

<?php
    $link = mysql_connect("localhost", "Drachlen", "*")
        or die("Could not connect");
    mysql_select_db("game", $link) or die("Could not select database");
$query = MYSQL_QUERY("SELECT * FROM users"); 
$count = count($query); 
$row = MYSQL_NUM_ROWS($query); 
for ($i = 1; $i <= $row; $i++) { 
$fetch = MYSQL_FETCH_ROW($query); 
$i2 = 0; 
while ($count >= $i2) { 
echo "$fetch[$i2]"; 
$i2++; 
} 
$i++; 
} 
?>
User avatar
ILoveJackDaniels
Forum Commoner
Posts: 43
Joined: Mon May 20, 2002 8:18 am
Location: Brighton, UK

Post by ILoveJackDaniels »

Code: Select all

<?php 
    $link = mysql_connect("localhost", "Drachlen", "*") 
        or die("Could not connect"); 
    mysql_select_db("game", $link) or die("Could not select database"); 
    $query = MYSQL_QUERY("SELECT * FROM users"); 
    while ($fetch=mysql_fetch_array($query)) {
      echo "$fetch[username], $fetch[password], $fetch[email]"; 
    }
?>
That should do it.
Post Reply