I appreciate everyones help very much. Flood, most of the stuff you said i had trouble adding... I fixed the tinyint thing, and made sure the script used die() when it didnt work. Here is the new and improved WORKING script, but im not sure what you meant about someone being able to bypass... I dont have the login page made yet, not sure how either. Heres the code:
Code: Select all
<body bgcolor=#879FAD>
<center><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
<?php
$_POST['username'] = addslashes($_POST['username']);
$_POST['password'] = addslashes($_POST['password']);
$_POST['email'] = addslashes($_POST['email']);
$file = "disp.php";
if($password == '' or $username == '' or $email == '') {
echo "<font color=white>Please press the back button and fill in all the required fields.";
die();
}
$link = mysql_connect("localhost", "Drachlen", "*")
or die("Could not connect");
mysql_select_db("game", $link) or die("Could not select database");
$name_check = mysql_query("SELECT username FROM users WHERE username='$username'", $link) or die(mysql_error());
if (mysql_num_rows($name_check) == 1) {
echo "<font color=white>The username you submitted is already taken. Please use the back button and type in a new one.";
die();
} else {
include($file);
mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')", $link) or die("Could not select database");
mysql_close($link);
}
?>
Everything is working, but when i tried modifying the variables that were going to be written into the table it messed up, not sure how i would add the $_POST part.. Also, how could i add isset or empty to the string im currently using with all the 'or' statements? And yes, i do have a code to check if the email is valid, and ill eventually have it dispatch an email with a validation link, but not going to worry about that yet.
Also, incase this is needed, here is disp.php:
Code: Select all
<?php
echo "
<table border=0 cellspacing=1 cellpadding=0 width=150>
<tr>
<td colspan=2 bgcolor=#3D4E57><center><font color=#AABCC6>Account Information:</td>
</tr>
<tr>
<td bgcolor=#4E636E width=50%><font color=#879FAD> Name:</td><td bgcolor=#4E636E width=50%><font color=#879FAD> $username </td>
</tr>
<tr>
<td bgcolor=#4E636E width=50%><font color=#879FAD> Password:</td><td bgcolor=#4E636E width=50%><font color=#879FAD> $password </td>
</tr>
<tr>
<td bgcolor=#4E636E width=50%><font color=#879FAD> E-mail:</td><td bgcolor=#4E636E width=50%><font color=#879FAD> $email </td>
</tr>
</tr>
</table>
";
?>
Thanks so much everyone, this is actually working out alot better than i thought it would, when i look at mysql it looks foreign, but now im starting to understand it.