Page 1 of 1

Mysql error..

Posted: Wed Jun 25, 2003 9:03 pm
by Drachlen
Okay, this is my first time working with mysql, and of course, i have a problem. Heres the code:

Code: Select all

<?php
    $link = mysql_connect("localhost", "*", "*")
        or die("Could not connect");

    mysql_select_db("game") or die("Could not select database");

mysql_query("INSERT INTO users (username,password,email) VALUES ('$username','$password','$email') or die("Error creating account");
    mysql_close($link);
?>
And the error:
Parse error: parse error in C:\apache\htdocs\my\1.php on line 7

After you type in name, password, and email, it forwards to this page to add the information..

Posted: Wed Jun 25, 2003 9:29 pm
by nasr
I think this is what you need to do...

Code: Select all

<?php
$link = mysql_connect("localhost", "*", "*") or die("could not connect");

mysql_select_db("game", $link) or die("Could not select database");

mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')", $link); or die ("Error creating account");

mysql_close($link);
?>
Nas... :roll:

Posted: Wed Jun 25, 2003 9:56 pm
by Drachlen
Thanks man, it works now. How would i go about making sure 2 people cant make the same account name, and how could i display the contents of the table?

Posted: Wed Jun 25, 2003 11:04 pm
by nasr
If you did a search in this forum you woul've found a lot of topics about your questions. Also the MYSQL.ORG website has a lot of good info. You should check it out.

to check if the user already exists.

viewtopic.php?t=8640&highlight=sign


to retrieve data from mysql.

http://www.mysql.com/doc/en/SELECT.html


Nas. :roll:

Posted: Wed Jun 25, 2003 11:20 pm
by nasr
and this one is from PHP.net

http://us3.php.net/manual/en/ref.msql.php



Nas. :roll:

Posted: Thu Jun 26, 2003 1:44 am
by Drachlen
Thank you, once again.. got a new problem though...

Heres the code:

Code: Select all

<body bgcolor=#879FAD>
<center><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
<?php
$file = "disp.php";

    $link = mysql_connect("localhost", "Drachlen", "*")
        or die("Could not connect");
    mysql_select_db("game", $link) or die("Could not select database");
$name_check = mysql_query("SELECT username FROM users WHERE username='$username'", $link) or die(mysql_error());


if($password == '' or $username == '' or $email == '') {
echo "<font color=white>Please press the back button and fill in all the required boxes.";

}
if (mysql_num_rows($name_check) == 1) {
echo "<font color=white>The username you submitted is already taken. Please use the back button and type in a new one.";

} else {
include($file);
mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')", $link) or die("Could not select database");
    mysql_close($link);
}
?>
When i dont type in all boxes, it displays the message which says to go back, along with the include file... It also allows me to type in the same name multiple times... I might not even have my table set up right, i know i have all 3 fields, but when i was using phpmyadmin to make it, i left their values all type: tinyint(30), is this a problem?

Posted: Thu Jun 26, 2003 7:06 am
by Flood
Hi!

If I have understood it well, you have used field types TINYINT(30) to store strings? If so, I will refer you to http://www.mysql.com/doc/en/Numeric_types.html. What you should use instead is VARCHAR for instance...

Something different, you should be careful when selecting tuples in the database, through your query "SELECT username FROM users WHERE username='$username'"; with something like that, I can - and I certainly am not the only one in this case - a priori have any kind of information about your database or at least bypass your login page... Have a look at function like addSlashes for instance; you will understand better what I mean then...
And you should not launch the request if you do not receive any value for $username...
Then, you should replace =='' by functions such as empty or isset... and perhaps use a regular expression to check that the email syntax is correct :)
Lastly, my piece of advise is to use $_POST['variable_name'] instead of directly $variable_name...

Hope it helps.

/Flood[/b]

Posted: Thu Jun 26, 2003 7:36 am
by Drachlen
I appreciate everyones help very much. Flood, most of the stuff you said i had trouble adding... I fixed the tinyint thing, and made sure the script used die() when it didnt work. Here is the new and improved WORKING script, but im not sure what you meant about someone being able to bypass... I dont have the login page made yet, not sure how either. Heres the code:

Code: Select all

<body bgcolor=#879FAD>
<center><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
<?php
$_POST['username'] = addslashes($_POST['username']);
$_POST['password'] = addslashes($_POST['password']);
$_POST['email'] = addslashes($_POST['email']);
$file = "disp.php";

if($password == '' or $username == '' or $email == '') {
echo "<font color=white>Please press the back button and fill in all the required fields.";
die();
}

    $link = mysql_connect("localhost", "Drachlen", "*")
        or die("Could not connect");
    mysql_select_db("game", $link) or die("Could not select database");
$name_check = mysql_query("SELECT username FROM users WHERE username='$username'", $link) or die(mysql_error());



if (mysql_num_rows($name_check) == 1) {
echo "<font color=white>The username you submitted is already taken. Please use the back button and type in a new one.";
die();
} else {
include($file);
mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')", $link) or die("Could not select database");
    mysql_close($link);
}
?>
Everything is working, but when i tried modifying the variables that were going to be written into the table it messed up, not sure how i would add the $_POST part.. Also, how could i add isset or empty to the string im currently using with all the 'or' statements? And yes, i do have a code to check if the email is valid, and ill eventually have it dispatch an email with a validation link, but not going to worry about that yet.

Also, incase this is needed, here is disp.php:

Code: Select all

<?php
echo "
<table border=0 cellspacing=1 cellpadding=0 width=150>
<tr>
<td colspan=2 bgcolor=#3D4E57><center><font color=#AABCC6>Account Information:</td>
</tr>
<tr>
<td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;&nbsp;Name:</td><td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;$username&nbsp;&nbsp;</td>
</tr>
<tr>
<td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;&nbsp;Password:</td><td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;$password&nbsp;&nbsp;</td>
</tr>
<tr>
<td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;&nbsp;E-mail:</td><td bgcolor=#4E636E width=50%><font color=#879FAD>&nbsp;$email&nbsp;&nbsp;</td>
</tr>
</tr>
</table>
";

?>
Thanks so much everyone, this is actually working out alot better than i thought it would, when i look at mysql it looks foreign, but now im starting to understand it.

Posted: Thu Jun 26, 2003 10:49 pm
by Drachlen
Okay, I've added some more stuff, and i searched like you suggested, i couldnt find anything adressing this.. I want to use the sessions, but connecting to the table that holds all the info..

Here is my create account page, i dont know why im posting it really, it works perfectly, maybe it will be useful to others, or you can see some areas that should be coded different...

Code: Select all

<body bgcolor=#879FAD>
<center><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
<?php
$_POST['username'] = addslashes($_POST['username']);
$_POST['password'] = addslashes($_POST['password']);
$_POST['email'] = addslashes($_POST['email']);
$file = "disp.php";

function is_email_valid($email) {  

  if(eregi("^[a-z0-9._-]+@+[a-z0-9._-]+.+[a-z]{2,3}$", $email)) return TRUE;  

  else return FALSE;  

} 
if (is_email_valid($email)) { 
} else {
echo "<font color=white>You must use a proper email. Please press the back button and type in a new one.";
die();
}
function is_username_valid($username) {  

  if(eregi("^[a-z0-9]", $username)) return TRUE;  

  else return FALSE;  

} 
if (is_username_valid($username)) { 
} else {
echo "<font color=white>The username you have entered contains invalid characters. Please press the back button and type in a new one.";
die();
}
if($password == '') {
echo "<font color=white>Please press the back button and fill in all the required fields.";
die();
}

    $link = mysql_connect("localhost", "Drachlen", "*")
        or die("Could not connect");
    mysql_select_db("game", $link) or die("Could not select database");
$name_check = mysql_query("SELECT username FROM users WHERE username='$username'", $link) or die(mysql_error());



if (mysql_num_rows($name_check) == 1) {
echo "<font color=white>The username you submitted is already taken. Please use the back button and type in a new one.";
die();
} else {
include($file);
mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')", $link) or die("Could not select database");
    mysql_close($link);
}
?>

Posted: Fri Jun 27, 2003 5:43 am
by Drachlen
Okay.. I got a working script for displaying the fields from the table, but it doesnt display EVERY one... Its also confusing to arrange them.. What do i need to change to display every row?

Code: Select all

<?php
    $link = mysql_connect("localhost", "Drachlen", "*")
        or die("Could not connect");
    mysql_select_db("game", $link) or die("Could not select database");
$query = MYSQL_QUERY("SELECT * FROM users"); 
$count = count($query); 
$row = MYSQL_NUM_ROWS($query); 
for ($i = 1; $i <= $row; $i++) { 
$fetch = MYSQL_FETCH_ROW($query); 
$i2 = 0; 
while ($count >= $i2) { 
echo "$fetch[$i2]"; 
$i2++; 
} 
$i++; 
} 
?>

Posted: Fri Jun 27, 2003 6:00 am
by ILoveJackDaniels

Code: Select all

<?php 
    $link = mysql_connect("localhost", "Drachlen", "*") 
        or die("Could not connect"); 
    mysql_select_db("game", $link) or die("Could not select database"); 
    $query = MYSQL_QUERY("SELECT * FROM users"); 
    while ($fetch=mysql_fetch_array($query)) {
      echo "$fetch[username], $fetch[password], $fetch[email]"; 
    }
?>
That should do it.