Page 1 of 1

error in my simple registration form!

Posted: Fri Jun 19, 2009 11:14 am
by gimpact
Hi,
I am new to php. I was making this simple registration form for my website. Sadly, there are errors in this. Can some one please help me to find the error in this? When i run this script it gives me "database_error" near line 55.

I would like to search the database then find out if the user already exist and then continue with registration. Is there any provision for using "while()" in php, so that, i will do a similarity check between userid and what is already available in database.

Code: Select all

<?php
//Continue the session
session_start();
 
//Make sure that the input come from a posted form. Otherwise quit immediately
if ($_SERVER["REQUEST_METHOD"] <> "POST")
 die(header("Location:error_page.php"));
 
//Check if the security code and the session value are not blank
//and if the input text matches the stored text
if ( ($_REQUEST["txtCaptcha"] == $_SESSION["security_code"]) &&
    (!empty($_REQUEST["txtCaptcha"]) && !empty($_SESSION["security_code"])) ) {
        
        // Create database connection
        $hostname='-';
        $username='-';
        $password='-';
        $dbname='-';
 
        $con = mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
 
        // Check if the connection created
        if(!$con){
        die("Cannot connect. " . mysql_error());
        }
 
        // Check if the database selected
        $dbselect = mysql_select_db($dbname);
        if(!$dbselect) {
    die("Cannot select database " . mysql_error());
        }
        // Get the user data
        $name = $_REQUEST ['_name'];
        $email = $_REQUEST ['_email'];
        $password = $_REQUEST ['_password'];
 
        // Check if there is any null values
        if (empty($name)){
            header("Location:error_page.php");
            exit;
        }
        if (empty($email)){
            header("Location:error_page.php");
            exit;
        }
        if (empty($password)){
            header("Location:error_page.php");
            exit;
        }
        // Search if the user already exist in the database
        $mysql = "SELECT * FROM userdata WHERE email = '".$email."'";
        $result = mysql_query($mysql);
        // If the query failed display error
        if(!$result){
            header("Location:error_page.php"); // [color=#00FF40]<--- Here is the error![/color]
            exit;
        }
        if(($row = mysql_fetch_assoc($result)) == True) {
            // User already exist
            header("Location:error_page.php");
            exit;
        }else{
            // ENcrypt password
            $password = md5($password);
            // Generate Activation Number
            $random = (rand()%1000000);
            $mysql = "INSERT INTO `userdata` (name, email, activationpassword, password, validation, banned)
                      VALUES ('$name', '$email', '$email', $random, $password, 'no', 'no')";
            // Execute mysql query
            $result = mysql_query($mysql);
 
            // If the query failed, display error
            if(!$result){
                header("Location:error_page.php");
                exit;
            }else{
                // Send the activation email to the user
                $to = $email;
                $subject = "activation email";
                $body = "Hi there!";
                if (mail($to, $subject, $body)) {
                    header("Location:thanks.php");
                } else {
                    header("Location:error_page.php");
                }
            }
        }
        mysql_close($con);
}else{
    header("Location:error_page.php");
    exit;
}
?>

Re: error in my simple registration form!

Posted: Fri Jun 19, 2009 11:33 am
by Loki
I'm not sure if I'm getting exactly what the problem is, but if I understand, this might help you out.

It's basically a simple "IF DOES NOT EXIST" function.

Code: Select all

 
function doesExist($data, $table, $field) {
//checks to see if the data provided exists in the database
//returns 0 if false, 1 if true
    $query = "SELECT COUNT(*) FROM " . $table . " WHERE " . $field . " = '" . $data . "'";
    $result = mysql_query($query);
 
    if (mysql_result($result, 0) > 0) {
        $doesExist = 1;
    } else {
        $doesExist = 0;
    }  
 
    return $doesExist;
}
 
When you want something to happen if the user can't be found, just use if($doesExist == 0)
Or if($doesExist == 1) if it's something to be executed if the user does exist.

Re: error in my simple registration form!

Posted: Fri Jun 19, 2009 11:45 am
by Eric!
Ok, when you say an error occurs, you mean your query didn't work? You are not saying there is a code problem right? I don't see one off hand your if statement looks right.

Check the values being passed from _request. How are these sent from your form? Normally _post or _get are used. I think that is your problem and your database code is working because your data is not what you think it is.

Also you are vulnerable to sql injection hacks. Use mysql_real_escape_string() or a function to clean up your form data. See http://www.w3schools.com/php/func_mysql ... string.asp

Re: error in my simple registration form!

Posted: Fri Jun 19, 2009 12:53 pm
by gimpact
Here is my form

Code: Select all

<form name="form2" method="post" action="protected/register.php" id="frmCaptcha">
      <table width="76%"  border="0" align="center">
        <tr>
          <td><div align="center">Email ID will be verified </div></td>
        </tr>
      </table>
      <table width="76%"  border="0" align="center">
        <tr>
          <td width="38%">Nick name (public): </td>
          <td width="62%"><input name="_name" type="text" class="box" size="26"></td>
        </tr>
        <tr>
          <td>Email (Private):</td>
          <td><input name="_email" type="text" class="box" size="26"></td>
        </tr>
        <tr>
          <td>Password:</td>
          <td><input name="_password" type="password" class="box" size="26"></td>
        </tr>
        <tr>
          <td rowspan="2">Spams test </td>
          <td>
              <img id="imgCaptcha" src="protected/create_image.php" />&nbsp; </td>
        </tr>
        <tr>
          <td><input name="txtCaptcha" type="text" class="box" id="txtCaptcha" value="" size="26" maxlength="10" />
          &nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td><input id="btnCaptcha" onclick="getParam(document.frmCaptcha)" name="Submit" type="submit" class="box" value="Go Register for FREE"></td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <tr>
          <td>&nbsp;</td>
         
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
      </table>
    </form>

Re: error in my simple registration form!

Posted: Fri Jun 19, 2009 10:29 pm
by gimpact
Hi there,
I rewrote the entire code again and could track where the error is actually occurring. It looks like my insert code is not working. Can some please guide me on this?

This is my database design

Code: Select all

    name    varchar(30)      Yes NULL                                 
    email   varchar(60)      No                                   
    activationpassword  float           Yes NULL                                
    password    text         Yes NULL                                 
    validation  char(20)        Yes no                               
    banned  char(20)         Yes no
This is my php code

Code: Select all

$password = md5($password);
        // Generate Activation Number
        $random = (rand()%1000000);
        $mysql1 = "INSERT INTO userdata (name, email, activationpassword, password, validation, banned)
                      VALUES ('$name', '$email', '$email', '$random', '$password', 'no', 'no')";
        // Execute mysql query
        $result2 = mysql_query($mysql1);
        if(!$result2){
            print "mysql1 failed to execute";
        }
After executing, i am always getting "mysql1 failed to execute" as the output. So i guess there is some thing wrong with my sql command.

Thank you for any help on this

Re: error in my simple registration form!

Posted: Fri Jun 19, 2009 10:35 pm
by gimpact
Woooo! i found the error. its working now. Thank you for reading this post. :lol: :D

Re: error in my simple registration form!

Posted: Fri Jun 19, 2009 10:38 pm
by Eric!
Look at lines 4 and 5. You have 6 fields and you are inserting 7 values. Don't forget tto protect yourself from sqli attacks as I mentioned earlier.