error in my simple registration form!
Posted: Fri Jun 19, 2009 11:14 am
Hi,
I am new to php. I was making this simple registration form for my website. Sadly, there are errors in this. Can some one please help me to find the error in this? When i run this script it gives me "database_error" near line 55.
I would like to search the database then find out if the user already exist and then continue with registration. Is there any provision for using "while()" in php, so that, i will do a similarity check between userid and what is already available in database.
I am new to php. I was making this simple registration form for my website. Sadly, there are errors in this. Can some one please help me to find the error in this? When i run this script it gives me "database_error" near line 55.
I would like to search the database then find out if the user already exist and then continue with registration. Is there any provision for using "while()" in php, so that, i will do a similarity check between userid and what is already available in database.
Code: Select all
<?php
//Continue the session
session_start();
//Make sure that the input come from a posted form. Otherwise quit immediately
if ($_SERVER["REQUEST_METHOD"] <> "POST")
die(header("Location:error_page.php"));
//Check if the security code and the session value are not blank
//and if the input text matches the stored text
if ( ($_REQUEST["txtCaptcha"] == $_SESSION["security_code"]) &&
(!empty($_REQUEST["txtCaptcha"]) && !empty($_SESSION["security_code"])) ) {
// Create database connection
$hostname='-';
$username='-';
$password='-';
$dbname='-';
$con = mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
// Check if the connection created
if(!$con){
die("Cannot connect. " . mysql_error());
}
// Check if the database selected
$dbselect = mysql_select_db($dbname);
if(!$dbselect) {
die("Cannot select database " . mysql_error());
}
// Get the user data
$name = $_REQUEST ['_name'];
$email = $_REQUEST ['_email'];
$password = $_REQUEST ['_password'];
// Check if there is any null values
if (empty($name)){
header("Location:error_page.php");
exit;
}
if (empty($email)){
header("Location:error_page.php");
exit;
}
if (empty($password)){
header("Location:error_page.php");
exit;
}
// Search if the user already exist in the database
$mysql = "SELECT * FROM userdata WHERE email = '".$email."'";
$result = mysql_query($mysql);
// If the query failed display error
if(!$result){
header("Location:error_page.php"); // [color=#00FF40]<--- Here is the error![/color]
exit;
}
if(($row = mysql_fetch_assoc($result)) == True) {
// User already exist
header("Location:error_page.php");
exit;
}else{
// ENcrypt password
$password = md5($password);
// Generate Activation Number
$random = (rand()%1000000);
$mysql = "INSERT INTO `userdata` (name, email, activationpassword, password, validation, banned)
VALUES ('$name', '$email', '$email', $random, $password, 'no', 'no')";
// Execute mysql query
$result = mysql_query($mysql);
// If the query failed, display error
if(!$result){
header("Location:error_page.php");
exit;
}else{
// Send the activation email to the user
$to = $email;
$subject = "activation email";
$body = "Hi there!";
if (mail($to, $subject, $body)) {
header("Location:thanks.php");
} else {
header("Location:error_page.php");
}
}
}
mysql_close($con);
}else{
header("Location:error_page.php");
exit;
}
?>