Page 1 of 2
My Submit login wont store
Posted: Mon Jun 27, 2011 7:21 am
by oyedele
I designed a form and wrote this script below;
<?php
include('dbconnect.php')
$Title =$_POST['Title']
$Matric No =$_POST['Matric No'];
$Password =$_POST['Password'];
$Retype Password = $_POST['RPassword'];
$Surname =$_POST['Surname'];
$Firstname =$_POST['Firstname'];
$Lastname =$_POST['Lastname'];
$State of Origin =$_POST['State'];
$Sex =$_POST['Sex'];
$Department =$_POST['Department'];
$Level =$_POST['Level'];
$Emaill Address =$_POST['Email Address'];
$Phone Number =$_POST['Phone Number'];
if ($Submit)
{
$sql= "INSERT into Student_details(Title, Matric No, Password, RPassword, Surname, Firstname , Lastname ,State, Sex, Department, Level, Email Address, Phone Number) VALUES('$Title', '$Matric No', '$Password', '$RPassword','$Surname','$Firstname','$Lastname','$State of Origin', '$Sex', '$Department','$Level','$Email Address', '$Phone Number')" ;
}
mysql_query($sql) or die (mysql_error());
echo "You have successfully registered"
?>
But if i click on Register, it keeps showing me dis message:
Parse error: parse error in C:\wamp\www\Project\createuser.php on line 3
Please, you contribution on how to solve dis problem will be highly appreciated as i am a newbie in this forum.
Hope to get a response from the gurus in this forum
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 7:25 am
by Apollo
You forgot a ; after include('dbconnect.php') (line 2) and $Title =$_POST['Title'] (line 3).
But more importantly, your code is EXTREMELY INSECURE. Your script is wide open, inviting hackers to steal your users' passwords and everything.
Please consider some
essential security issues (especially rule 1 & 3 apply on your script) before putting dangerous stuff like that online.
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 7:56 am
by oyedele
Thanks very much apollo for your quick response. I do appreciate it. Help me check for further errors and give me a description of how the database structure will look like from the code written above.
How can i also prevent hackers from stealing passwords?
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 7:58 am
by oyedele
<?php
include('dbconnect.php');
$Title =$_POST['Title'];
$MatricNo =$_POST['MatricNo'];
$Password =$_POST['Password'];
$Retype = $_POST['RPassword'];
$Surname =$_POST['Surname'];
$Firstname =$_POST['Firstname'];
$Lastname =$_POST['Lastname'];
$State=$_POST['State'];
$Sex =$_POST['Sex'];
$Department =$_POST['Department'];
$Level =$_POST['Level'];
$EmailAddress =$_POST['EmailAddress'];
$PhoneNumber =$_POST['PhoneNumber'];
if ($Submit=='Register')
{
$sql= "INSERT into Student_details(Title, MatricNo, Password, Retype Surname, Firstname , Lastname ,State, Sex, Department, Level, Email Address, Phone Number) VALUES('$Title', '$MatricNo', '$Password', '$RPassword','$Surname','$Firstname','$Lastname','$State', '$Sex', '$Department','$Level','$EmailAddress', '$PhoneNumber')" ;
}
mysql_query($sql) or die (mysql_error());
echo "You have successfully registered";
?>
After Changing it to the above code, below is the message it depicted.What could be the problem.? Thanks for your help apollo
Notice: Undefined variable: Submit in C:\wamp\www\Project\createuser.php on line 17
Notice: Undefined variable: sql in C:\wamp\www\Project\createuser.php on line 21
Query was empty
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 8:22 am
by Apollo
oyedele wrote:How can i also prevent hackers from stealing passwords?
The page I mentioned in my other post pretty much sums it up.
1. You are storing passwords in your database. Don't do it!
2. You are inserting strings like $_POST['name'] directly in your SQL query. What do you think would happen if some hacker literally enters
'); DROP * FROM Student_details as his name?
Also, does your login and registration page use a secure connection? (I mean SSL / https) If not, do it.
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 8:36 am
by oyedele
ok.
What abou the error below;
After Changing it to the above code, below is the message it depicted.What could be the problem.? Thanks for your help apollo
Notice: Undefined variable: Submit in C:\wamp\www\Project\createuser.php on line 17
Notice: Undefined variable: sql in C:\wamp\www\Project\createuser.php on line 21
Query was empty
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 8:37 am
by phazorRise
if ($Submit=='Register'){
}
should be like
and you should consider all the issues highlighted by Apollo.
You are not filtering any values submitted by user. Set up rules for input and validate them before proceeding to database part.
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 8:49 am
by oyedele
Thanks very much...It clear some errors but it displayed a new one like dis;
Notice: Undefined variable: sql in C:\wamp\www\Project\createuser.php on line 22
Query was empty
You could check the line numbers as i have posted earlier before...I really appreciate your contribution...
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 9:17 am
by phazorRise
oyedele wrote:Thanks very much...It clear some errors but it displayed a new one like dis;
Notice: Undefined variable: sql in C:\wamp\www\Project\createuser.php on line 22
Query was empty
You could check the line numbers as i have posted earlier before...I really appreciate your contribution...
have you corrected the if statement in your program?
Show us some code and this time use syntax highligher.
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 9:29 am
by oyedele
Yeah, is not longer showing the line that belongs to the if statement but the new one is below
<?php
include('dbconnect.php');
$Title =$_POST['Title'];
$MatricNo =$_POST['MatricNo'];
$Password =$_POST['Password'];
$Retype = $_POST['RPassword'];
$Surname =$_POST['Surname'];
$Firstname =$_POST['Firstname'];
$Lastname =$_POST['Lastname'];
$State=$_POST['State'];
$Sex =$_POST['Sex'];
$Department =$_POST['Department'];
$Level =$_POST['Level'];
$EmailAddress =$_POST['EmailAddress'];
$PhoneNumber =$_POST['PhoneNumber'];
if(isset($_POST['Register']))
{
$query= "INSERT into Student_details(Title, MatricNo, Password, Retype Surname, Firstname , Lastname ,State, Sex, Department, Level, Email Address, Phone Number) VALUES('$Title', '$MatricNo', '$Password', '$RPassword','$Surname','$Firstname','$Lastname','$State', '$Sex', '$Department','$Level','$EmailAddress', '$PhoneNumber')" ;
}
mysql_query($query) or die (mysql_error());
echo "You have successfully registered";
?>
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 9:41 am
by phazorRise
Program in not going into if statement. And so the $query is not being set and showing up Query empty error.
Is 'Register' is the value assigned to name property of submit button on registration form.
Use whatever name you've given in 'IF' statement in place of 'Register' !
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 9:58 am
by oyedele
Yea, it is register
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 10:41 am
by phazorRise
show that code.
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 11:06 am
by oyedele
<?php
include('dbconnect.php')
?>
<html>
<head>
<title>New Member:</title>
<link rel="stylesheet" href="_css/Register.css" type="text/css" media="all">
</head>
<body>
<div id="Maincontainer">
<div id="Banner">
<img src="_images/bann.gif">
</div>
<img id="Link_Ban" src="_images/Link.gif">
<div id="Ref">
<ul>
<li><a href="index.html" target="_self">Home |</a></li>
<li><a href="About.html" target="_self"> About Us |</a></li>
<li><a href="Newregister.php" target="_self"> New Member |</a></li>
<li><a href="RegisterLogin.php" target="_self"> Registered Member |</a></li>
<li><a href="staffzone.php" target="_self" >Staff Zone |</a></li>
<li><a href="faqs.html" target="_self" > FAQs |</a></li>
<li><a href="Contact.html" target="_self"> Contact Us </a></li>
</ul>
</div>
<div class="Content">
<p> Please enter your details below to Sign up</p>
<form method="post" action="insert.php" id="Register">
Title:
<select name="Title">
<option>Mr</option>
<option> Mrs</option>
<option> Miss</option>
</select>
<br> <br>
MatricNo: <input type="text" name="MatricNo" size="30"><br><br>
Password: <input type="password" name="Password" size="30" maxlength="7"><br><br>
Retype Password: <input type="password" name="RPassword" size="22" maxlength="7"><br><br>
Surname: <input type="text" name="Surname" size="30"><br><br>
Firstname: <input type="text" name="Firstname" size="30"><br><br>
Lastname: <input type="text" name="Lastname" size="30"><br><br>
State:
<select name="State">
<option>Abia</option>
<option>Akwa-Ibom</option>
<option>Anambra</option>
<option>Bauchi</option>
<option>Bayelsa</option>
<option>Benue</option>
<option>Borno</option>
<option>Cross-Rivers</option>
<option>Delta</option>
<option>Ebonyi</option>
<option>Edo</option>
<option>Ekiti</option>
<option>Enugu</option>
<option>FCT</option>
<option>Gombe</option>
<option>Imo</option>
<option>Jigawa</option>
<option>Kaduna</option>
<option>Kano</option>
<option>Kastina</option>
<option>Kebbi</option>
<option>Kogi</option>
<option>Kwara</option>
<option>Lagos</option>
<option>Nasarawa</option>
<option>Niger</option>
<option>Ogun</option>
<option>Ondo</option>
<option>Osun</option>
<option>Oyo</option>
<option>Plateau</option>
<option>Rivers</option>
</select>
<br><br>
Sex:
<select name="Sex">
<option>Male</option>
<option>Female</option>
</select>
<br><br>
Department:
<select name="Department">
<option>Agriculture</option>
<option>Accounting</option>
<option>Biology</option>
<option>Botany</option>
<option>Banking and Finance</option>
<option>Business Administration</option>
<option>Computer Science</option>
<option>Civil Engineering</option>
<option>Environmental Science</option>
<option>Economics</option>
<option>English</option>
<option>Public Administration</option>
<option>Library and Information Science</option>
<option>Mathematics</option>
<option>Statistics</option>
<option>Physics</option>
<option>Chemistry</option>
<option>Political Science</option>
<option>Sociology</option>
<option>Law</option>
</select>
<br><br>
Level:
<select name="Level">
<option>100</option>
<option>200</option>
<option>300</option>
<option>400</option>
</select>
<br><br>
EmailAddress: <input type="text" name="EmailAddress" size="30">
<br><br>
PhoneNumber: <input type="text" name="PhoneNumber" size="30">
<br>
<br>
<input type="submit" name="Sumbit" value="Register">
<input type="submit" name="Cancel" value="Exit">
</form>
</div>
</div>
</body>
</html>
I hope that will helpe
Re: My Submit login wont store
Posted: Mon Jun 27, 2011 11:12 am
by phazorRise
<input type="submit" name="Sumbit" value="Register">
should be like
<input type="submit" name="Register" value="Register">
it is case sensitive also.