Hopefully a simple problem with my script.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Seifer
Forum Commoner
Posts: 25
Joined: Wed Oct 15, 2003 10:03 pm
Location: Columbia City, IN
Contact:

Hopefully a simple problem with my script.

Post by Seifer »

Whenever I fill out my registration form, and hit submit, this script will run. The problem is when this script runs, no matter if I use a username that is or isn't taken, a blank screen comes up. Am I overlooking something?

Code: Select all

<?php
<?php
ob_start();
session_start();
?>
<html>
<head>
<title>Processing..</title>
</head>

<body>
<?php
$dbname = "random";
$dbpass = "random";
$db = "random";
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$uname = $_POST['uname'];
$pword = $_POST['pword'];
$email = $_POST['email'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$subject = "Thank you for signing up!";
$message = "Thank you for signing up, $fname!  Here is your user information:

Username: $uname
Password: $pword";
$additional = "registration@travisbsd.org";
$link = mysql_connect(localhost, $dbname, $dbpass);
$sdb = mysql_select_db($db);
$check = mysql_query("SELECT uname FROM users WHERE uname = ".$uname.);
$row = mysql_fetch_array($check);
if($row['0'] =< 0){
mail($email, $subject, $message, $additional);
header("Location: http://seifer.travisbsd.org");
$username = mysql_escape_string($_POST['username']); 
$password = mysql_escape_string($_POST['password']); 
$email = mysql_escape_string($_POST['email']); 
$age = mysql_escape_string($_POST['age']); 
$gender = mysql_escape_string($_POST['gender']); 
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'"); 
mysql_query($insert) or die(mysql_error()); 
}else{
echo "Username has already been taken!";
}
?>
</body>
</html>

?>
Thanks in advance.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Code: Select all

<?php
<?php
...
?>
</body>
</html>

?>
are those php-tag-doublets in your code or is it just a copy&paste error here?
also remove the last dot in
$check = mysql_query("SELECT uname FROM users WHERE uname = ".$uname.);
if($row['0'] =< 0){
must be

Code: Select all

<?php // ... php tag added for syntaxhilighter only
if($row['0'] <= 0){
... ?>
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
probably copy&paste error, remove the trailing )

Code: Select all

<?php // ... php tag added for syntaxhilighter only
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'";
... ?>
you should let php find parse errors before you try your scripts.
just call the php executable with -l <path to script> or set

Code: Select all

error_reporting = E_ALL
display_errors = On
display_startup_errors = On
in your php.ini (as long as you develop)
or watch your webserver's log for errors
Seifer
Forum Commoner
Posts: 25
Joined: Wed Oct 15, 2003 10:03 pm
Location: Columbia City, IN
Contact:

Post by Seifer »

I got this error now:

Unknown column 'Mooksman' in 'where clause'

Mooksman is any name entered into the Username: <field> field...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

$check = mysql_query("SELECT uname FROM users WHERE uname = ".$uname.);
forgot to quote the string for mysql and it hasn't been made safe by mysql_escape_string at this stage
User avatar
Kriek
Forum Contributor
Posts: 238
Joined: Wed May 29, 2002 3:46 am
Location: Florida
Contact:

Post by Kriek »

Code: Select all

<?php
    ob_start();
    session_start();
?>
<html>
<head>
<title>Processing..</title>
</head>
<body>
<?php
    $dom = $_SERVER&#1111;'SERVER_NAME'];
    $dbuser = 'username';
    $dbpass = 'password';
    $dbname = 'database';
    $username = mysql_escape_string($_POST&#1111;'username']);
    $password = mysql_escape_string($_POST&#1111;'password']);
    $email = mysql_escape_string($_POST&#1111;'email']);
    $age = mysql_escape_string($_POST&#1111;'age']);
    $gender = mysql_escape_string($_POST&#1111;'gender']);
    $subject = 'Thank you for signing up!';
    $message = "Thank you for signing up, $username!\n";
    $message .= "Here is your user information:\n";
    $message .= "Username: $username\n Password: $password\n";
    $additional = 'registration@travisbsd.org';
    $link = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
    $sdb = mysql_select_db($dbname, $link) or die(mysql_error());
    $query = "SELECT uname FROM users WHERE uname='$username'";
    $check = mysql_query($query, $link) or die(mysql_error());
    if (mysql_num_rows($check) <= 0) &#123;
        mail($email, $subject, $message, $additional);
        $insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."')";
        mysql_query($insert, $link) or die(mysql_error());
        header('Location: http://' . $dom . '/seifer.travisbsd.org');
    &#125; else &#123;
        echo 'Username has already been taken!';
    &#125;
?>
</body>
</html>
<?php
    mysql_close($link);
    ob_end_flush();
?>
Last edited by Kriek on Sun Oct 19, 2003 6:56 pm, edited 2 times in total.
Seifer
Forum Commoner
Posts: 25
Joined: Wed Oct 15, 2003 10:03 pm
Location: Columbia City, IN
Contact:

Post by Seifer »

On your post, Kriek, should

Code: Select all

$query "SELECT uname FROM users WHERE uname='$username'":
be

Code: Select all

$query = "SELECT uname FROM users WHERE uname='$username'";
With the = sign after $query and a ; at the end instead of a :

Thanks.
User avatar
Kriek
Forum Contributor
Posts: 238
Joined: Wed May 29, 2002 3:46 am
Location: Florida
Contact:

Post by Kriek »

Yes, syntax errors will be the death of me; corrected in original post.
Seifer
Forum Commoner
Posts: 25
Joined: Wed Oct 15, 2003 10:03 pm
Location: Columbia City, IN
Contact:

Post by Seifer »

I pasted yours in a new file, and compared and edited some of mine, thought it was perfectly done, and it came up a blank page again..lol
Seifer
Forum Commoner
Posts: 25
Joined: Wed Oct 15, 2003 10:03 pm
Location: Columbia City, IN
Contact:

Post by Seifer »

Kriek, anymore ideas? Or anyone for that matter?
User avatar
Kriek
Forum Contributor
Posts: 238
Joined: Wed May 29, 2002 3:46 am
Location: Florida
Contact:

Post by Kriek »

Yes, please direct link me to your phpinfo() file.

Code: Select all

<?php
    phpinfo(INFO_ALL);
?>
Seifer
Forum Commoner
Posts: 25
Joined: Wed Oct 15, 2003 10:03 pm
Location: Columbia City, IN
Contact:

Post by Seifer »

User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

still the trailing )
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
remove it.

Code: Select all

$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'";
User avatar
Kriek
Forum Contributor
Posts: 238
Joined: Wed May 29, 2002 3:46 am
Location: Florida
Contact:

Post by Kriek »

Seifer, your display_errors directive is off, thus the blank page. Place the following in an .htaccess file and you should see the errors associated with this script.

Code: Select all

<IfModule mod_access.c>
  <IfModule mod_php4.c>
    php_flag display_errors on
  </IfModule>
</IfModule>
Last edited by Kriek on Sun Oct 19, 2003 6:44 pm, edited 1 time in total.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

to get parse errors displayed you also have to set display_startup_errors = On
or php_flag display_startup_errors on if you do it in .htaccess
User avatar
Kriek
Forum Contributor
Posts: 238
Joined: Wed May 29, 2002 3:46 am
Location: Florida
Contact:

Post by Kriek »

Volka, MySQL INSERT INTO syntax is:
INSERT INTO table_name(column1, column2,...) VALUES(value1, value2,....)
Why would you remove the trailing/right parenthesis?
Last edited by Kriek on Sun Oct 19, 2003 6:54 pm, edited 1 time in total.
Post Reply