Page 2 of 2
Posted: Sun Oct 19, 2003 6:52 pm
by volka
because the ) is
after the literal
but you're right, it should not be removed. It just must go into the literal

Code: Select all
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."')";
Posted: Sun Oct 19, 2003 6:57 pm
by Kriek
heh, to quote myself.
Kriek wrote:Syntax errors will be the death of me.
Posted: Sun Oct 19, 2003 7:03 pm
by volka
with
mysqli (
man page) and parameterized queries more widely spread readability and security will (hopefully) improve

Posted: Sun Oct 19, 2003 10:12 pm
by Seifer
Okay, you guys lost me lol..
Posted: Mon Oct 20, 2003 5:52 am
by volka
Kriek has corrected the last script and it should be working
viewtopic.php?t=13715#65148
Posted: Mon Oct 20, 2003 6:46 am
by Kriek
The use of
ini_set() function might prove to be easier and less confusing than php_flag in .htaccess.
Code: Select all
<?php
ob_start();
session_start();
error_reporting(2039);
ini_set('display_errors', 1);
?>
<html>
<head>
<title>Processing..</title>
</head>
<body>
<?php
$dom = $_SERVERї'SERVER_NAME'];
$dbuser = 'username';
$dbpass = 'password';
$dbname = 'database';
$username = mysql_escape_string($_POSTї'username']);
$password = mysql_escape_string($_POSTї'password']);
$email = mysql_escape_string($_POSTї'email']);
$age = mysql_escape_string($_POSTї'age']);
$gender = mysql_escape_string($_POSTї'gender']);
$subject = 'Thank you for signing up!';
$message = "Thank you for signing up, $username!\n";
$message .= "Here is your user information:\n";
$message .= "Username: $username\n Password: $password\n";
$additional = 'registration@travisbsd.org';
$link = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
$sdb = mysql_select_db($dbname, $link) or die(mysql_error());
$query = "SELECT uname FROM users WHERE uname='$username'";
$check = mysql_query($query, $link) or die(mysql_error());
if (mysql_num_rows($check) <= 0) {
mail($email, $subject, $message, $additional);
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."')";
mysql_query($insert, $link) or die(mysql_error());
header('Location: http://' . $dom . '/seifer.travisbsd.org');
} else {
echo 'Username has already been taken!';
}
?>
</body>
</html>
<?php
mysql_close($link);
ob_end_flush();
?>