Page 2 of 2

Posted: Sun Oct 19, 2003 6:52 pm
by volka
because the ) is after the literal
but you're right, it should not be removed. It just must go into the literal ;)

Code: Select all

$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."')";

Posted: Sun Oct 19, 2003 6:57 pm
by Kriek
heh, to quote myself.
Kriek wrote:Syntax errors will be the death of me.

Posted: Sun Oct 19, 2003 7:03 pm
by volka
with mysqli (man page) and parameterized queries more widely spread readability and security will (hopefully) improve ;)

Posted: Sun Oct 19, 2003 10:12 pm
by Seifer
Okay, you guys lost me lol..

Posted: Mon Oct 20, 2003 5:52 am
by volka
Kriek has corrected the last script and it should be working
viewtopic.php?t=13715#65148

Posted: Mon Oct 20, 2003 6:46 am
by Kriek
The use of ini_set() function might prove to be easier and less confusing than php_flag in .htaccess.

Code: Select all

<?php 
    ob_start(); 
    session_start(); 
    error_reporting(2039);
    ini_set('display_errors', 1);
?> 
<html> 
<head> 
<title>Processing..</title> 
</head> 
<body> 
<?php 
    $dom = $_SERVER&#1111;'SERVER_NAME']; 
    $dbuser = 'username'; 
    $dbpass = 'password'; 
    $dbname = 'database'; 
    $username = mysql_escape_string($_POST&#1111;'username']); 
    $password = mysql_escape_string($_POST&#1111;'password']); 
    $email = mysql_escape_string($_POST&#1111;'email']); 
    $age = mysql_escape_string($_POST&#1111;'age']); 
    $gender = mysql_escape_string($_POST&#1111;'gender']); 
    $subject = 'Thank you for signing up!'; 
    $message = "Thank you for signing up, $username!\n"; 
    $message .= "Here is your user information:\n"; 
    $message .= "Username: $username\n Password: $password\n"; 
    $additional = 'registration@travisbsd.org'; 
    $link = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); 
    $sdb = mysql_select_db($dbname, $link) or die(mysql_error()); 
    $query = "SELECT uname FROM users WHERE uname='$username'"; 
    $check = mysql_query($query, $link) or die(mysql_error()); 
    if (mysql_num_rows($check) <= 0) &#123; 
        mail($email, $subject, $message, $additional); 
        $insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."')"; 
        mysql_query($insert, $link) or die(mysql_error()); 
        header('Location: http://' . $dom . '/seifer.travisbsd.org'); 
    &#125; else &#123; 
        echo 'Username has already been taken!'; 
    &#125; 
?> 
</body> 
</html> 
<?php 
    mysql_close($link); 
    ob_end_flush(); 
?>