Page 1 of 2
Hopefully a simple problem with my script.
Posted: Sat Oct 18, 2003 3:17 pm
by Seifer
Whenever I fill out my registration form, and hit submit, this script will run. The problem is when this script runs, no matter if I use a username that is or isn't taken, a blank screen comes up. Am I overlooking something?
Code: Select all
<?php
<?php
ob_start();
session_start();
?>
<html>
<head>
<title>Processing..</title>
</head>
<body>
<?php
$dbname = "random";
$dbpass = "random";
$db = "random";
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$uname = $_POST['uname'];
$pword = $_POST['pword'];
$email = $_POST['email'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$subject = "Thank you for signing up!";
$message = "Thank you for signing up, $fname! Here is your user information:
Username: $uname
Password: $pword";
$additional = "registration@travisbsd.org";
$link = mysql_connect(localhost, $dbname, $dbpass);
$sdb = mysql_select_db($db);
$check = mysql_query("SELECT uname FROM users WHERE uname = ".$uname.);
$row = mysql_fetch_array($check);
if($row['0'] =< 0){
mail($email, $subject, $message, $additional);
header("Location: http://seifer.travisbsd.org");
$username = mysql_escape_string($_POST['username']);
$password = mysql_escape_string($_POST['password']);
$email = mysql_escape_string($_POST['email']);
$age = mysql_escape_string($_POST['age']);
$gender = mysql_escape_string($_POST['gender']);
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
mysql_query($insert) or die(mysql_error());
}else{
echo "Username has already been taken!";
}
?>
</body>
</html>
?>
Thanks in advance.
Posted: Sat Oct 18, 2003 3:24 pm
by volka
Code: Select all
<?php
<?php
...
?>
</body>
</html>
?>
are those php-tag-doublets in your code or is it just a copy&paste error here?
also remove the last dot in
$check = mysql_query("SELECT uname FROM users WHERE uname = ".$uname.);
if($row['0'] =< 0){
must be
Code: Select all
<?php // ... php tag added for syntaxhilighter only
if($row['0'] <= 0){
... ?>
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
probably copy&paste error, remove the trailing )
Code: Select all
<?php // ... php tag added for syntaxhilighter only
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'";
... ?>
you should let php find parse errors before you try your scripts.
just call the php executable with
-l <path to script> or set
Code: Select all
error_reporting = E_ALL
display_errors = On
display_startup_errors = On
in your php.ini (as long as you develop)
or watch your webserver's log for errors
Posted: Sat Oct 18, 2003 3:32 pm
by Seifer
I got this error now:
Unknown column 'Mooksman' in 'where clause'
Mooksman is any name entered into the Username: <field> field...
Posted: Sat Oct 18, 2003 4:07 pm
by volka
$check = mysql_query("SELECT uname FROM users WHERE uname = ".$uname.);
forgot to quote the string for mysql and it hasn't been made safe by mysql_escape_string at this stage
Posted: Sat Oct 18, 2003 6:33 pm
by Kriek
Code: Select all
<?php
ob_start();
session_start();
?>
<html>
<head>
<title>Processing..</title>
</head>
<body>
<?php
$dom = $_SERVERї'SERVER_NAME'];
$dbuser = 'username';
$dbpass = 'password';
$dbname = 'database';
$username = mysql_escape_string($_POSTї'username']);
$password = mysql_escape_string($_POSTї'password']);
$email = mysql_escape_string($_POSTї'email']);
$age = mysql_escape_string($_POSTї'age']);
$gender = mysql_escape_string($_POSTї'gender']);
$subject = 'Thank you for signing up!';
$message = "Thank you for signing up, $username!\n";
$message .= "Here is your user information:\n";
$message .= "Username: $username\n Password: $password\n";
$additional = 'registration@travisbsd.org';
$link = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
$sdb = mysql_select_db($dbname, $link) or die(mysql_error());
$query = "SELECT uname FROM users WHERE uname='$username'";
$check = mysql_query($query, $link) or die(mysql_error());
if (mysql_num_rows($check) <= 0) {
mail($email, $subject, $message, $additional);
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."')";
mysql_query($insert, $link) or die(mysql_error());
header('Location: http://' . $dom . '/seifer.travisbsd.org');
} else {
echo 'Username has already been taken!';
}
?>
</body>
</html>
<?php
mysql_close($link);
ob_end_flush();
?>
Posted: Sat Oct 18, 2003 7:32 pm
by Seifer
On your post, Kriek, should
Code: Select all
$query "SELECT uname FROM users WHERE uname='$username'":
be
Code: Select all
$query = "SELECT uname FROM users WHERE uname='$username'";
With the = sign after $query and a ; at the end instead of a :
Thanks.
Posted: Sat Oct 18, 2003 8:36 pm
by Kriek
Yes, syntax errors will be the death of me; corrected in original post.
Posted: Sat Oct 18, 2003 8:42 pm
by Seifer
I pasted yours in a new file, and compared and edited some of mine, thought it was perfectly done, and it came up a blank page again..lol
Posted: Sun Oct 19, 2003 1:23 pm
by Seifer
Kriek, anymore ideas? Or anyone for that matter?
Posted: Sun Oct 19, 2003 1:31 pm
by Kriek
Yes, please direct link me to your
phpinfo() file.
Posted: Sun Oct 19, 2003 5:55 pm
by Seifer
Posted: Sun Oct 19, 2003 6:41 pm
by volka
still the trailing )
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
remove it.
Code: Select all
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'";
Posted: Sun Oct 19, 2003 6:42 pm
by Kriek
Seifer, your
display_errors directive is off, thus the blank page. Place the following in an .htaccess file and you should see the errors associated with this script.
Code: Select all
<IfModule mod_access.c>
<IfModule mod_php4.c>
php_flag display_errors on
</IfModule>
</IfModule>
Posted: Sun Oct 19, 2003 6:43 pm
by volka
to get parse errors displayed you also have to set display_startup_errors = On
or php_flag display_startup_errors on if you do it in .htaccess
Posted: Sun Oct 19, 2003 6:49 pm
by Kriek
Volka, MySQL INSERT INTO syntax is:
INSERT INTO table_name(column1, column2,...) VALUES(value1, value2,....)
Why would you remove the trailing/right parenthesis?