Page 1 of 2

Hopefully a simple problem with my script.

Posted: Sat Oct 18, 2003 3:17 pm
by Seifer
Whenever I fill out my registration form, and hit submit, this script will run. The problem is when this script runs, no matter if I use a username that is or isn't taken, a blank screen comes up. Am I overlooking something?

Code: Select all

<?php
<?php
ob_start();
session_start();
?>
<html>
<head>
<title>Processing..</title>
</head>

<body>
<?php
$dbname = "random";
$dbpass = "random";
$db = "random";
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$uname = $_POST['uname'];
$pword = $_POST['pword'];
$email = $_POST['email'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$subject = "Thank you for signing up!";
$message = "Thank you for signing up, $fname!  Here is your user information:

Username: $uname
Password: $pword";
$additional = "registration@travisbsd.org";
$link = mysql_connect(localhost, $dbname, $dbpass);
$sdb = mysql_select_db($db);
$check = mysql_query("SELECT uname FROM users WHERE uname = ".$uname.);
$row = mysql_fetch_array($check);
if($row['0'] =< 0){
mail($email, $subject, $message, $additional);
header("Location: http://seifer.travisbsd.org");
$username = mysql_escape_string($_POST['username']); 
$password = mysql_escape_string($_POST['password']); 
$email = mysql_escape_string($_POST['email']); 
$age = mysql_escape_string($_POST['age']); 
$gender = mysql_escape_string($_POST['gender']); 
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'"); 
mysql_query($insert) or die(mysql_error()); 
}else{
echo "Username has already been taken!";
}
?>
</body>
</html>

?>
Thanks in advance.

Posted: Sat Oct 18, 2003 3:24 pm
by volka

Code: Select all

<?php
<?php
...
?>
</body>
</html>

?>
are those php-tag-doublets in your code or is it just a copy&paste error here?
also remove the last dot in
$check = mysql_query("SELECT uname FROM users WHERE uname = ".$uname.);
if($row['0'] =< 0){
must be

Code: Select all

<?php // ... php tag added for syntaxhilighter only
if($row['0'] <= 0){
... ?>
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
probably copy&paste error, remove the trailing )

Code: Select all

<?php // ... php tag added for syntaxhilighter only
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'";
... ?>
you should let php find parse errors before you try your scripts.
just call the php executable with -l <path to script> or set

Code: Select all

error_reporting = E_ALL
display_errors = On
display_startup_errors = On
in your php.ini (as long as you develop)
or watch your webserver's log for errors

Posted: Sat Oct 18, 2003 3:32 pm
by Seifer
I got this error now:

Unknown column 'Mooksman' in 'where clause'

Mooksman is any name entered into the Username: <field> field...

Posted: Sat Oct 18, 2003 4:07 pm
by volka
$check = mysql_query("SELECT uname FROM users WHERE uname = ".$uname.);
forgot to quote the string for mysql and it hasn't been made safe by mysql_escape_string at this stage

Posted: Sat Oct 18, 2003 6:33 pm
by Kriek

Code: Select all

<?php
    ob_start();
    session_start();
?>
<html>
<head>
<title>Processing..</title>
</head>
<body>
<?php
    $dom = $_SERVER&#1111;'SERVER_NAME'];
    $dbuser = 'username';
    $dbpass = 'password';
    $dbname = 'database';
    $username = mysql_escape_string($_POST&#1111;'username']);
    $password = mysql_escape_string($_POST&#1111;'password']);
    $email = mysql_escape_string($_POST&#1111;'email']);
    $age = mysql_escape_string($_POST&#1111;'age']);
    $gender = mysql_escape_string($_POST&#1111;'gender']);
    $subject = 'Thank you for signing up!';
    $message = "Thank you for signing up, $username!\n";
    $message .= "Here is your user information:\n";
    $message .= "Username: $username\n Password: $password\n";
    $additional = 'registration@travisbsd.org';
    $link = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
    $sdb = mysql_select_db($dbname, $link) or die(mysql_error());
    $query = "SELECT uname FROM users WHERE uname='$username'";
    $check = mysql_query($query, $link) or die(mysql_error());
    if (mysql_num_rows($check) <= 0) &#123;
        mail($email, $subject, $message, $additional);
        $insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."')";
        mysql_query($insert, $link) or die(mysql_error());
        header('Location: http://' . $dom . '/seifer.travisbsd.org');
    &#125; else &#123;
        echo 'Username has already been taken!';
    &#125;
?>
</body>
</html>
<?php
    mysql_close($link);
    ob_end_flush();
?>

Posted: Sat Oct 18, 2003 7:32 pm
by Seifer
On your post, Kriek, should

Code: Select all

$query "SELECT uname FROM users WHERE uname='$username'":
be

Code: Select all

$query = "SELECT uname FROM users WHERE uname='$username'";
With the = sign after $query and a ; at the end instead of a :

Thanks.

Posted: Sat Oct 18, 2003 8:36 pm
by Kriek
Yes, syntax errors will be the death of me; corrected in original post.

Posted: Sat Oct 18, 2003 8:42 pm
by Seifer
I pasted yours in a new file, and compared and edited some of mine, thought it was perfectly done, and it came up a blank page again..lol

Posted: Sun Oct 19, 2003 1:23 pm
by Seifer
Kriek, anymore ideas? Or anyone for that matter?

Posted: Sun Oct 19, 2003 1:31 pm
by Kriek
Yes, please direct link me to your phpinfo() file.

Code: Select all

<?php
    phpinfo(INFO_ALL);
?>

Posted: Sun Oct 19, 2003 5:55 pm
by Seifer

Posted: Sun Oct 19, 2003 6:41 pm
by volka
still the trailing )
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
remove it.

Code: Select all

$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'";

Posted: Sun Oct 19, 2003 6:42 pm
by Kriek
Seifer, your display_errors directive is off, thus the blank page. Place the following in an .htaccess file and you should see the errors associated with this script.

Code: Select all

<IfModule mod_access.c>
  <IfModule mod_php4.c>
    php_flag display_errors on
  </IfModule>
</IfModule>

Posted: Sun Oct 19, 2003 6:43 pm
by volka
to get parse errors displayed you also have to set display_startup_errors = On
or php_flag display_startup_errors on if you do it in .htaccess

Posted: Sun Oct 19, 2003 6:49 pm
by Kriek
Volka, MySQL INSERT INTO syntax is:
INSERT INTO table_name(column1, column2,...) VALUES(value1, value2,....)
Why would you remove the trailing/right parenthesis?