HTML Forms+mysql_query problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
m0px
Forum Newbie
Posts: 5
Joined: Fri May 14, 2004 2:04 pm

HTML Forms+mysql_query problem

Post by m0px »

Ok, I am trying to make a user system for my site and have a problem with the mysql_query for the account creation script. The code is as follows:

<?php

$conn = @mysql_connect("localhost","root","")
or die(mysql_error());

$db = @mysql_select_db("mop_users",$conn)
or die(mysql_error());

$sql = "INSERT INTO users (id,username,password,email) VALUES ('".$id."', '".$username."', '".md5($password)."' , '".$email."')";

$result = @mysql_query($sql,$conn)
or die(mysql_error());

echo ("<h4>$sql</h4>");

?>

The $sql echo at the end is for testing purposes btw.

Ok, the problem, when it submits, the oasswird md5 hash goes into the databases but all the other fields are blank (except from the id cos that is automatic).
WTF is wrong here??? :x
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

$sql = "INSERT INTO users (id,username,password,email) VALUES ('".$id."', '".$username."', '".md5($password)."' , '".$email."')";

If those values are coming from a form post then you need to use $_POST['username'] not $username (same for the other posted vars), for example, as i'll bet you have register_globals Off (and rightly so) whereas you've coded it to require them on (wrongly so ;))
The reason the password goes in is that $password is empty, and you can md5 a blank string and get a result, the password going in will always be d41d8cd98f00b204e9800998ecf8427e

See http://php.net/variables.predefined for more register_globals info.
m0px
Forum Newbie
Posts: 5
Joined: Fri May 14, 2004 2:04 pm

Post by m0px »

Ok, works now. But, I can't get my system for preventing user accounts with the same name and blank field detecting system to work.

It returns this error:

Parse error: parse error, unexpected T_BOOLEAN_OR in c:\program files\apache group\apache\htdocs\createuser.php on line 45

Here is the code (not the whole thing, of course, just the problem code):

if(!$email)
{
print("Enter a email address.<BR>");
}
if(!$_POST['username'])
{
print("Enter a username.<BR>");
}
if(!$_POST['password'])
{
print("Enter a password.<BR>");
}
if(!$_POST['cpassword'])
{
print("Enter a confirm password.<BR>");
}
if($_POST['password']!=$_POST['cpassword'])
{
print("Password and confirm do not match!.<BR>");
}
if(!ereg("^[A-za-z0-9]+$",$_POST['username']))
{
print("Enter a Valid username with letters and numbers only.<BR>");
}
if(!ereg("^.+\..+$",$_POST['email']))
{
print("Enter a valid email address.<BR>");
}

$sqlchecku = mysql_query("SELECT * FROM users WHERE username = '$_POST[username]'");
$checku = mysql_num_rows($sqlchecku);

$sqlchecke = mysql_query("SELECT * FROM users WHERE email = '$_POST[email]'");
$checke = mysql_num_rows($sqlchecke);

if ($checku > 0) || ($checke > 0))
{
echo (" Username or password already belong to another user! ");
}
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Which is line 45?
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
m0px
Forum Newbie
Posts: 5
Joined: Fri May 14, 2004 2:04 pm

Post by m0px »

Dont matter. I fixed that.
But, another problem now, the system dont make a difference to the query. Also, all of the errors come up even if the fields are correct. 8O
m0px
Forum Newbie
Posts: 5
Joined: Fri May 14, 2004 2:04 pm

Post by m0px »

Ok. I added an exit; on the next line after the error prints. Now it only says Enter an email error. Also, before I dont that, I got two MySQL Warning which went as follows:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\program files\apache group\apache\htdocs\createuser.php on line 40

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\program files\apache group\apache\htdocs\createuser.php on line 43

And it entered the values into the table anyway even with those wanring and all the errors printing.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Try echoing the query before you actually send it, to make sure it's exactly what you think it is.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
m0px
Forum Newbie
Posts: 5
Joined: Fri May 14, 2004 2:04 pm

Post by m0px »

I have a echo in the script already. Also, the query is ok. But, the system for detecting special characters and users that already exist dont work. :P
EricS
Forum Contributor
Posts: 183
Joined: Thu Jul 11, 2002 12:02 am
Location: Atlanta, Ga

Post by EricS »

Try using ctype_alnum for special character catching

http://www.php.net/manual/en/function.ctype-alnum.php
Post Reply