Page 1 of 1
HTML Forms+mysql_query problem
Posted: Fri May 14, 2004 2:04 pm
by m0px
Ok, I am trying to make a user system for my site and have a problem with the mysql_query for the account creation script. The code is as follows:
<?php
$conn = @mysql_connect("localhost","root","")
or die(mysql_error());
$db = @mysql_select_db("mop_users",$conn)
or die(mysql_error());
$sql = "INSERT INTO users (id,username,password,email) VALUES ('".$id."', '".$username."', '".md5($password)."' , '".$email."')";
$result = @mysql_query($sql,$conn)
or die(mysql_error());
echo ("<h4>$sql</h4>");
?>
The $sql echo at the end is for testing purposes btw.
Ok, the problem, when it submits, the oasswird md5 hash goes into the databases but all the other fields are blank (except from the id cos that is automatic).
WTF is wrong here???

Posted: Fri May 14, 2004 2:07 pm
by markl999
$sql = "INSERT INTO users (id,username,password,email) VALUES ('".$id."', '".$username."', '".md5($password)."' , '".$email."')";
If those values are coming from a form post then you need to use $_POST['username'] not $username (same for the other posted vars), for example, as i'll bet you have register_globals Off (and rightly so) whereas you've coded it to require them on (wrongly so

)
The reason the password goes in is that $password is empty, and you can md5 a blank string and get a result, the password going in will always be d41d8cd98f00b204e9800998ecf8427e
See
http://php.net/variables.predefined for more register_globals info.
Posted: Fri May 14, 2004 2:52 pm
by m0px
Ok, works now. But, I can't get my system for preventing user accounts with the same name and blank field detecting system to work.
It returns this error:
Parse error: parse error, unexpected T_BOOLEAN_OR in c:\program files\apache group\apache\htdocs\createuser.php on line 45
Here is the code (not the whole thing, of course, just the problem code):
if(!$email)
{
print("Enter a email address.<BR>");
}
if(!$_POST['username'])
{
print("Enter a username.<BR>");
}
if(!$_POST['password'])
{
print("Enter a password.<BR>");
}
if(!$_POST['cpassword'])
{
print("Enter a confirm password.<BR>");
}
if($_POST['password']!=$_POST['cpassword'])
{
print("Password and confirm do not match!.<BR>");
}
if(!ereg("^[A-za-z0-9]+$",$_POST['username']))
{
print("Enter a Valid username with letters and numbers only.<BR>");
}
if(!ereg("^.+\..+$",$_POST['email']))
{
print("Enter a valid email address.<BR>");
}
$sqlchecku = mysql_query("SELECT * FROM users WHERE username = '$_POST[username]'");
$checku = mysql_num_rows($sqlchecku);
$sqlchecke = mysql_query("SELECT * FROM users WHERE email = '$_POST[email]'");
$checke = mysql_num_rows($sqlchecke);
if ($checku > 0) || ($checke > 0))
{
echo (" Username or password already belong to another user! ");
}
Posted: Fri May 14, 2004 2:54 pm
by pickle
Which is line 45?
Posted: Fri May 14, 2004 3:07 pm
by m0px
Dont matter. I fixed that.
But, another problem now, the system dont make a difference to the query. Also, all of the errors come up even if the fields are correct.

Posted: Fri May 14, 2004 3:11 pm
by m0px
Ok. I added an exit; on the next line after the error prints. Now it only says Enter an email error. Also, before I dont that, I got two MySQL Warning which went as follows:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\program files\apache group\apache\htdocs\createuser.php on line 40
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\program files\apache group\apache\htdocs\createuser.php on line 43
And it entered the values into the table anyway even with those wanring and all the errors printing.
Posted: Fri May 14, 2004 3:15 pm
by pickle
Try echoing the query before you actually send it, to make sure it's exactly what you think it is.
Posted: Fri May 14, 2004 3:19 pm
by m0px
I have a echo in the script already. Also, the query is ok. But, the system for detecting special characters and users that already exist dont work.

Posted: Fri May 14, 2004 4:42 pm
by EricS
Try using ctype_alnum for special character catching
http://www.php.net/manual/en/function.ctype-alnum.php