Page 2 of 2

Posted: Tue Jun 14, 2005 11:48 am
by phpScott
thinking that you only want to do your db insert if the email passes the test.

Code: Select all

if(preg_match("/(\<|\>)/", $_POST['uname'])) {
        die('Invalid input, no tags < or > are allowed in your username.');
} 
if (preg_match("^[a-z0-9\._-]+@([a-z0-9][a-z0-9-]*[a-z0-9]\.)+([a-z]+\.)?([a-z]+)^",$_POST['email']))
{
$rand = rand(10248765,99543547);    
mysql_connect("localhost", "admin", "ak7456") or die(mysql_error());
mysql_select_db("users") or die('Sorry, we are having database connection problems, please report this to an Administrator');    
$regdate = date('m d, Y');
$chrctr =  $_POST['email'];   
$qry = "INSERT INTO users (username, password, regdate, email) VALUES ('".$_POST['uname']."', '".$rand."', '".$regdate."', '".$_POST['email']."')";    
mysql_query($qry)  or die(mysql_error());    
mysql_query("INSERT INTO stats('".$_POST['uname']."','$chrctr', '100', '2000', '001', '01', 000, '01', '01', '01', '1', '0', '00000000', '00000000', '00000000', '00000000')");    
mysql_close();    
print "You successfully registered as'".$_POST['uname']."'";
}
else{
die{'Email Adress invalid, you entered: '.$_POST['email'].''};
}

Posted: Tue Jun 14, 2005 11:55 am
by Parody
Thanks, good point, but I still have the error on the same line.

My code:

Code: Select all

<?php
if(preg_match("/(\<|\>)/", $_POST['uname'])) {
        die('Invalid input, no tags < or > are allowed in your username.');
} 
if (preg_match("^[a-z0-9\._-]+@([a-z0-9][a-z0-9-]*[a-z0-9]\.)+([a-z]+\.)?([a-z]+)^",$_POST['email'])){
$rand = rand(10248765,99543547);    
mysql_connect("localhost", "admin", "ak7456") or die(mysql_error());
mysql_select_db("users") or die('Sorry, we are having database connection problems, please report this to an Administrator');    
$regdate = date('m d, Y');$chrctr =  $_POST['email'];   
$qry = "INSERT INTO users (username, password, regdate, email) VALUES ('".$_POST['uname']."', '".$rand."', '".$regdate."', '".$_POST['email']."')";    
mysql_query($qry)  or die(mysql_error());    
mysql_query("INSERT INTO stats('".$_POST['uname']."','$chrctr', '100', '2000', '001', '01', 000, '01', '01', '01', '1', '0', '00000000', '00000000', '00000000', '00000000')");    
mysql_close();    
print "You successfully registered as'".$_POST['uname']."'";
}
else{die{'Email Adress invalid, you entered: '.$_POST['email'].''};
}
?>
On line 16

Posted: Tue Jun 14, 2005 4:06 pm
by Parody
Anyone :?: :(

Posted: Tue Jun 14, 2005 5:32 pm
by Chris Corbyn
Just temporarily, for troubleshooting's sake. Remove the pregs and put something else in your conditions (something valid of course) - I'm guessing it's one of those.

EDIT | More specifically... take out the email validation preg_match()... ;) I think we'll have to rewrite that one :P (d11 get's excited )

Posted: Wed Jun 15, 2005 10:18 am
by Parody
Tried that, still get the error on line 19:

Code: Select all

die{'Email Adress invalid, you entered:'.$_POST['email'].''};
This is a different line than what I had an error on before.... I think :?

Posted: Wed Jun 15, 2005 1:11 pm
by Parody
Any ideas? :D

Posted: Wed Jun 15, 2005 3:04 pm
by Chris Corbyn
Parody wrote:

Code: Select all

die{'Email Adress invalid, you entered:'.$_POST['email'].''};
This is a different line than what I had an error on before.... I think :?
Ummmm yeah.... that's not right. Parentheses, not curlies....

I'm amazed nobody spotted that (incl. me) :?

Posted: Wed Jun 15, 2005 3:23 pm
by Parody
Can you just give me a quick lesson on the difference between () and {} and when to use each please?

Posted: Wed Jun 15, 2005 3:33 pm
by timvw
Read my hint in a thread of you with a similar problem... viewtopic.php?t=34482