freezes? errors? does something

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
psychotomus
Forum Contributor
Posts: 487
Joined: Fri Jul 11, 2003 1:59 am

freezes? errors? does something

Post by psychotomus »

can't figure out whats wrong with this code. it doesnt give no errors or insert the data or print anything to the screen besides "here"

Code: Select all

//username, email and password not blank
if ($username <> "" && $email <> "" & $password <> "")
{
	echo 'here'; //<-makes it here
	//check if username or email not allready in use
	$info = mysql_fetch_object(mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')")) or die(mysql_error());
	//username and email not taken
	if ($info->id == "")
	{

		$query="INSERT INTO users (
				username,
				user_pass,
				user_email,
				user_verified,
				user_rank,
				user_gender,
				user_country,
				usern_state,
				user_zip,
				user_dob,
				user_join_date
		) VALUES (
				'".$username."',
				'".$password."',
				'".$email."',
				'".$code."',
				'0',
				'".$gender."',
				'".$country."',
				'".$state."',
				'".$zip."',
				'".$dob."',
				'".time()."'
				)";
		mysql_query($query) or die(mysql_error());


		$query="INSERT INTO user_settings (
				username,
				popup_on_new_msg,
				email_on_new_mesg,
				popup_on_lost_highscore,
				email_on_lost_highscore,
				popup_friend_invite,
				email_friend_invite,
				daily_anime,
				daily_manga,
				daily_poetry,
				daily_fanfictions,
				daily_gaming,
				daily_comics,
				daily_midis,
				daily_mp3s,
				daily_horoscopes,
				daily_jokes,
				weekly_anime,
				weekly_manga,
				weekly_poetry,
				weekly_fanfictions,
				weekly_gaming,
				weekly_comics,
				weekly_midis,
				weekly_mp3s,
				weekly_horoscopes,
				weekly_jokes,
				monthly_anime,
				monthly_manga,
				monthly_poetry,
				monthly_fanfictions,
				monthly_gaming,
				monthly_comics,
				monthly_midis,
				monthly_mp3s,
				monthly_horoscopes,
				monthly_jokes
		) VALUES (
				'y',
				'y',
				'y',
				'y',
				'y',
				'y',
				'".$subscriptions[0]."',
				'".$subscriptions[1]."',
				'".$subscriptions[2]."',
				'".$subscriptions[3]."',
				'".$subscriptions[4]."',
				'".$subscriptions[5]."',
				'".$subscriptions[6]."',
				'".$subscriptions[7]."',
				'".$subscriptions[8]."',
				'".$subscriptions[9]."',
				'".$subscriptions[10]."',
				'".$subscriptions[11]."',
				'".$subscriptions[12]."',
				'".$subscriptions[13]."',
				'".$subscriptions[14]."',
				'".$subscriptions[15]."',
				'".$subscriptions[16]."',
				'".$subscriptions[17]."',
				'".$subscriptions[18]."',
				'".$subscriptions[19]."',
				'".$subscriptions[20]."',
				'".$subscriptions[21]."',
				'".$subscriptions[22]."',
				'".$subscriptions[23]."',
				'".$subscriptions[24]."',
				'".$subscriptions[25]."',
				'".$subscriptions[26]."',
				'".$subscriptions[27]."',
				'".$subscriptions[28]."',
				'".$subscriptions[29]."'
				)";
		mysql_query($query) or die("There was an error, your account subscriptions was not set, please contact an admin to fix the problem");
		
		echo 'registration complete';
	}
	else
	{
		echo 'username allready taken';
	}
}
//username email or password is blank
else
{

	if ($username == "")
		$eRR = "Username not set...<br>";
	if ($email == "")
		$eRR = "Email address not set...<br>";
	if ($password == "")
		$eRR = "Password not set...<br>";
		
	echo $eRR;
}
?>
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

gah!

Don't:

Code: Select all

$info = mysql_fetch_object(mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')")) or 
die(mysql_error());
Do:

Code: Select all

$result = mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')") or die(mysql_error());
$info = mysql_fetch_object($result);
psychotomus
Forum Contributor
Posts: 487
Joined: Fri Jul 11, 2003 1:59 am

Post by psychotomus »

whats wrong with doing it my way? it just wont catch errors or is there somethign else wrong with it?
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

psychotomus wrote:whats wrong with doing it my way? it just wont catch errors or is there somethign else wrong with it?

Code: Select all

Yours is equivelent to:

$result = mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')");
$info = mysql_fetch_object($result) or die(mysql_error());
Obviously you dont validate mysql_query
psychotomus
Forum Contributor
Posts: 487
Joined: Fri Jul 11, 2003 1:59 am

Post by psychotomus »

oh. =)
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

//username, email and password not blank
if ($username <> "" && $email <> "" & $password <> "")
{
echo 'here'; //<-makes it here
//check if username or email not allready in use
$info = mysql_fetch_object(mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')")) or die(mysql_error());
missing a &
Are $username, $email and $password already sanatized or is your script prone to sql injections?
Same question for all variables you use in your sql statements
User avatar
dude81
Forum Regular
Posts: 509
Joined: Mon Aug 29, 2005 6:26 am
Location: Pearls City

Post by dude81 »

if ($username <> "" && $email <> "" & $password <> "")
The very logic is wrong. Logic error
if ($username <> "" && $email <> "" && $password <> "")
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

What's wrong with empty() instead of comparing variables against empty strings?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

As long as "0" is considered invalid it's ok.

Code: Select all

$v = "0";
echo empty($v) ? 'empty' : '--';
prints empty
psychotomus
Forum Contributor
Posts: 487
Joined: Fri Jul 11, 2003 1:59 am

Post by psychotomus »

volka wrote:
//username, email and password not blank
if ($username <> "" && $email <> "" & $password <> "")
{
echo 'here'; //<-makes it here
//check if username or email not allready in use
$info = mysql_fetch_object(mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')")) or die(mysql_error());
missing a &
Are $username, $email and $password already sanatized or is your script prone to sql injections?
Same question for all variables you use in your sql statements
allready sanatized.
Post Reply