Page 1 of 1

freezes? errors? does something

Posted: Tue Feb 20, 2007 6:05 am
by psychotomus
can't figure out whats wrong with this code. it doesnt give no errors or insert the data or print anything to the screen besides "here"

Code: Select all

//username, email and password not blank
if ($username <> "" && $email <> "" & $password <> "")
{
	echo 'here'; //<-makes it here
	//check if username or email not allready in use
	$info = mysql_fetch_object(mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')")) or die(mysql_error());
	//username and email not taken
	if ($info->id == "")
	{

		$query="INSERT INTO users (
				username,
				user_pass,
				user_email,
				user_verified,
				user_rank,
				user_gender,
				user_country,
				usern_state,
				user_zip,
				user_dob,
				user_join_date
		) VALUES (
				'".$username."',
				'".$password."',
				'".$email."',
				'".$code."',
				'0',
				'".$gender."',
				'".$country."',
				'".$state."',
				'".$zip."',
				'".$dob."',
				'".time()."'
				)";
		mysql_query($query) or die(mysql_error());


		$query="INSERT INTO user_settings (
				username,
				popup_on_new_msg,
				email_on_new_mesg,
				popup_on_lost_highscore,
				email_on_lost_highscore,
				popup_friend_invite,
				email_friend_invite,
				daily_anime,
				daily_manga,
				daily_poetry,
				daily_fanfictions,
				daily_gaming,
				daily_comics,
				daily_midis,
				daily_mp3s,
				daily_horoscopes,
				daily_jokes,
				weekly_anime,
				weekly_manga,
				weekly_poetry,
				weekly_fanfictions,
				weekly_gaming,
				weekly_comics,
				weekly_midis,
				weekly_mp3s,
				weekly_horoscopes,
				weekly_jokes,
				monthly_anime,
				monthly_manga,
				monthly_poetry,
				monthly_fanfictions,
				monthly_gaming,
				monthly_comics,
				monthly_midis,
				monthly_mp3s,
				monthly_horoscopes,
				monthly_jokes
		) VALUES (
				'y',
				'y',
				'y',
				'y',
				'y',
				'y',
				'".$subscriptions[0]."',
				'".$subscriptions[1]."',
				'".$subscriptions[2]."',
				'".$subscriptions[3]."',
				'".$subscriptions[4]."',
				'".$subscriptions[5]."',
				'".$subscriptions[6]."',
				'".$subscriptions[7]."',
				'".$subscriptions[8]."',
				'".$subscriptions[9]."',
				'".$subscriptions[10]."',
				'".$subscriptions[11]."',
				'".$subscriptions[12]."',
				'".$subscriptions[13]."',
				'".$subscriptions[14]."',
				'".$subscriptions[15]."',
				'".$subscriptions[16]."',
				'".$subscriptions[17]."',
				'".$subscriptions[18]."',
				'".$subscriptions[19]."',
				'".$subscriptions[20]."',
				'".$subscriptions[21]."',
				'".$subscriptions[22]."',
				'".$subscriptions[23]."',
				'".$subscriptions[24]."',
				'".$subscriptions[25]."',
				'".$subscriptions[26]."',
				'".$subscriptions[27]."',
				'".$subscriptions[28]."',
				'".$subscriptions[29]."'
				)";
		mysql_query($query) or die("There was an error, your account subscriptions was not set, please contact an admin to fix the problem");
		
		echo 'registration complete';
	}
	else
	{
		echo 'username allready taken';
	}
}
//username email or password is blank
else
{

	if ($username == "")
		$eRR = "Username not set...<br>";
	if ($email == "")
		$eRR = "Email address not set...<br>";
	if ($password == "")
		$eRR = "Password not set...<br>";
		
	echo $eRR;
}
?>

Posted: Tue Feb 20, 2007 6:11 am
by Kieran Huggins
gah!

Don't:

Code: Select all

$info = mysql_fetch_object(mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')")) or 
die(mysql_error());
Do:

Code: Select all

$result = mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')") or die(mysql_error());
$info = mysql_fetch_object($result);

Posted: Tue Feb 20, 2007 6:15 am
by psychotomus
whats wrong with doing it my way? it just wont catch errors or is there somethign else wrong with it?

Posted: Tue Feb 20, 2007 6:25 am
by jmut
psychotomus wrote:whats wrong with doing it my way? it just wont catch errors or is there somethign else wrong with it?

Code: Select all

Yours is equivelent to:

$result = mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')");
$info = mysql_fetch_object($result) or die(mysql_error());
Obviously you dont validate mysql_query

Posted: Tue Feb 20, 2007 6:32 am
by psychotomus
oh. =)

Posted: Tue Feb 20, 2007 6:39 am
by volka
//username, email and password not blank
if ($username <> "" && $email <> "" & $password <> "")
{
echo 'here'; //<-makes it here
//check if username or email not allready in use
$info = mysql_fetch_object(mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')")) or die(mysql_error());
missing a &
Are $username, $email and $password already sanatized or is your script prone to sql injections?
Same question for all variables you use in your sql statements

Posted: Tue Feb 20, 2007 6:43 am
by dude81
if ($username <> "" && $email <> "" & $password <> "")
The very logic is wrong. Logic error
if ($username <> "" && $email <> "" && $password <> "")

Posted: Tue Feb 20, 2007 6:56 am
by jayshields
What's wrong with empty() instead of comparing variables against empty strings?

Posted: Tue Feb 20, 2007 6:59 am
by volka
As long as "0" is considered invalid it's ok.

Code: Select all

$v = "0";
echo empty($v) ? 'empty' : '--';
prints empty

Posted: Tue Feb 20, 2007 8:02 am
by psychotomus
volka wrote:
//username, email and password not blank
if ($username <> "" && $email <> "" & $password <> "")
{
echo 'here'; //<-makes it here
//check if username or email not allready in use
$info = mysql_fetch_object(mysql_query("SELECT id FROM users WHERE (username='$username' OR user_email='$email')")) or die(mysql_error());
missing a &
Are $username, $email and $password already sanatized or is your script prone to sql injections?
Same question for all variables you use in your sql statements
allready sanatized.