PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
hey im new to PHP, well kinda new. im not very good, put it that way
im having trouble witht his registration script.. it says when i run it "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in D:\Program Files\xampp\htdocs\stuff\registration_script\registration.php on line 29"
here is the whole code.. sorry about the comments, i got bored when writing it
<?php
// include all the database stuff becuase it is needed
include 'database_connect.php';
include 'config.php';
// Get the variables
$email = $_POST['email'];
$password = $_POST['password'];
$password = md5($password);
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$country = $_POST['country'];
$age = $_POST['age'];
// change the variables to strip the strings
$password = htmlspecialchars($password);
$firstname = htmlspecialchars($firstname);
$lastname = htmlspecialchars($lastname);
$email = htmlspecialchars($email);
$age = htmlspecialchars($age);
// check for people int he database that are already there (unlikely becuase of the email stuff)
$sql_email_check = mysql_query("SELECT email FROM users WHERE email='$email'");
$email_check = mysql_num_rows($sql_email_check); // ------------- LINE 29 -----------
if ($email=="0") {
// This is where we put <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> int he database because me are mad cool
$sql = mysql_query("INSERT INTO users (email, password, firstname, lastname, country, age, signup_date) VALUES ('$email','$password','$firstname','$lastname','$country','$age',now())")
or die (mysql_error());
} else {
// the dumbass tried to create 2 accounts using one email adress... what a tool!
echo 'THE EMAIL ALREADY EXISTS... YOU ARE ONLY ALLOWED 1 ACCOPUNT PER EMAIL... CREATE ANOTHER EMAIL!';
}
// check if the <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> went into the database without any problems
if(!$sql) {
echo 'THE DATABASE IS SCREWED, TRY AGAIN OR EMAIL ADMIN';
} else {
// it went in without problems so this makes the main page of the site turn up in the little thing with the thing!
echo 'welcome the the site! you can now log in!';
include 'main_page.php';
}
?>
// check for people int he database that are already there (unlikely becuase of the email stuff)
$sql_email_check = mysql_query("SELECT email FROM users WHERE email='$email'") or die(mysql_error());
$email_check = mysql_num_rows($sql_email_check);
i did that.. i should have thought of it.. it said i hadn't selected the database.. so i did and now it if fixed... except it puts all the "error" messages on the screen before i even try and fill int he form.. ah well ill try figure it out.. thankyou
<?php
$mysql = mysql_connect('localhost', 'localuser', 'localpass');
mysql_select_db('test', $mysql);
$email = mysql_real_escape_string("' and 1='0", $mysql);
$query = "SELECT email FROM users WHERE email='$email'";
echo $query, "<br />\n"
?>
SELECT email FROM users WHERE email='\' and 1=\'0'
mysql_real_escape_string marks all characters that might have special meaning in a query as "no special meaning, just the character".
You need to do this for all string parameters that might contain special characters - esp. all user input.
another question... my whole script goes through without trouble.. producing no mysql errors.. yet it does not insert the information into the database.. ive compared it to a registration script that works and i cant find any differece....