Page 1 of 1

registration form error

Posted: Mon Apr 23, 2007 2:29 am
by barnes529
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


[syntax="html"]<html>
<body >
  
 <table bgcolor="cyan" height="200"width="200" align="center">
 <tr align="center"><td><font size="3">UserRegisteration</font></td></tr>
<form name="frmname" action="register1.php" method="post" enctype=""multipart/form-data">
  <tr><td>Username</td><td><input type="text" name="name"></td></tr><br>
 <tr><td>password</td><td><input type="password" name="pwd"></td></tr><br>
  <tr><td>E-mail</td><td><input type="text" name="E-mail"></td></tr>
  <tr><td>Confirm E-mail</td><td><input type="text" name="cemail"></td></tr><br>
<tr><td>Address:</td><td><input type="textarea" width="100" height="100" name="address"></td></tr><br>

<tr><td>Phone no:</td><td><input type="Text" name="phone"></td></tr><br>
<tr colspan="2" align="center"><td><input type="submit" name="submit" value="submit"></td></tr>
</table>
</body>
</html>

register1.php[/syntax]

Code: Select all

<?php
 
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("user", $con);

$sql="INSERT INTO user (username,password,E-mail,confirm E-mail,Address,Phone no)
VALUES
('$_POST[username]','$_POST[pwd]','$_POST[E-mail]','$_POST[cemail]','$_POST[address]','$_POST[phone]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?>
when i run this script i got the following error:
Parse error: parse error, expecting `']'' in c:\easyphp1-8\www\register1.php on line 13
how to reslove this problem..thanks in advance.


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Mon Apr 23, 2007 3:53 am
by CoderGoblin
Please use the PHP tags... It makes things a lot easier to read...
Try the following

Code: Select all

$sql="INSERT INTO user (username,password,E-mail,confirm E-mail,Address,Phone no)
VALUES
('{$_POST['username']}','{$_POST['pwd']}','{$_POST['E-mail']}','{$_POST['cemail']}','{$_POST['address']}','{$_POST['phone']}')";
I have a couple of other things to point out...

When using arrays try to always quote your indexes. $array['key'] not $array[key].

Never Ever Trust User Input. You lay yourself open to all sorts of things, someone could even learn how hack your database through a technique called SQL Injection. At a minimum use
mysql_escape_string when entering strings into your database. The above line could therefore be

Code: Select all

$pwd=mysql_escape_string($_POST['pwd']);
$email=mysql_escape_string($_POST['email']);
$cemail=mysql_escape_string($_POST['cemail']);
$address=mysql_escape_string($_POST['address']);
$phone=mysql_escape_string($_POST['phone']);
$sql="INSERT INTO user (username,password,E-mail,confirm E-mail,Address,Phone no)
VALUES ('{$username}','{$pwd}','{$email}','{$cemail}','{$address}','{$phone}')";
You should also check if the information you expect actually exists in the format you expect. you may want to look at empty as well as looking at regular expressions.

I know this seems a lot to take in for what should be a simple form but as I said previously without taking these minimum steps you lay yourself open to a lot of potential problems later.

Posted: Mon Apr 23, 2007 11:24 pm
by barnes529
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


i modified above code.now it's working fine.records are added into database
but following error is getting and e mail is empty.all other fields are added..

Notice: Undefined index: email in c:\easyphp1-8\www\register1.php on line 12
1 record added

[syntax="html"]<html>
<body >

<table bgcolor="cyan" height="200"width="200" align="center">
<tr align="center"><td><font size="3">UserRegisteration</font></td></tr>
<form name="frmname" action="register1.php" method="post" enctype=""multipart/form-data">
<tr><td>Username</td><td><input type="text" name="name"></td></tr><br>
<tr><td>password</td><td><input type="password" name="pwd"></td></tr><br>
<tr><td>E-mail</td><td><input type="text" name="email"></td></tr>
<tr><td>Confirm E-mail</td><td><input type="text" name="cemail"></td></tr><br>
<tr><td>Address:</td><td><input type="textarea" width="100" height="100" name="address"></td></tr><br>

<tr><td>Phone no:</td><td><input type="Text" name="phone"></td></tr><br>
<tr colspan="2" align="center"><td><input type="submit" name="submit" value="submit"></td></tr>
</table>
</body>
</html>



</form>
</table>
register1.php[/syntax]

Code: Select all

<?php

$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("user", $con);
$username=mysql_real_escape_string($_POST['name']);
$pwd=mysql_real_escape_string($_POST['pwd']);
$email=mysql_real_escape_string($_POST['email']);
$cemail=mysql_real_escape_string($_POST['cemail']);
$add=mysql_real_escape_string($_POST['address']);
$phone=mysql_real_escape_string($_POST['phone']);

$sql="INSERT INTO user (username,password,email,confirmemail,Address,Phoneno)
VALUES'{$username}','{$pwd}','{$email}','{$cemail}','{$add}','{$phone}')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($con)
?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Apr 24, 2007 7:27 am
by feyd
barnes529, please post code in the appropriate syntax highlighting tags.

Posted: Tue Apr 24, 2007 8:06 am
by CoderGoblin
Sorry when rewriting the code I changed the name..

Code: Select all

$_POST['email']
should be

Code: Select all

$_POST['E-mail']
You should also check the others so they match your form input names.
My coding style generally uses only lower characters and _ for form names and when writing I often do it instinctively :oops: