can't find error in user registration script *solved*

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
suthie
Forum Commoner
Posts: 68
Joined: Sat Jun 09, 2007 10:46 am

can't find error in user registration script *solved*

Post by suthie »

this is my script:

Code: Select all

<?php

include 'error.php';
include 'dbconnect_silent.php';


$username = $_POST["username"];
$password = $_POST["password"];
$email = $_POST["email"];
$image = "";
$link1 = "";
$link2 = "";
$link3 = "";
$link4 = "";

if ($_POST['username']=='' or $_POST['password']==''
     or $_POST['email']=='') {
       error('One or more required fields were left blank.\\n'.
             'Please fill them in and try again.');
   }

   // Check for existing user with the new id
   $sql = "SELECT COUNT(*) FROM user WHERE username = '$_POST[username]'";
   $result = mysql_query($sql);
   if (!$result) {
       error('A database error occurred in processing your '.
             'submission.\\nIf this error persists, please '.
             'contact you@example.com.');
   }
   if (@mysql_result($result,0,0)>0) {
       error('A user already exists with your chosen userid.\\n'.
             'Please try another.');
   }

//insert the values
$result= "INSERT INTO userdata (userid, username, password, email)".
   "VALUES ('NULL', '$username', '$password', '$email')";
if (mysql_query($result )){
echo "success in data entry!";
} else {
echo "could not insert data".mysql_error();
}
 
?>
each time i put it in, it yields this:
0) { error('A user already exists with your chosen userid.\n'. 'Please try another.'); } //insert the values $result= "INSERT INTO userdata (userid, username, password, email)". "VALUES ('NULL', '$username', '$password', '$email')"; if (mysql_query($result )){ echo "success in data entry!"; } else { echo "could not insert data".mysql_error(); } ?>
i noticed it is just cutting off the last piece of the code and displaying it as text. why is it doing this?
Last edited by suthie on Mon Jun 11, 2007 5:10 pm, edited 1 time in total.
arukomp
Forum Contributor
Posts: 113
Joined: Sun Sep 24, 2006 4:22 am

Post by arukomp »

Try removing @ and see if script generates any errors. You should enable all error reporting when debugging a script.

Also, you could use mysql_num_rows() function to see whenever there's registered user with the same username:

Code: Select all

$username = $_POST['username'];
$result = mysql_query("SELECT * FROM user WHERE username = '$username'");
if (mysql_num_rows($result) > 0) {
    // User with this username already exists
}
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

$username needs escaping, at least, too.
suthie
Forum Commoner
Posts: 68
Joined: Sat Jun 09, 2007 10:46 am

Post by suthie »

alright, now im using this:

Code: Select all

<?php

include 'error.php';
include 'dbconnect_silent.php';


$username = $_POST["username"];
$password = $_POST["password"];
$email = $_POST["email"];
$image = "";
$link1 = "";
$link2 = "";
$link3 = "";
$link4 = "";

if ($_POST['username']=='' or $_POST['password']==''
     or $_POST['email']=='') {
       error('One or more required fields were left blank.\\n'.
             'Please fill them in and try again.');
   }

   // Check for existing user with the new id
$result = mysql_query("SELECT * FROM user WHERE username = '$username'");
   if (!$result) {
       error('A database error occurred in processing your '.
             'submission.\\nIf this error persists, please '.
             'contact you@example.com.');
   }
   if (mysql_num_rows($result) != 0) {
       error('A user already exists with your chosen userid.\\n'.
             'Please try another.');
   }

//insert the values
$result= "INSERT INTO userdata (userid, username, password, email)".
   "VALUES ('NULL', '$username', '$password', '$email')";
if (mysql_query($result )){
echo "success in data entry!";
} else {
echo "could not insert data".mysql_error();
}
 
?>
problem solved!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Submission data isn't being escaped, ergo you are open to injection attacks. Be careful.
Post Reply