Page 1 of 1

MySql Not Inserting :o

Posted: Fri Apr 25, 2008 10:25 am
by NeonZ
Hello, I'm having a little problem of mysql not inserting data with INSERT. Everything else seems to work fine in the code. It is a register script. Code:

Create.php

Code: Select all

<?php
 
include("includes/Connect.php");
mysql_select_db("divnx5_web");
 
$username = $_POST['user'];
$password = sha1($_POST['pass']);
$password2 = sha1($_POST['pass2']);
$email = $_POST['email'];
 
if(!$_POST['register'])
{
   echo "<form action='includes/Register.php' method='post'>
             <fieldset id='register'>
             <legend>Please fill out all the fields</legend>
 
             <label for='user'>Username</label>
             <input type='text' id='user' name='user' tabindex='1' />
             <label for='pass'>Password</label>
             <input type='password' id='pass' name='pass' tabindex='2' />
             <label for='pass2'>Confirm Password</label>
             <input type='password' id='pass2' name='pass2' tabindex='3' />
             <label for='email'>E-Mail Address</label>
             <input type='text' id='email' name='email' tabindex='4' />
             
             <input type='submit' id='register' name='register' value='Register' tabindex='5' />
             <input type='reset' id='reset' name='reset' value='Clear' tabindex='6' />
 
             </fieldset>
             </form>";
}
 
?>
Register.php

Code: Select all

<?php
 
include("Connect.php");
mysql_select_db("divnx5_web");
 
$username = $_POST['user'];
$password = sha1($_POST['pass']);
$password2 = sha1($_POST['pass2']);
$email = $_POST['email'];
 
function check($username)
{
    $query = "SELECT * FROM `users` WHERE username = '$username'";
    $result = mysql_query($query) OR die("$query: " . mysql_error());
    
    if(mysql_num_rows($result) > 0)
    {
       echo "The username " . $username . 'is already taken';
       $set = "1";
     }
}
 
check($username);
 
if(empty($username))
{
   echo "The username you entered encountered a problem.";
   $set = "1";
}
 
if(empty($password) || empty($password2))
{
   echo "The password you entered encountered a problem.";
   $set = "1";
}
 
if(empty($email))
{
   echo "The email you entered encountered a problem.";
   $set = "1";
}
 
if($password != $password2)
{
   echo "The password you entered do not match";
   $set = "1";
}
 
if($set != 1)
{
   mysql_query("INSERT INTO users(username, password, email, rank)
                        VAUES('$username', '$password', '$email', '1')");
   
   echo "Welcome $username to the community! However, your registration process is not done yet.
             Please check the email you provided us at $email for an activation link. Enjoy!";
 
   mysql_close($con);
}
 
?>
Any help would greatly be appreciated. Thank You! 8O

Re: MySql Not Inserting :o

Posted: Fri Apr 25, 2008 10:35 am
by onion2k
1. You're not escaping the incoming data. Use mysql_real_escape_string().

2. Noone can help debug you code unless you tell us what is actually happening. "It isn't working" isn't enough of a clue. What error messages are you getting?

Re: MySql Not Inserting :o

Posted: Fri Apr 25, 2008 12:06 pm
by NeonZ
onion2k wrote:mysql_real_escape_string().
Never heard of that, I'll look into it. And There is no error message. It echoes "Thank You For registering". When I check the database, nothing was inserted.

Re: MySql Not Inserting :o

Posted: Fri Apr 25, 2008 12:29 pm
by VladSun

Re: MySql Not Inserting :o

Posted: Fri Apr 25, 2008 8:50 pm
by NeonZ
lol, I figured out what was wrong before I added mysql_error(). I wrote "VAUES" instead of "VALUES" in the insert query.

But I ran into another problem. If the username is taken, it echoes it's taken then says thank you for registering and adds the same username again to the db. I assume this isn't a problem I'll have to receive an error message but more of a logic problem.

I put if $set != "1" then insert, but once you enter the Register.php page, $set isn't set to 1, so I guess that's why it adds it again. So I made $set == 1 by default, which made username taken work like it's suppose to, however if I correctly fill out all the fields I receive a blank page after hitting submit. I put mysql_error(); after INSERT query, but it prints out no error message. So I really hope someone can help me. 8O Here's the code again:

Create.php

Code: Select all

<?php
 
include("includes/Connect.php");
mysql_select_db("divnx5_web");
 
$username = $_POST['user'];
$password = sha1($_POST['pass']);
$password2 = sha1($_POST['pass2']);
$email = $_POST['email'];
 
if(!$_POST['register'])
{
   echo "<form action='includes/Register.php' method='post'>
             <fieldset id='register'>
             <legend>Please fill out all the fields</legend>
 
             <label for='user'>Username</label>
             <input type='text' id='user' name='user' tabindex='1' />
             <label for='pass'>Password</label>
             <input type='password' id='pass' name='pass' tabindex='2' />
             <label for='pass2'>Confirm Password</label>
             <input type='password' id='pass2' name='pass2' tabindex='3' />
             <label for='email'>E-Mail Address</label>
             <input type='text' id='email' name='email' tabindex='4' />
             
             <input type='submit' id='register' name='register' value='Register' tabindex='5' />
             <input type='reset' id='reset' name='reset' value='Clear' tabindex='6' />
 
             </fieldset>
             </form>";
}
 
?>
Register.php

Code: Select all

<?php
 
include("Connect.php");
mysql_select_db("divnx5_web");
 
$username = $_POST['user'];
$password = sha1($_POST['pass']);
$password2 = sha1($_POST['pass2']);
$email = $_POST['email'];
$set = "1";
 
function check($username)
{
    $query = "SELECT * FROM `users` WHERE username = '$username'";
    $result = mysql_query($query) OR die("$query: " . mysql_error());
   
    if(mysql_num_rows($result) > 0)
    {
       echo "The username " . $username . 'is already taken';
       $set = "1";
     }
}
 
check($username);
 
if(empty($username))
{
   echo "The username you entered encountered a problem.";
   $set = "1";
}
 
if(empty($password) || empty($password2))
{
   echo "The password you entered encountered a problem.";
   $set = "1";
}
 
if(empty($email))
{
   echo "The email you entered encountered a problem.";
   $set = "1";
}
 
if($password != $password2)
{
   echo "The password you entered do not match";
   $set = "1";
}
 
if($set != "1")
{
   mysql_query("INSERT INTO users(username, password, email, rank)
                        VALUES('$username', '$password', '$email', '1')");
   mysql_error();
   
   echo "Welcome $username to the community! However, your registration process is not done yet.
             Please check the email you provided us at $email for an activation link. Enjoy!";
 
   mysql_close($con);
}
 
?>
Thank You for anyone who helps me. :) :) :) :)

Re: MySql Not Inserting :o

Posted: Sat Apr 26, 2008 3:41 am
by lafever
Like onion said before, ESCAPE DATA! Can't be stressed enough. Also, with form inputs, sanitize data also.

Also, you should make a function for checking the form that sanitizes the data and validates it and if it returns in an error make functions that will set errors and draw errors so you're not echo'ing and drawing from variables (ex: set_err('username', 'Username taken'); instead of $set="1"; and echo "msg") and the set_err will store everything in an array and draw_err would return any errors. Just some suggestions, it's your code. But please always escape data going into the database.

Code: Select all

 
function check($username) {
     $query = "SELECT * FROM `users` WHERE username = '".mysql_real_escape_string($username)."'";
     $result = mysql_query($query) OR die("$query: " . mysql_error());
    
     if(mysql_num_rows($result) > 0)
     {
        return true;
      }
 
   return false;
 }
  
if(empty($username)) {
    echo "The username you entered encountered a problem.";
    $set = "1";
} elseif (check($username)) {
    echo "The username $username is already taken";
    $set = "1";
}
 

Re: MySql Not Inserting :o

Posted: Sat Apr 26, 2008 5:05 pm
by NeonZ
I don't quite follow you. 8O 8O I have no idea what sanitizing and validating the data means.

o.o Thanks

Re: MySql Not Inserting :o

Posted: Mon Apr 28, 2008 2:35 am
by NeonZ
bump o.o