Page 1 of 1

Code Check

Posted: Thu Oct 09, 2003 8:24 am
by AliasBDI
For the life of me, I cannot figure out what is wrong with this code:

Code: Select all

<?php
session_start();
if ($_SESSION['email_address'] != "" ) {
	echo "<b>You do not have the appropriate permissions to enter new distributors.</b><br><br><br>";


if ( empty( $first_name ) ) {
	print "Please login below!";
	include 'index.htm';

}
} else { print "
<html>
<head>
<title>Join Form</title>
</head>
<body>
		<form name=form1 method=post action=register.php>
  <table width=100% border=0 cellpadding=4 cellspacing=0>
    <tr>
      <td width=24% align=left valign=top>First Name</td>
      <td width=76%><input name=first_name type=text id=first_name2></td>
    </tr>
    <tr>
      <td align=left valign=top>Last Name</td>
      <td><input name=last_name type=text id=last_name></td>
    </tr>
    <tr>
      <td align=left valign=top>Email Address</td>
      <td><input name=email_address type=text id=email_address></td>
    </tr>
				<tr>
      <td align=left valign=top>Username</td>
      <td><input name=username type=text id=username></td>
    </tr>
    </tr>
				<tr>
      <td align=left valign=top>Password</td>
      <td><input name=password type=password id=password></td>
    </tr>
      </tr>
				<tr>
      <td align=left valign=top>Address</td>
      <td><input name=address type=text id=address></td>
    </tr>
				</tr></tr></tr></tr></tr></tr></tr></tr></tr></tr></tr></tr></tr></tr></tr></tr>
				<tr>
      <td align=left valign=top>&nbsp;</td>
      <td><input type=submit name=Submit value=Join Now!></td>
    </tr>
			</table>
</form>
	</body>
</html>

"; } ?>
The error reads:

Code: Select all

You have an error in your SQL syntax near ''', 'abcdefg'' at line 2
Here is the register code:

Code: Select all

<?

include 'db.php';

// Define post fields into simple variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email_address = $_POST['email_address'];
$username = $_POST['username'];
$password = $_POST['password'];
$password_encrypt = md5($password);
$user_address = $_POST['user_address'];

/* Lets strip some slashes in case the user entered
any escaped characters. */

$first_name = stripslashes($first_name);
$last_name = stripslashes($last_name);
$email_address = stripslashes($email_address);
$username = stripslashes($username);
$address = stripslashes($address);

/* Do some error checking on the form posted fields */

if((!$first_name) || (!$last_name) || (!$email_address) || (!$username)){
	echo 'You did not submit the following required information! <br />';
	if(!$first_name){
		echo "First Name is a required field. Please enter it below.<br />";
	}
	if(!$last_name){
		echo "Last Name is a required field. Please enter it below.<br />";
	}
	if(!$email_address){
		echo "Email Address is a required field. Please enter it below.<br />";
	}
	if(!$username){
		echo "Username is a required field. Please enter it below.<br />";
	}
	if(!$password){
		echo "Password is a required field. Please enter it below.<br />";
	}
	if(!$address){
		echo "Address is a required field. Please enter it below.<br />";
	}
	include 'join_form.php'; // Show the form again!
	/* End the error checking and if everything is ok, we'll move on to
	 creating the user account */
	exit(); // if the error checking has failed, we'll exit the script!
}

/* Let's do some checking and ensure that the user's email address or username
 does not exist in the database */

 $sql_email_check = mysql_query("SELECT email_address FROM users WHERE email_address='$email_address'");
 $sql_username_check = mysql_query("SELECT username FROM users WHERE username='$username'");

 $email_check = mysql_num_rows($sql_email_check);
 $username_check = mysql_num_rows($sql_username_check);

 if(($email_check > 0) || ($username_check > 0)){
 	echo "Please fix the following errors: <br />";
 	if($email_check > 0){
 		echo "<strong>Your email address has already been registered by another member in our database. Please submit a different Email address!<br />";
 		unset($email_address);
 	}
 	if($username_check > 0){
 		echo "The username you have selected has already been registered by another member in our database. Please choose a different Username!<br />";
 		unset($username);
 	}
 	include 'index.htm'; // Show the form again!
 	exit();  // exit the script so that we do not create this account!
 }

/* Everything has passed both error checks that we have done.
It's time to create the account! */

// Enter info into the Database.
$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date, decrypted_password, birth, address)
		VALUES('$first_name', '$last_name', '$email_address', '$username', '$password_encrypt', now(), '$password'), '$birth', '$address'") or die (mysql_error());	
		
if(!$sql){
	echo 'There has been an error creating your account. Please contact the webmaster.';
} else {
	$userid = mysql_insert_id();
	$activatepath = "includes/activate.php?id=$userid&code=$password_encrypt";
// Let's mail the user!
$subject = "Membership request at $sitename";
$message = "Dear $first_name $last_name,
You are now registered at our website, $sitepath !

To activate your membership, please login here: $sitepath$activatepath

Once you activate your membership, you will be able to login with the following information:
Username: $username
Password: $password
Please keep this username and password in a location that is easily accessible by you.

Thanks!
$sitename



This is an automated response, please do not reply!";

mail($email_address, $subject, $message, "From: $sitename <$adminemail>\nX-Mailer: PHP/" . phpversion());
echo 'Your membership information has been mailed to your email address! Please check it and follow the directions!';
}

?>

ANY IDEAS????

Posted: Thu Oct 09, 2003 8:49 am
by Wayne

Code: Select all

$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date, decrypted_password, birth, address) 
      VALUES('$first_name', '$last_name', '$email_address', '$username', '$password_encrypt', now(), '$password'), '$birth', '$address'") or die (mysql_error());
you need to get rid of the bracket after $password .....

Code: Select all

$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date, decrypted_password, birth, address) 
      VALUES('$first_name', '$last_name', '$email_address', '$username', '$password_encrypt', now(), '$password', '$birth', '$address'") or die (mysql_error()); [/php   ]

Wayne...

Posted: Thu Oct 09, 2003 9:05 am
by AliasBDI
You were right about the brackets, must have overlooked it. However, it did not fix the error. I don't think the page even go that far in the code before getting the error.

I made some adjustments and now the error reads:

Code: Select all

You have an error in your SQL syntax near '' at line 2
After doing some tests, I think I have figured out that the error is in the form page. I left all of the fields empty and the error came back as:

Code: Select all

Warning: Cannot send session cache limiter - headers already sent (output started at /home/httpd/vhosts/ticketblasters.com/httpdocs/includes/register.php:26) in /home/httpd/vhosts/ticketblasters.com/httpdocs/includes/join_form.php on line 2
Do you know what "cannot send session cache limiter - headers already sent" means?

This is the line:

Code: Select all

session_start();

Re: Wayne...

Posted: Thu Oct 09, 2003 9:21 am
by scorphus
AliasBDI wrote:Do you know what "cannot send session cache limiter - headers already sent" means?
I think these tutorials may help you:
Warning: Cannot add header information
Sessions with a Minor in User Logins

Cheers,
Scorphus.

Posted: Thu Oct 09, 2003 10:20 am
by AliasBDI
I did your "Sessions with a Minor User Logins" tutorial. I ended up placing the "ob_start();" in each page thinking that it would fix it, but it did not. I also checked out the other link you gave.

I could not figure out where I was getting my code out of order. This is what it looks like now:

Code: Select all

<?
ob_start();
include 'db.php';

// Define post fields into simple variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email_address = $_POST['email_address'];
$username = $_POST['username'];
$password = $_POST['password'];
$address = $_POST['address'];

/* Lets strip some slashes in case the user entered
any escaped characters. */

$first_name = stripslashes($first_name);
$last_name = stripslashes($last_name);
$email_address = stripslashes($email_address);
$username = stripslashes($username);
$address = stripslashes($address);

/* Do some error checking on the form posted fields */

if((!$first_name) || (!$last_name) || (!$email_address) || (!$username)){
	echo 'You did not submit the following required information! <br />';
	if(!$first_name){
		echo "First Name is a required field. Please enter it below.<br />";
	}
	if(!$last_name){
		echo "Last Name is a required field. Please enter it below.<br />";
	}
	if(!$email_address){
		echo "Email Address is a required field. Please enter it below.<br />";
	}
	if(!$username){
		echo "Username is a required field. Please enter it below.<br />";
	}
	if(!$password){
		echo "Password is a required field. Please enter it below.<br />";
	}
	if(!$address){
		echo "Address is a required field. Please enter it below.<br />";
	}
	include 'join_form.php'; // Show the form again!
	/* End the error checking and if everything is ok, we'll move on to
	 creating the user account */
	exit(); // if the error checking has failed, we'll exit the script!
}

/* Let's do some checking and ensure that the user's email address or username
 does not exist in the database */

 $sql_email_check = mysql_query("SELECT email_address FROM users WHERE email_address='$email_address'");
 $sql_username_check = mysql_query("SELECT username FROM users WHERE username='$username'");

 $email_check = mysql_num_rows($sql_email_check);
 $username_check = mysql_num_rows($sql_username_check);

 if(($email_check > 0) || ($username_check > 0)){
 	echo "Please fix the following errors: <br />";
 	if($email_check > 0){
 		echo "<strong>Your email address has already been registered by another member in our database. Please submit a different Email address!<br />";
 		unset($email_address);
 	}
 	if($username_check > 0){
 		echo "The username you have selected has already been registered by another member in our database. Please choose a different Username!<br />";
 		unset($username);
 	}
 	include 'index.htm'; // Show the form again!
 	exit();  // exit the script so that we do not create this account!
 }

/* Everything has passed both error checks that we have done.
It's time to create the account! */

$password_encrypt = md5($password);

// Enter info into the Database.
$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date, decrypted_password, address)
		VALUES('$first_name', '$last_name', '$email_address', '$username', '$password_encrypt', now(), '$password', '$address'") or die (mysql_error());	
		
if(!$sql){
	echo 'There has been an error creating your account. Please contact the webmaster.';
} else {
	$userid = mysql_insert_id();
	$activatepath = "includes/activate.php?id=$userid&code=$password_encrypt";
// Let's mail the user!
$subject = "Membership request at $sitename";
$message = "Dear $first_name $last_name,
You are now registered at our website, $sitepath !

To activate your membership, please login here: $sitepath$activatepath

Once you activate your membership, you will be able to login with the following information:
Username: $username
Password: $password
Please keep this username and password in a location that is easily accessible by you.

Thanks!
$sitename



This is an automated response, please do not reply!";

mail($email_address, $subject, $message, "From: $sitename <$adminemail>\nX-Mailer: PHP/" . phpversion());
echo 'Your membership information has been mailed to your email address! Please check it and follow the directions!';
}

?>