Results 1 to 6 of 6
  1. #1
    Join Date
    Jul 2003
    Location
    California
    Posts
    70

    New PHP Code, Someone help please...

    Check it out
    PHP Code:
    <?php require_once('../../Connections/connection.php'); ?>
    <?php
    if (isset($HTTP_POST_VARS[Submit])) { // If the form was submitted, process it.

        // Check the username.
        
    if (eregi ("^[[:alnum:]]+$"$HTTP_POST_VARS[username])) {
            
    $a TRUE;
        } else {
            
    $a FALSE;
            
    $message[] = "Please enter a username that consists only of letters and numbers.";
        }
        
        
    // Check to make sure the password is lon enough and of the right format.
        
    if (eregi ("^[[:alnum:]]{8,16}$"$HTTP_POST_VARS[password])) {
            
    $b TRUE;
        } else {
            
    $b FALSE;
            
    $message[] = "Please enter a password that consists only of letters and numbers, between 8 and 16 characters long.";
        }
        
        
    // Check to make sure the two passwords match.
        
    if ($HTTP_POST_VARS[password] == $HTTP_POST_VARS[confirmPassword]) {
            
    $c TRUE;
        } else {
            
    $c FALSE;
            
    $message[] = "The two entered passwords did not match.";
        }
        
        
    // Check to make sure they entered a valid email address.
        
    if (eregi ("^([[:alnum:]]|_|\.|-)+@([[:alnum:]]|\.|-)+(\.)([a-z]{2,4})$"$HTTP_POST_VARS[email])) {
            
    $d TRUE;
        } else {
            
    $d FALSE;
            
    $message[] = "Please enter a valid email address.";
        }
        
        
    //If all the data passes, insert it.
        
    if ($a AND $b AND $c AND $d) {
            
    mysql_select_db($database_connection$connection);
            
    $query_validate "SELECT * FROM users WHERE username = '$HTTP_POST_VARS[username]'";
            
    $validate mysql_query($query_validate$connection) or die(mysql_error());
            
    $row_validate mysql_fetch_assoc($validate);
            
    $totalRows_validate mysql_num_rows($validate);
            
    //Check Username
            
    if ($row_validate['username'] == null) {
                
    $query 'INSERT INTO `users` ( `autoID` , `username` , `password` , `email` , `signature` , `aim` , `yim` , `msn` ) '
                
    ' VALUES ( NULL, \'$HTTP_POST_VARS[username]\', \'$HTTP_POST_VARS[password]\', \'$HTTP_POST_VARS[email]\', $HTTP_POST_VARS[signature] , $HTTP_POST_VARS[aim] , $HTTP_POST_VARS[yim] , $HTTP_POST_VARS[msn] );'
                
    ' '
                
    mysql_query($query);
                echo 
    $row_validate['username'];
            } else {
                
    $message[] = "That username is already taken.";
            }
        } else {
            if (
    $message) {
            echo 
    "\n<br />The following errors occured:<br />\n";
                foreach (
    $message as $key => $value) {
                    echo 
    "$value <br />\n";
                }
            }
        }

    }
    ?>
    No errors, it gets to the insert sql for user information, but doesnt insert anything...

  2. #2
    Join Date
    Mar 2002
    Location
    Denmark
    Posts
    684
    try removing the ; at the end of the sql statement

    if that doesn't do it, try printing out the query that you are trying to send to the server, ususally you can catch erros there....
    ~Chris

  3. #3
    Join Date
    Jul 2004
    Location
    N29° 22.725' X W95° 6.452'
    Posts
    343
    Five things i noticed in the INSERT sql:

    1) You need to use double quotes ON the sql so you can use single quotes IN the sql statement: $sql = "INSERT INTO users VALUES('', 'autoID', 'username', 'password', ...)"; You cant use all single or all double quotes, you have to alternate.

    2) you dont need quotes on the table name: "INSERT INTO 'users' VALUES(...)"; its not necessary and may be causing you problems.

    3) you dont need to enter all the field names as long as you INSERT all the data in the same order as the fields are listed in your table. So if your table goes: autoID, username, password ... then just INSERT the data in the same order: VALUES('', '$username', '$password',...)

    4)I dont think entering NULL for your autoID will work. I believe you have to enter it as an empty single quote: ' ' no spaces or anything. I could be wrong on this but thats the way I learned it and it has always worked with out problem for me.

    5)Half way through your VALUES() you start leaving off quotes: VALUES ( NULL, '$HTTP_POST_VARS[username]', '$HTTP_POST_VARS[password]', '$HTTP_POST_VARS[email]', $HTTP_POST_VARS[signature] , $HTTP_POST_VARS[aim] , $HTTP_POST_VARS[yim] , $HTTP_POST_VARS[msn] );'

    from signature on you leave off quotes. if you cut and pasted this from your script thats a problem but if you just typed it in and forgot them in this example then no big deal but I would go back and check it out.

    Look over your code and try these changes and see if that helps any.

    *edit - oh yeah and as nchris pointed out, you need to remove that ; from the end of that sql statement and put it out side the quotes.
    Last edited by mcarman; 01-06-2005 at 12:42 AM.

  4. #4
    Join Date
    May 2004
    Location
    Colorado
    Posts
    948
    if you have a primary key auto_increment col in your mysql database such as an auto id you dont need to insert anything into there.. so, dont include it in the cols list of the mysql insert query (in the first set of parenthisis)

    instead of using single quotes around a query structure if you need to use more double quotes inside you could just escape the double quotes using a backslash, ie:

    $query = "insert into tbl_name (this col) values (\"thing one\", \"thing two\")";

    ahh, and on your field names, if you define them in your statement, dont use quotes around the names, i'm not sure wether or not this would do anything, but generally you should leave quotes off of them
    Last edited by WraithGuard; 01-07-2005 at 05:35 PM.


    Absolute Power, its the only way to roll!

  5. #5
    Join Date
    Jan 2005
    Posts
    6
    Originally posted by mcarman
    [B]Five things i noticed in the INSERT sql:

    1) You need to use double quotes ON the sql so you can use single quotes IN the sql statement: $sql = "INSERT INTO users VALUES('', 'autoID', 'username', 'password', ...)"; You cant use all single or all double quotes, you have to alternate.
    not always true you can use this method:

    PHP Code:
    " "\value"\ " 
    (there is supposed to be a \ at the end of those two qute marks in the middle but the BBCode is removing them for some reason)


    Originally posted by mcarman
    3) you dont need to enter all the field names as long as you INSERT all the data in the same order as the fields are listed in your table. So if your table goes: autoID, username, password ... then just INSERT the data in the same order: VALUES('', '$username', '$password',...)
    that doesn't always work i think it has problems in old PHP versions

    Originally posted by mcarman
    4)I dont think entering NULL for your autoID will work. I believe you have to enter it as an empty single quote: ' ' no spaces or anything. I could be wrong on this but thats the way I learned it and it has always worked with out problem for me.
    correct if auto increment is enabled when the field is inserted into the table the database automatically enters the value, I never include auto increment fields in SQL queries unless it's needed.


    PHP Code:
                $query 'INSERT INTO `users` ( `autoID` , `username` , `password` , `email` , `signature` , `aim` , `yim` , `msn` ) '
                 
    ' VALUES ( NULL, '$HTTP_POST_VARS[username]', '$HTTP_POST_VARS[password]', '$HTTP_POST_VARS[email]', $HTTP_POST_VARS[signature] , $HTTP_POST_VARS[aim] , $HTTP_POST_VARS[yim] , $HTTP_POST_VARS[msn] );'
                 
    ' '
    the ; in the middle of the query would stop the script half way through hense stopping the query from preforming any action.

    and finally instead of using

    PHP Code:
    ($a AND $b AND $c AND $d
    it's safer to use:

    PHP Code:
    (($a) && ($b) && ($c) && ($d)) 
    or even

    PHP Code:
    (($a == "TRUE") && ($b == "TRUE") && ($c == "TRUE") && ($d == "TRUE")) 
    i prefer using numeric values instead of ture/false statements

    but from my quick glance i couldn't see why it wouldn't work if you removed that ; from the second line of the query.
    Last edited by MajesticM00se; 01-11-2005 at 08:45 PM.

  6. #6
    Join Date
    Jul 2004
    Location
    N29° 22.725' X W95° 6.452'
    Posts
    343
    Originally posted by MajesticM00se

    not always true you can use this method:


    PHP:" "value" "
    (there is supposed to be a \ at the end of those two qute marks in the middle but the BBCode is removing them for some reason)

    Technically true, but I hate having to escape things if I don’t have to. And the code reads easier if the SQL is long or frequent.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •