View Full Version : [PHP] Not inserting text into the db...
wsg14
17-12-2010, 02:12 AM
It's a simple register script, should work just fine. There's 3 fields, when you submit it it work as it should. I go into phpMyAdmin and the name and email tables are empty, but in the password box theres an md5 code. I'm hoping someone could help me out here. I'm with 000webhost, just need some free hosting for random **** like this. Not sure if they have something to do with this but just incase someone knowsI thought I'd put it.
<form action="?action=register" method="POST">
username: <input type="text" name="user" /><br />
email: <input type="text" name="email" /><br />
password: <input type="text" name="password" /><br />
<input type="submit" value="lets go" />
</form>
<?php
include "config.php";
$user = $_POST['user'];
$email = $_POST['email'];
$cleanPassword = $_POST['password'];
$password = md5($cleanPassword);
if($_GET['action'] == "register"){
if($user = ""){
echo "enter a username dumbass..";
}
if($cleanPassword = ""){
echo "enter a password...";
}
if($email = ""){
echo "enter an email..";
}
$ifExist = mysql_num_rows(mysql_query("SELECT * FROM users WHERE name = '$user'"));
if($ifExist >= 1){
echo "name has been taken.";
}
else {
$sql = mysql_query("INSERT INTO users (name, email, password) VALUES('$user', '$email', '$password')");
if($sql){
echo "youve been registered. login ********.";
} else {
echo "try again. something ****** up.";
}
}
}
?>
LMS16
17-12-2010, 08:27 AM
<form action="?action=register" method="POST">
username: <input type="text" name="user" /><br />
email: <input type="text" name="email" /><br />
password: <input type="text" name="password" /><br />
<input type="submit" value="lets go" />
</form>
<?php
include "config.php";
$user = $_POST['user'];
$email = $_POST['email'];
$cleanPassword = $_POST['password'];
$password = md5($cleanPassword);
if($_GET['action'] == "register"){
if($user = ""){
echo "enter a username dumbass..";
exit();
}
if($cleanPassword = ""){
echo "enter a password...";
exit();
}
if($email = ""){
echo "enter an email..";
exit();
}
$ifExist = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `name`= '$user'"));
if($ifExist >= 1){
echo "name has been taken.";
exit();
}
$sql = mysql_query("INSERT INTO users (`name`, `email`, `password`) VALUES ('$user', '$email', '$password')") or die "try again. something ****** up." . mysql_error();
echo "youve been registered. login ********.";
}
}
?>
Try that :)
Lew.
wsg14
17-12-2010, 03:13 PM
No, same thing happened again.
Johno
17-12-2010, 05:57 PM
Your method is wrong, the method of the form is set as POST but you are trying to use GET. I think that's it anyway!
wsg14
18-12-2010, 05:42 AM
I'm using POST for the form values, yes. I'm using GET for the form action.
Apolva
18-12-2010, 10:43 AM
Change:
if($user = ""){
echo "enter a username dumbass..";
}
if($cleanPassword = ""){
echo "enter a password...";
}
if($email = ""){
echo "enter an email..";
}
To:
if($user == ""){
echo "enter a username dumbass..";
die();
}
if($cleanPassword == ""){
echo "enter a password...";
die();
}
if($email == ""){
echo "enter an email..";
die();
}
(Corrected = to ==, and added in a few die() calls).
Apolva
18-12-2010, 11:07 AM
By the way, your form is vulnerable to SQL injection attacks. A quick (but ugly) way to prevent this would be to change:
$user = $_POST['user'];
$email = $_POST['email'];
To:
$user = mysql_real_escape_string($_POST['user']);
$email = mysql_real_escape_string($_POST['email']);
wsg14
18-12-2010, 10:05 PM
Change:
if($user = ""){
echo "enter a username dumbass..";
}
if($cleanPassword = ""){
echo "enter a password...";
}
if($email = ""){
echo "enter an email..";
}
To:
if($user == ""){
echo "enter a username dumbass..";
die();
}
if($cleanPassword == ""){
echo "enter a password...";
die();
}
if($email == ""){
echo "enter an email..";
die();
}
(Corrected = to ==, and added in a few die() calls).
Thanks, although that doesn't fix my problem.
By the way, your form is vulnerable to SQL injection attacks. A quick (but ugly) way to prevent this would be to change:
$user = $_POST['user'];
$email = $_POST['email'];
To:
$user = mysql_real_escape_string($_POST['user']);
$email = mysql_real_escape_string($_POST['email']);
Again, thanks. I have a clean function i just took it out to have the basic code.
Trinity
19-12-2010, 02:35 AM
It's a simple register script, should work just fine. There's 3 fields, when you submit it it work as it should. I go into phpMyAdmin and the name and email tables are empty, but in the password box theres an md5 code. I'm hoping someone could help me out here. I'm with 000webhost, just need some free hosting for random **** like this. Not sure if they have something to do with this but just incase someone knowsI thought I'd put it.
<form action="?action=register" method="POST">
username: <input type="text" name="user" /><br />
email: <input type="text" name="email" /><br />
password: <input type="text" name="password" /><br />
<input type="submit" value="lets go" />
</form>
<?php
include "config.php";
$user = $_POST['user'];
$email = $_POST['email'];
$cleanPassword = $_POST['password'];
$password = md5($cleanPassword);
if($_GET['action'] == "register"){
if($user = ""){
echo "enter a username dumbass..";
}
if($cleanPassword = ""){
echo "enter a password...";
}
if($email = ""){
echo "enter an email..";
}
$ifExist = mysql_num_rows(mysql_query("SELECT * FROM users WHERE name = '$user'"));
if($ifExist >= 1){
echo "name has been taken.";
}
else {
$sql = mysql_query("INSERT INTO users (name, email, password) VALUES('$user', '$email', '$password')");
if($sql){
echo "youve been registered. login ********.";
} else {
echo "try again. something ****** up.";
}
}
}
?>
You're using single ='s on your ifs.
LMS16
19-12-2010, 09:46 AM
Hi,
Just to clear this up, this will/should work.
<form method="POST">
username: <input type="text" name="user" /><br />
email: <input type="text" name="email" /><br />
password: <input type="text" name="password" /><br />
<input type="submit" name="go" value="lets go" />
</form>
<?php
include "config.php";
$user = mysql_real_escape_string(trim($_POST['user']));
$email = mysql_real_escape_string(trim($_POST['email']));
$cleanPassword = $_POST['password'];
$password = md5($cleanPassword);
if(isset($_POST['go'])){
if($user == ""){
echo "enter a username dumbass..";
exit();
}
if($cleanPassword == ""){
echo "enter a password...";
exit();
}
if($email == ""){
echo "enter an email..";
exit();
}
$ifExist = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `name`='{$user}'"));
if($ifExist >= 1){
echo "name has been taken.";
exit();
}else {
mysql_query("INSERT INTO users (`name`, `email`, `password`) VALUES ('{$user}', '{$email}', '{$password}')") or die (mysql_error());
echo "youve been registered. login ********.";
exit();
}
}
?>
Sorted :)
Lew.
Want to hide these adverts? Register an account for free!
Powered by vBulletin® Version 4.2.5 Copyright © 2025 vBulletin Solutions Inc. All rights reserved.