It was working until I added the date; I removed it and it still didn't work. The config.php is fine and it can connect. However NOTHING is being inserted into the db!
What's wrong!?
PHP Code:<?php
session_start();
include 'config.php';
function generate_random_string() {
$chars='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`~!@#$%^&*()_+{}|\-=[]\:",./<>?';
$string = NULL;
for($i = 0; $i <= 7; $i++) {
$string .= $chars[rand(0,strlen($chars)-1)];
}
return $string;
}
$salt = generate_random_string();
$username = clean($_POST[username]);
$password = clean($_POST[password]);
$cpassword = clean($_POST[cpassword]);
$signature = clean($_POST[signature]);
$email = clean($_POST[email]);
$cemail = clean($_POST[cemail]);
$password = clean($_POST[password]);
$thedate = clean($_POST[date]);
$date = date("d/m/Y");
if ($_SESSION['logged_user'] == true) {
echo "You're already logged in as ".$_SESSION['logged_user']."! Redirecting... <meta http-equiv=\"REFRESH\" content=\"1;url=./members.php\">";
} else
if ($_POST['submit']){
if ($username == NULL) {
echo "You have not filled in a username, please go back and fill one in.";
} else {
$q2 = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
$q3 = mysql_fetch_object($q2);
if($q3->username == $_POST['username']) {
echo "Sorry, but the username $username is taken, please choose another.";
} else {
if ($password == NULL) {
echo "You need to enter a password!";
} else {
if ($password !== $cpassword) {
echo "Your passwords don't match, please go back and check them.";
} else {
if ($email == NULL) {
echo "You need to enter a VALID email address!";
} else {
$q2 = mysql_query("SELECT * FROM `users` WHERE `email` = '".$email."'");
$q3 = mysql_fetch_object($q2);
if($q3->email == $_POST['email']) {
echo "Sorry, but the email $email is already in use.";
} else {
if (!$email == $cemail) {
echo "Your email address doesn't match. Go back and check them!";
} else {
$encrypted_password = md5($salt . $password);
$sql = mysql_query("INSERT INTO `users` (username, password, salt, email, signature, date) VALUES ('$username','$encrypted_password','$salt','$email','$signature','$thedate'");
echo "Registered! Welcome $username! Your email you used was $email.";
}
}
}
}
}
}
}
} else {
echo "<form action=\"register.php\" method=\"POST\">
Username: <input type=\"text\" size=\"30\" name=\"username\"></br></br>
Password: <input type=\"password\" size=\"30\" name=\"password\"></br></br>
Password (again): <input type=\"password\" size=\"30\" name=\"cpassword\"></br></br>
Email: <input type=\"text\" size=\"50\" name=\"email\"></br></br>
Email (again): <input type=\"text\" size=\"50\" name=\"cemail\"></br></br>
Signature (optional): <input tyle=\"text\" size=\"60\" height=\"50\" name=\"signature\">
<input type=\"hidden\" name=\"date\" value=\"$date\"></br></br>
<input type=\"submit\" name=\"submit\" value=\"Submit!\">
</form>
";
}
?>I don't get any php errors, what's wrong?
Results 1 to 6 of 6
-
Decided not to insert my query...
-
PHP Code:
<?php
session_start();
include 'config.php';
function generate_random_string() {
$chars='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`~!@#$%^&*()_+{}|\-=[]\:",./<>?';
$string = NULL;
for($i = 0; $i <= 7; $i++) {
$string .= $chars[rand(0,strlen($chars)-1)];
}
return $string;
}
$salt = generate_random_string();
foreach($_POST as $key=>$val) {
$$key = clean($val);
}
$date = date("d/m/Y");
if ($_SESSION['logged_user'] == true) {
echo "You're already logged in as ".$_SESSION['logged_user']."! Redirecting... <meta http-equiv=\"REFRESH\" content=\"1;url=./members.php\">";
} else
if ($_POST['submit']){
if ($username == NULL) {
echo "You have not filled in a username, please go back and fill one in.";
} else {
$q2 = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
$q3 = mysql_fetch_object($q2);
if($q3->username == $_POST['username']) {
echo "Sorry, but the username $username is taken, please choose another.";
} else {
if ($password == NULL) {
echo "You need to enter a password!";
} else {
if ($password !== $cpassword) {
echo "Your passwords don't match, please go back and check them.";
} else {
if ($email == NULL) {
echo "You need to enter a VALID email address!";
} else {
$q2 = mysql_query("SELECT * FROM `users` WHERE `email` = '".$email."'");
$q3 = mysql_fetch_object($q2);
if($q3->email == $_POST['email']) {
echo "Sorry, but the email $email is already in use.";
} else {
if (!$email == $cemail) {
echo "Your email address doesn't match. Go back and check them!";
} else {
$encrypted_password = md5($salt . $password);
$sql = mysql_query("INSERT INTO `users` (username, password, salt, email, signature, date) VALUES ('$username','$encrypted_password','$salt','$email','$signature','$thedate')");
echo "Registered! Welcome $username! Your email you used was $email.";
}
}
}
}
}
}
}
} else {
echo "<form action=\"register.php\" method=\"POST\">
Username: <input type=\"text\" size=\"30\" name=\"username\"></br></br>
Password: <input type=\"password\" size=\"30\" name=\"password\"></br></br>
Password (again): <input type=\"password\" size=\"30\" name=\"cpassword\"></br></br>
Email: <input type=\"text\" size=\"50\" name=\"email\"></br></br>
Email (again): <input type=\"text\" size=\"50\" name=\"cemail\"></br></br>
Signature (optional): <input tyle=\"text\" size=\"60\" height=\"50\" name=\"signature\">
<input type=\"hidden\" name=\"date\" value=\"$date\"></br></br>
<input type=\"submit\" name=\"submit\" value=\"Submit!\">
</form>
";
}
?>
Try that.
-
Thanks very much it works!
How come it wasn't working with clean($_post['whatever'])
-
Because the clean function doesn't exist? Assuming that because it isn't in the code.
CleanUp function which you need to add to your page AFTER the SQL connection, because of the way mysql_real_escape_string() works
:
PHP Code:function CleanUp($vari){
strip_tags($vari);
stripslashes($vari);
mysql_real_escape_string($vari);
return $vari;
}
i've been here for over 8 years and i don't know why
-
It was nothing to do with the clean(); function, I just simply looked to reduce the amount of code. The only problem was in the SQL Query you simply ommited a ) at the end of the values bit.
-
It's in config.php which is included on every page.
Originally Posted by lolwut
Because the clean function doesn't exist? Assuming that because it isn't in the code.
CleanUp function which you need to add to your page AFTER the SQL connection, because of the way mysql_real_escape_string() works:
PHP Code:function CleanUp($vari){
strip_tags($vari);
stripslashes($vari);
mysql_real_escape_string($vari);
return $vari;
}
So the code Splinter gave me is ok?
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts