[PHP] Not inserting text into the db...

wsg14 · 17-12-2010, 02:12 AM

It's a simple register script, should work just fine. There's 3 fields, when you submit it it work as it should. I go into phpMyAdmin and the name and email tables are empty, but in the password box theres an md5 code. I'm hoping someone could help me out here. I'm with 000webhost, just need some free hosting for random **** like this. Not sure if they have something to do with this but just incase someone knowsI thought I'd put it.

PHP Code:


<form action="?action=register" method="POST">

username: <input type="text" name="user" /><br />

email: <input type="text" name="email" /><br />

password: <input type="text" name="password" /><br />

<input type="submit" value="lets go" />

</form>



<?php

include "config.php";



$user = $_POST['user'];

$email = $_POST['email'];

$cleanPassword = $_POST['password'];

$password = md5($cleanPassword);



if($_GET['action'] == "register"){

    if($user = ""){

        echo "enter a username dumbass..";

    }

    if($cleanPassword = ""){

        echo "enter a password...";

    }

    if($email = ""){

        echo "enter an email..";

    }

    $ifExist = mysql_num_rows(mysql_query("SELECT * FROM users WHERE name = '$user'"));

    if($ifExist >= 1){

        echo "name has been taken.";

    }

    else {

        $sql = mysql_query("INSERT INTO users (name, email, password) VALUES('$user', '$email', '$password')");

        if($sql){

            echo "youve been registered. login ********.";

        } else {

            echo "try again. something ****** up.";

        }

    }

}

?>

LMS16 · 17-12-2010, 08:27 AM

PHP Code:


<form action="?action=register" method="POST"> 
username: <input type="text" name="user" /><br /> 
email: <input type="text" name="email" /><br /> 
password: <input type="text" name="password" /><br /> 
<input type="submit" value="lets go" /> 
</form> 

<?php 
include "config.php"; 

$user = $_POST['user']; 
$email = $_POST['email']; 
$cleanPassword = $_POST['password']; 
$password = md5($cleanPassword); 

if($_GET['action'] == "register"){ 
    if($user = ""){ 
        echo "enter a username dumbass.."; 
        exit();
    } 
    if($cleanPassword = ""){ 
        echo "enter a password..."; 
        exit();
    } 
    if($email = ""){ 
        echo "enter an email.."; 
        exit();
    } 
    $ifExist = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `name`= '$user'")); 
    if($ifExist >= 1){ 
        echo "name has been taken."; 
        exit();
    } 
        $sql = mysql_query("INSERT INTO users (`name`, `email`, `password`) VALUES ('$user', '$email', '$password')") or die "try again. something ****** up." . mysql_error(); 
            echo "youve been registered. login ********.";
    } 
} 
?>

Try that

Lew.

wsg14 · 17-12-2010, 03:13 PM

No, same thing happened again.

Johno · 17-12-2010, 05:57 PM

Your method is wrong, the method of the form is set as POST but you are trying to use GET. I think that's it anyway!

wsg14 · 18-12-2010, 05:42 AM

I'm using POST for the form values, yes. I'm using GET for the form action.

Apolva · 18-12-2010, 10:43 AM

Change:

PHP Code:


if($user = ""){
      echo "enter a username dumbass..";
}
if($cleanPassword = ""){
      echo "enter a password...";
}
if($email = ""){
      echo "enter an email..";
}

To:

PHP Code:


if($user == ""){
      echo "enter a username dumbass..";
      die();
}
if($cleanPassword == ""){
      echo "enter a password...";
      die();
}
if($email == ""){
      echo "enter an email..";
      die();
}

(Corrected = to ==, and added in a few die() calls).

Apolva · 18-12-2010, 11:07 AM

By the way, your form is vulnerable to SQL injection attacks. A quick (but ugly) way to prevent this would be to change:

PHP Code:


$user = $_POST['user']; 
$email = $_POST['email'];

To:

PHP Code:


$user = mysql_real_escape_string($_POST['user']); 
$email = mysql_real_escape_string($_POST['email']);

wsg14 · 18-12-2010, 10:05 PM

Originally Posted by Apolva

Change:

PHP Code:


if($user = ""){

      echo "enter a username dumbass..";

}

if($cleanPassword = ""){

      echo "enter a password...";

}

if($email = ""){

      echo "enter an email..";

}

To:

PHP Code:


if($user == ""){

      echo "enter a username dumbass..";

      die();

}

if($cleanPassword == ""){

      echo "enter a password...";

      die();

}

if($email == ""){

      echo "enter an email..";

      die();

}

(Corrected = to ==, and added in a few die() calls).

Thanks, although that doesn't fix my problem.

Originally Posted by Apolva

By the way, your form is vulnerable to SQL injection attacks. A quick (but ugly) way to prevent this would be to change:

PHP Code:


$user = $_POST['user']; 

$email = $_POST['email'];

To:

PHP Code:


$user = mysql_real_escape_string($_POST['user']); 

$email = mysql_real_escape_string($_POST['email']);

Again, thanks. I have a clean function i just took it out to have the basic code.

Trinity · 19-12-2010, 02:35 AM

Originally Posted by wsg14

It's a simple register script, should work just fine. There's 3 fields, when you submit it it work as it should. I go into phpMyAdmin and the name and email tables are empty, but in the password box theres an md5 code. I'm hoping someone could help me out here. I'm with 000webhost, just need some free hosting for random **** like this. Not sure if they have something to do with this but just incase someone knowsI thought I'd put it.

PHP Code:


<form action="?action=register" method="POST">
username: <input type="text" name="user" /><br />
email: <input type="text" name="email" /><br />
password: <input type="text" name="password" /><br />
<input type="submit" value="lets go" />
</form>

<?php
include "config.php";

$user = $_POST['user'];
$email = $_POST['email'];
$cleanPassword = $_POST['password'];
$password = md5($cleanPassword);

if($_GET['action'] == "register"){
    if($user = ""){
        echo "enter a username dumbass..";
    }
    if($cleanPassword = ""){
        echo "enter a password...";
    }
    if($email = ""){
        echo "enter an email..";
    }
    $ifExist = mysql_num_rows(mysql_query("SELECT * FROM users WHERE name = '$user'"));
    if($ifExist >= 1){
        echo "name has been taken.";
    }
    else {
        $sql = mysql_query("INSERT INTO users (name, email, password) VALUES('$user', '$email', '$password')");
        if($sql){
            echo "youve been registered. login ********.";
        } else {
            echo "try again. something ****** up.";
        }
    }
}
?>

You're using single ='s on your ifs.

LMS16 · 19-12-2010, 09:46 AM

Hi,

Just to clear this up, this will/should work.

PHP Code:


<form method="POST"> 
username: <input type="text" name="user" /><br /> 
email: <input type="text" name="email" /><br /> 
password: <input type="text" name="password" /><br /> 
<input type="submit" name="go" value="lets go" /> 
</form> 

<?php 
include "config.php"; 

$user = mysql_real_escape_string(trim($_POST['user'])); 
$email = mysql_real_escape_string(trim($_POST['email'])); 
$cleanPassword = $_POST['password']; 
$password = md5($cleanPassword); 

if(isset($_POST['go'])){ 
    if($user == ""){ 
        echo "enter a username dumbass.."; 
        exit();
    } 
    if($cleanPassword == ""){ 
        echo "enter a password..."; 
        exit();
    } 
    if($email == ""){ 
        echo "enter an email.."; 
        exit();
    } 
    $ifExist = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `name`='{$user}'")); 
    if($ifExist >= 1){ 
        echo "name has been taken."; 
        exit();
    }else { 
        mysql_query("INSERT INTO users (`name`, `email`, `password`) VALUES ('{$user}', '{$email}', '{$password}')") or die (mysql_error()); 
        echo "youve been registered. login ********."; 
        exit();
    } 
} 
?>

Sorted

Lew.

Thread: [PHP] Not inserting text into the db...

Thread Tools

[PHP] Not inserting text into the db...

Posting Permissions