|
|
 |
|
|
Thread Tools | Display Modes |
Jan 8th, 2006, 9:31 AM
|
#1 |
|
Programmer
Join Date: Dec 2005
Location: Toronto, Ontario, Canada
Posts: 48
Rep Power: 0
  |
Form Not Submitting Info
Ok. This register form isn't submitting no data I have checked the mysql queries everything it just won't submit no info into mysql.
register.php [PHP]<?php require('./backend/config.php'); ?> <html> <head> <title>phpJournal Registration</title> </head> <body> <form action="registered.php" name="register" method="POST"> <table align="center" border="2px" width="35%"> <tr> <td> <font color="#0000FF" size="3"><b>First Name:</b></font> </td> <td> <input type="text" name="first_name" maxlength="50" size="30"> </td> </tr> <tr> <td> <font color="#0000FF" size="3"><b>Last Name:</b></font> </td> <td> <input type="text" name="last_name" maxlength="50" size="30"> </td> </tr> <tr> <td> <font color="#0000FF" size="3"><b>Username:</b></font> </td> <td> <input type="text" name="user" maxlength="50" size="30"> </td> </tr> <tr> <td> <font color="#0000FF" size="3"><b>E-Mail Address:<b></font> </td> <td> <input type="text" name="email_address" maxlength="255" size="40"> </td> </tr> <tr> <td> <font color="#0000FF" size="3"><b>Date Of Birth:<b></font> </td> <td> <select name="month"> <option value="1">January</option> <option value="2">Febuary</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> <select name="day"> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> <option value="13">13</option> <option value="14">14</option> <option value="15">15</option> <option value="16">16</option> <option value="17">17</option> <option value="18">18</option> <option value="19">19</option> <option value="20">20</option> <option value="21">21</option> <option value="22">22</option> <option value="23">23</option> <option value="24">24</option> <option value="25">25</option> <option value="26">26</option> <option value="27">27</option> <option value="28">28</option> <option value="29">29</option> <option value="30">30</option> <option value="31">31</option> </select> <select name="birth_year"> <option value="1993">1993</option> <option value="1992">1992</option> <option value="1991">1991</option> <option value="1990">1990</option> <option value="1989">1989</option> <option value="1988">1988</option> <option value="1987">1987</option> <option value="1986">1986</option> <option value="1985">1985</option> <option value="1984">1984</option> <option value="1983">1983</option> <option value="1982">1982</option> <option value="1981">1981</option> <option value="1980">1980</option> <option value="1979">1979</option> <option value="1978">1978</option> <option value="1977">1977</option> <option value="1976">1976</option> <option value="1975">1975</option> <option value="1974">1974</option> <option value="1973">1973</option> <option value="1972">1972</option> <option value="1971">1971</option> <option value="1970">1970</option> <option value="1969">1969</option> <option value="1968">1968</option> <option value="1967">1967</option> <option value="1966">1966</option> <option value="1965">1965</option> <option value="1964">1964</option> <option value="1963">1963</option> <option value="1962">1962</option> <option value="1961">1961</option> <option value="1960">1960</option> <option value="1959">1959</option> <option value="1958">1958</option> <option value="1957">1957</option> <option value="1956">1956</option> <option value="1955">1955</option> <option value="1954">1954</option> <option value="1953">1953</option> <option value="1952">1952</option> <option value="1951">1951</option> <option value="1950">1950</option> <option value="1949">1949</option> <option value="1948">1948</option> <option value="1947">1947</option> </select> </td> </tr> <tr> <td> <font color="#0000FF" size="3"><b>Gender:<b></font> </td> <td> <select name="gender"> <option>Select Your Gender</option> <option value="0">Male</option> <option value="1">Female</option> </select> </td> </tr> <tr> <td> <font color="#0000FF" size="3"><b>City:<b></font> </td> <td> <input type="text" name="city" maxlength="255" size="15"> </td> </tr> <tr> <td> <font color="#0000FF" size="3"><b>State:<b></font> </td> <td> <input type="text" name="state" maxlength="2" size="15"> </td> </tr> <tr> <td> <font color="#0000FF" size="3"><b>Country:<b></font> </td> <td> <input type="text" name="country" maxlength="255" size="15"> </td> </tr> <tr> <td> <font color="#0000FF" size="3"><b>Postal Code:<b></font><br> <font color="#0000FF" size="3"><b>(Only For USA, UK, Canada)<b></font> </td> <td> <input type="text" name="postal_code" maxlength="16" size="15"> </td> </tr> <tr> <td colspan="60" align="center"> <input type="checkbox"><font color="#000000" size="2"> Do you agree to <a href="/terms.php">Terms of Service<a>?</font><br> <input type="checkbox"><font color="#000000" size="2"> Do you agree to <a href="/privacy.php">Privacy</a>?</font><br><br> <input type="submit" name="submit" value="Submit Registration"> </td> </tr> </table> </form> </body> </html> <?php require('backend/footer.php');?>[/PHP] registered.php [PHP]<?php include ('backend/config.php'); // Define post fields into simple variables $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $email_address = $_POST['email_address']; $username = $_POST['username']; $info = $_POST['info']; $date = $_POST['date']; $month = $_POST['month']; $year = $_POST['year']; $country = $_POST['country']; $state = $_POST['state']; $city = $_POST['city']; $gender = $_POST['gender']; $postal_code = $_POST['postal_code']; /* Let's strip some slashes in case the user entered any escaped characters. */ $first_name = stripslashes($first_name); $last_name = stripslashes($last_name); $email_address = stripslashes($email_address); $username = stripslashes($username); $info = stripslashes($info); $city = stripslashes($city); $state = stripslashes($state); /* Do some error checking on the form posted fields */ if((!$first_name) || (!$last_name) || (!$email_address) || (!$username) || (!$city) || (!$state) || (!$date) || (!$month) || (!$year) || (!$country) || (!$gender) || (!$postal_code)){ echo 'You did not submit the following required information! <br />'; if(!$first_name){ echo "First Name is a required field. Please enter it below.<br />"; } if(!$last_name){ echo "Last Name is a required field. Please enter it below.<br />"; } if(!$email_address){ echo "Email Address is a required field. Please enter it below.<br />"; } if(!$username){ echo "Desired Username is a required field. Please enter it below.<br />"; } if(!$city){ echo "City is a required field. Please enter it below.<br />"; } if(!$state){ echo "City is a required field. Please enter it below.<br />"; } if(!$country){ echo "Country is a required field. Please enter it below.<br />"; } if(!$month){ echo "Month is a required field. Please enter it below.<br />"; } if(!$day){ echo "Day is a required field. Please enter it below.<br />"; } if(!$year){ echo "Year is a required field. Please enter it below.<br />"; } if(!$gender){ echo "Gender is a required field. Please enter it below.<br />"; } if(!$postal_code){ echo "Postal Code is a required field. Please enter it below.<br />"; } include 'register.php'; // Show the form again! /* End the error checking and if everything is ok, we'll move on to creating the user account */ exit(); // if the error checking has failed, we'll exit the script! } /* Let's do some checking and ensure that the user's email address or username does not exist in the database */ $sql_email_check = mysql_query("SELECT email_address FROM users WHERE email_address='$email_address'"); $sql_username_check = mysql_query("SELECT username FROM users WHERE username='$username'"); $email_check = mysql_num_rows($sql_email_check); $username_check = mysql_num_rows($sql_username_check); if(($email_check > 0) || ($username_check > 0)){ echo "Please fix the following errors: <br />"; if($email_check > 0){ echo "<b>Your email address has already been used by another member in our database. Please submit a different Email address!<b><br />"; unset($email_address); } if($username_check > 0){ echo "<b>The username you have selected has already been used by another member in our database. Please choose a different Username!<b><br />"; unset($username); } include 'register.php'; // Show the form again! exit(); // exit the script so that we do not create this account! } /* Everything has passed both error checks that we have done. It's time to create the account! */ /* Random Password generator. http://www.phpfreaks.com/quickcode/Random_Password_Generator/56.php We'll generate a random password for the user and encrypt it, email it and then enter it into the db. */ function makeRandomPassword() { $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } $random_password = makeRandomPassword(); $db_password = md5($random_password); // Enter info into the Database. $info2 = htmlspecialchars($info); $sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, gender, city, state, country, postal_code, month, day, year, signup_date) VALUES('$first_name', '$last_name', '$email_address', '$username', '$password', '$gender', '$city', '$state', '$country', '$postal_code', '$month', '$day', '$year', now())") or die (mysql_error()); if(!$sql){ echo 'There has been an error creating your account. Please contact the webmaster.'; } else { $userid = mysql_insert_id(); // Let's mail the user! $subject = "Your Membership Infromation at phpJournal!"; $message = "Dear $first_name, Thank you for registering at our website, http://www.phpJournal.com ! You are two steps away from logging in and accessing our exclusive members area. To activate your membership, please click here: http://www.phpJournal/activate.php?id=$useridd Once you activate your memebership, you will be able to login with the following information: Username: $username Password: $random_password Thanks! The Webmaster This is an automated response, please do not reply!"; mail($email_address, $subject, $message, "From: MyDomain Webmaster< admin@phpJournal.com>\n X?Mailer: PHP/" . phpversion()); echo 'Your membership information has been mailed to your email address! Please check it and follow the directions!'; } ?>[/PHP] MySQL Table  |
|
|
|
Jan 8th, 2006, 12:13 PM
|
#2 |
|
Professional Programmer
Join Date: Oct 2004
Location: .ro
Posts: 406
Rep Power: 5
 |
The best way to check what's wrong with the code , is to echo the $sql , so you will see exactly what the database is receiving. Then , if you can't still see the mistake, go in phpmyadmin in try out the INSERT.
I think , by then you'll have it figured. Hope it helped.
__________________
Don't take life too seriously, it's not permanent ! Last edited by xavier; Jan 8th, 2006 at 12:14 PM. Reason: i donno how to spell :( |
|
|
|
|
Jan 8th, 2006, 12:17 PM
|
#3 |
|
Programmer
Join Date: Dec 2005
Location: Toronto, Ontario, Canada
Posts: 48
Rep Power: 0
|
I found out why it was I had some misspelled words in my form but now this is the problem i'm receiving.
[PHP] $sql_email_check = mysql_query("SELECT email_address FROM users WHERE email_address='$email_address'"); $sql_username_check = mysql_query("SELECT username FROM users WHERE username='$username'"); $email_check = mysql_num_rows($sql_email_check); $username_check = mysql_num_rows($sql_username_check); [/PHP] if I do this [PHP]$sql_email_check = mysql_query("SELECT email_address, FROM users WHERE email_address = '$email_address'"); $sql_username_check = mysql_query("SELECT username, FROM users WHERE username='$username'"); $email_address = mysql_num_rows($sql_email_check); $username_check = mysql_num_rows($sql_username_check);[/PHP] The emails are always matching And if I do the top I get mysql_num_rows errors? And the only way I found was doing this [PHP]$sql_email_check = mysql_query("SELECT email_address, FROM users WHERE email_address = '$email_address'"); $sql_username_check = mysql_query("SELECT username, FROM users WHERE username='$username'"); $email_address = @mysql_num_rows($sql_email_check); $username_check = @mysql_num_rows($sql_username_check);[/PHP] Would doing number 3 be right or good to do and if not how can I get it to work without using the @ but also where it checks to see they match but not constantly say they are matching? |
|
|
|
|
Jan 9th, 2006, 5:14 AM
|
#4 |
|
Programmer
Join Date: Jan 2005
Posts: 44
Rep Power: 0
|
you shouldn't really use the @ supresser until you are ready for use in a public environment, it's better to fix the errors than to hide them
 try this instead a thinks it's what your after  [PHP] $sql_email_check = mysql_query("SELECT * FROM users WHERE email_address = '$email_address'"); $sql_username_check = mysql_query("SELECT * FROM users WHERE username='$username'"); $email_address = mysql_num_rows($sql_email_check); $username_check = mysql_num_rows($sql_username_check); [/PHP] it should return the number of entrys that meet the supplied critera, cheers magic e |
|
|
|
|
Jan 9th, 2006, 2:26 PM
|
#5 |
|
Expert Programmer
Join Date: Jan 2005
Location: London
Posts: 542
Rep Power: 4
|
But where's the validation? SQL Injection here we come!
Something like mysql_escape_string() may be in order... For full rant see here. |
|
|
|
|
Jan 9th, 2006, 2:43 PM
|
#6 |
|
Programmer
Join Date: Dec 2005
Location: Toronto, Ontario, Canada
Posts: 48
Rep Power: 0
|
*edit*
|
|
|
|
|
Jan 9th, 2006, 6:08 PM
|
#7 | |
|
Hobbyist Programmer
Join Date: Sep 2004
Posts: 207
Rep Power: 5
|
Quote:
I would recommend using mysql_real_escape_string() and when you form your SQL command don't inline the varible. e.x. [PHP] $sql = "SELECT * FROM mytable WHERE id='$id'";[/PHP] Instead use [PHP]$sql = "SELECT * FROM mytable WHERE id='".$id."'";[/PHP] That will also help prevent Injection from my understanding.
__________________
_______________________________ BlazingWolf |
|
|
|
|
|
Jan 13th, 2006, 2:18 PM
|
#8 | |
|
Expert Programmer
Join Date: Jan 2005
Location: London
Posts: 542
Rep Power: 4
|
Quote:
[PHP]$sql = 'SELECT * FROM mytable WHERE id=\''.mysql_escape_string($id).'\'';[/PHP] The whole point is that when you process a tokenised string (one with double not single quotes around) php will parse tokens of the form $name with the variable of that name, whereas with single quotes it will not. So if someone entered "$topsecretstuff" into an unvalidated form it would echo the contents of the variable with that name into the string, which is bad. It is sometimes even possible to execute php in this way, e.g. by creating a malicious object through deserialization. |
|
|
|
|
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
