PHP - MySQL - Why doesn't my register script work?
|
demo 19 Dec 2008 01:29pm It looks fine when I go to my website to the register.php page, and when I fill out the form, it says you are registered, but nothing is created in the database. Here is the code; hope some of you can see anything wrong here. Please help, I've gotten so mad at it. :( Sorry it's so long. <link rel="stylesheet" type="text/css" href="hw.css"> <?php // Connects to your Database mysql_connect("--", "--", "--") or die(mysql_error()); mysql_select_db("--") or die(mysql_error()); //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['password'] | !$_POST['pass2'] | !$_POST['email'] | !$_POST['country'] | !$_POST['nick'] ) { die('You did not complete all of the required fields'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM players WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } // this makes sure both passwords entered match if ($_POST['password'] != $_POST['pass2']) { die('Your passwords did not match. '); } // here we encrypt the password and add slashes if needed $_POST['password'] = md5($_POST['password']); if (!get_magic_quotes_gpc()) { $_POST['password'] = addslashes($_POST['password']); $_POST['username'] = addslashes($_POST['username']); } $date = date("m/d/y"); $ip=@$REMOTE_ADDR; // now we insert it into the database $insert = "INSERT INTO players (ip, sponsor, username, password, nick, country, email, registered) VALUES ($ip, $sponsor, $username, $password, $nick, $country, $email, $date)"; $add_player = mysql_query($insert); ?> <h1>Registered</h1> <p>Thank you, you have registered - you may now <a href=login.php>login</a>.</p> <?php } else { ?> <form action=register.php method=post> <table border=0> <tr><td>Sponsor (optional):</td><td> <input type=text name=sponsor> </td></tr> <tr><td>Username (what you use to login):</td><td> <input type=text name=username> </td></tr> <tr><td>Nickname:</td><td> <textarea name=nick rows=4 cols=30>Your nickname may be changed later; it may contain html and it may be the same as your username</textarea> </td></tr> <tr><td>Country:</td><td> <input type=text name="country"> </td></tr> <tr><td>E-mail Address:</td><td> <input type=text name=email> </td></tr> <tr><td>Password:</td><td> <input type=password name=password> </td></tr> <tr><td>Confirm Password:</td><td> <input type=password name=pass2> </td></tr> <tr><th colspan=2><input type=submit name=submit value=Register></th></tr> </table> </form> <?php } ?> Yes, I placed those double dashes there so no one could get at my database. :P FYI, it's not being added to the database. Connection to the host is not the problem as I have several other scripts inserting and updating to the database. I have PHP 5.0. |
Answers
|
demo 19 Dec 2008 01:57pm First of all, I'm assuming the double dashes in the mysql_connect and such are just where you deleted the actual username/password of your mysql database, right? I want to verify this, because if not... there's your problem right off the bat. :) If you've been able to query the database and get results, then you know the DB connection is working. The next logical place to look is in your update query. I notice that you use "die" a lot to catch mysql errors... but when inserting, you are not. I'd check the syntax of your insert statement. Something I had a lot of problems with when working in PHP and MySQL was the use of quotes in SQL strings. Table names and Field names all had to have back-quotes like `this` around them, and values all had to have single quotes like 'this' around them. So your insert statement would look like this: $insert = "INSERT INTO `players` ('ip', 'sponsor', 'username', 'password', 'nick', 'country', 'email', 'registered') VALUES ('$ip', '$sponsor', '$username', '$password', '$nick', '$country', '$email', '$date');"; It's also good form to end your SQL with a semicolon. You may have a missing field, or a misspelled field name, in your SQL, so verify the fields and field names with the database's. Heck, just do an "or die" with it, and echo out your mysql error... it'll tell you. :) |
|
demo 19 Dec 2008 02:12pm The script seems reasonable - there are three things that I'd check if I was trying to fix this: 1) What is the value of $add_player after the insert? You can find this out by putting in the lines below between "$add_player = mysql_query($insert);" and "?>" if (!$add_player) { die("query failed: " . msql_error()); } If for some reason the insert didn't work you'll get the error message here. 2) Check the database to see if there are any new records inserted as a result of above. If there are then check out what the user id and password are set to as I can see that you're encrypting them for security purposes. 3) Check that your login.php script is doing the same encryption as the one above - it could be that the record is being inserted but the login script is looking for the wrong thing becuase it's encryption routine is different. By the way the "Thank you you have registered" will always show up because it hasn't been made conditional. For Example you could do this: if ($add_player) { <h1>Registered</h1> <p>Thank you, you have registered - you may now <a href=login.php>login</a>.</p> } |
|
demo 19 Dec 2008 03:47pm What version of php do you have? Have you successfully connected to a database previously on your host? |
|
demo 19 Dec 2008 04:06pm You have to declare you variables $ip = mysql_real_escape_string(stripslashes($_POST['ip'])); $sponser = mysql_real_escape_string(stripslashes($_POST['sponser'])); $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes($_POST['password'])); $nick = mysql_real_escape_string(stripslashes($_POST['nick'])); $country = mysql_real_escape_string(stripslashes($_POST['country'])); $email = mysql_real_escape_string(stripslashes($_POST['email'])); $date = mysql_real_escape_string(stripslashes($_POST['registered'])); I hope this helps |
Related
Submit Answer
You must be logged in to post an answer. Please Login or Register.
Powered by phpMyAnswers.