Register Script - I Need Help With It

[HannahI 0]

I get errors when I execute the following script:

<?php$link = mysql_connect('localhost','root','root');if(!$link) {die('Error, Whoops: ' . mysql_error());}$sql = "INSERT INTO `accounts`.`info` (`username`, `password`, `email`, `level`) VALUES (\". $_POST['username'] . "\, \". $_POST['password'] . "\', \" . $_POST['email'] . "\', \'1');";echo $sql;if(!$sql) {die('Error');}mysql_close($link);?>

[yordan 10]

Could you please give us the error message text?

[HannahI 0]

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /Users/Hannah/Desktop/- on line 6

[8ennett 0]

The problem is your backslashes just before the double speechmarks, php assumes it's part of the text string and processes like so. Also for security's sake you want to mysql_real_escape_string() your $_POST variables before using them in a SQL query otherwise you are vulnerable to SQL injection!

[HannahI 0]

So I made a test account using the mod code, and this is the output:INSERT INTO `accounts`.`info` (`username`, `password`, `email`, `level`) VALUES (mysqltest, testing123', test@mysql.com','1');

[8ennett 0]

Right, again you've got a problem with your speech marks in the query, try the following; INSERT INTO `accounts`.`info` (`username`, `password`, `email`, `level`) VALUES ('mysqltest',' testing123', 'test@mysql.com','1'); Also can you tell us if the other solution worked for you or not just so we know if the problem has been resolved yet?

[HannahI 0]

Still, no use.
P.S. This is the current code:

<?php$link = mysql_connect('localhost:8889','root','root');if(!$link) {die('Error, Whoops: ' . mysql_error());}mysql_real_escape_string($_POST['username']);mysql_real_escape_string($_POST['password']);mysql_real_escape_string($_POST['email']);$sql = "INSERT INTO `accounts`.`info` (`username`, `password`, `email`, `level`) VALUES ('". $_POST['username'] . "', '". $_POST['password'] . "', '" . $_POST['email'] . "','1');";echo $sql;if(!$sql) {die('Error');}mysql_close($link);?>

[8ennett 0]

Ok, I've taken your code and modified it around a little. Notice I've assigned the mysql_real_escape_string() to variables otherwise it's just pointless. Also I've used mysql_select_db() instead of including it in the query. Most websites only require one database as it is so there really isn't any need for others unless you have a catalogue of inventory or something. Also for the mysql functions I've added 'or die()' to the end instead of using the if statements, it just keeps the code more compact and easier to manage. I haven't tested the code out yet but looking over it I think it should be right. Try it out and if it still doesn't work then export your database structure to a SQL file and I'll see if the problem is there.

<?php if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])){ $link = mysql_connect('localhost:8889','root','root') or die('Connection Error: ' . mysql_error()); mysql_select_db('accounts') or die('Select DB Error: ' . mysql_error()); $name = mysql_real_escape_string($_POST['username']); $pass = mysql_real_escape_string($_POST['password']); $email = mysql_real_escape_string($_POST['email']); mysql_query("INSERT INTO info (username, password, email, level) VALUES ('".$name."', '".$pass."', '".$email."','1')") or die ('Query Error: '.mysql_error()); mysql_close($link) die('Close Connection Error: ' . mysql_error()); } else { echo 'You need to submit the form data!'; } ?>

Edited March 29, 2010 by 8ennett (see edit history)

[HannahI 0]

Now that I'm finally back on the net, I wanna say 8ennet helped. I've also added md5 for protection. But now that I have a register script and a login script, I want to be able to have some php code that will say "Hello, FirstName".
If you need it, this is the sql for the table:

CREATE TABLE `accounts` (  `username` varchar(50) NOT NULL,  `password` varchar(50) NOT NULL,  `email` varchar(100) NOT NULL,  `level` varchar(50) NOT NULL,  `fname` varchar(50) NOT NULL,  `lname` varchar(50) NOT NULL,  `friends` mediumtext NOT NULL) ENGINE=MyISAM DEFAULT CHARSET=latin1;

The code up there is really just from the export command, so I'm not sure if it will help you find a solution for the new problem of displaying a greeting. When the script loads I will have the username. Since I have the username, you just need to provide this:

function displayGreating($name) {// code goes here......}

Hope you can help me,
Hannah

[8ennett 0]

Ok, firstly that SQL export you have shown me, that is usually how I construct my tables, I find it's a lot faster than constructing one using phpMyAdmin or some similar software. Try using the InnoDB engine instead of MyISAM, although MyISAM is a bit faster, InnoDB offers you the best reliability which is really what you want from a user system. Try deleting your current table and run the following SQL query to reconstruct it

CREATE TABLE `accounts` (
`id` int(255) NOT NULL auto_increment,
`username` varchar(50) NOT NULL,
`password` varchar(50) NOT NULL,
`email` varchar(100) NOT NULL,
`level` varchar(50) NOT NULL,
`fname` varchar(50) NOT NULL,
`lname` varchar(50) NOT NULL,
`friends` mediumtext NOT NULL default '',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

I've also added the field 'id' and made it the primary key. This is important because it creates a unique identifier for each of your sites users. You can just use the username if you want, but by using the id field instead it gives you the option to let your users change their username later on. Also I've changed the engine to InnoDB.

Now, in your login script you will need to retrieve the users unique id. This is important because we need that id to create our user information in the session variable. So, process your login details like so (adjust the POST variables to the proper values):

session_start();   include('functions.php');   opendb();   if (isset($_POST['username']) && isset($_POST['pass'])){   $user = mysql_real_escape_string($_POST['username']);   $pass = mysql_real_escape_string($_POST['pass']);   $login = mysql_query("SELECT id FROM accounts WHERE username='".$user."' AND password='".$pass."'");   if (mysql_num_rows($login) == 1){   $login = mysql_fetch_array($login);   $_SESSION['id'] = $login['id'];   header('Location: home.php');   exit;   }   else {   echo 'Wrong username/password!';   }   }   closedb();

I'll run you through the two functions opendb() and closedb() after the next piece of code. Right, next you don't want to create a function to display a greeting text. Instead what you want to do is create a function called updateHeader() and we are going to put this in to a new php document called functions.php. Now I always do this, it is a php file which contains every single custom function and class I have made for the site and simply include it on every page of my site. Now this updateHeader() function is going to retrieve your users information on every page they visit while logged in and put it in to the session variable.

functions.php

function opendb(){   mysql_connect ('localhost', 'root', 'password');   mysql_select_db ('mydatabase');   }      function closedb(){   mysql_close(mysql_connect ('localhost', 'root', 'password'));  }      function updateHeader(){   if (isset($_SESSION['id'])){   $user = mysql_query("SELECT * FROM accounts WHERE id='".$_SESSION['id']."'");   $_SESSION = mysql_fetch_array($user);  }  else {   header('Location: login.php');   exit;   }

I've also created two new functions two new functions for opening and closing your database connection. This is very useful if you are switching between using your test server at home and your internet web host. It means that you only need to change the address, username and password in your functions.php file instead of every single php file that needs a db connection. Simply opendb() at the start of every page and closedb() at the end of every page. Now we have our updateHeader() function we can start building the home.php file. IT IS IMPORTANT TO REMEMBER: The very first thing you need to do on each page is session_start() otherwise your session variable won't be set. Every single page that requires the user to be logged in to view should look like this:

sessions_start();   include('functions.php');   opendb();   updateHeader();      // All PHP for the page can go here now   ?>   And HTML and whatnots can go here	 closedb();   ?>

And now you can display your greeting text like so in home.php:

sessions_start();   include('functions.php');   opendb();   updateHeader();   ?>   <html>	 <head>  	 <title>My Site </title>	 </head>	 <body>	 <?php echo 'Hello '.$_SESSION['username'].' and welcome to My Site'; ?> 	 </body>   </html>	 closedb();   ?>

Now when ever you need to either display a users information or check their security level, or even update their information you can echo, use if() or query using their id using the $_SESSION variable to check their information. Hope this helps you, it did take me a while to write lol

[8ennett 0]

Just to point out, the last two code boxes aren't displaying the php tags properly so watch out for that. It's because I'm having to write all my posts in html as I'm using firefox and on this forum there seems to be a problem with firefox so you can only write in html. I refuse flatout to use IE for any reason, I even debug my websites using IE Tab firefox addon (which still doesn't work on this forum). So yeah, the opening php tags on the last two code boxes, watch out!I also should have added, it was a good idea to MD5 your password which I forgot to do above, but also when inserting into the table and selecting from the table use the PASSWORD() SQL command as well. Here's what I mean:"INSERT INTO info (username, password, email, level) VALUES ('".$name."', PASSWORD('".$pass."'), '".$email."','1')"and for the login script update the query like so:"SELECT id FROM accounts WHERE username='".$user."' AND password=PASSWORD('".$pass."')"This is just another form of encryption and makes your script that little bit more secure as MD5 is actually crackable.

Edited April 1, 2010 by 8ennett (see edit history)

[8ennett 0]

Just checking up on this, did you get it working properly or is there still problems?