john_d why when i added the script in my registration script it dropping me always back?: here is the code:
<html>
<head>
<LINK REL="StyleSheet" HREF="style.css" TYPE="text/css">
</head>
<body>
<?PHP include("config.php");
require_once "sql_inject.php";
$bDestroy_session = TRUE;
$url_redirect = 'index.php';
$sqlinject = new sql_inject('./log_file_sql.log',$bDestroy_session,$url_redirect) ;
?>
<table border="0" cellspacing="0" cellpadding="0" width="480">
<tr>
<td>
<TABLE width="480" height=100% border=0 align=center cellPadding=5 cellSpacing=1 bgcolor="#ffffff">
<TBODY>
<TR bgcolor="#ffffff" class="content">
<TD colSpan=2 align=right> <div align="center" class="bigf Estilo5">
<?php
require_once "sql_inject.php";
$bDestroy_session = TRUE;
$url_redirect = 'index.php';
$sqlinject = new sql_inject('./log_file_sql.log',$bDestroy_session,$url_redirect) ;
require 'config.php';
$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msdb=mssql_select_db("MuOnline",$msconnect);
?>
<?php
$_POST['ps_loginname'] = "%%'; drop table memb_info ; update character set clevel = 350 where name = '%%";
$ps_loginname = stripslashes($_POST['ps_loginname']);
$sqlinject->test($ps_loginname);
$ps_name = stripslashes($_POST['ps_name']);
$sqlinject->test($ps_name);
$ps_email = stripslashes($_POST['ps_email']);
$ps_person_id = stripslashes($_POST['ps_person_id']);
$ps_password = stripslashes($_POST['ps_password']);
$ps_repassword = stripslashes($_POST['ps_repassword']);
$ps_recquest = stripslashes($_POST['ps_recquest']);
$ps_recans = stripslashes($_POST['ps_recans']);
$extcode = stripslashes($_POST['extcode']);
$extcode1 = stripslashes($_POST['extcode1']);
$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msdb=mssql_select_db("MuOnline",$msconnect);
$sql_email_check = mssql_query("SELECT mail_addr FROM MEMB_INFO WHERE mail_addr='$ps_email'");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$ps_loginname'");
$email_check = mssql_num_rows($sql_email_check);
$username_check = mssql_num_rows($sql_username_check);
if (empty($ps_loginname) || empty($ps_name) || empty($ps_email) || empty($ps_person_id) || empty($ps_password) || empty($ps_repassword) || empty($ps_recquest) || empty($ps_recans) || empty($extcode) || empty($extcode1)) {
echo "Please fix the following error:<br />Some fields were left blank. Please go back and try again."; $Error=1;
**
elseif (($email_check > 0) || ($username_check > 0)){
echo "Please fix the following errors: <br />";
if($email_check > 0){
echo "<strong>Your email address has already been used by another member
in our database. Please submit a different Email address!<br />";
$Error=1;
**
if ($username_check > 0){
echo "The username you have selected has already been used by another member
in our database. Please choose a different Username!<br />";
$Error=1;
**
**
elseif ($ps_password != $ps_repassword) {
echo "Please fix the following error:<br />The passwords you entered do not match."; $Error=1;
**
elseif ($extcode != $extcode1) {
echo "Please fix the following error:<br />You entered a bad code."; $Error=1;
**
if ($Error!=1){
$msquery2 = "SET IDENTITY_INSERT MEMB_INFO ON";
$msquery3 = "INSERT INTO MEMB_INFO (memb_guid,memb___id,memb__pwd,memb_name,sno__numb,post_code,addr_info,addr_deta,tel__numb,mail_addr,phon_numb,fpas_ques,fpas_answ,job__code,appl_days,modi_days,out__days,true_days,mail_chek,bloc_code,ctl1_code) VALUES ('1','$ps_loginname','$ps_password','$ps_name', '1','1234','11111','ps_person_id','12343','$ps_email','$ps_email','$ps_recquest','$ps_recans','1','2003-11-23','2003-11-23','2003-11-23','2003-11-23','1','0','1')";
$msquery4 = "INSERT INTO VI_CURR_INFO (ends_days,chek_code,used_time,memb___id,memb_name,memb_guid,sno__numb,Bill_Section,Bill_value,Bill_Hour,Surplus_Point,Surplus_Minute,Increase_Days ) VALUES ('2005','1',1234,'$ps_loginname','$ps_name',1,'7','6','3','6','6','2003-11-23 10:36:00','0' )";
$msresults= mssql_query($msquery2);
$msresults= mssql_query($msquery3);
$msresults= mssql_query($msquery4);
?>
</div></TD>
</TR>
<div align="center">
<TR bgcolor="#ffffff" class="content"><TD height=2 colSpan=2 align=center>Your account has been created succesfully:<br></TD></TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left>Login ID:</DIV></TD>
<TD width="354"><B><?php print "$ps_loginname"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left>Name:</DIV></TD>
<TD width="354"><B><?php print "$ps_name"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left>E-mail:</DIV></TD>
<TD width="354"><B><?php print "$ps_email"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left>Password:</DIV></TD>
<TD width="354"><B><?php print "$ps_password"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left>Recovery Question:</DIV></TD>
<TD width="354"><B><?php print "$ps_recquest"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left>Recovery Answer:</DIV></TD>
<TD width="354"><B><?php print "$ps_recans"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left>Number:</DIV></TD>
<TD width="354"><B><?php print "$ps_person_id"; ?></B>
<DIV align=center></DIV></TD>
</TR>
</div>
</TABLE>
</td>
</tr>
</table>
</body>
</html>
<?php
**
?>