why is this aint working

Skilled Illusionist
Joined
Jan 14, 2005
Messages
395
Reaction score
2
Location
The Netherlands
hello i did find register page
but when i hit register i go's to register page 2
but nothing happens help to fix please

Code:
Register.php

<form method="post" action="register2.php">
  Username<br/><input type="text" name="username" maxlength="20" /><br/>
  Password<br/><input type="password" name="password" /><br/>
  Email<br/><input type="text" name="email" /><br/>
  <input type="submit" name="Submit" value="Register!" />
  <input name="reset" type="submit" id="reset" value="Reset" />
</form>

Code:
Register2.php

<?PHP // register2.php

  include("dbconnect.php");
  $errors = "";
  if (!isset($_POST['username']))
    $errors .= "Please provide a username. <br/>";
  if (!isset($_POST['password']))
    $errors .= "Please provide a password. <br/>";
  if (!isset($_POST['email']))
    $errors .= "Please provide an email address. <br/>";
  if ($errors == "") {
    mysql_query("INSERT INTO user_list VALUES(
                        '',
                        '".addslashes($_POST['username'])."',
                        '".md5($_POST['password])."',
                        '".addslashes($_POST['email'])."',
                        '".time()."'
                        )") or die(mysql_error());

    echo "Registration Successful!";

  } else {

     echo $errors."Please go back and try again.";

  }

?>
 
Last edited:
1. Use mysql_real_escape_string() to prevent SQL injection, it works better than any other method.

2. Add echo lines to trace the progress of the code. (Is the query getting executed? What is the exact query?)

3. Enable the MySQL query log on the MySQL server to see what the server is getting.

4. Figure the rest out yourself.
 
Use php UBB code instead of code, makes it readable. Now, the problem is here:
PHP:
   mysql_query("INSERT INTO user_list VALUES(
                        '',
                        '".addslashes($_POST['username'])."',
                        '".md5($_POST['password])."',
                        '".addslashes($_POST['email'])."',
                        '".time()."'
                        )") or die(mysql_error());

You obviously forgot to enter the column names into which to insert. I suggest you go read the MySQL manual on MySQL AB :: The world's most popular open source database, but I can tell you now how this roughly should look:

PHP:
mysql_query(sprintf("INSERT INTO  user_list 
                                  (username, password, email, time)
                      VALUES      ('%s', '%s', '%s', NOW())",
                      mysql_real_escape_string($_POST['username']),
                      mysql_real_escape_string($_POST['password']),
                      mysql_real_escape_string($_POST['email'])));

Though if you're smart you'll start using a DBAL and create escape functions of your own. For instance, the above querie would look like this in my framework:

PHP:
$post = postHandler($_POST);                      
$dbase -> insert("        user_list
                          (username, password, email, time)
                  VALUES  ('$post[username]', '$post[password]', '$post[email]', NOW())");
Saves typing and thanks to some nifty features I build in its a lot more secure :wink:
 
Back