VeritasSegus

Oops, meant to say that the ' ' around the table values had to be removed*

Thank you for your help Zurev. You were correct regarding the md5, so I made it a separate variable. As for the error in the query, the ' ' around the $_POST values needed to be removed. Here is the corrected code: $md5pwd = md5("$_POST[password]"); $query = "INSERT INTO members (username, password, email) VALUES('$_POST[username]', '$md5pwd', '$_POST[email]')"; Thank you everyone for the help

Hmm how do you mean? I believe that the login functions. It is difficult to test without first registering properly. But when I type in random username/pw I receive the notification that it is the incorrect combination. I did find an error, however, in the the way I had defined my query (register.php) and now receive this error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''username', 'password', 'email') VALUES('Test', 'md5(Test)', '[email protected]')' at line 1" The Test values are those that I entered into fields for register.php. I have checked this line against several tutorials and don't see where the error lies. This is an improvement, since I think it is now trying to input into DB.

Any other comments? I feel like it is due to some silly naming mistake for a variable

I amended the code to incorporate your suggestion and also added "echo $query". The echo command did not return anything (i.e. when I fill in the form and press register, the page reverts to a blank form) and the database is still not being populated. Thank you very much for your willingness to help. $query = "INSERT INTO members ('username', 'password', 'email') VALUES('".$_POST[username]."', '".md5($_POST[password1])."', '".$_POST[email]."')"; mysql_query($query) or die(mysql_error()); mysql_close(); echo $query; echo "You have successfully registered!";

Thank you for the suggestion with the mysql_error. I have added it to all of the die(); functions. Even after removing the $db, however, the script fails to submit the appropriate data to the database. $query = "INSERT INTO members ('username', 'password', 'email') VALUES('$_POST[username]', 'md5($_POST[password1])', '$_POST[email]')"; mysql_query($query) or die(mysql_error()); mysql_close();

Hello everyone, I am brand new to php and am starting off my journey by trying to create a simple login/register script. I have run into a bit of difficulty, however, and cannot seem to get this to work. I know that the register script is very basic (lacks strlen check, doesn't verify that both passwords are the same, etc.), but for the time being I simply want to have a functional script. Then I can continue learning by adding more components. Here are the login.php, checklogin.php, and register.php files (in this order). I believe that the login/checklogin files work, but the register file just shows the form without actually writing to DB when it is submitted. Thank you very much for your help. <html> <body> <b> Member Login </b> <br /> <form name="input" action="checklogin.php" method="post"> Username : <input type="text" name="myusername" id="username"> <br /> Password : <input type="password" name="mypassword" id="password"> <br /> <input type="checkbox" name="remember" value="checkbox"> Remember me <br /> <input type="submit" value="Login"> Not a member? <a href="./register.php">Register!</a> </form> </body> </html> <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); $myusr = $_POST['myusername']; $mypswd = md5($_POST['mypassword']); $myusername = stripslashes(strip_tags($myusr)); $mypassword = stripslashes(strip_tags($mypswd)); $myusername = mysql_real_escape_string($myusr); $mypassword = mysql_real_escape_string($mypswd); $sql="SELECT *FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if ($count==1) { session_register("myusername"); session_register("mypassword"); header("location:menu.php"); } else { echo "Incorrect Username or Password"; } ?> <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); if (isset($_POST['register'])) { $query = "INSERT INTO members ('username', 'password', 'email') VALUES('$_POST[username]', 'md5($_POST[password1])', '$_POST[email]')"; mysql_query($db,$query) or die(); mysql_close(); echo "You have successfully registered!"; } else{ ?> <html> <body> <b> Register</b> <br /> <form name="register" action="./register.php" method="post"> Username : <input type="text" name="username" id="username"> <br /> Password : <input type="password" name="password" id="password1"> <br /> Confirm Password : <input type="password" name="password2" id="password2"> <br /> Email: <input type="text" name="email" id="email"> <br /> <input type="submit" value="register"> </form> </body> </html> <?php } ?>