merrick89

hmmm, that makes sense, I'll look into that too. I'm currently working on using mysql_real_escape_string() in the registration page, and I'm having a bit of trouble there too ... I'm using the code from w3schools: <?php function check_input($value) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote if not a number if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; } return $value; } $con = mysql_connect("localhost", "peter", "abc123"); if (!$con) { die('Could not connect: ' . mysql_error()); } // Make a safe SQL $user = check_input($_POST['user']); $email = check_input($_POST['email']); $pwd = check_input($_POST['pwd']); $sql = "SELECT * FROM users WHERE user=$user AND password=$pwd"; mysql_query($sql); mysql_close($con); ?> That's directly from their tutorial. The problem I'm having is that I insert the email, password, username data into a table on my database, but the values insert as ' . And then its supposed to send you a confirmation e-mail, however since the e-mail submitted into the table is a ' , no e-mail gets sent out... I was trying to google stuff and I saw a guy post this on another forum: So is what I'm trying to do impossible?

Hi, yes the problem has been solved with mysql_fetch_assoc. We've also made changes based on your other recommendations. I don't understand them all yet, but I'm working on it! Also, I tried making $match = "select user_id from $table where username = '".$_POST['username']."' and password = '".$_POST['password']."';"; into $match = "select user_id from $table where username = '$_POST['username']' and password = '$_POST['password']'"; but for some reason it gives a syntax error, so I just left it for now. Here's what it looks like now: <?php include("connect.php"); if(isset($_POST['username'], $_POST['password'])) $match = "select user_id from $table where username = '".$_POST['username']."' and password = '".$_POST['password']."';"; $qry = mysql_query($match) or die ("Could not match data because ".mysql_error()); $num_rows = mysql_num_rows($qry); if ($num_rows == 0) { echo "Sorry, there is no username ".$_POST['username']." with the specified password. "; echo "Try again"; exit; } $remember = $_POST['remember']; $result = mysql_fetch_assoc($qry); $user_id = $result['user_id']; if ($remember) { setcookie("loggedin", "TRUE", time()+3600*24); setcookie("mysite_username", "".$_POST['username']."", time()+3600*24); setcookie("mysite_userid", $user_id, time()+3600*24); header("Location: members.php"); } else { setcookie("loggedin", "TRUE"); setcookie("mysite_username", "".$_POST['username'].""); setcookie("mysite_userid", $user_id); $site_username = $_COOKIE["mysite_username"]; $site_userid = $_COOKIE["mysite_userid"]; header("Location: members.php?user=$site_username"); } ?>

Thanks a lot for the replies! As you can see, i'm really new at this haha.

Hi, I'm pretty new to php, and to this site as well, so please bear with me... I have a table in my database which has "user_id" as its primary key, and i want to set the values under this as a cookie. I've put in bold the main things that are affecting it (I think). As is, the mysite_userid cookie does not set properly, and I get an error like this "Header may not contain more than a single header, new line detected...." Any help would be really appreciated!! <?php include("connect.php"); $match = "select user_id from $table where username = '".$_POST['username']."' and password = '".$_POST['password']."';"; $qry = mysql_query($match) or die ("Could not match data because ".mysql_error()); $num_rows = mysql_num_rows($qry); if ($num_rows <= 0) { echo "Sorry, there is no username ".$_POST['username']." with the specified password. "; echo "Try again"; exit; } $remember = strip_tags($_POST['remember']); if ($remember) { setcookie("loggedin", "TRUE", time()+3600*24); setcookie("mysite_username", "".$_POST['username'].""); header("Location: members.php"); } else { setcookie("loggedin", "TRUE"); setcookie("mysite_username", "".$_POST['username'].""); setcookie("mysite_userid", $qry); $site_username = $HTTP_COOKIE_VARS["mysite_username"]; $site_userid = $HTTP_COOKIE_VARS["mysite_userid"]; header("Location: members.php?user=$site_userid"); } ?>