Jump to content

merrick89

New Members
  • Posts

    4
  • Joined

  • Last visited

    Never

Posts posted by merrick89

  1. hmmm, that makes sense, I'll look into that too. I'm currently working on using mysql_real_escape_string() in the registration page, and I'm having a bit of trouble there too  :shrug: ...

     

    I'm using the code from w3schools:

     

    <?php
    function check_input($value)
    {
    // Stripslashes
    if (get_magic_quotes_gpc())
      {
      $value = stripslashes($value);
      }
    // Quote if not a number
    if (!is_numeric($value))
      {
      $value = "'" . mysql_real_escape_string($value) . "'";
      }
    return $value;
    }
    
    $con = mysql_connect("localhost", "peter", "abc123");
    if (!$con)
      {
      die('Could not connect: ' . mysql_error());
      }
    
    // Make a safe SQL
    $user = check_input($_POST['user']);
    $email = check_input($_POST['email']);
    $pwd = check_input($_POST['pwd']);
    $sql = "SELECT * FROM users WHERE
    user=$user AND password=$pwd";
    
    mysql_query($sql);
    
    mysql_close($con);
    ?> 

     

    That's directly from their tutorial. The problem I'm having is that I insert the email, password, username data into a table on my database, but the values insert as ' . And then its supposed to send you a confirmation e-mail, however since the e-mail submitted into the table is a ' , no e-mail gets sent out...

     

    I was trying to google stuff and I saw a guy post this on another forum:

     

    So I think what the moral of the story here is: Once you've scrubbed your data using mysql_real_escape_string() in preparation for insertion into the database, you can no longer use that data for other things, such as outputing it to the browser.

     

    So is what I'm trying to do impossible?

  2. Hi, yes the problem has been solved with mysql_fetch_assoc. We've also made changes based on your other recommendations. I don't understand them all yet, but I'm working on it!

     

    Also, I tried making

     

    $match = "select user_id from $table where username = '".$_POST['username']."'
    and password = '".$_POST['password']."';";

     

    into

     

    $match = "select user_id from $table where username = '$_POST['username']'
    and password = '$_POST['password']'"; 

     

    but for some reason it gives a syntax error, so I just left it for now.

     

    Here's what it looks like now:

     

    <?php
    
    include("connect.php"); 
    
    if(isset($_POST['username'], $_POST['password']))
    
    $match = "select user_id from $table where username = '".$_POST['username']."'
    and password = '".$_POST['password']."';";
    
    $qry = mysql_query($match)
    or die ("Could not match data because ".mysql_error());
    $num_rows = mysql_num_rows($qry); 
    
    if ($num_rows == 0) { 
    echo "Sorry, there is no username ".$_POST['username']." with the specified password.
    ";
    echo "Try again";
    exit; 
    } 
    
    $remember = $_POST['remember'];
    $result = mysql_fetch_assoc($qry);
    $user_id = $result['user_id'];
    
    if ($remember) {
    	    setcookie("loggedin", "TRUE", time()+3600*24);
    		setcookie("mysite_username", "".$_POST['username']."", time()+3600*24);
    		setcookie("mysite_userid", $user_id, time()+3600*24);
    		header("Location: members.php");
            }
    else {
    
    
    setcookie("loggedin", "TRUE");
    setcookie("mysite_username", "".$_POST['username']."");
    setcookie("mysite_userid", $user_id);
    
    $site_username = $_COOKIE["mysite_username"];
    $site_userid = $_COOKIE["mysite_userid"];
    
    header("Location: members.php?user=$site_username");
    
    }
    ?>
    

  3. Hi, I'm pretty new to php, and to this site as well, so please bear with me...

     

    I have a table in my database which has "user_id" as its primary key, and i want to set the values under this as a cookie.

    I've put in bold the main things that are affecting it (I think).

     

    As is, the mysite_userid cookie does not set properly, and I get an error like this "Header may not contain more than a single header, new line detected...."

     

    Any help would be really appreciated!!

     

    <?php

     

    include("connect.php");

     

    $match = "select user_id from $table where username = '".$_POST['username']."'

    and password = '".$_POST['password']."';";

     

    $qry = mysql_query($match)

    or die ("Could not match data because ".mysql_error());

    $num_rows = mysql_num_rows($qry);

     

    if ($num_rows <= 0) {

    echo "Sorry, there is no username ".$_POST['username']." with the specified password.

    ";

    echo "Try again";

    exit;

    }

     

    $remember = strip_tags($_POST['remember']);

     

    if ($remember) {

        setcookie("loggedin", "TRUE", time()+3600*24);

    setcookie("mysite_username", "".$_POST['username']."");

    header("Location: members.php");

            }

    else {

     

     

    setcookie("loggedin", "TRUE");

    setcookie("mysite_username", "".$_POST['username']."");

    setcookie("mysite_userid", $qry);

     

    $site_username = $HTTP_COOKIE_VARS["mysite_username"];

    $site_userid = $HTTP_COOKIE_VARS["mysite_userid"];

     

    header("Location: members.php?user=$site_userid");

     

    }

    ?>

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.