MDCode

You need to do it after you define $user_name Move the query and the if num to after you define user_name ($user_name = mysql_real_escape_string($_POST['user_name']); in your case)

Error code 4 means that there was no file uploaded A full list can be found at http://php.net/manua...load.errors.php If you wish to change it simply do: $code=$_POST['ICODE']; $descp=$_POST['DESCR']; $rate=$_POST['RATE']; $image=$_FILES["IMAGE"]["name"]; if($_FILES["IMAGE"]["error"] > 0) { // create a list of errors here if($_FILES["IMAGE"]["error"] == "4") { echo "Please select a file."; } } else { echo "File Uploaded"; echo $image; }

You said that was the problem before *facepalm* Ok try this... $code=$_POST['ICODE']; $descp=$_POST['DESCR']; $rate=$_POST['RATE']; $image=$_FILES["IMAGE"]["name"]; if($_FILES["IMAGE"]["error"] > 0) { echo "Error: " . $_FILES["IMAGE"]["error"] . "<br />"; } else { if(!isset($_FILES["IMAGE"]["name"])) { echo '<p>Please select a file</p>'; } else { echo "File Uploaded"; echo $image; }

Not sure. $image will always be set because you're giving it a value. You can first try checking if the form was submitted. Then give it a value and it should work

You're recalling the $image variable inside the $_FILES. Change if(!isset($_FILES[$image])) to if(!isset($_FILES["IMAGE"]))

Change that to $image = $_FILES["IMAGE"]["name"];

The name of the file itself example: name --> picture.jpg <-- name

You cant simply post an image. You use $_FILES["IMAGE"]["name"] You also do not want to upload files to a database, use a directory

The information needs to be supplied before it can be checked so yes it would be after.

You're using a and img tags? I'm not too sure that would work...why not just enter the image name as they are doing in the example they provided

It's quite simple really. Here's an example <?php // Build the query and get your result $query = "SELECT * FROM `table` WHERE `username` = '$user_name'"; $result = mysql_query($query); // $num will get the amount of users with the same username in the table $num = mysql_num_rows($result); // If $num does not equal 0 (there is a match in the database) return an error if($num != "0") { echo "That username already exists"; $error = "1"; } ?>

<?php if($_POST['allow_dupes'] == "0") { $allow_dupes = 1; } else { $allow_dupes = 0; } ?>

echo mysql_error(); Add this after your query and $res and post the message that shows

There is no java anywhere on the page. You are also not using php anywhere inside the javascript. There is no way to help unless you reveal the functions you're using

Yes I just removed all the filtering and age check etc. for purposes of keeping it short you can add in your filtering the way you had it. But where you're checking for the age just change if($dob >= $sixteen) { $error = "Age Error"; } to: if($dob >= $sixteen) { echo "Age Error"; $error = "1"; } And make sure it's before you check if $error == "0"

Well, you could do something like: <?php if (isset($_POST['submitted'])) { // Set errors equal to 0 $error = "0"; if (empty($_POST['user_name'])) { // Change error to 1 so that the user will not be registered echo 'Please Enter a username<br />'; $error = "1"; } else { $user_name = mysql_real_escape_string($_POST['user_name']); } if (empty($_POST['password'])) { // Change error to 1 so that the user will not be registered echo 'Please enter a password<br />'; $error = "1"; } else { $password = mysql_real_escape_string($_POST['password']); } if (empty($_POST['first_name'])) { // Change error to 1 so that the user will not be registered echo 'Please enter a first name<br />'; $error = "1"; } else { $first_name = mysql_real_escape_string($_POST['first_name']); } // If there were no errors if($error == "0") { $query = "insert into user(user_name,password,first_name,last_name,day,month,year)values('$user_name','$password','$first_name','$last_name','$day','$month','$year')"; $res = mysql_query($query); // want to filter everything that gets echoed to avoid javascript issues echo "Sign up successful - Thank you $first_name <br/>"; echo "Your details are as follows:<br/><br/>"; echo "<strong>Username:</strong> $user_name:<br/>"; echo "<strong>First name:</strong> $first_name:<br/>"; echo "<strong>Last name:</strong> $last_name:<br/>"; echo "<strong>Password:</strong> <i>[Hidden]</i>:<br/>"; echo "<strong>Date of Birth:</strong> $day / $month / $year:<br/>"; } } ?> md5 is a hashing method (somewhat insecure as there are websites that store md5 hashes to look up) Salting and hashing is combining the password with a secret password that only you should know then hashing it

<?php if (isset($_POST['submitted'])) { // not sure what the point of this is so I changed it to blank $error = ""; if (empty($_POST['user_name'])) { $error = 'Please Enter a username';} else {$user_name = mysql_real_escape_string($_POST['user_name']);} if (empty($_POST['password'])) { $error = 'Please enter a password';} // SALT AND HASH PASSWORDS else {$password = mysql_real_escape_string($_POST['password']);} if (empty($_POST['first_name'])) { $error = 'Please enter a first name';} else {$first_name = mysql_real_escape_string($_POST['first_name']);} $last_name = mysql_real_escape_string($_POST['last_name']); $day = mysql_real_escape_string($_POST['day']); $month = mysql_real_escape_string($_POST['month']); $year = mysql_real_escape_string($_POST['year']); $date = getDate(); $tday = $date["mday"]; $tmon = $date["mon"]; $tyea = $date["year"]; $sixteen = (($tyea - 16)*10000) + ($tmon*100) + $tday; $dd = $_POST["dob_day"]; $mm = $_POST["dob_month"]; $yy = $_POST["year"]; $dob = ($yy*10000) + ($mm*100) + $dd; if ($dob >= $sixteen) { $error = "Age Error"; } if (empty($error)) { // YOU NEVER EVER!!! want to submit passwords in plain text. $query = "insert into user(user_name,password,first_name,last_name,day,month,year)values('$user_name','$password','$first_name','$last_name','$day','$month','$year')"; $res = mysql_query($query); // want to filter everything that gets echoed to avoid javascript issues echo "Sign up successful - Thank you $first_name <br/>"; echo "Your details are as follows:<br/><br/>"; echo "<strong>Username:</strong> $user_name:<br/>"; echo "<strong>First name:</strong> $first_name:<br/>"; echo "<strong>Last name:</strong> $last_name:<br/>"; echo "<strong>Password:</strong> <i>[Hidden]</i>:<br/>"; echo "<strong>Date of Birth:</strong> $day / $month / $year:<br/>"; } else { // Output errors here echo $error; } } //header('location:signup_success.php'); ?> A few things. ^^ This should work. You're still showing database connection details in your commenting. You NEVER want to submit passwords in plain text (look into salting and hashing them). And your header that is commented out will not work because you are echoing information before it.

The php variables worked in javascript. The buttons however did not. Sorry for the confusion

Tested on my site and variables do work. Javascript is not my strong point; perhaps someone with more experience can help you

I do not believe php variables work with javascript. You're also not closing your div tag.

Remove your database connection details. Also go change them now. As for your error, I see no where that you are printing said errors?

So...you want help to create an illegal program? But oh wait, you'll pay for it?!? lol

Ok. Do you have a question?

changelog.php it's in the footer of the main page. There was another but not so sure of its location maybe when logged in, but it seems someone tampered with the account it says it is no longer registered

I have to agree with them. Seeing as you are not showing the entire page it does not help either