nightcrawler

$createaccount_q = "INSERT INTO checkbook_users (id, name, email, password) VALUES (NULL, '$register_name', '$register_email', md5('$register_pw')"; $createaccount = mysql_query($createaccount_q) or die("Couldn't create username. " . mysql_error() ); Always comes out with: "Couldn't create username. You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2" Not sure where my error is. Help Please!

OK, I'm gonna work on my site, redesign and repost when I'm ready for an actual critique. Thank you all for the suggestions

Well, I'm color blind... Give me some ideas for improvements not just random criticism. What you're doing isn't helpful. I didn't create an Header Image becuase I can't design graphics. However, some suggestions for what I should do would be great. Please only post suggestions for improvement.

Well, the old design used a free CSS template. It was the best free one that I could find, but I didn't like the Markup it required to use, so I decided to make my own. This new one utilizes a database of links and downloads, with screenshots. So I really like the markup and code of this new design, I just need some guidance regarding the "look" of the site.

Also, the site was mainly Edited in Firefox and IE7, with Resolutions: 1024x768 and 800x600

Site Critique - Geek Ammo site: http://www.geekammo.com I'm not the best at visualization, but I really like my markup and implementation of PHP for the display and search features.

Yeah, tried that, same thing. I have no idea what's going on..

OK, For some reason the following is supposed to create a session and authenticate users. It connects to a database, and should work. My problem is that users who already exist are able to log in with any password, not the one that's in the database. I have no idea why this is happening. Passwords are stored with MD5 Encryption in Database. Here's the authentication/login script: signon.php <?php session_start(); ini_set("include_path", "contains path to my includes"); $newip = $_SERVER['REMOTE_ADDR']; if (!isset($_SESSION['username']) || empty($_SESSION['username']) || $newip != $_SESSION['ip'] ) { if (@$_POST['signedon'] == true) { include("..."); //... is replaced with database connection information $signon_username = $_POST['signon_username']; $signon_pass = md5($_POST['signon_userpass']); $sql = "SELECT * FROM checkbook_users WHERE username='$signon_username' AND password='$signon_pass'"; $result = mysql_query($sql); $count = 0; $count = mysql_num_rows($result); if ($count == 1) { // If only one entry is found, that matches both username and password then set up session, move page. $result_fetched = mysql_fetch_array($result, MYSQL_ASSOC); extract($result_fetched); $_SESSION['username'] = "$username"; $_SESSION['id'] = "$id"; $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; echo "Signing In"; echo "<script language=javascript> setTimeout(\"location.href='chooser.php'\", 0); </script>"; } else { echo "<span style='color:red'>Username or Password is invalid.</span>"; include("signonform.inc"); } } else { include("signonform.inc"); } } else { echo "You are already signed on. To sign off <a href='signoff.php'>click here</a>."; } ?> signonform.inc <form action='signon.php' method='POST'> <table border=0> <tr><td>Username:</td> <td><input type='text' name='signon_username' size='30' maxlength='20'></td></tr> <tr><td>Password:</td> <td><input type='password' name='signon_password' size='30' maxlength='20'></td></tr> <input type = 'hidden' name = 'signedon' value = 'true'> <tr><td><input type='submit' value='Sign On'></td> <td><input type='button' value='Register' onClick="window.open('register.php', '_self')"></td></tr> </table> </form> Not sure if anybody can find anything syntactically wrong with this, if more info needed let me know.

$register_username = $_POST['register_username']; $register_name = $_POST['register_name']; $register_email = $_POST['register_email']; $register_pw = $_POST['register_password']; $createusername_q = "INSERT INTO checkbook_users (id, username, name, email, password) VALUES (NULL, '$register_username', '$register_name', '$register_email', '$register_password')"; This resolved the issue. I'll mark as solved

$createusername_q = "INSERT INTO checkbook_users (id, username, name, email, password) VALUES (NULL, " . mysql_real_escape_string($_POST['register_username']) . "," . mysql_real_escape_string($_POST['register_name']) . "," . mysql_real_escape_string($_POST['register_email']) . "," . mysql_real_escape_string($_POST['register_password']) . ")"; How's that look? it's still not working.

$createusername_q = "INSERT INTO checkbook_users ('id', 'username', 'name', 'email', 'password') VALUES ( NULL, " . $_POST['register_username'] . "," . $_POST['register_name'] . "," . $_POST['register_email'] . "," . $_POST['register_password']; $createusername = mysql_query($createusername_q) or die("Couldn't create username."); Not sure what I'm doing wrong, POST Data goes through fine, variable names are correct. I think it's just a quotes issue.

cool, thanks, marking as resolved

Not sure how the syntax is supposed to work for Update Queries with POST data. Help Please. $q = "UPDATE articles SET sub=$_POST['c'], title=$_POST['t'], name=$_POST['n'], email=$_POST['e'], date=$_POST['d'], description=$_POST['d'] WHERE id=$_POST['articleid'] LIMIT 1";

thanks

Does this line look right? $query = "SELECT * FROM articles ORDER BY DESC LIMIT 3";