jackwh

The reason I've organised as I did was simply because I knew my application code would have to use pieces of the main application code at least twice (generate first time/update every 15 mins), if that makes any sense! Although thank you for the pointer, I will bare this in mind for the next project I work on (I'll try and keep my working copy of my project intact for now, lol )

I think I've fathomed it out, YAY! Maybe I'm being too hasty here BUT I really think I have. Thinking about it, I've realised what I've done wrong, and it was pretty goofy too. So basically I moved some files around a week or so ago to try and make the site's folder structure a bit more logical. The file, fetchtweetfromdb.php, was in the root folder. However I forgot to move that to the /userimages/ folder... Once I'd moved it's folder correctly about 10 minutes ago, I no longer got the MySQLI error, which is a good thing. however this whole gif-amawhatsit was still outputting, and, to make matters worse, the user image wasn't updating with my latest Test Tweets. The problem was that I stupidly defined the filename to save the user image in a file called generate.php, that runs the first time a user uses my service. Generate.php includes the file design1.php, which read the image file name from generate.php. When just plain calling design1.php, it didn't actually have ANY variables for the image's filename. So I think it just outputted some GIF87 gibberish. So to fix it I created a new file called design1regen.php that is now called by regenerate.php. Design1regen.php: <?php //FILENAME: design1regen.php //DESCRIPTION: Regenerates design1.php $FileName = "$username" . '.gif'; // Name of file (username.gif) $SaveFile = "$FileName"; // Path to save image to (/userimages/username.gif) // This is the intro text for the sig $introtext = "My latest tweet:"; // This is the outro text for the sig $outrotext = "Click here to follow me on Twitter: @" . $username; // We need to modify the user's tweet so that it will fit nicely into the image //$ftweet = formatted Tweet $wraptweet = wordwrap($tweet, 62, "\n", true); $ftweet = "\"" . $wraptweet . "\""; //Now we'll create the actual image itself //Start by setting the widths and heights in constants define('SIG_WIDTH', 480); define('SIG_HEIGHT', 80); //Now create the image with the constant sizes $img = ImageCreateTrueColor(SIG_WIDTH,SIG_HEIGHT); // Creates the 400px x 50px image //Set a white background $bg_color = imagecolorallocate($img, 255, 255, 255); //White //Set a blue text colour $text_color = imagecolorallocate($img, 0, 128, 255); //Blue //Set a black text colour $black_color = imagecolorallocate($img, 0, 0, 0); //Black //Fill the background imagefilledrectangle($img, 0, 0, SIG_WIDTH, SIG_HEIGHT, $bg_color); //Write the user's tweet intro imagettftext($img, 8, 0, 5, 12, $black_color, "arial.ttf", $introtext); //Now write the user's Latest Tweet imagettftext($img, 12, 0, 20, 30, $text_color, "arial.ttf", $ftweet); //Now write the outro text imagettftext($img, 8, 0, 200, 70, $black_color, "arial.ttf", $outrotext); // Save the file ImageGif($img,$SaveFile); // Get the image out of memory ImageDestroy($img); ?> Now, when this is called, no longer does the browser output GIF87 gibberish, it instead outputs the contents of the database loop quite neatly, like so: And then goes on to update each image, one at a time, with the user's latest Tweet. WHOOP! Thank you guys for your help. I'll leave this topic as Unsolved until I've tested thoroughly. Once I've made sure it's completely fixed, I'll mark as solved. Thank you loads!

Aha, sorry, didn't really explain did I?! I'll walk you through. Basically my tool connects to a user's Twitter account, takes their tweet and, using GD Library, puts it into an image. The user begins by going to the website, putting in their Twitter username and password, choosing a font and design (that's what the 'design1' and 'font1' variables are), and clicking Go. The script I've written uses the Twitter API to connect to their account, read their latest update, and write it onto an image. Now this is all good for a few minutes, but then when the user Tweets again next time, I need the image to be updated with their newest tweet. This is what the script 'regenerate.php' does (or at least, is meant to do!). So now you have a rough idea of what I need to achieve. I'm pretty happy because I've coded and designed the entire site myself, which in my opinion is a reasonably good achievement for a 15 year old who's only been learning PHP for about a month and a half So now you know, I'll post all the scripts I'm using for regenerate.php and my database formatting, and hopefully someone really kind can piece this together and work out what's wrong. I've commented most of my documents quite heavily as I'm still learning. Let's begin with regenerate.php: <?php // SCRIPT: regenerate.php // FUNCTION: Scrolls through the user database every 15 minutes (CRON JOB) and refreshes their Tweets // First, we connect to database (with variable $cxn) include($_SERVER['DOCUMENT_ROOT'] . "/mysql/connecttodb.php"); // Select the username and password for each user from the table $query = "SELECT username, password, designid, fontid, tweet FROM twitteraccounts"; // Query it $result = mysqli_query($cxn, $query) or die(mysqli_error($cxn)); // Begin the loop that goes through each user while ($row = mysqli_fetch_array($result)) { // We have all the user's information $username = $row['username']; echo $username; echo "\n"; $password = $row['password']; $designid = $row['designid']; echo $designid; echo "\n"; $fontid = $row['fontid']; echo $fontid; echo "\n"; // Fetch their latest tweet include($_SERVER['DOCUMENT_ROOT'] . "/fetchtweetfromdb.php"); // Tweet has been fetched and written to database. Now fetch it again from the database $tweet = $row['tweet']; // This part of the script checks which designid the user is using, then calls the generator script appropriate for it if ($designid == 'design1') { include("design1.php"); } else { echo "Add more designs to the controller, regenerate.php, roughly line 42ish"; } } include($_SERVER['DOCUMENT_ROOT'] . ("/mysql/closeconnection.php")); echo "connection closed"; ?> if ($designid == 'design1') { include("design1.php"); The file 'design1.php' is called if the user chose Design 1. design1.php contains all the GD Library code to create their tweet with the formatting the user chose for Design 1. I'll post design1.php in a moment. Next file: fetchtweetfromdb.php <?php // fetchtweetfromdb.php // Fetch's the newest Tweet and stores it to database! include_once($_SERVER['DOCUMENT_ROOT'] . '/class.twitter.php'); $t = new Twitter; $t->username = $username; $t->password = $password; //$t->type = 'xml'; $data = $t->userTimeline(); $count = 0; $usertweet = "I'm using xxxx to display my latest Tweets in an image! AWESOME!"; //This is the default messsage, is replaced by user's actual tweet if exists foreach($data as $tweet) { // Cycle through the user's timeline... //echo $tweet->text; // Echoing tweets as text... $usertweet = $tweet->text; // Setting $usertweet variable to equal their tweet... //echo "<br/>"; // Adding a linebreak... $count = ($count + 1); // Increasing $count by one if (!$count = 0) { // If $count doesn't equal 0... break; // Exit the loop. } } // ET VOILA! We have the user's single newest tweet! // Now we have the variable $usertweet which contains the user's latest Tweet (if they don't have one a default message appears). // We will now store this to the database // Connect to database include("mysql/connecttodb.php"); mysqli_real_escape_string($cxn,$usertweet); $query = "UPDATE twitteraccounts SET tweet = \"$usertweet\" WHERE username = '$username' "; $result = mysqli_query($cxn,$query) or die (mysqli_error($cxn) . " - Couldn't execute MySQL query. Contact webmaster@tweetle.in"); if (!$result) { echo "MySQL query failed in file fetchtweet.php. Please contact webmaster@xxxxxx"; } // Close connection // include("mysql/closeconnection.php"); ?> Note that class.twitter.php is the PHP file that provides the Twitter API functions. Next file: design1.php <?php // Design 1 // We need to modify the user's tweet so that it will fit nicely into the image size //$ftweet = formatted Tweet $wraptweet = wordwrap($tweet, 62, "\n", true); $ftweet = "\"" . $wraptweet . "\""; //Now we'll create the actual image itself //Start by setting the widths and heights in constants define('SIG_WIDTH', 480); define('SIG_HEIGHT', 80); //Now create the image with the constant sizes $img = ImageCreateTrueColor(SIG_WIDTH,SIG_HEIGHT); // Creates the 400px x 50px image //Set a white background $bg_color = imagecolorallocate($img, 255, 255, 255); //White //Set a blue text colour $text_color = imagecolorallocate($img, 0, 128, 255); //Blue //Set a black text colour $black_color = imagecolorallocate($img, 0, 0, 0); //Black //Fill the background imagefilledrectangle($img, 0, 0, SIG_WIDTH, SIG_HEIGHT, $bg_color); //Write the user's tweet intro imagettftext($img, 8, 0, 5, 12, $black_color, "arial.ttf", $introtext); //Now write the user's Latest Tweet imagettftext($img, 12, 0, 20, 30, $text_color, "arial.ttf", $ftweet); //Now write the outro text imagettftext($img, 8, 0, 200, 70, $black_color, "arial.ttf", $outrotext); // Save the file ImageGif($img,$SaveFile); // Get the image out of memory ImageDestroy($img); ?> I'll assume that somehow this file is outputting all the gibberish to regenerate.php? I.E. this stuff: This confuses me a little bit, as I don't actually see anywhere in the script where it 'echoes' etc. the contents of the GIF image. Could someone explain this to me? OK, finally, the database structure I'll show you: The second account below JackWebbHeller (my account) is a test account for my project, and just provides a second one to try out. Sorry for the messy scribbling but I've basically just blanked out anything that I wouldn't want just anyone to see. Since this forum's a public place, and I do trust you guys though. If there's anything more you need to know, please ask and I'll be happy to provide you with the info. Thanks so much! ~ Jack

OK guys this is a little confusing to a n00b like me, all different people telling me different things! I really appreciate your help, but let's get things straight first: OK: Jnerocorp: I believe gevans is correct, adding a quote afterwards will generate a syntax error. You can see it in your code highlighting, almost everything afterwards is red (part of the quote). But thank you for trying anyway. Maybe you did not mean to put that? gevans, I believe I did NOT get mysqli_query $cxn and $query the wrong way around. I am using Dreamweaver and Dreamweaver's autofill says it is the way I put it, as does the PHP manual. I quote from the manual: I had $result = mysqli_query($cxn, $query); which matches with the manual's example. When I DO however try it your way around, I get this error on the browser output: Warning: mysqli_query() expects parameter 1 to be mysqli, string given in C:\wamp\www\Tweetle\site\alpha\userimages\regenerate.php on line 14 Meaning that I was correct, sorry. So does anyone have any further ideas? This is all a little confusing for me...

Hey rhodesa, thanks for the help. I have changed that line in regenerate.php but now the plot thickens. The browser output, with $result = mysqli_query($cxn, $query); looks like this: I'm assuming all that gobbledygook is the GIF image outputting weirdly? I'm just ignoring that for the time being. The output when using your fix, $result = mysqli_query($cxn, $query) or die(mysqli_error($cxn)); looks like this: Exactly the same! Any ideas what's going on, anyone?

Hey folks, Basically my problem is a frustrating one, and before you asked, I have ! I have created a basic tool that takes a user's latest Status update and saves it to an image. I need the image to regenerate every 15 minutes with the latest update to the status. I have created a script called regenerate.php that I plan to set on a Cron Job. The user's info is stored in the database. Regenerate.php is meant to scroll through the data row by row, query the status update, save it to an image, and move on to the next row. I got the code from the book "Head first PHP & MySQL", a good but different book. I have just adapted it slightly to fit my scenario instead. Here is the important portion of regenerate.php code: <?php // First, we connect to database (with variable $cxn) include($_SERVER['DOCUMENT_ROOT'] . "/mysql/connecttodb.php"); // Select the username and password for each user from the table $query = "SELECT username, password, designid, fontid, tweet FROM twitteraccounts"; // Query it $result = mysqli_query($cxn, $query); // Begin the loop that goes through each user while ($row = mysqli_fetch_array($result)) // LINE 18 { // We have all the user's information $username = $row['username']; echo $username; echo "\n"; $password = $row['password']; $designid = $row['designid']; echo $designid; echo "\n"; $fontid = $row['fontid']; echo $fontid; echo "\n"; // Fetch their latest tweet include($_SERVER['DOCUMENT_ROOT'] . "/fetchtweetfromdb.php"); // Tweet has been fetched and written to database. Now fetch it again from the database $tweet = $row['tweet']; // This part of the script checks which designid the user is using, then calls the generator script appropriate for it if ($designid == 'design1') { include("design1.php"); } else { echo "Add more designs to the controller, regenerate.php, roughly line 42ish"; } } ?> Sorry about the messy code, there are quite a few 'placeholders' in there for adding options later on. Thing is, I've done the design, put it into XHTML and CSS, done all the rest of the code, this is just the last hurdle! When I run the file regenerate.php, this is what appears in the browser window: (I've commented line 18 in my earlier code example). Why won't it work, and why do I get this error?! Sorry if this is a n00bish question but I'm really struggling here! I thought parameter 1 WAS mysqli_result?!

I've tried to glean as much from that as I can, but I'm still stuck. I got this far: <?php $size = imagettfbbox(12, 0, 'userimages/arial.ttf', $string); $dx = (imagesx($img)) - (abs($size[2]-$size[0])) - 20; imagettftext($img, 12, 0, $dx, 30, $text_color, 'userimages/arial.ttf', $tweet); ?> But now all the text just lines up to the right, pushing the beginning over to the left. I'm sorry I'm being useless here.

Hey guys 'n' girls! I have a web app going that works really well so far. It basically takes some text from the user, and puts it onto a 468x60px image. I am using GDLibrary commands to put the text into the image. If the text is longer than the edge of the image when displayed in a size twelve font, it goes off the edge. So I used the wordwrap() function to wrap the text at 32 characters to stop it going over the edge. From the manual: <?php string wordwrap ( string $str [, int $width= 75 [, string $break= "\n" [, bool $cut= false ]]] )?> The code I have been using: <?php //Format the string $fstring = wordwrap($string, 32, "\n", true); //Write the string to the image with GDLibrary imagettftext($img, 12, 0, 10, 30, $text_color, 'userimages/arial.ttf', $fstring); ?> This fits perfectly when I wrote out a string of entirely WWWWWWWs and MMMMMMs, the widest character in the font 'Arial'. It fits beautifully and wraps nicely with the GD Library placing it on the image. The image MUST be a set size, I can't change the width of the image based on the text. When I use a generic string, i.e. "The quick brown fox jumps over the lazy dog, how razorback jumping frogs can level six piqued gymnasts" it cuts at 32 characters still - but in that string 32 characters is only several words, "the quick brown fox jumps over" - it then wraps to the next line, leaving a whole load of white space on the right side of the image. Basically, I need a way to fit a string (that won't ever be longer than 160 characters) into my image. If the text is too long, it should wrap, but it should wrap at the edge of the image and not based on a certain character count. Maybe I'm asing for too much here, but thanks!

Hey guys, I am working on a project that is nearly ready. The project is http://tweetle.in I am currently on Work Experience with a web design firm, and using the knowledge I learnt from them, coded this front page. 100% hand-coded CSS, HTML and PHP. Please give me some constructive criticism. I want it to look elegant, yet be functional and informative. I have also aimed for cross-browser compatibility, and I'm thankful for the tool some of you may find useful @ http://browsershots.org You'll see a different design when you submit your email address - try it out and see? Thanks!

OK guys, problem solved! Thank you so much for your help. I replaced mysqli_affected_rows() with mysqli_num_rows, and then changed the methodology a little bit. I changed the code from this: <?php $sql = "SELECT email FROM user WHERE email = '$email' and password = AES_DECRYPT('$password','$key_str') "; ?> To this: <?php $sql = "SELECT email FROM user WHERE email = '$email' and password = AES_ENCRYPT('$password','$key_str') "; ?> So, basically instead of decrypting it to see if it matches the user's inputted password, I swapped it round to see if the user's inputted password, when encrypted, matches the one in the database. Huzzah! Thanks for being such great forum members!

I'm sorry, but I don't really get you? Could you explain a little more clearly? And mysql_real_escape_string() is coming next, this is simply a prototype still.

I didn't know if this should be in the PHP or MySQL forum... if I'm wrong, sorry! Anyhoo. Basically I'm a step further in my web application that some of you have helped me with in another thread. I've been storing user's registration data in the database like this: INSERT INTO user (firstname, lastname, country, email, password, registerdate, dbversion, userversion, membertype) VALUES ('$firstname', '$lastname', '$country', '$email', AES_ENCRYPT('$password1','$key_str'), CURDATE(), '$dbversion', '$userversion', '$membertype') The important part is in bold, AES_ENCRYPT. Looking in my databases, regular passwords appear like this: 5ù#šØ©W!1Ó^™4 (As you'd hope them too). Now, I'm trying to get a login form to work. So obviously it has to check the email is valid and the password matches too. My code looks like this: <?php include("mysql/connecttodb.php"); include("mysql/resources/keystr.php"); // Define the AES_DECRYPT Keystring $email = $_POST['email']; // Gets email from form $password = $_POST['password']; // Gets password from form //Select from the database a matching user $sql = "SELECT email FROM user WHERE email = '$email' and password = AES_DECRYPT('$password','$key_str') "; $result = mysqli_query($cxn,$sql); // Check the query was valid if(!$result) { // If result is baaaad... $err=mysqli_error($cxn); // Print the error print $err; exit(); // Then exit. Ha. } // Check the username exists if (mysqli_affected_rows($cxn )== 0) // If nothing matches... { print "Email/Password error. Please try again."; // Print error... exit(); // and exit. } else { print "Login successful. Redirecting you to member's area..."; //proceed to perform website’s functionality – e.g. present information to the user } // Database connected. ?> It decrypts the password with exactly the same passkey as it encrypts it with. It is defined in the file "mysql/resources/keystr.php"; that is include()ed near the beginning of the script. The problem I'm getting each time is "Email/Password error. Please try again.". I believe it isn't decrypting the password correctly. A little help anyone? Thank you for your assistance.

Aha, thank you so much bradh! I think I just about understand now, he he So, I'd query that to the database with this whole JOIN thingy?

Thanks bradh, that's helped clear it up a little bit for me. But I'm still confused (sorry!). I want my users to be able to add unlimited Twitter accounts. So when a user adds a Twitter account, it writes their username and password (encrypted) to the twitteraccounts table. This fill's the username and password field. But how do you add another account? Surely there's no more fields to fill in with more information? I mean, once you've written the username and password to the database, if you were to write any more it would just get overwritten since there's not any other fields for additional username and passwords? Please can someone explain this? I apologise for my n00biness!

OK, I think I get it, but before I start the code, could someone confirm if this is correct? In Nick (ninedoors)'s example of a table, 'id' is the unique field. What I do, is check the user's 'userid', and match it to the userid field in the table twitteraccounts, to check the information? Now, how would I go about adding multiple accounts? So, there would surely need to be more than one 'account_no' and password field? ???

Bump ???

OK Nick, I've put the SQL in and I have a nice shiny new table, 'twitteraccounts'. However, I don't really get it. I want a user to be able to add the Username and Password of a Twitter account, which fields would this data be stored in in your table example? Because surely once I've added one, there wouldn't be any more fields for any more? Sorry, hope that makes sense... Also, what's the difference in this case between 'id' and 'userid'?

OK wait, another question! The field 'twitteraccounts' is used for storing the integer number of Twitter Accounts a user owns. However, I want the user to essentially be able to add Twitter accounts to their profile. This would mean once the user had added details for one, they would then be stored to the database. After adding another account, this would be added to the database. However, my problem is that I need this to be unlimited. If a user had 50 accounts (unlikely, but you never know!) then I'm not going to take the time to create 100 columns in the database (twitterusername1, twitterpassword1, twitterusername2... etc...). How would I do this so that each time a new account was added, it would add another column automatically? I know there's an SQL query I can use to add another column, however this seems slightly inefficient. Experts! Do you know any better ways of doing this?

Thanks Nick, I've changed userid and twitteraccounts. twitteraccounts is a number used to store the number of Twitter Accounts a user has. The web app I'm programming connects to the Twitter API and provides a tool for Twitter Users. I've managed to get the whole API bit working now, I'm just now working on the user area (login, registration, etc.). The comments column isn't for user comments, it's for admin comments. But I've changed it to text anyways since that seems logical. I mistyped the password column, that was meant to be 6400 - I can't really remember how I got it (something to do with multiplying the characters in the AES_ENCRYPT passkey and the number of letters in a password?) but I've changed this to 100 to be on the safe side. dbversion and userversion are used for when I update the structure of the DB, or add any new fields. Basically, if I change the Database format I'll update for new signups DBVERSION from 1 to 2. I'll then run a query that pulls out all emails with DBVERSION of 1, and email them prompting them to update their data to fit into our new database. Makes sense? Your help is invaluable to me, I've learnt so much already just from this forum! I bought "PHP and MySQL for Dummies" for £23, and already a couple of chapters in I've spotted several function mistakes! (It says mysqli_real_escape_string only needs one argument, which isn't true and generates an error! ) Compared to other languages I've tried in the past (OPL on Psions from the 1990s , Delphi, Visual Basic) PHP seems a lot more 'logical' than anything else. I'm looking forward to expanding my knowledge on it, so thank you.

Hi Nick, OK, here's the SQL export: -- phpMyAdmin SQL Dump -- version 2.11.9.5 -- http://www.phpmyadmin.net -- -- Host: localhost -- Generation Time: Jun 25, 2009 at 03:24 PM -- Server version: 5.0.77 -- PHP Version: 5.2.6 SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; -- -- Database: `swimwir1_tweetle` -- -- -------------------------------------------------------- -- -- Table structure for table `user` -- CREATE TABLE IF NOT EXISTS `user` ( `userid` bigint(20) NOT NULL auto_increment, `firstname` varchar(50) NOT NULL, `lastname` varchar(50) NOT NULL, `country` varchar(50) NOT NULL, `email` varchar(100) NOT NULL, `password` varchar(64000) NOT NULL, `registerdate` date NOT NULL, `lastlogin` date NOT NULL, `twitteraccounts` int(140) NOT NULL, `comments` varchar(140) NOT NULL, `dbversion` int(50) NOT NULL, `membertype` varchar(50) NOT NULL, `userversion` int(50) NOT NULL, PRIMARY KEY (`userid`), UNIQUE KEY `email` (`email`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=15 ; Like I said, a small database that I'm still testing with, but I don't want to proceed with something that'll be hard to change later. Thank you Nick and others for your help so far.

Thanks ninedoors. It's OK, it appears that the userversion thing is fixed now (now idea how, don't know what I changed?!) I've put the Database Structure here anyway, just in case anything is a bit doolally. Sorry about being such a n00b but I wasn't too sure how to go about exporting this, so I did it twice Here it is in XML: <?xml version="1.0" encoding="utf-8" ?> <!-- - - phpMyAdmin XML Dump - version 2.11.9.5 - http://www.phpmyadmin.net - - Host: localhost - Generation Time: Jun 25, 2009 at 02:56 PM - Server version: 5.0.77 - PHP Version: 5.2.6 --> <!-- - Database: 'swimwir1_tweetle' --> <swimwir1_tweetle> <!-- Table user --> <user> <userid>5</userid> <firstname>Jack</firstname> <lastname>Webb-Heller</lastname> <country>United Kingdom</country> <email>jack.wh@example.com</email> <password>æ%{)Š½åžUé™</password> <registerdate>2009-06-24</registerdate> <lastlogin>0000-00-00</lastlogin> <twitteraccounts>0</twitteraccounts> <comments></comments> <dbversion>1</dbversion> <membertype>bronze</membertype> <userversion>0</userversion> </user> <user> <userid>14</userid> <firstname>Timmy</firstname> <lastname>Turnip</lastname> <country>Thailand</country> <email>example@example.com \' or t=t --</email> <password>l ßkÑYþÌ㻡Ä×</password> <registerdate>2009-06-25</registerdate> <lastlogin>0000-00-00</lastlogin> <twitteraccounts>0</twitteraccounts> <comments></comments> <dbversion>1</dbversion> <membertype>bronze</membertype> <userversion>1</userversion> </user> </swimwir1_tweetle> Here's a picture of the table: And this one of the structure: If everything's OK, I'll mark this topic Solved and continue with development. Thanks for your help!

Ah, thanks guys for your help! I don't know what I'd do without you! OK, so mysqli_error is working now. A couple more questions then. @ninedoors, I'm not using a forum or anything. I'm simply developing a web application for a project that I am working on, that needs a user login/out system - I want a custom made one, it doesn't need any integration with something like SMF. Anyhoo, basically a couple more questions. 1. I have a field in my database called 'userversion', and as you can see from the code I supplied in my last post, it's set to 1. The field type is identical to dbversion in the database. When I do a test signup, the user field is populated with data, and dbversion is 1. However, userversion always stays at 0, even though it's specified as 1 in the PHP script? Both DBversion and USERversion have identical MySQL properties - both INTs, with length/values of 50, not null or anything. So my question is, how can I fix this? 2. MySQLI_real_escape_string isn't escaping it, or not apparently so anyway. I did a test signup, and in the email field I put the following: "example@example.com \' or t=t --" (without quotes. Not that I don't have any Regex to validate that's it's actually an email... yet). Looking in phpMyAdmin, it shows this under the email column: "example@example.com \' or t=t --" Identical! Am I misinterpreting this, or isn't MySQLI_real_escape_string meant to remove the dodgy characters like \, ' and =? Or does it just 'temporarily' remove them, then replace them in the database (so they're not queried?). Thank you SO much for the help so far1

OK... so if I run this code over all the variables before they're put in the database: <?php $firstname = mysqli_real_escape_string($firstname);; $lastname = mysqli_real_escape_string($lastname); $country = mysqli_real_escape_string($country); $email = mysqli_real_escape_string($email); $email1 = mysqli_real_escape_string($email1); $email2 = mysqli_real_escape_string($email2); $password1 = mysqli_real_escape_string($password1); $password2 = mysqli_real_escape_string($password2); $registerdate = "CURDATE()"; $dbversion = 1; $userversion = 1; $membertype = bronze; ?> ... it should stop injection attacks, at least basic ones anyway? Also, I have now encrypted passwords stored in the database like this: <?php AES_ENCRYPT('$password1','$key_str') ?> $password1 is the password the user inputs, $key_str is an 80-character password set in another file, that I have include() ed in the script. Is this all correct so far? The passwords come out in the database like this: O² Ö×™Ìé`¶LhÎûÝ I have not yet tried to decode them, but I'll be doing that next. Also, I am having troubles getting mysql_error() to work. When I change my code from this: <?php $result = mysqli_query($cxn,$query) or die ("Couldn't execute MySQL query. Contact webmaster@tweetle.in.") ?> To this: <?php $result = mysqli_query($cxn,$query) or die ("Couldn't execute MySQL query. Contact webmaster@tweetle.in. Error: $mysqlerror") ?> when the $mysqlerror variable has been set earlier on to equal "mysql_error($cxn)" (where $cxn is the name of my connection). Could anybody tell me why this isn't working, and also, could someone confirm that what i've done so far is correct? Thank you!

Thanks for your help Nick. I'm surprised I missed it, not having quotes around it! But thank you anyway, a novice's error I suppose I am still beginning learning MySQL and PHP, and (thanks to you) have now finally finished my login/registration system. I have simply 'drafted' this system, I haven't taken security into consideration yet but that's what I'll be doing next. Yes, the passwords are currently just text - what format would I save it as in the database? And, mysql_real_escape_string - does this remove any characters or formatting from the inputs? I.E. to stop injections like " ' or t=t" for example, it removes all the symbols? Am I right? Thank you for your help so far!

Hi guys, :? I'm trying to program a registration form for my latest project. It uses MySQL to save the results to. The code goes like this: FILE: newuser.php <?php $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $country = $_POST['country']; $email = $_POST['email1']; $email1 = $_POST['email1']; $email2 = $_POST['email2']; $password1 = $_POST['password1']; $password2 = $_POST['password2']; $registerdate = "CURDATE()"; $dbversion = 1; $membertype = bronze; // Connect to the database include("mysql/connecttodb.php"); // Include the MySQL connector code $query = "INSERT INTO user (firstname, lastname, country, email, password, registerdate, dbversion, membertype) VALUES ($firstname, $lastname, $country, $email, $password1, CURDATE(), $dbversion, $membertype)";// This is the query to INSERT the data // Now we query this to the database $result = mysqli_query($cxn,$query) or die ("Couldn't execute MySQL query. Contact webmaster@tweetle.in."); // If $result = true, querying was successful. Else it failed. if ($result = true) { echo "Signup complete. Thanks for using Tweetle.in! Now please Login to Tweetle."; // We finish off by closing the connection to the database include("mysql/closeconnection.php"); } else { echo "MySQL querying failed. Please contact webmaster@tweetle.in. Sorry!"; // We finish off by closing the connection to the database include("mysql/closeconnection.php"); } ?> All the data is definitely successfully collected from the form, I know this because on the signup page it displays it all too. The error that I'm getting says "Couldn't execute MySQL query. Contact webmaster@tweetle.in.". This appears to be displayed when we query it to the database: <?php $result = mysqli_query($cxn,$query) or die ("Couldn't execute MySQL query. Contact webmaster@tweetle.in.");?> So, is it a problem with my code, or is it a problem with my Query? If it's me using the CURDATE() (current date) MySQL function to save into the Date-formatted field, then is it me using CURDATE() wrongly? Thanks for your help guys! MySQL is definitely connected correctly. Because: FILE: connecttodb.php <?php // This file (connecttodb.php) connects to the MySQL database. It is used as an include() in other scripts. $mysqlhost = "localhost"; // Defines MySQL host $mysqluser = "swimwir1_*****; // Defines MySQL user $mysqlpassword = "***************"; // MySQL password $mysqldbname = "swimwir1_*****"; // MySQL database name // The next line of code connects to the database. If it fails, it produces an error message. $cxn = mysqli_connect($mysqlhost,$mysqluser,$mysqlpassword,$mysqldbname) or die ("Sorry, MySQL connection error - please inform webmaster@tweetle.in"); ?> It nevers produces an error message from this script, so it is definitely connection (I have ***ed out private info). Thank you! :-D