sean04

Ah ok I see sorry about that. I checked it out. As of now I have this: $Email = htmlspecialchars(addslashes($_POST['Email'])); Would that be the same as what you recommended? What I mean is, are they used for the same purpose? Seems like it is. Thanks again, Sean

Thanks for the reply! I have noted that issue and encrypted the password. As for the "or die", I'm just using that for testing purposes only. Thanks for the information!

Thanks a lot ignace I appreciate that! I will definitely be back here again soon!

Yes exactly what I would do. ignace wrote the same thing. Thanks for clearing it up a bit though! looks great! Thanks for the help!

Yes I agree. It would work perfectly. One thing though. Would it not be a little bit of a security issue if someone knew the email was correct but the password wasn't? I would think giving someone an exact error would be risky. Outputting an error such as "Username or Password is incorrect" would seem a bit more secure because your not giving out the exact problem. Thanks for the help!

Thank you both for the help! ignace I will give that a shot. I had that included before but it didn't seem to work right but most likely it was because something else was messed up and TeddyKiller thank you as well for your constructive criticism I may not be a professional but I do realize $Password = $Password is completely pointless. I will for sure take a look at what you have provided me though! Thanks guys, Sean

Thanks! I see what you mean. I'll get rid of that And as for the password I do use md5 and I save it in the database with that as well. Another thing, where I have if($checkUser == '0') { $errors[] = "Username or Password is incorrect"; } if ($Password != $checkUserInfo[Password]) { $errors[] = "Username or Password is incorrect"; } Those could be combined right? Just the last few times I tried to combine those it didn't really work correctly. Putting those together would make more sense correct?

Thanks for the reply! I'm actually using "or die" for testing purposes only, and I am securing the password. I will make sure to remove the password from the users session if I do not need it then. As for obtaining user info, one query uses mysql_num_rows and the other is mysql_fetch_array. Are you suggesting that I just use one (mysql_fetch_array)? Also, maybe you could explain number 3? I was pretty sure I am checking the password. Thanks again for the help!!

Hey! So I was wondering if anyone has a bit of time to take a look at the following and maybe fix it up a bit? I just feel like it's all over and maybe it needs some tidying <?php include "config.php"; // variable to check if form was sent $form_sent = $_POST['form_sent']; // assume form was completed properly $valid = true; //initialize an array to contain list of errors $errors = array(); //capture form data if form has been sent if($form_sent == 1){ $Email = $_POST['Email']; $Password = $_POST['Password']; $checkInfo = mysql_query("SELECT * FROM `user` WHERE `Email` = '$Email'") or die(mysql_error()); $checkUser = mysql_num_rows($checkInfo); $checkUserInfo = mysql_fetch_array($checkInfo); //check to see if all fields are complete if($Email == ''){ $errors[] = "Email"; } if($Password == ''){ $errors[] = "Password"; } if($Email != '' && $Password != ''){ if($checkUser == '0') { $errors[] = "Username or Password is incorrect"; } if($checkUserInfo[userlevel] == 1) { $errors[] = "This account has not yet been verified. Please check your email"; } $Password = $Password; if ($Password != $checkUserInfo[Password]) { $errors[] = "Username or Password is incorrect"; } } //check to see if there were errors if(count($errors) > 0){ $valid = false; }else{ $query = mysql_query("SELECT * FROM `user` WHERE `Email` = '$Email'") or die(mysql_error()); //fetchs the sql $user = mysql_fetch_array($query); //sets the logged session $_SESSION['ID'] = "$user[iD]"; $_SESSION['Password'] = "$user[Password]"; echo "<meta http-equiv='Refresh' content='0; URL=profile.php'/>"; } } //output the form only if they have not submitted OR if there are errors they need to fix if($form_sent != 1 || $valid == false){ if($valid == false){ echo ' <div class = "error1"> <p class="error">Oops. There was a problem with your form submission. Please review the following:</p>'; echo'<ul class="error">'; $numerrors = count($errors); for($i = 0; $i<$numerrors; $i++){ echo'<li>'.$errors[$i].'</li>'; } echo'</ul><br/></div>'; } } ?> Thanks in advance! Any tips would be great to! Sean

Thank you! Works great! Thought it had to do with something like that as the error mentioned it Didn't know what to do exactly though, Thanks again!

Thanks for the replies! Still no luck.. This is what its looking like: <form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post"> Email: <input type="text" name="email" size="30" maxlength="25"> Password: <input type="password" name="password" size="30" maxlength="25"> Confirm Password: <input type="password" name="cpassword" size="30" maxlength="25"> Screen Name: <input type="text" name="screenname" size="30" maxlength="55"> Gender: <select name="gender" value="">Gender</option> <?PHP $Get_Sex = mysql_query("SELECT ID, Description FROM gender") or die(mysql_error()); $Sex_Results = mysql_fetch_array($Get_Sex); while($val = mysql_fetch_array($Sex_Results)){ echo "<option value=\"{$val['ID']}\">{$val['Description']}</option>"; } ?> </select> <input type="submit" value="Register"> </form> I know its not to neat right now sorry

Hey! So I have the following: <?PHP $Get_Sex = mysql_query("SELECT ID, Desc FROM gender") or die(mysql_error()); $Sex_Results = mysql_fetch_array($Get_Sex); while($val = mysql_fetch_array($Sex_Results)){ echo "<option value=$val[iD]>$val[Desc]</option>"; } ?> How come the drop down doesn't have any data in it? Thanks, Sean