Jump to content

Help: Information not being inserted into DB

Flames

By Flames
in PHP Coding Help

 Share

Recommended Posts

Flames Member

Flames

Posted
Posted

im trying to make a registration page (form is done etc) but when you fill in the form, the information isn't inputted into the DB and it says that it was. please help!

 

this is the registration code (config.php is a valid file which contains some of the variables e.g. $con)

<?php

include("config.php");
  
mysql_select_db("hehe you dont get to see this!", $con);
global $status;
$status = "good";

$md5password = MD5($password);
$newusername = addslashes($username);
$newemail = addslashes($email);
user_valid($username);
pass_valid($password);
email_valid($email);
$time = time();

function user_valid($user)
{
if(5 > strlen($user))
{
global $status;
$status = "bad";
echo "Your username must be longer than 5 characters <br />";
}
elseif(strlen($user) > 30)
{
global $status;
$status = "bad";
echo "Your username must be shorter or equal to 30 characters long <br />";
}
else
{
}
}

function pass_valid($pass)
{
if( 6 > strlen($pass))
{
global $status;
$status = "bad";
echo "Password must be longer than 5 characters <br />";
}
elseif(strlen($pass) > 32)
{
global $status;
$status = "bad";
echo "Password must be shorter or equal to 32 characters <br />";
}
else
{
}
}

function email_valid($mail)
{
if(6 > strlen($mail))
{
global $status;
$status = "bad";
echo "Email must be longer than 5 Characters long <br />";
}
elseif(strlen($mail) > 30)
{
global $status;
$status = "bad";
echo "Email must be shorter or equal to 30 characters long <br />";
}
else
{
}
}

if(!isset($reg) || $reg !== "this little thing makes sure you actually use the form but you dont get to see this code either!")
{
echo "Please use the registration form";
}
else
{
if($pass != $pass2)
{
global $status;
$status = "bad";
echo "Both passwords need to match <br />";
}

if($status != "good")
{
echo "<script = text/javascript> alert(you have failed to register)";
echo "<a href = 'register.php'> Go Back and try again </a>";
}
else
{
mysql_query("
INSERT INTO Account (username, password, email, status, rank)
VALUES ($newusername, $md5password, $newemail, 0, 1)");
echo "You have successfully registered <br />";
echo "An email has been sent to the email address provided you will need to activate your account before logging in <br />";
echo "Please <a href = 'login.php'>login here</a>";
}
}
?>

 

any comments are apprieciated!

Link to comment
Share on other sites
Flames Member

Flames

Posted
  • Author
Posted

Thanks, I'll remember that now.

 

I don't know where from but i got the idea that you don't need single quotes are around variables or around numbers, maybe some bad tutorials or something.

 

That will also help me a lot more with other codes now as well!

 

EDIT: i've heard a lot about mysql injection and i sort of understand what it is, but could you just have a quick look at the code and tell me if this is any good at stopping mysql injection

Link to comment
Share on other sites
fenway Advanced Member

fenway

Posted
Posted

I don't know where from but i got the idea that you don't need single quotes are around variables or around numbers, maybe some bad tutorials or something.

Nothing wrong with leaving them out around numbers, but only if you hard-code the numbers and they never come from user input -- which is why it's just easier to quote everytning.

Link to comment
Share on other sites
  • 3 weeks later...
Flames Member

Flames

Posted
  • Author
Posted

i've seemed to hit the problem again when trying to add something to stop mysql injection and the function that sends the email to verify the email account and activate the address.

The problems are the email is NOT being sent and the mysql database is not being inserted and this time the single quotes are there and i have no idea whats gone wrong with it.

Added the new code below.

<?

include("config.php");

mysql_select_db("not seeing this", $con);
global $status;
$status = "good";

function check_input($value)
{
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}

$newpassword = check_input($password);
$md5password = MD5($newpassword);
$newusername = check_input($username);
$newerusername = strtolower($newusername);
$newemail = check_input($email);
user_valid($username);
pass_valid($password);
email_valid($email);
$time = time();
$key = base64_encode($time);
function mail_verify($user, $password, $email, $hash, $key)
{
$to = $email;
$url = "http://fool.com/activate.php?hash=".$hash."&key=".$key;
$subject = "Verify Your Account For eFlame.co.cc";
$message = "

Thank you for registering with eFlame.co.cc.<br>
To finish your registration you will need to use the link below. <br>
".$url."
Or you can go to http://fool.com/activate.php to manually fill out the form with the information below. <br>
Hash:
".$hash." <br>
Key:
".$key." <br>
Your username is
".$user." <br>
Your password is
".$password." <br>
If you didnt register just ignore this message and you will not recieve any further emails

";
// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
// More headers
$headers .= 'From: eFlame <registration@eflame.co.cc> <Automated Message Do Not Reply>' . "\r\n";
mail($to,$subject,$message,$headers);
}
function user_valid($user)
{
if(5 > strlen($user))
{
global $status;
$status = "bad";
echo "Your username must be longer than 5 characters <br />";
}
elseif(strlen($user) > 30)
{
global $status;
$status = "bad";
echo "Your username must be shorter or equal to 30 characters long <br />";
}
else
{
}
}

function pass_valid($pass)
{
if( 6 > strlen($pass))
{
global $status;
$status = "bad";
echo "Password must be longer than 5 characters <br />";
}
elseif(strlen($pass) > 32)
{
global $status;
$status = "bad";
echo "Password must be shorter or equal to 32 characters <br />";
}
else
{
}
}

function email_valid($mail)
{
if(6 > strlen($mail))
{
global $status;
$status = "bad";
echo "Email must be longer than 5 Characters long <br />";
}
elseif(strlen($mail) > 30)
{
global $status;
$status = "bad";
echo "Email must be shorter or equal to 30 characters long <br />";
}
else
{
}
}

if(!isset($reg) || $reg !== "code")
{
echo "Please use the registration form";
}
else
{
if($password != $password2)
{
global $status;
$status = "bad";
echo "Both passwords need to match <br />";
}

if($status != "good")
{
echo "<script = text/javascript> alert(you have failed to register)";
echo "<a href = 'register.php'> Go Back and try again </a>";
}
else
{
mysql_query("
INSERT INTO Account (username, password, email, status, rank)
VALUES ('$newusername', '$md5password', '$newemail', '0', '1')");
mail_verify($username, $password, $email, $md5password, $key);
echo "<center>You have successfully registered </center> <br />";
echo "<center>An email has been sent to the email address provided you will need to activate your account before logging in </center> <br />";
echo "<center>Please <a href = 'login.php'>Login Here!</a> </center>";

}}
?>

 

yet again any comments apprieciated

Link to comment
Share on other sites
Flames Member

Flames

Posted
  • Author
Posted

which sql statement and there are no error messages when you fill in the form correctly it says "You have successfully registered

 

An email has been sent to the email address provided you will need to activate your account before logging in

 

Please Login Here!" which is what its supposed to say.

Link to comment
Share on other sites
Flames Member

Flames

Posted
  • Author
Posted 

mysql_query("
INSERT INTO Account (username, password, email, status, rank)
VALUES ('$newusername', '$md5password', '$newemail', '0', '1')");

 

thats the query and it worked before i added the mysql injection checker function and mail function

Link to comment
Share on other sites
Flames Member

Flames

Posted
  • Author
Posted

i got the following

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Admin'', 'ed0086a4272f428f9f8bf17ca0439ce2', ''test@test.com'', '0', '1')' at line 1

 

(signed up with username admin, password password, emal test@test.com)

 

not sure if that was from echoing the mysql_query or echoing mysql_error but it came right after the message about signup successful

Link to comment
Share on other sites
fenway Advanced Member

fenway

Posted
Posted

That's from mysql_error().

 

Do this:

 

echo "INSERT INTO Account (username, password, email, status, rank) VALUES ('$newusername', '$md5password', '$newemail', '0', '1')";

 

But it looks like there is a quoting issue.

Link to comment
Share on other sites
Flames Member

Flames

Posted
  • Author
Posted

i got the following information

INSERT INTO Account (username, password, email, status, rank)VALUES (''Admin'', 'ed0086a4272f428f9f8bf17ca0439ce2', ''email@email.com'', '0', '1')

You have successfully registered

 

An email has been sent to the email address provided you will need to activate your account before logging in

 

Please Login Here!

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Admin'', 'ed0086a4272f428f9f8bf17ca0439ce2', ''email@email.com'', '0', '1')' at line 1

 

is it an error with the quotes then?

Link to comment
Share on other sites
Flames Member

Flames

Posted
  • Author
Posted

its 2 single quotes but i don't know why they're there.

 

is it due to the check input function because it only occurs on username and email, which are the 2 things used with the check input function, if it is a problem with the funtion how could i fix it or should i just leave the function out altogether?

Link to comment
Share on other sites
Flames Member

Flames

Posted
  • Author
Posted

it wont let me edit my previous post so i made another post.

 

i decided to remove the check input function and just use the mysql_real_escape_string on its own and the mysql database was updated however the mail wasn't sent which causes a lot of problems.

 

Any help why the mail wasnt sent?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.