Jump to content

Help: Information not being inserted into DB

Flames

By Flames
in PHP Coding Help

 Share

Recommended Posts

Flames Member

Flames

Posted
Posted

im trying to make a registration page (form is done etc) but when you fill in the form, the information isn't inputted into the DB and it says that it was. please help!

 

this is the registration code (config.php is a valid file which contains some of the variables e.g. $con)

<?php

include("config.php");
  
mysql_select_db("hehe you dont get to see this!", $con);
global $status;
$status = "good";

$md5password = MD5($password);
$newusername = addslashes($username);
$newemail = addslashes($email);
user_valid($username);
pass_valid($password);
email_valid($email);
$time = time();

function user_valid($user)
{
if(5 > strlen($user))
{
global $status;
$status = "bad";
echo "Your username must be longer than 5 characters <br />";
}
elseif(strlen($user) > 30)
{
global $status;
$status = "bad";
echo "Your username must be shorter or equal to 30 characters long <br />";
}
else
{
}
}

function pass_valid($pass)
{
if( 6 > strlen($pass))
{
global $status;
$status = "bad";
echo "Password must be longer than 5 characters <br />";
}
elseif(strlen($pass) > 32)
{
global $status;
$status = "bad";
echo "Password must be shorter or equal to 32 characters <br />";
}
else
{
}
}

function email_valid($mail)
{
if(6 > strlen($mail))
{
global $status;
$status = "bad";
echo "Email must be longer than 5 Characters long <br />";
}
elseif(strlen($mail) > 30)
{
global $status;
$status = "bad";
echo "Email must be shorter or equal to 30 characters long <br />";
}
else
{
}
}

if(!isset($reg) || $reg !== "this little thing makes sure you actually use the form but you dont get to see this code either!")
{
echo "Please use the registration form";
}
else
{
if($pass != $pass2)
{
global $status;
$status = "bad";
echo "Both passwords need to match <br />";
}

if($status != "good")
{
echo "<script = text/javascript> alert(you have failed to register)";
echo "<a href = 'register.php'> Go Back and try again </a>";
}
else
{
mysql_query("
INSERT INTO Account (username, password, email, status, rank)
VALUES ($newusername, $md5password, $newemail, 0, 1)");
echo "You have successfully registered <br />";
echo "An email has been sent to the email address provided you will need to activate your account before logging in <br />";
echo "Please <a href = 'login.php'>login here</a>";
}
}
?>

 

any comments are apprieciated!

Flames Member

Flames

Posted
  • Author
Posted

Thanks, I'll remember that now.

 

I don't know where from but i got the idea that you don't need single quotes are around variables or around numbers, maybe some bad tutorials or something.

 

That will also help me a lot more with other codes now as well!

 

EDIT: i've heard a lot about mysql injection and i sort of understand what it is, but could you just have a quick look at the code and tell me if this is any good at stopping mysql injection

fenway Advanced Member

fenway

Posted
Posted

I don't know where from but i got the idea that you don't need single quotes are around variables or around numbers, maybe some bad tutorials or something.

Nothing wrong with leaving them out around numbers, but only if you hard-code the numbers and they never come from user input -- which is why it's just easier to quote everytning.

  • 3 weeks later...
Flames Member

Flames

Posted
  • Author
Posted

i've seemed to hit the problem again when trying to add something to stop mysql injection and the function that sends the email to verify the email account and activate the address.

The problems are the email is NOT being sent and the mysql database is not being inserted and this time the single quotes are there and i have no idea whats gone wrong with it.

Added the new code below.

<?

include("config.php");

mysql_select_db("not seeing this", $con);
global $status;
$status = "good";

function check_input($value)
{
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}

$newpassword = check_input($password);
$md5password = MD5($newpassword);
$newusername = check_input($username);
$newerusername = strtolower($newusername);
$newemail = check_input($email);
user_valid($username);
pass_valid($password);
email_valid($email);
$time = time();
$key = base64_encode($time);
function mail_verify($user, $password, $email, $hash, $key)
{
$to = $email;
$url = "http://fool.com/activate.php?hash=".$hash."&key=".$key;
$subject = "Verify Your Account For eFlame.co.cc";
$message = "

Thank you for registering with eFlame.co.cc.<br>
To finish your registration you will need to use the link below. <br>
".$url."
Or you can go to http://fool.com/activate.php to manually fill out the form with the information below. <br>
Hash:
".$hash." <br>
Key:
".$key." <br>
Your username is
".$user." <br>
Your password is
".$password." <br>
If you didnt register just ignore this message and you will not recieve any further emails

";
// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
// More headers
$headers .= 'From: eFlame <[email protected]> <Automated Message Do Not Reply>' . "\r\n";
mail($to,$subject,$message,$headers);
}
function user_valid($user)
{
if(5 > strlen($user))
{
global $status;
$status = "bad";
echo "Your username must be longer than 5 characters <br />";
}
elseif(strlen($user) > 30)
{
global $status;
$status = "bad";
echo "Your username must be shorter or equal to 30 characters long <br />";
}
else
{
}
}

function pass_valid($pass)
{
if( 6 > strlen($pass))
{
global $status;
$status = "bad";
echo "Password must be longer than 5 characters <br />";
}
elseif(strlen($pass) > 32)
{
global $status;
$status = "bad";
echo "Password must be shorter or equal to 32 characters <br />";
}
else
{
}
}

function email_valid($mail)
{
if(6 > strlen($mail))
{
global $status;
$status = "bad";
echo "Email must be longer than 5 Characters long <br />";
}
elseif(strlen($mail) > 30)
{
global $status;
$status = "bad";
echo "Email must be shorter or equal to 30 characters long <br />";
}
else
{
}
}

if(!isset($reg) || $reg !== "code")
{
echo "Please use the registration form";
}
else
{
if($password != $password2)
{
global $status;
$status = "bad";
echo "Both passwords need to match <br />";
}

if($status != "good")
{
echo "<script = text/javascript> alert(you have failed to register)";
echo "<a href = 'register.php'> Go Back and try again </a>";
}
else
{
mysql_query("
INSERT INTO Account (username, password, email, status, rank)
VALUES ('$newusername', '$md5password', '$newemail', '0', '1')");
mail_verify($username, $password, $email, $md5password, $key);
echo "<center>You have successfully registered </center> <br />";
echo "<center>An email has been sent to the email address provided you will need to activate your account before logging in </center> <br />";
echo "<center>Please <a href = 'login.php'>Login Here!</a> </center>";

}}
?>

 

yet again any comments apprieciated

Flames Member

Flames

Posted
  • Author
Posted

which sql statement and there are no error messages when you fill in the form correctly it says "You have successfully registered

 

An email has been sent to the email address provided you will need to activate your account before logging in

 

Please Login Here!" which is what its supposed to say.

Flames Member

Flames

Posted
  • Author
Posted

i got the following

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Admin'', 'ed0086a4272f428f9f8bf17ca0439ce2', ''[email protected]'', '0', '1')' at line 1

 

(signed up with username admin, password password, emal [email protected])

 

not sure if that was from echoing the mysql_query or echoing mysql_error but it came right after the message about signup successful

Flames Member

Flames

Posted
  • Author
Posted

i got the following information

INSERT INTO Account (username, password, email, status, rank)VALUES (''Admin'', 'ed0086a4272f428f9f8bf17ca0439ce2', ''[email protected]'', '0', '1')

You have successfully registered

 

An email has been sent to the email address provided you will need to activate your account before logging in

 

Please Login Here!

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Admin'', 'ed0086a4272f428f9f8bf17ca0439ce2', ''[email protected]'', '0', '1')' at line 1

 

is it an error with the quotes then?

Flames Member

Flames

Posted
  • Author
Posted

its 2 single quotes but i don't know why they're there.

 

is it due to the check input function because it only occurs on username and email, which are the 2 things used with the check input function, if it is a problem with the funtion how could i fix it or should i just leave the function out altogether?

Flames Member

Flames

Posted
  • Author
Posted

it wont let me edit my previous post so i made another post.

 

i decided to remove the check input function and just use the mysql_real_escape_string on its own and the mysql database was updated however the mail wasn't sent which causes a lot of problems.

 

Any help why the mail wasnt sent?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.