A2xA Posted September 1, 2008 Share Posted September 1, 2008 I've made a script along with my forum register to add the same entries into a different database. In the first register file it has the variables and such that are in the handle_this function passed over to SiteRegister.php Where then the second SiteRegister.php file inserts into a database The first file (with variables): //Shit that won't work $memberID = registerMember($regOptions); require_once('/x/x/x/x/x/SiteRegister.php'); handle_this($regOptions, $memberID); Second file (SiteRegister.php): <?php function handle_this($regOptions, $memberID) { global $db_prefix; mysql_query("INSERT INTO users (userName, userUser, userPass, UserID, userEmail) VALUES (" . $regOptions['username'] . ", " . $regOptions['username'] . ", " . $regOptions['password'] . ", " . $memberID . " " . $regOptions['email'] . ")"); } ?> If someone could take a look at the code and tell me why it's not working I'd greatly appreciate it Quote Link to comment Share on other sites More sharing options...
blinky001 Posted September 1, 2008 Share Posted September 1, 2008 Might want to escape the slashes before inserting entries into a database like that. either use sprintf format for the query or use addslashes() on each of the variables in your query. Never trust user content!! Quote Link to comment Share on other sites More sharing options...
A2xA Posted September 1, 2008 Author Share Posted September 1, 2008 My registration page is full of requirements and security.. this is just a function it goes through when they pass through everything else. Except it's not working. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 1, 2008 Share Posted September 1, 2008 The only obvious problem is that string values must be enclosed in single-quotes. You should form your query in a variable (for several reasons) and then echo it to make sure it contains what you expect. Your mysql_query() also contains no error checking to get it tell you why it is failing. At a minimum, add or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
A2xA Posted September 1, 2008 Author Share Posted September 1, 2008 Oh wow, I thought I had that on the end. Thanks, I'll come back after I get an error. Quote Link to comment Share on other sites More sharing options...
A2xA Posted September 1, 2008 Author Share Posted September 1, 2008 I got this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'a-3@inbox.com)' at line 2 I'm getting somewhere now. The a-3@inbox.com is the e-mail I used in the registration. Quote Link to comment Share on other sites More sharing options...
blinky001 Posted September 1, 2008 Share Posted September 1, 2008 You are missing quotes around the strings as previously mentioned by PFMaBiSmAd - I missed that before, sorry - so used to seeing " SET `x` = ?, `y` = ? "etc - didn't even cross my mind! Quote Link to comment Share on other sites More sharing options...
A2xA Posted September 1, 2008 Author Share Posted September 1, 2008 Thanks. I'm not sure what you mean by that. Can you give me an example as to what I'm doing? Quote Link to comment Share on other sites More sharing options...
blinky001 Posted September 1, 2008 Share Posted September 1, 2008 <?php mysql_query("INSERT INTO users (userName, userUser, userPass, UserID, userEmail) VALUES ('".$regOptions['username']."', '".$regOptions['username']."', '".$regOptions['password']."', '".$memberID."', '".$regOptions['email']."')"); ?> This still does not data sanitisation - make sure you check for the usual culprits like sql injection... Cheers, Paul Quote Link to comment Share on other sites More sharing options...
A2xA Posted September 1, 2008 Author Share Posted September 1, 2008 tight it works. Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.