SignUp script help

[poetichotline]

I've created the following sign up script for my website.  It, however, is giving me an error equal to

Parse error: syntax error, unexpected T_STRING in /home/poetgos7/public_html/signupck.php on line 32.  I've tried to fix it, and nothing I seem to do works.  Any ideas? 

 

 

<?php 
include('layout.inc');
?>
<div style="position:absolute; top:110; left:252; width:500; height:300; z-index:1;">
<p>
<?
$servername= localhost;
$dbusername = poetgos7_poetic;
$dbpassword = poetic;
$dbname = poetgos7_users;

$connection = mysql_connect($servername, $dbusername, $dbpassword);
$db = mysql_select_db($dbname, $connection);

$name = $_POST[username];
$password = $_POST[password];
$password2 = $_POST[password2];
$email = $_POST[email];
$ip = $_POST[ip];

//if else (else if)
if($name == false || $password == false || $password2 == false || $email == false){
echo "You did not fill out all the required fields.  Please hit the back button and try again!";
}
if ($password != password2){
echo "The passwords did not match!  Please hit the back button and try again!";
}else{
$connection = mysql_connect($servername, $dbusername, $dbpassword);
$db = mysql_select_db($dbname, $connection);
$sql = "INSET INTO members (username, password, email, ip) VALUES ($username, $password, $email, $ip);
$result = mysql_query($sql);
echo "Thank you for your registration to poetichotline.org!";
}
?>
</div>

[Lamez]

try this:

 

<?php 
include('layout.inc');
?>

<div style="position:absolute; top:110; left:252; width:500; height:300; z-index:1;">
<p>
<?php
$servername= "localhost";
$dbusername = "poetgos7_poetic";
$dbpassword = "poetic";
$dbname = "poetgos7_users";

$connection = mysql_connect($servername, $dbusername, $dbpassword);
$db = mysql_select_db($dbname, $connection);

$name = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$email = $_POST['email'];
$ip = $_POST['ip'];

//if else (else if)
if($name == false || $password == false || $password2 == false || $email == false){
echo "You did not fill out all the required fields.  Please hit the back button and try again!";
}
if ($password != password2){
echo "The passwords did not match!  Please hit the back button and try again!";
}else{
$connection = mysql_connect($servername, $dbusername, $dbpassword);
$db = mysql_select_db($dbname, $connection);
$sql = "INSERT INTO members (username, password, email, ip) VALUES ($username, $password, $email, $ip)";
$result = mysql_query($sql);
echo "Thank you for your registration to poetichotline.org!";
}
?>
</div>

[bdmovies]

It looks like you misspelled "INSERT" in query, that's all I could find though.

 

Also, just a suggestion, I would change the username / password of your database as you showed us the username, password, database name and domain name of your site, it is probably easily hackable w/ all of that info.

 

While I wouldn't do this, other not so nice people may.

 

Also, right now I could post some nasty SQL as my name, or any other field and really screw w/ your database. mysql_escape_string($_POST['field']) should take care of that. And you may want to consider a regex for email validation.

 

[poetichotline]

I made those changes as stated, and it "appeared" to work.  However I am still having one minor error.  The error message comes up "passwords do not match"  even when they do.  any ideas? 

[mmarif4u]

This:

if ($password != password2){

 

Should be:

if ($password != $password2){

[poetichotline]

This:

if ($password != password2){

 

Should be:

if ($password != $password2){

 

Thank you very much.... I can't believe I missed that.  Guess that's why you shouldn't try to code at 2:00 am in the morning uh?  lol

 

On a side note:  for some reason the }else{ statement does not carry through.  There is no error message, but when I execute the page it displays the message "Thank you for registering" whether or not everything is filled in correctly, and it dosn't add the database.  any idea?