Jump to content

Why do I keep getting this?

3raser

By 3raser
in PHP Coding Help

 Share

Recommended Posts

3raser Advanced Member

3raser

Posted
  • Author
Posted 

<?php

mysql_connect("-","-","-") or die("Connection failed!");
mysql_select_db("-") or die("Database fail!");

$username = $_POST['username'];
$password = $_POST['password'];

if (!$username || !$password)
   die (" <form action='register.php' method='POST'>
<b>Please note that the following characters: `*<>() will be removed upon registering.</b><br /><br />
* Username: <input type='text' name='username' maxlength='12'><br /><br />
* Password: <input type='password' name='password' maxlength='20'></div><br /><br />
<input type='submit' value='Register'>
</form>");

if (strlen($password)<=3) {
        echo "Password must be MORE then 3 characters long! <a href='register.php'> << Back </a>";
}
else
{

if (strlen($username)<=1) {
        echo "Username must be MORE then 1 characters long! <a href='register.php'> << Back </a>";
}
else
{
$ip = $_SERVER['REMOTE_ADDR'];

//protection
$before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE');
$after   = array('', '', '', '', '', '', '', '', '', '', '', '', '');
$output  = str_replace($before, $after, $username);

//protection
$output3  = str_replace($before, $after, $password);

//protection
$output4  = str_replace($before, $after, $email);

//protection
$output2  = str_replace($before, $after, $signature);

$query = mysql_query("SELECT * FROM users WHERE username='$output'");

$numrows = mysql_num_rows($query);

if ($numrows!=0) {
   echo "This username already exists!";
}
else
{

//write
$write = mysql_query("INSERT INTO users VALUES ('', '$output', '$output3')") or die(mysql_error());

echo "<div class='box'>Thank you for registering $output! You can now use your account in the game.";
}
}
}
?>

 

The code, specifically:

 

mysql_query("INSERT INTO users VALUES ('', '$output', '$output3')") or die(mysql_error());

trq Prolific Member

trq

Posted
Posted

You likely have an auto incrementing id field, and your code is trying to insert an empty string into it.

 

You need to explicitly name the fields you are inserting into, and simply leave out the id field. eg;

 

mysql_query("INSERT INTO users (fld, fld2) VALUES ('$output', '$output3')");

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.