Mickey400z Posted May 12, 2010 Share Posted May 12, 2010 I need a second set of eyes for my registration script please. Connectvars.php has the correct information to access the mySQL database. I keep getting an error at "mysqli_query or die(wtf?)". Thanks! My connectvars.php script is in the same directory as this registration script. It seems to be getting a connection considering my failure is "mysqli_query or die(wtf?)" <?php // Insert the page header $page_title = 'Sign Up'; require_once('connectvars.php'); // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (mysqli_connect_error()) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } if (isset($_POST['submit'])) { // Grab the profile data from the POST $firstname = mysqli_real_escape_string($dbc, trim($_POST['firstname'])); $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1'])); $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2'])); if (!empty($firstname) && !empty($password1) && !empty($password2) && ($password1 == $password2)) { // Make sure someone isn't already registered using this username $query = "SELECT * FROM clients WHERE firstname = '$firstname'"; $data = mysqli_query($dbc, $query) or die('error connecting to db'); if (mysqli_num_rows($data) == 0) { // The username is unique, so insert the data into the database $query = "INSERT INTO clients (firstname, password1) VALUES ('$firstname', SHA1('$password1'))"; mysqli_query($dbc, $query) or die('wtf?'); // Confirm success with the user echo '<p>Your new account has been successfully created. You\'re now ready to <a href="index.php">log in</a>.</p>'; mysqli_close($dbc); exit(); } else { // An account already exists for this username, so display an error message echo '<p class="error">An account already exists for this username. Please use a different address.</p>'; $firstname = ""; } } else { echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>'; } } mysqli_close($dbc); ?> <p>Please enter your username and desired password to sign up to The Haven.</p> <form method="post" action="signup.php"> <fieldset> <legend>Registration Info</legend> <label for="firstname">Username:</label> <input type="text" name="firstname" id="firstname" value="<?php if (!empty($firstname)) echo $firstname; ?>" /><br /> <label for="password1">Password:</label> <input type="password" name="password1" id="password1" /><br /> <label for="password2">Password (retype):</label> <input type="password" name="password2" id="password2" /><br /> </fieldset> <input type="submit" value="Sign Up" name="submit" /> </form> Quote Link to comment Share on other sites More sharing options...
947740 Posted May 12, 2010 Share Posted May 12, 2010 Don't you need something... mysqli_connect_error(/*RIGHT HERE*/) ??? Like... mysqli_connect_error($dbc); Quote Link to comment Share on other sites More sharing options...
Mickey400z Posted May 12, 2010 Author Share Posted May 12, 2010 Ummm....I don't know...do I? Quote Link to comment Share on other sites More sharing options...
947740 Posted May 12, 2010 Share Posted May 12, 2010 I was hinting at the fact that you should try it. Quote Link to comment Share on other sites More sharing options...
aebstract Posted May 12, 2010 Share Posted May 12, 2010 Ummm....I don't know...do I? I'd suggest you try that out, see what happens. If it works then you're golden, if not then come back with what happens and let us know. Quote Link to comment Share on other sites More sharing options...
Mickey400z Posted May 12, 2010 Author Share Posted May 12, 2010 lol...my bad...I didn't see the code snippets. All I saw was the question. hehe Quote Link to comment Share on other sites More sharing options...
Mickey400z Posted May 12, 2010 Author Share Posted May 12, 2010 Okay. I didn't kick anything new back when I added $dbc into the mysqli_connect_error(). It still gave me my "wtf?" error at "or die(wtf?)" Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 12, 2010 Share Posted May 12, 2010 The error means you query failed. If you use mysqli_error($dbc) as part of your die() message, it will tell you why the query failed. I suspect that your password column name is not named password1 Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted May 12, 2010 Share Posted May 12, 2010 You really should some meaningful into the die() function so you can tell what's wrong. Something like <?php $query = "INSERT INTO clients (firstname, password1) VALUES ('$firstname', SHA1('$password1'))"; mysqli_query($dbc, $query) or die("Problem with the query: $query<br>" . $mysqli->error); ?> Ken Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted May 12, 2010 Share Posted May 12, 2010 On all your queries you'd do something similar to.. $query = mysqli_query("query here") or die(mysqli_error()); You wouldn't really need to include the query into the or die, like what kenrbnsn stated, (Unless your using notepad, or something similar) because it'll nearly if not always display a line number in where the problem is Also, with displaying the query isn't safe (Unless its on your localhost only) If it's on the actual web for us to use, if that error comes up with the query- we immediately know what the query is, whats involved in it, and in your instance.. the hash too. Someone can come along.. spot the error. 'Look, its sha1 LETS HACK!' Having or die('wtf?'); and or die('error connecting to db'); are pointless. These will say where the error is, though not what it is. We have *_error for a reason - To tell us the problem. (* being mysql, mysqli, etc etc) Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted May 12, 2010 Share Posted May 12, 2010 The reason I output the query is that you will see the complete query with all variables expanded. Looking in your source will not show that. You should only show the query when you're debugging the script. In production, you should do something like put out a generic error message and store the error somewhere. Ken Quote Link to comment Share on other sites More sharing options...
Mickey400z Posted May 12, 2010 Author Share Posted May 12, 2010 Ok....here's the output I got... Problem with the query: INSERT INTO clients (firstname, password1) VALUES ('Mickey400z', SHA1('abc123')) Now I currently have the password1 field set up as VARCHAR(40) in my databasel table. I was under the impression that was all I needed. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 12, 2010 Share Posted May 12, 2010 You are going to need to use mysqli_error($dbc) (which is guaranteed to work with how you are using mysqli) or $dbc->mysqli_error (which should work) in order to get the msyql error output. Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted May 12, 2010 Share Posted May 12, 2010 Yeah.. as PFMaBiSmAd said. Using mysqli_error($dbc); Does SQL support SHA1() in queries? Quote Link to comment Share on other sites More sharing options...
ignace Posted May 13, 2010 Share Posted May 13, 2010 Does SQL support SHA1() in queries? Yes, it also supports MD5 and PASSWORD Source: http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html Quote Link to comment Share on other sites More sharing options...
Mickey400z Posted May 14, 2010 Author Share Posted May 14, 2010 Thanks for the help everyone. It ended up that I had a field in my table that was set to NOT NULL. Considering I wasn't passing any information to that field, it was kicking it back. Thanks again! Quote Link to comment Share on other sites More sharing options...
ThisisForReal Posted May 18, 2010 Share Posted May 18, 2010 I recognize a lot of the OP's code from the O'Reilly HeadStart PHP MySQL book. Good stuff. I am creating a similar page. Got mine to work just fine. But now I'm trying to replace some of the querying with a stored procedure. The stored procedure is working just fine, except, I'm having trouble doing an SHA1 on the password before passing the variable along to the MySQL stored procedure to add to the DB table. I'm essentially going from Mickey's code (seen here): // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (mysqli_connect_error()) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } if (isset($_POST['submit'])) { // Grab the profile data from the POST $firstname = mysqli_real_escape_string($dbc, trim($_POST['firstname'])); $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1'])); $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2'])); if (!empty($firstname) && !empty($password1) && !empty($password2) && ($password1 == $password2)) { // Make sure someone isn't already registered using this username $query = "SELECT * FROM clients WHERE firstname = '$firstname'"; $data = mysqli_query($dbc, $query) or die('error connecting to db'); if (mysqli_num_rows($data) == 0) { // The username is unique, so insert the data into the database $query = "INSERT INTO clients (firstname, password1) VALUES ('$firstname', SHA1('$password1'))"; mysqli_query($dbc, $query) or die('wtf?'); And now I'm trying to simplify it as such: <?php // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (isset($_POST['submit'])) { // Grab the profile data from the POST $email = mysqli_real_escape_string($dbc, trim($_POST['email'])); $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1'])); $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2'])); if (!empty($email) && !empty($password1) && !empty($password2) && ($password1 == $password2)) { // Person has submitted data in all three fields and passwords match. $encrypt = sha1('$password1'); $query = "CALL mealshare.spRegister('$email','$encrypt')"; $data = mysqli_query($dbc, $query); My problem is that no matter what I enter as a password on the registration page, the encrypted entry in the DB table is always the SAME 40 character hash. Anybody have any clues where my SHA is breaking down? Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted May 18, 2010 Share Posted May 18, 2010 $encrypt = sha1('$password1'); remove the single quotes around $password1 Quote Link to comment Share on other sites More sharing options...
ThisisForReal Posted May 18, 2010 Share Posted May 18, 2010 Oh, that's hilarious. I tried to check against that issue by created a new page and running this: <?php $password1 = soccer; $encrypt = sha1($password1); $password2 = beer; $encrypt2 = sha1('$password2'); echo "$encrypt <br />"; echo "$encrypt2"; ?> The page shot out 2 hashes, and neither matched what was being put in the database on my registration page, so I had eliminated that as a cause. Now I realize I ran a faulty experiment because in the above experiment, it's password2 that has the quotes around it (thus the hash is of *$password2* rather than the value of the variable) rather than password1. Had I put the quotes around password1 in my experiment, it'd have matched my db entries and I would have solved the problem. Funny, because I'm not a total noob, but it's so easy to trip up on trial and error if you're not really careful about how you approach these things... Thanks a bunch! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.