Jump to content


Photo

basic insert help!


  • Please log in to reply
2 replies to this topic

#1 ess14

ess14
  • Members
  • PipPipPip
  • Advanced Member
  • 45 posts

Posted 27 September 2006 - 07:43 AM

im trying to do a basic signup form in php and mysql.
i dont know what the hells goin on here. i cant get it to insert anything into the database.
any help would really save me some hair. i know the variables are being passed, there must be something up with my statemens. arghh


<?php
$usr_name = $_POST['formName'];
$usr_pass = $_POST['formPass'];

//lets check if username exists already
$sql_username_check = mysql_query("SELECT usr_name FROM users
            WHERE usr_name=".$usr_name."");
//does it return any resutls?
$username_check = @mysql_num_rows($sql_username_check);
if($username_check > 0){
header("Location: http://www.motorgym.com/modgarage/signup.php?err=1"); 
exit();  // exit the script so that we do not create this account!
	
}

//username check passed begin account creation
if(isset($submit)){
// Enter info into the Database.
$sql = mysql_query("INSERT INTO users (usr_name, usr_pass) 
VALUES('$usr_name', '$usr_pass')")
        or die (mysql_error());
		
}

if(!$sql){
    echo 'There has been an error creating your account. Please contact the webmaster.<br>
	<a href="signup.php">go back</a>';
	print mysql_error();
} else {
echo'Account creation success.<br> <a href="login.php">Login</a>';
}
?>


#2 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 27 September 2006 - 07:53 AM

Change

$sql_username_check = mysql_query("SELECT usr_name FROM users
            WHERE usr_name=".$usr_name."");

To

$sql_username_check = mysql_query("SELECT usr_name FROM users
            WHERE usr_name='$usr_name'") or die(mysql_error());

Also, you should sanitize the data imputed with something like this.

$usr_name = mysql_real_escape_string(trim(strip_tags($_POST['formname']))));
//the same for the other field.
//you should aslo add something like this
if ((!$usr_name) || (!$whatever)) {
    if (!$usr_name) {
       echo "You did not enter your username";
    }
    if (!$whatever) {
       echo "Something else";
    }
    include("yourform.html");
    exit();
}



Hope this helps.
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#3 ess14

ess14
  • Members
  • PipPipPip
  • Advanced Member
  • 45 posts

Posted 27 September 2006 - 07:57 AM

hey thanks for the help on the coding. i will add some of those checks to it.

but you know what the problem actually was?! my submit button was named/valued 'Submit' and i was checking for isset($submit)!
what a waste of time. well, not entirely.. now i can use some of ur code. cheers!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users