Jump to content

Archived

This topic is now archived and is closed to further replies.

ess14

basic insert help!

Recommended Posts

im trying to do a basic signup form in php and mysql.
i dont know what the hells goin on here. i cant get it to insert anything into the database.
any help would really save me some hair. i know the variables are being passed, there must be something up with my statemens. arghh


[code]
<?php
$usr_name = $_POST['formName'];
$usr_pass = $_POST['formPass'];

//lets check if username exists already
$sql_username_check = mysql_query("SELECT usr_name FROM users
            WHERE usr_name=".$usr_name."");
//does it return any resutls?
$username_check = @mysql_num_rows($sql_username_check);
if($username_check > 0){
header("Location: http://www.motorgym.com/modgarage/signup.php?err=1");
exit();  // exit the script so that we do not create this account!

}

//username check passed begin account creation
if(isset($submit)){
// Enter info into the Database.
$sql = mysql_query("INSERT INTO users (usr_name, usr_pass)
VALUES('$usr_name', '$usr_pass')")
        or die (mysql_error());

}

if(!$sql){
    echo 'There has been an error creating your account. Please contact the webmaster.<br>
<a href="signup.php">go back</a>';
print mysql_error();
} else {
echo'Account creation success.<br> <a href="login.php">Login</a>';
}
?>
[/code]

Share this post


Link to post
Share on other sites
Change

[code=php:0]
$sql_username_check = mysql_query("SELECT usr_name FROM users
            WHERE usr_name=".$usr_name."");
[/code]

To

[code=php:0]
$sql_username_check = mysql_query("SELECT usr_name FROM users
            WHERE usr_name='$usr_name'") or die(mysql_error());
[/code]

Also, you should sanitize the data imputed with something like this.

[code=php:0]
$usr_name = mysql_real_escape_string(trim(strip_tags($_POST['formname']))));
//the same for the other field.
//you should aslo add something like this
if ((!$usr_name) || (!$whatever)) {
    if (!$usr_name) {
       echo "You did not enter your username";
    }
    if (!$whatever) {
       echo "Something else";
    }
    include("yourform.html");
    exit();
}
[/code]



Hope this helps.
Tom

Share this post


Link to post
Share on other sites
hey thanks for the help on the coding. i will add some of those checks to it.

but you know what the problem actually was?! my submit button was named/valued 'Submit' and i was checking for isset($submit)!
what a waste of time. well, not entirely.. now i can use some of ur code. cheers!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.