Problem using while function on a form

adhbvklwqdbviabjiawdnbij · August 19, 2011

I dont know why the $school_id = clean($_POST['school']); is not working...

register_user.php

<?php
session_start();
require_once('auth.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Registrar Usuario</title>
<link rel="stylesheet" href="../../css/styles.css" type="text/css">
</head>
<body>
<h1>Registrar Usuario</h1>
<?php
include("header.php");
?>
<p>Uma senha sera gerada e enviada para o email do usuario.</p>
<form id="loginForm" name="loginForm" method="post" action="../../actions/sadmin_register_user.php">
  <table width="300" border="0" align="left" cellpadding="2" cellspacing="0">
<tr>
      <th>Escola</th>
      <td><select name="school" id="school" > 

<?php

require_once('../../config/config.php');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
	die('Falha ao conectar ao servidor: ' . mysql_error());
}

$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Falha ao selecionar o banco de dados.");
}

$qry = "SELECT * FROM schools";
$result = mysql_query($qry);

while($row = mysql_fetch_array($result)) {

echo "<option value=\"" . $row['school_id'] . "\">" . $row['school_name'] . "</option>";

}

?>
</select></td>
    </tr>
    <tr>
      <th>Nome Completo</th>
      <td><input name="name" type="text" class="textfield" id="name" /></td>
    </tr>
    <tr>
      <th width="124">Email</th>
      <td width="168"><input name="email" type="text" class="textfield" id="email" /></td>
    </tr>
<tr>
      <th>Confirmar Email</th>
      <td><input name="cemail" type="text" class="textfield" id="cemail" /></td>
    </tr>
    <tr>
      <td> </td>
      <td><input type="submit" name="Submit" value="Registrar" /></td>
    </tr>
  </table>
</form>
</body>
</html>

sadmin_register_user.php

<?php

//Start session

session_start();



//Include database connection details

require_once('../config/config.php');



//Array to store validation errors

$errmsg_arr = array();



//Validation error flag

$errflag = false;



//Connect to mysql server

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if(!$link) {

	die('Falha ao conectar ao servidor: ' . mysql_error());

}



//Select database

$db = mysql_select_db(DB_DATABASE);

if(!$db) {

	die("Falha ao selecionar o banco de dados.");

}



//Function to sanitize values received from the form. Prevents SQL injection

function clean($str) {

	$str = @trim($str);

	if(get_magic_quotes_gpc()) {

		$str = stripslashes($str);

	}

	return mysql_real_escape_string($str);

}



//Sanitize the POST values

$name = clean($_POST['name']);

$school_id = clean($_POST['school']);

$email = clean($_POST['email']);

$cemail = clean($_POST['cemail']);

$category = 3;



//Get random password

function createRandomPassword() {

	$chars = "abcdefghijkmnopqrstuvwxyz0123456789";

	srand((double)microtime()*1000000);

	$i = 0;

	$pass = '' ;

	while ($i <= 7) {

		$num = rand() % 33;

		$tmp = substr($chars, $num, 1);

		$pass = $pass . $tmp;

		$i++;

	}

	return $pass;

}

$password = createRandomPassword();



//Input Validations

if($name == '') {

	$errmsg_arr[] = 'O campo Nome nao foi preenchido.';

	$errflag = true;

}

if($email == '') {

	$errmsg_arr[] = 'O campo Email nao foi preenchido.';

	$errflag = true;

}

if($cemail == '') {

	$errmsg_arr[] = 'O campo Confirmar Email nao foi preenchido.';

	$errflag = true;

}

if( strcmp($email, $cemail) != 0 ) {

	$errmsg_arr[] = 'O campo Senha e Confirmar Senha nao correpondem.';

	$errflag = true;

}



//Check for duplicate login ID

if($email != '') {

	$qry = "SELECT * FROM members WHERE email='$email'";

	$result = mysql_query($qry);

	if($result) {

		if(mysql_num_rows($result) > 0) {

			$errmsg_arr[] = 'Esse email ja se encontra em uso.';

			$errflag = true;

		}

		@mysql_free_result($result);

	}

	else {

		die("Query failed");

	}

}



//If there are input validations, redirect back to the registration form

if($errflag) {

	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;

	session_write_close();

	header("location: ../users/sadmin/register_user.php");

	exit();

}



//Create INSERT query

$qry = "INSERT INTO members(name, school_id, category, matricula, email, passwd) VALUES('$name','$school_id','$category','$matricula','$email','".md5($password)."')";

$result = @mysql_query($qry);



//Check whether the query was successful or not

if($result) {

	mail ( "$email", "Sua Senha", "Sua senha e: ".$password."", "From: [email protected]" );

	$errmsg_arr[] = 'O usuario foi registrado com sucesso.';

	$errflag = true;

	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;

	session_write_close();

	header("location: ../users/sadmin/register_user.php");

	exit();

}else {

	die("Query failed");

}

?>

Sign In

Problem using while function on a form

Recommended Posts

adhbvklwqdbviabjiawdnbij

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information