SalientAnimal Posted August 30, 2012 Share Posted August 30, 2012 Hi Guys/Gals, I have a user registration form that uses the below code to create a new user account and to send off a confirmation e-mail, however, for some reason some users only receive the confirmation e-mail, but their account is never created on the database and therefore they can not log in. Can someone see what I am doing wrong? <?php $con = mysql_connect("localhost","root","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } if ( $_POST['status'] == "Active" ) { $to = "$_POST[email]"; $subject = "Registration - $_POST[username]"; $message = " Hi $_POST[fname] Thank you for completing your registration. You have registered using the following details: Username: $_POST[username] Password: $_POST[password] Name & Surname: $_POST[fname] $_POST[lname] E-Mail: $_POST[email] Extention: $_POST[mitel_extension] Should any of this information be incorrect, please contact the administrator. Welcome Aboard"; } mail($to, $subject, $message); mysql_select_db("database", $con); $sql="INSERT INTO userinfo (username , password , title , champ , race , sex , account_manager , department , designation , direct_report , id_number , number , alt_number , email , domain , extension , next_of_kin , next_of_kin_number , status ) VALUES ('$_POST[username]' , '$_POST[password]' , '$_POST[title]' , '$_POST[fname] $_POST[lname]' , '$_POST[race]' , '$_POST[sex]' , '$_POST[account_manager]' , '$_POST[department]' , '$_POST[designation]' , '$_POST[direct_report]' , '$_POST[id_number]' , '$_POST[number]' , '$_POST[alt_number]' , '$_POST[email]' , '$_POST[domain]' , '$_POST[extension]' , '$_POST[kin_fname] $_POST[kin_lname]' , '$_POST[next_of_kin_number]' , '$_POST[status]' )"; //$CatName = $rowCat["Name"]; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "<b><font color='white' face='segoe ui' size='2' align='center'>Congratulations you are registered!</b></font>"; include "redirect_register.html"; mysql_close($con) ?> Quote Link to comment Share on other sites More sharing options...
White_Lily Posted August 30, 2012 Share Posted August 30, 2012 If im able to, do you mind if i copy the code and upload it to my webserver to play around with it? I will also need anything that has anything to do with this script, this includes stylesheets and forms Quote Link to comment Share on other sites More sharing options...
shlumph Posted August 30, 2012 Share Posted August 30, 2012 It's more than likely because you aren't sanitizing the data before running it through your INSERT query. If someone inserts a quote as part of their user input, it probably breaks your query. Make sure you run mysql_real_escape_string on all your POST values from the form, before using them. This should fix things for you. I would also suggest inserting the user before sending the email. And checking if the user already exists before inserting them. Quote Link to comment Share on other sites More sharing options...
shlumph Posted August 30, 2012 Share Posted August 30, 2012 Here's some more information: http://www.php.net/mysql_real_escape_string Quote Link to comment Share on other sites More sharing options...
Psycho Posted August 30, 2012 Share Posted August 30, 2012 You should ensure you structure your code so that that you can see the logical structures by indenting, line-breaking, etc. But, just a cursory reading of that code shows why a mail is always sent: if ($_POST['status'] == "Active") { $to = "$_POST[email]"; $subject = "Registration - $_POST[username]"; $message = " Hi $_POST[fname] Thank you for completing your registration. You have registered using the following details: Username: $_POST[username] Password: $_POST[password] Name & Surname: $_POST[fname] $_POST[lname] E-Mail: $_POST Extention: $_POST[mitel_extension] Should any of this information be incorrect, please contact the administrator. Welcome Aboard"; } mail($to, $subject, $message);[/email] So, if the post value equals "Active" you are defining some variables to sue for the email. But, then AFTER that block of code that is run for that condition you send the email. So, an email is ALWAYS sent regardless of the post value. But, I don't see how it would get sent to an actual recipient. In fact, all the code that follows (such as creating a record in the DB) is also run. It looks like all of the code should be wrapped in that condition. Second, you are sending the email BEFORE you add the record to the database! So, if the DB query fails the user still gets the email. YOu should not send the email until AFTER all registration process are complete. Plus, there are some other more minor logic errors such as connecting to the DB before checking if there is a registration request. Another possible problem would be problems with specific characters in the data since you are performing no validation/sanitization of the data. There are other problems as well that I don't have the inclination to get into. But, the following should ensure users only get an email AFTER the the record is inserted into the DB. [email]if ($_POST['status'] == "Active") { //Connect to DB server $con = mysql_connect("localhost","root","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } //Select DB mysql_select_db("database", $con); if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } //Create query $sql = "INSERT INTO userinfo (username, password, title, champ, race, sex, account_manager, department, designation, direct_report, id_number, number, alt_number, email, domain, extension, next_of_kin, next_of_kin_number, status) VALUES ('$_POST[username]', '$_POST[password]', '$_POST[title]', '$_POST[fname] $_POST[lname]', '$_POST[race]', '$_POST[sex]', '$_POST[account_manager]', '$_POST[department]', '$_POST[designation]', '$_POST[direct_report]', '$_POST[id_number]', '$_POST[number]', '$_POST[alt_number]', '$_POST', '$_POST[domain]', '$_POST[extension]', '$_POST[kin_fname] $_POST[kin_lname]', '$_POST[next_of_kin_number]', '$_POST[status]')"; //Execute query if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } //Create email variable $to = "$_POST"; $subject = "Registration - $_POST[username]"; $message = " Hi $_POST[fname] Thank you for completing your registration. You have registered using the following details: Username: $_POST[username] Password: $_POST[password] Name & Surname: $_POST[fname] $_POST[lname] E-Mail: $_POST Extention: $_POST[mitel_extension] Should any of this information be incorrect, please contact the administrator. Welcome Aboard"; //Send email mail($to, $subject, $message); //Display confirmation message echo "<b><font color='white' face='segoe ui' size='2' align='center'>Congratulations you are registered!</b></font>"; include "redirect_register.html"; }[/email] Quote Link to comment Share on other sites More sharing options...
SalientAnimal Posted August 30, 2012 Author Share Posted August 30, 2012 Thanks for the feedback guys. I obviously still have loads to learn and by using the information I get here I have already progressed a long way. I will test the solutions mentioned here. Thanks a lot guys. Quote Link to comment Share on other sites More sharing options...
SalientAnimal Posted August 31, 2012 Author Share Posted August 31, 2012 Ok so I tried using the code adjustment you made, but I keep getting this error: Parse error: syntax error, unexpected '{' on line 3 I've tried removing the {. Also I had it after the first if as in your post, but that then gives me and error on the if statment. Here is what I have at the moment <?php [email] { if ($_POST['status'] == "Active") //Connect to DB server $con = mysql_connect("localhost","root","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("database", $con); if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } $sql="INSERT INTO userinfo (username , password , title , champ , race , sex , account_manager , department , designation , direct_report , id_number , number , alt_number , email , domain , next_of_kin , next_of_kin_number , status ) VALUES ('$_POST[username]' , '$_POST[password]' , '$_POST[title]' , '$_POST[fname] $_POST[lname]' , '$_POST[race]' , '$_POST[sex]' , '$_POST[account_manager]' , '$_POST[department]' , '$_POST[designation]' , '$_POST[direct_report]' , '$_POST[id_number]' , '$_POST[number]' , '$_POST[alt_number]' , '$_POST[email]' , '$_POST[domain]' , '$_POST[kin_fname] $_POST[kin_lname]' , '$_POST[next_of_kin_number]' , '$_POST[status]' )"; //Execute query if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } //Create email variable $to = "$_POST[email]"; $subject = "Registration - $_POST[username]"; $message = " Hi $_POST[fname] Thank you for completing your registration. You have registered using the following details: Username: $_POST[username] Password: $_POST[password] Name & Surname: $_POST[fname] $_POST[lname] E-Mail: $_POST[email] Should any of this information be incorrect, please contact the administrator. Welcome Aboard"; //Send email mail($to, $subject, $message); echo "<b><font color='white' face='segoe ui' size='2' align='center'>thank you for registeringb></font>"; include "redirect_register.html"; }[/email] mysql_close($con) ?> Quote Link to comment Share on other sites More sharing options...
hakimserwa Posted August 31, 2012 Share Posted August 31, 2012 the opening { is in a wrong place it should be after if ($_POST['status'] == "Active") here { Quote Link to comment Share on other sites More sharing options...
SalientAnimal Posted August 31, 2012 Author Share Posted August 31, 2012 Hi there, tried that as well, then I get the parse error on the if Quote Link to comment Share on other sites More sharing options...
hakimserwa Posted August 31, 2012 Share Posted August 31, 2012 post the error then Quote Link to comment Share on other sites More sharing options...
White_Lily Posted August 31, 2012 Share Posted August 31, 2012 try changing it slightly: if($_POST['status'] == "Active") { //code here } to: $status = $_POST["status"]; if(isset($status) == "Active") { //code here } This is a guess, but if this doesn't work then just post the error. Quote Link to comment Share on other sites More sharing options...
SalientAnimal Posted August 31, 2012 Author Share Posted August 31, 2012 These are the two errors I get when try the suggestions. Parse error: syntax error, unexpected 'if' (T_IF) in \submit_register.php on line 3 Parse error: syntax error, unexpected '$status' (T_VARIABLE) in \submit_register.php on line 3 Quote Link to comment Share on other sites More sharing options...
SalientAnimal Posted August 31, 2012 Author Share Posted August 31, 2012 Ok so from I've read the errors are cause by a space or a missing bracket or something silly like that. I've checked and recheck but I can't see anything. Can anyone else see anything wrong, I will post the full code again below: <?php [email] $status = $_POST["status"]; if(isset($status) == "Active") { //Connect to DB server $con = mysql_connect("localhost","root","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("database", $con); $sql="INSERT INTO userinfo (username , password , title , champ , race , sex , account_manager , department , designation , direct_report , id_number , number , alt_number , email , domain , next_of_kin , next_of_kin_number , status ) VALUES ('$_POST[username]' , '$_POST[password]' , '$_POST[title]' , '$_POST[fname] $_POST[lname]' , '$_POST[race]' , '$_POST[sex]' , '$_POST[account_manager]' , '$_POST[department]' , '$_POST[designation]' , '$_POST[direct_report]' , '$_POST[id_number]' , '$_POST[number]' , '$_POST[alt_number]' , '$_POST[email]' , '$_POST[domain]' , '$_POST[kin_fname] $_POST[kin_lname]' , '$_POST[next_of_kin_number]' , '$_POST[status]' )"; //Execute query if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } //Create email variable $to = "$_POST[email]"; $subject = "Registration - $_POST[username]"; $message = " Hi $_POST[fname] Thank you for completing your registration. You have registered using the following details: Username: $_POST[username] Password: $_POST[password] Name & Surname: $_POST[fname] $_POST[lname] E-Mail: $_POST[email] Should any of this information be incorrect, please contact the administrator. Welcome Aboard"; //Send email mail($to, $subject, $message); echo "<b><font color='white' face='segoe ui' size='2' align='center'>Congratulations you are a registered!</b></font>"; include "redirect_register.html"; } [/email] ?> Quote Link to comment Share on other sites More sharing options...
White_Lily Posted August 31, 2012 Share Posted August 31, 2012 I just re-read the code, im assuming you have "if" statements being there will also be "else" statements to? Quote Link to comment Share on other sites More sharing options...
White_Lily Posted August 31, 2012 Share Posted August 31, 2012 Okay, so I've copied your code into Dreamweaver and trauled through it to make it easier for me to read. I've come up with this (copy and replace your current code, upload, and post any errors here): <?php $status = $_POST["status"]; if((isset($status)) && ($status) == "Active") { //Connect to DB server $con = mysql_connect("localhost","root","password") or die("Could not connect: ".mysql_error()); $db = mysql_select_db("database") or die("Could not select database: ".mysql_error()); $sql="INSERT INTO userinfo (username , password , title , champ , race , sex , account_manager , department , designation , direct_report , id_number , number , alt_number , email , domain , next_of_kin , next_of_kin_number , status ) VALUES ('$_POST[username]' , '$_POST[password]' , '$_POST[title]' , '$_POST[fname] $_POST[lname]' , '$_POST[race]' , '$_POST[sex]' , '$_POST[account_manager]' , '$_POST[department]' , '$_POST[designation]' , '$_POST[direct_report]' , '$_POST[id_number]' , '$_POST[number]' , '$_POST[alt_number]' , '$_POST[email]' , '$_POST[domain]' , '$_POST[kin_fname] $_POST[kin_lname]' , '$_POST[next_of_kin_number]' , '$_POST[status]' )"; //Execute query $result = mysql_query($sql); if($result) { //Create email variable $to = "$_POST"; $subject = "Registration - $_POST[username]"; $message = " Hi $_POST[fname] Thank you for completing your registration. You have registered using the following details: Username: $_POST[username] Password: $_POST[password] Name & Surname: $_POST[fname] $_POST[lname] E-Mail: $_POST Should any of this information be incorrect, please contact the administrator. Welcome Aboard"; //Send email mail($to, $subject, $message); echo "<b><font color='white' face='segoe ui' size='2' align='center'>Congratulations you are a registered!</b></font>"; include "redirect_register.html"; } else { echo "Error: ".mysql_error(); } } else { echo "Error: ".mysql_error(); } ?> [/email] Quote Link to comment Share on other sites More sharing options...
MMDE Posted August 31, 2012 Share Posted August 31, 2012 try changing it slightly: if($_POST['status'] == "Active") { //code here } to: $status = $_POST["status"]; if(isset($status) == "Active") { //code here } This is a guess, but if this doesn't work then just post the error. The revised code will result in error/warning whenever $_POST['status'] is not set. $status = $_POST["status"]; here's what you want to do instead: if(isset($_POST['status']) && $_POST['status'] == 'Active') { //code here } Quote Link to comment Share on other sites More sharing options...
White_Lily Posted August 31, 2012 Share Posted August 31, 2012 The code I've posted below MMDE's should now work. (modified to implement MMDE's solution). If this doesnt the else statements should show any errors. Post them here. Quote Link to comment Share on other sites More sharing options...
SalientAnimal Posted August 31, 2012 Author Share Posted August 31, 2012 Stil lthe same error as previously Parse error: syntax error, unexpected '$status' (T_VARIABLE) in \submit_register.php on line 3 Quote Link to comment Share on other sites More sharing options...
White_Lily Posted August 31, 2012 Share Posted August 31, 2012 okay, take out the $status variable from line 3 and the if statement. replace the if statement with: if((isset($_POST["status"]) && ($_POST["status"]) == "Active") Quote Link to comment Share on other sites More sharing options...
SalientAnimal Posted August 31, 2012 Author Share Posted August 31, 2012 Still getting the same error: Parse error: syntax error, unexpected '$status' (T_VARIABLE) in \submit_register.php on line 3 Quote Link to comment Share on other sites More sharing options...
White_Lily Posted August 31, 2012 Share Posted August 31, 2012 you shouldnt get that error if you took the variable out (as in remove it from the code completely) Quote Link to comment Share on other sites More sharing options...
SalientAnimal Posted August 31, 2012 Author Share Posted August 31, 2012 Sorry my bad, forgot to click the next at the bottom of the srceen and thought my update wasn't posting. Got this error now: Parse error: syntax error, unexpected 'if' (T_IF) in \submit_register.php on line 3 Quote Link to comment Share on other sites More sharing options...
White_Lily Posted August 31, 2012 Share Posted August 31, 2012 Yes - that error has gotten me a headache, i can't see (or think) why that error is showing. Try this (put this under the <?php opening tag.): <?php error_reporting(-1); ini_set( 'display_errors', 'On' ); Then tell us the errors it shows. Quote Link to comment Share on other sites More sharing options...
SalientAnimal Posted August 31, 2012 Author Share Posted August 31, 2012 I understand the headache you talking about. sadly even adding that gives no other errors still getting: Parse error: syntax error, unexpected 'if' (T_IF) in \submit_register.php on line 8 and nothing else. Here is the code exactly as I used it: <?php error_reporting(-1); ini_set( 'display_errors', 'On' ); [email] if((isset($_POST['status']) && ($_POST['status']) == "Active") { //REMAINDER OF CODE Quote Link to comment Share on other sites More sharing options...
White_Lily Posted August 31, 2012 Share Posted August 31, 2012 what does that "email" tag do? ive never seen or used it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.