Jump to content

What is going wrong here?


SalientAnimal

Recommended Posts

Hi Guys/Gals,

 

I have a user registration form that uses the below code to create a new user account  and to send off a confirmation e-mail, however, for some reason some users only receive the confirmation e-mail, but their account is never created on the database and therefore they can not log in. Can someone see what I am doing wrong?

 

<?php

$con = mysql_connect("localhost","root","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
  
  if
	(
	$_POST['status'] == "Active"
	)
{
$to = "$_POST[email]";
$subject = "Registration - $_POST[username]";
$message = "
Hi $_POST[fname]

Thank you for completing your registration. 

You have registered using the following details:
Username: $_POST[username]
Password: $_POST[password]
Name & Surname: $_POST[fname] $_POST[lname]
E-Mail: $_POST[email]
Extention: $_POST[mitel_extension]

Should any of this information be incorrect, please contact the administrator.

Welcome Aboard";
}

mail($to, $subject, $message);

mysql_select_db("database", $con);

$sql="INSERT INTO userinfo
(username
, password
, title
, champ
, race
, sex
, account_manager
, department
, designation
, direct_report
, id_number
, number
, alt_number
, email
, domain
, extension
, next_of_kin
, next_of_kin_number
, status
)

VALUES
('$_POST[username]'
, '$_POST[password]'
, '$_POST[title]'
, '$_POST[fname] $_POST[lname]'
, '$_POST[race]'
, '$_POST[sex]'
, '$_POST[account_manager]'
, '$_POST[department]'
, '$_POST[designation]'
, '$_POST[direct_report]'
, '$_POST[id_number]'
, '$_POST[number]'
, '$_POST[alt_number]'
, '$_POST[email]'
, '$_POST[domain]'
, '$_POST[extension]'
, '$_POST[kin_fname] $_POST[kin_lname]'
, '$_POST[next_of_kin_number]'
, '$_POST[status]'
)";

//$CatName = $rowCat["Name"];

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
  echo "<b><font color='white' face='segoe ui' size='2' align='center'>Congratulations you are registered!</b></font>";
  include "redirect_register.html";

mysql_close($con)

?> 

Link to comment
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

It's more than likely because you aren't sanitizing the data before running it through your INSERT query.  If someone inserts a quote as part of their user input, it probably breaks your query.

 

Make sure you run mysql_real_escape_string on all your POST values from the form, before using them.  This should fix things for you.

 

I would also suggest inserting the user before sending the email.  And checking if the user already exists before inserting them.

Link to comment
Share on other sites

You should ensure you structure your code so that that you can see the logical structures by indenting, line-breaking, etc.

 

But, just a cursory reading of that code shows why a mail is always sent:

if ($_POST['status'] == "Active")
{
    $to = "$_POST[email]";
    $subject = "Registration - $_POST[username]";
    $message = "
    Hi $_POST[fname]

    Thank you for completing your registration. 

    You have registered using the following details:
    Username: $_POST[username]
    Password: $_POST[password]
    Name & Surname: $_POST[fname] $_POST[lname]
    E-Mail: $_POST
    Extention: $_POST[mitel_extension]

    Should any of this information be incorrect, please contact the administrator.

    Welcome Aboard";
}

mail($to, $subject, $message);[/email]

 

So, if the post value equals "Active" you are defining some variables to sue for the email. But, then AFTER that block of code that is run for that condition you send the email. So, an email is ALWAYS sent regardless of the post value. But, I don't see how it would get sent to an actual recipient. In fact, all the code that follows (such as creating a record in the DB) is also run. It looks like all of the code should be wrapped in that condition.

 

Second, you are sending the email BEFORE you add the record to the database! So, if the DB query fails the user still gets the email. YOu should not send the email until AFTER all registration process are complete. Plus, there are some other more minor logic errors such as connecting to the DB before checking if there is a registration request.

 

Another possible problem would be problems with specific characters in the data since you are performing no validation/sanitization of the data. There are other problems as well that I don't have the inclination to get into. But, the following should ensure users only get an email AFTER the the record is inserted into the DB.

 

[email]if ($_POST['status'] == "Active")
{
    //Connect to DB server
    $con = mysql_connect("localhost","root","password");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }

    //Select DB
    mysql_select_db("database", $con);
    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }

    //Create query
    $sql = "INSERT INTO userinfo
                (username, password, title, champ,
                 race, sex, account_manager, department,
                 designation, direct_report, id_number, number,
                 alt_number, email, domain, extension,
                 next_of_kin, next_of_kin_number, status)
            VALUES
                ('$_POST[username]', '$_POST[password]', '$_POST[title]', '$_POST[fname] $_POST[lname]',
                 '$_POST[race]', '$_POST[sex]', '$_POST[account_manager]', '$_POST[department]',
                 '$_POST[designation]', '$_POST[direct_report]', '$_POST[id_number]', '$_POST[number]',
                 '$_POST[alt_number]', '$_POST', '$_POST[domain]', '$_POST[extension]',
                 '$_POST[kin_fname] $_POST[kin_lname]', '$_POST[next_of_kin_number]', '$_POST[status]')";
    //Execute query
    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }

    //Create email variable
    $to = "$_POST";
    $subject = "Registration - $_POST[username]";
    $message = "
    Hi $_POST[fname]

    Thank you for completing your registration. 

    You have registered using the following details:
    Username: $_POST[username]
    Password: $_POST[password]
    Name & Surname: $_POST[fname] $_POST[lname]
    E-Mail: $_POST
    Extention: $_POST[mitel_extension]

    Should any of this information be incorrect, please contact the administrator.

    Welcome Aboard";

    //Send email
    mail($to, $subject, $message);

    //Display confirmation message
    echo "<b><font color='white' face='segoe ui' size='2' align='center'>Congratulations you are registered!</b></font>";
    include "redirect_register.html";
}[/email]

Link to comment
Share on other sites

Ok so I tried using the code adjustment you made, but I keep getting this error:

Parse error: syntax error, unexpected '{' on line 3

 

I've tried removing the {. Also I had it after the first if as in your post, but that then gives me and error on the if statment.

Here is what I have at the moment

 

<?php
[email]
{
if ($_POST['status'] == "Active")


//Connect to DB server
$con = mysql_connect("localhost","root","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
  
mysql_select_db("database", $con);
if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }

$sql="INSERT INTO userinfo
(username
, password
, title
, champ
, race
, sex
, account_manager
, department
, designation
, direct_report
, id_number
, number
, alt_number
, email
, domain
, next_of_kin
, next_of_kin_number
, status
)

VALUES
('$_POST[username]'
, '$_POST[password]'
, '$_POST[title]'
, '$_POST[fname] $_POST[lname]'
, '$_POST[race]'
, '$_POST[sex]'
, '$_POST[account_manager]'
, '$_POST[department]'
, '$_POST[designation]'
, '$_POST[direct_report]'
, '$_POST[id_number]'
, '$_POST[number]'
, '$_POST[alt_number]'
, '$_POST[email]'
, '$_POST[domain]'
, '$_POST[kin_fname] $_POST[kin_lname]'
, '$_POST[next_of_kin_number]'
, '$_POST[status]'
)";

//Execute query
    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }


//Create email variable	
$to = "$_POST[email]";
$subject = "Registration - $_POST[username]";
$message = "
Hi $_POST[fname]

Thank you for completing your registration.

You have registered using the following details:
Username: $_POST[username]
Password: $_POST[password]
Name & Surname: $_POST[fname] $_POST[lname]
E-Mail: $_POST[email]


Should any of this information be incorrect, please contact the administrator.


Welcome Aboard";



//Send email
mail($to, $subject, $message);	


echo "<b><font color='white' face='segoe ui' size='2' align='center'>thank you for registeringb></font>";
include "redirect_register.html";
}[/email]
mysql_close($con)

?> 



Link to comment
Share on other sites

Ok so from I've read the errors are cause by a space or a missing bracket or something silly like that. I've checked and recheck but I can't see anything.

 

Can anyone else see anything wrong, I will post the full code again below:

 

<?php
[email]
$status = $_POST["status"];

if(isset($status) == "Active")
{


//Connect to DB server
$con = mysql_connect("localhost","root","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }


mysql_select_db("database", $con);


$sql="INSERT INTO userinfo
(username
, password
, title
, champ
, race
, sex
, account_manager
, department
, designation
, direct_report
, id_number
, number
, alt_number
, email
, domain
, next_of_kin
, next_of_kin_number
, status
)

VALUES
('$_POST[username]'
, '$_POST[password]'
, '$_POST[title]'
, '$_POST[fname] $_POST[lname]'
, '$_POST[race]'
, '$_POST[sex]'
, '$_POST[account_manager]'
, '$_POST[department]'
, '$_POST[designation]'
, '$_POST[direct_report]'
, '$_POST[id_number]'
, '$_POST[number]'
, '$_POST[alt_number]'
, '$_POST[email]'
, '$_POST[domain]'
, '$_POST[kin_fname] $_POST[kin_lname]'
, '$_POST[next_of_kin_number]'
, '$_POST[status]'
)";


//Execute query
    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }


//Create email variable	
$to = "$_POST[email]";
$subject = "Registration - $_POST[username]";
$message = "
Hi $_POST[fname]

Thank you for completing your registration. 

You have registered using the following details:
Username: $_POST[username]
Password: $_POST[password]
Name & Surname: $_POST[fname] $_POST[lname]
E-Mail: $_POST[email]

Should any of this information be incorrect, please contact the administrator.

Welcome Aboard";



//Send email
mail($to, $subject, $message);	


echo "<b><font color='white' face='segoe ui' size='2' align='center'>Congratulations you are a registered!</b></font>";
include "redirect_register.html";
}
[/email]


?> 

Link to comment
Share on other sites

Okay, so I've copied your code into Dreamweaver and trauled through it to make it easier for me to read.

 

 

I've come up with this (copy and replace your current code, upload, and post any errors here):

 

 


<?php


$status = $_POST["status"];


if((isset($status)) && ($status) == "Active")
{
   
   
   //Connect to DB server
   $con = mysql_connect("localhost","root","password") or die("Could not connect: ".mysql_error());
   $db = mysql_select_db("database") or die("Could not select database: ".mysql_error());
   
   
   $sql="INSERT INTO userinfo
   (username
   , password
   , title
   , champ
   , race
   , sex
   , account_manager
   , department
   , designation
   , direct_report
   , id_number
   , number
   , alt_number
   , email
   , domain
   , next_of_kin
   , next_of_kin_number
   , status
   )
   
   VALUES
   ('$_POST[username]'
   , '$_POST[password]'
   , '$_POST[title]'
   , '$_POST[fname] $_POST[lname]'
   , '$_POST[race]'
   , '$_POST[sex]'
   , '$_POST[account_manager]'
   , '$_POST[department]'
   , '$_POST[designation]'
   , '$_POST[direct_report]'
   , '$_POST[id_number]'
   , '$_POST[number]'
   , '$_POST[alt_number]'
   , '$_POST[email]'
   , '$_POST[domain]'
   , '$_POST[kin_fname] $_POST[kin_lname]'
   , '$_POST[next_of_kin_number]'
   , '$_POST[status]'
   )";
   
   
   //Execute query
   $result = mysql_query($sql);
   
   if($result)
   {
      
      //Create email variable   
      $to = "$_POST";
      $subject = "Registration - $_POST[username]";
      $message = "
      Hi $_POST[fname]
      
      Thank you for completing your registration. 
      
      You have registered using the following details:
      Username: $_POST[username]
      Password: $_POST[password]
      Name & Surname: $_POST[fname] $_POST[lname]
      E-Mail: $_POST
      
      Should any of this information be incorrect, please contact the administrator.
      
      Welcome Aboard";
      
      
      
      //Send email
      mail($to, $subject, $message);   
      
      
      echo "<b><font color='white' face='segoe ui' size='2' align='center'>Congratulations you are a registered!</b></font>";
      include "redirect_register.html";
   
   }
   else
   {
      echo "Error: ".mysql_error();
   }
}
else
{
   echo "Error: ".mysql_error();
}


?> 
[/email]

Link to comment
Share on other sites

try changing it slightly:

 

 

if($_POST['status'] == "Active")
{

//code here

}

 

 

to:

 

 

$status = $_POST["status"];


if(isset($status) == "Active")
{

//code here

}

 

 

This is a guess, but if this doesn't work then just post the error.

The revised code will result in error/warning whenever $_POST['status'] is not set.

 

$status = $_POST["status"];

 

 

here's what you want to do instead:

if(isset($_POST['status']) && $_POST['status'] == 'Active')
{

//code here

}

Link to comment
Share on other sites

I understand the headache you talking about. sadly even adding that gives no other errors still getting:

 

Parse error: syntax error, unexpected 'if' (T_IF) in \submit_register.php on line 8 and nothing else. Here is the code exactly as I used it:

 

<?php

error_reporting(-1);
ini_set( 'display_errors', 'On' );


[email]
if((isset($_POST['status']) && ($_POST['status']) == "Active")

{
//REMAINDER OF CODE 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.