Jump to content

Recommended Posts

Hi,

 

I am trying to put together the insert code for a form however what ever I try the = sign here password = MD5 creates an error.

 

I have tried around 10 variations such as placing the line in brackets but whatever I try it creates an error. When I remove this code it enters the firstname and surname but I cant get the password part to enter. Any suggestions please?

 

 

	    $query = mysql_query("INSERT INTO users SET email
	    (firstname, surname) VALUES ('".$firstname."', '".$surname."')");
           "' . mysql_real_escape_string($registerEmail) . '";
	    password = MD5("' . mysql_real_escape_string($registerPassword) . '");  
	    date_registered = "' . date('Y-m-d H:i:s') . '"';  

	    if(mysql_query($query)){  
		    $success['register'] = 'Thank you for registering. You can now log in on the left.';  
	    }else{  
		    $errors['register'] = 'There was a problem registering you. Please check your details and try again.';  

          		  }  
    }  

           }   

Link to comment
https://forums.phpfreaks.com/topic/268666-frustrating-sign-insert/
Share on other sites

Hi,

 

Yes deja vu. Im not trying to make a secure login system. Im trying to make a login system that works and then make it secure.

 

Apart from email authorisation I almost have a login system. Just need to finish this and create an update page to add details to a members profile. The first phase is getting there.

 

But thanks for link. I shall check that out once I have completed the first phase.

Edited by justlukeyou

This is the two options I have:

 

1. Spend 2 months buidling a membership system that works. Spend a further 2 months making it safe.

 

2. Spend 6 months learning upto date PHP and security code. Spend a further 2 months building a membership system that works and is safe.

 

What option would you take?

Edited by justlukeyou

Anything worth having is worth working for.

 

Your options aren't correct. It's more like this.

 

1. Keep banging your head against a wall for 2 months, then spend a year fixing all the holes, cleaning up after problems, loosing members, and generally making a fool of yourself.

2. Do it right the first time, regardless of how long it takes. Which will be less time than it takes to do it wrong and then half-ass fix it, over and over again.

 

To answer your question, I take the option which gets things done the right way. Are you serious? There are plenty of people here who are professionals. If my boss asked me this question (but phrased in a way that makes sense) and I *didn't* answer that I would do things the best possible way, I'd be out of a job. Sometimes in an emergency you have to take a shortcut. But if you set out to do things the lazy way in life, you will never get ahead.

 

There's a reason that literally a dozen or more people here have told you you're going about things the wrong way. We know what we are talking about.

Edited by Jessica

 

That said looking at the actual post, what you have is such a basic syntax error that I can't comprehend how you don't get it at this point. The syntax highlighting shows it so clearly that all I can say is LOOK AT WHAT YOU WROTE.

 

SLOW down, learn what you're doing, and do it RIGHT.

A truly lazy programmer would make sure he did everything right the first time, as then he'd know that he doesn't have to spend any more time on the code in the future. A sloppy programmer wouldn't care, and thus create loads more work for him as described by Jessica.

That's why I make sure to do everything right the first time around.

 

Remember that we all started out where you are now, and we've gone through all of the steps that you need to take. So the advice we're giving is not only to ensure that everything is correct, but they are the most efficient way of going about things. This we know from experience, personal experience.

 

Right now you're not nearly paying enough attention to what you're doing, and your planning is severely lacking. Meaning that you're programming by coincidence, as you have no real knowledge of what your code does (and why it does this). This means that any code you're currently producing, that's working the first time around, is purely accidental. Meaning you'll have to spent an absurd amount of time rewriting your code repeatedly to find something that (seemingly) works, and even then there might be hidden bugs that crop up in the future. Requiring you to go back, and start the whole rewrite-until-works process again.

The fact of the matter is, doing it this way the amount of work needed is always unknown and always greater than what it would be using the proper method. So saying that you're saving time is a falsehood, brought on by a lack of understanding.

 

Here's some articles on the programming-by-coincidence problem:

http://pragprog.com/the-pragmatic-programmer/extracts/coincidence

http://www.hanselman.com/blog/CargocultProgramming.aspx

http://www.codinghorror.com/blog/2008/03/the-first-rule-of-programming-its-always-your-fault.html

 

PS: As you might notice all of these links are referencing the book "The Pragmatic Programmer". A book I highly recommend for anyone working with code. ;)

That said looking at the actual post, what you have is such a basic syntax error that I can't comprehend how you don't get it at this point. The syntax highlighting shows it so clearly that all I can say is LOOK AT WHAT YOU WROTE.

 

SLOW down, learn what you're doing, and do it RIGHT.

 

Its a basic error!? I asked on another forum and they couldn't fix it either lol

 

Could you please point out what the error is. I've got the system working, now Im just trying to add more columns such as first name and surname.

Edited by justlukeyou

This code works btw but when I try to add to it creates an error on the = MD5 point.

 

 

$query = 'INSERT INTO users SET email = "' . mysql_real_escape_string($registerEmail) . '",
password = MD5("' . mysql_real_escape_string($registerPassword) . '"),
date_registered = "' . date('Y-m-d H:i:s') . '"'; 

Edited by justlukeyou

           $query = mysql_query("INSERT INTO users SET email
           (firstname, surname) VALUES ('".$firstname."', '".$surname."')");
           "' . mysql_real_escape_string($registerEmail) . '";
           password = MD5("' . mysql_real_escape_string($registerPassword) . '");  
           date_registered = "' . date('Y-m-d H:i:s') . '"';  

 

Do you understand the point of syntax highlighing?

 

Or any of the code you wrote? Just READ IT.

 

Edited by Jessica

There's nothing technically wrong with the query you just posted, in reply #10.

 

Since you didn't post the error you got, there's no way anyone here can help you with the error. :psychic:

Edited by PFMaBiSmAd

Like I've said I can get it to work when I insert two sets of information so I am learning something!!! But when I try to insert both it creates an error on the = sign.

 

This is the error message syntax error, unexpected '='

 

I have read the code and tried to edit it around 20 times but I still cant get it to work.

 

I know there is only one open bracket but whatever I try it still wont work.

Edited by justlukeyou

           $query = mysql_query("INSERT INTO users SET email
           (firstname, surname) VALUES ('".$firstname."', '".$surname."')");
           "' . mysql_real_escape_string($registerEmail) . '";
           password = MD5("' . mysql_real_escape_string($registerPassword) . '");  
           date_registered = "' . date('Y-m-d H:i:s') . '"';  

 

Do you understand the point of syntax highlighing?

 

Or any of the code you wrote? Just READ IT.

Seriously. THE COLORS.

This creates syntax error, unexpected T_CONSTANT_ENCAPSED_STRING

 

Im going in round in circles and need some help to fix this problem. I was hoping someone with more skills would help put the two peices of working code I have toghether.

 

 

	 $query = mysql_query("INSERT INTO users SET email
				    (firstname, surname) VALUES ('".$firstname."', '".$surname."')
				    "' . mysql_real_escape_string($registerEmail) . '";
				    password = MD5("' . mysql_real_escape_string($registerPassword) . '");  
				    date_registered = "' . date('Y-m-d H:i:s') . '"; ")

I was hoping someone with more skills would help put the two peices of working code I have toghether.

 

No.

 

Right now you're not nearly paying enough attention to what you're doing, and your planning is severely lacking. Meaning that you're programming by coincidence, as you have no real knowledge of what your code does (and why it does this). This means that any code you're currently producing, that's working the first time around, is purely accidental. Meaning you'll have to spent an absurd amount of time rewriting your code repeatedly to find something that (seemingly) works, and even then there might be hidden bugs that crop up in the future. Requiring you to go back, and start the whole rewrite-until-works process again.

The fact of the matter is, doing it this way the amount of work needed is always unknown and always greater than what it would be using the proper method. So saying that you're saving time is a falsehood, brought on by a lack of understanding.

 

Here's some articles on the programming-by-coincidence problem:

http://pragprog.com/the-pragmatic-programmer/extracts/coincidence

http://www.hanselman.com/blog/CargocultProgramming.aspx

http://www.codinghorror.com/blog/2008/03/the-first-rule-of-programming-its-always-your-fault.html

I know we've had this before but I really cant see the point of a forum that tells you to go somewhere else. Its like a supermarket that tells you to go to a farm.

 

I have got the code working seperately so I have done some work and learnt how to do that.

 

Where can I specifically learn how to solve this problem?

Edited by justlukeyou

You're walking in to a supermarket with 20 pounds of random manure and asking them to exchange it for a whole, live cow.

 

Hahaha thats very funny.

 

I see as a long line of hurdles. Some I can jump over myself some I need a hand with. Can I have a hand with this hurdle please?

No. Because you don't learn that way. As evidenced time and time again. The problem you are having is BASIC syntax. You don't even know how to do string concatenation and you think it will be easy for you to make a secure login system.

No. Because you don't learn that way. As evidenced time and time again. The problem you are having is BASIC syntax. You don't even know how to do string concatenation and you think it will be easy for you to make a secure login system.

 

PLEASE CAN YOU ANSWER HOW TO FIX THIS PROBLEM. TO SAY I HAVEN'T LEARN ANYTHING IS QUITE UNFAIR.

Edited by justlukeyou
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.