Tom10 Posted February 16, 2015 Share Posted February 16, 2015 Hello, So i'm making a register script and the values are not inserting here is my script. if(isset($_POST['register'])) { $username = $_POST['username']; $password = $_POST['password']; $cpassword = $_POST['cpassword']; $username = htmlentities($username, ENT_QUOTES); $password = htmlentities($password, ENT_QUOTES); $cpassword = htmlentities($cpassword, ENT_QUOTES); $username = htmlspecialchars($username, ENT_QUOTES); $password = htmlspecialchars($password, ENT_QUOTES); $cpassword = htmlspecialchars($cpassword, ENT_QUOTES); $username = mysqli_real_escape_string($con, $username); $password = mysqli_real_escape_string($con, $password); $cpassword = mysqli_real_escape_string($con, $cpassword); $username = strip_tags($username); $password = strip_tags($password); $cpassword = strip_tags($cpassword); $cpassword = hash('ripemd128', $cpassword); $denymsg = "<h3>The username or password you have entered has been rejected. Check their are not illeagal characters, ie. code, special characters etc. </h3>"; if(preg_match("#[^\w\?\&\=\.]#", $username)) { echo $denymsg; die(); } else { } if(preg_match("#[^\w\?\&\=\.]#", $password)) { echo $denymsg; } else { } if($password !== $_POST['cpassword']) { die("Passwords do not match!"); } if(!$username OR !$password) { die("Make sure you have entered a username and password!"); } $sql = "INSERT INTO `users` (username, password) VALUES ('$username', '$cpassword')"; if($sql === TRUE) { echo "Your account (".$username.") has been created!"; } else { echo "Your account (".$username.") could not be created. "; echo "<br> <br> ".var_dump($sql)." "; } } I do not get any errors, but here is the result of the variable dump Your account (user) could not be created. string(92) "INSERT INTO `users` (username, password) VALUES ('user', '602cb6acf8f1d5a8c402bc6b9505730f')" Quote Link to comment Share on other sites More sharing options...
ginerjm Posted February 16, 2015 Share Posted February 16, 2015 Despite all that horrible looking logic to supposedly sanitize your input, I'll offer you this: You didn't do the insert. 1 Quote Link to comment Share on other sites More sharing options...
Tom10 Posted February 16, 2015 Author Share Posted February 16, 2015 Despite all that horrible looking logic to supposedly sanitize your input, I'll offer you this: You didn't do the insert. $sql = "INSERT INTO `users` (username, password) VALUES ('$username', '$cpassword')"; Quote Link to comment Share on other sites More sharing options...
Solution Ch0cu3r Posted February 16, 2015 Solution Share Posted February 16, 2015 (edited) You have only defined the query. You have not executed the query, this is what ginerjm was pointing out. Edited February 16, 2015 by Ch0cu3r 1 Quote Link to comment Share on other sites More sharing options...
Tom10 Posted February 16, 2015 Author Share Posted February 16, 2015 You have only defined the query. You have not executed the query, this is what ginerjm was pointing out. Ah, Thanks Ch0cu3r and sorry gingerjm i wasn't quite sure what you meant. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.