Jump to content

Login Problem

tberger

By tberger
in PHP Coding Help

 Share

Recommended Posts

tberger Newbie

tberger

Posted
Posted

I am setting up a member form for users.  When the person submits there information.  The database checks to make sure the record doesn't already exist - if it does, it should tell them it does and direct them to the login page.  If it doesn't exist, it should insert a record into the database.

 

My problem - it displays like it is putting the records into the table but when I display the table results - I get nothing.  It worked when I just had an insert statement but when I put that inside an if statement to satisfy the criteria I listed above - it seems to have stopped working.

 

Any suggestions?

 

Here is the code:

 

<html>

<head>

<title>Create Process</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

</head>

 

<body>

<?php

/* Tracy Seeberger (00835940)

create_processSQL.php

Module 4 - Assignment

*/

 

//Escapes and enquotes variables

function clean($var){

    return trim(addslashes($var));

}

//Variable declaration

 

    $fname = clean($_POST['first_name']);

    $lname = clean($_POST['last_name']);

    $email = clean($_POST['email_address']);

    $pw = clean($_POST['password']);

 

// Connect to server and select databse.

$db=mysql_connect('monet.homeip.net','conn1','conn1') or die ("Cannot connect to server");

mysql_select_db('test',$db) or die ("Cannot select DB");

 

print "Connected to MySQL<br>";

 

 

if (!$_POST['email_address'] | !$_POST['password'] | !$_POST['first_name'] | !$_POST['last_name'])

{

die('You must complete all required fields.');

}

 

$usercheck = $_POST['email_address'];

$check = mysql_query("SELECT username FROM seebergerLogin where username = '$_POST[email_address]'")

or die(mysql_error());

 

if ($check != 0 )

{

$query="INSERT INTO seebergerLogin (username, password, first_name, last_name)VALUES ('$_POST[email_address]','$_POST[password]','$_POST[first_name]','$_POST[last_name]')";

 

$_POST[password] = md5($_POST[password]);

 

echo $fname;

echo ', your account has been created <br />';

echo "<html> <body> To Sign into your account <a href='loginsql.php'> Click Here!</a>";

}

 

else

{

echo $_POST['email_address'];

echo ("You are already registered");

echo "<html> <body> To Sign into your account <a href='loginsql.php'> Click Here!</a>";

}

?>

</body>

</html>

Link to comment
Share on other sites
jscix Member

jscix

Posted
Posted

I honestly cant see the problem, your sql looks fine, as does the rest of your code.. but im curious why you are working with dirty $_POST Variables, after you have already placed and secured them(Assuming the CLEAN function does this) right here:

 

$fname = clean($_POST['first_name']);

$lname = clean($_POST['last_name']);

$email = clean($_POST['email_address']);

$pw = clean($_POST['password']);

 

?

Link to comment
Share on other sites
taith Regular Member

taith

Posted
Posted

few problems there firstly...

 

$_POST[password] = md5($_POST[password]); # i have to go first
$query="INSERT INTO seebergerLogin (username, password, first_name, last_name)VALUES ('$_POST[email_address]','$_POST[password]','$_POST[first_name]','$_POST[last_name]')";

#and you forgot to query that ;-)
mysql_query($query);

#also near the biginning...
$check=mysql_query("SELECT username FROM seebergerLogin where username = '$_POST[email_address]' LIMIT 1") or die(mysql_error());
$row=mysql_fetch_array($check);      
if(!empty($row)){
.
.
.

Link to comment
Share on other sites
jscix Member

jscix

Posted
Posted

lol, wow I didnt catch that at all,  ???

 

$query="INSERT INTO seebergerLogin (username, password, first_name, last_name)VALUES      ('$_POST[email_address]','$_POST[password]','$_POST[first_name]','$_POST[last_name]')";

 

$query is a bad var name for a mysql_query, it looks far too similar

Link to comment
Share on other sites
Trium918 Advanced Member

Trium918

Posted
Posted

Try this!

 

<?php
/* Tracy Seeberger (00835940)
create_processSQL.php
Module 4 - Assignment
*/

//Escapes and enquotes variables
function clean($var){
    return trim(addslashes($var));
}
//Variable declaration

    $fname = clean($_POST['first_name']);
    $lname = clean($_POST['last_name']);
    $email = clean($_POST['email_address']);
    $pw = clean($_POST['password']);

     // Connect to server and select databse.
     $db=mysql_connect('monet.homeip.net','conn1','conn1') or die ("Cannot connect to server");
     mysql_select_db('test',$db) or die ("Cannot select DB");

     print "Connected to MySQL";

   if (!$_POST['email_address'] || !$_POST['password'] || !$_POST['first_name'] || !$_POST['last_name'])
      {
         die('You must complete all required fields.');
      }
  
      // check if username is unique  
      $check = mysql_query("SELECT username FROM seebergerLogin where username = '$_POST[email_address]'"); 
      if (!$check)
      return "Could not execute query". mysql_error();
      if (mysql_num_rows($check)>0) 
      return "That username is taken - go back and choose another one.";
     
      // if ok, put in db
  
  $_POST[password] = md5($_POST[password]);
  $query = "INSERT INTO seebergerLogin (username, password, first_name, last_name)
            VALUES('$email_address','password','$first_name','$last_name')"; 

		mysql_query($query) or die(mysql_error()); 

     if ($check != 0 )
      {
       echo $fname;
       echo ', your account has been created ';
       echo "<html> <body> To Sign into your account <a href='loginsql.php'> Click Here![/url]";
      }
      
      else
      {      
      echo $_POST['email_address'];
      echo ("You are already registered");
      echo "<html> <body> To Sign into your account <a href='loginsql.php'> Click Here![/url]";
      }
?>

 

Not tested

Link to comment
Share on other sites
taith Regular Member

taith

Posted
Posted

lol... personally... i completly skip that part... lol

 

$query=mysql_query("INSERT INTO seebergerLogin (username, password, first_name, last_name)VALUES ('$_POST[email_address]','$_POST[password]','$_POST[first_name]','$_POST[last_name]')");

 

thats just me tho... no point in using non changing variables only once... lol

Link to comment
Share on other sites
Fehnris Newbie

Fehnris

Posted
Posted

You dont really want to be checking that $check isnt equal to zero.

 


if ($check != 0 )
      {
      $query="INSERT INTO seebergerLogin (username, password, first_name, last_name)VALUES       ('$_POST[email_address]','$_POST[password]','$_POST[first_name]','$_POST[last_name]')";   
      
      $_POST[password] = md5($_POST[password]);
      
    echo $fname;
    echo ', your account has been created 
';
    echo "<html> <body> To Sign into your account <a href='loginsql.php'> Click Here![/url]";
      }

 

Instead check it like this.

 


if (mysql_num_rows($check) > 0 )
      {
      $query="INSERT INTO seebergerLogin (username, password, first_name, last_name)VALUES       ('$_POST[email_address]','$_POST[password]','$_POST[first_name]','$_POST[last_name]')";   
      
      $_POST[password] = md5($_POST[password]);
      
    echo $fname;
    echo ', your account has been created 
';
    echo "<html> <body> To Sign into your account <a href='loginsql.php'> Click Here![/url]";
      }

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.