registration form help needed

[nadz]

hi, i purchased shockscript arcade not too long ago and never really got round to installing it till a few days ago. the script is actually extremely easy to use and it has worked fine untill i tried registering a test account. after putting all the details in (username, email, password etc) an error comes up :

Warning: mysql_insert_id(): A link to the server could not be established in /home/teenaged/public_html/modules/mod_register.php on line 46
Sorry, but there is a problem with our scripts!
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1
UPDATE members SET [b]highest_rank=3[/b] WHERE id= LIMIT 1

"highest_rank=3" on the last line is always a different number. in this case the error shows a highest_rank=3 because it has just entered the third user into mySQL database. the next user to reg would get the same error but highest_rank would be 4, then 5, then 6 and so on.

the funny thing is that the user can go back to the arcade and login using the user account they just registered. is there anyway i can get rid of this error? ive contacted my host about a corect syntax but im not sure what it actually is.

any help would be appreciated.

btw heres my mod_register.php code:
[code]<?php
define( "DOC_TITLE", "register" );
define( "DOC_ADS", false );

if ( $_SERVER['REQUEST_METHOD'] == "POST" )
{
    if ( empty( $_POST['username'] ) )
        $error = "Please fill in your desired username!";
    else if ( !preg_match( "#^[A-Za-z0-9 _'.-]+$#", $_POST["username"] ) )
        $error = "You may only use the following characters in your username: <em>A-Z a-z 0-9 _ <space> ' . -</em>";
    else if ( empty( $_POST['email'] ) )
        $error = "Please fill in your e-mail address!";
    else if ( empty( $_POST['password'] ) )
        $error = "Please fill in your desired password!";
    else if ( $_POST["password"] != $_POST["vpassword"] )
        $error = "The passwords you supplied did not match!";
    else if ( $_POST["email"] != $_POST["vemail"] )
        $error = "The e-mail addresses you supplied did not match!";
    
    if ( !isset( $error ) )
    {
        $db->query( "SELECT * FROM members WHERE username='".$db->escape( trim(stripslashes($_POST["username"])) )."' LIMIT 1" );
        if ( $db->countRows() > 0 )
            $error = "Sorry, but that username is taken!";
        else
        {
            $db->query( "SELECT * FROM members WHERE email='".$db->escape( strtolower(trim(stripslashes($_POST["email"]))) )."' LIMIT 1" );
            if ( $db->countRows() > 0 )
                $error = "The e-mail address you provided is already in use!";
        }
    }
    
    if ( isset( $error ) )
        $message = "<strong>Error</strong>: ".$error;
    else
    {
        $username = trim(stripslashes($_POST["username"]));
        $password = stripslashes($_POST["password"]);
        $email = strtolower(trim(stripslashes($_POST["email"])));
        $username = preg_replace("/\s{2,}/", ' ', $username);
        
        $db->query( "INSERT INTO members ( username, password, email, ".
                    "joined, last_updated ) VALUES ( '".
                    $db->escape( $username )."', '".md5($password)."', '".
                    $db->escape( $email )."', UNIX_TIMESTAMP(), UNIX_TIMESTAMP() )" );
        $insert_id = mysql_insert_id();
        $db->query( "SELECT * FROM members" );
        $rank = $db->countRows();
        $db->query( "UPDATE members SET highest_rank=".$rank." WHERE id=".$insert_id." LIMIT 1" );
        $db->query( "UPDATE sessions SET member_id=".$insert_id.", admin='0' WHERE id='".
                    session_id()."' LIMIT 1" );
        $ref = htmlentities( stripslashes( $_POST["ref"] ) );
        $ref = empty( $ref )? "/" : $ref;
        ?>
<h1>register</h1>
<br />
<div align="center">
<div style="width: 300px; border: 1px solid #ccc; padding: 20px;">
  <strong>Thanks</strong>, you are now registered and logged in!<br />
  <br />
  <script type="text/javascript">
  <!--
  setTimeout( "window.location='"+unescape('<?= urlencode(stripslashes($_POST["ref"])) ?>')+"';", 1500 );
  //-->
  </script>
  <a href="<?= $ref ?>" class="blue" style="font-weight: bold;">Please wait...</a>
</div>
</div>
<br />
<br />
        <?php        
        $dont_output = true;
    }
}
else
    $message = "fill in the form below to become a member of ".$site_title.".";

if ( !$dont_output )
{
    ?>
<form action="/register" method="post">
<h1>register</h1>
<?= $message ?><br />
<br />
<div style="border: 1px solid #ccc; padding: 10px 0px 10px 0px;" align="right">
<?php
if ( !empty( $_REQUEST["ref"] ) )
    print "<input type=\"hidden\" name=\"ref\" value=\"".
        htmlspecialchars( $_REQUEST["ref"] )."\" />";
else
    print "<input type=\"hidden\" name=\"ref\" value=\"".
        htmlspecialchars( "/" )."\" />";
?>
  <table width="80%" border="0" style="text-align: left;">
   <tr>
    <td width="150"><strong>Username</strong>:</td>
    <td align="right"><input align="middle" type="text" name="username" maxlength="32"
     class="textField" value="<?= stripslashes( htmlspecialchars( $_POST["username"] ) ) ?>" />
    </td>
    <td valign="middle" style="font-size: 9px;">
     (Must be between 3 and 32 characters)
    </td>
   </tr>
   <tr>
    <td width="150"><strong>Password</strong>:</td>
    <td align="right"><input align="middle" type="password" name="password"
     maxlength="32" class="textField" />
    </td>
    <td valign="middle" style="font-size: 9px;">
     (Must be between 3 and 32 characters)
    </td>
   </tr>
   <tr>
    <td width="150">Re-Enter <strong>Password</strong>:</td>
    <td align="right"><input align="middle" type="password" name="vpassword"
     maxlength="32" class="textField" />
    </td>
    <td valign="middle" style="font-size: 9px;">
     (Must match password <em>exactly</em>)
    </td>
   </tr>
   <tr>
    <td width="150"><strong>E-Mail</strong> Address:</td>
    <td align="right"><input align="middle" type="text" name="email"
     class="textField" value="<?= stripslashes( htmlspecialchars( $_POST["email"] ) ) ?>" />
    </td>
    <td valign="middle"></td>
   </tr>
   <tr>
    <td width="150">Re-Enter <strong>E-Mail</strong>:</td>
    <td width="150" align="right"><input align="middle" type="text" name="vemail"
     class="textField" value="<?= stripslashes( htmlspecialchars( $_POST["vemail"] ) ) ?>" />
    </td>
    <td align="left" valign="middle" style="font-size: 9px;">
      (Must match e-mail <em>exactly</em>)
    </td>
   </tr>
   <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
   </tr>
   <tr>
    <td>&nbsp;</td>
    <td colspan="2"><input type="submit" class="button"
     style="padding: 4px; width: 200px;" value="Submit my Registration" />
    </td>
    <td>&nbsp;</td>
   </tr>
  </table>
</div>
<div align="center">
  <small>
   <br />
   Please view our <a href="/privacy" class="grey">Privacy Policy</a>
   and our <a href="/terms" class="grey">Terms &amp; Conditions</a>.
  </small>
</div>
</form>
    <?php
}
?>[/code]

[bbaker]

i didn't go through all your code, but the problem is that the SQL query didn't have a value for "id"

UPDATE members SET highest_rank=3 WHERE id=[b][!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]?[!--colorc--][/span][!--/colorc--][/b] LIMIT 1

LIMIT is a SQL clause, not an id. Looks like the script is NOT finding the id.

[nadz]

thanks for youre help. heres the code in the script i think its not getting:

$db->query( "UPDATE members SET highest_rank=".$rank." WHERE id="[b].$insert_id.[/b]" LIMIT 1" );

can you see anything wrong with it?

[nadz]

well i contacted shockscript, they say their not selling it anymore for this exact reason - "overwhelming emails about script errors" beat that for customer support. they did however try to solve my problem by telling me "you might want to try and switch hosts".