Jump to content

[SOLVED] mysql_real_escape_string help

thewooleymammoth

By thewooleymammoth
in PHP Coding Help

Recommended Posts

thewooleymammoth Advanced Member

thewooleymammoth

Posted
Posted 

<?php
$connectmysql;
$getusername=mysql_real_escape_string($_POST['username']);
$getpassword=mysql_real_escape_string($_POST['password']);
$getpassword2=mysql_real_escape_string($_POST['password2']);
echo "$getusername <-- username<br> $getpassword <-- password <br> $getpassword2 <--password2<br>";

returns

 

<-- username

<-- password

<--password2

 

 

 

???? confused cant get it to work...

 

 

you can try it out at http://www.getyourlinkon.net/register.php

Link to comment
https://forums.phpfreaks.com/topic/73241-solved-mysql_real_escape_string-help/
Share on other sites
thewooleymammoth Advanced Member

thewooleymammoth

Posted
  • Author
Posted 

<?php
$pagename='Register';
include('tophalf.php');
?>

    <?php 
if(isset($_COOKIE['auth']))
     {  
  echo "<h1>Register</h1>
    You must be logged out to register";
}
else
{
echo 	"
<form method='post' action='reg.php'>
<table>
  <tr>
    <td>Username:</td>
    <td><input type='text' name='username'></td>
  </tr>
  <tr>
    <td>Password:</td>
    <td><input type='password' name='password'></td>
  </tr>
  <tr>
    <td>Confirm Password:</td>
    <td><input type='password' name='password2'></td>
  </tr>
  <tr>
    <td> </td>
    <td><input type='submit' value='submit' name='register'></td>
  </tr>
</table>
</form>";
}
?>
  <?php
  include('bottumhalf.php');
  ?>

 

^^register page^^

 


<?php
include('databaseconnect.php');
include('filter/filter.php');
include('tophalf.php');
$connectmysql;
$getusername=mysql_real_escape_string($_POST['username']);
$getpassword=mysql_real_escape_string($_POST['password']);
$getpassword2=mysql_real_escape_string($_POST['password2']);/*
$stripusername=strip_tags($getusername);
$filterusername=str_replace($bad1, $good, $stripusername);
$username=str_replace($capalpha, $alpha, $filterusername);
$strippassword=strip_tags($getpassword);
$filterpassword=str_replace($bad1, $good, $strippassword);
$password=$filterpassword;
$strippassword2=strip_tags($getpassword2);
$filterpassword2=str_replace($bad, $good, $strippassword2);
$password2=$filterpassword2;
$connectmysql=mysql_connect("$host","$sqlname","$sqlpass") or die(mysql_error());
$selectdb=mysql_select_db($sqlbase) or die(mysql_error());
$query=mysql_query("SELECT*FROM login WHERE username='$username'") or die(mysql_error());
$result=mysql_fetch_assoc($query);

$selectdb;
$query=mysql_query("SELECT*FROM login WHERE username='$username'") or die(mysql_error());
$result=mysql_fetch_assoc($query);
*/echo "$getusername <-- username<br> $getpassword <-- password <br> $getpassword2 <--password2<br>";
/*if ($password == $password2)
{
if ($result['username'] == $username){
	echo "sorry username $username is already taken";
}
elseif (strlen($username)<5){
    echo "sorry your username must be more than 5 characters.";
}
elseif (strlen($password)<5){
    echo "sorry your password must be more than 5 characters";
}
else
{

	mysql_query("INSERT INTO `$sqlbase`.`login` (
	`username` ,
	`password`
	)
	VALUES (
	'$username', '$password'
	);") or die (mysql_error());
	echo "You have registered with the username : $username<br> and the password: $password <br><a href='index.php'> Click here to return to Homepage</a>";
	$filename = "userlist/users.txt";
    $openfile = fopen($filename, "a") or die("could not open file $filename");
    $date=date('l dS \of F Y h:i:s A');

if (!fwrite($openfile, "$username| $date|")){
    echo "<br>Sorry $user you could not be added to the user list $date";
}

	}
}

else if ($password != $password2)
{
echo "Your Passwords did not match. <br><a href='register.php'> Click here to return to the registration page";
}

else
{
echo "error";
}
*/include('bottumhalf.php');
?>

 

^^reg page^^ but everything but those are commented so... i dont know why its not working

thewooleymammoth Advanced Member

thewooleymammoth

Posted
  • Author
Posted

i tried it like this and it just doesnt insert anything into the database... i hate somethings...

<?php
include('databaseconnect.php');
include('filter/filter.php');
include('tophalf.php');
$connectmysql;
$getusername=$_POST['username'];
$getpassword=$_POST['password'];
$getpassword2=$_POST['password2'];
$stripusername=strip_tags($getusername);
$filterusername=str_replace($bad1, $good, $stripusername);
$username=str_replace($capalpha, $alpha, $filterusername);
$strippassword=strip_tags($getpassword);
$filterpassword=str_replace($bad1, $good, $strippassword);
$password=$filterpassword;
$strippassword2=strip_tags($getpassword2);
$filterpassword2=str_replace($bad, $good, $strippassword2);
$password2=$filterpassword2;
$connectmysql=mysql_connect("$host","$sqlname","$sqlpass") or die(mysql_error());
$selectdb=mysql_select_db($sqlbase) or die(mysql_error());
$query=mysql_query("SELECT*FROM login WHERE username='$username'") or die(mysql_error());
$result=mysql_fetch_assoc($query);

$selectdb;
$query=mysql_query("SELECT*FROM login WHERE username='$username'") or die(mysql_error());
$result=mysql_fetch_assoc($query);
echo "$getusername <-- username<br> $getpassword <-- password <br> $getpassword2 <--password2<br>";
if ($password == $password2)
{
if ($result['username'] == $username){
	echo "sorry username $username is already taken";
}
elseif (strlen($username)<5){
    echo "sorry your username must be more than 5 characters.";
}
elseif (strlen($password)<5){
    echo "sorry your password must be more than 5 characters";
}
else
{

	mysql_query("INSERT INTO `$sqlbase`.`login` (
	`username` ,
	`password`
	)
	VALUES (
	'".mysql_real_escape_string($username)."', '".mysql_real_escape_string($passwor)."'
	);") or die (mysql_error());
	echo "You have registered with the username : $username<br> and the password: $password <br><a href='index.php'> Click here to return to Homepage</a>";
	$filename = "userlist/users.txt";
    $openfile = fopen($filename, "a") or die("could not open file $filename");
    $date=date('l dS \of F Y h:i:s A');

if (!fwrite($openfile, "$username| $date|")){
    echo "<br>Sorry $user you could not be added to the user list $date";
}

	}
}

else if ($password != $password2)
{
echo "Your Passwords did not match. <br><a href='register.php'> Click here to return to the registration page";
}

else
{
echo "error";
}
include('bottumhalf.php');
?>

thewooleymammoth Advanced Member

thewooleymammoth

Posted
  • Author
Posted

i suppose i kinda solved myself lol, ill explain what i did for others,

here

<?php
mysql_query("INSERT INTO `$sqlbase`.`login` (
	`username` ,
	`password`
	)
	VALUES (
	'".mysql_real_escape_string($username)."', '".mysql_real_escape_string($passwor)."'
	);") or die (mysql_error());
	echo "You have registered with the username : $username<br> and the password: $password <br><a href='index.php'> Click here to return to Homepage</a>";

i mispelled password, so i didnt inject my password, but idk why the post wasnt working originaly

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.