Jump to content

[SOLVED] mysql_real_escape_string help

thewooleymammoth

By thewooleymammoth
in PHP Coding Help

 Share

Recommended Posts

thewooleymammoth Advanced Member

thewooleymammoth

Posted
Posted 

<?php
$connectmysql;
$getusername=mysql_real_escape_string($_POST['username']);
$getpassword=mysql_real_escape_string($_POST['password']);
$getpassword2=mysql_real_escape_string($_POST['password2']);
echo "$getusername <-- username<br> $getpassword <-- password <br> $getpassword2 <--password2<br>";

returns

 

<-- username

<-- password

<--password2

 

 

 

???? confused cant get it to work...

 

 

you can try it out at http://www.getyourlinkon.net/register.php

Link to comment
https://forums.phpfreaks.com/topic/73241-solved-mysql_real_escape_string-help/
Share on other sites
thewooleymammoth Advanced Member

thewooleymammoth

Posted
  • Author
Posted 

<?php
$pagename='Register';
include('tophalf.php');
?>

    <?php 
if(isset($_COOKIE['auth']))
     {  
  echo "<h1>Register</h1>
    You must be logged out to register";
}
else
{
echo 	"
<form method='post' action='reg.php'>
<table>
  <tr>
    <td>Username:</td>
    <td><input type='text' name='username'></td>
  </tr>
  <tr>
    <td>Password:</td>
    <td><input type='password' name='password'></td>
  </tr>
  <tr>
    <td>Confirm Password:</td>
    <td><input type='password' name='password2'></td>
  </tr>
  <tr>
    <td> </td>
    <td><input type='submit' value='submit' name='register'></td>
  </tr>
</table>
</form>";
}
?>
  <?php
  include('bottumhalf.php');
  ?>

 

^^register page^^

 


<?php
include('databaseconnect.php');
include('filter/filter.php');
include('tophalf.php');
$connectmysql;
$getusername=mysql_real_escape_string($_POST['username']);
$getpassword=mysql_real_escape_string($_POST['password']);
$getpassword2=mysql_real_escape_string($_POST['password2']);/*
$stripusername=strip_tags($getusername);
$filterusername=str_replace($bad1, $good, $stripusername);
$username=str_replace($capalpha, $alpha, $filterusername);
$strippassword=strip_tags($getpassword);
$filterpassword=str_replace($bad1, $good, $strippassword);
$password=$filterpassword;
$strippassword2=strip_tags($getpassword2);
$filterpassword2=str_replace($bad, $good, $strippassword2);
$password2=$filterpassword2;
$connectmysql=mysql_connect("$host","$sqlname","$sqlpass") or die(mysql_error());
$selectdb=mysql_select_db($sqlbase) or die(mysql_error());
$query=mysql_query("SELECT*FROM login WHERE username='$username'") or die(mysql_error());
$result=mysql_fetch_assoc($query);

$selectdb;
$query=mysql_query("SELECT*FROM login WHERE username='$username'") or die(mysql_error());
$result=mysql_fetch_assoc($query);
*/echo "$getusername <-- username<br> $getpassword <-- password <br> $getpassword2 <--password2<br>";
/*if ($password == $password2)
{
if ($result['username'] == $username){
	echo "sorry username $username is already taken";
}
elseif (strlen($username)<5){
    echo "sorry your username must be more than 5 characters.";
}
elseif (strlen($password)<5){
    echo "sorry your password must be more than 5 characters";
}
else
{

	mysql_query("INSERT INTO `$sqlbase`.`login` (
	`username` ,
	`password`
	)
	VALUES (
	'$username', '$password'
	);") or die (mysql_error());
	echo "You have registered with the username : $username<br> and the password: $password <br><a href='index.php'> Click here to return to Homepage</a>";
	$filename = "userlist/users.txt";
    $openfile = fopen($filename, "a") or die("could not open file $filename");
    $date=date('l dS \of F Y h:i:s A');

if (!fwrite($openfile, "$username| $date|")){
    echo "<br>Sorry $user you could not be added to the user list $date";
}

	}
}

else if ($password != $password2)
{
echo "Your Passwords did not match. <br><a href='register.php'> Click here to return to the registration page";
}

else
{
echo "error";
}
*/include('bottumhalf.php');
?>

 

^^reg page^^ but everything but those are commented so... i dont know why its not working

thewooleymammoth Advanced Member

thewooleymammoth

Posted
  • Author
Posted

i tried it like this and it just doesnt insert anything into the database... i hate somethings...

<?php
include('databaseconnect.php');
include('filter/filter.php');
include('tophalf.php');
$connectmysql;
$getusername=$_POST['username'];
$getpassword=$_POST['password'];
$getpassword2=$_POST['password2'];
$stripusername=strip_tags($getusername);
$filterusername=str_replace($bad1, $good, $stripusername);
$username=str_replace($capalpha, $alpha, $filterusername);
$strippassword=strip_tags($getpassword);
$filterpassword=str_replace($bad1, $good, $strippassword);
$password=$filterpassword;
$strippassword2=strip_tags($getpassword2);
$filterpassword2=str_replace($bad, $good, $strippassword2);
$password2=$filterpassword2;
$connectmysql=mysql_connect("$host","$sqlname","$sqlpass") or die(mysql_error());
$selectdb=mysql_select_db($sqlbase) or die(mysql_error());
$query=mysql_query("SELECT*FROM login WHERE username='$username'") or die(mysql_error());
$result=mysql_fetch_assoc($query);

$selectdb;
$query=mysql_query("SELECT*FROM login WHERE username='$username'") or die(mysql_error());
$result=mysql_fetch_assoc($query);
echo "$getusername <-- username<br> $getpassword <-- password <br> $getpassword2 <--password2<br>";
if ($password == $password2)
{
if ($result['username'] == $username){
	echo "sorry username $username is already taken";
}
elseif (strlen($username)<5){
    echo "sorry your username must be more than 5 characters.";
}
elseif (strlen($password)<5){
    echo "sorry your password must be more than 5 characters";
}
else
{

	mysql_query("INSERT INTO `$sqlbase`.`login` (
	`username` ,
	`password`
	)
	VALUES (
	'".mysql_real_escape_string($username)."', '".mysql_real_escape_string($passwor)."'
	);") or die (mysql_error());
	echo "You have registered with the username : $username<br> and the password: $password <br><a href='index.php'> Click here to return to Homepage</a>";
	$filename = "userlist/users.txt";
    $openfile = fopen($filename, "a") or die("could not open file $filename");
    $date=date('l dS \of F Y h:i:s A');

if (!fwrite($openfile, "$username| $date|")){
    echo "<br>Sorry $user you could not be added to the user list $date";
}

	}
}

else if ($password != $password2)
{
echo "Your Passwords did not match. <br><a href='register.php'> Click here to return to the registration page";
}

else
{
echo "error";
}
include('bottumhalf.php');
?>

thewooleymammoth Advanced Member

thewooleymammoth

Posted
  • Author
Posted

i suppose i kinda solved myself lol, ill explain what i did for others,

here

<?php
mysql_query("INSERT INTO `$sqlbase`.`login` (
	`username` ,
	`password`
	)
	VALUES (
	'".mysql_real_escape_string($username)."', '".mysql_real_escape_string($passwor)."'
	);") or die (mysql_error());
	echo "You have registered with the username : $username<br> and the password: $password <br><a href='index.php'> Click here to return to Homepage</a>";

i mispelled password, so i didnt inject my password, but idk why the post wasnt working originaly

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.