discoDrive Posted November 28, 2007 Share Posted November 28, 2007 Hello there, I have been dabbling with a user signup form, just to make sure I am familiar with the code. When it is working I will adapt it to fit my website design, but I'm having a problem with it at the moment. The code below is giving me some problems because it gets as far as creating the query, but it will not execute it. If anybody can see the problem at a glance please let me know as it is causing me to tear my hair out. If you need any more info, I'll post anything up. Thankyou for your time. <html><head><title>Adding a User</title></head><body> <?php $self = $_SERVER['PHP_SELF']; $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $username = $_POST['username']; $password = $_POST['password']; if ( ( !$firstname ) or ( !$lastname ) or ( !$username ) or ( !$password ) ) { $form ="Please fill in the following:"; $form.="<form action=\"$self\""; $form.=" method=\"POST\">First Name: "; $form.="<input type=\"text\" name=\"firstname\""; $form.=" value=\"$firstname\"> <br>Last Name: "; $form.="<input type=\"text\" name=\"lastname\""; $form.=" value=\"$lastname\"> <br>User Name: "; $form.="<input type=\"text\" name=\"username\""; $form.=" value=\"$username\"> <br>Password: "; $form.="<input type=\"text\" name=\"password\""; $form.=" value=\"$password\"><br>"; $form.="<input type=\"submit\" value=\"Submit\">"; $form.="</form>"; echo( $form ) ; } else { $conn = @mysql_connect( "localhost", "root", "discosucks" ) or die("Could not connect to MySQL"); $db = @mysql_select_db( "noodlenews", $conn) or die("Could not find database"); $sql = "insert into members (firstname,lastname,username,password) values (\"$firstname\",\"$lastname\",\"$username\" password(\"$password\") )"; $result = @mysql_query( $sql, $conn) or die("Could not execute query"); if( $result ) { echo ( "New user $username added" ); } } ?> Quote Link to comment Share on other sites More sharing options...
marcus Posted November 28, 2007 Share Posted November 28, 2007 Don't suppress the errors. Quote Link to comment Share on other sites More sharing options...
Coreye Posted November 28, 2007 Share Posted November 28, 2007 This isn't the reason the script is not working, but wouldn't if( $result ) { echo ( "New user $username added" ); } be vulnerable to cross site scripting and other malicious code? Quote Link to comment Share on other sites More sharing options...
unidox Posted November 29, 2007 Share Posted November 29, 2007 instead of your die function, use "die (mysql_error())" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.