Dream.In.Code > Programming Help > PHP

Welcome to Dream.In.Code
	Getting PHP Help is Easy! Join 136,582 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 1,922 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a PHP Expert

Register Form

Reply to this topic

Start new topic

Register Form, Tiny Problem

Limitation	1 Oct, 2008 - 09:34 AM Post #1
New D.I.C Head Joined: 27 Sep, 2008 Posts: 17 My Contributions	Hey again people. Well I just made a Registeration Form and it works. But got a very tiny problem, if anyone could help me out would be good. Also is this form free from SQL Injection or anyother exploit? Plus please plot out mistakes if I have done some. So the tiny problem is that after I click register a blank page appears instead of what should be (Thank you for registering, you may now log in) . Also theres no record in the database, which shows that anyone has registered, their details etc... The codes below shows the codes I used for the registeration form and to create the database and tables in MySQL. You can try it yourself and check. Thanks in advance Code used to create database and tables. CODE mysql_select_db("game", $con); $sql = "CREATE TABLE Users ( usersID int NOT NULL AUTO_INCREMENT, PRIMARY KEY(usersID), Username varchar(32) NOT NULL, Password varchar(64) NOT NULL , Email varchar(64) NOT NULL , Ip varchar(32) NOT NULL , Gender ENUM('Male','Female') NOT NULL, Date varchar(32) NOT NULL )"; Registeration Code CODE <?php $con = mysql_connect("localhost","root","secret"); if (!$con) { die('Could not connect: ' . mysql_error()); } function protect($value){ $value = mysql_real_escape_string(value); $value = stripslashes($value); $value = strip_tags($value); } $action = $_GET['act']; protect($action); if(!$action){ echo "<table border=0 cellspacing=3 cellpadding=3>\n <form name=register method=post action=\"register.php?act=register\">\n <tr><td>Username:</td><td><input type=text name=username maxlength=32>\n</td><tr>\n <tr><td>Password:</td><td><input type=password name=password maxlength=64>\n</td></tr>\n <tr><td>Confirm:</td><td><input type=password name=passconf maxlength=64>\n</td></tr>\n <tr><td>Email:</td><td><input type=text name=email>\n</td></tr>\n <tr><td>Confirm:</td><td><input type=text name=econf>\n</td></tr>\n <tr><td>Gender</td><td><select name=gender> <option value=gender>Male</option>\n <option value=gender>Female</option>\n <tr><td>Your Name</td><td><input type=text name=name maxlength=32>\n <tr><td colspan=2 align=right><input type=submit value=\"Register\">\n"; } if($action=="register"){ $username = $_POST['username']; $password = $_POST['password']; $passconf = $_POST['passconf']; $email = $_POST['email']; $day = $_POST['gender']; $name = $_POST['name']; protect($username); protect($passwrod); protect($passconf); protect($email); protect($gender); protect($name); if (isset($username) && isset($password) && isset($passconf) && isset($email) && isset($gender) && isset($name)){ if(strlen($username) < 3 \|\| strlen($username) > 32){ echo "Username is either too short or too long\n"; }else { if(strlen($password) < 3 \|\| strlen($password) > 64){ echo "Password is either too short ot too long\n"; }else { if(strlen($email) < 3 \|\| strlen($email) > 64){ echo "Email is either too short ot too long\n"; }else { if(strlen($name) < 2 \|\| strlen($name) > 64){ echo "Your name is either too short or too long\n"; }else { if($password != $passconf){ echo "Your password do not match\n"; }else { if($email != $echoconf){ echo "Your emails do not match\n"; }else { $checkemail = "/[a-z0-9]+([_\\.-][a-z0-9]+)@([a-z0-9]+([\.-][a-z0-9]-)+\\.(a-z)(2;)$/"; if(!preg_match($checkemail,$email)){ echo "The email you entered is incorrect"; }else { $sql = "SELECT = FROM 'users' WHERE 'username' ='$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0){ echo "This username already exists"; }else { $sql = "SELECT = FROM 'users' WHERE 'email' ='$email'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0){ echo "The email you supplied is already in use"; }else { $sql = "SELECT = FROM 'users' WHERE 'ip' ='$_SERVER[REMOTE_ADDR]'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0){ echo "The IP is already in use"; }else { $password = mds($password); $date = date('f j, Y @ g:i:s a'); $sql = "INSTER INTO 'users' ('username','password','email','ip','name,'gender','date') VALUES('$username','$password,'$email','$_SERVER[REMOTE_ADDR]',' $gender,' $date);"; $res = mysql_query($sql) or die(mysql_error()); echo "Thank you for registering, you may now log in\n"; } } } } } } } } } } } } ?>
	This Post Was Helpful!


Register for Free to Make These Ads Go Away!

Hary	RE: Register Form 1 Oct, 2008 - 10:49 AM Post #2
D.I.C Head Joined: 23 Sep, 2008 Posts: 205 Thanked: 15 times My Contributions	I'd prefer to a list of bad things detected, with a elseif, instead of this large nested tree, but that's taste. And do you mean to SELECT * FROM instead of SELECT = FROM?
	This Post Was Helpful!

JackOfAllTrades	RE: Register Form 1 Oct, 2008 - 11:10 AM Post #3
Cantankerous Old Fart Joined: 23 Aug, 2008 Posts: 580 Thanked: 59 times Dream Kudos: 50 My Contributions	Very sad that you're saving the password in the database in cleartext
	This Post Was Helpful!

Limitation	RE: Register Form 1 Oct, 2008 - 02:18 PM Post #4
New D.I.C Head Joined: 27 Sep, 2008 Posts: 17 My Contributions	Ill sort those out lol. Btw what I need to know is a way that it would store registered users data in the database as soon as anyone has registered. Anyone please ?
	This Post Was Helpful!

Hary	RE: Register Form 2 Oct, 2008 - 03:30 AM Post #5
D.I.C Head Joined: 23 Sep, 2008 Posts: 205 Thanked: 15 times My Contributions	That is what this is suppossed to do, and does so if all errors are gone?
	This Post Was Helpful!

Limitation	RE: Register Form 3 Oct, 2008 - 01:51 AM Post #6
New D.I.C Head Joined: 27 Sep, 2008 Posts: 17 My Contributions	Help
	This Post Was Helpful!

Hary	RE: Register Form 3 Oct, 2008 - 02:34 AM Post #7
D.I.C Head Joined: 23 Sep, 2008 Posts: 205 Thanked: 15 times My Contributions	Have you changed the SQL code? What does it do?
	This Post Was Helpful!

pemcconnell	RE: Register Form 3 Oct, 2008 - 04:42 AM Post #8
D.I.C Regular Joined: 5 Aug, 2008 Posts: 396 Thanked: 37 times Dream Kudos: 75 My Contributions	that protect() function seems dead-on. Should be pretty injection-proof. but it wasn't doing anything as it stood (protect($variable) instead of $variable = protect($variable). Another thing I noticed was that this function didn't 'return' anything), also the $password was spelt wrong in one of the protect()'s, and $action = $_GET['act']; should be $action = $_REQUEST['act']; Final thing I noticed was the SELECT = FROM - pretty sure = is not a wildcard, so changed it to . I've fixed the code and added some actions to the else {} to help you debug CODE <?php $con = mysql_connect("localhost","root","secret"); if (!$con) { die('Could not connect: ' . mysql_error()); } function protect($value){ $value = mysql_real_escape_string(value); $value = stripslashes($value); $value = strip_tags($value); return $value; } $action = $_REQUEST['act']; protect($action); if(!$action){ echo "<table border=0 cellspacing=3 cellpadding=3>\n <form name=register method=post action=\"register.php?act=register\">\n <tr><td>Username:</td><td><input type=text name=username maxlength=32>\n</td><tr>\n <tr><td>Password:</td><td><input type=password name=password maxlength=64>\n</td></tr>\n <tr><td>Confirm:</td><td><input type=password name=passconf maxlength=64>\n</td></tr>\n <tr><td>Email:</td><td><input type=text name=email>\n</td></tr>\n <tr><td>Confirm:</td><td><input type=text name=econf>\n</td></tr>\n <tr><td>Gender</td><td><select name=gender> <option value=gender>Male</option>\n <option value=gender>Female</option>\n <tr><td>Your Name</td><td><input type=text name=name maxlength=32>\n <tr><td colspan=2 align=right><input type=submit value=\"Register\">\n"; }else{ echo 'Action = '.$action.'.<br />'; } if($action=="register"){ $username = $_POST['username']; $password = $_POST['password']; $passconf = $_POST['passconf']; $email = $_POST['email']; $day = $_POST['gender']; $name = $_POST['name']; $username = protect($username); $password = protect($password); // was spelt passwrod $passconf = protect($passconf); $email = protect($email); $gender = protect($gender); $name = protect($name); if (isset($username) && isset($password) && isset($passconf) && isset($email) && isset($gender) && isset($name)){ if(strlen($username) < 3 \|\| strlen($username) > 32){ echo "Username is either too short or too long\n"; }else { if(strlen($password) < 3 \|\| strlen($password) > 64){ echo "Password is either too short ot too long\n"; }else { if(strlen($email) < 3 \|\| strlen($email) > 64){ echo "Email is either too short ot too long\n"; }else { if(strlen($name) < 2 \|\| strlen($name) > 64){ echo "Your name is either too short or too long\n"; }else { if($password != $passconf){ echo "Your password do not match\n"; }else { if($email != $echoconf){ echo "Your emails do not match\n"; }else { $checkemail = "/[a-z0-9]+([_\\.-][a-z0-9]+)@([a-z0-9]+([\.-][a-z0-9]-)+\\.(a-z)(2;)$/"; if(!preg_match($checkemail,$email)){ echo "The email you entered is incorrect"; }else { $sql = "SELECT FROM 'users' WHERE 'username' ='$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0){ echo "This username already exists"; }else { $sql = "SELECT * FROM 'users' WHERE 'email' ='$email'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0){ echo "The email you supplied is already in use"; }else { $sql = "SELECT * FROM 'users' WHERE 'ip' ='$_SERVER[REMOTE_ADDR]'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0){ echo "The IP is already in use"; }else { $password = mds($password); $date = date('f j, Y @ g:i:s a'); $sql = "INSTER INTO 'users' ('username','password','email','ip','name,'gender','date') VALUES('$username','$password,'$email','$_SERVER[REMOTE_ADDR]',' $gender,' $date);"; $res = mysql_query($sql) or die(mysql_error()); echo "Thank you for registering, you may now log in\n"; } } } } } } } } } } } }else{ echo 'Action wasnt register'; } ?> So basically this form will allow a user to register, validate the content, then insert the users data into the database with a "Thankyou for registering..." message This post has been edited by pemcconnell: 3 Oct, 2008 - 04:58 AM
	This Post Was Helpful!

Limitation	RE: Register Form 3 Oct, 2008 - 09:47 AM Post #9
New D.I.C Head Joined: 27 Sep, 2008 Posts: 17 My Contributions	Action = register. Your emails do not match Still dont work Damn im stressed out
	This Post Was Helpful!

Limitation	RE: Register Form 3 Oct, 2008 - 09:52 AM Post #10
New D.I.C Head Joined: 27 Sep, 2008 Posts: 17 My Contributions	After I update some stuff it gives me this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' WHERE 'username' ='value'' at line 1 Ermm well what you lot think, is the SQL table codes correct ? Is it linked to the register.php? Im damn confused.
	This Post Was Helpful!

Hary	RE: Register Form 4 Oct, 2008 - 04:20 AM Post #11
D.I.C Head Joined: 23 Sep, 2008 Posts: 205 Thanked: 15 times My Contributions	use "WHERE username='value'"
	This Post Was Helpful!

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 12/3/08 12:33AM

Invision Power Board v2.1.7 © 2008 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Forum Index: Programming Help | C and C++ | Visual Basic | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | PHP Tutorials | Linux Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Live PHP Help!

PHP Tutorials

Reference Sheets