• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 241
  • Last Modified:

Registration code not working

Either I'm just being completely blind or my code is refusing to work.

Can't seem to get my registration form to work.
I know that all the names are correct as I've submitted an empty form and I'm getting all the error
messages I wrote back. e.g username is missing

I've checked that all the database values are correct and are going into the right table and yet I'm just getting back "query failed" so I know for a fact that something is wrong with one of the two sections where I've wrote "query failed" but I just can't see the problem...Anyway, here's my code:

reg.php
<form id="loginForm" name="loginForm" method="post" action="regcheck.php">
  <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
    <tr>
      <th>First Name </th>
      <td><input name="FirstName" type="text" class="textfield" id="FirstName" /></td>
    </tr>
    <tr>
      <th>Last Name </th>
      <td><input name="Surname" type="text" class="textfield" id="Surname" /></td>
    </tr>
    <tr>
      <th width="124">Username</th>
      <td width="168"><input name="UserName" type="text" class="textfield" id="UserName" /></td>
    </tr>
    <tr>
      <th>Password</th>
      <td><input name="Password" type="password" class="textfield" id="Password" /></td>
    </tr>
    <tr>
      <th>Confirm Password </th>
      <td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" class='button' name="Submit" value="Register" /></td>
    </tr>
  </table>
</form>
<?php
	if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
		echo '<ul class="err">';
		foreach($_SESSION['ERRMSG_ARR'] as $msg) {
			echo '<li>',$msg,'</li>'; 
		}
		echo '</ul>';
		unset($_SESSION['ERRMSG_ARR']);
	}
?>

Open in new window


and...

regcheck.php
<?php
	//Start session
	session_start();
	
	//Include database connection details
	require_once('config.php');
	
	//Array to store validation errors
	$errmsg_arr = array();
	
	//Validation error flag
	$errflag = false;
	
	//Connect to mysql server
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	}
	
	//Select database
	$db = mysql_select_db(DB_DATABASE);
	if(!$db) {
		die("Unable to select database");
	}
	
	//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
	
	//Sanitize the POST values
	$FirstName = clean($_POST['FirstName']);
	$Surname = clean($_POST['Surname']);
	$UserName = clean($_POST['UserName']);
	$Password = clean($_POST['Password']);
	$cpassword = clean($_POST['cpassword']);
	
	//Input Validations
	if($FirstName == '') {
		$errmsg_arr[] = 'First name missing';
		$errflag = true;
	}
	if($Surname == '') {
		$errmsg_arr[] = 'Last name missing';
		$errflag = true;
	}
	if($UserName == '') {
		$errmsg_arr[] = 'Username missing';
		$errflag = true;
	}
	if($Password == '') {
		$errmsg_arr[] = 'Password missing';
		$errflag = true;
	}
	if($cpassword == '') {
		$errmsg_arr[] = 'Confirm password missing';
		$errflag = true;
	}
	if( strcmp($Password, $cpassword) != 0 ) {
		$errmsg_arr[] = 'Passwords do not match';
		$errflag = true;
	}
	
	//Check for duplicate UserName
	if($UserName != '') {
		$qry = "SELECT * FROM user WHERE UserName='$UserName'";
		$result = mysql_query($qry);
		if($result) {
			if(mysql_num_rows($result) > 0) {
				$errmsg_arr[] = 'Username already in use';
				$errflag = true;
			}
			@mysql_free_result($result);
		}
		else {
			die("Query failed");
		}
	}
	
	//If there are input validations, redirect back to the registration form
	if($errflag) {
		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
		session_write_close();
		header("location: reg.php");
		exit();
	}

	//Create INSERT query
	$qry = "INSERT INTO user(FirstName, Surname, UserName, Password) VALUES('$FirstName','$Surname','$UserName','".md5($_POST['Password'])."')";
	$result = @mysql_query($qry);
	
	//Check whether the query was successful or not
	if($result) {
		header("location: register-success.php");
		exit();
	}else {
		die("Query failed");
	}
?>

Open in new window


If you can see the error, please do let me know as it's driving me mad.
As you can see, the  "Check for duplicate UserName" and "Create INSERT query" are the two
sections with "Query failed".

Thanks.
0
PSTCAT
Asked:
PSTCAT
  • 4
  • 3
1 Solution
 
Hugh McCurdyCommented:
Instead of this
<td><input name="FirstName" type="text" class="textfield" id="FirstName" /></td>
try
<td><input name="FirstName" type="text" class="textfield" name='FirstName' id="FirstName" /></td>
0
 
Hugh McCurdyCommented:
If that doesn't work, let's start debugging by adding a    var_dump ( $_POST );    in the vicinity of your calls to clean().

0
 
PSTCATAuthor Commented:
Nope. That gives a yellow highlight on the HTML and didn't change anything with the "Query Failed" error.

Thanks though.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
PSTCATAuthor Commented:
The var_dump gives the following error...


array(6) { ["FirstName"]=> string(6) "tester" ["Surname"]=> string(4) "test" ["UserName"]=> string(6) "tester" ["Password"]=> string(7) "testing" ["cpassword"]=> string(7) "testing" ["Submit"]=> string(8) "Register" } Query failed
0
 
mankowitzCommented:
Also, see what mysql is telling you. Replace

die("Query failed");

Open in new window


with

die("Query failed with query $qry and error " . mysql_error() );

Open in new window

0
 
PSTCATAuthor Commented:
Ok it now works! Thanks so much.

I replaced that line and it told me there was a duplicate entry key
so I removed the user that  was in database (me) and now it works perfect.

Cheers!
0
 
Hugh McCurdyCommented:
It still may have helped.  Anyway, at this time, the $_POST variable is good.

In addition to mankowitz's suggestion, let's get more information.

Change

      //Create INSERT query
      $qry = "INSERT INTO user(FirstName, Surname, UserName, Password) VALUES('$FirstName','$Surname','$UserName','".md5($_POST['Password'])."')";
      $result = @mysql_query($qry);
to
      //Create INSERT query
      $qry = "INSERT INTO user(FirstName, Surname, UserName, Password) VALUES('$FirstName','$Surname','$UserName','".md5($_POST['Password'])."')";
        printf ( "qry = %s<br />\n", $qry );
      $result = @mysql_query($qry);

This will tell us what the query is trying to do.


0
 
Hugh McCurdyCommented:
I'm also suspicious about clean();

After the clean() section, print one of the variable.

printf  (  "FirstName = %s<br />\n", $FirstName );

Let's see if it matches the $_POST variable for 'FirstName'
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now