PSTCAT
asked on
Registration code not working
Either I'm just being completely blind or my code is refusing to work.
Can't seem to get my registration form to work.
I know that all the names are correct as I've submitted an empty form and I'm getting all the error
messages I wrote back. e.g username is missing
I've checked that all the database values are correct and are going into the right table and yet I'm just getting back "query failed" so I know for a fact that something is wrong with one of the two sections where I've wrote "query failed" but I just can't see the problem...Anyway, here's my code:
reg.php
and...
regcheck.php
If you can see the error, please do let me know as it's driving me mad.
As you can see, the "Check for duplicate UserName" and "Create INSERT query" are the two
sections with "Query failed".
Thanks.
Can't seem to get my registration form to work.
I know that all the names are correct as I've submitted an empty form and I'm getting all the error
messages I wrote back. e.g username is missing
I've checked that all the database values are correct and are going into the right table and yet I'm just getting back "query failed" so I know for a fact that something is wrong with one of the two sections where I've wrote "query failed" but I just can't see the problem...Anyway, here's my code:
reg.php
<form id="loginForm" name="loginForm" method="post" action="regcheck.php">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th>First Name </th>
<td><input name="FirstName" type="text" class="textfield" id="FirstName" /></td>
</tr>
<tr>
<th>Last Name </th>
<td><input name="Surname" type="text" class="textfield" id="Surname" /></td>
</tr>
<tr>
<th width="124">Username</th>
<td width="168"><input name="UserName" type="text" class="textfield" id="UserName" /></td>
</tr>
<tr>
<th>Password</th>
<td><input name="Password" type="password" class="textfield" id="Password" /></td>
</tr>
<tr>
<th>Confirm Password </th>
<td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" class='button' name="Submit" value="Register" /></td>
</tr>
</table>
</form>
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
and...
regcheck.php
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$FirstName = clean($_POST['FirstName']);
$Surname = clean($_POST['Surname']);
$UserName = clean($_POST['UserName']);
$Password = clean($_POST['Password']);
$cpassword = clean($_POST['cpassword']);
//Input Validations
if($FirstName == '') {
$errmsg_arr[] = 'First name missing';
$errflag = true;
}
if($Surname == '') {
$errmsg_arr[] = 'Last name missing';
$errflag = true;
}
if($UserName == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($Password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($Password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
//Check for duplicate UserName
if($UserName != '') {
$qry = "SELECT * FROM user WHERE UserName='$UserName'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Username already in use';
$errflag = true;
}
@mysql_free_result($result);
}
else {
die("Query failed");
}
}
//If there are input validations, redirect back to the registration form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: reg.php");
exit();
}
//Create INSERT query
$qry = "INSERT INTO user(FirstName, Surname, UserName, Password) VALUES('$FirstName','$Surname','$UserName','".md5($_POST['Password'])."')";
$result = @mysql_query($qry);
//Check whether the query was successful or not
if($result) {
header("location: register-success.php");
exit();
}else {
die("Query failed");
}
?>
If you can see the error, please do let me know as it's driving me mad.
As you can see, the "Check for duplicate UserName" and "Create INSERT query" are the two
sections with "Query failed".
Thanks.
If that doesn't work, let's start debugging by adding a var_dump ( $_POST ); in the vicinity of your calls to clean().
ASKER
Nope. That gives a yellow highlight on the HTML and didn't change anything with the "Query Failed" error.
Thanks though.
Thanks though.
ASKER
The var_dump gives the following error...
array(6) { ["FirstName"]=> string(6) "tester" ["Surname"]=> string(4) "test" ["UserName"]=> string(6) "tester" ["Password"]=> string(7) "testing" ["cpassword"]=> string(7) "testing" ["Submit"]=> string(8) "Register" } Query failed
array(6) { ["FirstName"]=> string(6) "tester" ["Surname"]=> string(4) "test" ["UserName"]=> string(6) "tester" ["Password"]=> string(7) "testing" ["cpassword"]=> string(7) "testing" ["Submit"]=> string(8) "Register" } Query failed
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok it now works! Thanks so much.
I replaced that line and it told me there was a duplicate entry key
so I removed the user that was in database (me) and now it works perfect.
Cheers!
I replaced that line and it told me there was a duplicate entry key
so I removed the user that was in database (me) and now it works perfect.
Cheers!
It still may have helped. Anyway, at this time, the $_POST variable is good.
In addition to mankowitz's suggestion, let's get more information.
Change
//Create INSERT query
$qry = "INSERT INTO user(FirstName, Surname, UserName, Password) VALUES('$FirstName','$Surn ame','$Use rName','". md5($_POST ['Password '])."')";
$result = @mysql_query($qry);
to
//Create INSERT query
$qry = "INSERT INTO user(FirstName, Surname, UserName, Password) VALUES('$FirstName','$Surn ame','$Use rName','". md5($_POST ['Password '])."')";
printf ( "qry = %s<br />\n", $qry );
$result = @mysql_query($qry);
This will tell us what the query is trying to do.
In addition to mankowitz's suggestion, let's get more information.
Change
//Create INSERT query
$qry = "INSERT INTO user(FirstName, Surname, UserName, Password) VALUES('$FirstName','$Surn
$result = @mysql_query($qry);
to
//Create INSERT query
$qry = "INSERT INTO user(FirstName, Surname, UserName, Password) VALUES('$FirstName','$Surn
printf ( "qry = %s<br />\n", $qry );
$result = @mysql_query($qry);
This will tell us what the query is trying to do.
I'm also suspicious about clean();
After the clean() section, print one of the variable.
printf ( "FirstName = %s<br />\n", $FirstName );
Let's see if it matches the $_POST variable for 'FirstName'
After the clean() section, print one of the variable.
printf ( "FirstName = %s<br />\n", $FirstName );
Let's see if it matches the $_POST variable for 'FirstName'
<td><input name="FirstName" type="text" class="textfield" id="FirstName" /></td>
try
<td><input name="FirstName" type="text" class="textfield" name='FirstName' id="FirstName" /></td>