Wierd problem

CGarson

<?php
error_reporting(E_ALL);
require("../common.php");
connect();
$result01 = mysql_query("SELECT * FROM users WHERE username = '$username'");
if(!trim($fname) || !trim($lname) || !trim($email) || !trim($username) || !trim($password) || !trim($pnumber) || !trim($address) || !trim($city) || !trim($state) || !trim($zip) || !trim($country) || !trim($domain)) {
header("location:error.php?act=missing_fields");
}
elseif(strlen($username) > 8) {
header("location:error.php?act=username");
}
elseif(!$agree) {
header("location:error.php?act=tos");
}
elseif(mysql_num_rows($result01) > 0) {
header("location:error.php?act=username");
} else {

$result = mysql_query("SELECT FROM promo WHERE code = '$pcode'");
$rows = mysql_num_rows($result);
$row = mysql_fetch_array($result);
$p_pkg = $row['package'];
$result1 = mysql_query("SELECT FROM packages WHERE fname = '$package'");
$row1 = mysql_fetch_array($result1);
$pp_pkg = $row1['name'];
if($rows==0) {
header("location:error.php?act=pcode");
}

elseif($p_pkg!=$pp_pkg) {
header("location:error.php?act=pcode");
}
$funame = $fname . " " . $lname;
$result6 = mysql_query("SELECT * FROM packages WHERE fname = '$package'");
$row5 = mysql_fetch_array($result6);
$pkg = $row['name'];
$mh = mysql_query("INSERT INTO users (username, password, email, package, name, phone, city, state, zip, address, type, domain, start, end, promo, pstart, pos) VALUES ('$username', '$password', '$email', '$pkg', '$funame', '$pnumber', '$city', '$state', '$zip', '$address', '$payment', '$domain', NOW(), NOW() + $ii, '$pcode', NOW(), 'p')");

$u_p = urlencode($payment);
header("location:ty.php?act=$u_p");
}

The stuff in bold has no effect and does nothing

Mega

$package isnt set o_0

CGarson

All variables are set because a script posts there :rolleyes:

Weedpacket

Well, first off - if those fields are coming from a form filled in by the user, don't trust them - it's like finding a hypodermic lying in the street and inserting it in your arm to see what it contains (however much client-side validation you have, it could be evaded) Of course, you could have your defences in common.php; if so, nevermind that 🙂

Second, it's a a waste of time doing the query before checking such things as whether $username has a value or not, or whether it's a suitable length.

if(!trim($fname) || ...)
{   header("Location: error.php?act=missing_fields");
    exit;
}

if(!$agree) // faster to test this and then the next, than the other way around
{   header("Location: error.php?act=tos");
    exit;
}

if(strlen($username)>0)
{   header("Location: error.php?act=username");
    exit;
}

//NOW do the query
$result01=mysql_query(...);
if(mysql_num_rows($result01)>0) //And are you sure you mean >0 and not == 0 here?
{  header("Location: error.php?act=username");
    exit;
}

Another thing: in the bold block, if $rows is 0, there's no point fetching an array into $row, 'cos there won't be one to fetch. Ditto for the rest of that block. So move the if statement in that block to immediately after the line where $rows is set.

"The stuff in bold has no effect and does nothing"

Have you inserted diagnostic echo statements in and around it to see if it's even being reached? The header statements will fail, but that's okay at this point, because the script's up on jacks and not going anywhere as it is.

If all you want out of the database is one field, you should ask for that one field, not waste its time and PHP's (and PHP's memory) by mechanically asking for all of them with SELECT . If you just want to know how many there are, SELECT count() as count_users FROM users will return a recordset containing one recrod with one field called 'count_users'. That reduces the communications load between the database and PHP, and PHP's memory demands, even further.

As Mega points out, $package seems to pop up out of nowhere - you don't check for it in the validation stuff at the top of the script. I'd add that $pcode seems similarly orphaned. Do these come from the previous page as well?

To avoid losing count of how many queries you've made and how many resultsets you have - once you've used a resultset and no longer need it, feel free to use the same variable for the same job again. You're getting row5 out of result6, and there's not a result2, result3, result4 or result5 to be found anywhere - I take it you've been tinkering piecemeal with this for a long time 🙂. It may be better to scrap the whole page and use the experience gained in writing it to make a better go of the next one. Sometimes that's simpler and produces a better result than trying to fiddle with something that's already turned into a mess.