Wrong data going into form fields

astoller

Why is the following code picking up data from inside the code itself rather getting input from user?

<?php
//register.php
include "./common_db.inc";

$link_id = db_connect();
mysql_select_db("sample_db");
$country_array = enum_options('usercountry', $link_id);
mysql_close($link_id);

function in_use($userid) {
global $user_tablename;

$query = "SELECT userid FROM $user_tablename WHERE userid = '$userid'";
$result = mysql_query($query);
if(!mysql_num_rows($result)) return 0;
else return 1;
}

function create_account() {
global $userid, $username, $userpassword, $userpassword2,
$usercountry, $useremail, $userprofile;
global $default_dbname, $user_tablename;
if(empty($userid)) error_message("Enter your desired ID!");
if(empty($userpassword)) error_message("Enter your desired password!");
if(strlen($userpassword) < 4 ) error_message("Password too short!");
if(empty($userpassword2))
error_message("Retype your password for verification!");
if(empty($username)) error_message("Enter your full name!");
if(empty($useremail)) error_message("Enter your email address!");
if(empty($userprofile)) $userprofile = "No Comment.";

if($userpassword != $userpassword2)
error_message("Your desired password and retyped password mismatch!");

$link_id = db_connect($default_dbname);

if(in_use($userid))
error_message("$userid is in use. Please choose a different ID.");
$query = "INSERT INTO user VALUES(NULL, '$userid',
password('$userpassword'), '$username',
'$usercountry', '$useremail',
'$userprofile', curdate(), NULL)";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
$usernumber = mysql_insert_id($link_id);
html_header();
?>

<CENTER><H3>
<?php echo $username ?>, thank you for registering with us!
</H3></CENTER>

<DIV ALIGN="CENTER"><CENTER><TABLE BORDER="1" WIDTH="90%">
<TR>
<TH WIDTH="30%" NOWRAP>User Number</TH>
<TD WIDTH="70%"><?php echo $usernumber ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Desired ID</TH>
<TD WIDTH="70%"><?php echo $userid ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Desired Password</TH>
<TD WIDTH="70%"><?php echo $userpassword ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Full Name</TH>
<TD WIDTH="70%"><?php echo $username ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Country</TH>
<TD WIDTH="70%"><?php echo $usercountry ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Email</TH>
<TD WIDTH="70%"><?php echo $useremail ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Profile</TH>
<TD WIDTH="70%"><?php echo htmlspecialchars($userprofile) ?></TD>
</TR>
</TABLE>
</CENTER></DIV>
<?php
html_footer();
}

switch($action) {
case "register":
create_account();
break;
default:
html_header();
register_form();
html_footer();
break;
}
?>

eoghain

Because you are using the same names for your variables and not checking where they come from. I'd suggest you look into the $GET, $POST, $_SESS variables so that you can force each section to look at the proper values. And I'd recommend that you change the names of your internal variables so that you are specifically setting them and not relying on PHP's register globals to do the work for you, since you can't be sure what will be loaded last and overwrite all of your other variables.

astoller

Sorry, but is your posting for me, because I can't see any variables

$get $post or $_sess
in my script.

If this is so, I will need to repost the question.

Weedpacket

Exactly; eoghain is saying that you should be using them, for the reasons already described.
http://www.php.net/manual/en/language.variables.external.php