Creating a page to insert records into a database

Discord

Hi i'm trying to make a page that will create a new user account into my mysql database. I know the psuedo code that must be performed i'm just haveing problems putting it into php.

When the user clicks submit
1. The username and email address provided must be checked not to be null and longer than 6 characters.

The username and email address must both be checked against the database to make sure that neigther already exist.

3a. (if email/user not present)The account must be inserted into the database and a password for them randomly generate.

4a. (if email/user not present)The new password should be displayed to the user along with a success message.

3b. (if email/user is present)an error messsage must be displayed to the user saying account exists.

seems simple enough but i'm having some real trouble getting the code lined out as i'm new to php. Here is what i've been able to piece together from some tutorials/examples so far.

<center>
	            <table width="100%" border="1" cellspacing="0" cellpadding="1" valign=top>

		<form method="post" action="<?php echo $PHP_SELF?>">
		<tr><td bgcolor="darkgray"><p>Username:</p></td><td align=center><input type="Text" name="uname"></td></tr>
		<tr><td bgcolor="darkgray"><p>Email Address (must be valid):</p></td><td align=center><input type="Text" name="address"></td></tr>
	           </table>
		<br><input type="Submit" name="submit" value="Create Account">
		</form>


<?php
if ($submit) {
	$db = mysql_connect("localhost", "root");
	mysql_select_db("basementIM",$db);
	echo "<br><p><font color=red>Submitting!</font></p>";

    $sql = "SELECT Count(*) FROM Accounts WHERE Username='$uname' OR Email='address'";
        $result = mysql_query($sql);

        if ($result='0') {
	$newpass=Random_Password(8);
	$sql = "INSERT INTO Accounts (Username, Password, Email, Active) VALUES ('$uname', password('$newpass'),'$address',1)";
	$result = mysql_query($sql);
	echo "Account created!<br> Your username is: $uname <br> Your password is: $newpass<p>";

	} else {
	echo "<br><p><font color=red>Account username/email already exists!</font></p>";


	}
}

?>

<?php
function Random_Password($length) {
srand(date("s"));
$possible_charactors = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
$string = "";
while(strlen($string)<$length) {
$string .= substr($possible_charactors,(rand()%(strlen($possible_charactors))),1);
}
return($string);
}
?>

</center>

im seeing two main problems with this code.. #1 i'm getting the submitting and account exists message when i first go to the page.. and upon clicking submit no new records are ever posted.

If someone would help me work through this, or post a link to a simlar code example i'd really appreciate it.
Thanks
Discord(ultra PHP noob)

jpmoriarty

well just looking at your code very briefly...

the = sign is for assigning values:

hence $time = date("U") etc

if you want to test for equality, then you have to use two of them:

hence if ($result == 0)

which will probably answer why you're getting errors at that stage.

See if that helps, i'll check back later to see if there's anything else i can spot, but i'm in a bit of a rush right now!

ps oh, your "if($result='0')" statment will test to see if that query has run - if you want to know how many results your query returned, you'd be better to try "$number_results = mysql_num_rows($result)" and then see if($number_rows == 0). and do you mean to have "password(...)" in your insert statement? Why not just insert the password?

Discord

Thanks for the reply!
I change a few things in the code using your suggestions. Does php have different variable types? I'm asking cause at a point in my code where i'm returning $number_results i'm checking for the value as == 0 . I'm an old vb coder and in that language $ was always related to string and not int, longs ect.. and since the field i'm pulling down, a count(*) will be numeric.. will this cause an error?

thanks again

<center>
	            <table width="100%" border="1" cellspacing="0" cellpadding="1" valign=top>

		<form method="post" action="<?php echo $PHP_SELF?>">
		<tr><td bgcolor="darkgray"><p>Username:</p></td><td align=center><input type="Text" name="uname"></td></tr>
		<tr><td bgcolor="darkgray"><p>Email Address (must be valid):</p></td><td align=center><input type="Text" name="address"></td></tr>
	           </table>
		<br><input type="Submit" name="submit" value="Create Account">
		</form>


<?php
if ($submit) {
	$db = mysql_connect("localhost", "root");
	mysql_select_db("basmentIM",$db);
	echo "<br><p><font color=red>Submitting!</font></p>";

    $sql = "SELECT Count(*) FROM Accounts WHERE Username='$uname' OR Email='address'";
        $result = mysql_query($sql);

    $number_results = mysql_num_rows($result)
        if ($number_results ==0) {
	$newpass=Random_Password(8);
	$sql = "INSERT INTO Accounts (Username, Password, Email, Active) VALUES ('$uname', '$newpass','$address',1)";
	$result = mysql_query($sql);
	echo "Account created!<br> Your username is: $uname <br> Your password is: $newpass<p>";

	} else {
	echo "<br><p><font color=red>Account username/email already exists!</font></p>";


	}
}

?>

<?php
function Random_Password($length) {
srand(date("s"));
$possible_charactors = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
$string = "";
while(strlen($string)<$length) {
$string .= substr($possible_charactors,(rand()%(strlen($possible_charactors))),1);
}
return($string);
}
?>

</center>

Discord

bump

jpmoriarty

see http://www.php.net/manual/en/language.types.php.

but to quote:

The type of a variable is usually not set by the programmer; rather, it is decided at runtime by PHP depending on the context in which that variable is used.

If you would like to force a variable to be converted to a certain type, you may either cast the variable or use the settype() function on it.

Note that a variable may be evaluated with different values in certain situations, depending on what type it is at the time. For more information, see the section on Type Juggling.