Can anyone spot my problem? I sure can't. The thing it's NOT doing is.. submitting ANY informaton to the database.

<?php

if(isset($_POST['submit'])) {


$aim = $_POST['aim'];

$email = $_POST['email'];
$email = stripslashes(trim($email));
$email = htmlentities($email);

$home = $_POST['home'];

$icq = $_POST['icq'];

$jon = $_POST['job'];

$msn = $_POST['msn'];

$password = $_POST['password'];
$password = stripslashes(trim($password));
$password = nl2br($password);
$password = htmlentities($password);

$username = $_POST['username'];
$username = stripslashes(trim($username));
$username = nl2br($username);
$username = htmlentities($username);

$yahoo = $_POST['yahoo'];



if ($password != $password2) {
    die('<div align="center">Your passwords did not match and could not be verified<br>Please go back and try <a href="index.php?page=register">again</a></div>');
}
if(eregi("[^a-z0-9_]", $username)) {
   die('<div align="center">Invalid characters in the username. You can only use letters, numbers and the underscore character.<br>Please go back and try <a href="index.php?page=register">again</a>!</div>');
}


$register_ip = $HTTP_SERVER_VARS["REMOTE_ADDR"];

$q = "SELECT * FROM members WHERE name = '$username'";
$r = mysql_query($q);

if (mysql_num_rows($r)) { //username exists
  echo "<div align='center'><font color='red'>That username already exists.  Please choose another.</font></div>";
} else { //doesnt exist
 $query = "INSERT INTO members (name, password, email, register_ip, icq, aim, msn, yahoo, home, job)
 VALUES ('$username', '$password', '$email', '$register_ip', '$email', '$icq', '$aim', '$msn', '$yahoo', '$home', '$job')";
 mysql_query($query);
 echo "<div align='center'>Your registration was submitted! Please <a href='login.php'>Login</a></div><br><br>";
}




}

include("W:/www/modulization/templates/register_top.php");
include("W:/www/modulization/templates/register.php");
include("W:/www/modulization/templates/register_bottom.php");

?>

Template includes version (The only one that matters anyways)

    <tr>
    <form method='post' action="<? $_SERVER['php_self']?>?page=register">
    <td class='forumcell2' width='20%'>Username</td>
     <td class='forumcell2' width='80%'><input name="username" MAXLENGTH="20">&nbsp; Enter a username up to 20 characters.</td>
    </tr>
    <tr>
    <td class='forumcell2' width='20%'>Password</td>
    <td class='forumcell2' width='80%'><input name="password" MAXLENGTH="16" type='password'>&nbsp; Enter a password up to 16 characters.</td>
    </tr>
    <tr>
    <td class='forumcell2' width='20%'>Verify Password</td>
    <td class='forumcell2' width='80%'><input name="password2" MAXLENGTH="16" type='password'>&nbsp; Enter the same password as before.</td>
    </tr>
    <tr>
    <td class='forumcell2' width='20%'>Email</td>
    <td class='forumcell2' width='80%'><input name="email" MAXLENGTH="25">&nbsp; Enter your email address.</td>
    </tr>
    <tr>
     <td class='forumcell' width='100%' colspan='2'><b>Profile Information</b></td>
    </tr>
    <tr>
    <td class='forumcell2' width='20%'>ICQ number</td>
    <td class='forumcell2' width='80%'><input name="icq" MAXLENGTH="9">&nbsp; Enter your ICQ number (9 chars or less).</td>
    </tr>
    <tr>
    <td class='forumcell2' width='20%'>AIM Nickname</td>
    <td class='forumcell2' width='80%'><input name="aim">&nbsp; Enter your AIM Nickname.</td>
    </tr>
    <tr>
    <td class='forumcell2' width='20%'>MSN Nickname</td>
    <td class='forumcell2' width='80%'><input name="msn">&nbsp; Enter your MSN Nickname.</td>
    </tr>
    <tr>
    <td class='forumcell2' width='20%'>Yahoo Nickname</td>
    <td class='forumcell2' width='80%'><input name="yahoo">&nbsp; Enter your Yahoo Nickname.</td>
    </tr>
    <tr>
    <td class='forumcell2' width='20%'>Hometown</td>
    <td class='forumcell2' width='80%'><input name="home">&nbsp; Enter your Hometown.</td>
    </tr>
    <tr>
    <td class='forumcell2' width='20%'>Occupation</td>
    <td class='forumcell2' width='80%'><input name="job">&nbsp; Enter your Occupation.</td>
    </tr>
    <tr>
    <td colspan='2' class='forumcell' width='100%' align='center'><input type='submit' name='submit' value='Register'></td>
    </tr>
    </form>

    several things:

    1. unless there is more code that you are not showing, $password2 is never set in your form handling code (unless you have regiter_globals ON).

    2. you are running several of your form fields through stripslashes() before database insertion which is a bad idea. if you are going to stripslashes() (for display purposes) you should addslashes() to put them back before going into the db. if my password has a single quote in it the insert query will fail

    3. you are running your username and password data thru nl2br()? are you expecting multi-line usernames and passwords? 😕

    4. you are running your email, username and password data thru htmlentities(). what happens if my password is:

      pass&word

      ...you will be storing it as:

      pass&ampword

      ... which will be a big problem next time i try to login.

      You could firsthandly try to do this at your mysql_query:

      mysql_query($query) or die("Mysql Error:<br><br>".mysql_error()); //If query is done, continue, else stop the script and print out the mysql error.

      If you do not get a mysql error... then its another daim

        Ceril and devinemke I'll get back to both of you as soon as I take devinemke's suggestion.

        I'll give an in depth report on this.

        Thanks. 🙂

          1. unless there is more code that you are not showing, $password2 is never set in your form handling code (unless you have regiter_globals ON).

          Nice pickup. It wasn't catching that, error-wise and was actually working correctly. Why would it work correctly if it wasn't correct. (You say because register_globals?)

          You are running several of your form fields through stripslashes() before database insertion which is a bad idea. if you are going to stripslashes() (for display purposes) you should addslashes() to put them back before going into the db. if my password has a single quote in it the insert query will fail

          So if I removed that stripslashes, it shouldn't hurt anything?

          you are running your username and password data thru nl2br()? are you expecting multi-line usernames and passwords?

          I got this code from a security tutorial. There was a bunch of code that basically removed the use of HTML usage in the boxes. I didn't want javascript being slipped into my code, so I just figured continueing this would work. Guess not?

          you are running your email, username and password data thru htmlentities(). what happens if my password is:

          Good point! Removed.

          mysql_query($query) or die("Mysql Error:<br><br>".mysql_error()); //If query is done, continue, else stop the script and print out the mysql error.

          Used this, and the error was.

          Mysql Error:

          Column count doesn't match value count at row 1

          Any clue?

            Nice pickup. It wasn't catching that, error-wise and was actually working correctly. Why would it work correctly if it wasn't correct. (You say because register_globals?)

            whether or not $password2 would be set or not would depend on your register_globals setting. whether or not it would toss out an error depends on your error reporting settings (these are both typically set in php.ini).

            So if I removed that stripslashes, it shouldn't hurt anything?

            this all depends on you magic_quotes setting (also in php.ini). whether PHP is doing it for you or you have to do it yourself, you should always run your data thru addslashes before sticking it into the database. you only need to stripslashes if magic_quotes is ON and you want to display the data.

            I got this code from a security tutorial. There was a bunch of code that basically removed the use of HTML usage in the boxes. I didn't want javascript being slipped into my code, so I just figured continueing this would work. Guess not?

            you should use strip_tags()

            Column count doesn't match value count at row 1

            that's pretty self-explainatory, you have 10 fields and 11 values.

              Actually I really really didn't know that. Thanks for the help 🙂 I'll let you know how it goes.

                Write a Reply...