registration form error

barnes

<table bgcolor="cyan" height="200"width="200" align="center">
<tr align="center"><td><font size="3">UserRegisteration</font></td></tr>
<form name="frmname" action="register1.php" method="post" enctype=""multipart/form-data">
<tr><td>Username</td><td><input type="text" name="name"></td></tr><br>
<tr><td>password</td><td><input type="password" name="pwd"></td></tr><br>
<tr><td>E-mail</td><td><input type="text" name="E-mail"></td></tr>
<tr><td>Confirm E-mail</td><td><input type="text" name="cemail"></td></tr><br>
<tr><td>Address:</td><td><input type="textarea" width="100" height="100" name="address"></td></tr><br>

<tr><td>Phone no:</td><td><input type="Text" name="phone"></td></tr><br>
<tr colspan="2" align="center"><td><input type="submit" name="submit" value="submit"></td></tr>
</table>
</body>
</html>

register1.php
<?php

$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("user", $con);

$sql="INSERT INTO user (username,password,E-mail,confirm E-mail,Address,Phone no)
VALUES
('$POST[username]','$POST[pwd]','$POST[E-mail]','$POST[cemail]','$POST[address]','$POST[phone]')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($con)
?>

when i run this script i got the following error:
Parse error: parse error, expecting `']'' in c:\easyphp1-8\www\register1.php on line 13
how to reslove this problem..thanks in advance.

NogDog

The parser is confused by the array element index "E-Mail". You'll have to use "complex" notation or concatenation, quoting that array index:

// complex notation:
$sql="INSERT INTO user (username,password,E-mail,confirm E-mail,Address,Phone no)
VALUES
('$_POST[username]','$_POST[pwd]','{$_POST['E-mail']}','$_POST[cemail]','$_POST[address]','$_POST[phone]')";

// concatenation:
$sql="INSERT INTO user (username,password,E-mail,confirm E-mail,Address,Phone no)
VALUES
('$_POST[username]','$_POST[pwd]','".$_POST['E-mail']."','$_POST[cemail]','$_POST[address]','$_POST[phone]')";

NogDog

PS: It's not very secure to take values direct from the $_POST array and input them into a query, as it makes you vulnerable to SQL injection attacks. Take a look at the [man]mysql_real_escape_string[/man] page for more info.

barnes

i modified above code.now it's working fine.records are added into database
but following error is getting and e mail is empty.all other fields are added..

Notice: Undefined index: email in c:\easyphp1-8\www\register1.php on line 12
1 record added

<table bgcolor="cyan" height="200"width="200" align="center">
<tr align="center"><td><font size="3">UserRegisteration</font></td></tr>
<form name="frmname" action="register1.php" method="post" enctype=""multipart/form-data">
<tr><td>Username</td><td><input type="text" name="name"></td></tr><br>
<tr><td>password</td><td><input type="password" name="pwd"></td></tr><br>
<tr><td>E-mail</td><td><input type="text" name="email"></td></tr>
<tr><td>Confirm E-mail</td><td><input type="text" name="cemail"></td></tr><br>
<tr><td>Address:</td><td><input type="textarea" width="100" height="100" name="address"></td></tr><br>

<tr><td>Phone no:</td><td><input type="Text" name="phone"></td></tr><br>
<tr colspan="2" align="center"><td><input type="submit" name="submit" value="submit"></td></tr>
</table>
</body>
</html>

</form>
</table>

register1.php
<?php

$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("user", $con);
$username=mysql_real_escape_string($POST['name']);
$pwd=mysql_real_escape_string($POST['pwd']);
$email=mysql_real_escape_string($POST['email']);
$cemail=mysql_real_escape_string($POST['cemail']);
$add=mysql_real_escape_string($POST['address']);
$phone=mysql_real_escape_string($POST['phone']);

$sql="INSERT INTO user (username,password,email,confirmemail,Address,Phoneno)
VALUES
('{$username}','{$pwd}','{$email}','{$cemail}','{$add}','{$phone}')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($con)
?>

NogDog

Looks like an extra quote on this line of the form:

<form name="frmname" action="register1.php" method="post" enctype=[color=red]""[/color]multipart/form-data">

barnes

that's not a problem.i changed that attribute.

NogDog

barnes wrote:
that's not a problem.i changed that attribute.

Are you saying you fixed the double double-quotes and it's still not working, or that you don't think those two double-quotes that I highlighted in red are a problem? (If they are left as-is in your form, then the HTML will not parse correctly, and that would probably explain why you are not receiving all the post data you are expecting.)