// Get registration variables
$username = htmlspecialchars($_POST['u_name']);
$password = htmlspecialchars($_POST['p_word']);
$c_password = htmlspecialchars($_POST['p_word2']);
$email = htmlspecialchars($_POST['email']);
$c_email = htmlspecialchars($_POST['email2']);
$f_name = htmlspecialchars($_POST['f_name']);
$l_name = htmlspecialchars($_POST['l_name']);
$confirm = htmlspecialchars($_POST['confirm']);
$address = htmlspecialchars($_POST['address']);
$city = htmlspecialchars($_POST['city']);
$state = htmlspecialchars($_POST['state']);
$zip = htmlspecialchars($_POST['zip']);
$country = htmlspecialchars($_POST['country']);
$month = htmlspecialchars($_POST['month']);
$day = htmlspecialchars($_POST['day']);
$year = htmlspecialchars($_POST['year']);
$gender = htmlspecialchars($_POST['gender']);
// Test for errors
if(md5($confirm) != $_SESSION['captcha']){$error = $output[0];}
if ($password != $c_password) {$error = $output[1];}
if ($email != $c_email) {$error = $output[2];}
if ($username == '' && $password == '' && $email == ''){$error = $output[3];}
// Encrypt password & create safecode
$password = md5(md5($password.$hash).$hash);
$safecode = substr(md5($password.$year),0, 10);
// Test for empty variables
if ($f_name == '') $f_name = 'nan';
if ($l_name == '') $l_name = 'nan';
if ($address == '') $address = 'nan';
if ($city == '') $city = 'nan';
if ($zip == '') $zip = 'nan';
if ($month == 'MM' or $day == 'DD' or $year == 'YYYY'){
$b_day = '00-00-0000';
} else {
$b_day = $month.'-'.$day.'-'.$year;
}
if ($error == ''){
connect_to_database();
// Make shure e-mail is not yet taken
$querry = mysql_query ("SELECT email FROM $sql_user_table WHERE email='$email'");
$result = mysql_query($querry);
if ($result) {
$error = $output[4];
}
// Make shure username is not yet taken
$querry = mysql_query ("SELECT uname FROM $sql_user_table WHERE uname='$username'");
$result = mysql_query($querry);
if ($result) {
$error = $output[6];
}
close_database();
}
if ($error == ''){
connect_to_database();
$query = "INSERT INTO $sql_user_table (uname, fname, lname, email, password, safecode, zip, country, city, state, address, dob, gender, reg_date)
VALUES ('$username', '$f_name', '$l_name', '$email', '$password', '$safecode', '$zip', '$country', '$city', '$state', '$address', '$b_day', '$gender', '$today')";
$result = mysql_query($querry) or die('Could not register: ' . mysql_error() . "<br />");
if ($result) {
header ('location: welcome.php');
} else {
$error = $output[5];
}
close_database();
}
Returns
Could not register: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #5' at line 1
The problem is with this part of the script
if ($error == ''){
connect_to_database();
$query = "INSERT INTO $sql_user_table (uname, fname, lname, email, password, safecode, zip, country, city, state, address, dob, gender, reg_date)
VALUES ('$username', '$f_name', '$l_name', '$email', '$password', '$safecode', '$zip', '$country', '$city', '$state', '$address', '$b_day', '$gender', '$today')";
$result = mysql_query($querry) or die('Could not register: ' . mysql_error() . "<br />");
if ($result) {
header ('location: welcome.php');
} else {
$error = $output[5];
}
close_database();
}
Can anyone please help me out?
I appriciate your time
~Gabor
