Registration script problem

sirchick

This is my first attempt so i did a test registration.. this is the Mysql which i have typed to test the form i made in html... but it is not working.. i have edited my username and password to the Database so that no one finds it out 😛

<?php
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = ['password2'];

If ($password == $password2) {
mysql_connect("localhost", "blahblah", "blah") or die mysql_error());
mysql_select_db("databasename") or die mysql_error());
mysql_query("INSERT INTO 'registrationdetails' (Username) Values ('$username')") or die(mysql_error()); }
elseif ($password != $password2) {
echo "passwords did not match" };
?>

this still wont work :S i think 'registrationdetails' (Username) Values ('$username')") is the part that is not working. I dont think $username is actually getting assigned to the string that the user inputted into the editbox, meaning the code is insert nothing so no new records are being made..

this is the html for the edit box:

<input type="text" id="Editbox2" size="16" name="Username" value="" maxlength="11">

should it be

$username = $_POST['editbox2'];

rincewind456

Just a glance showed this

<?php 
$username = $_POST['username']; 
$password = $_POST['password']; 
$password2 = ['password2']; // No $_POST here

If ($password == $password2) { 
mysql_connect("localhost", "blahblah", "blah") or die mysql_error()); //Missing bracket for die()
mysql_select_db("databasename") or die mysql_error()); //Missing bracket for die()
mysql_query("INSERT INTO 'registrationdetails' (Username) Values ('$username')") or die(mysql_error()); } 
elseif ($password != $password2) { 
echo "passwords did not match" }; //  ;  is outside curly, should be inside
?>

sirchick

Well the first password 2 isnt being posted... that is just to check that it matches the first input password box so i didnt think Post was needed cos its not going to be submitted to the DB.

And where does the bracket go for the die :S ive learnt it like that from tizag... copied n pasted it in then edited it so im lost here :S

rincewind456

The term POST has nothing to do with what you insert ( Post ) into the database. $POST is a global variable that contains the elements from your form. So if you have 2 text inputs on your HTML form and you wish to compare them in php then you do need to use $POST in front of ['password2'] otherwise how is the php to know where to look?.

If you copied and pasted then where ever you copied from is wrong, if you use a function like [man]die[/man]B[/B] and then call another function like [man]mysql_error[/man]B[/B] then one goes inside the brackets of the other like dieB[/B].

Your code should look like this

<?php
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];

If ($password == $password2) {
	mysql_connect("localhost", "blahblah", "blah") or die (mysql_error());
	mysql_select_db("databasename") or die (mysql_error());
	mysql_query("INSERT INTO 'registrationdetails' (Username) Values ('$username')") or die(mysql_error());
}
	elseif ($password != $password2) {
		echo "passwords did not match";
	}
?>

But this is not a secure way of putting data into a database look here for an explanation.

sirchick

It still wont work though 🙁 I will learn injections eventually but i wanted to do this to get used to it but i cant even get it to work :S

rincewind456

You would need to post more of your code as well as the html form that posts the data.

If you still think that the sql query is not getting the $username variable (and unless there is something wrong with the form I can't see why it wouldn't) then change your code to this

<?php
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];

If ($password == $password2) {
	mysql_connect("localhost", "blahblah", "blah") or die (mysql_error());
	mysql_select_db("databasename") or die (mysql_error());
	$query = "INSERT INTO `registrationdetails` (Username) Values ('$username')";
	echo $query;
	mysql_query($query) or die(mysql_error());
}
elseif ($password != $password2) {
	echo "passwords did not match";
}
?>

and see what the query actually says.

You will also notice that I have removed the single quotes from around the table name in your query, they will make the query invalid, I have replaced them with backticks, which aren't really needed in this case.

sirchick

I could show you the html but it was made using a WYSIWYG so its messy! But if your prepared to take a look ill post it for you .....

rincewind456

sirchick wrote:
I could show you the html but it was made using a WYSIWYG so its messy! But if your prepared to take a look ill post it for you .....

Well to help any further we would need to see something, all you need to post is the form section of the html.

sirchick

<form name="registration" method="POST" action="" enctype="multipart/form-data" id="Form1" onsubmit="return ValidateForm1(this)">
<input type="text" id="Editbox2" style="position:absolute;left:191px;top:44px;width:144px;font-family:Courier;font-size:19px;z-index:0" size="16" name="Username" value="" maxlength="11">
<input type="password" id="Editbox1" style="position:absolute;left:192px;top:85px;width:144px;font-family:Courier;font-size:19px;z-index:1" size="16" name="Password" value="" maxlength="15">
<input type="password" id="Editbox4" style="position:absolute;left:191px;top:123px;width:144px;font-family:Courier;font-size:19px;z-index:2" size="16" name="Password2" value="" maxlength="15">
<div id="bv_Text1" style="position:absolute;left:29px;top:49px;width:150px;height:16px;z-index:3" align="left">
<font style="font-size:13px" color="#FFFFFF" face="Arial"><b>Enter Your Username : </b></font></div>
<div id="bv_Text2" style="position:absolute;left:32px;top:91px;width:150px;height:16px;z-index:4" align="left">
<font style="font-size:13px" color="#FFFFFF" face="Arial"><b>Enter Your Password :</b></font></div>
<div id="bv_Text3" style="position:absolute;left:12px;top:129px;width:170px;height:16px;z-index:5" align="left">
<font style="font-size:13px" color="#FFFFFF" face="Arial"><b>Re-Enter Your Password :</b></font></div>
<input type="text" id="Editbox3" style="position:absolute;left:192px;top:162px;width:144px;font-family:Courier;font-size:19px;z-index:6" size="16" name="EmailRegistration" value="">
<div id="bv_Text4" style="position:absolute;left:68px;top:163px;width:112px;height:16px;z-index:7" align="left">
<font style="font-size:13px" color="#FFFFFF" face="Arial"><b>Email Addresss :</b></font></div>
<hr size="60" width="168" id="Line2" style="position:absolute;left:377px;top:42px;width:168px;height:60px;z-index:8">
<div id="bv_Text5" style="position:absolute;left:375px;top:52px;width:73px;height:16px;z-index:9" align="center">
<font style="font-size:13px" color="#FFFFFF" face="Arial"><b>Gender :</b></font></div>
<input type="radio" id="RadioButton2"" name="Gender" value="Male" checked style="position:absolute;left:445px;top:51px;z-index:10">
<div id="bv_Text6" style="position:absolute;left:469px;top:53px;width:61px;height:16px;z-index:11" align="center">
<font style="font-size:13px" color="#FFFFFF" face="Arial"><b>Male</b></font></div>
<input type="radio" id="RadioButton1"" name="Gender" value="Female" style="position:absolute;left:445px;top:79px;z-index:12">
<div id="bv_Text7" style="position:absolute;left:469px;top:83px;width:66px;height:16px;z-index:13" align="center">
<font style="font-size:13px" color="#FFFFFF" face="Arial"><b>Female</b></font></div>
<hr size="56" width="237" id="Line1" style="position:absolute;left:377px;top:128px;width:237px;height:56px;z-index:14">
<div id="bv_Text9" style="position:absolute;left:393px;top:139px;width:170px;height:32px;z-index:15" align="left">
<font style="font-size:13px" color="#FFFFFF" face="Arial"><b>I Agree to Civilian's Terms Of Service:</b></font></div>
<input type="checkbox" id="Checkbox2"" name="Checkbox1" value="" style="position:absolute;left:472px;top:153px;z-index:16">
<input type="submit" id="Button2"" name="RegistrationSubmission" value="Register!" style="position:absolute;left:677px;top:90px;width:75px;height:24px;z-index:17">

</form>

told you it was a mess ! It doesnt code it efficiently cos its GUI designed html program very simple to use! It doesnt let you tab or space it out which is more of the problem also

rincewind456

Case matters!

Your form has fields Username, Password and Password2.

Your php is trying to access values username, password and password2,
they are not the same thing, you need to change it so that they are the same.

sirchick

Right ok i changed it , but still doesnt submit to the database!

rincewind456

It doesn't work is not really that helpful 🙂 , do you get any error message?

I would suggest that you check the names of the database table and fields are correct, and match the names in the query..

Have you added the echo I suggested? if so does it echo out a valid query?

sirchick

I tripled checked and there is no error message. When the submit button is pressed all editbox info is cleared and erased ready for another attempt.

But no echo occurs. There is a mysterious "<" symbol on the page coming from the php code right at the very start where <php> is or thats where i think its coming from ... which could suggest to me that the entire php code is not even being read as php because the tag of <php> isnt working but i cant figure out why :S would you like to see the php code and the form html together as one cos i might have the php in the wrong place?

rincewind456

It would seem that looking at the entire code might be a good idea, if it's too long to post then you can attach it as a text file.

sirchick

See attatchment

rincewind456

There are 2 reasons this script won't work.

The 1st is that as you have the php in-line, and without any test to see if the fields have been populated, so you are running the query every time you load the page. If you had error reporting turned on the you would see a bunch of undefined index warnings.

The 2nd (can't believe I missed it earlier) is to do with case sensitivity, this line

If ($password == $password2) {

should read

If ($Password == $Password2) {

I have attached a revised version of your form.

However it needs work on it's security aspect, by at least using [man]mysql_real_escape_string/man.

sirchick

Ok right done the changes yet still the same result.. no input to my local host :S
I dont get this... i followed like tutorials from all over the place yet i cant get it to work :S

Could you explain this :

How would you turn error reporting on I've not heard of that before on any tutorials. Also what is the:

if (isset($_POST['RegistrationSubmission'])) {

Doing, thats new to me also.. i like to understand what the code is doing learning about it and learning to do it is interesting to me 🙂

Thanks for the help though and you made it neater for me!

rincewind456

To turn error reporting on you can either set the option in your php.ini file or you can add

error_reporting(E_ALL);

to the start of all your scripts.

if (isset($_POST['RegistrationSubmission'])) {

Tests to see if you have pressed your register button, the name is specified in your html code here

<input type="submit" id="Button2"" name="RegistrationSubmission" value="Register!"

As for it not working the only thing I can think of that I haven't seen is the names of your database table and fields, because the code works on my machine.

sirchick

well my database is on Apache if you have heard of it ? i got it with the Xampp package...would you know if theres maybe a setting i have not turned on or something :S? Does the file have to be hosted also cos im running them from notepad.php files on my desktop which open in FF

rincewind456

Apache is your server, If you have Xampp (Apache-MySQL-PHP-Perl) then you have Mysql as a database engine.

How did you set up your database for this project? because you need to check that the names you used to create the database table and fields are the same as the names you're using in the query.

Xampp has phpMyadmin installed you can check through that. This link explains how to use it.