[RESOLVED] Problems when inserting values into database

god0fgod

All but date isn't placed into the database yet I'm able to print the variables out before I insert them. Can someone please help me. I have this code:

$email = mysql_escape_string($_POST['email']);
$random1 = mysql_escape_string($_POST['verify']);
$username = mysql_escape_string($_POST['username']);
$password = mysql_escape_string($_POST['password']);
$usernamebb = mysql_escape_string($_POST['usernamebb']);
$passwordbb = mysql_escape_string($_POST['passwordbb']);
$about = mysql_escape_string($_POST['about']);
$paypal = mysql_escape_string($_POST['paypal']);
$date = date("D M d, Y g:i a");

if ((!ereg("@",$email)) || (!ereg(".",$email))){
$status = "Invalid Email address! Make sure you have entered your email correctly.";
}elseif($username == null){
$status = 'A username is required';
}elseif(($password == null) || (strlen($password) < 4)){
$status = 'A password must be more than 4 characters but can be very large if you want it to be.';
}elseif($random1 == null){
$status = 'Enter the verification code.';
}elseif($date == null){
$status = 'Sorry the server can\'t tell the time therefore you can\'t register right now';
}else{

session_start();

$random = trim($random1);
$validationa = $_SESSION['random'];
if ($validationa != $random){
$status = "Error with verification code";
}else{

if(isset($usernamebb) && isset($passwordbb)){

//Some phpbb3 goes here. Not relevant.

$validation = login_db($usernamebb, $passwordbb);
$valid = $validation['status'];
if(!($valid == 3) || ($valid == 1) || ($valid == 2)){
$phperror = 3;
if($valid == 11){
$status = 'Sorry wrong phpbb3 password';
}
if($valid == 13){
$status = 'Too many attempts. Please wait a while';
}
if($valid == 10){
$status = 'Sorry the phpbb3 username you specified wasn\'t found in the database';
}else{
$status = 'Error: The server doesn\'t like you. Error code ' . $valid;
};

}
}else{
$usernamebb = 0;
$passwordbb = 0;
}

if($phperror != 3){
mysql_connect("localhost","godofgod_p_bb1","password");
@mysql_select_db(godofgod_p_bb1) or die( "CRITICAL ERROR! Please try again! Error: Unable to select database. If the problem persists please contact god0fgod imediately.");
$query="INSERT INTO users VALUES ('$username','$password','','$about','$email','','','$paypal','','$usernamebb','$date','','','','','','')";
$result = mysql_query($query);
mysql_close();

$status = 'Success. You can now login with your username and password.';
}
}
}

Thanks.

YAOMK

I see you are not explicitly passing your columns in your query, it could be okay, I just have never seen it or used it before:

$query = 'INSERT INTO tablename (columnA, columnB) VALUES ("A", "B")';

You may also want to consider, whether your date column was defined with the appropriate data-type to hold the value of $date.

god0fgod

Thanks for the reply. I tried inserting the data your way but still the same thing happens. You may have misunderstood. Only the date works. Everything else doesn't. Date is the only thing that doesn't require escaping could it be something to do with that?

$email = mysql_escape_string($_POST['email']);
$random1 = mysql_escape_string($_POST['verify']);
$username = mysql_escape_string($_POST['username']);
$password = mysql_escape_string($_POST['password']);
$usernamebb = mysql_escape_string($_POST['usernamebb']);
$passwordbb = mysql_escape_string($_POST['passwordbb']);
$about = mysql_escape_string($_POST['about']);
$paypal = mysql_escape_string($_POST['paypal']);
$date = date("D M d, Y g:i a");

Piranha

I won't look through that much code. Can you please submit the shortest code that have the problem?

god0fgod

I think the code I posted last has the problem. It's hard to know where it's coming from as anything between the assignment of the variables and the insertion of them into the database could cause the problem.

YAOMK

god0fgod wrote:
Thanks for the reply. I tried inserting the data your way but still the same thing happens. You may have misunderstood. Only the date works. Everything else doesn't. Date is the only thing that doesn't require escaping could it be something to do with that?

I understand, the way you formulated the question was a bit tricky, anyhow I doubt it has anything to do with escaping user input, it looks more like an issue on the rdbms side.

Try this and post back the output:

$email = mysql_escape_string($_POST['email']);
$random1 = mysql_escape_string($_POST['verify']);
$username = mysql_escape_string($_POST['username']);
$password = mysql_escape_string($_POST['password']);
$usernamebb = mysql_escape_string($_POST['usernamebb']);
$passwordbb = mysql_escape_string($_POST['passwordbb']);
$about = mysql_escape_string($_POST['about']);
$paypal = mysql_escape_string($_POST['paypal']);
$date = date("D M d, Y g:i a");

if ((!ereg("@",$email)) || (!ereg(".",$email))){
$status = "Invalid Email address! Make sure you have entered your email correctly.";
}elseif($username == null){
$status = 'A username is required';
}elseif(($password == null) || (strlen($password) < 4)){
$status = 'A password must be more than 4 characters but can be very large if you want it to be.';
}elseif($random1 == null){
$status = 'Enter the verification code.';
}elseif($date == null){
$status = 'Sorry the server can\'t tell the time therefore you can\'t register right now';
}else{

session_start();

$random = trim($random1);
$validationa = $_SESSION['random'];
if ($validationa != $random){
$status = "Error with verification code";
}else{

if(isset($usernamebb) && isset($passwordbb)){

//Some phpbb3 goes here. Not relevant.

$validation = login_db($usernamebb, $passwordbb);
$valid = $validation['status'];
if(!($valid == 3) || ($valid == 1) || ($valid == 2)){
$phperror = 3;
if($valid == 11){
$status = 'Sorry wrong phpbb3 password';
}
if($valid == 13){
$status = 'Too many attempts. Please wait a while';
}
if($valid == 10){
$status = 'Sorry the phpbb3 username you specified wasn\'t found in the database';
}else{
$status = 'Error: The server doesn\'t like you. Error code ' . $valid;
};

}
}else{
$usernamebb = 0;
$passwordbb = 0;
}

if($phperror != 3){
$link = mysql_connect("localhost","godofgod_p_bb1","password");
mysql_select_db(godofgod_p_bb1, $link) or die( "CRITICAL ERROR! Please try again! Error: Unable to select database. If the problem persists please contact god0fgod imediately.");
$query="INSERT INTO users VALUES ('$username','$password','','$about','$email','','','$paypal','','$usernamebb','$date','','','','','','')";
$result = mysql_query($query);
echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
mysql_close();
$status = 'Success. You can now login with your username and password.';
}
}
}

By the way, you may also want to look into better ways to validate $email, your current validation routine is quite inefficient. Have a look at preg_match() and search google for a decent pattern.

god0fgod

I get 0: so there aren't any errors.

Piranha

god0fgod wrote:
I think the code I posted last has the problem. It's hard to know where it's coming from as anything between the assignment of the variables and the insertion of them into the database could cause the problem.

Exactly. Cut one row out and see if the problem still is there. If it is, repeat. If it is not you probably have found the problem. Post that problem if you can't find it yourself. If you read this post you will understand why you should do part of the work yourself.

I won't do the work of finding the error for you, but I will help you when you know where it is. And btw, you say:

I think the code I posted last has the problem.

You should be sure of it since there are no way we can find a problem that isn't there.

YAOMK

I get 0: so there aren't any errors.

Does this mean all of your data was inserted to your table?

god0fgod

No. The row is blank except from the date column and columns that have a default value.

Update: I am able to print the variables before the phpbb3 part but not just before the insertion. I'm looking closer into this.

I've fixed all issues. If anyone wants to know what the working code is it's:

<?php
define('IN_PHPBB', true);
$phpbb_root_path = '/home/godofgod/public_html/forums/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'config.' . $phpEx);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_compress.' . $phpEx);
include($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
include($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
include($phpbb_root_path . 'includes/constants.' . $phpEx);
include($phpbb_root_path . 'includes/functions_convert.' . $phpEx);
include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include($phpbb_root_path . 'includes/functions_module.' . $phpEx);
include($phpbb_root_path . 'includes/functions_template.' . $phpEx);
include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
include($phpbb_root_path . 'includes/functions_install.' . $phpEx);
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include($phpbb_root_path . 'includes/functions_transfer.' . $phpEx);
include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
include($phpbb_root_path . 'includes/auth/auth_apache.' . $phpEx);
include($phpbb_root_path . 'includes/auth/auth_db.' . $phpEx);
include($phpbb_root_path . 'includes/auth/auth_ldap.' . $phpEx);
include($phpbb_root_path . 'includes/captcha/captcha_gd.' . $phpEx);
include($phpbb_root_path . 'includes/diff/diff.' . $phpEx);
include($phpbb_root_path . 'includes/diff/engine.' . $phpEx);
include($phpbb_root_path . 'includes/diff/renderer.' . $phpEx);
include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
include($phpbb_root_path . 'includes/utf/data/utf_normalizer_common.' . $phpEx);

$email = mysql_escape_string($_POST['email']);
$random1 = mysql_escape_string($_POST['verify']);
$username = mysql_escape_string($_POST['username']);
$password = mysql_escape_string($_POST['password']);
$usernamebb = mysql_escape_string($_POST['usernamebb']);
$passwordbb = mysql_escape_string($_POST['passwordbb']);
$about = mysql_escape_string($_POST['about']);
$paypal = mysql_escape_string($_POST['paypal']);
$date = date("D M d, Y g:i a");

if ((!ereg("@",$email)) || (!ereg(".",$email))){
$status = "Invalid Email address! Make sure you have entered your email correctly.";
}elseif($username == null){
$status = 'A username is required';
}elseif(($password == null) || (strlen($password) < 4)){
$status = 'A password must be more than 4 characters but can be very large if you want it to be.';
}elseif($random1 == null){
$status = 'Enter the verification code.';
}elseif($date == null){
$status = 'Sorry the server can\'t tell the time therefore you can\'t register right now';
}else{

session_start();

$random = trim($random1);
$validationa = $_SESSION['random'];
if ($validationa != $random){
$status = "Error with verification code";
}else{

if(($usernamebb == null) && ($passwordbb == null)){

$validation = login_db($usernamebb, $passwordbb);
$valid = $validation['status'];
if((($valid == 3) || ($valid == 1) || ($valid == 2)) == false){
$phperror = 3;
if($valid == 11){
$status = 'Sorry wrong phpbb3 password';
}
if($valid == 13){
$status = 'Too many attempts. Please wait a while';
}
if($valid == 10){
$status = 'Sorry the phpbb3 username you specified wasn\'t found in the database';
}else{
$status = 'Error: The server doesn\'t like you. Error code ' . $valid;
};

}

//phpbb login is good

}else{
$usernamebb = 0;
$passwordbb = 0;
}

if($phperror != 3){
$link = mysql_connect("localhost","godofgod_p_bb1","67866786");
mysql_select_db(godofgod_p_bb1, $link) or die( "CRITICAL ERROR! Please try again! Error: Unable to select database. If the problem persists please contact god0fgod imediately.");
$query="INSERT INTO users VALUES ('$username','$password','','$about','$email','','','$paypal','','$usernamebb','$date','','','','','','')";
$result = mysql_query($query);
if(mysql_errno($link) != 0){
$status = mysql_error($link) . "\n";
mysql_close();
}else{
mysql_close();
$status = 'Success. You can now login with your username and password.';
}
}
}
}

Thanks for all replys. I blame phpbb3 for this 🙂