About to give up - unexpected ELSE error?

tracdoor

Resolved 🙂

NogDog

You cannot have consecutive else's within the same if block. I believe this is what you want, but give it a look-over to make sure it looks like the logic you want:

<?php

include ("database.php");


if(isset($_POST['recemails']))
{

   $recemails = '1';

}
else
{

   $recemails = '0';

}

if($_GET['action'] == 'register')
{

   if(isset($_POST['accepttos']))
   {

  if(isset($_POST['password']))
  {

     $result = mysql_query('SELECT * WHERE username = $_POST[username]');

     if(!$result)
     {

        echo "This username is already in use, please use another -<a href=http://sam.exofire.net/register.php>try again</a>.";

     }
     else
     {

        mysql_query("INSERT INTO users
    (username, password, country, recemails) VALUES ('$_POST[username]', '$_POST[password]', '$_POST[country]', '$recemails' ) ") or
           die(mysql_error());

     }
  }
  else
  {

     echo ("Please choose a password. <a href=http://sam.exofire.net/register.php>back</a>");

  }
   }
   else
   {

  echo ("You Did Not Accept The Terms And Conditions. <a href=http://ihome.sam.exofire.net/login/index.php?action=register>Try Again</a>.");

   }
}
else
{

   echo ("Please Declare A Valid Action.");

}

mysql_close($con);

?>

tracdoor

That got rid of the error message - I worked out what I had done wrong in the morning, but now whenever I submit I get the "This username is already in use, please use another - try again." echoed, anyone help me?

leatherback

Tracdoor,

You just need to look through the logic of things. Sit down with a piece of paper, and work out what should happen in which case. In this case, the error is easily spotted, if you just take 2 minutes to look at the logic of it.

Hint: It is in this statement:

if(!$result)
         {

PS: Don't feel that I am being harsh. I am trying to teach you that you can help yourself. 😃

tracdoor

I've found it! it shouldn't be if its returned false (using exclamation mark) it should be if its returned true, trouble is, i'm new to this and I don't know how to do it, i've just tried modifying the mysql_query bit with this code:

$result = mysql_query("SELECT * WHERE username = '%s'");
			mysql_real_escape_string($_POST['username']);

but it still returns with the username is already taken, even though its not in the database 🙁

Can anyone tell me how it should be (only executes if the if statement is true? I think thats what i've got wrong.

laserlight

If the SQL statement succeeds, mysql_query() returns true. But the SQL statement succeeds if it can be executed, regardless of the number of rows returned in the result set. So what you should do is:

$result = mysql_query("SELECT COUNT(*) WHERE username = '%s'",
                      mysql_real_escape_string($_POST['username']));
if (mysql_result($result, 0) == 0) {
    // Username is not taken.
}

Actually, even better would be to declare the username column UNIQUE, then attempt to insert, and catch a UNIQUE constraint violation.

tracdoor

Ok, I replaced that code, now another error has come up:

Parse error: syntax error, unexpected T_ELSE in /home/tracdoor/public_html/login/index.php on line 35

here are those few lines:

if(isset($_POST['password'])) 
      { 

     $result = mysql_query("SELECT COUNT(*) WHERE username = '%s'");
                  mysql_real_escape_string($_POST['username']) or die(mysql_error());

				if (mysql_result($result, 0) == 0);  {

        echo ("This username is already in use, please use another - <a href=http://sam.exofire.net/register.php>try again</a>.");

		} else { 

        mysql_query("INSERT INTO users 
    (username, password, country, recemails) VALUES ('$_POST[username]', '$_POST[password]', '$_POST[country]', '$recemails' ) ") or 
           die(mysql_error()); 

     } 
  }

Anything to get rid of this? so many errors on just a simple registration form!

laserlight

That's because you have typo errors, and you did not read our code examples carefully. A possible fix:

if(isset($_POST['password'])) {
    $query = sprintf("SELECT COUNT(*) WHERE username = '%s'",
                     mysql_real_escape_string($_POST['username']));
    $result = mysql_query($query) or die(mysql_error());

if (mysql_result($result, 0) == 0) {
    echo 'This username is already in use, please use another - <a href="http://sam.exofire.net/register.php">try again</a>.';
} else {
    $query = sprintf("INSERT INTO users (username, password, country, recemails)
                      VALUES ('%s', '%s', '%s', '%s')",
                     mysql_real_escape_string($_POST['username']),
                     mysql_real_escape_string($_POST['password']),
                     mysql_real_escape_string($_POST['country']),
                     mysql_real_escape_string($recemails));
    mysql_query($query) or die(mysql_error());
}
}

Notice that my code example is well indented. I use sprintf() with mysql_real_escape_string() to sanitise database input.

tracdoor

Thanks for the help, really appreciate your help 🙂

BUT, now I get an error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE username = 'truytiyuiuyi'' at line 1

I suspect this could be a problem with my host? I know very little about PHP and I think i'll go read a decent tutorial after i've got this working...

HalfaBee

It is hard to see what is wrong with the query without seeing the whole thing.

I normally do die( mysql_error()."<br>$query" );

So you get the error message and the whole query.

leatherback

you seem to keep forgetting to put in the table you are selecting from. Is this the case here too?

tracdoor

Thanks - just one thing wrong now, the code that checks whether a password has been specified doesn't seem to work, any idea's? (code in first post).

laserlight

How does it not work?

tracdoor

Don't worry, I fugured it out, when the form was sent the $_POST['password'] was set as nothing, but i fixed it with this code:

if ($_POST['password'] && (strlen($_POST['password']) > 0))

Now to work on my login script! 🙂

I somehow have a feeling i'll be back.

laserlight

Oh. Instead of:

if ($_POST['password'] && (strlen($_POST['password']) > 0))

use:

if (isset($_POST['password']) && strlen($_POST['password']) > 0)

Weedpacket

tracdoor wrote:
(code in first post).

Not any more 🙁. Why decapitate a perfectly good thread?