Weird Problem

fr600

Hello,

I'm having this weird problem and I don't know what to do.

First of all, this code:

if (empty($username) || empty($password) || empty($email) || empty($question) || empty($answer))
echo "Field blank.";

outputs "Field blank." even when none of the above is empty.

Second of all, this code:

	$ret = mysql_query("INSERT INTO requests (name, category, added_date, requester) VALUES ('$reqname', '$reqcat', NOW(), '$reqname')");

if (!$ret)
{
	if (mysql_errno() == 1062)
	{
		echo "unique already exist";
	}
}
else
{
	echo "Done";
}

always outputs done, but there is no insert into the database.

What is going on? Anyone willing to help? If you need more information, please let me know.

laserlight

For the first problem, provide the smallest and simplest runnable script that demonstrates the problem.

igorlopez

I agree with laserlight,
Since you are saying none of the variables are 'empty' the if clause should fail, apparently it does not,
Have you compared the variable content with what the empty() function refers to as being empty:

Returns FALSE if var has a non-empty and non-zero value.

The following things are considered to be empty:
* "" (an empty string)
* 0 (0 as an integer)
* "0" (0 as a string)
* NULL
* FALSE
* array() (an empty array)
* var $var; (a variable declared, but without a value in a class)

Pay especially attention to case 3: "0" 0 as a string which is empty....

fr600

OK, here is a smaller version of the file... it also gives me the same problem, a blank page "register4" case. If I comment out "mkglobal" part, I get "black field" error.

<?php
require_once("backend.php");
dbconn();

switch($_POST['action'])
{
default:
	echo "<br>";
	echo "<table cellpadding=3 cellspacing=0 class=t3>";
	echo "<form method=post action=test.php name=registration>";
	echo "<input name=action type=hidden value=register3>";
		echo "<tr>";
			echo "<td></td>";
			echo "<td align=right>Username:</td>";
			echo "<td><input type=text name=username maxlength=10 class=in style=width:225px;></td>";
		echo "</tr>";
		echo "<tr>";
			echo "<td></td>";
			echo "<td align=right>Password:</td>";
			echo "<td><input type=password name=password class=in style=width:225px; onkeyup=javascript:z21(document.forms[0],this.value); onmouseout=javascript:z21(document.forms[0],this.value); onblur=javascript:z21(document.forms[0],this.value);></td>";
		echo "</tr>";
		echo "<tr>";
			echo "<td></td>";
			echo "<td align=right>Email:</td>";
			echo "<td><input type=text name=email class=in style=width:225px;></td>";
		echo "</tr>";
		echo "<tr>";
			echo "<td></td>";
			echo "<td align=right>Question:</td>";
			echo "<td><input type=text name=question class=in style=width:225px;></td>";
		echo "</tr>";
		echo "<tr>";
			echo "<td></td>";
			echo "<td align=right>Answer:</td>";
			echo "<td><input type=text name=answer class=in style=width:225px;></td>";
		echo "</tr>";
		echo "<tr>";
			echo "<td></td>";
			echo "<td></td>";
			echo "<td><input type=button value=Cancel onclick=javascript:history.go(-1) class=bt style=width:60px;> <input type=reset value=Reset class=bt style=width:60px;> <input type=submit value='Continue' class=bt style=width:60px;></td>";
		echo "</tr>";
	echo "</form>";
	echo "</table>";
	break;

case "register1":
	break;


case "register2":
	break;


case "register3":
	if (!mkglobal("username:password:email:question:answer"))
		die();

if (empty($username) || empty($password) || empty($email) || empty($question) || empty($answer))
	echo "blank field";

echo "<br>";
echo "<table cellpadding=3 cellspacing=0 class=t3>";
echo "<form method=post action=test.php name=registration>";
echo "<input name=action type=hidden value=register4>";
echo "<input name=username type=hidden value='$username'>";
echo "<input name=password type=hidden value='$password'>";
echo "<input name=email type=hidden value='$email'>";
echo "<input name=question type=hidden value='$question'>";
echo "<input name=answer type=hidden value='$answer'>";
	echo "<tr>";
		echo "<td></td>";
		echo "<td align=right>Security Image:</td>";
		echo "<td>456321</td>";
	echo "</tr>";
	echo "<tr>";
		echo "<td></td>";
		echo "<td align=right>Image Code:</td>";
		echo "<td><input type=text name=privatekey maxlength=6 class=in style=width:225px; autocomplete=off></td>";
	echo "</tr>";
	echo "<tr>";
		echo "<td></td>";
		echo "<td></td>";
		echo "<td><input type=button value=Cancel onclick=javascript:history.go(-1) class=bt style=width:60px;> <input type=reset value=Reset class=bt style=width:60px;> <input type=submit value='Continue' class=bt style=width:60px;></td>";
	echo "</tr>";
echo "</form>";
echo "</table>";
break;


case "register4":
	if (!mkglobal("username:password:email:question:answer:privatekey"))
		die();

if (empty($username) || empty($password) || empty($email) || empty($question) || empty($answer) || empty($privatekey))
	echO "blank field.";

if ($privatekey !== '456321')
	echo "Code didn't match. Please go back and try again.";

if (!preg_match('/^[a-z][\w.-][\w. ]*$/is', $username))
	echo "Invalid username. Must not contain any weird characters and must start with a letter.");

$ret = mysql_query("INSERT INTO users (username, password, email, question, answer) VALUES (" .
implode(",", array_map("sqlesc", array($username, $password, $email, $question, $answer))) .")");

if (!$ret)
{
	if (mysql_errno() == 1062)
	{
		echo "<br>";
		echo "<table cellpadding=3 cellspacing=0 class=t3>";
			echo "<tr>";
				echo "<td></td>";
				echo "<td align=right>Error:</td>";
				echo "<td>The username you've choosen exists already.</td>";
			echo "</tr>";
			echo "<tr>";
				echo "<td></td>";
				echo "<td></td>";
				echo "<td><input type=button value=Cancel onclick=javascript:history.go(-1) class=bt style=width:60px;> <input type=reset value=Reset class=bt style=width:60px;> <input type=submit value='Continue' class=bt style=width:60px;></td>";
				echo "<td></td>";
			echo "</tr>";
		echo "</table>";
	}
}
else
{
	echo "Successful";
}
break;

}
?>

and here a function just in case:

function mkglobal($vars)
{
	if (!is_array($vars))
		$vars = explode(":", $vars);
	foreach ($vars as $v)
	{
		if (isset($_GET[$v]))
			$GLOBALS[$v] = unesc($_GET[$v]);
		elseif (isset($_POST[$v]))
			$GLOBALS[$v] = unesc($_POST[$v]);
		else
			return 0;
	}
	return 1;
}

and here is the users table:

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(14) NOT NULL DEFAULT '',
  `password` varchar(40) NOT NULL DEFAULT '',
  `email` varchar(32) NOT NULL DEFAULT '',
  `question` char(2) NOT NULL DEFAULT '',
  `answer` varchar(32) NOT NULL DEFAULT '',
  `lastrequest` datetime NOT NULL,
  `upstatus` smallint(2) NOT NULL DEFAULT '1',
  PRIMARY KEY (`id`),
  UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=34 ;

igorlopez

I would check the results of the mkglobal function by adding these lines in your main php script:

case "register3":
    if (!mkglobal("username:password:email:question:answer"))
        die();
    echo 'After mkglobal:';
    echo 'Username = ' . $username;
    echo 'Password = ' . $password;
    echo 'Email = ' . $email;
    echo 'Question = ' . $question;
    echo 'Answer = ' . $answer;
    if (empty($username) || empty($password) || empty($email) || empty($question) || empty($answer))
        echo "blank field";

and these in side the mkglobal function:

    echo 'Inside mkglobal:';
    foreach ($vars as $v)
    {
        echo 'Var ' . $v . ' = ' $_GET[$v];
        if (isset($_GET[$v]))
            $GLOBALS[$v] = unesc($_GET[$v]);
        elseif (isset($_POST[$v]))
            $GLOBALS[$v] = unesc($_POST[$v]);
        else
            return 0;
    }

fr600

To igorlopez:

1st one: It still produces a blank page. If I comment mkglobal part, it's still blank.

2nd one: I get error: Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in C:\inetpub\wwwroot\backend.php on line 115

igorlopez

Part 1:
Well the only way you would get a blank output is if the debugging echo statements in the corresponding case section are not executed but you were saying that you got the "Blank field" outputted....
It does not make sense unless you are not entering the

case "register3":

section.
What you can do is try to separate the different "blank field" outputs by marking them with proper section, i.e.

echo "blank field register3";

and so forth.

Part 2:
A misstake on my part, forgot the concat operator between

' = ' $_GET[$v];

where it should be:

echo 'Var ' . $v . ' = ' . $_GET[$v];

Sorry for that mixup, sometimes I am actually testing before posting but this time not. This debug statement was just to verify that mkglobal does what you intend it to do.