Registration Form

huey234

<?
$ip = getenv('REMOTE_ADDR');
$time = date('D M j');

if(isset($_GET['commented']))
{

// Tell the user it has been submitted (optional)
echo('Your comment has been posted.');

// Set Mysql Variables
$host = 'localhost';
$user = 'user';
$pass = 'pass';
$db = 'test';
$table = 'members';

// Set global variables to easier names
$username = $_GET['username'];
$password = $_GET['password'];
$email = $_GET['email'];
// Connect to Mysql, select the correct database, and run the query which adds the data gathered from the form into the database
mysql_connect($host,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());
$add_all = 'INSERT INTO $table values('$username','$password','$email','$ip','$time','”;
mysql_query($add_all) or die(mysql_error());
}
else
{

// If the form has not been submitted, display it!
?>
<form method='get' action='<? echo'$PHP_SELF'; ?>'>
Name : <input type='text' name='username'><br><br>
Password : <input type='text' name='password'><br><br>
email : <input type='text' name='email'><br><br>
<input type='hidden' name='commented' value='set'>
<input type='submit' value='Post your comment'>
</form>
<?
}
?>

When I open the above script in browser this is what I get

Parse error: syntax error, unexpected T_VARIABLE in C:\xampp\htdocs\login\register.php on line 25

Can anyone be of help?

Weedpacket

Have a look at line 25. Your quotes are messed up.

huey234

I placed a bracket at the of end comma and it is still the same thing. Please help point out the problem...

djjjozsi

wrong:
echo'$PHP_SELF';

apostrofe will print $PHP_SELF in your form action!:

print htmlspecialchars($_SERVER["PHP_SELF"]);

wrong:

$add_all = 'INSERT INTO $table values('$username','$password','$email','$ip','$time','&#8221;;

$add_all = "INSERT INTO $table 
(username,    password,     email,   ip,   time)
VALUES 
('$username','$password','$email','$ip', NOW() )";

And use mysql_real_escape_string on the user's input values!

Use POST method then GET in your programs.

huey234

<?
$ip = getenv('REMOTE_ADDR');
$time = date('D M j');

if(isset($_GET['commented']))
{

// Tell the user it has been submitted (optional)
echo('Registration was successful.');

// Set Mysql Variables
$host = 'localhost';
$user = 'user';
$pass = 'pass';
$db = 'test';
$table = 'members';

// Set global variables to easier names
$username = $_GET['username'];
$password = $_GET['password'];
$email = $_GET['email'];
// Connect to Mysql, select the correct database, and run the query which adds the data gathered from the form into the database
mysql_connect($host,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());
$add_all = "INSERT INTO $table
(username,    password,     email,   ip,   time)
VALUES
('$username','$password','$email','$ip', NOW() )"; 
}
else
{

// If the form has not been submitted, display it!
?>
<form method='get' action='<? print htmlspecialchars($_SERVER["PHP_SELF"]); ?>'>
Name : <input type='text' name='username'><br><br>
Password : <input type='text' name='password'><br><br>
email : <input type='text' name='email'><br><br>
<input type='hidden' name='commented' value='set'>
<input type='submit' value='Register'>
</form>
<?
}
?>

That is the final code and it works fine but it isn't registering the data to mySQL table, what can be wrong?

djjjozsi

you've created the query, but did not run it 🙂

$add_all = "INSERT INTO $table 
(username,    password,     email,   ip,   time) 
VALUES 
('$username','$password','$email','$ip', NOW() )";

mysql_query($add_all) OR die("insert on error" . mysql_error() ." :".$add_all);

and on online site do not print these errors.

And change this part like this:

// Set global variables to easier names AND santize them

$_GET=array_map("mysql_real_escape_string",$_GET);
$username = $_GET['username']; 
$password = $_GET['password']; 
$email = $_GET['email'];

huey234

Arigato!!! It now functions.

djjjozsi

your welcome!
don't forget to set this thread as resolved.