Why do you have the $_POST variables surrounded by single quotes? Not only does PHP not parse variables found inside single-quoted strings, but furthermore you can't place arrays with quoted indexes inside of a string at all.

Get rid of the quotes surrounding the $_POST array entirely - if you're simply referencing a variable, they aren't needed.

Sorry; I'm very new to PHP.

That error is fixed, but now I seem to be having a problem with the SQL. This is the error I'm getting:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/noom/public_html/register.php on line 29

And here is the whole PHP file. I didn't think a simple little registration form would be so much trouble. @.x

<?php

// connect to database

$con = mysql_connect("localhost","noom_rpg","");
	if (!$con)
	{
	 die ("Could not connect to database.");
	}


// get the register info

$register = array("username"=>$_POST['username'],
		  "password"=>$_POST['username2'],
		  "password2"=>$_POST['password2'],
		  "email"=>$_POST['email'],
		  "email2"=>$_POST['email2']);

if ($register)
	{
	 if(preg_match('/[^0-9A-Za-z]/',$register['username']))
	 {
	  if(filter_var($register['email'], FILTER_VALIDATE_EMAIL))
	  {
	   mysql_select_db("noom_users", $con);

   mysql_query("INSERT INTO users (username, password, email)
	        VALUES ('$register['username']', '$register['password']', '$register['email']')");

   echo "You have successfully registered an account. You may now login to Auraelia!";
  }
  else
  {
   echo "Please return and use an acceptable email address.";
  }
 }
 else
 {
  echo "Please return and use only alphanumeric characters in your username.";
 }
}
else
	{
	 echo "Please return and fill out the entire registration form!";
	}



mysql_close($con);

?>

You actually have the problem I just mentioned:

you can't place arrays with quoted indexes inside of a string at all.

See this part of the manual - especially look at the second coding example where they show you different ways to include an item in an array in a string.

Okay, I solved that one. But now I'm having yet another error message. This one is with the preg_match line. No matter what I input, it will always return the message to only use alphanumeric characters.

I tried placing that variable in curly brackets, but that just rendered another error.

in your array:

"password"=>$_POST['username2'],

are you sure you want to save the username as a password?

You're just waste your time with $register array, this INSERT is vulnerable with MYSQL injection. At least you should use mysql_real_escape_string() <-- details in the php.net manual page.
And this expression is wrong.

 if(preg_match('/[^0-9A-Za-z]/',$register['username']))
	 {

try:

	if(preg_match("/^([a-zA-Z0-9._])+$/" ,$register['username']) )

Pragz wrote:

No matter what I input, it will always return the message to only use alphanumeric characters.

As djjozsi implies, your expression is checking to make sure that there is at least one non-alphanumeric character before proceeding.

Whoa, don't know why I put username2 there. Good catch!

And your change works perfectly. I was so confused with the preg_match function as a whole.

And also, I thought I would only have to use mysql_real_escape_string for the login?

Anyways, thank you very much! Registration works perfectly now.

This preg_match by djjjozsi
is a great little regex and will most cases work.

if(preg_match("/^([a-zA-Z0-9._])+$/" ,$register['username']) )

But people do strange things. If they can.
And quite many will enter usernames like:
_harry
..elisabeth
even if here these usernames are impossible
###pucko
!!!##lappy

Why do spammers and people do this?
Because they want to be the names AT TOP OF ANY LISTINGS

Personally I prefer ALL VALID USERNAMES to begin with an ALPHA
That is in regex = [A-Za-z] = 1 alpha character

You can also define exactly how many chars a username should have:
e.g. 4-16 chars

If I am correct this following regex will allow only 4-16 chars
with usernames that begin with at least one alpha.

<?php

if(preg_match("/^([a-zA-Z][a-zA-Z0-9._]){3,15}$/" ,$register['username']) ) 

?>

[a-zA-Z] = 1 alpha

[a-zA-Z0-9._]{3,15} = 3-15 of alphas, numerics, periods and underscores

SUM: 4-16 chars

as halojoy said

Interesting, halojoy. I really need to re-read that whole section on preg_match a few times over. I didn't know you could control it like that.

I'm all with you on the spammers abusing characters like that. I ran a phpBB2 board for the longest time and I had people making new accounts every month adding another asterisk or underscore before their name to stay at the top of that memberlist. Bugged me half to death.

I'll definitely be employing your code change.

Pragz;10947658 wrote:

And also, I thought I would only have to use mysql_real_escape_string for the login?

You always need to sanitize user-supplied data ($GET, $POST, $_COOKIE, etc. etc.) before placing it into a query.

Also, don't forget to mark this thread resolved (if it is) using the link on the Thread Tools menu.