Register giving problems

Obrienray1

Hey guys me again and for some reason my register doesn't want to work now but it's been working until now and I didn't touch anything unless I left the file open and someone went on my computer and hit a button and messed the code up.... Anyways the error is "Parse error in C:\wamp\www\register2.php on line 27"

Line 27 is the end of the PHP code which is <?

Here is the register2 which is submitting the user data into the database.

<?php
include('config.php');
mysql_connect("$dbhost", "$dbuser") or die ("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die (mysql_error());

if(isset($_POST['submit'])) {
  $username = $_POST['username'];
  $email = $_POST['email'];
  $password = md5($_POST['password']); #Passwords are now MD5


$checkuser = mysql_query("SELECT username FROM users WHERE username = '$username'");

$user_exist = mysql_num_rows($checkuser);

if($user_exist > 0) {
  echo "That username is already registered according to our database records";
  include 'register.php';
  exit();
}

#Insert the username, password, and email
$query ="INSERT INTO users(username, password, email) VALUES('$username', '$password', '$email')";
mysql_query($query) or die (mysql_error());
mysql_close();
header('Location: index.php');
?>

bradgrafelman

In the future, please post parse error issues in the stickied thread in this forum entitled Parse Error: syntax error.

You might browse through it, in fact, because there are somewhere around 5 or so very common causes that cover 90% of parse errors. Your issue, for example, was a missing closing '}' brace for the if() statement on line #6 of your code snippet above.

EDIT: Also note that user-supplied data should never be placed directly into a SQL query, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize it with a function such as [man]mysql_real_escape_string/man (for string data).

Obrienray1

Thanks for pointing out that and when I register the data doesn't go into the users table?

dylanmhulderman

Try this... instead of leaving your variables inside of the quotes, exit the quote and then put the variable in, like so:

$query ="INSERT INTO users(username, password, email) VALUES('".mysql_real_escape_string($username)."', '".mysql_real_escape_string($password)."', '".mysql_real_escape_string($email)."')";

Also, get a password for you MySQL database because maybe somebody hacked in and changed the password or messed with the tables. People can do that if you don't have a password.

bradgrafelman

dylanmhulderman;10989031 wrote:
Try this... instead of leaving your variables inside of the quotes, exit the quote and then put the variable in, like so:
$query ="INSERT INTO users(username, password, email) VALUES('".mysql_real_escape_string($username)."', '".mysql_real_escape_string($password)."', '".mysql_real_escape_string($email)."')";

Or, for a much cleaner representation, I like to use [man]sprintf/man:

$query = sprintf(
    "INSERT INTO users(username, password, email) VALUES ('%s', '%s', '%s')",
    mysql_real_escape_string($_POST['username']),
    mysql_real_escape_string($_POST['password']),
    mysql_real_escape_string($_POST['email'])
);

dylanmhulderman;10989031 wrote:
Also, get a password for you MySQL database because maybe somebody hacked in and changed the password or messed with the tables. People can do that if you don't have a password.

... only if you create user accounts that allow connections from external IPs. Since this is almost always unnecessary, a good DBA would only allow either 'localhost' or other internal IPs. Granted, that DBA would also probably enforce a password policy on top of that.

dylanmhulderman

bradgrafelman;10989035 wrote:
... only if you create user accounts that allow connections from external IPs. Since this is almost always unnecessary, a good DBA would only allow either 'localhost' or other internal IPs. Granted, that DBA would also probably enforce a password policy on top of that.

I know I was gonna say that but anybody could end up using a host that allows external IPs... as a matter of fact, allowing external IPs is a professional service that should always be offered if somebody is paying for service.

Obrienray1

I don't get an error anymore but it won't the user data into the database for some odd reason.

dalecosp

Very unlikely it's an "odd reason". Are you testing for error conditions?

Got shell access? Ask your RDBMS manually. Read "Debugging 101". Read the logs. Contact tech support. Give us more insight and data and maybe we can help.