Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.
Trending News
Help with an SQL insert script ?
So I have a script i've created, it gets first names, surnames, usernames, emails and passwords from the HTML form. However it only displays the FirstName variable when i echo each of the above variables as they're not being inserted into the database, they're not being passed from the HTML form to the PHP script either, except for the FirstName field, i've checked over and can't see why.
The SQL insert script is also not working.
Any ideas ?
Below is the code for both parts.
HTML http://pastebin.com/Fih4QgDs
PHP http://pastebin.com/PCTuThPa
Thanks in Advance.
EDIT:
Thanks for pointing that out.
I've changed it around and can confirm that the variables are now being passed through.
TestFirstName
TestSurname
TestEmail@email.net
TestUsername
password
You did not complete all fields, please try again
However as you can see I am still getting an error, I wonder If this is because my IF Statements ma be in the wrong order?
EDIT #2
##################
I've changed it around based on your comments, i tried the confirm password echo and it works, outputting the confirmed password between the > <. This has now been removed from the script.
However i'm now getting
TestFirstName
TestSurname
TestEmail@email.net
TestUsername
password
password
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/{REMOVED}/public_html/Site/register.php on line 68
You have successfully registered, please loginThe two passwords you entered did not match
Also, despite the successful registration message, the User information has not been entered into the Database.
The code used at the time of this error is this.
Thanks Again.
Nope. EDIT #2 Isn't working.
Still getting.
TestFirstName
TestSurName
testemail@email.net
john2
password
password
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/billyboy/public_html/Site/register.php on line 68
You have successfully registered, please loginThe two passwords you entered did not match
####
EDIT:
Thank you so much for your patience so far.
Edit 3 removed the num rows invalid argument error, however i'm still getting the
You have successfully registered, please loginThe two passwords you entered did not match
output... which i can't understand. How can it being displaying two messages from two different IF statements at the same time. I can't see anything wrong with it to make it display the error message in the first place.
The SQL insert still isn't working.
I've replaced the missing backtick which i never noticed
the current code looks like this.
Thank you again for the responses.
Sorry.. ignore the above..
Your EDIT 3#
Removed the error saying the passwords aren't the same.
-Hasn't fixed the SQL insert issue.
-gives this:
You have successfully registered, please login
So, In short, you've managed to fix everything except for the SQL insert code itself.
I must admit i always forget and spend hours debugging everytime i code SQL inserts because i can never get them to work first time, I always have to play around with the backticks and the ' to get it to work.
So it's just the SQL which isn't working at this time.
Thanks for the help so far though, really appreciate it. :)
3 Answers
- Anonymous8 years agoFavorite Answer
I just took a quick look, and I noticed that you do this:
$Firstname = $_POST['FirstName'];
and then this:
$Surname = $POST['Surname'];
$EmailAddress = $POST['EmailAddress'];
$Username = $POST['Username'];
$Password = $POST['Password'];
$ConfirmPassword = $POST['ConfirmPassword'];
Note that in all the latter ones, the underscore between $ and POST is missing.
## EDIT 1 ##
The ConfirmPassword should be between
password
and
You did not complete all fields, please try again
so if it's missing, that's probably what is causing the problem. Just after
//ensure form has been completed
add the line:
echo 'ConfirmPassword now is >', $ConfirmPassword, '<'; exit;
The > and < are only added so you can see if there's actually something in that string, even if it's only whitespace.
## EDIT 2 ##
This line
$rows2 = mysql_num_rows($check2);
already gives you the number of ros that were updated by your earlier query (DML statement), so you don't need to do this:
$rowscheck2 = mysql_query($rows2);
if($rowscheck2==0) {
Instead, do this:
$rows2 = mysql_num_rows($check2);
if($rows2==0) {
That should fix your latest problem.
## EDIT 3 ##
OK, this:
$sql2 = "SELECT Email_Address FROM `billyboy_users`.`users WHERE Email_Address = '".$EmailAddress."'";
should be
$sql2 = "SELECT Email_Address FROM `billyboy_users`.`users` WHERE Email_Address = '".$EmailAddress."'";
(note backtick after `users`) and this
}
echo "The two passwords you entered did not match";
should be
} else {
echo "The two passwords you entered did not match";
}
## EDIT 4 ##
The data isn't stored because... you don't store it. :-) You create a SQL INSERT statement , but you don't do mysql_query($register_sql) --or whatever you need to do...
That should do it. :-)
- VBALv 48 years ago
Here's a registration form / script I threw together, which you can use as a template.
http://pastebin.com/raw.php?i=PquLi50y
1. This script does one-way encryption on the password before its INSERT. This way, the plain-text password is not recorded anywhere. Then, when the user logs in, use the same one-way encryption to check what they entered against what's in the database.
2. You're doing some basic sanitization of user inputs, which is good, but there's more you can do. Check lengths, formats, and special characters; instead of concatenating the variables into your SQL string, use placeholders, then bind the variables to the placeholders.
3. Stop using the mysql extension, which includes all those functions that begin with mysql_. This extension is no longer maintained by the PHP team, and is flagged for deprecation. They've introduced two newer, better extensions for interacting with MySQL database: PDO and MySQLi. My script uses PDO, which I recommend because it supports all the major RDBS.
4. In your SQL statement, you don't need to wrap all your table and column names in backticks. This is only needed if you've named something using a reserved word, which you generally shouldn't do in the first place.
5. You don't need to refer to the ID column in your SQL statement. I'm assuming this is an auto-number. The columns in your INSERT INTO list should match exactly the elements in your VALUES list.
6. Like the other answer points out, you're missing some underscores in your $_POST references.
- mcdoleLv 44 years ago
a million-Lita, Sable, Fabuloose Moolah, Chyna, and Trish are overrated no i disagree 2-Sting and HBK deserve a million extra effective worldwide perceive reign interior the previous they retire. i specific i agree 3- the present ECW is high-quality and underrated. specific i agree 4- Triple H would desire to be an substantial Eventer with out Stephanie McMahon, yet he does not be a 12 time worldwide champ. no i disagree 5- specific For Glory 2008 would be extra effective than WM 24. specific i agree 6- area desires a sparkling Finisher. specific i agree 7- Jeff Hardy isn't the surprising extreme-flyer ever. specific i agree