MySQL database connection

[Balkee867]

Ok, I have a registration area on my site, and when people sign up their information goes to my admin section. Since The script I am using doesn't use the "First Name" and "Last Name" fields, I added them to my database and I am trying to send them to my admin section, but it says "cannot execute query 3". Here is the code I am using for query 3:

$ip = $_SERVER['REMOTE_ADDR'];
$query = "INSERT INTO $userstable (username,password,email,vcode,address,city,state, zip,ip,firstname,lastname,)
VALUES ('$_POST[username]','$_POST[password]','$_POST','$_POST[address]','$_POST[city]','$_POST[state]','$_POST[zip]','$ip','$_POST[FirstName]','$_POST[LastName]')";
$resultB = mysql_query($query,$connection) or die ("Coundn't execute query3.");


What am i doing wrong?

 

[user-7256]

(Please use PHP and CODE tags from now on!)

Also, space your code better... it's not uniform and hard to read.

I'd also recommend recommend turning the $_POST variables into short names:

$variable = $_POST['variable'];

It makes the variables easier to use.

As for your problem, I don't think that you can use a variable as a table name... correct me if I'm wrong, since I've never tried it, but try just using the table name! Putting a variable to it takes more time anyway.

And what is actually WRONG with your query is:

You forgot a value for the "vcode" field

 

[Porte]

Did you try die(mysql_error()) instead for better error reporting.

I think the problem remains in this part of the query
"INSERT INTO $userstable (username,password,email,vcode,address,city,state, zip,ip,firstname,lastname,)

These are 11 columns, but the values are only 10, and there's no order. What's the vcode column? Also note the , after lastname.

I do not think you need to specify column names before values if you will use enter data in all columns in order, like INSERT INTO table VALUES('', '$first..name', '$etc...')

 

[user-7256]

Designporte - True, you don't need to specify the column names, however it can be useful for inserting data into only a few specific fields.

Yep, so in summary, your errors are, Balkee867:

1. You forgot to put a value into "vcode" field,
2. You put a comma after "lastname"

 

[Balkee867]

Ok, thanks a lot for that problem, didn't realize I forgot a value and that I had an extra comma. Anyways, now it is adding the user to the admin page, but the new fields that i added (firstname and lastname) are both blank. It also says:

Warning: Cannot modify header information - headers already sent by (output started at C:\Domains\webtossup.com\wwwroot\login\register.php:20) in C:\Domains\webtossup.com\wwwroot\login\register.php on line 146

 

[moondog]

As for your problem, I don't think that you can use a variable as a table name... correct me if I'm wrong, since I've never tried it, but try just using the table name!

You can use a variable name for a table name. I do it all the time.

-Bob

 

[Porte]

This error is showing because the output is already sent and you are trying to modify header information somehow. We need detailed code to know where the problem contains. As it seems you are trying to send headers some how after headers are already sent.

Please show more source code.

 

[user-7256]

Yeah, thanks bob! ^_^

As for your error, (You didn't have to put THAT in a PHP tag. lol... just put PHP in a PHP tag ) that means that you've sent headers (or something else to the browser, such as text or an echo() statement) already... a view of your full script if you could post it would be MOST helpful in solving the problem.

Hey, what's up with the spaces in your filename: ".ph__p"? (Replace _ with a space...) - look at that header error...

EDIT: Designporte beat me to it <_<

 

[Balkee867]

Ok, here's the full code for that page:

<?php

include 'config.php';

function is_alphachar($text) {

    for ($i = 0; $i < strlen($text); $i++) {

            if (!ereg("[A-Za-z0-9]", $text[$i])) {
                    return 1;
            }
    }
    }
function  checkEmail($email) {
 if (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email)) {
  return false;
 }
 return true;
}


$form .= "Register a new username. Be sure to enter a <b>genuine</b> email as it will be used to recover your account.<br>";
$form .= "<form action=\"./register.php\" method=\"POST\">";
$form .= "Username: <br><input type=\"text\" name=\"username\" value=\"$_POST[username]\"><br>";
$form .= "Your email: <br><input type=\"text\" name=\"email\" value=\"$_POST[email]\"><br>";
$form .= "Password: <br><input type=\"password\" name=\"password\" value=\"$_POST[password]\"><br>";
$form .= "First Name: <br><input type=\"text\" name=\"FirstName\" value=\"$_POST[FirstName]\"><br>";
$form .= "Last Name: <br><input type=\"text\" name=\"LastName\" value=\"$_POST[LastName]\"><br>";
$form .= "Address: <br><input type=\"text\" name=\"address\" value=\"$_POST[address]\"><br>";
$form .= "City: <br><input type=\"text\" name=\"city\" value=\"$_POST[city]\"><br>";
$form .= "State: <br><input type=\"text\" name=\"state\" value=\"$_POST[state]\"><br>";
$form .= "Zipcode: <br><input type=\"text\" name=\"zip\" value=\"$_POST[zip]\"><br>";
$form .= "<input type=\"submit\" value=\"Create!\">";
$form .= "</form>";

if($_POST[username] == ""){
echo $form;
} elseif(strlen($_POST[password]) < 6){
echo $form;
echo "<br> Error password must be 6 characters or more";


} else {
$connection = mysql_connect($hostname, $user, $pass)
or die(mysql_error());
$db = mysql_select_db($database, $connection)
        or die(mysql_error());


$sql = "SELECT username FROM $userstable
        WHERE username = '$_POST[username]'";

$sql2 = "SELECT email FROM $userstable
        WHERE email = '$_POST[email]'";

$result = mysql_query($sql)
        or die ("Couldn't execute query1.");

$result2 = mysql_query($sql2)
        or die ("Couldn't execute query2.");

$num = mysql_num_rows($result);
$num2 = mysql_num_rows($result2);

if (is_alphachar($_POST[username]) == 1) {
echo $form;
echo "Invalid Username. Only numbers/letters are allowed.<br>";
die;
}
if ($num == 1) {


echo "Error, username already exists!";

} elseif ($num2 == 1) {
echo "Error, that email address has already been registered. Please select a different one.";
} else {
$ip = $_SERVER['REMOTE_ADDR'];
$query = "INSERT INTO $userstable (username,password,email,vcode,address,city,state,zip,ip,firstname,lastname)
                VALUES ('$_POST[username]','$_POST[password]','$_POST[email]','$_POST[vcode]','$_POST[address]','$_POST[city]','$_POST[state]','$_POST[zip]','$ip','$_POST[firstname]','$_POST[lastname]')";
$resultB = mysql_query($query,$connection) or die ("Coundn't execute query3.");

$cookie_name = "auth";
$cookie_value = "fook!$_POST[username]";
$cookie_expire = "0";
$cookie_domain = $domain;

setcookie($cookie_name, $cookie_value, $cookie_expire, "/", $cookie_domain, 0);

echo "Congratulations $tmpname. Your account has been created and added to database";
echo "<br>You are now logged in.";
echo "<br>Click <a href=\"index.php\">here</a> to goto members area";

}
}
?>
</td>

and as for the spaces, I don't know, but they aren't in the actual code, for some reason they just came up when I put them in php tags online.

 

[axilant]

in

C:Domainswebtossup.comwwwrootloginregister.ph

Delete the ?> at the end of the file. Should stop the error ^^

 

[Balkee867]

I did that, and it still had the error there. Could you explain why I should delete that? It's the closing tag for php, right?

 

[axilant]

reason is sometimes when you edit a file, there gets to be spaces after the ?> check before the <?PHP for any loose spaces as well...

 

[Porte]

Some times empty lines, comments, spaces cause this error, It happened with me..and it is usually fixed by removing that stuff.

 

[Balkee867]

I have tried this, and for some reason, the error is still there. Does it make any difference that it was working before I added the two fields?

 

[Outer]

Try this code. Worked perfectly for me on my test server...

<?php
require("config1.php");

/*
Changes I made:
 - Variable Changes:
     - Instead of $string = "$_POST[username] is my name." I did:
     - $string = $_POST['username']" is my name";
 - Error reporting on mysql DIE function now more clear (gives # so you can easily search for it)
 - improved user-defined functions
 - added mysql_real_escape_string when checking against DB. <-- Security
*/


//
// I Changed this because you do NOT need to loop through each character.
// It will check the overall string and if any of the characters are not alphanumeric,
// then it will return false
//
function is_alphachar($text)
{
    if (!ereg("[A-Za-z0-9]", $text))
    {
        return FALSE;
    }
    else
    {
        return TRUE;
    }
}

function  checkEmail($email)
{
    if (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email))
    {
        return TRUE;
    }
    else
    {
        return TRUE;
    }
}


$form .= "Register a new username. Be sure to enter a <b>genuine</b> email as it will be used to recover your account.<br>";
$form .= "<form action=\"test_file.php\" method=\"POST\">";
$form .= "Username: <br><input type=\"text\" name=\"username\" value=\"".$_POST['username']."\"><br>";
$form .= "Your email: <br><input type=\"text\" name=\"email\" value=\"".$_POST['email']."\"><br>";
$form .= "Password: <br><input type=\"password\" name=\"password\" value=\"".$_POST['password']."\"><br>";
$form .= "First Name: <br><input type=\"text\" name=\"firstname\" value=\"".$_POST['firstname']."\"><br>";
$form .= "Last Name: <br><input type=\"text\" name=\"lastname\" value=\"".$_POST['lastname']."\"><br>";
$form .= "Address: <br><input type=\"text\" name=\"address\" value=\"".$_POST['address']."\"><br>";
$form .= "City: <br><input type=\"text\" name=\"city\" value=\"".$_POST['city']."\"><br>";
$form .= "State: <br><input type=\"text\" name=\"state\" value=\"".$_POST['state']."\"><br>";
$form .= "Zipcode: <br><input type=\"text\" name=\"zip\" value=\"".$_POST['zip']."\"><br>";
$form .= "<input type=\"submit\" value=\"Create!\">";
$form .= "</form>";

if(empty($_POST['username']))
{
    echo $form;
}
elseif(strlen($_POST['password']) < 6)
{
    echo $form;
    echo "<br> Error password must be 6 characters or more";
}
else
{
    $connection = mysql_connect($hostname, $user, $pass) or die("Error 1: ".mysql_error());
    $db = mysql_select_db($database, $connection) or die("Error 2: ".mysql_error());

    //
    // Added mysql_real_escape_string() function for improved security
    //
    $sql = "SELECT username FROM ".$userstable." WHERE username = '".mysql_real_escape_string($_POST['username'])."'";
    $sql2 = "SELECT email FROM ".$userstable." WHERE email = '".mysql_real_escape_string($_POST['email'])."'";

    $result = mysql_query($sql) or die ("Error 3: ".mysql_error());
    $result2 = mysql_query($sql2) or die ("Error 4: ".mysql_error());

    $num = mysql_num_rows($result);
    $num2 = mysql_num_rows($result2);

        if (is_alphachar($_POST['username']) == FALSE)
        {
            echo $form;
            echo "Invalid Username. Only numbers/letters are allowed.<br>";
            DIE;
        }

        if ($num == 1)
        {
            echo "Error, username already exists!";
        }
        elseif ($num2 == 1)
        {
            echo "Error, that email address has already been registered. Please select a different one.";
        }
        else
        {
            //
            // Added Vcode since it isn't in this file and it DOESN'T come from via $_POST method
            //
            $vcode = "random_verification_code";
            $ip = $_SERVER['REMOTE_ADDR'];
            $query = "INSERT INTO ".$userstable." (username, password, email, vcode, address, city, state, zip, ip, firstname, lastname)
                      VALUES ('".$_POST['username']."','".$_POST['password']."','".$_POST['email']."','".$vcode."','".$_POST['address']."','".$_POST['city']."','".$_POST['state']."','".$_POST['zip']."','".$ip."','".$_POST['firstname']."','".$_POST['lastname']."')";
            $resultB = mysql_query($query,$connection) or die("Error 4: ".mysql_error());

            $cookie_name = "auth";
            $cookie_value = "fook!".$_POST['username'];
            $cookie_expire = "0";
            $cookie_domain = $domain;

            setcookie($cookie_name, $cookie_value, $cookie_expire, "/", $cookie_domain, 0);

            echo "Congratulations ".$tmpname.". Your account has been created and added to database";
            echo "<br>You are now logged in.";
            echo "<br>Click <a href=\"index.php\">here</a> to goto members area";

        }
}
?>

 

[Balkee867]

Since I tried yours, and it still didn't work, it must be what I have before the <?php . Is there something that would cause this error in the following code?

 <table border="0" width="100%" cellpadding="10">
<tr>
<td width=25%" valign="top"> 
<object width="200" height="500">
<param name="movie" value="backtest.swf">
<embed src="backtest.swf" width="100" height="25">
</embed>
</object>
<br>
<object width="200" height="500">
<param name="movie" value="registerkool.swf">
<embed src="registerkool.swf" width="100" height="25">
</embed>
</object>
<br>
<object width="200" height="500">
<param name="movie" value="loginkool.swf">
<embed src="loginkool.swf" width="100" height="25">
</embed>
</object>
<br>
<object width="200" height="500">
<param name="movie" value="FAQkool.swf">
<embed src="FAQkool.swf" width="100" height="25">
</embed>
</object>
<br>
<object width="200" height="500">
<param name="movie" value="contactkool.swf">
<embed src="contactkool.swf" width="100" height="25">
</embed>
</object>
<object width="200" height="500">
<param name="movie" value="banner onethird.swf">
<embed src="banner onethird.swf" width="150" height="150">
</embed>
</object>
<object width="300" height="700">
<param name="movie" value="banner twothird.swf">
<embed src="banner twothird.swf" width="150" height="150">
</embed>
</object>
<object width="300" height="700">
<param name="movie" value="banner threethird.swf">
<embed src="banner threethird.swf" width="150" height="150">
</embed>
</object>
</td>
<td width="75%" valign="top">

 

[user-7256]

Ah! You should have sent the WHOLE file to us.

You cannot have ANY DATA sent to the browser BEFORE a header statement or setcookie() function (which uses headers). This means no HTML ... no CSS ... no echo() statements, etc.

You will have to put the PHP first, or divide it into seperate files.

 

[Balkee867]

So if I put all of the PHP before the flash (swf files) then it would work?

 

[user-7256]

No, before ANY HTML or ANYTHING that sends data to the browser. Before any output, before any other headers.

 

[Outer]

setcookie has to be set BEFORE ANYTHING is shown

To do it your way, you could put all the data into a variable like you did the form and echo it when needed, or place it into a seperate file and include it when needed...