Re: php inserts into DB
- From: Jerry Stuckle <jstucklex@xxxxxxxxxxxxx>
- Date: Fri, 08 Feb 2008 22:32:33 -0500
fb wrote:
Hello. I have some php code that is supposed to throw stuff into a database...the only problem is that it doesn't put anything in the database. It simply continues on it's way and says "You have registered" when really it hasn't touched the DB (other than to connect). Any ideas as to what is wrong?
I posted the whole code, because it didn't seem that long...hope it's not too bad. It doesn't seem to look so great in the newsreader window, but it should cut-and-paste just fine (and with better formatting). Thanks.
//CODE STARTS HERE
<?php
// Connects to your Database
mysql_connect("localhost", "me", "myPass") or die(mysql_error());
mysql_select_db("myDB") or die(mysql_error());
//This code runs if the form has been submitted
if (isset($_POST['submit'])) {
//This makes sure they did not leave any MANDATORY fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] | !$_POST['fname'] |
!$_POST['lname'] | !$_POST['country'] | !$_POST['email']) {
die('You did not complete all of the required fields');
}
// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM person WHERE username = '$usercheck'") or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}
// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}
//Here we encrypt the password (simple md5 hash), etc and add slashes if needed
//Blowfish encryption coming soon!
$_POST['pass'] = md5($_POST['pass']);
$_POST['username'] = md5($_POST['username']);
$_POST['fname'] = md5($_POST['fname']);
$_POST['lname'] = md5($_POST['lname']);
$_POST['country'] = md5($_POST['country']);
$_POST['province'] = md5($_POST['province']);
$_POST['city'] = md5($_POST['city']);
$_POST['pCode'] = md5($_POST['pCode']);
$_POST['suiteNum'] = md5($_POST['suiteNum']);
$_POST['streetNum'] = md5($_POST['streetNum']);
$_POST['streetName'] = md5($_POST['streetName']);
$_POST['DOB'] = md5($_POST['DOB']); //We should probably remove this...
$_POST['email'] = md5($_POST['email']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
$_POST['fname'] = addslashes($_POST['fname']);
$_POST['lname'] = addslashes($_POST['lname']);
$_POST['country'] = addslashes($_POST['country']);
$_POST['province'] = addslashes($_POST['province']);
$_POST['city'] = addslashes($_POST['city']);
$_POST['pCode'] = addslashes($_POST['pCode']);
$_POST['suiteNum'] = addslashes($_POST['suiteNum']);
$_POST['streetNum'] = addslashes($_POST['streetNum']);
$_POST['streetName'] = addslashes($_POST['streetName']);
$_POST['DOB'] = addslashes($_POST['DOB']); //We should probably remove this...
$_POST['email'] = addslashes($_POST['email']);
}
//now we insert it into the database
$insertMember = "INSERT INTO person (username, password, firstname, lastname, DOB)
VALUES ('$_POST[username]', '$_POST[pass]', '$_POST[fname]', '$_POST[lname]', '$_POST[DOB]')";
$add_member = mysql_query($insertMember);
$insertAddress = "INSERT INTO address (country, province, city, postalCode, suiteNum, streetNum, streetName, email)
VALUES ('$_POST[country]', '$_POST[province]', '$_POST[city]', '$_POST[pCode]',
'$_POST[suiteNum]', '$_POST[streetNum]', '$_POST[streetName]', '$_POST[email]')";
$add_address = mysql_query($insertAddress);
?>
<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php
}
else
{
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr>
<td>First name:</td>
<td><input type="text" name="fname" maxlength="35"></td>
</tr>
<tr>
<td>Last name:</td>
<td><input type="text" name="lname" maxlength="50"></td>
</tr>
<tr>
<td>Username:</td>
<td><input type="text" name="username" maxlength="60"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="pass" maxlength="10"></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type="password" name="pass2" maxlength="10"></td>
</tr>
<tr>
<td>Date of Birth:</td><!-- This is a personal question & under the Personal Information
Protection and Electronic Documents Act (PIPEDA), a valid
reason is needed to ask such a question. Security measures
must be taken to ensure the information secured will remain
safe. ALSO APPLIES TO ADDRESS COLLECTION!
More info here:
http://www.privcom.gc.ca/information/02_05_d_08_e.asp -->
<!-- The "date" input type is not supported in most browsers because it is
relatively new. As such, it may be easier to parse a string -->
<td><input type="text" name="DOB" maxlength="60"></td>
</tr>
<!-- ADDRESS INFORMATION --><br />
<tr>
<td>Select Country:</td>
<td><!-- The option tag only needs to be close with XHTML -->
<select NAME="country">
<option VALUE="phil">Phil</option>
<option VALUE="usa">USA</option>
<option VALUE="can" selected>Canada</option>
</select>
</td>
</tr>
<tr>
<td>Select Province</td>
<td>
<select NAME="province">
<option VALUE="MB"selected="selected">Manitoba</option>
<option VALUE="AB">Alberta</option>
<option VALUE="ON">Ontario</option>
<option VALUE="BC">British Colombia</option>
<option VALUE="SK">Saskatchewan</option>
<option VALUE="YT/YK">Yukon</option>
<option VALUE="PC/QC">Quebec</option>
<option VALUE="PE">Prince Edward Island</option>
<option VALUE="NS">Nova Scotia</option>
<option VALUE="NL">Newfoundland</option>
<option VALUE="NT">Northwest Territories</option>
<option VALUE="NU">Nunavut</option>
<option VALUE="NB">New Brunswick</option>
</select>
</td>
</tr>
<tr>
<td>city:</td>
<td> <input type="text" name="city" /></td>
</tr>
<tr>
<td>postal_code :</td>
<td><input type= "text" name="pCode"/></td>
</tr>
<tr>
<td>suite_num :</td>
<td><input type= "number" name="suiteNum" /></td>
</tr>
<tr>
<td>street_num :</td>
<td><input type= "number" name="streetNum" /></td>
</tr>
<tr>
<td>street_name :</td>
<td><input type= "text" name="streetName"/></td>
</tr>
<tr>
<td>email :</td>
<td><input type= "text" name= "email"/></td>
</tr>
<tr>
<th colspan=2><input type="submit" name="submit" value="Register"></th>
<th colspan=2><input type="reset" value="Clear Form"></th>
</tr>
</table>
</form>
<?php
}
?>
//CODE ENDS HERE
Check the results from your mysql_query statements. When you get false back, find out what the error message is.
Also, don't use addslashes. That's what mysql_real_escape_string() is for.
And finally, don't try to change the $_POST array. Rather, create local variables to handle the values. Rather, validate your data and save it in local variables.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.
- Follow-Ups:
- Re: php inserts into DB
- From: fb
- Re: php inserts into DB
- References:
- php inserts into DB
- From: fb
- php inserts into DB
- Prev by Date: Re: How much execution time is left?
- Next by Date: Re: php inserts into DB
- Previous by thread: Re: php inserts into DB
- Next by thread: Re: php inserts into DB
- Index(es):
Relevant Pages
|
