Jump to content
  • Advertisement
Sign in to follow this  
redfeild

[web] PHP/SQL Help

This topic is 3473 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I'm trying to set up a user base for my website and I'm not completely sure how. Right now I have this code to be executed once the registration form is submitted:
Quote:
<html><?php
$con = mysql_connect("mysql2.freehostia.com","...","...");
if($_POST["username"] == "")
{
	die("The username field cannot be empty.");
}
if(($_POST["password"] == "") || ($_POST["password"] != $_POST["confirmpassword"]))
{
	die("The password field cannot be empty and both password fields must match.");
}
if($_POST["email"] == "")
{
	die("The email field cannot be empty.");
}
$mdy = explode("/", $_POST["dob"]);
if(!checkdate((int)$mdy[0], (int)$mdy[1], (int)$mdy[2]))
{
	die("The date format is incorrect. Please use MM/DD/YYYY, example 7/8/1975");
}
echo $_POST["username"] . " " . $_POST["password"] . " " . $_POST["fname"] . " " . $_POST["lname"] . " " . $_POST["email"] . " " . $_POST["dob"];
$username = $_POST["username"];
$password = $_POST["password"];
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$email = $_POST["email"];
$dob = $_POST["dob"];
$sex = $_POST["sex"];
mysql_select_db("chrsno_wmhao",$con);
mysql_query("INSERT INTO users
VALUES ($username, $password, $fname, $lname, $email, $dob, $sex, 'datejoined', '0')",$con);
?><br />Click here to return to the register page.</html>
I need to know how to correctly: -Connect to the SQL database -Add the user to the SQL table I have set up Here is a link to the register page: http://isnooky.freehostia.com/register.html NO ERROR MESSAGES! That problem has been resolved, but as before, the new user does not get added to the database. I need much help with this (hint: Am I using the sql_query function right? I don't really know...). [Edited by - redfeild on January 13, 2009 12:16:58 PM]

Share this post


Link to post
Share on other sites
Advertisement
The username and password you have for the database server is incorrect. If the database user can't connect to the database, your whole program is moot.

Share this post


Link to post
Share on other sites
Quote:
Original post by leiavoia
The username and password you have for the database server is incorrect. If the database user can't connect to the database, your whole program is moot.


No, the username and password are both right...
Am I using the right line of code to connect? I really just guessed with all that stuff...

Share this post


Link to post
Share on other sites
Quote:
Original post by redfeild
No, the username and password are both right...
Your database disagrees.
Quote:
Warning: mysql_connect(): Access denied for user 'chrsno_wmhao'@'66.40.52.29' (using password: YES) in /home/www/isnooky.freehostia.com/adduser.php on line 2


Share this post


Link to post
Share on other sites
I tried changing the line of code that connects to the database:
Quote:
$con = mysql_connect("isnooky.freehostia.com","*removed*","*blah*");


But now I get this error:
Quote:
Warning: mysql_connect(): Can't connect to MySQL server on 'isnooky.freehostia.com' (111) in /home/www/isnooky.freehostia.com/adduser.php on line 2


I think the problem is the first argument that identifies the server, I'll try some more stuff...

Share this post


Link to post
Share on other sites
Quote:
Original post by redfeild
$username = $_POST["username"];
$password = $_POST["password"];
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$email = $_POST["email"];
$dob = $_POST["dob"];
$sex = $_POST["sex"];
mysql_query("INSERT INTO `users` VALUES ('$username', '$password', '$fname', '$lname', '$email', '$dob', '$sex', 'datejoined', '0')",$con);
8
[/quote]

This is very very very bad. You're leaving yourself wide open to SQL injection. Look up mysql_escape_string.

Share this post


Link to post
Share on other sites
Quote:
Original post by mpipe
Quote:
Original post by redfeild
$username = $_POST["username"];
$password = $_POST["password"];
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$email = $_POST["email"];
$dob = $_POST["dob"];
$sex = $_POST["sex"];
mysql_query("INSERT INTO `users` VALUES ('$username', '$password', '$fname', '$lname', '$email', '$dob', '$sex', 'datejoined', '0')",$con);
8


This is very very very bad. You're leaving yourself wide open to SQL injection. Look up mysql_escape_string.


SQL injection? I'm not familiar with the term... and I'll look that up.

I'll also check the username and password. Do I use the same one I use to log in to my PHP MyAdmin?

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!