Back to General and Gameplay Programming

[web] PHP/SQL Help

General and Gameplay Programming Programming

Started by redfeild December 24, 2008 09:35 PM

10 comments, last by redfeild 15 years, 3 months ago

redfeild

122

Author

December 24, 2008 09:35 PM

I'm trying to set up a user base for my website and I'm not completely sure how. Right now I have this code to be executed once the registration form is submitted:

Quote:

<html><?php
$con = mysql_connect("mysql2.freehostia.com","...","...");
if($_POST["username"] == "")
{
	die("The username field cannot be empty.");
}
if(($_POST["password"] == "") || ($_POST["password"] != $_POST["confirmpassword"]))
{
	die("The password field cannot be empty and both password fields must match.");
}
if($_POST["email"] == "")
{
	die("The email field cannot be empty.");
}
$mdy = explode("/", $_POST["dob"]);
if(!checkdate((int)$mdy[0], (int)$mdy[1], (int)$mdy[2]))
{
	die("The date format is incorrect. Please use MM/DD/YYYY, example 7/8/1975");
}
echo $_POST["username"] . " " . $_POST["password"] . " " . $_POST["fname"] . " " . $_POST["lname"] . " " . $_POST["email"] . " " . $_POST["dob"];
$username = $_POST["username"];
$password = $_POST["password"];
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$email = $_POST["email"];
$dob = $_POST["dob"];
$sex = $_POST["sex"];
mysql_select_db("chrsno_wmhao",$con);
mysql_query("INSERT INTO users
VALUES ($username, $password, $fname, $lname, $email, $dob, $sex, 'datejoined', '0')",$con);
?><br />Click here to return to the register page.</html>

I need to know how to correctly: -Connect to the SQL database -Add the user to the SQL table I have set up Here is a link to the register page: http://isnooky.freehostia.com/register.html NO ERROR MESSAGES! That problem has been resolved, but as before, the new user does not get added to the database. I need much help with this (hint: Am I using the sql_query function right? I don't really know...). [Edited by - redfeild on January 13, 2009 12:16:58 PM]

leiavoia

960

December 24, 2008 11:36 PM

The username and password you have for the database server is incorrect. If the database user can't connect to the database, your whole program is moot.

redfeild

122

Author

December 25, 2008 08:50 AM

Quote:Original post by leiavoia
The username and password you have for the database server is incorrect. If the database user can't connect to the database, your whole program is moot.

No, the username and password are both right...
Am I using the right line of code to connect? I really just guessed with all that stuff...

ToohrVyk

1,596

December 25, 2008 08:52 AM

Quote:Original post by redfeild
No, the username and password are both right...

Your database disagrees.

Quote:Warning: mysql_connect(): Access denied for user 'chrsno_wmhao'@'66.40.52.29' (using password: YES) in /home/www/isnooky.freehostia.com/adduser.php on line 2

Blog — Facebook

redfeild

122

Author

December 25, 2008 01:42 PM

I tried changing the line of code that connects to the database:

Quote:

$con = mysql_connect("isnooky.freehostia.com","*removed*","*blah*");

But now I get this error:

Quote:Warning: mysql_connect(): Can't connect to MySQL server on 'isnooky.freehostia.com' (111) in /home/www/isnooky.freehostia.com/adduser.php on line 2

I think the problem is the first argument that identifies the server, I'll try some more stuff...

ID Merlin

119

December 26, 2008 01:10 PM

Sometimes, all you need to do is to use 'localhost' for the server name.

Aragon Online

leiavoia

960

December 26, 2008 03:58 PM

given the error message, the original host was correct, but the password was not.

marcjulian

959

December 26, 2008 04:10 PM

And you should really read up on SQL Injections :)
Otherwise you won't have much fun with your database long..

Marc

mpipe

104

December 26, 2008 05:35 PM

Quote:Original post by redfeild
$username = $_POST["username"];
$password = $_POST["password"];
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$email = $_POST["email"];
$dob = $_POST["dob"];
$sex = $_POST["sex"];
mysql_query("INSERT INTO `users` VALUES ('$username', '$password', '$fname', '$lname', '$email', '$dob', '$sex', 'datejoined', '0')",$con);
8

This is very very very bad. You're leaving yourself wide open to SQL injection. Look up mysql_escape_string.

redfeild

122

Author

December 26, 2008 06:10 PM

Quote:Original post by mpipe
Quote:Original post by redfeild
$username = $_POST["username"];
$password = $_POST["password"];
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$email = $_POST["email"];
$dob = $_POST["dob"];
$sex = $_POST["sex"];
mysql_query("INSERT INTO `users` VALUES ('$username', '$password', '$fname', '$lname', '$email', '$dob', '$sex', 'datejoined', '0')",$con);
8

This is very very very bad. You're leaving yourself wide open to SQL injection. Look up mysql_escape_string.

SQL injection? I'm not familiar with the term... and I'll look that up.

I'll also check the username and password. Do I use the same one I use to log in to my PHP MyAdmin?

[web] PHP/SQL Help

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

[web] PHP/SQL Help

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

Reticulating splines