PHP Help

**Zenax** · 06-19-2007 03:26 PM

PHP Code:



<?Php

// including the db connection script
require_once("connect_db.php");

// declaring the variables
$username = $_POST['username'];
$password = $_POST['password'];
$passrept = $_POST['passrept'];

// stripping HTML tags from the info entered
$_POST['username'] = strip_tags($_POST['username']);
$_POST['password'] = strip_tags($_POST['password']);
$_POST['passrept'] = strip_tags($_POST['passrept']);

// Checking a username is not already taken

$SQL = "SELECT * FROM users WHERE users = $username";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result)or die(mysql_error());

if ($num_rows > 0) {
$errorMessage = "Username already taken";
}
else {
}

// encrypt the password into md5
$_POST['password'] = md5($_POST['password']);

// inserting the data into the db
$insert = mysql_query("INSERT INTO users VALUES ('". $_POST['username'] ."', '". $_POST['password'] ."') ")
    or die("Could not insert data because ".mysql_error());
    
echo ('Your account has been added!');



?>

Currently working on a PHP registration script for my CMS. I am needing to check if a username is taken, and the tutorials I have fount online seem to follow the route highlighted in bold.

Do help me out as that method does not work. Thanks for your help.

**Brandon** · 06-19-2007 03:29 PM

Try this, you had the data outside the else {}, so it didn't matter.

PHP Code:


<?Php

// including the db connection script
require_once("connect_db.php");

// declaring the variables
$username = $_POST['username'];
$password = $_POST['password'];
$passrept = $_POST['passrept'];

// stripping HTML tags from the info entered
$_POST['username'] = strip_tags($_POST['username']);
$_POST['password'] = strip_tags($_POST['password']);
$_POST['passrept'] = strip_tags($_POST['passrept']);

// Checking a username is not already taken

$SQL = "SELECT * FROM users WHERE users = $username";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result)or die(mysql_error());

if ($num_rows > 0) {
$errorMessage = "Username already taken";
}
else {

// encrypt the password into md5
$_POST['password'] = md5($_POST['password']);

// inserting the data into the db
$insert = mysql_query("INSERT INTO users VALUES ('". $_POST['username'] ."', '". $_POST['password'] ."') ")
    or die("Could not insert data because ".mysql_error());
    
echo ('Your account has been added!');

}



?>

**Zenax** · 06-19-2007 04:42 PM

Did i mention that this is my error message:

Code:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in ..[file path here removed for security].. on line 20
Unknown column 'test' in 'where clause'

**trev** · 06-19-2007 04:46 PM

From that im guessing u can try this replace

$SQL = "SELECT * FROM users WHERE users = $username";

with

$SQL = "SELECT * FROM users WHERE users = '$username'";

**Zenax** · 06-19-2007 04:53 PM

ok so that got rid of the error message. however now all I get is a blank page, and the "Your account has been added" doesnt show up when I add a new account.

Second, I don't get an error message now when i use a username that should be taken.

**trev** · 06-19-2007 04:57 PM

PHP Code:


<?php

// including the db connection script
require_once("connect_db.php");

// declaring the variables
$username = $_POST['username'];
$password = $_POST['password'];
$passrept = $_POST['passrept'];

// stripping HTML tags from the info entered
$_POST['username'] = strip_tags($_POST['username']);
$_POST['password'] = strip_tags($_POST['password']);
$_POST['passrept'] = strip_tags($_POST['passrept']);

// Checking a username is not already taken

$q = mysql_query("SELECT * FROM Users WHERE Username = '$username'") or die(mysql_error());
if(mysql_num_rows($q) > 0)
{

echo '<script>alert("The username you entered is already in use, please try again.");</script>';
echo '<script>history.back(1);</script>';
exit;

}
else {

// encrypt the password into md5
$_POST['password'] = md5($_POST['password']);

// inserting the data into the db
$insert = mysql_query("INSERT INTO users VALUES ('". $_POST['username'] ."', '". $_POST['password'] ."') ")
    or die("Could not insert data because ".mysql_error());
    
echo ('Your account has been added!');

}



?>

Try that its something from an old script i use.

**Zenax** · 06-19-2007 05:19 PM

Unknown column 'user' in 'where clause'

this be annoying. script was working fine until i included this part of the script .... added for extra security!

**trev** · 06-19-2007 05:25 PM

PHP Code:


<?Php



// including the db connection script

require_once("connect_db.php");



// declaring the variables

$username = $_POST['username'];

$password = $_POST['password'];

$passrept = $_POST['passrept'];



// stripping HTML tags from the info entered

$_POST['username'] = strip_tags($_POST['username']);

$_POST['password'] = strip_tags($_POST['password']);

$_POST['passrept'] = strip_tags($_POST['passrept']);



// Checking a username is not already taken



$q = mysql_query("SELECT * FROM users WHERE users = '$username'") or die(mysql_error());

if(mysql_num_rows($q) > 0)

{



echo '<script>alert("The username you entered is already in use, please try again.");</script>';

echo '<script>history.back(1);</script>';

exit;



}

else {



// encrypt the password into md5

$_POST['password'] = md5($_POST['password']);



// inserting the data into the db

$insert = mysql_query("INSERT INTO users VALUES ('". $_POST['username'] ."', '". $_POST['password'] ."') ")

    or die("Could not insert data because ".mysql_error());

    

echo ('Your account has been added!');



}







?>

Little tweaking, you realy do need the username check though without it people will never know when they use the same username.

**Chris Z** · 06-19-2007 05:30 PM

Try making the post variables their own variables, such as:

PHP Code:


$PassWord = md5($_POST['password']);

If you do this, then the insert would look like this:

PHP Code:


$insert = mysql_query("INSERT INTO `users` (`username`, `password`) VALUES ('$UserName', '$PassWord');

**samurai1993** · 06-19-2007 05:44 PM

I saw that the script repeat the same code many times, you can split some code into a single line
And I recomend to use Salt Text with the md5 hash
You can put the salt text into your config file, for example

Code:

$salt  =  "putyoursalttexthere" ;

Code:

// declaring the variables 
$username = strip_tags($_POST['username']); 
$password = strip_tags(md5($salt . $_POST['password'])); 
$passrept = strip_tags(md5($salt . $_POST['passrept']));

Thread: PHP Help

LinkBack

Thread Tools

Display

PHP Help

Re: PHP Help

Re: PHP Help

Re: PHP Help

Re: PHP Help

Re: PHP Help

Re: PHP Help

Re: PHP Help

Re: PHP Help

Re: PHP Help

Similar Threads

[PHP] Variables in PHP

tons of PHP Resources

[PHP] PHP For Starters

Unstand PHP?

"PHP Startup: Invalid Library" - Interesting error

Posting Permissions