Bad Logic In Insert Code?

Printable View

Sep 24, 2012, 10:47
justlukeyou

Bad Logic In Insert Code?

I have combined two peices of insert code however it now creates the register error "There was a problem registering you. Please check your details and try again."

It must be a bad logic in the insert code. Can anyone advise how it should be laid to logically please?

Code:

if(!$errors){ $query = mysql_query("INSERT INTO users (firstname, surname) VALUES ('" . $firstname . "', '" . $surname . "')"); "' . mysql_real_escape_string($registerEmail) . '"; 'password = MD5("' . mysql_real_escape_string($registerPassword) . '")'; 'date_registered = "' . date('Y-m-d H:i:s') . '"'; if(mysql_query($query)){ $success['register'] = 'Thank you for registering. You can now log in on the left.'; }else{ $errors['register'] = 'There was a problem registering you. Please check your details and try again.'; }
Sep 24, 2012, 10:57
cpradio

To be honest, this is riddled with errors, does it even run?

PHP Code:

if(!$errors){ $query = mysql_query("INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), GETDATE())"); if(mysql_query($query)){ $success['register'] = 'Thank you for registering. You can now log in on the left.'; }else{ $errors['register'] = 'There was a problem registering you. Please check your details and try again.'; } }

To be honest, you really need to learn SQL Syntax, getting @r937 ;'s book would be a good start.
Sep 24, 2012, 11:00
cpradio

As a side note, you will need to ensure you are using mysql_real_escape_string on your $firstname and $surname to help prevent SQL Injections as well. I assumed you were doing this since the code for assigning those variables wasn't shown.
Sep 24, 2012, 11:03
justlukeyou

No errors appear but it creates the error "'There was a problem registering you. Please check your details and try again."

I tried your code and this also creates the error mesasge. What errors are there, I notice the date insert is very different.

Code:

if(!$errors){ $query = mysql_query("INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), GETDATE())"); if(mysql_query($query)){ $success['register'] = 'Thank you for registering. You can now log in on the left.'; }else{ $errors['register'] = 'There was a problem registering you. Please check your details and try again.'; } } }
Sep 24, 2012, 11:04
justlukeyou

This is what Im using to identify the terms.

Code:

if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){ $firstname = mysql_real_escape_string(trim($_POST['firstname'])); $surname = mysql_real_escape_string(trim($_POST['surname'])); $registerEmail = trim($_POST['email']); $registerPassword = trim($_POST['password']); $registerConfirmPassword = trim($_POST['confirmPassword']);
Sep 24, 2012, 11:08
cpradio

Quote:

Originally Posted by justlukeyou

No errors appear but it creates the error "'There was a problem registering you. Please check your details and try again."

I tried your code and this also creates the error mesasge. What errors are there, I notice the date insert is very different.

I used the GETDATE() function in MySQL so it automatically writes the date, and you don't have to calculate it/figure it out.

Try the following, it will still throw an error, but it will hopefully tell you why.

Code:

if(!$errors){ $query = mysql_query("INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), GETDATE())"); $result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error if($result){ $success['register'] = 'Thank you for registering. You can now log in on the left.'; }else{ $errors['register'] = 'There was a problem registering you. Please check your details and try again.'; } } }
Sep 24, 2012, 11:09
justlukeyou

It says "query was empty".
Sep 24, 2012, 11:11
cpradio

Oh doh! Of course it is. You are calling mysql_query twice and I missed it both times.

Here is the updated code

PHP Code:

if(!$errors){ $query = "INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), GETDATE())"; $result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error if($result){ $success['register'] = 'Thank you for registering. You can now log in on the left.'; }else{ $errors['register'] = 'There was a problem registering you. Please check your details and try again.'; } }
Sep 24, 2012, 11:13
justlukeyou

Hi,

Now it says FUNCTION site.GETDATE does not exist
Sep 24, 2012, 11:15
cpradio

Quote:

Originally Posted by justlukeyou

Hi,

Now it says FUNCTION site.GETDATE does not exist

Ha ha, I've been playing in SQL Server all date, replace GETDATE() with NOW() and it will work. GETDATE is in SQL Server NOW is in MySQL.
Sep 24, 2012, 11:26
justlukeyou

Brilliant thanks, that now inserts the two sets of information I previously had seperate.

However now it is not showing as being logged in. I had a code that show "You are sucessfully logged in..." or displayed the registration button.

I have a column for session_id should it be inserting something into there in the database and then remove it when I logout?

Code:

<?php if ($_SESSION['userLoggedIn']) { $row = mysql_fetch_array($query); echo '<div class="loggedin"> You are sucessfully logged in as ' . $_SESSION['userEmail'] . ' <a href="/index.php">Logout</a> </div> '; } else { echo '<div class="headersignin"> <a href="/users/login.php" rel="nofollow" class="blacklink" > Sign in </a> </div> <div class="headerjoin"> <a href="/users/register.php" rel="nofollow" class="whitelink" > Join free</a> </div>'; } ?>
Sep 24, 2012, 11:33
cpradio

Quote:

Originally Posted by justlukeyou

eing logged in. I had a code that show "You are sucessfully logged in..." or displayed the registration button.

I have a column for session_id should it be inserting something into there in the database and then remove it when I logout?

Code:

<?php if ($_SESSION['userLoggedIn']) { $row = mysql_fetch_array($query); echo '<div class="loggedin"> You are sucessfully logged in as ' . $_SESSION['userEmail'] . ' <a href="/index.php">Logout</a> </div> '; } else { echo '<div class="headersignin"> <a href="/users/login.php" rel="nofollow" class="blacklink" > Sign in </a> </div> <div class="headerjoin"> <a href="/users/register.php" rel="nofollow" class="whitelink" > Join free</a> </div>'; } ?>

You would need to log in. Registration doesn't normally log you in. You typically still have to login after registering