SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    $postcount++; koomann's Avatar
    Join Date
    Feb 2003
    Location
    Posts
    428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    It works, it dosen't, it works, it dosen't....

    Okay, what I've decided to do, instead of diving headlong into a project which I know I can't complete, I've decided to learn by example, and create small, simple apps, and build on them as I learn. I thought it was a decent idea, until I ran into this.

    It's a very simply user sign up system, but I can't get the authentication, and even the DB submission correct. I'm using the same scripts as I did for another system that worked perfectly, and I just don't know what's wrong.

    Here is the meat of the first script, which worked perfectly:
    PHP Code:
    if ( $_POST['username'] =="" || $_POST['password'] == "" || $_POST['email'] == "" ) {
    error("One or more of the required fields were left blank.\\n".
    "Please fill them in and try again." );
    }

    $sql "SELECT COUNT(*) FROM design_users WHERE email = '$email'";
    $result mysql_query($sql);
    if (!
    result) {
    error("[1]A database error has occured while processing your ".
    "submission. [url=file://nif]\\nif[/url] this error continues, please contact me at [email=koomann@star-craftx.com]koomann@star-craftx.com[/email]" );
    }
    if (@
    mysql_result($result,0,0)>0) {
    error("[2]A user already exists with your chosen email address.\\n".
    "Please use a different email address." );
    }

    $sql "INSERT INTO design_users 
    (username, password, email, aim, icq, msn, date_joined, age, interests, job, website, websiteurl, websitedescription) VALUES ('
    $username', '$password', '$email', '$aim', '$icq', '$msn', UNIX_TIMESTAMP(), '$age', '$interests', '$job', '$website', '$websiteurl', '$websitedescription')";

    if (!
    mysql_query($sql))
    error("An internal error has occurred in processing your ".
    "submission.\\nIf this message continues after you try again, please email me at [email=koomann@star-craftx.com]koomann@star-craftx.com[/email]" );
    }
    ?> 
    And here is the one that dosen't work.
    PHP Code:
    if ( $_POST['username'] =="" || $_POST['password'] == "" || $_POST['email'] == "" ) {
    echo(
    "One or more of the required fields were left blank.
    Please fill them in and try again." 
    );
    }

    $sql "INSERT INTO practice_users
    (username, password, email) VALUES ('
    $username', '$password', '$email')";
    $result mysql_query($sql);
    if (!
    result) {
    echo 
    "Error inserting data.";
    }
    }


    $sql "SELECT COUNT(*) FROM practice_users WHERE username = '$username'";
    $result mysql_query($sql);
    if (!
    result) {
    echo 
    "Database error.";
    }
    if (@
    mysql_result($result,0,0)>0) {
    echo 
    "Someone has already registered using either your username and/or password. ";

    The only real difference I can notice is the use of the error(); function. But that's just me

  2. #2
    SitePoint Addict BenANFA's Avatar
    Join Date
    Apr 2003
    Location
    Bath, UK
    Posts
    353
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In what way doesn't it work ?

    Surely the SELECT query will always return > 0 as even if you have only just created the user there will be 1 in the database. Wouldn't a better way of preventing duplicate usernames be to make the user name field unique. The the INSERT query will fail if an attempt to create a record with a duplicate username is made.

  3. #3
    SitePoint Addict devil cat's Avatar
    Join Date
    Apr 2003
    Location
    Reno
    Posts
    344
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In the first script you are running the count(*) function before doing the insert. In the second one, you are inserting before you do the count(*) which means that, of course, every time the second code makes it to the count, you are going to end up greater than 0, since you just inserted the very information you are looking for.

  4. #4
    $postcount++; koomann's Avatar
    Join Date
    Feb 2003
    Location
    Posts
    428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by BenANFA
    In what way doesn't it work ?

    Surely the SELECT query will always return > 0 as even if you have only just created the user there will be 1 in the database. Wouldn't a better way of preventing duplicate usernames be to make the user name field unique. The the INSERT query will fail if an attempt to create a record with a duplicate username is made.
    I made the username filed unique, but there's a problem inserting the data. The only information that shows up in the MyAdmin is the ID, no username, no password or email. Another thing, is the authentication dosen't work either.

  5. #5
    SitePoint Addict devil cat's Avatar
    Join Date
    Apr 2003
    Location
    Reno
    Posts
    344
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Perhaps you need to change the values to:

    VALUES ('$_POST['username']', '$_post['password']', '$_post['email']')

    Just a thought.

  6. #6
    $postcount++; koomann's Avatar
    Join Date
    Feb 2003
    Location
    Posts
    428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hm, good idea.
    But it didn't work, same result.

    $sql = "INSERTINTOpractice_users
    (username,password,email)VALUES('$_POST[username]','$_POST[password]','$_POST[email]')";
    $result = mysql_query($sql);
    if (!result) {
    echo "Errorinsertingdata.";
    }

    I'm actually starting over, completely over. But I'll still be checking in to see if anyone has solved my little problemo.

  7. #7
    SitePoint Addict eddiembabaali's Avatar
    Join Date
    Mar 2001
    Location
    USA, Philadelphia
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Double check your column types, be sure you are inserting text into a text field with appropriate size. Kill the script when you encounter errors die();, exit;. I dont see why you continue inserting if required fields are empty. I do not see where you connect to the database, check to see if you really have a connection before you start those queries.
    cd pub \r; more beer

    Eddie

  8. #8
    $postcount++; koomann's Avatar
    Join Date
    Feb 2003
    Location
    Posts
    428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I just didn't post the database connection part, that's all.

    I've everything fixed, except 1 problem.
    When the user tries to sign up with a username that's already taken, nothing is printed on the screen.

    PHP Code:
    $sql "SELECT COUNT(*) FROM practice_users WHERE username = '$username'";
    $result mysql_query($sql);
    if (!
    $result) {
    echo 
    "Database error.";
    }
    if (
    mysql_result($result,0,0)>1) {
    echo 
    "Someone has already chosen your username.";

    Last edited by koomann; Jun 11, 2003 at 17:49.

  9. #9
    Non-Member coo_t2's Avatar
    Join Date
    Feb 2003
    Location
    Dog Street
    Posts
    1,819
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    mysql_error() would probably be your friend here.

    You should also echo the query to see if it contains what you think it does. But for production you shouldn't use echo mysql_error() or the query. But you can log 'em.

    --ed

  10. #10
    $postcount++; koomann's Avatar
    Join Date
    Feb 2003
    Location
    Posts
    428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by coo_t2
    mysql_error() would probably be your friend here.

    You should also echo the query to see if it contains what you think it does. But for production you shouldn't use echo mysql_error() or the query. But you can log 'em.

    --ed
    Er, how exaclyt would I do that..?

  11. #11
    Non-Member coo_t2's Avatar
    Join Date
    Feb 2003
    Location
    Dog Street
    Posts
    1,819
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by koomann
    Er, how exaclyt would I do that..?
    PHP Code:
    <?php

    $sql 
    "SELECT COUNT(*) FROM practice_users WHERE username = '$username'";
    $result mysql_query($sql);
    if (!
    $result) {
    echo 
    "Database error.";
    echo 
    'mysql_error() = '.mysql_error().'<br>';
    echo 
    '$query = '.$query.'<br>';
    }
    if (
    mysql_result($result,0,0)>1) {
    echo 
    "Someone has already chosen your username.";


    ?>
    Those two lines I put in should only be left in for testing. Leaving them in on a production site can let hackers know things they shouldn't about your database and the code that interacts with it.

    --ed

  12. #12
    Non-Member coo_t2's Avatar
    Join Date
    Feb 2003
    Location
    Dog Street
    Posts
    1,819
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    Ooops, I made a mistake.
    I'm used to naming my sql queries "$query".

    change the line:
    PHP Code:
    echo '$query = '.$query.'<br>';

    to:

    echo 
    '$sql = '.$sql.'<br>'
    --ed

  13. #13
    $postcount++; koomann's Avatar
    Join Date
    Feb 2003
    Location
    Posts
    428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the tip, but it didn't effect anything, or print anything out >=\.

    I know it has something to do with
    PHP Code:
    if (mysql_result($result,0,0)>1) {
    echo 
    "someone has already chosen your username.";

    But since I'm using a code from Kevin Yank, I'm not 100% sure what the "($result,0,0)>1)" means.

  14. #14
    SitePoint Addict eddiembabaali's Avatar
    Join Date
    Mar 2001
    Location
    USA, Philadelphia
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    try using mysql_num_rows and Its not resource effective to select * when you are only checking for username. Just select what you need.
    cd pub \r; more beer

    Eddie


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •