SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Zealot 8Observer8's Avatar
    Join Date
    Jul 2013
    Location
    Russia
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Register Form. Why the function mysql_query($query); retuns FALSE?

    Hi,

    When I run SELECT `username` FROM `users_reg` WHERE `username`='alex' in phpMyAdmin - it works. But from php file - no.

    Why the function mysql_query($query); retuns FALSE?

    register.php
    Code:
    <?php
    require 'core.inc.php';
    if (!loggedin()) {
        if (isset($_POST['username']) && isset($_POST['password']) &&
                isset($_POST['password_again']) && isset($_POST['firstname']) &&
                isset($_POST['surname'])) {
            $username = $_POST['username'];
            $password = $_POST['password'];
            $password_again = $_POST['password_again'];
            $firstname = $_POST['firstname'];
            $surname = $_POST['surname'];
            if (!empty($username) && !empty($password) && !empty($password_again) &&
                    !empty($firstname) && !empty($surname)) {
                if ($password != $password_again) {
                    echo 'Passwords do not match.';
                } else {
                    $query = "SELECT `username` FROM `users_reg` WHERE `username`='".$username."'";
                    $query_run = mysql_query($query);
                    if ($query_run) {
                        if (mysql_num_rows($query_run) >= 1) {
                            echo 'The username' . $username . ' already exists.';
                        } else {
                            echo 'Ok.';
                        }
                    } else {
                        echo 'register.php: query faild - ' . $query;
                    }
                }
            } else {
                echo 'All fields are required';
            }
        }
        ?>
    
        <form action="register.php" method="POST">
            Username:<br />
            <input type="text" name="username" value="" /><br />
            <br />
            Password:<br />
            <input type="password" name="password" value="" /><br />
            <br />
            Password again:<br />
            <input type="password" name="password_again" value="" /><br />
            <br />
            Firstname:<br />
            <input type="text" name="firstname" value="" /><br />
            <br />
            Surname:<br />
            <input type="text" name="surname" value="" /><br />
            <br />
            <input type="submit" value="Register" />
        </form>
    
        <?php
    } else {
        echo 'You\'re already registered and logged in.';
    }
    ?>
    core.inc.php
    Code:
    <?php
    
    //$current_file = $_SERVER['SCRIPT_FILENAME'];
    // C:/xampp/htdocs/PhpTurorials/PhpAlex/Php_137/index.php
    ob_start();
    session_start();
    
    $current_file = $_SERVER['SCRIPT_NAME'];
    $http_referer = @$_SERVER['HTTP_REFERER'];
    
    // /PhpTurorials/PhpAlex/Php_137/index.php
    
    function loggedin() {
        if (isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])) {
            return true;
        } else {
            return false;
        }
    }
    
    function getuserfield($field) {
        $query = "SELECT `$field` FROM `users_reg` WHERE `id`='" . $_SESSION['user_id'] . "'";
        if ($query_run = @mysql_query($query)) {
            if ($query_result = @mysql_result($query_run, 0, $field)) {
                return $query_result;
            } else {
                echo 'getuserfield(): cannot find the field - '.$field;
            }
        } else {
            echo 'getuserfield(): invalid query';
        }
    }
    ?>
    Thank you.

  2. #2
    SitePoint Zealot 8Observer8's Avatar
    Join Date
    Jul 2013
    Location
    Russia
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The problem has solved. I added:
    Code:
    require 'connect.inc.php';
    register.php
    Code:
    <?php
    require 'connect.inc.php';
    ....
    ?>
    connect.inc.php
    Code:
    <?php
    $mysql_host = 'localhost';
    $mysql_user = 'root';
    $mysql_pass = '';
    
    $mysql_db = 'a_database';
    
    if (!@mysql_connect($mysql_host, $mysql_user, $mysql_pass) || !@mysql_select_db($mysql_db)) {
        die(mysql_error());
    }
    ?>
    P.S. It's from the video tutorial: http://thenewboston.org/watch.php?cat=11&number=146

  3. #3
    SitePoint Addict bronze trophy
    Join Date
    Apr 2013
    Location
    Ithaca
    Posts
    338
    Mentioned
    6 Post(s)
    Tagged
    1 Thread(s)
    Mysql_query() is deprecated, better use mysqli or PDO instead.

  4. #4
    SitePoint Zealot 8Observer8's Avatar
    Join Date
    Jul 2013
    Location
    Russia
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you very much. I will

  5. #5
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    4,909
    Mentioned
    96 Post(s)
    Tagged
    0 Thread(s)
    Also (probably even more important) is the fact that your script is vulnerable to SQL Injection attacks. Once you've migrated over to using either the mysqli_* extension or to PDO (PDO is more preferable as it doesn't tie you down so much to a given database server software) you should make us of prepared statements. All user submitted data no matter how it's being submitted (GET, POST or REQUEST arrays or a cookie) must always be considered unsafe until it has been validated and sanitized.
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •