SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Member
    Join Date
    Dec 2006
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Problem with adding and processing another variable.

    i have a website script which at the moment asks for a first name, email address and a purchase code if they have bought a product elsewhere to get access to a members area.

    i wanted to modify this to also have a discount code so i have changed the form to have the extra input field the used POST to send it to my script for processing. i am quite new to php and dont think i am using the if else statements corectly as i get a mysql syntax error on line 1 but im not sure what it is i am doing wrong

    the original script is

    Code:
    <?php
    include "header.php";
    
    // Check for missing form data.
    if((empty($_POST['email'])) || (empty($_POST['fname']))) {
    	echo "<b>Required Data Missing</b><p>You did not fill out the form correctly. Please <a href=\"javascript:history.back()\">go back</a> and correct this.</p>\n";
    
    // Check for valid email address format (user@domain.com [allows for one additional dot, eg: user@domain.co.uk])
    } else if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])) {
    	echo "<b>Invalid Email Address</b><p>The email address entered is not valid. Please <a href=\"javascript:history.back()\">go back</a> and use a different one.</p>\n";
    } else {
    	$email = strip_tags(stripslashes($_POST['email']));
    	$fname = strip_tags(stripslashes($_POST['fname']));
    
    	$sql_email_check = mysql_query("SELECT email FROM users WHERE email='$email'");
    	$email_check = mysql_num_rows($sql_email_check);
    	if ($email_check > 0) {
    		echo "<b>Email Address Already Used</b><p>The email address you provided is already in our database.</p>";
    		unset($email);
    		include "orderform.php";
    	} else {
    
    		if (!empty($_POST['code'])) {
    			$code = $_POST['code'];
    			$sql_code_check = mysql_query("SELECT id FROM purchase_codes WHERE code='$code'");
    			$code_check = mysql_num_rows($sql_code_check);
    			if ($code_check > 0) {
    				$code_verified = true;
    			} else {
    				$code_verified = false;	
    			}
    		} else {
    			$code_verified = false;
    		}
    		
    		$email = addslashes($email);
    		$fname = addslashes($fname);
    		$random_password = makeRandomPassword();
    		$db_password = md5($random_password);
    		$sql = mysql_query("INSERT INTO users (fname, email, password, date) VALUES('$fname', '$email', '$db_password', now())") or die(mysql_error());
    		if (!isset($sql)) {
    			echo "There has been an error creating your account. Please contact the webmaster.";
    		} else {
    		$userid = mysql_insert_id();
    		$subject = $site['name']." Membership Information";
    		$message = "Dear $fname,
    Thank you for registering at our website, ".$site['uri'].".
    
    To activate your membership, please click here:
    ".$site['uri']."/activate.php?id=$userid&code=$db_password
    
    Once you have activated your membership you will be able to login with the following information:
    
    Email Address: $email
    Password: $random_password
    
    Regards,
    ".$site['name']."
    
    This is an automated response. Please do not reply.";
    
    
    		$headers = "From: ".$site['name']." <".$site['email'].">\n";
    		mail($email, $subject, $message, $headers);
    		echo "<div class=\"btop\">User Account Created</div><div class=\"bbot\"><p>Your account was created and an email has been sent to the address you provided containing instructions on how to activate your account. You will not be able to login until you have activated your account.</p>\n";
    			if (@$code_verified == false) {
    				echo "<p>Please click the &quot;Buy Now&quot; button below to purchase this Ebook.</p>";
    				include "buynow.php";
    				session_register('order_email');
    				$_SESSION['order_email'] = $_POST['email'];
    			}
    		echo "</div>\n";
    		}
    		if (@$code_verified == true) {
    			$sql2 = mysql_query("UPDATE users SET code='$code' WHERE email='$email'") or die(mysql_error());
    			$sql3 = mysql_query("UPDATE users SET pcode='1' WHERE email='$email'") or die(mysql_error());
    		}
    	}
    } 
    
    ?>
    i tried to add the higlighted text so it reads as follows

    Code:
    <?php
    include "header.php";
    
    // Check for missing form data.
    if((empty($_POST['email'])) || (empty($_POST['fname']))) {
    	echo "<b>Required Data Missing</b><p>You did not fill out the form correctly. Please <a href=\"javascript:history.back()\">go back</a> and correct this.</p>\n";
    
    // Check for valid email address format (user@domain.com [allows for one additional dot, eg: user@domain.co.uk])
    } else if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])) {
    	echo "<b>Invalid Email Address</b><p>The email address entered is not valid. Please <a href=\"javascript:history.back()\">go back</a> and use a different one.</p>\n";
    } else {
    	$email = strip_tags(stripslashes($_POST['email']));
    	$fname = strip_tags(stripslashes($_POST['fname']));
    
    	$sql_email_check = mysql_query("SELECT email FROM users WHERE email='$email'");
    	$email_check = mysql_num_rows($sql_email_check);
    	if ($email_check > 0) {
    		echo "<b>Email Address Already Used</b><p>The email address you provided is already in our database.</p>";
    		unset($email);
    		include "orderform.php";
    	} else {
    
    		if (!empty($_POST['code'])) {
    			$code = $_POST['code'];
    			$sql_code_check = mysql_query("SELECT id FROM purchase_codes WHERE code='$code'");
    			$code_check = mysql_num_rows($sql_code_check);
    			if ($code_check > 0) {
    				$code_verified = true;
    			} else {
    				$code_verified = false;	
    			}
    		} else {
    			$code_verified = false;
    		} 
    
    		if (!empty($_POST['dcode'])) {
    			$dcode = $_POST['dcode'];
    			$sql_dcode_check = mysql_query("SELECT id FROM discount_codes WHERE code='$dcode'");
    			$dcode_check = mysql_num_rows($sql_dcode_check);
    			if ($dcode_check > 0) {
    				$dcode_verified = true;
    			} else {
    				$dcode_verified = false;	
    			}
    		} else {
    			$dcode_verified = false;
    		} 		
    	
    		
    		$email = addslashes($email);
    		$fname = addslashes($fname);
    		$random_password = makeRandomPassword();
    		$db_password = md5($random_password);
    		$sql = mysql_query("INSERT INTO users (fname, email, password, date,) VALUES('$fname', '$email', '$db_password', now())") or die(mysql_error());
    		if (!isset($sql)) {
    			echo "There has been an error creating your account. Please contact the webmaster.";
    		} else {
    		$userid = mysql_insert_id();
    		$subject = $site['name']." Membership Information";
    		$message = "Dear $fname,
    Thank you for registering at our website, ".$site['uri'].".
    
    To activate your membership, please click here:
    ".$site['uri']."/activate.php?id=$userid&code=$db_password
    
    Once you have activated your membership you will be able to login with the following information:
    
    Email Address: $email
    Password: $random_password
    
    Regards,
    ".$site['name']."
    
    This is an automated response. Please do not reply.";
    
    
    		$headers = "From: ".$site['name']." <".$site['email'].">\n";
    		mail($email, $subject, $message, $headers);
    		echo "<div class=\"btop\">User Account Created</div><div class=\"bbot\"><p>Your account was created and an email has been sent to the address you provided containing instructions on how to activate your account. You will not be able to login until you have activated your account.</p>\n";
    			if (@$code_verified == false) {
    				echo "<p>Please click the &quot;Buy Now&quot; button below to purchase this Ebook.</p>";
    				include "buynow.php";
    				session_register('order_email');
    				$_SESSION['order_email'] = $_POST['email'];
    			}
    		echo "</div>\n";
    		}
    		if (@$code_verified == true) {
    			$sql2 = mysql_query("UPDATE users SET code='$code' WHERE email='$email'") or die(mysql_error());
    			$sql3 = mysql_query("UPDATE users SET pcode='1' WHERE email='$email'") or die(mysql_error());
    		}
    		if (@$dcode_verified == true) {
    			$sql2 = mysql_query("UPDATE users SET dcode='$dcode' WHERE email='$email'") or die(mysql_error());
    			$sql3 = mysql_query("UPDATE users SET dcodeset='1' WHERE email='$email'") or die(mysql_error());
    		}	}
    }
    
    
    ?>
    basically i want to have a value called $dcode which is posted from the previous form confiermed as being valid and if it is it ads it into the user table so they can recieve a discount when purchasing.

    unfortunately when i try to use the second set of code it says i have an error in my SQL syntax and to check the manual which corresponds to my MySQL version for the right syntax near ') VALUES('name', 'email', 'really long string of characters not sure what they are', at line 1

    as you can see from the above code line 1 is <?php which has me somewhat confused.

    Thanks in advance for the replies

    Great Forums too

    T

  2. #2
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,561
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Fortunately, i noticed an error but you need to learn basic database debugging.
    Replace the highlighted line.
    Code:
    $email = addslashes($email);
            $fname = addslashes($fname);
            $random_password = makeRandomPassword();
            $db_password = md5($random_password);
            $sql = mysql_query("INSERT INTO users (fname, email, password, date) VALUES('$fname', '$email', '$db_password', now())") or die(mysql_error());
            if (!isset($sql)) {
                echo "There has been an error creating your account. Please contact the webmaster.";
            } else {
            $userid = mysql_insert_id();
            $subject = $site['name']." Membership Information";
            $message = "Dear $fname,
    Thank you for registering at our website, ".$site['uri'].".

  3. #3
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    mysql doesnt know what php is. mysql doesnt know your php code. php is just an interface to mysql.

    when mysql gives you an error, it is talking about the query you fed it. line 1 of your QUERY is what its talking about. your querys are all on 1 line. often people will make querys multiline for readability, but its not neccesary.

    i havent really looked at your code but i did notice you used isset() incorrectly. isset() checks if a variable is not type null. mysql_query() will never return the null value, so isset() is pretty pointless. if (!$sql) is what you want, so you can check the variable as a boolean. or also see mysql_affected_rows()

  4. #4
    SitePoint Member
    Join Date
    Dec 2006
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i know i still have a lot to learn but thanks for pointing out why it shows that the error is on line 1. i had only had parse errors before now so was used to the line being explanative regarding the problem.

    you mentioned to replace the line

    Code:
    $sql = mysql_query("INSERT INTO users (fname, email, password, date) VALUES('$fname', '$email', '$db_password', now ())") or die(mysql_error());
    could you tell me why?

    or what i need to change it too?
    this line works in the original script yet not in the updated one where i run the $dcode checks

    i am a bit of a noob at the moment but im trying to learn as much as i can. please give constructive advice to me so i can help myself out

    also is the syntax correct when i check the dcode variable correct or is this what is causing the problem?

  5. #5
    SitePoint Member
    Join Date
    Dec 2006
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    also in reply to your post clamcrusher.

    you mentioned that isset() is not what i should be using.

    could you give me an example code snippet of how you would perform the checks?

  6. #6
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,561
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    clamcrusher is correct. But turbostan the error u are talking about is triggered by the extra comma that you have put in your query while mentioning column names. So use the code i have highlighted.

  7. #7
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,561
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by turbosatan
    you mentioned to replace the line
    I don't know. The second block of code in your first post is using invalid query.
    PHP Code:
    $sql mysql_query("INSERT INTO users (fname, email, password, date,) VALUES('$fname', '$email', '$db_password', now())") or die(mysql_error());
            if (!isset(
    $sql)) {
                echo 
    "There has been an error creating your account. Please contact the webmaster.";
            } else { 
    See the extra comma in your query. remove it.

  8. #8
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,561
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by turbosatan
    also in reply to your post clamcrusher.

    you mentioned that isset() is not what i should be using.

    could you give me an example code snippet of how you would perform the checks?
    PHP Code:
    $sql mysql_query("INSERT INTO users (fname, email, password, date) VALUES('$fname', '$email', '$db_password', now())");
            if (!
    $sql) {
                echo 
    "There has been an error creating your account. Please contact the webmaster.";
    die(
    mysql_error());
            } else { 

  9. #9
    SitePoint Member
    Join Date
    Dec 2006
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thats solved the problem thanks for the help.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •