Member Avatar for twosocks

ok i cant see whats is wrong with this but it wont add a user

<?php 
			 include "config.php";   
			//Get the information from the form
			 $username = $_POST['username'];
			 $email = $_POST['email']; 
			 $password_1 = $_POST['password_1'];
			 $password_2 = $_POST['password_2'];

			// makes sure that the 2 passwords match and that the email address is valid
			if (( $password_1 == $password_2)&&($password_1 > 3)&&(ereg("^[a-zA-Z0-9_]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$]", $email))&&($username < 30)) {
			 $password_1 == md5($password_1) ;
			 $email == $email ;

			$query = "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$password_1')";    
								 
			// execute query 
			$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 
								 
			// print message 
			echo "sucess"; 
			}
									
			// if input not valid
			else {
			echo "no soup for you";
			}

?>
  • 4 Contributors
  • 3 Replies
  • 84 Views
  • 12 Hours Discussion Span
  • Latest Post Latest Post by FlashCreations

Recommended Answers

All 3 Replies

Member Avatar for somedude3488

are you getting any errors?

Member Avatar for Atli

Is this part of your if statement on line #10 meant to make sure the password is more than 3 letters?

($password_1 > 3)

If so, try using the strlen function around the variable, like:

(strlen($password_1) > 3)

Simply matching the string to a number will not get you the results you want.
It will try to convert the string into a number first, which would give unexpected results.

In fact, using the code you posted, simply using the number 4 (or higher) as the new password would probably work.

Edit...
O and I just noticed... you do the same thing later in the if statement with the $username variable. You would have to use the strlen function there to.

Member Avatar for FlashCreations

Just a suggestion:
On line 17 I would not include the SQL query. While the chances of a bad person seeing this kind of information is unlikely, it adds some vulnerability to your site. Simply use this code:

$result = mysql_query($query) or die ("MySQL Error: ".mysql_error());
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.