<?php
  include("connect.php");
  echo "<h1>Register</h1>";
  $submit = $_POST['submit'];
  $name = strip_tags($_POST['name']);
  $email = strip_tags($_POST['email']);
  $password = strip_tags($_POST['password']);
  $confirmpassword = strip_tags($_POST['confirmpassword']);
  $level = 0;
  if ($submit)
  {
     $namecheck = mysql_query("SELECT email FROM users WHERE username='$username'");
     $count = mysql_num_rows($namecheck);
     if ($count>0)
     {
       die("Email address is already taken!");
     }
     else 
       if ($email&&$password&&confirmpassword)
       {
         if ($password==$confirmpassword)
         {
           if (strlen($email)>50||strlen($name)>50)
            {
              echo "Max limit for email and name are 50 characters";
            }
            else
              if (strlen($password)>25||strlen($password)<6)
              {
                echo "Password must be between 6 and 25 characters";
              }
              else
              {
                $password = md5($password);
                $confirmpassword = md5($confirmpassword);
                echo "Success!<BR>";
             
               $queryreg = mysql_query("
               INSERT INTO users VALUES ('','$name','$email','$password','$level')
              	");
               die("You have been registered! Click <a href='index.php'>here</a> to login!");

              } 
          }
            else
              echo "Passwords do not match";
        }
          else
          echo "Please fill in <b>all</b> fields!";
  }
?>

<html>

  <form action="register.php" method="post">
  
    <table>
      <tr>
        <td>
          Your full name:
        </td>
        <td>
          <input type="text" name="name" value="<?php echo $name; ?>">
        </td>
      </tr>
      <tr>
        <td>
          Email address:
        </td>
        <td>
          <input type="text" name="email" value="<?php echo $email; ?>">
        </td>
      </tr>
      <tr>
        <td>
          Choose a password:
        </td>
        <td>
          <input type="password" name="password">
        </td>
      </tr>
      <tr>
        <td>
          Confirm password:
        </td>
        <td>
          <input type="password" name="confirmpassword">
        </td>
      </tr>
    </table>
    <p>
      <input type="submit" name="submit" value="Register">
    </p>
  </form>

</html>

Error message:<BR>
Warning: mysql_affected_rows(): supplied argument is not a valid MySQL-Link resource in /home2/goforgol/public_html/wordpresswealth/php/register.php on line 13

Member Avatar
diafol

Did you look at the sticky at the top of the forum? The sql is probably incorrect.

$namecheck = mysql_query("SELECT email FROM users WHERE username='$username'");
$count = mysql_num_rows($namecheck);

You don't have $username, just $name.

You also don't clean your input - v. dangerous, use mysql_real_escape_string().

commented: Yes +5

I feel so dumb now but thanks for pointing that out to me.

What do you mean by cleaning up my input?

I feel so dumb now but thanks for pointing that out to me.

What do you mean by cleaning up my input?

Cleaning up input is the process of protecting your database from data injection.

Member Avatar
diafol

What do you mean by cleaning up my input?

mysql_real_escape_string()

Yeah...I was just going to say that:

<?php

$var = $_GET['var'];
$var2 = $_POST['var2'];

//should be

$var = mysql_real_escape_string(trim($_GET['var']));
$var2 = mysql_real_escape_string(trim($_POST['var2']));

?>

I trim and escape pretty much everything that comes through POST, GET, FILES, etc.

commented: This person actually explained what was meant by mysql_real_escape_string. That helped alot since I am still in the process of learning PHP. +1