Member Avatar for geneh23

hello everyone!

I have a php blog once again that I can't seem to get to work..when I register an admin to all the editing options and what not..the processing gets weird..instead of outputting all the other errors..it simply goes to the error "User Not Added". Did the script skip all of those other checks? and does that mean those other checks work? or didn't work? help! lol

<?php
error_reporting(E_ALL);

/*** include the header file ***/
include 'includes/header.php'; 

/*** an array to hold errors ***/
$errors = array();

/*** check the form has been posted and the session variable is set ***/
if(!isset($_SESSION['form_token']))
{
	$errors[] = 'Invalid Form Token';
}
/*** check all fields have been posted ***/
elseif(!isset($_POST['form_token'], $_POST['blog_user_name'], $_POST['blog_user_password'], $_POST['blog_user_password2'], $_POST['blog_user_email']))
{
	$errors[] = 'All fields must be completed';
}
/*** check the form token is valid ***/
elseif($_SESSION['form_token'] != $_POST['form_token'])
{
	$errors[] = 'You may only post once';
}
/*** check the length of the user name ***/
elseif(strlen($_POST['blog_user_name']) < 2 || strlen($_POST['blog_user_name']) > 25)
{
	$errors[] = 'Invalid User Name';
}
/*** check the length of the password ***/
elseif(strlen($_POST['blog_user_password']) <= 8 || strlen($_POST['blog_user_password']) > 25)
{
	$errors[] = 'Invalid Password. Your password needs to be more than 8 characters long.';
}
/*** check the length of the users email ***/
elseif(strlen($_POST['blog_user_email']) < 4 || strlen($_POST['blog_user_email']) > 254)
{
	$errors[] = 'Invalid Email';
}
/*** check for email valid email address ***/
elseif(!preg_match("/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU", $_POST['blog_user_email']))
{
	$errors[] = 'Email Invalid';
}
else
{
	/*** escape all vars for database use ***/
	$blog_user_name = mysql_escape_string($_POST['blog_user_name']);
	/*** encrypt the password ***/
	$blog_user_password = sha1($_POST['blog_user_password']);
	$blog_user_password = mysql_escape_string($blog_user_password);
	/*** strip injection chars from email ***/
	$blog_user_email =  preg_replace( '((?:\n|\r|\t|%0A|%0D|%08|%09)+)i' , '', $_POST['blog_user_email'] );
	$blog_user_email = mysql_escape_string($blog_user_email);

	/*** if we are here, include the db connection ***/
	include 'includes/conn.php';

	/*** test for db connection ***/
	if($db)
	{
		/*** check for existing username and email ***/
		$sql = "SELECT
			blog_user_name,
			blog_user_email
			FROM
			blog_users
			WHERE
			blog_user_name = '{$blog_user_name}'
			OR
			blog_user_email = '{$blog_user_email}'";
		$result = mysql_query($sql);
		$row = mysql_fetch_row($result);
		if($row[0] == $blog_user_name)
		{
			$errors[] = 'User name is already in use';
		}
		elseif($row[1] == $blog_user_email)
		{
			$errors[] = 'Email address already subscribed';
		}
		else
		{

			/*** create a verification code ***/
			$verification_code = uniqid();

			/*** the sql query ***/
			$sql = "INSERT
				INTO
				blog_users(
				blog_user_name,
				blog_user_password,
				blog_user_email,
				blog_user_access_level,
				blog_user_status)
				VALUES (
				'{$blog_user_name}',
				'{$blog_user_password}',
				'{$blog_user_email}',
				1,
				'{$verification_code}')";

			/*** run the query ***/
			if(mysql_query($sql))
			{
				/*** unset the session token ***/
				unset($_SESSION['token']);

				/*** email subject ***/
				$subject = 'Verification code';

				/*** email from ***/
				$from = 'gene.howell9@gmail.com';

				/*** the message ***/
				$path = dirname($_SERVER['REQUEST_URI']);
				$message = "Click the link below to verify your subscription\n\n";
				$message .= 'http://'.$_SERVER['HTTP_HOST'].$path.'/verify1.php?vc='.$verification_code;

				/*** set some headers ***/
				$headers = 'From: gene.howell9@gmail.com' . "\r\n" .
				'Reply-To: gene.howell9@gmail.com' . "\r\n" .
				'X-Mailer: Registraition Mail';

				/*** send the email ***/
				if(!mail($blog_user_email, $subject, $message, $headers))
				{
					$errors = 'Unable to send verification';
				}

				/*** unset the form token ***/
				unset($_SESSION['form_token']);
			}
			else
			{
				$errors[] = '<div style="margin-left: 200px;">User Not Added</div>';
			}
		}
	}
	else
	{
		$errors[] = 'Unable to process form';
	}
}

/*** check if there are any errors in the errors array ***/
if(sizeof($errors) > 0)
{
	foreach($errors as $err)
	{
		echo $err,'<br />';
	}
}
else
{
	echo 'Sign up complete<br />';
	echo 'A verification email has been sent to '.$blog_user_email;
}

/*** include the footer file ***/
include 'includes/footer.php';

?>

Thanks for your patience with me!!

  • 4 Contributors
  • 24 Replies
  • 172 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by geneh23

Recommended Answers

All 24 Replies

Member Avatar for cereal

Line 89, rewrite the query:

$sql = "INSERT
		INTO
		blog_users(
		blog_user_name,
		blog_user_password,
		blog_user_email,
		blog_user_access_level,
		blog_user_status)
		VALUES (
		'$blog_user_name',
		'$blog_user_password',
		'$blog_user_email',
		'1',
		'$verification_code');

And do the same on query of line 63, remove those curly brackets.
bye :)

Member Avatar for geneh23

@cereal: Sorry for misunderstanding but doesn't that query makes sense..to insert into that table and input those variables into those categories..

Member Avatar for qazplm114477

like cereal said, since the error you are getting get's set if mysql fails, it's probably your query. Here's what you can do to debug it

-echo the $sql and run that in your mysql console or phpmyadmin or query browser
-echo the mysql_error() to see what specific error you are getting. source

Member Avatar for geneh23

@qazplm114477: this is what showed up when I echoed $sql: INSERT INTO blog_users blog_user_name, blog_user_password, blog_user_email, blog_user_access_level, blog_user_status VALUES 'geneh18', '2e37db1d82ebcb4be565f60e9f2fcafa6d48102d', 'gene.howell9@gmail.com', '1', '4ed7dc5411d39'

doesn't this mean it processed the information correctly?

Member Avatar for diafol

WOOOH. I hope those details are dummy - you didn't just post your personal info for the world to see?

The fact that you can echo an SQL statement means nothing. If you've misspelled a field or table or you're trying to insert the wrong type of data, you could come unstuck. The best way IMO is as qaz says - copy the echoed SQL and run it through the phpmyadmin SQL window. See what happens.

Member Avatar for geneh23

@ardav: yes, those are dummy details...It's not real log in info..the only that's real is my email and that's not private..

when I ran the statement through phpmyadmin, it didn't recognize the statement, however it gave me a similar statement that I thought worked the same way as what was listed before through the 'INSERT' button, however when I used that statement..it still came out with the error 'user not added' on the main page..

Member Avatar for geneh23

ok, I ran an if statement below the sql statement to echo out as follows:

if (!$result) {
				echo 'Could not run query: ' . mysql_error();
				exit;
		}

and now it says only this: "Could not run query: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to use near
'@gmail.com)' at line 9" ..now I think when it says at line 9, its referring to inside the sql statement and only that..but I'm not quite sure how to find what it's asking me in Easy PHP which is what I am using to test these things out..

Member Avatar for diafol

TRY the set syntax:

INSERT INTO `blog_users` SET `blog_user_name`='geneh18', `blog_user_password`='2e37db1d82ebcb4be565f60e9f2fcafa6d48102d', `blog_user_email`='gene.howell9@gmail.com', `blog_user_access_level`=1, `blog_user_status`='4ed7dc5411d39'
Member Avatar for geneh23

@ardav: I get the same message when I do that. which is
"Could not run query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com)' at line 9"

Member Avatar for diafol

Hmm, try taking out the '@' - but I can't see this being the issue. Also check the data type for the blog_user_mail field.

Member Avatar for geneh23

@ardav: as I suspected, the error shows "Invalid Email" when I take out the "@". Also, forgive me for sounding stupid but what do you mean check the data type for the "blog_user_mail" field? I'm assuming this is in phpmyadmin..if so where would I look to see this information?

Member Avatar for diafol

The message has nothing to do with SQL - that's your validation script. I was talking about running:

INSERT INTO `blog_users` SET `blog_user_name`='geneh18', `blog_user_password`='2e37db1d82ebcb4be565f60e9f2fcafa6d48102d', `blog_user_email`='genehowell9gmailcom', `blog_user_access_level`=1, `blog_user_status`='4ed7dc5411d39'

(taking out all non-alphanumeric chars) in phpmyadmin (I don't think it will make a difference though).

ALso check datatypes and field names:

Is it called blog_user_email ?
Is the datatype set to varchar (approx 75 length)?

Member Avatar for geneh23

@ardav: you are right, there was no difference taking out all non-alphabetical chars

and yes the data type is set to varchar, however I have it set to 254 max length..I don't think I will need that many characters but better have it too long than too short lol

Member Avatar for diafol

OK, so does it work?

Member Avatar for geneh23

@ardav: It still says "Could not run query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com)' at line 9"

Member Avatar for diafol

OK take out the whole bit (`blog_user_email`='gene.howell9@gmail.com') and run it again see what happens.

Edited by diafol because: n/a
Member Avatar for geneh23

@ardav: I get the same response, even after I take that part out

Member Avatar for diafol

OK, start deconstructing your statement, just including one field at a time (use the SET syntax).

Member Avatar for geneh23

@ardav: Yep, I get the same message every time when I include one field at a time..no difference.

Member Avatar for diafol

Odd, I assume that you can use SELECT etc. The table name is right?

The connection details are right I take it - well they must be.

Does your mysql (connection details) user have INSERT rights?

BTW - you've selected the right database in the connection details? Again if you can't get it to work in the phpmyadmin window, you're already in the right DB. I'm at a loss otherwise, sorry.

Anybody else?

Member Avatar for cereal

I can think only to an encoding issue between browser (e.g. ISO-8859-1) and server (e.g. UTF8). A part from the table encoding. Have you tried doing that query from another browser? Or accessing to mysql through the shell?

Member Avatar for geneh23

@cereal: I tried in FireFox and I got the same result message
"Could not run query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com)' at line 9"

..now it's saying something about looking in some sort of manual that corresponds to my MySQL server version and I have no Idea how to find it..I've looked in my local computer files and through program files to where the Easy PHP folder is located to see if it was there but I hit a dead end..any Ideas?

Member Avatar for diafol

Print the sqldump for your table here

Member Avatar for geneh23

@ardav: sorry but could you explain what you mean?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.