0

hi, can anyone point out why is this script not working?? it does not inserting data into mysql..
here is the script:

if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
   $newpassword = $_POST['password'];
   $confirmpassword = $_POST['confirmpassword'];
   $code = 'NA';
   $active = '1';

   if ($newpassword != $confirmpassword)
   {
      $error_message = 'Password and Confirm Password are not the same!';
   }
   else
   if (isset($_POST['captcha'],$_SESSION['random_txt']) && md5($_POST['captcha']) == $_SESSION['random_txt'])
   {
      unset($_POST['captcha'],$_SESSION['random_txt']);
   }
   else
   {
      $error_message = 'The entered code was wrong.';
   }
   if (empty($error_message))
   {
   try
    {
    $pdo = new PDO('mysql:host=localhost;dbname=blog', 'Avik', '');
    }
    catch (PDOException $e)
    {
    $output = 'Unable to connect to the database server.';
    echo $output;
    exit();
    }
    try
    {
      $sql = "SELECT username FROM ".$mysql_table." WHERE username = :username";
      $statement = $pdo->prepare($sql);
      $statement->bindValue(':username', $_POST['username']);
      $statement->execute();
      $result = $statement->fetchAll(PDO::FETCH_ASSOC);
    if (count($result) > 0)
    {
      $error_message = 'Username already used. Please select another username.';
    }
    }
    catch (PDOException $e)
    {
    $output = 'Unable to send query';
    echo $output;
    exit();
    }
   }
   if (empty($error_message))
   {
      $crypt_pass = md5($newpassword);
      try
      {
      $sql = "INSERT INTO ".$mysql_table." username = :username, password = :password, fullname = :fullname, email = :email, role = :role, active = :active, code = :code";
      $statement = $pdo->prepare($sql);
      $statement->bindValue(':username', $_POST['username']);
      $statement->bindValue(':password', md5($_POST['password']));
      $statement->bindValue(':fullname', $_POST['fullname']);
      $statement->bindValue(':email', $_POST['email']);
      $statement->bindValue(':role', $_POST['role']);
      $statement->bindValue(':active', $active);
      $statement->bindValue(':code', $code);
      $statement->execute();
      }
      catch (PDOException $e)
      {
      $output = 'Unable to connect to the database server.';
      echo $output;
      exit();
      }

      header('Location: '.$success_page);
      exit;
   }
}
6
Contributors
23
Replies
78
Views
3 Years
Discussion Span
Last Post by brandon66
0

no, it does not giving me any error, thats the problem, if it gives any error i can fix that.

0

no, it does not giving me any error, thats the problem, if it gives any error i can fix that.

@Eagle.Avik

Instead of this:

 $sql = "INSERT INTO ".$mysql_table." username = :username, password = :password, fullname = :fullname, email = :email, role = :role, active = :active, code = :code";

Try add the word VALUES

   $sql = "INSERT INTO ".$mysql_table." VALUES (username = :username, password = :password, fullname = :fullname, email = :email, role = :role, active = :active, code = :code)";

Edited by LastMitch

0

@LastMitch sorry but it didnt working and does not giving any error.
after fillup the signup form it take me to success page but no data inserted in the database

0

First of all: are you then sure that your query is being executed?

Secondly: seems to me like a query problem, but I'm not sure! Have you tried either

$query = 'INSERT INTO ".$mysql_table." SET username = :username, password = :password, fullname = :fullname, email = :email, role = :role, active = :active, code = :code';

or

$query = 'INSERT INTO ".$mysql_table." (
        username,
        fullname,
        email,
        role,
        active,
        code
    ) VALUES (
        :username,
        :password,
        :fullname,
        :email,
        :role,
        :active,
        :code
    )';

?

0

@minitauros sorry none of them giving me any errors,
@AARTI SHRIVAS sorry didnt work either.

they all send me to seccess page but do not submit data to the database.

by the way is there any problem in

 if (empty($error_message))

bcoz i convert the code from mysql to pdo. while it is in mysql it works, but since mysql is less secure and will not be continued in the future, i choose to use pdo, and after adding the bindValue it does not work.

if i dont use bind value it works. but for security reasons the i added bind value, but it dont work.

0

Well, you could, of course, check the value of $error_message to see if the if() statement gets triggered. What does a var_dump($error_message); above the if() statement do?

0

after i fill the signup form it redirects me to signup success page!!!

0

@minitauros, i removed the headaer and added the

var_dump

it shows me error:

string '' (length=0)

what does this mean?? oh and i have updated my script a bit, here is the final script that i was testing with what you suggested.

$mysql_table = 'users';
$success_page = 'signupsuccess.php';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
   $newusername = $_POST['username'];
   $newemail = $_POST['email'];
   $newpassword = $_POST['password'];
   $confirmpassword = $_POST['confirmpassword'];
   $newfullname = $_POST['fullname'];
   $newrole = $_POST['role'];
   $code = 'NA';
   $active = '1';
if ($newpassword != $confirmpassword)
   {
      $error_message = 'Password and Confirm Password are not the same!';
   }
   else
   if (!preg_match("/^[A-Za-z0-9_!@$]{1,50}$/", $newusername))
   {
      $error_message = 'Username is not valid, please check and try again!';
   }
   else
   if (!preg_match("/^[A-Za-z0-9_!@$]{1,50}$/", $newpassword))
   {
      $error_message = 'Password is not valid, please check and try again!';
   }
   else
   if (!preg_match("/^[A-Za-z0-9_!@$.' &]{1,50}$/", $newfullname))
   {
      $error_message = 'Fullname is not valid, please check and try again!';
   }
   else
   if (!preg_match("/^.+@.+\..+$/", $newemail))
   {
      $error_message = 'Email is not a valid email address. Please check and try again.';
   }
   else
   if (isset($_POST['captcha'],$_SESSION['random_txt']) && md5($_POST['captcha']) == $_SESSION['random_txt'])
   {
      unset($_POST['captcha'],$_SESSION['random_txt']);
   }
   else
   {
      $error_message = 'The entered code was wrong.';
   }
   if (empty($error_message))
   {
   try
    {
    $pdo = new PDO('mysql:host=localhost;dbname=blog', 'Avik', '');
    }
    catch (PDOException $e)
    {
    $output = 'Unable to connect to the database server.';
    echo $output;
    exit();
    }
    try
    {
      $sql = "SELECT username FROM ".$mysql_table." WHERE username = :username";
      $statement = $pdo->prepare($sql);
      $statement->bindValue(':username', $newusername);
      $statement->execute();
      $result = $statement->fetchAll(PDO::FETCH_ASSOC);
    if (count($result) > 0)
    {
      $error_message = 'Username already used. Please select another username.';
    }
    }
    catch (PDOException $e)
    {
    $output = 'Unable to send query';
    echo $output;
    exit();
    }
   }
   var_dump($error_message);
   if (empty($error_message))
   {
      try
      {
      $sql = "INSERT INTO ".$mysql_table." VALUES (username = :username, password = :password, fullname = :fullname, email = :email, role = :role, active = :active, code = :code)";
      $statement = $pdo->prepare($sql);
      $statement->bindValue(':username', $newusername);
      $statement->bindValue(':password', md5($newpassword));
      $statement->bindValue(':fullname', $newfullname);
      $statement->bindValue(':email', $newemail);
      $statement->bindValue(':role', $newrole);
      $statement->bindValue(':active', $active);
      $statement->bindValue(':code', $code);
      $statement->execute();
      }
      catch (PDOException $e)
      {
      $output = 'Unable to connect to the database server.';
      echo $output;
      exit();
      }

   }
0

You var_dumped the $error_message?
The reply was...

string '' (length=0)

It means a zero-length string. Is that it? I can't see another question in your last 3 posts - you say you're stuck - but with what? Is the last code not working? Same problem or something else?

0

Yup same problem with string

@Eagle.Avik

Maybe try changing your regex pattern on your preg_match() fucntion.

Maybe add a strlen() function to count the strings.

There's nothing wrong (looks wrong) on your code.

0

I am probably asking too much but can any of you test this code on you localhost and see if there is any problem or not or is it only with me.
@last mitch, i already tried that but no solution so far.

0

Much as I'd like to help, We can't test your code as it's dependent on a DB to which we have no access and in addition, data is being passed by form, and you're using a captcha. So too much for me I'm afraid.

0

I was afraid you are gonna say that,ok so back to the original question, is there anything i am doing wrong! If i use varDump it shows me string error. Gonna try some tests, i will post the results. if you find anything wrong with my code plz let me know.

0

I was afraid you are gonna say that,ok so back to the original question, is there anything i am doing wrong! If i use varDump it shows me string error. Gonna try some tests, i will post the results. if you find anything wrong with my code plz let me know.

@Eagle.Avik

This has something to do with your database.

Either you didnt add a code to fixed those funny characters from your php code.

If you are still have string errors then you know and have to add a code on your php code.

0

Hi, guys thnx for all help. I rewrite the whole query and it works maybe there was unnecessary gap between quaries

0

Try this i made a few changes, to your sql statements and some other code
i could change it quite a bit but ill leave the rest up to you

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
   $newpassword = $_POST['password'];
   $confirmpassword = $_POST['confirmpassword'];
   $code = 'NA';
   $active = '1';
   if ($newpassword != $confirmpassword)
   {
      $error_message = 'Password and Confirm Password are not the same!';
   }
   else
   if (isset($_POST['captcha'],$_SESSION['random_txt']) && md5($_POST['captcha']) == $_SESSION['random_txt'])
   {
      unset($_POST['captcha'],$_SESSION['random_txt']);
   }
   else
   {
      $error_message = 'The entered code was wrong.';
   }
   if (empty($error_message))
   {
   try
    {
    $pdo = new PDO('mysql:host=localhost;dbname=blog', 'Avik', '');
    }
    catch (PDOException $e)
    {
    $output = 'Unable to connect to the database server.';
    echo $output;
    exit();
    }
    try
    {
     $username = htmlspecialchars($_POST['username']);   

      $sql = $pdo->prepare("SELECT username FROM '$mysql_table' WHERE username = '$username'");

      $result = $sql->execute();

      $users = $result->fetchAll(PDO::FETCH_ASSOC);
    if (count($users) > 0)
    {
      $error_message = 'Username already used. Please select another username.';
    }
    }
    catch (PDOException $e)
    {
    $output = 'Unable to send query';
    echo $output;
    exit();
    }
   }
   if (empty($error_message))
   {
      $crypt_pass = md5($newpassword);
      try
      {
      //changed this
     $sql = $pdo->prepare("INSERT INTO '$mysql_table'
        (username, password, fullname, email, role, active,code)
        VALUES
        (:username, :password, :fullname,:email, :role, :active, :code )");

      $statement = $sql;
      $statement->bindValue(':username', $_POST['username']);
      $statement->bindValue(':password', md5($_POST['password']));
      $statement->bindValue(':fullname', $_POST['fullname']);
      $statement->bindValue(':email', $_POST['email']);
      $statement->bindValue(':role', $_POST['role']);
      $statement->bindValue(':active', $active);
      $statement->bindValue(':code', $code);
      $statement->execute();
      }
      catch (PDOException $e)
      {
      $output = 'Unable to connect to the database server.';
      echo $output;
      exit();
      }
      header('Location: '.$success_page);
      exit;
   }
}
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.