0

Executing Code upto insert users:

<?php
require('session.php');
require('encrypt.php');
require('mail.php');

$username = $_POST['user_name'];

$password = rand(10000, 99999);

$name = $_POST['name'];

$password = encrypt($password, 'ganesh');

$email = $_POST['email'];

$terms = $_POST['terms'];

$address = $_POST['address'];

$mobile = $_POST['mobile'];
$dob    = $_POST['birth_year'] . '-' . $_POST['birth_month'] . '-' . $_POST['birth_day'];

$ip = $_SERVER['REMOTE_ADDR'];

$url = $_SERVER['HTTP_HOST'];

$url_length = strlen($url);

if (substr($url, 0, 4) == 'www.') {
    $url_length = $url_length - 4;

    $url = substr($url, 4, $url_length);
}

$msg = '';

if (($username == '' || strlen($username) < 3)) {
    $msg = 'Username must contain atleast 3 characters';
    return 1;
}


if (preg_match('/[\s|\n|\t|*|&|~|!|@|#|$|%|^|&|*|(|)|-|_|+|=|.|,|<|>|?|"|;|`|:|\[|\]|\/|\']/', $username)) {
    $msg = 'Username should not contain special characters';
    return 1;
}


if (($name == '' || strlen($name) < 5)) {
    $msg = 'Name should contain atleast 5 characters';
    return 1;
}


if (!preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $email)) {
    $msg = 'Enter a valid email format!';
    return 1;
}


if ((($mobile == '' || strlen($mobile) < 10) || 10 < strlen($mobile))) {
    $msg = 'Enter a valid 10 digit mobile number';
    return 1;
}


if (!is_numeric($mobile)) {
    $msg = 'Enter a valid 10 digit mobile number';
    return 1;
}


if ($terms != 'yes') {
    $msg = 'Please Accept Terms and Conditions';
    return 1;
}

$query = '' . 'select id,username,email,mobile from users where mobile=\'' . $mobile . '\' or email=\'' . $email . '\'';

if (!($result = mysql_query($query))) {
    exit(mysql_error());
    (bool) true;
}


$numrows = mysql_num_rows($result);

if (0 < $numrows) {

    if ($row = mysql_fetch_array($result)) {
        if ($row[2] == $email) {
            if ($row[3] == $mobile) {
                $msg = '' . $mobile . ' and ' . $email . ' are already registered with us.';
            }

            $msg = '' . $email . ' is already registered with us';
        }

        $msg = '' . $mobile . ' is already registered with us';
    }
} else {
    $username_query = '' . 'select id from users where username=\'' . $username . '\' and url=\'' . $url . '\'';

    if (!($username_result = mysql_query($username_query))) {
        exit(mysql_error());
        (bool) true;
    }


    if (mysql_num_rows($username_result) == 1) {
        $msg = 'Username already exists!! Please select a different username.';
        return 1;
    }

    $q = '' . 'insert into users (`username`,`password`,`url`,`name`,`email`,`address`,`mobile`,`ip`,`dob`) values (\'' . $username . '\',\'' . $password . '\',\'' . $url . '\',\'' . $name . '\',\'' . $email . '\',\'' . $address . '\',\'' . $mobile . '\',\'' . $ip . '\',\'' . $dob . '\')';

Not Executing Code :

if (!($r = mysql_query($q))) {
        exit(mysql_error());
        (bool) true;
    }


    $userid = mysql_insert_id();

    if (mysql_affected_rows() == 1) {
        $rQ = '' . 'select userid from resellers where url=\'' . $url . '\'';

        if (!($rR = mysql_query($rQ))) {
            exit(mysql_error());
            (bool) true;
        }

        if ($rRow = mysql_fetch_array($rR)) {
            $reseller_id = $rRow[0];
            $credit      = '5';
            $cr_query    = '' . 'select credit,valuation,valuation_criteria from user_details where userid=\'' . $reseller_id . '\'';

            if (!($cr_result = mysql_query($cr_query))) {
                exit(mysql_error());
                (bool) true;
            }


            $cr_row = mysql_fetch_array($cr_result);

            $valuation = $cr_row[1];

            $valuation_criteria = $cr_row[2];
            $reseller_credit    = $cr_row[0] - 5;

            if (0 <= $reseller_credit) {
                $uc_query = '' . 'update user_details set credit=\'' . $reseller_credit . '\' where userid=\'' . $reseller_id . '\'';

                if (!($uc_result = mysql_query($uc_query))) {
                    exit(mysql_error());
                    (bool) true;
                }
            } else {
                $credit = 4;
            }

            $ud_query = '' . 'insert into user_details(`userid`,`reseller_id`,`credit`,`valuation`,`valuation_criteria`) values (\'' . $userid . '\',\'' . $reseller_id . '\',\'' . $credit . '\',\'' . $valuation . '\',\'' . $valuation_criteria . '\')';
            mysql_query($ud_query);

            if (mysql_affected_rows() == 1) {
                $subject = 'New User Registration';

                $sent_password = decrypt($password, 'smspanel');
                $message       = '' . 'You have registered at ' . $url . ' <br>Username = ' . $username . ' <br> Password = ' . $sent_password . ' <br> URL = ' . $url;
                $senderID      = '' . 'info <info@' . $url . '>';

                $m = new email($subject, $message, $senderID, $email);
                $m->send();
                $rq = '' . 'select routeID from users where id=' . $userid;

                if (!($rr = mysql_query($rq))) {
                    exit(mysql_error());
                    (bool) true;
                }


                $ra = mysql_fetch_array($rr);

                $routeID         = $ra[0];
                $sender_id       = 'SMSPAN';
                $message_content = '' . 'Dear ' . $name . ', Your account with Username: ' . $username . ' and Password: ' . $sent_password . ' is successfully created. Please login at URL: ' . $url . '.';
                $job_q           = '' . 'Insert into jobs(`userid`,`total_messages`,`message`,`sender_id`,`routeID`,`status`,`queue_id`) values (\'1\',\'1\',\'' . $message_content . '\',\'' . $sender_id . '\',\'' . $routeID . '\',\'InProgress\',\'900\')';

                if (!($job_r = mysql_query($job_q))) {
                    exit(mysql_error());
                    (bool) true;
                }


                $job_id   = mysql_insert_id();
                $create_q = 'CREATE TABLE IF NOT EXISTS `' . $job_id . '` (
  `id` int(11) NOT NULL auto_increment,
  `mobile` bigint(20) NOT NULL,
  `routeID` int(11) NOT NULL,
  `status` varchar(20) NOT NULL default \'Sent\', `handler` varchar(20) NOT NULL,
  PRIMARY KEY  (`id`)
) ';

                if (!(mysql_query($create_q))) {
                    exit(mysql_error());
                    (bool) true;
                }

                $values  = '' . '(\'' . $routeID . '\',\'' . $mobile . '\',\'Sent\')';
                $m_query = 'Insert into `' . $job_id . ('' . '` (`routeID`,`mobile`,`status`) values ' . $values);
                mysql_query($m_query);
                $un_q = '' . 'insert into user_numbers(`number`) values(\'' . $mobile . '\')';
                mysql_query($un_q);
                echo '  <meta http-equiv="refresh" content="0; url=thanks.php?msg=register" />
';
            }
        }
    }
}

?>

it's not throwing any error message, how to fix this issue?

3
Contributors
5
Replies
35
Views
2 Years
Discussion Span
Last Post by lps
0

Insert this simple debug code after line 115:

die($q);

It will display the query as it has been constructed and stop the script. Now you can inspect the query and paste it into phpmyadmin to check it if it works. You can post it here also.

You took the complex path to assemble the query. There are simpler ways that make things more readable and help you avoid errors. Try using double quotes:

$q = "insert into users (`username`, `password`, `url`, `name`, `email`, `address`, `mobile`, `ip`, `dob`) values ('$username', '$password', '$url', '$name', '$email', '$address', '$mobile', '$ip', '$dob')';

Edited by broj1

0

First of all, mysql_* has been depreciated. Use mysqli_* or PDO instead.

The problem should be the query where the field should not having quoted in MYSQL.
$q = "insert into users (username,password,url,name,email,address,mobile,ip,dob) values ('$username', '$password', '$url', '$name', '$email', '$address', '$mobile', '$ip', '$dob')";

Edited by lps

0

modified code

$q = "insert into users (username,password,url,name,email,address,mobile,ip,dob) values ('$username', '$password', '$url', '$name', '$email', '$address', '$mobile', '$ip', '$dob')";   
die($q);

Output:

insert into users (username,password,url,name,email,address,mobile,ip,dob) values ('ravi', 'oKymq6E=', 'xyz.in', 'ravi prasad', 'myemailid@yahoo.com', 'Bijapur', '7712345678', '117.209.144.114', '--')
0

Please do escape the inputed data else you are opened to sql injections.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.