Good Afternoon,

I am currently developing a very simple members only website. I am using webhosting provided by Yahoo!, and they provide access to MySql 4.1.14 via phpMyAdmin 2.6.3-pl1.

I tested the login section of my site by inserting a username and password on the MySql server (using the insert function). Everything works great, I can login just fine when I create the info on the server side.

I am having a problem with the registration form. As usual, a user completes a simple form, and then hits submit. The PHP script checks for missing info and blanks and then is suppose to insert the new info into the database and allow the user access to the members only area. I also have the program send an email to the email address provided.

Here is the problem: When I run the program, it process the information and allows the user to access the member's only section of the website, but their registration information is not inserted into the database and I do not receive an error message. I receive an email from the program like I should with my username and PW.

I have tried various code arrangements, here is my latest attempt. Again, the PHP program passes the information and allows the user to register and move onto the members only area, but the information is not sent to the database and I do not get an error message.


I have no clue why this is happening. I have check case sensitivity and everything matches. I would appreciate any help you could provide.

Thanks in advance,

J-

[code]

include("ravens.inc");

$connection = mysql_connect($host,$user,$password)
or die("Couldn't connect to the server.");

$db = mysql_select_db($database,$connection)
or die("Couldn't connect to the database.");

$today = date ("Y-m-d");

$sql = "INSERT INTO `Test`.`Member`(loginName, createDate, password, firstName, lastName, street, city, state, zip, phone, fax, email) VALUES ('$newname','$today', password('$newpass'),'$firstName','$lastName','$street','$city','$state','$zip','$phone','$fax','$email')";

$result=mysql_query( $sql , $db_connection );
echo "the db error is: ".mysql_error($sql);
$_SESSION['auth']="yes";
$_SESSION ['logname']= $newname;

[\code]

FYI - ravens.inc includes all of the info required to connect to the database.

If the table you are inserting into is 'Member', then just do INSERT INTO Member , you've already selected the database with mysql_select_db .

Also, mysql_error() takes the db handle, not the sql string, so you want
echo "the db error is: ".mysql_error($connection);

and for the query itself you are using $db_connection instead of $connection:
$result=mysql_query( $sql , $connection );

Thank you for you reply Mocker,

I have made those changes, and still have the same results.

Any other thoughts?

I use a switch statement (@$_GET['do']) to allow login and registration on the same page.

Could this switch be the source of my problem? The code below starts at the Login/new case break. I know the login works ok.

Thanks again.

J-

If you want to know if it's the combination with the login, or just the code:

Test it piece by piece.

First thing I notice is a break in the clear, and no closing of the switch statement. Also, there are some { at the same indentation level (might be caused by the forum), with makes it hard to see whether you structure is correct. It might be a problem the wrong piece of code is triggered.

From first glance, your SQL part seems ok now.

As a sidenote: Please make sure all PHP variables are checked for 'stange' character as you showed you did for some fields. With this direct insertion into the SQL query there might be a SQL-insertion lurking around

This doesn't look right to me:

If you're trying to hash the password then this:

password('$newpass')

should be something like this:

$pass = md5($newpassword);

but it should be done before the query is generated. So it would look something like this:



This post has been edited by CTphpnwb: 25 Sep, 2008 - 11:13 AM

MySQL has a password(pass) function as well, if he prefers to use it, why not?

Because the MySQL manual explicitly says not to. Yes, it's a valid function and it will work (for a certain definition of "work") for this purpose, but that doesn't make it a good idea. When the documentation tells you not to do something, you should probably listen.

Point taken. I should read the manual myself better.

I was going to add he'd better use the md5() function if he would prefer to use the sql query for the encoding, but that still introduces the problem the pain password is sent to the SQL server, while php-md5() only sends the hash.

(The reason why the encoding should be done in php is as important as stating the solution, isnt it?)