PHP question [Archive] - Web Hosting Talk

View Full Version : PHP question

ihosty

07-22-2008, 01:40 PM

Hello I am having trouble getting this simple script to work that I wrote, if anyone could tell me what I am doing wrong that would be great

<?php //connection

$host = "localhost";

$dbuser = "username goes here";

$dbpass = "password to database here";

$dbname = "database name here";

$connection = mysql_connect ($host,$dbuser,$dbpass);

$db = mysql_select_db($dbname,$connection);

//grab data from form

$name = $_POST[username];

$pass = $_POST[password];

$pass_conf = $_POST[pass_conf];

$email = $_POST[email];

$ip = $_POST[ip];

//if else (else if)

if ($name == false || $pass == false || $pass_conf == false || $email == false){

echo "please fill in all the required fields.";

}

if($pass != $pass_conf){

echo "Passwords do not match.";

}else {

$connection = mysql_connect ($host,$dbuser,dbpass);

$db = mysql_select_db($dbname,$connection);

$sql = "INSERT INTO user (username,password,email,ip) VALUES ($name, $pass, $email, $ip)";

$result = mysql_query($sql);

echo "Thanks By: Matthew Troup";
}
?>

Fatal error: Function name must be a string in /home/volo/public_html/testscript/do_reg.php on line 21

Thanks!!!!

Jatinder

07-22-2008, 02:22 PM

Post the code for do_reg.php script.

The code you posted above will run although it will display some notices and warnings.

linux-tech

07-22-2008, 02:26 PM

Firstly, you need to make sure you sanitize your user input. The posted script is going to be insecure as all hell.

Secondly, take a look at the script (do_reg.php), on line 21. Look for an $ where there shouldn't be, because that is usually where this comes from

ihosty

07-22-2008, 02:29 PM

<?php //connection
$host = "localhost";
$dbuser = "username goes here";
$dbpass = "password to database here";
$dbname = "database name here";

$connection = mysql_connect ($host,$dbuser,$dbpass);
$db = mysql_select_db($dbname,$connection);

//grab data from form
$name = $_POST(username);
$pass = $_POST(password);
$pass_conf = $_POST(pass_conf);
$email = $_POST(email);
$ip = $_POST(ip);

//if else (else if)
if ($name == false || $pass == false || $pass_conf == false || $email == false){
echo "please fill in all the required fields.";
}
if($pass != $pass_conf){
echo "Passwords do not match.";
}else {
$connection = mysql_connect ($host,$dbuser,dbpass);
$db = mysql_select_db($dbname,$connection);
$sql = "INSERT INTO user (username,password,email,ip) VALUES ($name, $pass, $email, $ip)";
$result = mysql_query($sql);
echo "Thanks By: Matthew Troup";
?>

It then also feeds off a small form, which is the following..

<?php
$IP = $_SERVER[REMOTE_ADDR];

?>

< form name=reg action=do_reg.php method=post>
Username: <input type=text name=username><br>
Password: <input input type=password name=password><br>
Confirm: <input type=password name=pass_conf><br>
Email: <input type="text name=email"><br>
<input type=hidden name=ip value=' <?php echo $IP ?>'>
<input type=submit value='Register'>

Jatinder

07-22-2008, 02:41 PM

Your "Grab the form data" section is wrong.

It should be:

//grab data from form
$name = $_POST['username'];
$pass = $_POST['password'];
$pass_conf = $_POST['pass_conf'];
$email = $_POST['email'];
$ip = $_POST['ip'];

instead of

$name = $_POST(username);
$pass = $_POST(password);
$pass_conf = $_POST(pass_conf);
$email = $_POST(email);
$ip = $_POST(ip);

And do consider linux-tech's advice and add some input sanitization. At least use mysql_real_escape_string() in your SQL query.

ihosty

07-22-2008, 03:22 PM

now i get this...

please fill in all the required fields.
Warning: mysql_connect() [function.mysql-connect (http://www.voloproductions.com/testscript/function.mysql-connect)]: Access denied for user 'volo'@'localhost' (using password: YES) in /home/volo/public_html/testscript/do_reg.php on line 41

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/volo/public_html/testscript/do_reg.php on line 43
Thanks By: Matthew Troup

Votii

07-22-2008, 03:36 PM

Replace:
$connection = mysql_connect ($host,$dbuser,dbpass);
$db = mysql_select_db($dbname,$connection);
$sql = "INSERT INTO user (username,password,email,ip) VALUES ($name, $pass, $email, $ip)";
$result = mysql_query($sql);

With:
$connection = mysql_connect ($host,$dbuser,$dbpass);
$db = mysql_select_db($dbname,$connection);
$sql = "INSERT INTO user (username,password,email,ip) VALUES ('" . $name . "', '" . $pass . "', '" . $email . "', '" . $ip . "')";
$result = mysql_query($sql);

Votii

07-22-2008, 03:48 PM

I have also noticed you are missing a
}

Which should be put on the end of this statement:
if($pass != $pass_conf){
echo "Passwords do not match.";
}else {

jimpoz

07-22-2008, 05:45 PM

}else {

$connection = mysql_connect ($host,$dbuser,dbpass);

$db = mysql_select_db($dbname,$connection);

should be
}else {

$connection = mysql_connect ($host,$dbuser,$dbpass);

$db = mysql_select_db($dbname,$connection);