Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New Coder
    Join Date
    May 2012
    Posts
    20
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Database not updating, no errors

    Good day, I have coded a register page as well as a connect page. The register page connects to the database, apparently, because no connect errors. However, the database does not update with the registration details. Please assist.

    Database name: antiques
    Table name: user

    Easyphp vers.:5.3.1.0

    connect.php:

    Code:
    <?php
    
    function quote_smart($value, $handle) {
    
    if (get_magic_quotes_gpc()) {
    $value = stripslashes($value);
    }
    
    if (!is_numeric($value)) {
    $value = "'" . mysql_real_escape_string($value, $handle) . "'";
    }
    return $value;
    }
    
    function connect_server_db()
    {
    $user_name="root";
    $password="";
    $database="antiques";
    $server="127.0.0.1";
    
    $connection = mysql_connect ($server, $user_name, $password)
    or die ("Could not connect to server");
    
    $db_found = mysql_select_db($database)
    or die ("Could not connect to database");
    
    return $connection;
    }
    
    ?>
    
    <?php
    
    
    if (isset($_REQUEST['register']))
    {
    $title = "";
    $name = "";
    $surname = "";
    $uname = "";
    $pword = "";
    $errorMessage = "";
    $num_rows = 0;
    
    $title = $_REQUEST['title'];
    $name = $_REQUEST['name'];
    $surname = $_REQUEST['surname'];
    $uname = $_REQUEST['username'];
    $pword = $_REQUEST['password'];
    
    
    $uname = htmlspecialchars($uname);
    $pword = htmlspecialchars($pword);
    
    $uname = quote_smart($uname, $connection);
    $pword = quote_smart($pword, $connection);
    
    $uLength = strlen($uname);
    $pLength = strlen($pword);
    
    if ($uLength >= 1 && $uLength <= 6) {
    $errorMessage = "";
    }
    else {
    $errorMessage = $errorMessage . "Username must be between 1 and 6 characters" . "<BR>";
    }
    
    if ($pLength >= 1 && $pLength <= 6) {
    $errorMessage = "";
    }
    else {
    $errorMessage = $errorMessage . "Password must be between 1 and 6 characters" . "<BR>";
    }
    
    if ($errorMessage == "") {
    
    connect_server_db();
    
    $uname = quote_smart($uname, $connection);
    $pword = quote_smart($pword, $connection);
    
    $SQL = "SELECT * FROM user WHERE username = $uname";
    $result = mysql_query($SQL);
    $num_rows = mysql_num_rows($result);
    
    if ($num_rows > 0) {
    $errorMessage = "Username already taken";
    }
    
    else {
    
    $SQL = "INSERT INTO user (title, name, surname, username, password) VALUES ($title, $name, $surname, $uname, md5($pword))";
    
    $result = mysql_query($SQL);
    
    mysql_close(connect_server_db('$connection'));
    
    session_start();
    $_SESSION['login'] = "1";
    
    header ("Location: home.php");
    }
    }
    else {
    $errorMessage = "Database Not Found";
    }
    
    }
    
    ?>



    Register.php

    Code:
    <html>
    <head>
    
    <?php
    include ("connect.php");
    ?>
    <title>
    ################################
    </title>
    <link href="style.css" rel="stylesheet" type="text/css">
    </head>
    
    <body>
    <h1>
    #############################<br /><br />
    </h1>
    
    <h2><br /><br />
    ########
    </h2>
    <br><br>
    
    <table border = '1' bgcolor = #a4a4a4>
    <form action="connect.php" method="post">
    <tr><td>Title: </td><td><input type="text" name="title"></td></tr>
    <tr><td>Name : </td><td><input type="text" name="name"></td></tr>
    <tr><td>Surname : </td><td><input type="text" name="surname"></td></tr>
    </tr><td>Username : </td><td><input type="text" name="username"></td></tr>
    </tr><td>Password : </td><td><input type="password" name="password"></td></tr>
    </table>
    <br><br>
    <input type="submit" name="register" value="Register">
    <input type="reset" value="Reset">
    </form>
    
    </body>
    </html>
    Last edited by schalk1807; 09-25-2013 at 10:36 AM.

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,211
    Thanks
    80
    Thanked 4,571 Times in 4,535 Posts
    How do you know there are no errors? You have ZERO CODE in there looking for an error.

    And you have ZERO CODE for debugging.

    Code:
    $SQL = "INSERT INTO user (title, name, surname, username, password) VALUES ($title, $name, $surname, $uname, md5($pword))";
    
    echo "<hr/>DEBUG SQL: " . $SQL . "<hr/>\n";
    
    $result = mysql_query($SQL) or die( mysql_error() );
    HINT: Literal text strings in MySQL must be enclosed in apostrophes, just as you would do in PHP.

    That is, in PHP you wouldn't try to do
    Code:
    $title = This is my title;
    would you? Why would you think SQL can understand This is my title if you don't put quotes or (better, in SQL) apostrophes around it?

    And by the by: Password between 1 and 6 characters??? REALLY??? So you *WANT* hackers to be able to easily break into your system? Modern systems usually require passwords to be a MINIMUM of 6 characters and most places have moved to minimum sizes of 8 characters. And requiring an upper case letter, a lower case letter, a digit, and a special character within that password.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    schalk1807 (09-23-2013)

  • #3
    New Coder
    Join Date
    May 2012
    Posts
    20
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Thank you for your reply.

    Please excuse my ignorance, I am currently a student and this is my first year with MySQL, so unfortunately I am still learning and trying to make sense of it all.

    I thought that because I do not receive a "Could not connect to server / database", that the connection is error free.

    The 1 to 6 characters password is what is required for this assignment and not for a real system, luckily.

    Thank you for your advice, I will study it and implement it.

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,211
    Thanks
    80
    Thanked 4,571 Times in 4,535 Posts
    You are taking a class and they are having you use mysql_query( )???

    Ask for your money back! mysql_query() is *OBSOLETE* and will be removed in the next version of PHP!

    Okay, your school/whatever is not the only one that is way behind the times. The situation in classes teaching JavaScript is much much worse.

    Anyway...aside from needing '...' around all string literals, you also need to looking at the function mysql_real_escape_string( ).

    Look it up in the PHP online docs at http://www.php.net
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    schalk1807 (09-23-2013)

  • #5
    New Coder
    Join Date
    May 2012
    Posts
    20
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Will do. Thank you again.

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Old Pedant can be a little, uh, curt at times
    He is right though, the mysql library is obsolescent, and will most definitely be removed in the near future. It is technically not obsolete yet, as it does still undergo maintenance officially (but no need to use that as a reason to keep ).
    String usage is the actual issue for the queries. You must wrap anything that is a string with '' (or "" will work, but as Pedant pointed out a few years ago to me, the ' is the standard), and you shouldn't do that with things like integers (mysql is lenient by default, but can be configured strict).
    Things like this will not work:
    PHP Code:
    mysql_close(connect_server_db('$connection')); 
    connect_server_db doesn't accept arguments, but that will not throw an error since PHP is designed with varargs (variable length argument lists) since it does not support overloading. The problem in particular with the above is the argument is literally the string '$connection', and not the variable. Its not required though since the function itself accepts nothing.
    The validation blocks are technically wrong. If you fail the $uLength check, but pass the $pLength check, than you'll have no error message. Although this may be a moot point since there is no use of the $errorMessage anyway (there is no print).

    On the plus side, although when you use the mysqli/pdo libraries with prepared statements you don't need to do it, the quotesmart function is correct. Most people do it backwards: if gpc is not enabled, then addslashes. This is incorrect; you must always remove slashes with stripslashes if magic quotes are enabled and THEN you must use real escape string as you do.

    This is a problem, even though it won't seem like one:
    PHP Code:

    ?>

    <?php
    Followed by later:
    PHP Code:
    session_start(); 
    Sessions require cookies by default, and cookies require headers. Having the break with a white space is guaranteed to create output, so the session_start will push an error indicating headers have already been sent (and therefore fail to set the session, on default configurations). There is little loss in establishing a session at the very start aside from assigning an empty file, and it will never give problems, so I recommend you move it to the top of the script right after the <?php.

    And of course, always add in development environments at the top (or if you can control it, at the php.ini level):
    PHP Code:
    ini_set('display_errors'1);
    error_reporting(E_ALL); 
    Which will show you any PHP errors. Not mysql ones though, those are done at the mysql_query call:
    PHP Code:
    $result mysql_query($sql) or die(mysql_error()); 
    Dirty trick for error handling, but at least you'll know there's an error.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • Users who have thanked Fou-Lu for this post:

    schalk1807 (09-24-2013)

  • #7
    New Coder
    Join Date
    May 2012
    Posts
    20
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Thank you Fou-Lu,

    In my book, anyone that takes time out of their lives to help other people, may be as curt as they like.

    Thank you for the advice. I will study it carefully and implement.

  • #8
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,211
    Thanks
    80
    Thanked 4,571 Times in 4,535 Posts
    Sorry, wasn't trying to be curt. And I did give him that "hint" that was the crux of the matter.

    I utterly missed the bit about the $connection, though. I saw the missing '...' in the SQL query and figured that was the major problem.

    And the bit about asking for money back from his school was over the top, because I really do know how bad schools are about keeping up with the times. It was more a "you should complain" than to be taken seriously.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #9
    New Coder
    Join Date
    May 2012
    Posts
    20
    Thanks
    10
    Thanked 0 Times in 0 Posts
    No worries Old Pedant

    I am just damn glad for your and Fou-lu's help.

    The school is actually an university, and is as bad as you thought. Luckily this is my last subject, then I'm done with them.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •