Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    New Coder
    Join Date
    May 2009
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts

    My variables don't carry over from functions.

    I have the function "register()" for a very simple user registration script, but for some reason it doesn't write the variables "$email" and "$veri" to the database.

    PHP Code:
    function sanitize($input) {
    //sanitize database input
        
    $input stripslashes($input);
        
    $input mysql_real_escape_string($input);
    }

    function 
    veri($input) {
    //generates a hash to use for verification
        
    $random rand();
        
    $data $input $random;
        
    $veri md5($data);
    }

    function 
    register($email$password) {
    //registers a new user
        //secure the password, no data grabbing plz
        
    $password md5($password);
        
    //secure the email, no injection plz
        
    $email sanitize($email);
        
        
    //generate initial verification hash
        
    veri($email);
        
        
    $query "INSERT INTO users VALUES (NULL, '" $email "', '" $password "', '" $veri "', 0)";
        
    mysql_query($query) or die(mysql_error());


  • #2
    New Coder
    Join Date
    Jul 2008
    Posts
    96
    Thanks
    4
    Thanked 0 Times in 0 Posts
    You got it slightly wrong
    Try this template (not the exact thing
    Code:
    <--the table:-->
    INSERT INTO `users` 
    
    <--the area you want to insert to:-->
    (`email` ,`password` ,`verify`)
    
    <--the actual values-->
    VALUES ('".$email."', '".$password."', '$veri."');
    Note make sure the "area" and actual value are respective. ie/ if you want to add something like username, make sure if it is the 4th "area", it is the 4th value!

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Quote Originally Posted by 2Pacalypse View Post
    You got it slightly wrong
    Try this template (not the exact thing
    Code:
    <--the table:-->
    INSERT INTO `users` 
    
    <--the area you want to insert to:-->
    (`email` ,`password` ,`verify`)
    
    <--the actual values-->
    VALUES ('".$email."', '".$password."', '$veri."');
    Note make sure the "area" and actual value are respective. ie/ if you want to add something like username, make sure if it is the 4th "area", it is the 4th value!
    This is not accurate, there is nothing in SQL that defines that fields have to be presented in an insert query. They are only required if you're not inserting every field or if the order is different than specified.

    Functions take a scope of their own when created. That means any variable defined within a function is function dependent, and when the function stack pops the variables are destroyed.

    You're sanitize method is returning void. This call $email = sanitize($email); sets the value of $email to null. This call veri($email); doesn't assign the value to anything, nor does the veri function return a result.

    Options are as follows. Use a reference in you're function signatures:
    PHP Code:
    function sanitize(&$input) {
    //sanitize database input
        
    $input stripslashes($input);
        
    $input mysql_real_escape_string($input);


    function 
    veri(&$input) {
    //generates a hash to use for verification
        
    $random rand();
        
    $data $input $random;
        
    $veri md5($data);

    These will physically alter the original data given to them. This is not recommended.
    The better option is to return a result, so sanitize should have a return $input;, and veri should have an return $veri; and the call should be assigned to a variable within the register function.

    Now, this still won't work. Sanitize will fail since it doesn't an open scope to a mysql connection resource. Fix with a global call to you're $connection variable, or whatever it is named, or even better - pass it into the method as well. Stripslashes also should only be used of get_magic_quotes_gpc() returns true, otherwise you'll be stripping data that may have been intended.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #4
    New Coder
    Join Date
    May 2009
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts
    So would this be acceptable?

    PHP Code:
    function sanitize(&$input) {
    //sanitize database input
        
    doconnect();
        
    $input stripslashes($input);
        if(
    get_magic_quotes_gpc()) {
            
    $input mysql_real_escape_string($input);
        }
        return 
    $input;
    }

    function 
    veri(&$input) {
    //generates a hash to use for verification
        
    $random rand();
        
    $data $input $random;
        
    $veri md5($data);
        
        return 
    $veri;
    }

    function 
    register($email$password) {
    //registers a new user
        //secure the password, no data grabbing plz 
        
    $password md5($password);
        
    //secure the email, no injection plz
        
    sanitize($email);
        
        
    //generate initial verification hash
        
    veri($email);
        
        
    $query "INSERT INTO users VALUES (NULL, '" $email "', '" $password "', '" $veri "', 0)";
        
    mysql_query($query) or die(mysql_error());

    doconnect() calls my sql connection function, but do I need that if I've already got an sql connection outside the function?

    Also, if you could explain what the ampersand does? I don't understand what it's for.

  • #5
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    & is the addressof operator. It passes a variable by pointer and not by value letting you operate on the original.
    No this won't work. I'll fix it:
    PHP Code:
    function sanitize($input)
    {
    //sanitize database input
        
    doconnect();
        if (@
    get_magic_quotes_gpc())
        {
            
    $input stripslashes($input);
        }

        
    $input mysql_real_escape_string($input);
        return 
    $input;
    }

    function 
    veri($input)
    {
    //generates a hash to use for verification
        
    $random rand();
        
    $data $input $random;
        
    $veri md5($data);
        
        return 
    $veri;
    }

    function 
    register($email$password)
    {
        
    doConnect();
    //registers a new user
        //secure the password, no data grabbing plz 
        
    $password md5($password);
        
    //secure the email, no injection plz
        
    $email sanitize($email);
        
        
    //generate initial verification hash
        
    $veri veri($email);
        
        
    $query "INSERT INTO users VALUES (NULL, '" $email "', '" $password "', '" $veri "', 0)";
        
    mysql_query($query) or die(mysql_error());

    If you have a specific connection in use, you can either globalize it in a function:
    PHP Code:
    function myfunc()
    {
        global 
    $dbConnect
    which should actually be avoided, or signature you're methods to use it as a parameter:
    PHP Code:
    function register($dbConnect)
    {
    }

    register($myConnection); 
    Edit:
    I just tested this, it looks like resources are autoglobals.
    That means you don't need to use you're doConnect function or globalize you're connection object in you're functions. But you do need to make sure that a connection is open and available or the mysql_real_escape_string will not work.
    Last edited by Fou-Lu; 05-09-2009 at 02:22 AM.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • Users who have thanked Fou-Lu for this post:

    Auax (05-09-2009)

  • #6
    New Coder
    Join Date
    May 2009
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Perfect! Thank you!

  • #7
    New Coder
    Join Date
    May 2009
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I'm not sure if this is because of a similar problem, but if you could help me with this it'd be appreciated.

    PHP Code:
    function doesExist($data$table$feild) {
    //checks to see if the data provided exists in the database
    //returns 0 if false, 1 if true
        
    $query "SELECT * FROM " $table " WHERE " $feild " = " $data;
        
    $result mysql_query($query);
        
        if(
    $result == true) {
            
    $doesExist 1;
        } else {
            
    $doesExist 0;
        }
        
        return 
    $doesExist;


  • #8
    bdl
    bdl is offline
    Regular Coder
    Join Date
    Apr 2007
    Location
    Camarillo, CA US
    Posts
    590
    Thanks
    4
    Thanked 83 Times in 82 Posts
    @Auax> The reason that function doesn't work is because of the subtlety of mysql_query() return types.

    If the function is executing a valid SELECT statement, it will return a MySQL Result Resource, not boolean TRUE. If the SELECT statement fails, it does however, return boolean FALSE. On the other hand, if the query is an INSERT, DELETE, DROP type statement, it does return boolean TRUE or FALSE values. So your function will always return FALSE, since the mysql_query() function call will never return TRUE, even for a valid query.

    What you need to do, since you're not actually retrieving data from the SELECT statement, is use a COUNT(*) expression in the SQL statement, that returns a single value: the number of records matched, or zero. Your function can then retrieve this value and your conditional statement can determine if the value is anything greater than zero, returning TRUE or FALSE.

  • #9
    New Coder
    Join Date
    May 2009
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Ah, I completely forgot about COUNT!

    Thank you!

    But this still doesn't seem to work.

    PHP Code:
    function doesExist($data$table$feild) {
    //checks to see if the data provided exists in the database
    //returns 0 if false, 1 if true
        
    $query "COUNT(*) FROM " $table " WHERE " $feild " = " $data;
        
    $result mysql_query($query);
        
        if(
    $result <= 1) {
            
    $doesExist 1;
        } else {
            
    $doesExist 0;
        }
        
        return 
    $doesExist;

    I'm calling it like this:
    PHP Code:
        $email $_POST['email'];
        
    $pass $_POST['pass'];
        
    $cpass $_POST['cpass'];
        
        
    $feild "email";
        
    $table "users";

        
    doesExist($email$table$feild); 
    But when I try to use, or echo out the $doesExist variable, I get nothing.
    Last edited by Auax; 05-09-2009 at 04:09 AM.

  • #10
    bdl
    bdl is offline
    Regular Coder
    Join Date
    Apr 2007
    Location
    Camarillo, CA US
    Posts
    590
    Thanks
    4
    Thanked 83 Times in 82 Posts
    You're still doing the same thing. As I mentioned in my previous post (and linked to the PHP manual page), mysql_query() returns either a MySQL Result Resource or FALSE. It does not return TRUE or a value from the query itself. You must use another function to retrieve data from the query, i.e. mysql_result(), then compare the value returned from that function in your conditional.

    Plus, it's
    Code:
    SELECT COUNT(*) FROM sometable...

  • #11
    New Coder
    Join Date
    May 2009
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Can you please provide an example?

    I've got this... which gives a "not a valid mysql result resource" error.
    PHP Code:
    function doesExist($data$table$feild) {
    //checks to see if the data provided exists in the database
    //returns 0 if false, 1 if true
        
    $query "SELECT COUNT(*) FROM " $table " WHERE " $feild " = " $data;
        
    $result mysql_query($query);
        
    $num mysql_num_rows($result);
        
        if(
    $num == 0) {
            
    $doesExist 0;
        } else {
            
    $doesExist 1;
        }
        
        return 
    $doesExist;

    Edit:
    I tried using mysql_result, but I'm not sure what to use for the second parameter.

  • #12
    bdl
    bdl is offline
    Regular Coder
    Join Date
    Apr 2007
    Location
    Camarillo, CA US
    Posts
    590
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Please read the PHP manual page I linked; there are some good examples there, and you should really get used to reading and understanding the function documentation. Additionally, be sure to read through the PHP Language Reference while you're at it.

  • #13
    New Coder
    Join Date
    May 2009
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Yes, I read the page you linked, and am quite used to reading the reference material.

    I asked you to provide an example, because the reference on the official site was unclear for my situation.

  • #14
    bdl
    bdl is offline
    Regular Coder
    Join Date
    Apr 2007
    Location
    Camarillo, CA US
    Posts
    590
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Ok, but just this once.

    PHP Code:
    $sql'SELECT COUNT(*) FROM table WHERE condition <> 1';
    $resmysql_query($sql);
    // the conditional statement, incorporating mysql_result()
    if ( mysql_result$res) > ) {
      
    // at least one record exists that matches the criteria
    } else {
      
    // no records match

    Note that I pass 0 as the second parameter; it's the numeric index of the row returned. In computer science, lists / arrays are indexed beginning at the 'zeroth' element, so the first (and only, in this case) record is record #0. Alternatively you could add an alias to the COUNT() function return and reference that as well, e.g.
    PHP Code:
    $sql'SELECT COUNT(*) AS c FROM table WHERE condition <> 1';
    $resmysql_query($sql);
    // the conditional statement, incorporating mysql_result()
    if ( mysql_result$res0'c' ) > ) { 
    I also noticed in your attempt that you used mysql_num_rows(); note that using mysql_num_rows() in conjunction with a valid SELECT COUNT() statement will always return 1 record, the record that stores the numeric value returned from the COUNT() function. So it's not useful in these cases.
    Last edited by bdl; 05-09-2009 at 06:02 AM.

  • #15
    New Coder
    Join Date
    May 2009
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Ahh, I see!

    Thank you. I was concerned that the number used for the second parameter would affect the count.

    However, it still tells me it's not a valid result resource.
    PHP Code:
    function doesExist($data$table$field) {
    //checks to see if the data provided exists in the database
    //returns 0 if false, 1 if true
        
    $query "SELECT COUNT(*) FROM " $table " WHERE " $field " = " $data;
        
    $result mysql_query($query);

        if (
    mysql_result($result0) > 0) {
            
    $doesExist 1;
        } else {
            
    $doesExist 0;
        }  
        
        return 
    $doesExist;

    (I am sure the table and field are correct.)
    Last edited by Auax; 05-09-2009 at 06:07 AM.


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •