PDA

Click to See Complete Forum and Search --> : [HELP]need help with php

RuneMan
Aug 12th, 2008, 02:52 AM
So this is my code :


<h1>Registeration Form</h1><br /><br />
<?php
include("includes/config.php");
include("function/db.php");
//error handling
if (isset($_GET['error'])){
if (($_GET['error']) == "nu"){
echo "<p>You did not enter a username.</p><br />";}
if (($_GET['error']) == "np"){
echo "<p>You did not enter a password.</p><br />";}
if (($_GET['error']) == "nrp"){
echo "<p>You did not enter the second password.</p><br />";}
if (($_GET['error']) == "ne"){
echo "<p>You did not enter an email address.</p><br />";}
if (($_GET['error']) == "ndob"){
echo "<p>You did not enter your date of birth.</p><br />";}
if (($_GET['error']) == "pne"){
echo "<p>Passwords do not match.</p><br />";}
if (($_GET['error']) == "ue"){
echo "<p>The username you chose already exists. Choose another one.</p><br />";}
if (($_GET['register']) == "suc"){
echo "<p>Registration is successful.</p><br />";}
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>?maple=register" method="post">
<p>Username</p><br />
<form type="text" name="username" value=""><br />
<p>Password</p><br />
<form type="password" name="password" value=""><br />
<p>Repeat Password</p><br />
<form type="password" name="passwordre" value=""><br />
<p>E-mail</p><br />
<form type="text" name="email" value=""><br />
<p>Date of Birth</p><br />
<form type="text" name="dob" value=""><br />
<form type="submit" value="submit">
<?PHP
if(($_POST['username'] == "")){header("Location: index.php?maple=register&error=nu");}
if(($_POST['password'] == "")){header("Location: index.php?maple=register&error=np");}
if(($_POST['passwordre'] == "")){header("Location: index.php?maple=register&error=nrp");}
if(($_POST['email'] == "")){header("Location: index.php?maple=register&error=ne");}
if(($_POST['dob'] == "")){header("Location: index.php?maple=register&error=ndob");}
$username=mysql_real_escape_string($_POST['username']);
$dob=mysql_real_escape_string($_POST['dob']);
$email=mysql_real_escape_string($_POST['email']);
if(($_POST['password'] == $_POST['passwordre'])){$password=sha1($_POST['password']);} else {header("Location: index.php?maple=register&pne");}
//check for duplicate usernames...
$user_query=mysql_query("SELECT COUNT(*) FROM `accounts` WHERE `name` = '". $_POST['username'] ."'") or die(mysql_error());
$chkuser=mysql_fetch_array($user_query);
if($chkuser != 0){header ("Location: index.php?maple=register&error=ue");}
else {
$add_user="INSERT INTO `accounts` (`id`, `name`, `password`, `birthday`, `email`, `macs`) VALUES (NULL, $username, $password, $dob, $email, "0")";
mysql_query($add_user) or die(mysql_error());
header("Location: index.php?maple=register&register=suc");
}?>


Now whenever i access the page I get this error.


Parse error: syntax error, unexpected T_LNUMBER in C:\wamp\www\register.php on line 53


So can you guys help me get around this error?
Pino
Aug 12th, 2008, 05:41 AM
$add_user="INSERT INTO `accounts` (`id`, `name`, `password`, `birthday`, `email`, `macs`) VALUES (NULL, $username, $password, $dob, $email, "0")"


Should be


$add_user="INSERT INTO `accounts` (`id`, `name`, `password`, `birthday`, `email`, `macs`) VALUES (NULL, '$username', '$password', $dob, '$email', '0')"

Assuming the fields are string Values.
RuneMan
Aug 12th, 2008, 05:56 AM
yup did it....

now i get this error


Parse error: syntax error, unexpected T_STRING in C:\wamp\www\register.php on line 54


and line 54 is ::

52--> else {
53--> $add_user="INSERT INTO `accounts` (`id`, `name`, `password`, `birthday`, `email`, `macs`) VALUES (NULL, '$username', '$password', $dob, '$email', '0')"
54--> mysql_query($add_user) or die(mysql_error());
55--> header("Location: index.php?maple=register&register=suc");

and thanks :3
Pino
Aug 12th, 2008, 05:59 AM
yup did it....

now i get this error


Parse error: syntax error, unexpected T_STRING in C:\wamp\www\register.php on line 54


and line 54 is ::

52--> else {
53--> $add_user="INSERT INTO `accounts` (`id`, `name`, `password`, `birthday`, `email`, `macs`) VALUES (NULL, '$username', '$password', $dob, '$email', '0')"
54--> mysql_query($add_user) or die(mysql_error());
55--> header("Location: index.php?maple=register&register=suc");

and thanks :3

Is this your code?

Your missing the terminating ;

Pino
RuneMan
Aug 12th, 2008, 06:33 AM
yea .. my bad.. i fixed it but i didnt post it here cuz i had to go..
anyways after doing what you said, the form showed up but i got these header errors.

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 38

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 39

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 40

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 41

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 42

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 50


if(($_POST['username'] == "")){header("Location: index.php?maple=register&error=nu");}
if(($_POST['password'] == "")){header("Location: index.php?maple=register&error=np");}
if(($_POST['passwordre'] == "")){header("Location: index.php?maple=register&error=nrp");}
if(($_POST['email'] == "")){header("Location: index.php?maple=register&error=ne");}
if(($_POST['dob'] == "")){header("Location: index.php?maple=register&error=ndob");}
$username=mysql_real_escape_string($_POST['username']);
$dob=mysql_real_escape_string($_POST['dob']);
$email=mysql_real_escape_string($_POST['email']);
if(($_POST['password'] == $_POST['passwordre'])){$password=sha1($_POST['password']);} else {header("Location: index.php?maple=register&pne");}
//check for duplicate usernames...
$user_query=mysql_query("SELECT COUNT(*) FROM `accounts` WHERE `name` = '". $_POST['username'] ."'") or die(mysql_error());
$chkuser=mysql_fetch_array($user_query);
if($chkuser != 0){header ("Location: index.php?maple=register&error=ue");}


Those are lines 38-50. I remember reading in some other forum about some variable which is to be declared in my config.php which can essentially remove these header errors. Maybe if some1 can explains what these are and a guide on avoiding these errors, ill be really grateful.

And thanks alot m8. YOU have been really helpful :D

EDIT: And can you also tell me what ob_start(); does?
visualAd
Aug 12th, 2008, 07:49 AM
yea .. my bad.. i fixed it but i didnt post it here cuz i had to go..
anyways after doing what you said, the form showed up but i got these header errors.

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 38

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 39

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 40

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 41

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 42

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:15) in C:\wamp\www\register.php on line 50


if(($_POST['username'] == "")){header("Location: index.php?maple=register&error=nu");}
if(($_POST['password'] == "")){header("Location: index.php?maple=register&error=np");}
if(($_POST['passwordre'] == "")){header("Location: index.php?maple=register&error=nrp");}
if(($_POST['email'] == "")){header("Location: index.php?maple=register&error=ne");}
if(($_POST['dob'] == "")){header("Location: index.php?maple=register&error=ndob");}
$username=mysql_real_escape_string($_POST['username']);
$dob=mysql_real_escape_string($_POST['dob']);
$email=mysql_real_escape_string($_POST['email']);
if(($_POST['password'] == $_POST['passwordre'])){$password=sha1($_POST['password']);} else {header("Location: index.php?maple=register&pne");}
//check for duplicate usernames...
$user_query=mysql_query("SELECT COUNT(*) FROM `accounts` WHERE `name` = '". $_POST['username'] ."'") or die(mysql_error());
$chkuser=mysql_fetch_array($user_query);
if($chkuser != 0){header ("Location: index.php?maple=register&error=ue");}


Those are lines 38-50. I remember reading in some other forum about some variable which is to be declared in my config.php which can essentially remove these header errors. Maybe if some1 can explains what these are and a guide on avoiding these errors, ill be really grateful.

And thanks alot m8. YOU have been really helpful :D

EDIT: And can you also tell me what ob_start(); does?
Your code is a total mess; I could give you a quick fix for your problem but it would be a lot better for you (and us), if you tidy up your code.

The form data should be processed at the top of the page before you output any HTML. You can then send as many headers as you wish without warnings being spat out.

The mysql query lacks any quotes around the strings so it is unlikely to work. My suggestion here would be to use MySqli or PDO and take advantage of the paramatised query facilities they offer. This means you won't have to worry about escaping the data or putting it in quotes and you can declare you queries at the top of the script as constants.

The use of redirects is the correct appraoch when handling form errors, however, when formatting the errors simply have a $error variable which you set using a switch statement and output this later if required in the HTML.


if (isset($_GET['error'])){
$errorString = '';

switch($_GET['error']) {
case 'nu':
$errorString = 'You did not enter a username';
break;

case 'np':
$errorString = 'You did not enter a password';
break;

case 'ndob':
$errorString = 'You did not enter your date of birth.';
break;

case 'pne':
$errorString = 'Passwords do not match.';
break;

case 'ue':
$errorString = 'The username you chose already exists. Choose another one.';
break;

case 'suc':
$errorString = 'Registration is successful.';
break;
}
}


Looks a lot tidier then in the HTML:

?>
<form>
<?php if (isset($errorString)): ?>
<p><?php echo($errorString) ?></p>
<?php endif; ?>


It is also good practice to format if statements on several lines, even if there is only one statement to be executed. This shows the reader clearly that there is a condition being tested and what is being executed:

//bad
if(($_POST['username'] == "")){header("Location: index.php?maple=register&error=nu");}

// good
if(($_POST['username'] == "")) {
header("Location: index.php?maple=register&error=nu");
}



Trust me, when you sort out how the code looks, it is a lot easier to troubleshoot both for us and more importantly you. :)
RuneMan
Aug 12th, 2008, 09:12 AM
<?php
$mosConfig_locale_debug=0;
$mosConfig_locale_use_gettext=0;
//error handling
include("includes/config.php");
if (isset($_GET['error'])){
$errorString = '';
switch($_GET['error']) {
case 'nu':
$errorString='<font color="white">You did not enter a username</font>';
break;
case 'np':
$errorString='<font color="white">You did not enter a password</font>';
break;
case 'ndob':
$errorString='<font color="white">You did not enter your date of birth.</font>';
break;
case 'nrp':
$errorString='<font color="white">You did not enter the second pass</font>';
break;
case 'ne':
$errorString='<font color="white">You did not enter an email address</font>';
break;
case 'pne':
$errorString='<font color="white">Passwords do not match.</font>';
break;
case 'ue':
$errorString='<font color="white">The username you chose already exists. Choose another one.</font>';
break;
case 'suc':
$errorString='<font color="white">Registration is successful.</font>';
break;
}
}
include("includes/config.php");
if(($_POST['username'] == ""))
{
header("Location: index.php?maple=register&error=nu");
}
if(($_POST['password'] == ""))
{
header("Location: index.php?maple=register&error=np");
}
if(($_POST['passwordre'] == ""))
{
header("Location: index.php?maple=register&error=nrp");
}
if(($_POST['email'] == ""))
{
header("Location: index.php?maple=register&error=ne");
}
if(($_POST['dob'] == ""))
{
header("Location: index.php?maple=register&error=ndob");
}
$username=mysql_real_escape_string($_POST['username']);
$dob=mysql_real_escape_string($_POST['dob']);
$email=mysql_real_escape_string($_POST['email']);
if(($_POST['password'] == $_POST['passwordre']))
{
$password=sha1($_POST['password']);
}
else
{header("Location: index.php?maple=register&error=pne");
}
$user_query=mysql_query("SELECT COUNT(*) FROM `accounts` WHERE `name` = '". $_POST['username'] ."'") or die(mysql_error());
$chkuser=mysql_fetch_array($user_query);
if($chkuser != 0)
{
header("Location:index.php?maple=register&error=ue");
}
else
{
$add_user="INSERT INTO `accounts` (`id`, `name`, `password`, `birthday`, `email`, `macs`) VALUES (NULL, '$username', '$password', $dob, '$email', '0')";
mysql_query($add_user) or die(mysql_error());
header("Location: index.php?maple=register&error=suc");
}
?>
<html>
<h1>Registration Form</h1><br /><br />
<form action="<?php echo $_SERVER['PHP_SELF']; ?>?maple=register" method="post">
<?php if (isset($errorString)): ?>
<p><?php echo($errorString) ?></p>
<?php endif; ?>
<font color="white">Username</font><br />
<input type="text" name="username" value=""><br />
<font color="white">Password</font><br />
<input type="password" name="password" value=""><br />
<font color="white">Repeat Password</font><br />
<input type="password" name="passwordre" value=""><br />
<font color="white">E-mail</font><br />
<input type="text" name="email"><br />
<font color="white">Date of Birth</font><br />
<input type="text" name="dob"><br />
<input type="submit" value="submit">
</html>

Well tidied it up a bit... and can you please explain what you mean by PDO or MySQLi?

Anyways the errors i get are:
Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:16) in C:\wamp\www\register.php on line 38

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:16) in C:\wamp\www\register.php on line 42

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:16) in C:\wamp\www\register.php on line 46

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:16) in C:\wamp\www\register.php on line 50

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:16) in C:\wamp\www\register.php on line 54

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:16) in C:\wamp\www\register.php on line 70
visualAd
Aug 12th, 2008, 09:48 AM
MySQli (www.php.net/mysqli) = MySql Improved extension. It is an improved version of the MySql which includes the ability to execute parametrized queries and has built in support for transactions.

Your query above for example would look like this using object orientated mysqli:

$mysqli = new Mysqli('host', 'user', 'pass', 'db');
$statement = $mysqli->prepare("INSERT INTO
`accounts`
(`name`, `password`, `birthday`, `email`, `macs`)
VALUES (?,?,?,?,?)";

$statement->bind_param('ssssi', $username, $password, $dob, $email, 0);
$statement->execute();


The use of paramatized queries like this, or late binding in programming speak allows the queries to become reusable; as the initial prepare statement loads the query into mysql and checks the syntax. Initial calls reuse the same query and replace the question marks with the parameters supplied. It also allows you to keep your data logically separate from the protocol (SQL) you are using to insert, update or extract those data. All round a better solution :)

PDO (www.php.net/pdo) = PHP Data Objects; it is an abstract driver based API similar to but more powerful than ODBC. You specify which driver you would like with a connection string and create an instance of the PDO object and away you go.

Over the standard mysql extension, it includes built in support for transactional database engines such as Innodb and the ability to execute pre-prepared queries with a set of parameters.

$pdo = new PDO('mysql:host=balh;dbname=balh', 'user', 'pass');
$prepared = $pdo->prepare('INSERT INTO table VALUES(?, ?, ?, ?, ?)');

$prepared->execute(array(1,"2",true,4,"five"));


The question marks are replaced with the values in the array upon execution. The driver handles all the type conversions and escaping of string data for you.

IMO PDO is better than MySqli due to its simplicity and object orientated approach. In addition, PDO also provides a largely abstract API which is easily extensible so you or I could add our own drivers if need be and the task of switching from say MySql to Oracle is greatly simplified and if the SQL used in the application follows largly the SQL92 standard, it could be as simple as changing the DSN.

Although i have found that some hosts support mysqli over PDO and in this situation mysqli should be used over mysql. If your host supports neither or they are still using PHP 4, then you need to find another :D

Finally to your errors, they are caused because something has produced output. The calls to header produce an HTTP header which must appear before the body (HTML) of the response. If you produce any output before calling the header function it will flush the headers through to the browser and start sending the body. Any further attempts to send a header will spit out a warning which you see above. To prevent this from happening you could use an output buffer but that is a slappable offence :D, instead, ensure all HTML and echo appear after the logic (processing part) of your script (that includes HTML in strings - although that would not cause this).

If there are no echos, ensure you have not got any preceding spaces at the beginning of the file and that when you save the file you (if you use notepad), you save it in ANSI format rather than unicode.
RuneMan
Aug 12th, 2008, 10:41 AM
Yup saving it in Unicode format got rid of the header errors. However another problem arised -.-

http://localhost/%3C?username=&password=&passwordre=&email=&dob=

i goes to that link when i use the below code/


<h1>Registration Form</h1><br /><br />
<form action="<?PHP echo $_SERVER['PHP_SELF']; ?>?maple=reg1">
I_Love_My_Vans
Aug 22nd, 2008, 08:01 AM
You need to add a method

<form action="index.php" method="POST">