is it correct script

[zeeshan]

database.php<?php$conn = mysql_connect("localhost", "yourusername", "yourpassword") or die(mysql_error());mysql_select_db('your_database', $conn) or die(mysql_error());$query  = sprintf("INSERT INTO users(username,password,email,pokemon) VALUES('%s','%s');",		   pg_escape_string($username), md5($password),($email),($Favorite pokemon));$query = sprintf("SELECT 1 FROM users WHERE username='%s' AND password='%s';",		   pg_escape_string($username), md5($password));$result = pg_query($connection, $query);if (pg_num_rows($result) > 0) {   echo 'Welcome, $username!';} else {   echo 'Authentication failed  for $username.';}   echo 'For further detail please contact the admin "zeeshan" at his e-mail zeeshanali_syed_1993@yahoo.co.in   as soon as he get you message he will be responding you?>

<?function confirmUser($username, $password){   global $conn;  if(!get_magic_quotes_gpc()) {$username = addslashes($username);   }      $q = "select password from users where username = '$username'";   $result = mysql_query($q,$conn);   if(!$result || (mysql_numrows($result) < 1)){	  return 1; //Indicates username failure   }   $dbarray = mysql_fetch_array($result);   $dbarray['password']  = stripslashes($dbarray['password']);   $password = stripslashes($password);      if($password == $dbarray['password']){	  return 0; //Success! Username and password confirmed   }   else{	  return 2; //Indicates password failure   }}<form action= method="post">  Name:  <input type="text" name="username" /><br />  password: <input type="text" name="password" /><br />  <input type="submit" name="submit" value="Login!" /></form><?log in.php

signup.php<?session_start(); include("database.php");function usernameTaken($username){   global $conn;   if(!get_magic_quotes_gpc()){	  $username = addslashes($username);   }   $q = "select username from users where username = '$username'";   $result = mysql_query($q,$conn);   return (mysql_numrows($result) > 0);}function addNewUser($username, $password){   global $conn;   $q = "INSERT INTO users VALUES ('$username', '$password')";   return mysql_query($q,$conn);}function displayStatus(){   $uname = $_SESSION['reguname'];   if($_SESSION['regresult']){?><h1>Registered!</h1><p>Thank you <b><? echo $username; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p><?   }   else{?><h1>Registration Failed</h1><p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>Please try again at a later time.</p><h>Registeration</h><?<form action= method="post">Desired Username:  <input type="text" name="username" /><br />Desired Password:  <input type="text" name="username" /><br />Your age:  <input type="text" name="username" /><br />Your Email: <input type="text" name="email" /><br />Your Favorite pokemon: <input type="text" name="email" /><br /><input type="submit" name="submit" value="Submit me!" /></form><?

please tell me the error here iam a bigginer

[justsomeguy]

What error are you seeing? Please give more details.

[killboy]

What error are you seeing? Please give more details.

I think that's what he wants us to do: run the code and tell him what errors it has

[justsomeguy]

He could do that for himself. I don't understand why people post something and ask if it works. Just run it, does it work? If not, what does it do or not do? I mean, wouldn't it be quicker to just run something versus post everything online and wait for someone else to run it? He didn't post the database structure, so if anyone is going to run it they will need to go through the code and figure out how the database needs to be set up.

[jhecht]

$query = sprintf("INSERT INTO users(username,password,email,pokemon) VALUES('%s','%s');", pg_escape_string($username), md5($password),($email),($Favorite pokemon));variables can only be one word, there can't be any spaces in a variable. $Favorite_pokemon, however, would be acceptable.And why are you making all of those functions? It would be easier to just run the code straight through considering you'll probably never need the usernameTaken function in your script again.

[justsomeguy]

It also looks like you're mixing MySQL and PostgreSQL functions, which database are you using?

[killboy]

$query  = sprintf("INSERT INTO users(username,password,email,pokemon) VALUES('%s','%s');",....

Can anyone tell me what those '%s' mean?? I've seen them a lot lately and I've never used them.

[justsomeguy]

Take a look at the documentation for sprintf.http://www.php.net/manual/en/function.sprintf.php

[zeeshan]

hi friends i learnt the database script from a manual downloaded from php.net ok. i have just made few changes can u tell r they crrect now

signup.php<?session_start(); include("database.php");function usernameTaken($username){   global $conn;   if(!get_magic_quotes_gpc()){	  $username = addslashes($username);   }   $q = "select username from users where username = '$username'";   $result = mysql_query($q,$conn);   return (mysql_numrows($result) > 0);}function addNewUser($username, $password){   global $conn;   $q = "INSERT INTO registered_members ('$username', '$password','$Confirm password',$Email',$confirm email,$Trainers title)";   return mysql_query($q,$conn);}function displayStatus(){   $uname = $_SESSION['registerd username'];   if($_SESSION['regresult']){?><h1>Registered!</h1><p>Thank you <b><? echo $username; ?></b>, your information has been added to the database, you may now <a href="login.php" title="Login">log in</a>.</p><?   }   else{?><h1>Registration Failed</h1><p>We're sorry, but an error has occurred and your registration for the username <b><? echo $username; ?></b>, could not be completed.There must be some problem in the database the Pokemoncratoz team must be working on it.please contact the admin at zeeshanali_syed_1993@yahoo.co.in for further details<br>Please try again at a later time.</p><?   }   unset($_SESSION['reguname']);   unset($_SESSION['registered']);   unset($_SESSION['regresult']);}if(isset($_SESSION['registered'])){?><html><title>Registration </title><body><? displayStatus(); ?></body></html><?   return;}if(isset($_POST['subjoin'])){	  if(!$_POST['user'] || !$_POST['password']){	  die('You didn\'t fill in a required field.');   }     $_POST['user'] = trim($_POST['user']);   if(strlen($_POST['user']) > 30){	  die("Sorry, the username is longer than 30 characters, please shorten it.");   }      if(usernameTaken($_POST['user'])){	  $use = $_POST['user'];	  die("Sorry, the username: <strong>$username</strong> is already taken, please pick another one.");   }      $md5pass = md5($_POST['password']);   $_SESSION['registration username'] = $_POST['user'];   $_SESSION['registrationresult'] = addNewUser($_POST['user'], $md5pass);   $_SESSION['registered'] = true;   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";   return;}else{?><html><title>Registration </title><body><h1>Register</h1><form action="database.php" method="post"><table align="left" border="0" cellspacing="0" cellpadding="3"><tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr><tr><td>confirm Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr><tr><td>Email:</td><td><input type="text" name="Email" maxlength="30"></td></tr><tr><td>Confirm email:</td><td><input type="text" name="confirm email" maxlength="30"></td></tr><tr><td>Trainer's title:</td><td><input type="text" name="Trainer's title" maxlength="30"></td></tr><tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="signup!"></td></tr></table></form></body></html><?}?>

database.php<?$conn = mysql_connect("localhost", "pokemonrpg_zeeshan", "computerdgdds") or die(mysql_error());mysql_select_db('pokemon?zeeshan', $conn) or die(mysql_error());?>in the place of local host what should i write there i am unable to understand . and when i try to sign up its unable to store the data in the database y is this problem occurring

[jhecht]

1. Don't make the functions if you're not going to call them. Just run the script straight through.2. Variables can only contain letters, numbers, and underscores. NOT spaces. This includes key names in arrays(i.e. $_SESSION['registered_users'] is fine, but $_SESSION['registered users']) is not(if it doesn't, then its just good practice to NOT put spaces in them).3. Don't post your login information to MySQL. Just put stars there. why don't you just upload this to a php server to test it out yourself?

[zeeshan]

i uploaded it there but when i try to test by putting an testing record then it says access denied to the users .and to conect this database and etc

[jhecht]

Well the database thing is probably coming up from the fact that you have a random ? in your database name. Instead of asking us if it works because you get errors, you should really just fix the issues on your own, or at least ask us what the errors mean.