The Sea King Posted March 16, 2008 Share Posted March 16, 2008 I need help. Is this code ok? <?php$username=$_POST['username'];$email=$_POST['email'];$password=$_POST['password'];$sql= mysql_connect("xxxxxxx","yyyyyyyyyyy","vvvvvvvvvvvvv");$database="MYSQL_SELECT_DB(bbbbbbbbbb)";if (!$sql); { die('Could not connect: ' . mysql_error()); }if (!$database); { die ("Could not connect: ' . mysql_error()"); }if (!mysql_query("INSERT INTO Member (Username, Password, Email, Folder)VALUES ('$username','$password','$email','$username')")){die("Could not connect: ' . mysql_error()")}mysql_close($sql);echo "You're registered as:<br>$username<br>Password<br>$password<br>Email:<br>$email<br>Your Folder:<br>http://thelostwaters.com/upload/$username";?> Link to comment Share on other sites More sharing options...
Synook Posted March 16, 2008 Share Posted March 16, 2008 This line: $database="MYSQL_SELECT_DB(bbbbbbbbbb)"; should be like $database=mysql_select_db("dbname"); These lines: if (!$database);{die ("Could not connect: ' . mysql_error()");} is syntactically incorrect, and also would be more logical as if (!$database);{die ("Could not select db: " . mysql_error());} This line: die("Could not connect: ' . mysql_error()") (the third die()) is syntactically incorrect, and also textually misleading. It should be more like die("Query failed: " . mysql_error()); Otherwise, it looks ok (except for the lack of SQL injection protection, use mysql_real_escape_string() on the $_POST variables). Link to comment Share on other sites More sharing options...
justsomeguy Posted March 16, 2008 Share Posted March 16, 2008 if (!$database);{die ("Could not select db: " . mysql_error());}You also need to remove that semicolon after the if statement, the script would always die. Link to comment Share on other sites More sharing options...
Synook Posted March 16, 2008 Share Posted March 16, 2008 And the one after if (!$sql) if (!$sql){die('Could not connect: ' . mysql_error());} I missed that one Link to comment Share on other sites More sharing options...
The Sea King Posted March 16, 2008 Author Share Posted March 16, 2008 Thanks! :)Anyways I got three more questions:What does the semicolon do and what the exclamation mark do?And what is the mysql_real_escape_string() thing? Link to comment Share on other sites More sharing options...
Synook Posted March 17, 2008 Share Posted March 17, 2008 The semicolon delimits a line, so after a ; there is a new statement. The excalimation mark is the boolean NOT, so if (!$sql) means if not $sql (e.g. if $sql is false).mysql_real_escape_string() escapes (puts \) before any character that may interfere with the SQL parser, like -- comments, " quotation marks, and ; semicolons. Link to comment Share on other sites More sharing options...
The Sea King Posted March 17, 2008 Author Share Posted March 17, 2008 This alright? <?php$username=$_POST['username'];$email=$_POST['email'];$password=$_POST['password'];$sql= mysql_connect("HIDDEN","HIDDEN","HIDDEN");$database=mysql_select_db("HIDDEN");if (!$sql){die('Could not connect: ' . mysql_error());}if (!$database){die ("Could not select db: " . mysql_error());}// Testing if (mysql_query("SELECT Username FROM Members WHERE Username = $username" LIMIT 1")){die("$username is taken");}//Protection?$user = mysql_real_escape_string($username);$pwd = mysql_real_escape_string($password);if (user='" . $user . "' AND password='" . $pwd . "'"){die ("Username and Password is invaild")}if (!mysql_query("INSERT INTO Member (Username, Password, Email, Folder)VALUES ('$username','$password','$email','http://thelostwaters.com/upload/$username/')")){die("Query failed: " . mysql_error());}mysql_close($sql);echo "You're registered as:<br>$username<br>Password<br>$password<br>Email:<br>$email<br>Your Folder:<br>http://thelostwaters.com/upload/$username";?> Link to comment Share on other sites More sharing options...
justsomeguy Posted March 17, 2008 Share Posted March 17, 2008 What does the semicolon doA semicolon terminates a statement. So whatever is before a semicolon is considered a statement. This is a line with 5 "no-ops", so this line has 5 statements on it that each do nothing:;;;;; So when you see something like this: if (!$database);{ die ("Could not select db: " . mysql_error());} where you have a semicolon right after the if statement, you could say that in the English language sort of like this:"If $database evaluates to false, do nothing"That's all that if statement does. If the $database variable evaluates to false then it executes the next statement (which is a no-op), and does nothing. Then it executes the next block of code (with the die in it) regardless of whether or not the if statement was true or false, since the die statement is not part of the if block, it's just a standalone block. It's the same as doing this: if (!$database){ ; // nothing}{ echo "this is a standalone code block";} Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.