chibineku Posted October 18, 2009 Share Posted October 18, 2009 I was messing with my registration script, simplifying the form sanitization by using a loop and on testing it, noticed that it fails to create the appropriate record in the aromaAddress table, but it makes the insertion into aromaMaster. These won't mean anything, of course, but aromaMaster holds usernames, emails, passwords, while aromaAddress holds...you guessed it. I also noticed that someone registered that wasn't one of my own guff trial entries, but I tried e-mailing them and got a mailer daemon. Who was it - I know it was one of you! Anyway, here is the script, please see if you can spot why it would fail to create the aromaAddress record: <?phpsession_start();include_once("db_include.php5");doDB();if(!$_POST) { //come directly via address bar header("Location: contact.php5"); exit;}//sanitize input$_CLEAN = array();foreach($_POST as $k=>$v) {if(preg_match("/sername/", $k)) { $v = check_chars_username($v);} else if(preg_match("/mail/", $k)) { $v = check_chars_email($v);} else { $v = check_chars_address($v);}$v = mysqli_real_escape_string($mysqli,(trim($v)));$_CLEAN[$k] = $v;if(!preg_match("/assword/", $k)) {$_SESSION[$k] = $v;}}if(empty($_CLEAN['f_name']) || empty($_CLEAN['l_name']) || empty($_CLEAN['address']) || empty($_CLEAN['town']) || empty($_CLEAN['country']) || empty($_CLEAN['password']) || empty($_CLEAN['confirmPassword']) || empty($_CLEAN['username']) || empty($_CLEAN['confirmUsername']) || empty($_CLEAN['email']) || empty($_CLEAN['confirmEmail']) || !filter_var($_CLEAN['email'], FILTER_VALIDATE_EMAIL) ||!filter_var($_CLEAN['confirmEmail'], FILTER_VALIDATE_EMAIL) || ($_CLEAN['confirmEmail'] === FALSE) || ($_CLEAN['password'] != $_CLEAN['confirmPassword']) || ($_CLEAN['username'] != $_CLEAN['confirmUsername']) || ($_CLEAN['email'] != $_CLEAN['confirmEmail'])) { //required fields not set - send them back header("Location: registration_form.php5?error=ef"); exit;} //already registered? //check for pre-existing account with same email address $check_sql = "SELECT id FROM aromaMaster WHERE LOWER(email)='".strtolower($_CLEAN['email'])."'"; $check_res = mysqli_query($mysqli, $check_sql) or error_log(mysqli_error($mysqli)."\r\n"); if(mysqli_num_rows($check_res) >= 1) { //duplicate entry mysqli_free_result($check_res); header("Location: registerfail.php5?error=ef"); exit; } //check for pre-existing account with same username $check_sql = "SELECT id FROM aromaMaster WHERE LOWER(username)='".strtolower($_CLEAN['username'])."'"; $check_res = mysqli_query($mysqli, $check_sql) or error_log(mysqli_error($mysqli)."\r\n"); if(mysqli_num_rows($check_res) >=1 ) { //duplicate entry mysqli_free_result($check_res); header("Location: registerfail.php5?error=ef"); exit;} else { //create query $register_sql = "INSERT INTO aromaMaster (email, username, password, date_registered, last_seen) VALUES ( '".htmlspecialchars($_CLEAN['email'])."', '".htmlspecialchars($_CLEAN['username'])."', '".sha1($_CLEAN['password'])."', now(), now())"; $register_res = mysqli_query($mysqli, $register_sql) or error_log(mysqli_error($mysqli)."\r\n"); $userid = mysqli_insert_id($mysqli); $_SESSION["userid"] = $userid; $_SESSION["username"] = $_CLEAN['username']; session_write_close(); $address_sql = "INSERT INTO aromaAddress (userid, f_name, l_name, address, town, city, postcode) VALUES ( '$userid', '".htmlspecialchars($_CLEAN['f_name'])."', '".htmlspecialchars($_CLEAN['l_name'])."', '".htmlspecialchars($_CLEAN['address'])."', '".htmlspecialchars($_CLEAN['town'])."', '".htmlspecialchars($_CLEAN['city'])."', '".htmlspecialchars($_CLEAN['country'])."', '".htmlspecialchars($_CLEAN['postcode'])."')"; $address_res = mysqli_query($mysqli, $address_sql) or error_log(mysqli_error($mysqli)."\r\n"); header("Location: registerredirect.php5"); } mysqli_close($mysqli); ?> A side question: I leave session_write_close() until I am done with writing to the session, but can I write more once I close it, as long as I close it again? Link to comment Share on other sites More sharing options...
justsomeguy Posted October 18, 2009 Share Posted October 18, 2009 Does the error log have anything? The query looks fine to me. I leave session_write_close() until I am done with writing to the session, but can I write more once I close it, as long as I close it again?No, the script loses write access to the session. Link to comment Share on other sites More sharing options...
chibineku Posted October 18, 2009 Author Share Posted October 18, 2009 Oh man - I added a 'country' field to the registration form and to the account administration page, and tries to insert it, but didnt add it to the list of columns in my insert statement in the registration script so the column count wasn't right. Fixed, much quicker than usual. Thank you Link to comment Share on other sites More sharing options...
Distortion Posted October 18, 2009 Share Posted October 18, 2009 Why is it necessary to close the connection at the end of a script?It closes automatically I thought? Is this for some kind of security reason and if yes, then what? Link to comment Share on other sites More sharing options...
chibineku Posted October 18, 2009 Author Share Posted October 18, 2009 I don't usually close the connection manually, but when I was working through the tutorials in the book I leaned PHP from, they always manually closed the connection and I sometimes do, sometimes don't. It didn't quite become a reflex. I don't think it's necessary anyway. Link to comment Share on other sites More sharing options...
Synook Posted October 18, 2009 Share Posted October 18, 2009 Why is it necessary to close the connection at the end of a script?It closes automatically I thought? Is this for some kind of security reason and if yes, then what? Session data is usually stored after your script terminated without the need to call session_write_close(), but as session data is locked to prevent concurrent writes only one script may operate on a session at any time. When using framesets together with sessions you will experience the frames loading one by one due to this locking. You can reduce the time needed to load all the frames by ending the session as soon as all changes to session variables are done. Link to comment Share on other sites More sharing options...
chibineku Posted October 18, 2009 Author Share Posted October 18, 2009 I think he meant why is it necessary to call mysqli_close($mysqli), but thanks for the info Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.