Mencarta Posted January 17, 2010 Share Posted January 17, 2010 I'm now trying to make a register system. Here are my pages:register.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html> <head> <title>$Prince Finance, Login</title> </head> <body> <form action="doregister.php" method="post"> Username: <input type="text" name="username" maxlength="13" /> <br /> Password: <input type="password" name="password" maxlength="13" /> <br /> Email: <input type="text" name="email" maxlength="200" /> <br /> <input type="submit" value="Register" /> </form> </body></html> doregister.php <?php require_once("dbconnect.php"); //Include Database Connection Script session_start(); //Check Fields if (empty($_POST["username"]) || empty($_POST["password"]) || empty($_POST["email"])) { echo "Please Fill Out All Fields"; exit; } $username = mysql_real_escape_string($_POST["username"]); //Escape Username $password = mysql_real_escape_string($_POST["password"]); //Escape Password $password = sha1($password); //Convert Password To Sha1 $email = mysql_real_escape_string($_POST["email"]); //Escape Email $select = "SELECT * FROM users WHERE username='$username'"; $result = mysql_query($select); if (mysql_num_rows($result) > 0) { echo "That Username is already taken!"; exit; } $insert = "INSERT INTO `users` (`id` ,`username` ,'password` ,`email` ,`cash`) VALUES (NULL , '$username', '$password', '$email', '10000.00');"; $result2 = mysql_query($insert); $_SESSION["username"] = $username; header("Location: members.php");?> Its not added into the database, though. Any suggestions? Link to comment Share on other sites More sharing options...
Synook Posted January 17, 2010 Share Posted January 17, 2010 You can check for MySQL errors by echoing mysql_error().Note that if you hash something, you don't also need to sanitize it. Link to comment Share on other sites More sharing options...
Mencarta Posted January 17, 2010 Author Share Posted January 17, 2010 Note that if you hash something, you don't also need to sanitize it.What do you mean? Link to comment Share on other sites More sharing options...
Mencarta Posted January 17, 2010 Author Share Posted January 17, 2010 Please... Link to comment Share on other sites More sharing options...
Synook Posted January 17, 2010 Share Posted January 17, 2010 Stay calm, we're not here all the time :)I meant, the mysql_real_escape_string() call is redundant (and potentially confusing) in the below code, because there won't be any offending characters in the hash and you risk modifying their password in the escaping call. $password = mysql_real_escape_string($_POST["password"]); //Escape Password $password = sha1($password); //Convert Password To Sha1 Link to comment Share on other sites More sharing options...
Mencarta Posted January 17, 2010 Author Share Posted January 17, 2010 [starts whistling]Can you help me with my other thread in the CSS forum? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.