Registration form issues

[kingb00zer]

Hi guys I been learning how to start making a browser based game with PHP and so far I have encouter an error (first of possibly many) and I also might ahve some else statements in strange places (sicne I was learning fomr youtube tutorials and the guy got lazy coz he had source code on his website that no longer contains the freakin source code for me to study) so I'm going to put the few files I have made into quotes and hope you guys can figure out why when i try to register i get the following error "Parse error: syntax error, unexpected ',' in /home/a5864476/public_html/registernext.php on line 8"

Register.php (IMO I think this is ok I only added incase you needed it for reference)<html><body><h1> Thug Fights Registration</h1><form name="form1" method="post" action="registernext.php"><p>Username: <input type="text" name="username" size="15" maxlength="20" value=""/></p><p>Password: <input type="password" name="pass" size="15" maxlength="20" value=""/></p><p>Confirm Password: <input type="password" name="pass2" size="15" maxlength="20" value=""/></p><p>Email: <input type="text" name="email" size="15" maxlength="60" vale=""/></p><p>Confirm Email: <input type="text" name="email2" size="15" maxlength="60" vale=""/></p><p> <input type="submit" name="submit" value="register"></p></form></body></html>

connection.php <?php$host="localhost":// hostname$username="a5864476_ash" : // username to data base$password="pompey08" : // pass to data base$db_name="a5864476_thugf" : // data base name // connect to databasemysql_connect("$host" "$username" "$password") or die ("cannot connect to server") ;mysql_select_db("$db_name") or die ("cannot select database") ;?>

registernext.php (this one I belive is causing me all the trouble with that error I said before and the fact that I got a little bit lost in knowing where to put my else statements as you will see thee is a few at the bottom of the page.<?phpinclude('connection.php') ;//test to see if username is alpha numeric$test=$_POST(username) ;if (!eregi("(^A-Z a-z 0-9)"), $test) { //check for duplicate names $query="SELECT * FROM users WHERE username = ''$_POST(username)" $result= mysql_query($query) ; $num=mysql_num_rows($result) ; if ($num == 0) //check for duplicate emails $query2="SELECT * FROM users WHERE email = ''$_POST(email)" $result2= mysql_query($query2) ; $num2=mysql_num_rows($result2) ; if ($num2 == 0) //check if password and email confirmation is the same if (($_POST['pass'] == $_POST['pass2'] && $_POST['email'] == $_POST['email2'])) // generate random verification code $confirm_code=md5(uniqid(rand())) ; // get rid of all html from hackers $name=strip_tags($_POST['username']) ; $email=strip_tags($_POST['email']) ; $pass=strip_tags($_POST['pass']) ; // insert into database $sql="INSERT INTO temp SET code='$confirm_code', username=$name', email=$email', pass=$pass', " ; $result=mysql_query($sql) ; if ($result) $message= "Your confirmation link \r\n" ; $message.= "click on this to activate your account" ; $message.= "http://thugfights.comuf.com/confirmation.php?passkey=$confirm_code" ; $sentmail=mail("$email", "registration_conformation") // some variables left out due to tutor not filming it or explaining it and nuking his forum he had the source code on header("location: thankyou.html") } else { echo "email not found in our database" ; } // if email succesfully sent if { ($sentmail) echo "your confirmation link has been sent to your email" ; } else { echo "cannot send confirmation to your email" ; } else { header ("location: badmatch.html) ;} else { header("location: invalidname.html") ; }?>

confirmation.php<?phpinclude('connection.php') ;// set variable$passkey=$_GET['passkey'] ;$sql1="SELECT * temp WHERE code="'$passkey'"$result1=mysql_query($sql1) ;// if succesfully queriedif ($result1){// how many rows have key$count=mysql_num_rows($result1) ;// if passkey is in database retrieve dataif($count == 1)$rows=mysql_fetch_array($result1) ;$namex=$rows['username'] ;$emailx=$rows['email'] ;$passx=$rows['pass'] ;//take out spaces$name=str_replace(' ','',$namex) ;$email=str_replace(' ',''$emailx) ;$pass=str_replace(' ',''$passx) ;// insert into users table$sql2="INSERT INTO users SET username='$name', email="'$email', pass='$pass'" ;$result2=mysql_query($sql2) ;// gamestats table$sql3="INSERT INTO gamestats SET username='$name', money='100', thugs='20'" ;$result3=mysql_query($sql3) ;}else{ echo "wrong confirmation code" ; } if ($result2) { header ("location: confirmation2.html:) ;// remove form temporary table $sql5="DELETE FROM temp WHERE code='$passkey'" ;$result5=mysql_query($sql5) ; }

[Synook]

You are missing quite a few opening braces and semicolons.

[ShadowMage]

There's also a lot of misplaced quotes in your SQL statements.

[kingb00zer]

There's also a lot of misplaced quotes in your SQL statements.

I went through this tutorial on youtube and it was pretty helpful with giving me a better understanding of php. But I copied the stuff he was teaching and mine didnt work, anyway would you be able to point out some of these misplaced quotes? I'm not sure where they are.I also have a question about the error I got, it says line 8 of register next which is this if (!eregi("([^A-Za-z0-9])"),$test) { Is there something wrong with the way this is written? (its to test if the name is alphanumeric)oh yeah and I fixed the semi colons.

[Synook]

$test is in the wrong place, you want to pass it to eregi(), not if. The way you've written it is a bit odd as well, and you've included uppercase and lowercase in the regex but specified the case insensitive function (also the extended regular expression syntax is disabled in favour of POSIX). A better way to write it may be:

if (preg_match("/*[a-z0-9]+$/i", $test)) {

Also, the array index syntax in the original post is wrong.

[ShadowMage]

I went through this tutorial on youtube and it was pretty helpful with giving me a better understanding of php. But I copied the stuff he was teaching and mine didnt work, anyway would you be able to point out some of these misplaced quotes? I'm not sure where they are.

These three lines jump out at me at a quick glance:

...$sql="INSERT INTO temp SET code='$confirm_code', username=$name', email=$email', pass=$pass', ";...$sql1="SELECT * temp WHERE code="'$passkey'"...$sql2="INSERT INTO users SET username='$name', email="'$email', pass='$pass'";...

You also have some incorrect syntax on these lines:

...$email=str_replace(' ',''$emailx);$pass=str_replace(' ',''$passx);...

oh yeah and I fixed the semi colons.

Did you also fix the opening braces '{'

[jeffman]

Food for thought. While you learn to program, it is a good habit to write a few lines of code and test them immediately, before moving on. Early lines of code may not generate any printable results to let you know if things are working. Echoing and var_dumping variables during your development process can help you track things that work and things that don't. You can remove the echo and var_dump statements as you progress.If you find yourself in the situation of copy/pasting a whole bunch of borrowed code, if you run into this kind of trouble, go back to square one and paste just 1-2 lines of code at a time. Test it as I described above.

[kingb00zer]

These three lines jump out at me at a quick glance:

...$sql="INSERT INTO temp SET code='$confirm_code', username=$name', email=$email', pass=$pass', ";...$sql1="SELECT * temp WHERE code="'$passkey'"...$sql2="INSERT INTO users SET username='$name', email="'$email', pass='$pass'";...

You also have some incorrect syntax on these lines:

...$email=str_replace(' ',''$emailx);$pass=str_replace(' ',''$passx);...

Did you also fix the opening braces '{'

I have been having a little trouble working out exactly when and when not to add them. Since I copied this off a youtube tutorial some of the things were a bit of a blur when HD wasnt available and I think he may have also left a few things out by mistake on the files he was working on (and maybe showing what happens with files prepared earlier) maybe I'll go back to square one and start fresh or then again I did find one that didnt show any errors what so ever when I tried it out the only issue was that it didnt instert the data into the database.

Food for thought. While you learn to program, it is a good habit to write a few lines of code and test them immediately, before moving on. Early lines of code may not generate any printable results to let you know if things are working. Echoing and var_dumping variables during your development process can help you track things that work and things that don't. You can remove the echo and var_dump statements as you progress.If you find yourself in the situation of copy/pasting a whole bunch of borrowed code, if you run into this kind of trouble, go back to square one and paste just 1-2 lines of code at a time. Test it as I described above.

Testing as I go sounds like a really good idea, didn't reallise it were possible. So basicly what your saying is I do a coulpe lines of code then to test it I would (and im guessing) make an if statement that if the above is working then echo a good result for my test and if it isnt working then echo that it isnt working? I'm going to ahve to check the w3 tuts to find out what var_dumping does though.LATE EDIT: Hey I thought I'd go and have anotehr look at the php section of the tutorials on w3 and went to the mysql insert part since that is where I'm having trouble with this form I was playing with last night and I copied everything and just hanged my database name n pass for connecting with mysql and I'm not even connecting below is what I have copied straight from the tutorial on w3. I tried changing a few things and tried diferent variations of things like changing username form a5864476_ash to just a5864476 as it says my username is on the site however in phpmyadmin my name has the additional _ash added to it, I figure that is what connects to the database (but i checked it anyway) I even tried changing the localhost to what my webhost says the servername is that didnt work and I even tried dropping the _thugf out of my database name and I'm pretty sure I ahve done every single combonation of each of the things above I said I altered and nothing has worked, what could I possibly be doing wrong?The form first

<html><body><h1> Test data entry to database </h1><form action="insert.php" method="post">Firstname: <input type="text" name="firstname" />Lastname: <input type="text" name="lastname" />Age: <input type="text" name="age" /><input type="submit" /></form></body></html>

And the Insert.php

<?php$con = mysql_connect("localhost","a5864476_ash","pompey08");if (!$con)  {  die('Could not connect: ' . mysql_error());  }mysql_select_db("a5864476_thugf", $con);$sql="INSERT INTO persons (FirstName, LastName, Age)VALUES('$_POST[firstname]','$_POST[lastname]','$_POST[age]')";if (!mysql_query($sql,$con))  {  die('Error: ' . mysql_error());  }echo "1 record added";mysql_close($con)?>

This is the error I getWarning: mysql_connect() [function.mysql-connect]: Access denied for user 'a5864476_ash'@'localhost' (using password: YES) in /home/a5864476/public_html/insert.php on line 2Could not connect: Access denied for user 'a5864476_ash'@'localhost' (using password: YES)

[thescientist]

look like you can't connect. I would recheck your username and password.

[ShadowMage]

I have been having a little trouble working out exactly when and when not to add them.

Just to clear that up a bit, here is how the three lines I showed you should look:

...$sql="INSERT INTO temp SET code='$confirm_code', username='$name', email='$email', pass='$pass', ";...$sql1="SELECT * temp WHERE code='$passkey'"...$sql2="INSERT INTO users SET username='$name', email='$email', pass='$pass'";...

Remember that in PHP variables will be interpolated when they're put inside double quotes (") meaning that the actual value of the variable will be printed. When you use single quotes (') whatever you type in the quotes will be printed (with the exception of a few escape characters). So for example:

$test = 'This is a test';echo 'Test print: $test'; //This will print: Test print: $testecho "Test print: $test"; //This will print: Test print: This is a test

When I'm working with strings I prefer to use concatenation since it makes it a lot easier to see where your variables are. For example:

$sql="INSERT INTO temp SET code='".$confirm_code."', username='".$name."', email='".$email."', pass='".$pass."', ";

Also remember that in MySQL values have to have quotes around them unless they are numbers.

[kingb00zer]

Ok I found a diferent host, this one is looking better but still not entering data into the database, I'm still trying to sue the example script fomr the sql insert part of the php tutorial this is what I ahve got

<?php$con = mysql_connect("localhost","schulzy_ash","pompey08");if (!$con)  {  die('Could not connect: ' . mysql_error());  }mysql_select_db("schulzy_thugf", $con);$sql = "INSERT INTO persons (firstname, lastname, age) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')";if (!mysql_query($sql,$con))  {  die('Error! You did it wrong!!: ' . mysql_error());  }echo "1 record added";mysql_close($con)?>

I'm having no issues connecting to the server but for some reason now I get the error on this line "die('Error! You did it wrong!!: ' . mysql_error()); " which looks more liek this on my screen Error! You did it wrong!!: No database selectedCan anyone explain why i cant select a database? is ther something wrong with this line mysql_select_db("schulzy_thugf", $con); ?And it cant be any miss spelling of the database name as that is exactly it is called schulzy_thugf.

[Synook]

The reason it shows that is because, well, it can't connect to the database. Either it really isn't called "schulzy_thugf", or the user "schulzy_ash" does not have permission to access it.

[kingb00zer]

The reason it shows that is because, well, it can't connect to the database. Either it really isn't called "schulzy_thugf", or the user "schulzy_ash" does not have permission to access it.

Ok well the database name is right and that is the only so maybe it is the whole "free php/sql web host" thiing... Just a thought that maybe they make ti appear free but dont allow access to databases until you pay for the upgrades, which then makes it not free....Maybe there is a diferent avenue i can take which is also free or at worst dirt cheap. a friend of mine mentioned something about apache server and run it all off my pc but then again my pc is a piece of ######.

[justsomeguy]

You can check for an error here too:mysql_select_db("schulzy_thugf", $con) or exit(mysql_error());

[kingb00zer]

You can check for an error here too:mysql_select_db("schulzy_thugf", $con) or exit(mysql_error());

Thanks for that, it made it a bit more clear how it wasnt working then I ecided I would create a new user, but ebfore i got to do that i found an option which added users to databases and reaqllised that i needed to give myself the permissin to insert and the rest lol" MySQL® Database WizardUser schulzy_ash was added to the database schulzy_thugf. "the message above was followed by an ohhhhhhhh I see and a grin

[kingb00zer]

Now that I have got that part figured out I went back to my original code. It didnt appear to have any errors on the registernext.php (pasted below) until i re wrote the connection.php (also below) now it connects but comes up with this error.Warning: preg_match() [function.preg-match]: Compilation failed: nothing to repeat at offset 0 in /home/schulzy/public_html/registernext.php on line 8

registernext.php<?phpinclude('connection.php');//test to see if username is alpha numeric$test=$_POST[username];if (preg_match("/*[a-z0-9]+$/i", $test)) {//check for duplicate names$query= "SELECT * FROM users WHERE username='$_POST[username]'";$result= mysql_query($query);$num= mysql_num_rows($result);if ($num == 0) {//check for duplicate emails$query2= "SELECT * FROM users WHERE email='$_POST[email]'";$result2= mysql_query($query2);$num2= mysql_num_rows($result2);if ($num2 == 0) {//check if password and email confirmation is the sameif (($_POST['pass'] == $_POST['pass2'] && $_POST['email'] == $_POST['email2'])) {// generate random verification code$confirm_code=md5(uniqid(rand()));// get rid of all html from hackers$name= strip_tags($_POST['username']);$email= strip_tags($_POST['email']);$pass= strip_tags($_POST['password']);// insert into database$sql= "INSERT INTO temp SET code='$confirm_code', username='$name', email='$email', password='$pass',";$result= mysql_query($sql);if ($result) {$message= "Your confirmation link \r\n";$message.= "click on this to activate your account \r\n";$message.= "http://thugwars.x10hosting.com/confirmation.php?passkey=$confirm_code";$sentmail= mail("$email", 'registration_conformation',"$message");}else {echo "cannot send confirmation to your email";}// if email succesfully sentif ($sentmail) {header("location: thankyou.html");}}}}}?>

connection.php<?php$con = mysql_connect("localhost","schulzy_ash","pompey08");if (!$con)  {  die('Could not connect: ' . mysql_error());  }mysql_select_db("schulzy_thugf", $con) or exit(mysql_error()); ?>

[Synook]

In a regular expression, * means "the previous character/group repeated zero or more times" - but you don't have a character or group before the *. Maybe you were thinking of ^ (beginning)?

[kingb00zer]

In a regular expression, * means "the previous character/group repeated zero or more times" - but you don't have a character or group before the *. Maybe you were thinking of ^ (beginning)?

I thought * meant "all", as in SELECT all FROM.... I'll try ^ instead and get abck to you on that

[Synook]

In SQL, * means "all fields". In regular expressions, it means zero or more times (i.e. {0,}) (just like + is equivalent to {1,}, meaning one or more times). If you want to tell it to match any character zero or more times, you have to combine the any character symbol . with the zero or more times modifier:

/.*[a-z0-9]+$/i

The above expression will match any string with any amount of alphanumeric characters at the end, e.g. "d", "2ds", "-$%@#$^#!$%T".In contrast, the caret ^ represents the start of the string. So /^[a-z0-9]+$/i will only match strings with nothing but alphanumeric characters in it (i.e. "start, one or more alphanumeric characters, end").