ChidoriSoul Posted June 29, 2010 Share Posted June 29, 2010 Alright, so I'm doing a pure dynamic AJAX site, and i've been on a register script for 2 days now, and for some reason, something about it makes it weird.The Script: <?phpsession_start();require('require/connect.php');require('require/clean_code.php');$name = safe($_GET['user']);if(isset($_GET['user'])) {$pass = safe($_GET['pass']);$email = safe($_GET['email']);$gender = safe($_GET['gender']);$class = safe($_GET['type']);if($name=='') {echo "Please enter a name.";}elseif($pass=='') {echo "Please enter a password.";}elseif($email=='') {echo "Please enter an email.";}elseif($gender != "Male" && $gender != "Female") {echo "Please choose a legit gender.";}elseif($class != "Warrior" && $class != "Mage") {echo "Please choose a legit class.";}else {$q = mysql_query("SELECT * FROM `users` WHERE `name`='".$name."'");$c = mysql_num_rows($q);$q1 = mysql_query("SELECT * FROM `users` WHERE `email`='".$email."'");$c2 = mysql_num_rows($q1);if($c > '0') {echo "This name is already in use.";}elseif($c1 > '0') {echo "This email is already in use.";}else {$pass2 = sha1($pass);mysql_query("INSERT INTO `users` (`name`, `pass`, `email`, `type`, `gender`) VALUES ('".$name."', '".$pass2."', '".$email."', '".$class."', '".$gender."')") or die(mysql_error());echo "You have successfuly registered, ".$name.".";}}}else {?><head><script type='text/javascript' src='require/jquery.js'></script><script type='text/javascript' src='require/main.js'></script><script type='text/javascript'>function function1() {var user = window.document.reg.user.value;var pass = window.document.reg.password.value;var email = window.document.reg.email.value;var gender = window.document.reg.gender.value;var class = window.document.reg.class.value;var url = "reg.php?user=" + user + "&pass=" + pass + "&email=" + email + "&gender=" + gender + "&type=" + class + "";loadlink(url);}</script></head>TestRegister<form name='reg' onsubmit='return function1();'><table width='98%' style='border: 1px solid black;' valign='top' align='center'><tr><td width='30%' style='border: 1px solid black;'>Username</td><td width='70%' style='border: 1px solid black;'><input type="text" name="user"></td></tr><tr><td width='30%' style='border: 1px solid black;'>Password</td><td width='70%' style='border: 1px solid black;'><input type="password" name="password"></td></tr><tr><td width='30%' style='border: 1px solid black;'>Email</td><td width='70%' style='border: 1px solid black;'><input type="text" name="email"></td></tr><tr><td width='30%' style='border: 1px solid black;'>Gender</td><td width='70%' style='border: 1px solid black;'><select name="gender"><option value="Male">Male</option><option value="Female">Female</option></select></td></tr><tr><td width='30%' style='border: 1px solid black;'>Class</td><td width='70%' style='border: 1px solid black;'><select name="class"><option value="Warrior">Path Of Swordsmen</option><option value="Mage">Guidance Of Magician</option></select></td></tr><tr><td width='30%' colspan='2' style='border: 1px solid black;'><input type='submit' name='submit' value='Register!' onclick='function1();'></td></tr></table></form><?php}?> If you tried this, it would be successful, but it would say that the username is already registered, so it really lies. Can someone point out the error on this AJAX/PHP? Link to comment Share on other sites More sharing options...
End User Posted June 29, 2010 Share Posted June 29, 2010 Just a guess after a quick look, but I don't think you want quotes around the '0' in "elseif($c1 > '0')" or the other line either. That may have nothing to do with it, but it's worth noting. The single quotes make the zero a string instead of a number and I'm not sure if PHP will automatically convert it for the comparison. You can also do this:mysql_query("SELECT * FROM `users` WHERE `name`='$name'");instead of this:mysql_query("SELECT * FROM `users` WHERE `name`='".$name."'");No need to jump in and out of the parser for no reason. Link to comment Share on other sites More sharing options...
ChidoriSoul Posted June 29, 2010 Author Share Posted June 29, 2010 No, either of your methods did not work, and I do the ".$var." because I was taught to "escape" the variable to make it function easier in queries and echos. Link to comment Share on other sites More sharing options...
boen_robot Posted June 29, 2010 Share Posted June 29, 2010 No, either of your methods did not workYou tried to replace:if($c > '0') {echo "This name is already in use.";}elseif($c1 > '0') {echo "This email is already in use.";} with if($c > 0) {echo "This name is already in use.";}elseif($c1 > 0) {echo "This email is already in use.";} and it has the same result?Try to also output the matched rows and the num_rows. See if the DB is indeed lying, and with what. , and I do the ".$var." because I was taught to "escape" the variable to make it function easier in queries and echos.To "escape" doesn't mean to put a variable outside of a string. It means to ensure special (in the context; in this case MySQL) characters in a string are translated to literal equivalents. Whether you write the final SQL statement as a concatenated SQL string, or as a double quoted string with variables is irrelevant.Your "safe" function should be the one to do the escaping here, though for MySQL, the only thing you really need is mysql_real_escape_string(). Link to comment Share on other sites More sharing options...
ChidoriSoul Posted June 29, 2010 Author Share Posted June 29, 2010 I did what you said, boen_robot, but it still says that the name is in use. $q1 = mysql_query("SELECT * FROM `users` WHERE `name`='$User'");$c1 = mysql_num_rows($q1);$query3 = mysql_query ("SELECT * FROM `users` WHERE `email`='$Email'");$result3 = mysql_num_rows($query3);if($c1 >= 1) {echo "This name is already in use.";}elseif($result3 >= 1) {echo "This email is already in use.";} I think it may be something with my AJAX :/ Link to comment Share on other sites More sharing options...
boen_robot Posted June 29, 2010 Share Posted June 29, 2010 What AJAX? Does the registration happen over a submitted form or over XMLHttpRequest? I'd think when it is submitted, right?And again: try to output whatever is matched, to see with what is the DB "lying". Link to comment Share on other sites More sharing options...
End User Posted June 30, 2010 Share Posted June 30, 2010 I doubt the DB is "lying" to you. SQL Server may tell a fib from time to time, but if you scold it sternly it always admits it was lying (although sometimes it tries to claim it was "just kidding with you"). mySQL almost never lies, unless it's coming home late from the bar. PostgreSQL is known to lie like a rug, denying it ate the last brownie even when its face is covered with chocolate. Oracle doesn't lie, but it will often plead the 5th and refuse to admit or deny anything. With that said, is it possible that you actually do have rows in the DB that match what your email or user name are? Perhaps left over from testing? Link to comment Share on other sites More sharing options...
dsonesuk Posted June 30, 2010 Share Posted June 30, 2010 I think the problem is you are referencing two variables separately within a 'if' then 'ifelse' conditiontry if($c1 >= 1 || $result3 >= 1) { if($c1 >= 1) { echo "This name is already in use."; } if($result3 >= 1) { echo "This email is already in use."; } } else { insert coding.... } Link to comment Share on other sites More sharing options...
justsomeguy Posted June 30, 2010 Share Posted June 30, 2010 That's basically the same code, just wrapped in another if statement. This type of structure is fine: if($c1 >= 1) { echo "This name is already in use.";}elseif($result3 >= 1) { echo "This email is already in use.";}else{ // process} If you are getting the message that the name is in use, then that means that $c1 is greater than or equal to 1. If $c1 is greater than or equal to 1, then that means the query is returning at least one row. That's the only possible thing it could mean. Link to comment Share on other sites More sharing options...
ChidoriSoul Posted July 1, 2010 Author Share Posted July 1, 2010 Its nothing to do with the database, as I empty the users table before each test, but the error I previously stated was that:It inserts the user, but then says that the name is already in use. What my main concern is how to got through the scan, inserted, but then went through again, giving the error. Link to comment Share on other sites More sharing options...
boen_robot Posted July 1, 2010 Share Posted July 1, 2010 I don't see any inserts before the cheks... are you executing the very same script via AJAX and a submit button? If so, the first AJAX request that passes all checks will insert.You might want to isolate the checks in a separate file - call that file via AJAX, and make your existing script your form action. Your existing script must, of couse (for security's sake), also include the file, and perform the same checks one last time. Link to comment Share on other sites More sharing options...
justsomeguy Posted July 1, 2010 Share Posted July 1, 2010 Does the data get submitted twice? Use Firebug to test this and keep an eye on the Net tab, you can see if it sends one request or two. The code looks like it should only be sending one, but it might be worth checking. Link to comment Share on other sites More sharing options...
ChidoriSoul Posted July 1, 2010 Author Share Posted July 1, 2010 Well, accoreding to JSG's advice, it was true, in the net tab, the page was loading twice. Now, I have no idea how to fix this, anyone have any ideas? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 1, 2010 Share Posted July 1, 2010 The onsubmit handler needs to return false if you want to cancel the form submit. Link to comment Share on other sites More sharing options...
ChidoriSoul Posted July 1, 2010 Author Share Posted July 1, 2010 EDIT: Nevermind, I fixed it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.