Jump to content
ChidoriSoul

Error with a register.

Recommended Posts

Alright, so I'm doing a pure dynamic AJAX site, and i've been on a register script for 2 days now, and for some reason, something about it makes it weird.The Script:

<?phpsession_start();require('require/connect.php');require('require/clean_code.php');$name = safe($_GET['user']);if(isset($_GET['user'])) {$pass = safe($_GET['pass']);$email = safe($_GET['email']);$gender = safe($_GET['gender']);$class = safe($_GET['type']);if($name=='') {echo "Please enter a name.";}elseif($pass=='') {echo "Please enter a password.";}elseif($email=='') {echo "Please enter an email.";}elseif($gender != "Male" && $gender != "Female") {echo "Please choose a legit gender.";}elseif($class != "Warrior" && $class != "Mage") {echo "Please choose a legit class.";}else {$q = mysql_query("SELECT * FROM `users` WHERE `name`='".$name."'");$c = mysql_num_rows($q);$q1 = mysql_query("SELECT * FROM `users` WHERE `email`='".$email."'");$c2 = mysql_num_rows($q1);if($c > '0') {echo "This name is already in use.";}elseif($c1 > '0') {echo "This email is already in use.";}else {$pass2 = sha1($pass);mysql_query("INSERT INTO `users` (`name`, `pass`, `email`, `type`, `gender`) VALUES ('".$name."', '".$pass2."', '".$email."', '".$class."', '".$gender."')") or die(mysql_error());echo "You have successfuly registered, ".$name.".";}}}else {?><head><script type='text/javascript' src='require/jquery.js'></script><script type='text/javascript' src='require/main.js'></script><script type='text/javascript'>function function1() {var user = window.document.reg.user.value;var pass = window.document.reg.password.value;var email = window.document.reg.email.value;var gender = window.document.reg.gender.value;var class = window.document.reg.class.value;var url = "reg.php?user=" + user + "&pass=" + pass + "&email=" + email + "&gender=" + gender + "&type=" + class + "";loadlink(url);}</script></head>TestRegister<form name='reg' onsubmit='return function1();'><table width='98%' style='border: 1px solid black;' valign='top' align='center'><tr><td width='30%' style='border: 1px solid black;'>Username</td><td width='70%' style='border: 1px solid black;'><input type="text" name="user"></td></tr><tr><td width='30%' style='border: 1px solid black;'>Password</td><td width='70%' style='border: 1px solid black;'><input type="password" name="password"></td></tr><tr><td width='30%' style='border: 1px solid black;'>Email</td><td width='70%' style='border: 1px solid black;'><input type="text" name="email"></td></tr><tr><td width='30%' style='border: 1px solid black;'>Gender</td><td width='70%' style='border: 1px solid black;'><select name="gender"><option value="Male">Male</option><option value="Female">Female</option></select></td></tr><tr><td width='30%' style='border: 1px solid black;'>Class</td><td width='70%' style='border: 1px solid black;'><select name="class"><option value="Warrior">Path Of Swordsmen</option><option value="Mage">Guidance Of Magician</option></select></td></tr><tr><td width='30%' colspan='2' style='border: 1px solid black;'><input type='submit' name='submit' value='Register!' onclick='function1();'></td></tr></table></form><?php}?>

If you tried this, it would be successful, but it would say that the username is already registered, so it really lies. Can someone point out the error on this AJAX/PHP?

Share this post


Link to post
Share on other sites

Just a guess after a quick look, but I don't think you want quotes around the '0' in "elseif($c1 > '0')" or the other line either. That may have nothing to do with it, but it's worth noting. The single quotes make the zero a string instead of a number and I'm not sure if PHP will automatically convert it for the comparison. You can also do this:mysql_query("SELECT * FROM `users` WHERE `name`='$name'");instead of this:mysql_query("SELECT * FROM `users` WHERE `name`='".$name."'");No need to jump in and out of the parser for no reason.

Share this post


Link to post
Share on other sites

No, either of your methods did not work, and I do the ".$var." because I was taught to "escape" the variable to make it function easier in queries and echos.

Share this post


Link to post
Share on other sites
No, either of your methods did not work
You tried to replace:
if($c > '0') {echo "This name is already in use.";}elseif($c1 > '0') {echo "This email is already in use.";}

with

if($c > 0) {echo "This name is already in use.";}elseif($c1 > 0) {echo "This email is already in use.";}

and it has the same result?Try to also output the matched rows and the num_rows. See if the DB is indeed lying, and with what.

, and I do the ".$var." because I was taught to "escape" the variable to make it function easier in queries and echos.
To "escape" doesn't mean to put a variable outside of a string. It means to ensure special (in the context; in this case MySQL) characters in a string are translated to literal equivalents. Whether you write the final SQL statement as a concatenated SQL string, or as a double quoted string with variables is irrelevant.Your "safe" function should be the one to do the escaping here, though for MySQL, the only thing you really need is mysql_real_escape_string().

Share this post


Link to post
Share on other sites

I did what you said, boen_robot, but it still says that the name is in use.

$q1 = mysql_query("SELECT * FROM `users` WHERE `name`='$User'");$c1 = mysql_num_rows($q1);$query3 = mysql_query ("SELECT * FROM `users` WHERE `email`='$Email'");$result3 = mysql_num_rows($query3);if($c1 >= 1) {echo "This name is already in use.";}elseif($result3 >= 1) {echo "This email is already in use.";}

I think it may be something with my AJAX :/

Edited by ChidoriSoul

Share this post


Link to post
Share on other sites

What AJAX? Does the registration happen over a submitted form or over XMLHttpRequest? I'd think when it is submitted, right?And again: try to output whatever is matched, to see with what is the DB "lying".

Share this post


Link to post
Share on other sites

I doubt the DB is "lying" to you. SQL Server may tell a fib from time to time, but if you scold it sternly it always admits it was lying (although sometimes it tries to claim it was "just kidding with you"). mySQL almost never lies, unless it's coming home late from the bar. PostgreSQL is known to lie like a rug, denying it ate the last brownie even when its face is covered with chocolate. Oracle doesn't lie, but it will often plead the 5th and refuse to admit or deny anything. With that said, is it possible that you actually do have rows in the DB that match what your email or user name are? Perhaps left over from testing?

Share this post


Link to post
Share on other sites

I think the problem is you are referencing two variables separately within a 'if' then 'ifelse' conditiontry

if($c1 >= 1 || $result3 >= 1) 		{		if($c1 >= 1) 		{		echo "This name is already in use.";		}		if($result3 >= 1) 		{		echo "This email is already in use.";		}		}	else		 {	insert coding....		}

Share this post


Link to post
Share on other sites

That's basically the same code, just wrapped in another if statement. This type of structure is fine:

if($c1 >= 1) {  echo "This name is already in use.";}elseif($result3 >= 1) {  echo "This email is already in use.";}else{  // process}

If you are getting the message that the name is in use, then that means that $c1 is greater than or equal to 1. If $c1 is greater than or equal to 1, then that means the query is returning at least one row. That's the only possible thing it could mean.

Share this post


Link to post
Share on other sites

Its nothing to do with the database, as I empty the users table before each test, but the error I previously stated was that:It inserts the user, but then says that the name is already in use. What my main concern is how to got through the scan, inserted, but then went through again, giving the error.

Share this post


Link to post
Share on other sites

I don't see any inserts before the cheks... are you executing the very same script via AJAX and a submit button? If so, the first AJAX request that passes all checks will insert.You might want to isolate the checks in a separate file - call that file via AJAX, and make your existing script your form action. Your existing script must, of couse (for security's sake), also include the file, and perform the same checks one last time.

Share this post


Link to post
Share on other sites

Does the data get submitted twice? Use Firebug to test this and keep an eye on the Net tab, you can see if it sends one request or two. The code looks like it should only be sending one, but it might be worth checking.

Share this post


Link to post
Share on other sites

Well, accoreding to JSG's advice, it was true, in the net tab, the page was loading twice. Now, I have no idea how to fix this, anyone have any ideas?

Edited by ChidoriSoul

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...