php registration scripting error

Problems with the Windows version of XAMPP, questions, comments, and anything related.

php registration scripting error

Postby Seraphimk » 08. February 2009 15:18

im trying to program a registration script and whenever i run it on my localhost everything works except from the email and it comes up with an sql error sayin

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' WHERE 'email' = 'test@test.com'' at line 1"

ive checked everything and its really buggin me heres my source code ==
"<?php
include_once "functions.php";

connect ();

if(!$_POST['submit']){
echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<form method=\"post\" action=\"register.php\">\n";
echo "<tr><td><colspan=\"2\" align=\"center\"> Registration Form </td></tr>\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td>Confirm</td><td><input type=\"password\" name=\"passconf\"></td></tr>\n";
echo "<tr><td>E-mail</td><td><input type=\"text\" name=\"email\"></td></tr>\n";
echo "<tr><td>First Name</td><td><input type=\"text\" name=\"firstname\"</td></tr>\n";
echo "<tr><td>Second Name</td><td><input type=\"text\" name=\"secondname\"</td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"registration\"></td>\n";
echo "</form></table>\n";
} else {
$username = protect($_POST['usernmae']);
$password = protect($_POST['password']);
$confirm = protect($_POST['passconf']);
$email = protect($_POST['email']);
$firstname = protect($_POST['firstname']);
$secondname = protect($_POST['secondname']);

$error = array();

if(!$username){
$errors[] = "username is not defined!";

}
if(!$password){
$errors[] = "password is not defined!";

}
if($password){
if(!$confirm) {
$errors [] = "confirmation password is not defined!";
}

}
if(!$email){
$errors[] = "E-mail is not defined";
}
if(!$firstname){
$errors[] = "First name is not defined";
}
if (!$secondname){
$errors[] = "Second name is not defined";
}

if($username){
if(!ctype_alnum($username)){
$errors[] = "Username can only contain numbers and letters";
}
$range = range(1,32);
if(!in_array(strlen($username),$range)){
$errors[] = "Username must be between 1 and 32 characters!";
}
}
if($password && $confirm){
if($password != $confirm){
$errors[] = "passwords do not match";
}
}
if($email){
$checkemail = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i";
if(!preg_match($checkemail, $email)){
$errors [] = "E-mail is not valid, must be name@server.tld";
}


}
if($firstname){
$range2 = range(3,32);
if(!in_array(strlen($firstname),$range2)){
$errors[] = "your name must be between 3 and 32 characters!";
}
}
if($secondname){
$range3 = range(3,32);
if(!in_array(strlen($secondname),$range3)){
$errors[] = "your second name must be between 3 and 32 characters long";
}
}
if($username){
$sql = "SELECT * FROM 'users' WHERE 'username'='{$username}'";
$res = mysql_query($sql) or die(mysql_error());

if(mysql_num_rows($res) > 0){
$errors[] = "the username you supplied is already in use!";
}
}
if($email){
$sql2 = "SELECT * FROM 'users' WHERE 'email' = '{$email}'";
$res2 = mysql_query($sql2) or die(mysql_error());

if(mysql_num_rows($res2) > 0){
$errors[] = "The E-mail address you supplied is already in use of another user!";
}
}
if(count($errors) > 0){
foreach($errors AS $error){
echo $error . "<br>\n";
}
}else {
$pw = ($password);
$sql4 = "INSERT INTO 'users'
('username', 'password', 'email','firstname','secondname')
VALUES ('$username','".md5($password)."','$email',$firstname','$secondname')";
$res4 = mysql_query($sql4) or die(mysql_error());
echo "you have successfully registered with the username <b>{$username}</b> and the password of <b>{$password}</b>!";
}

}




?>"
Seraphimk
 
Posts: 1
Joined: 08. February 2009 15:09

Re: php registration scripting error

Postby Izzy » 08. February 2009 23:21

Code: Select all
$username = protect($_POST['usernmae']);
Is this correct?
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Re: php registration scripting error

Postby Wiedmann » 09. February 2009 00:57

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' WHERE 'email' = 'test@test.com'' at line 1"

Code: Select all
$sql = "SELECT * FROM 'users' WHERE 'username'='{$username}'";

You must use backticks `, not quotes ', for tables and filednames. Quotes are only valid for string like with '{$username}'.

The same in all your other sql statements.
Wiedmann
AF Moderator
 
Posts: 17102
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 96 guests