...

View Full Version : Updating Database Help.



Skippy
02-23-2010, 09:55 PM
Hey,

When a user signs up to my site at /register.php?gift=11 it's supposed to take the gift from the 'gifts' with that id and insert the id, title and value into a database called 'users'.

Here is my code:

<?php
session_start();
require ("connect.php");
require ("functions.php");
include ("template/template.class.php");
$template = new Template;
$template->load("template/header.php");
$template->replace("Login", file_get_contents("template/includes/login.php"));
$template->publish();
if(isset($_POST['submit'])){

$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
$forename = mysql_real_escape_string($_POST['forename']);
$surname = mysql_real_escape_string($_POST['surname']);
$address1 = mysql_real_escape_string($_POST['address1']);
$address2 = mysql_real_escape_string($_POST['address2']);
$postcode = mysql_real_escape_string($_POST['postcode']);
$country = mysql_real_escape_string($_POST['country']);
$agree = mysql_real_escape_string($_POST['agree']);
$refer = mysql_real_escape_string($_POST['referal']);

$id = mysql_real_escape_string($_GET['id']);
$gtitle = mysql_real_escape_string($_GET['title']);
$gvalue = mysql_real_escape_string($_GET['value']);

$gval1 = mysql_query("SELECT * FROM gifts WHERE id='$gift'");
$gval2 = mysql_fetch_array($gval1);
$gtitle = $gval2['title'];
$gvalue = $gval2['amount'];

$giftid = mysql_real_escape_string($_GET['title']);
$data = "SELECT * FROM gifts WHERE title='$giftid'";
$result = mysql_query($data);
$ugift = mysql_fetch_object($result);
$gift = $data['giftID'];

$date = date('Y-m-d H:i:s');
$ip = $_SERVER['REMOTE_ADDR'];
$cpass = $_POST['confirmpassword'];
$uresult = mysql_query("SELECT * FROM users");
$unum = mysql_num_rows($uresult);
if($unum == 0){
$status = "2";
}else{
$status = "1";
}

if($password != $cpass){
$error = "The passwords entered do not match!";
}
if($username == cpanel){
$error = "Invalid Username.";
}
if(empty($username) || empty($email) || empty($password)){
$error = $error . "You have to fill in all the fields!";
}
if(!isset($error)){
if(isset($password)){
if(strlen($password) <= 5){
$error = "Your password needs to be at least 6 characters in length!";
}}}
$result = mysql_query("SELECT * FROM users WHERE username = '$username'");
$num = mysql_num_rows($result);
if($num == 1){
$error = $error . "The username $username is already in use! Please select another!";
}
$result = mysql_query("SELECT * FROM users WHERE email = '$email'");
$num = mysql_num_rows($result);
if($num == 1){
$error = $error . "The email $email is already in use! Please use another!";
}

if(isset($error)){
echo "$error";
}else{
$password = sha1($password);
mysql_query("INSERT INTO users VALUES(NULL, '$username', '$email', '$password', '$forename', '$surname', '$status', '0', '0', '0', '0', '0', '$address1', '$address2', '$postcode', '$country', '$id', '$gtitle', '$gvalue', '$refer', '$agree', '$ip')");
$result = mysql_query("SELECT * FROM users WHERE id = '$refer'");
$num = mysql_num_rows($result);
if($num == 0){

$refer = "none";
}else{
credituser($refer);
}
echo "You are now a registered member. You can now <a href=\"login.php\">login</a>!";
}
}else{
$referal = $_SESSION['refer'];
?>
<div align="center">
<h4>Register</h4>
<form method="POST" action=""><br/>
<?php echo "$id"; ?>
Username: <br/><input type="text" name="username" class="registerform"><br/>
E-mail: <br/><input type="text" name="email" class="registerform"><br/>
Password: <br/><input type="password" name="password" class="registerform"><br/>
Confirm Password: <br/><input type="password" name="confirmpassword" class="registerform"><br/>
First Name: <br/><input type="text" name="forename" class="registerform"><br/>
Surname: <br/><input type="text" name="surname" class="registerform"><br/>
Address 1: <br/><input type="text" name="address1" class="registerform"><br/>
Address 2: <br/><input type="text" name="address2" class="registerform"><br/>
Postcode: <br/><input type="text" name="postcode" class="registerform"><br/><br/>
Country: <br/><input type="text" name="country" class="registerform"><br/><br/>
<input type="checkbox" name="agree" value="Yes" />
I have read, understood and agree to the <a href="terms.php">Terms &amp; Conditions.</a>
<br/><br/>
<input type="submit" name="submit" value="Register">
<input type="hidden" name="referal" value="<?php $referal ?>">
</form>
</div>
<?php
}
include("template/footer.php");
?>


Everything updates apart from $id, $gtitle and $gvalue.

What am I doing wrong?

Thanks.

Fumigator
02-23-2010, 10:22 PM
For one thing, you're not checking your queries to see if they are throwing errors.



$gval1 = mysql_query("SELECT * FROM gifts WHERE id='$gift'");
//CHECK THE RETURN VALUE!
if (!$gval1) {
die("Query error! Error: ".mysql_error());
}


Even better, because you get to see what the actual query was:



$query = "SELECT * FROM gifts WHERE id='$gift'";
$gval1 = mysql_query($query);
//CHECK THE RETURN VALUE!
if (!$gval1) {
die("Query error! Query: $query<br />Error: ".mysql_error());
}


I can see that your variable $gift doesn't appear to be assigned any value until AFTER you've run that query. But putting in proper error checking will tell you immediately what the real problem is.

masterofollies
02-23-2010, 11:04 PM
I would have ID as your very first field in the database, also I am assuming it's an auto increment? If so you leave the field blank in an INSERT query. So it'd be '',



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum