[php]
<?php //beginning tag
$host = "localhost";
$dbuser = "root";
$dbpass = "";
$connection = mysql_connect($host,$dbuser,$dbpass);
$dbname = "tutorial";
$db = mysql_select_db($dbname);
//grab data from form
$name = $_POST['Name'];
$pass = $_POST['pwd'];
$email = $_POST['email'];
$re_email = $_POST['reemail'];
//if else (else if)
if($name == false || $pass == false || $re_email == false || email == false) {
echo "Please enter all required fields. "; }
if($email != $re_email) {
echo " Email do not match. ";
}else{
$connection = mysql_connect($host,$dbuser,$dbpass);
$dbname = "tutorial";
$db = mysql_select_db($dbname);
$sql = INSERT INTO user (Username, Password, Email)
VALUES ($name, $pass, $email)
$result = mysql_query($sql);
echo " Thank you for registering .";
}
?>
[/php]
You're missing a few things and there's a few things i would still change about your connection/insertion code.
We'll start of with the connection!
[php]
<?php //beginning tag
$host = "localhost";
$dbuser = "root";
$dbpass = "";
mysql_connect($host, $dbuser, $dbpass) or die("Error: ".mysql_error());
[/php]
See i took out the
$connection variable - it's not really needed; we'll just explicitly connect up here. Because we're doing it this way we add a
or die which, if the connection doesn't work, it'll show an error explaining why! (it'll also kill any code that comes after this point). Now we shall select the database. We will do it exactly the same way as connecting to mysql.
[php]
$dbname = "tutorial";
mysql_select_db($dbname) or die("Error: ".mysql_error());
[/php]
All fine and dandy?
Now we'll handle the form POST. There's a nasty little thing called
mysql injection (tutorial) i suggest you read up on and always prevent! I'll put it into action for you:
[php]
$name = mysql_real_escape_string($_POST['Name']); // all escaped!
$pass = mysql_real_escape_string($_POST['pwd']);
$email = mysql_real_escape_string($_POST['email']);
$re_email = mysql_real_escape_string($_POST['reemail']);
[/php]
Safely escaped. Now that chunk of if/else statements, there's a few things i'd change about it. (You need to do some more validation but that's another long story for another day :] )
[php]
if($name == false || $pass == false || $re_email == false || email == false) {
echo "Please enter all required fields. "; }
else if($email != $re_email) {
echo "Emails do not match. ";
} else { //everything was good - let's insert!
[/php]
I made the second IF and ELSE IF because, if the first statement returns false but the second IF returns TRUE it's still going to go onto the ELSE statement. Inserting time!
[php]
$sql = "INSERT INTO user (Username, Password, Email)
VALUES
('$name', '$pass', '$email')";
[/php]
This, itself, had a few syntax problems: you always need double / single quotes surrounding variables! and on the VALUES wrap them in single quotes too! - I think you should put curly brackets around the variables in the VALUES aswell.. someone else can clear that up.
[php]
$result = mysql_query($sql);
if($result){
echo "Thankyou for registering - Everything was successful!";
} else {
echo "There was a problem with your registration...";
}
[/php]
I changed it to a simple if/else statement. The IF checks whether the
$result variable returns TRUE and if so, the insertion is complete and the user is notified. ELSE there is a problem and user is notified.
Some things you should consider:
Sanitising user input!(for that ugly IF statement you use to check if things are FALSE) - It's paramount you do so or some little script kiddy could work his little
magic and give you headaches!
A decent mysql tutorial
And the code in full:
[php]
<?php //beginning tag
$host = "localhost";
$dbuser = "root";
$dbpass = "";
$dbname = "tutorial";
mysql_connect($host, $dbuser, $dbpass) or die("Error: ".mysql_error());
mysql_select_db($dbname) or die("Error: ".mysql_error());
// grab form data
$name = mysql_real_escape_string($_POST['Name']); // all escaped!
$pass = mysql_real_escape_string($_POST['pwd']);
$email = mysql_real_escape_string($_POST['email']);
$re_email = mysql_real_escape_string($_POST['reemail']);
if($name == false || $pass == false || $re_email == false || email == false) {
echo "Please enter all required fields. "; }
else if($email != $re_email) {
echo "Emails do not match. ";
} else { //everything was good - let's insert!
$sql = "INSERT INTO user (Username, Password, Email)
VALUES
('$name', '$pass', '$email')";
if($result){
echo "Thankyou for registering - Everything was successful!";
} else {
echo "There was a problem with your registration...";
}
} // close first ELSE
[/php]
26
