php validation help

Question

twosocks 0 Newbie Poster

16 Years Ago

ok i cant see whats is wrong with this but it wont add a user

<?php 
			 include "config.php";   
			//Get the information from the form
			 $username = $_POST['username'];
			 $email = $_POST['email']; 
			 $password_1 = $_POST['password_1'];
			 $password_2 = $_POST['password_2'];

			// makes sure that the 2 passwords match and that the email address is valid
			if (( $password_1 == $password_2)&&($password_1 > 3)&&(ereg("^[a-zA-Z0-9_]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$]", $email))&&($username < 30)) {
			 $password_1 == md5($password_1) ;
			 $email == $email ;

			$query = "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$password_1')";    
								 
			// execute query 
			$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 
								 
			// print message 
			echo "sucess"; 
			}
									
			// if input not valid
			else {
			echo "no soup for you";
			}

?>

php

4 Contributors
3 Replies
84 Views
12 Hours Discussion Span
Latest Post 16 Years Ago Latest Post by FlashCreations

somedude3488 228 Nearly a Posting Virtuoso

16 Years Ago

are you getting any errors?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Atli 182 Posting Pro · Answer 1 · 2008-11-06T06:24:41+00:00

Is this part of your if statement on line #10 meant to make sure the password is more than 3 letters?

($password_1 > 3)

If so, try using the strlen function around the variable, like:

(strlen($password_1) > 3)

Simply matching the string to a number will not get you the results you want.
It will try to convert the string into a number first, which would give unexpected results.

In fact, using the code you posted, simply using the number 4 (or higher) as the new password would probably work.

Edit...
O and I just noticed... you do the same thing later in the if statement with the $username variable. You would have to use the strlen function there to.

FlashCreations 20 Posting Whiz · Answer 2 · 2008-11-06T08:03:25+00:00

Just a suggestion:
On line 17 I would not include the SQL query. While the chances of a bad person seeing this kind of information is unlikely, it adds some vulnerability to your site. Simply use this code:

$result = mysql_query($query) or die ("MySQL Error: ".mysql_error());