second half code not executing

Question

blueguy777 0 Newbie Poster

9 Years Ago

Executing Code upto insert users:

<?php
require('session.php');
require('encrypt.php');
require('mail.php');

$username = $_POST['user_name'];

$password = rand(10000, 99999);

$name = $_POST['name'];

$password = encrypt($password, 'ganesh');

$email = $_POST['email'];

$terms = $_POST['terms'];

$address = $_POST['address'];

$mobile = $_POST['mobile'];
$dob    = $_POST['birth_year'] . '-' . $_POST['birth_month'] . '-' . $_POST['birth_day'];

$ip = $_SERVER['REMOTE_ADDR'];

$url = $_SERVER['HTTP_HOST'];

$url_length = strlen($url);

if (substr($url, 0, 4) == 'www.') {
    $url_length = $url_length - 4;

    $url = substr($url, 4, $url_length);
}

$msg = '';

if (($username == '' || strlen($username) < 3)) {
    $msg = 'Username must contain atleast 3 characters';
    return 1;
}


if (preg_match('/[\s|\n|\t|*|&|~|!|@|#|$|%|^|&|*|(|)|-|_|+|=|.|,|<|>|?|"|;|`|:|\[|\]|\/|\']/', $username)) {
    $msg = 'Username should not contain special characters';
    return 1;
}


if (($name == '' || strlen($name) < 5)) {
    $msg = 'Name should contain atleast 5 characters';
    return 1;
}


if (!preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $email)) {
    $msg = 'Enter a valid email format!';
    return 1;
}


if ((($mobile == '' || strlen($mobile) < 10) || 10 < strlen($mobile))) {
    $msg = 'Enter a valid 10 digit mobile number';
    return 1;
}


if (!is_numeric($mobile)) {
    $msg = 'Enter a valid 10 digit mobile number';
    return 1;
}


if ($terms != 'yes') {
    $msg = 'Please Accept Terms and Conditions';
    return 1;
}

$query = '' . 'select id,username,email,mobile from users where mobile=\'' . $mobile . '\' or email=\'' . $email . '\'';

if (!($result = mysql_query($query))) {
    exit(mysql_error());
    (bool) true;
}


$numrows = mysql_num_rows($result);

if (0 < $numrows) {

    if ($row = mysql_fetch_array($result)) {
        if ($row[2] == $email) {
            if ($row[3] == $mobile) {
                $msg = '' . $mobile . ' and ' . $email . ' are already registered with us.';
            }

            $msg = '' . $email . ' is already registered with us';
        }

        $msg = '' . $mobile . ' is already registered with us';
    }
} else {
    $username_query = '' . 'select id from users where username=\'' . $username . '\' and url=\'' . $url . '\'';

    if (!($username_result = mysql_query($username_query))) {
        exit(mysql_error());
        (bool) true;
    }


    if (mysql_num_rows($username_result) == 1) {
        $msg = 'Username already exists!! Please select a different username.';
        return 1;
    }

    $q = '' . 'insert into users (`username`,`password`,`url`,`name`,`email`,`address`,`mobile`,`ip`,`dob`) values (\'' . $username . '\',\'' . $password . '\',\'' . $url . '\',\'' . $name . '\',\'' . $email . '\',\'' . $address . '\',\'' . $mobile . '\',\'' . $ip . '\',\'' . $dob . '\')';

Not Executing Code :

if (!($r = mysql_query($q))) {
        exit(mysql_error());
        (bool) true;
    }


    $userid = mysql_insert_id();

    if (mysql_affected_rows() == 1) {
        $rQ = '' . 'select userid from resellers where url=\'' . $url . '\'';

        if (!($rR = mysql_query($rQ))) {
            exit(mysql_error());
            (bool) true;
        }

        if ($rRow = mysql_fetch_array($rR)) {
            $reseller_id = $rRow[0];
            $credit      = '5';
            $cr_query    = '' . 'select credit,valuation,valuation_criteria from user_details where userid=\'' . $reseller_id . '\'';

            if (!($cr_result = mysql_query($cr_query))) {
                exit(mysql_error());
                (bool) true;
            }


            $cr_row = mysql_fetch_array($cr_result);

            $valuation = $cr_row[1];

            $valuation_criteria = $cr_row[2];
            $reseller_credit    = $cr_row[0] - 5;

            if (0 <= $reseller_credit) {
                $uc_query = '' . 'update user_details set credit=\'' . $reseller_credit . '\' where userid=\'' . $reseller_id . '\'';

                if (!($uc_result = mysql_query($uc_query))) {
                    exit(mysql_error());
                    (bool) true;
                }
            } else {
                $credit = 4;
            }

            $ud_query = '' . 'insert into user_details(`userid`,`reseller_id`,`credit`,`valuation`,`valuation_criteria`) values (\'' . $userid . '\',\'' . $reseller_id . '\',\'' . $credit . '\',\'' . $valuation . '\',\'' . $valuation_criteria . '\')';
            mysql_query($ud_query);

            if (mysql_affected_rows() == 1) {
                $subject = 'New User Registration';

                $sent_password = decrypt($password, 'smspanel');
                $message       = '' . 'You have registered at ' . $url . ' <br>Username = ' . $username . ' <br> Password = ' . $sent_password . ' <br> URL = ' . $url;
                $senderID      = '' . 'info <info@' . $url . '>';

                $m = new email($subject, $message, $senderID, $email);
                $m->send();
                $rq = '' . 'select routeID from users where id=' . $userid;

                if (!($rr = mysql_query($rq))) {
                    exit(mysql_error());
                    (bool) true;
                }


                $ra = mysql_fetch_array($rr);

                $routeID         = $ra[0];
                $sender_id       = 'SMSPAN';
                $message_content = '' . 'Dear ' . $name . ', Your account with Username: ' . $username . ' and Password: ' . $sent_password . ' is successfully created. Please login at URL: ' . $url . '.';
                $job_q           = '' . 'Insert into jobs(`userid`,`total_messages`,`message`,`sender_id`,`routeID`,`status`,`queue_id`) values (\'1\',\'1\',\'' . $message_content . '\',\'' . $sender_id . '\',\'' . $routeID . '\',\'InProgress\',\'900\')';

                if (!($job_r = mysql_query($job_q))) {
                    exit(mysql_error());
                    (bool) true;
                }


                $job_id   = mysql_insert_id();
                $create_q = 'CREATE TABLE IF NOT EXISTS `' . $job_id . '` (
  `id` int(11) NOT NULL auto_increment,
  `mobile` bigint(20) NOT NULL,
  `routeID` int(11) NOT NULL,
  `status` varchar(20) NOT NULL default \'Sent\', `handler` varchar(20) NOT NULL,
  PRIMARY KEY  (`id`)
) ';

                if (!(mysql_query($create_q))) {
                    exit(mysql_error());
                    (bool) true;
                }

                $values  = '' . '(\'' . $routeID . '\',\'' . $mobile . '\',\'Sent\')';
                $m_query = 'Insert into `' . $job_id . ('' . '` (`routeID`,`mobile`,`status`) values ' . $values);
                mysql_query($m_query);
                $un_q = '' . 'insert into user_numbers(`number`) values(\'' . $mobile . '\')';
                mysql_query($un_q);
                echo '  <meta http-equiv="refresh" content="0; url=thanks.php?msg=register" />
';
            }
        }
    }
}

?>

it's not throwing any error message, how to fix this issue?

php

3 Contributors
5 Replies
235 Views
1 Day Discussion Span
Latest Post 9 Years Ago Latest Post by lps

broj1 356 Humble servant

9 Years Ago

Insert this simple debug code after line 115:

die($q);

It will display the query as it has been constructed and stop the script. Now you can inspect the query and paste it into phpmyadmin to check it if it works. You can post it here also.

You took the complex path to assemble the query. There are simpler ways that make things more readable and help you avoid errors. Try using double quotes:

$q = "insert into users (`username`, `password`, `url`, `name`, `email`, `address`, `mobile`, `ip`, `dob`) values ('$username', '$password', '$url', '$name', '$email', '$address', '$mobile', '$ip', '$dob')';

Edited 9 Years Ago by broj1

lps 71 Posting Pro in Training

9 Years Ago

First of all, mysql_* has been depreciated. Use mysqli_* or PDO instead.

The problem should be the query where the field should not having quoted in MYSQL.
$q = "insert into users (username,password,url,name,email,address,mobile,ip,dob) values ('$username', '$password', '$url', '$name', '$email', '$address', '$mobile', '$ip', '$dob')";

Edited 9 Years Ago by lps

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

blueguy777 0 Newbie Poster · Answer 1 · 2015-05-28T13:35:14+00:00

modified code

$q = "insert into users (username,password,url,name,email,address,mobile,ip,dob) values ('$username', '$password', '$url', '$name', '$email', '$address', '$mobile', '$ip', '$dob')";   
die($q);

Output:

insert into users (username,password,url,name,email,address,mobile,ip,dob) values ('ravi', 'oKymq6E=', 'xyz.in', 'ravi prasad', 'myemailid@yahoo.com', 'Bijapur', '7712345678', '117.209.144.114', '--')

broj1 356 Humble servant Featured Poster · Answer 2 · 2015-05-29T06:15:05+00:00

The query looks OK now. Have you tested it in phpmyadmin?

lps 71 Posting Pro in Training · Answer 3 · 2015-05-29T08:42:08+00:00

Please do escape the inputed data else you are opened to sql injections.