Bad Logic In Insert Code?

justlukeyou · September 24, 2012, 5:47pm

I have combined two peices of insert code however it now creates the register error “There was a problem registering you. Please check your details and try again.”

It must be a bad logic in the insert code. Can anyone advise how it should be laid to logically please?

		    if(!$errors){
        $query = mysql_query("INSERT INTO users
        (firstname, surname) VALUES ('" . $firstname . "', '" . $surname . "')");		
        "' . mysql_real_escape_string($registerEmail) . '";
		        'password = MD5("' . mysql_real_escape_string($registerPassword) . '")';
        'date_registered = "' . date('Y-m-d H:i:s') . '"';

        if(mysql_query($query)){
                                $success['register'] = 'Thank you for registering. You can now log in on the left.';
                        }else{
                                $errors['register'] = 'There was a problem registering you. Please check your details and try again.';

                                  }

cpradio · September 24, 2012, 5:57pm

To be honest, this is riddled with errors, does it even run?

if(!$errors){
      $query = mysql_query("INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), GETDATE())");
                         
     if(mysql_query($query)){
          $success['register'] = 'Thank you for registering. You can now log in on the left.';
      }else{
          $errors['register'] = 'There was a problem registering you. Please check your details and try again.';
     }
}

To be honest, you really need to learn SQL Syntax, getting @r937 ;'s [URL=“http://www.sitepoint.com/books/sql1/”]book would be a good start.

cpradio · September 24, 2012, 6:00pm

As a side note, you will need to ensure you are using mysql_real_escape_string on your $firstname and $surname to help prevent SQL Injections as well. I assumed you were doing this since the code for assigning those variables wasn’t shown.

justlukeyou · September 24, 2012, 6:03pm

No errors appear but it creates the error “'There was a problem registering you. Please check your details and try again.”

I tried your code and this also creates the error mesasge. What errors are there, I notice the date insert is very different.

	if(!$errors){
      $query = mysql_query("INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), GETDATE())");

     if(mysql_query($query)){
          $success['register'] = 'Thank you for registering. You can now log in on the left.';
      }else{
          $errors['register'] = 'There was a problem registering you. Please check your details and try again.';
     }
}
               }

justlukeyou · September 24, 2012, 6:04pm

This is what Im using to identify the terms.

    if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
    $firstname = mysql_real_escape_string(trim($_POST['firstname']));
    $surname = mysql_real_escape_string(trim($_POST['surname']));
        $registerEmail = trim($_POST['email']);
        $registerPassword = trim($_POST['password']);
        $registerConfirmPassword    = trim($_POST['confirmPassword']);

cpradio · September 24, 2012, 6:08pm

I used the GETDATE() function in MySQL so it automatically writes the date, and you don’t have to calculate it/figure it out.

Try the following, it will still throw an error, but it will hopefully tell you why.

	if(!$errors){
      $query = mysql_query("INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), GETDATE())");
                         
     $result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error
     if($result){
          $success['register'] = 'Thank you for registering. You can now log in on the left.';
      }else{
          $errors['register'] = 'There was a problem registering you. Please check your details and try again.';
     }
}  
               }

justlukeyou · September 24, 2012, 6:09pm

It says “query was empty”.

cpradio · September 24, 2012, 6:11pm

Oh doh! Of course it is. You are calling mysql_query twice and I missed it both times.

Here is the updated code

if(!$errors){
      $query = "INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), GETDATE())";
                         
     $result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error
     if($result){
          $success['register'] = 'Thank you for registering. You can now log in on the left.';
      }else{
          $errors['register'] = 'There was a problem registering you. Please check your details and try again.';
     }
}

justlukeyou · September 24, 2012, 6:13pm

Hi,

Now it says FUNCTION site.GETDATE does not exist

cpradio · September 24, 2012, 6:15pm

Ha ha, I’ve been playing in SQL Server all date, replace GETDATE() with NOW() and it will work. GETDATE is in SQL Server NOW is in MySQL.

justlukeyou · September 24, 2012, 6:26pm

Brilliant thanks, that now inserts the two sets of information I previously had seperate.

However now it is not showing as being logged in. I had a code that show “You are sucessfully logged in…” or displayed the registration button.

I have a column for session_id should it be inserting something into there in the database and then remove it when I logout?

<?php
    if ($_SESSION['userLoggedIn'])
{
  $row = mysql_fetch_array($query);
  echo '<div class="loggedin">
You are sucessfully logged in as ' . $_SESSION['userEmail'] . ' <a href="/index.php">Logout</a>
  </div>
  ';
} else { echo
'<div class="headersignin">	
<a href="/users/login.php"   rel="nofollow" class="blacklink"   >
Sign in
</a>
</div>
<div class="headerjoin">
<a href="/users/register.php" rel="nofollow" class="whitelink"   >	Join free</a>
</div>';
}
?>

cpradio · September 24, 2012, 6:33pm

justlukeyou:

eing logged in. I had a code that show “You are sucessfully logged in…” or displayed the registration button.

I have a column for session_id should it be inserting something into there in the database and then remove it when I logout?
<?php
    if ($_SESSION['userLoggedIn'])
{
  $row = mysql_fetch_array($query);
  echo '<div class="loggedin">
You are sucessfully logged in as ' . $_SESSION['userEmail'] . ' <a href="/index.php">Logout</a> 
  </div>
  ';
} else { echo 
'<div class="headersignin">	
<a href="/users/login.php"   rel="nofollow" class="blacklink"   >
Sign in
</a>
</div>
<div class="headerjoin">
<a href="/users/register.php" rel="nofollow" class="whitelink"   >	Join free</a>
</div>';
}
?> 

You would need to log in. Registration doesn’t normally log you in. You typically still have to login after registering