Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
so i tried to convert a little bit of MYSQL to the new PDO;
$u_check = mysql_query("SELECT username FROM users WHERE username='un'");
$check = mysql_num_rows($u_check);
if($check == 0){
echo "Do this";
}
How i did it in PDO:
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE :username = '$un'");
$check = $databaseConnection->query($u_check);
if($check == 0){
echo "do stuff"
}
But as expeced i get an error:
Warning: PDO::query() expects parameter 1 to be string, object given
in F:\xampp\htdocs\SocialMedia\first\index.php on line 27
Line 27: $check = $databaseConnection->query($u_check);
I have no idea how to get the same result in PDO
Thanks in advance for the help!
EDIT 1:
I have this now:
if($reg) {
if($em==$em2){
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE :username = '$un'");
$u_check->bind_param("s", "un");
$result = $u_check->execute();
if($result){
echo "hoi";
}
}
}
gives me:
Fatal error: Call to undefined method PDOStatement::bind_param() in
F:\xampp\htdocs\SocialMedia\first\index.php on line 26
EDIT 2: my code at the moment;
<?php include("inc/header.inc.php");?>
<?php
$reg = $_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
$fn = strip_tags($_POST['fname']);
$ln = strip_tags($_POST['lname']);
$un = strip_tags($_POST['uname']);
$em = strip_tags($_POST['email']);
$em2 = strip_tags($_POST['email2']);
$pswd = strip_tags($_POST['password']);
$pswd2 = strip_tags($_POST['password2']);
$d = date("d-m-Y");
if($reg) {
if($em==$em2){
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE username= :username");
$u_check->bindParam(':username', $un);//un is the given username that user types
$u_check->execute();
$check = $u_check->rowCount();
if($check > 0){
if($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2){
if($pswd==$pswd2){
if(strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo "Maximum characters is 25!";
}else{
if(strlen($pswd)>30||strlen($pswd)<5){
echo "Your pass must be between 5 and 30 characters!";
}else{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = $databaseConnection->prepare("INSERT INTO users (username, first_name, last_name, email, password, sign_up_date, activated) VALUES (:un, :fn, :ln, :em, :pswd, :d, '0')");
$query->execute();
die("<h2>Welcome to Profiles</h2>Login to your account to get started...");
}
}
}
}
}else{
echo "Already exists!";
}
}
}
?>
So, now i get the message "Already exists!" everytime,
Altho the setup itself does not work, its not putting the stuff from the form in ....
EDIT 3
I get this:
Parse error: syntax error, unexpected '}' in
F:\xampp\htdocs\SocialMedia\first\index.php on line 50 which is line
if($pswd!=$pswd2){
$errors[] .= 'Passwords are not the same';
}elseif(strlen($pswd)>30||strlen($pswd)<5){
$errors[] .='Your pass must be between 5 and 30 characters!'
}else{
$pswd_md = md5($pswd);
}
which is this line:
}else{
Your code is wrong...Try this one:
<?php include("inc/header.inc.php"); ?>
<?php
function display_errors($errors){
$display = '<ul>';
foreach ($errors as $error){
$display .= '<li>'.$error.'</li>';
}
$display .= '</ul>';
return $display;
}
$reg = $_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
if(isset($reg)) {
$errors = array();
$fn = strip_tags($_POST['fname']);
$ln = strip_tags($_POST['lname']);
$un = strip_tags($_POST['uname']);
$em = strip_tags($_POST['email']);
$em2 = strip_tags($_POST['email2']);
$pswd = strip_tags($_POST['password']);
$pswd2 = strip_tags($_POST['password2']);
$d = date("d-m-Y");
$required = array('fname','lname','uname','email','email2','password','password2');
foreach($required as $field){
if($_POST[$field] == ''){
$errors[] .= $field. ' is required';
}
}
if(strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
$errors[] .= "Maximum characters is 25!";
}
if($pswd!=$pswd2){
$errors[] .= 'Passwords are not the same';
}elseif(strlen($pswd)>30||strlen($pswd)<5){
$errors[] .='Your pass must be between 5 and 30 characters!'
}else{
$pswd_md = md5($pswd);
}
if($em != $em2){
$errors[] .= 'Emails are not the same';
}
$u_check = $databaseConnection->prepare("SELECT username FROM users WHERE username= :username");
$u_check->bindParam(':username', $un);//un is the given username that user types
$u_check->execute();
$check = $u_check->rowCount();
if($check > 0){
$errors[] .= 'User Exists. Choose another username';
}
if(!empty($errors)){
echo display_errors($errors);
}else{
$ac = 0;
$query = $databaseConnection->prepare("INSERT INTO users (username, first_name, last_name, email, password, sign_up_date, activated) VALUES (:un, :fn, :ln, :em, :pswd, :d, :ac)");
$query->bindParam(':un',$un);
$query->bindParam(':fn',$fn);
$query->bindParam(':ln',$ln);
$query->bindParam(':em',$em);
$query->bindParam(':pswd',$pswd_md);
$query->bindParam(':d',$d);
$query->bindParam(':ac',$ac);
$query->execute();
}
if($query){
//INSERT SUCCESS
echo 'Success';
}else{
echo 'Failed;'
}
}
?>
It is because for query() you need a String, but you give an object (Look: http://php.net/manual/de/pdo.query.php)
There is an example:
<?php
function getFruit($conn) {
$sql = 'SELECT name, color, calories FROM fruit ORDER BY name';
foreach ($conn->query($sql) as $row) {
print $row['name'] . "\t";
print $row['color'] . "\t";
print $row['calories'] . "\n";
}
}
?>
If you want to use prepare have a look at: http://php.net/manual/de/pdo.prepare.php
You have to use $var->execute(array($var1, $var2));
If I see correctly you want to check if the given username exists in the database. Call ->execute() on the prepared statement and use rowCount() on the returned object to get the number of results.
Check the documentation for more info: PDO rowCount and PDO Prepare
But if you really only need the number of rows where the username is the given username (since you select username and use it in the condition also) you can simply select the number:
SELECT count(username) FROM users GROUP BY username HAVING username = $username
Related
This question already has answers here:
How to check if a row exist in the database using PDO?
(3 answers)
Closed 5 years ago.
I am using MySQL and I want to check if the value of the users input $_POST['username'] already exists in my database (in the field username). I have tried this code:
$usernameExists = "SELECT * FROM users WHERE username = " . $_POST['username'];
if ($usernameExists) {
echo "Exists"
}
I put this code after the if (!empty...) statement;
but nothing happened. If you need my full code, it is available here, but I assume the rest of it won't be helpful:
<?php
session_start();
if (isset($_SESSION['user_id'])) { // user is already logged in
header("Location: index.php");
}
require('database.php');
$message = '';
$emailMessage = '';
$usernameMessage = '';
$passwordMessage = '';
$confirmMessage = '';
if (!empty($_POST['email']) && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['confirmPassword'])) { // user submitted form; enter user
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$emailMessage = 'Invalid email.';
} elseif (strlen($_POST['username']) < 4 || strlen($_POST['username']) > 250) {
$usernameMessage = 'Username has to be between 4 and 250 characters.';
} elseif (!preg_match("/^[a-zA-z0-9]*$/", $_POST['username'])) {
$usernameMessage = 'Username can only contain numbers and letters.';
} elseif (strlen($_POST['password']) < 6 || strlen($_POST['password']) > 250) {
$passwordMessage = 'Password has to be between 6 and 250 characters.';
} elseif ($_POST['confirmPassword'] !== $_POST['password']) {
$confirmMessage = 'Passwords don\'t match THONK';
} else {
$sql = "INSERT INTO users (email, username, password) VALUES (:email, :username, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':username', $_POST['username']);
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam(':password', $password);
if ($stmt->execute()) {
$message = 'Successfully created new user: ' . $_POST['username'];
} else {
$message = 'There was an error lol';
}
}
}
?>
Query the database using a prepared statement. Like this:
$usernameExists = 0;
$sql = 'SELECT username FROM users WHERE username = :username';
$stmt = $conn->prepare($sql);
$stmt->bindValue(':username',$_POST['username']);
$stmt->execute();
if($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
// row(s) returned
$usernameExists = 1;
} else {
// no row returned
$usernameExists = 0;
}
$stmt->closeCursor();
Then you can do this:
if ($usernameExists) {
echo "Exists"
}
Fatal error: Uncaught Error: Call to a member function query() on string in
C:\xampp\htdocs\boobae\index.php:58 Stack trace: #0 {main} thrown in
C:\xampp\htdocs\boobae\index.php on line 58
Here is my code:
<?php include './include/header.include.php'; ?>
<?php include './include/connect.include.php';?>
<?php $reg = #$_POST['reg'];
//declaring the variables to prevent errors
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d_birth = "";
$d = "";
$u_check = "";
$phone_number = "";
$conn="";
//registration form
$fn = strip_tags(#_POST['fname']);
$ln = strip_tags(#_POST['lname']);
$un = strip_tags(#_POST['uname']);
$em = strip_tags(#_POST['email1']);
$em2 = strip_tags(#_POST['email2']);
$pswd = strip_tags(#_POST['passwprd1']);
$pswd2 = strip_tags(#_POST['password2']);
$d_birth = strip_tags(#_POST['dbirth']);
$d = ('Y-M-D');
$phone_number = strip_tags(#_POST['phone_number']);
if (isset($_POST['reg'])) {
if ($em==$em2) {
}
else {
echo "Your emails do not match!";
}
if ( strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters";
}
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be 5 to 30 characters long";
}
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
}
else{
echo "Please fill in all the fields!";}
if ($pswd==$pswd2) {
}
else {
echo "Your pasword do not match!";
}
$sql="INSERT INTO userss (username,first_name,last_name, email, password,
d_birth, sign_up_date, $phone_number,activated)
VALUES ('$un', '$fn', '$ln', '$em', '$pawd', '$d_birth', '$d',
'$phone_number')";
//$insert=$con->query($sql);
}
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
}
else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
You set your $conn=""; right under $phone_number = "";. $conn needs to be a database connection, not a string
In your current code $conn=""; which clearly is a string. Make it db connection variable first. Hope this helps.
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 6 years ago.
Here is the PHP block i am using:
$reg = #$_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
$u_check = "";
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {}
if ($em==$em2){}
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
$check = mysql_num_rows ($u_check);
if ($check == 0){}
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2){}
if ($pswd==$pswd2){}
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo "The maximum amount of character is 25! Please try again";
}
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");
}
And here is the two else statements:
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");
}
When i only have:
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
I don't get an error message, but when i add:
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln', '$em','$pswd','$d','0')");
}
I get this error message when i refresh:
Parse error: syntax error, unexpected 'else' (T_ELSE) in C:\xampp\htdocs\Socially\index.php on line 39
I am using a YouTube tutorial, and this is what he typed, he didn't get an error message. Here is the link: https://www.youtube.com/watch?v=EgqVNMTnmDQ&list=PLA7F9875BD031DC16&index=36
This video was done in 2013.
If someone could help me, it would be appreciated.
Your ifs are wrong the { opens the control block and the } closes it. For example with this:
if (strlen($pswd)>30||strlen($pswd)<5){}
You are doing nothing when the password is longer than 30 characters or less than 5. (also why limit passwords to 30 characters?)
You also then are echoing the message regardless of that condition:
echo "Your password be between 5 and 30 characters long!";
Additional notes:
Your control blocks should be indented.
You should NOT put user data directly into a SQL query. That is how injections occur. strip_tags does nothing to stop a SQL injection.
Try:
<?php
$reg = #$_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
$u_check = "";
$fn = strip_tags(#$_POST['fname']);//dont use #, no need for error supression, resolve the errors.
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {}//does nothing
if ($em==$em2){}//does nothing
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
$check = mysql_num_rows ($u_check);
if ($check == 0){}//does nothing
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2){}//does nothing
if ($pswd==$pswd2){}//does nothing
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo "The maximum amount of character is 25! Please try again";
} else {
if (strlen($pswd)>30||strlen($pswd)<5){
echo "Your password be between 5 and 30 characters long!";
} else {
$pswd = md5($pswd); //should upgrade hashing algorithm
$pswd2 = md5($pswd2);//not used
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");//open to SQL injections
}
}
I have made a registration PHP file that runs through an authentication and connects to my database that I made in phpMyAdmin. The problem is, I can put in the same username without consequence and it adds to the database, so I could put; dogs as the username and then again put the same.
How can I make it so the user is told; that username already exists choose another one.
Here's my php so far;
Also please tell me where to insert it.
<?php
require('db.php');
// If form submitted, insert values into the database.
if (isset($_POST['username'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$email = stripslashes($email);
$email = mysql_real_escape_string($email);
$password = stripslashes($password);
$password = mysql_real_escape_string($password);
$trn_date = date("Y-m-d H:i:s");
$query = "INSERT into `users` (username, password, email, trn_date) VALUES ('$username', '".md5($password)."', '$email', '$trn_date')";
$result = mysql_query($query);
if ($result) {
echo "<div class='form'><h3>You are registered successfully.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
} else {
?>
You should query the database before inserting any record (user) to users table.
Try the code below:
<?php
$username = mysql_real_escape_string( $username ); //Sql injection prevention
$existance = mysql_query("SELECT username FROM users WHERE username = '" . $username . "'");
if( !$existance ){
$query = "INSERT into `users` (username, password, email, trn_date) VALUES ('$username', '".md5($password)."', '$email', '$trn_date')";
$result = mysql_query( $query );
if ( $result ) {
echo "<div class='form'><h3>You are registered successfully.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
else{
//unsuccessful insertion
}
} else {
//the user existed already, choose another username
}
?>
Create an if-statement where you check if $username exists in the db. If it does, throw an error. If not, continue with the code.
Note
Your code is vulnerable to SQL-injection. Read this post: How can I prevent SQL injection in PHP?
Rewriting my entire answer to a working example. I'm going to assume your post variables are the same as mine: email, password, username
<?php
$errorMessage = "";
function quote_smart($value, $handle) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value, $handle) . "'";
}
return $value;
}
$email = $_POST['email'];
$password = $_POST['password'];
$username = $_POST['username'];
$email1 = $_POST['email'];
$username1 = $_POST['username'];
$password1 = $_POST['password'];
$email = htmlspecialchars($email);
$password = htmlspecialchars($password);
$username = htmlspecialchars($username);
$connect = mysql_connect("localhost","DBuser", "DBpassword");
if (!$connect) {
die(mysql_error());
}
mysql_select_db("DBName");
$results = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($row = mysql_fetch_array($results)) {
$kudots = $row['username']; }
if ($kudots != ""){
$errorMessage = "Username Already Taken";
$doNothing = 1;
}
$result = mysql_query("SELECT * FROM users WHERE email = '$email'");
while($row2 = mysql_fetch_array($results)) {
$kudots2 = $row2['email']; }
if ($kudots2 != ""){
$errorMessage = "Email Already in use";
$doNothing = 1;
}
//test to see if $errorMessage is blank
//if it is, then we can go ahead with the rest of the code
//if it's not, we can display the error
if ($errorMessage == "") {
$user_name = "DBUsername";
$pass_word = "DBPassword";
$database = "DBName";
$server = "localhost";
$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$email = quote_smart($email, $db_handle);
$password = quote_smart($password, $db_handle);
$username = quote_smart($username, $db_handle);
if ($username1 == ""){
$errorMessage = "You need a username";
}
if ($password1 == ""){
$errorMessage = $errorMessage . "<br>You need a password.";
}
if (!(isset($_POST['email']))){
$errorMessage = $errorMessage . "<br>You need an email.";
}
$SQL = "SELECT * FROM users WHERE email = $email";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);
if ($num_rows > 0) {
$errorMessage = "email already exists";
$doNothing = 1;
}
if ($errorMessage == "") {
$SQL = "INSERT INTO users (email, username, password) VALUES ($email, $username, $password)";
$result = mysql_query($SQL);
mysql_close($db_handle);
//=================================================================================
// START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login
// SEND USER TO A DIFFERENT PAGE AFTER SIGN UP
//=================================================================================
session_start();
$_SESSION['email'] = "$email1";
$_SESSION['password'] = "$password1";
header ("Location: myaccount.php");
else {
$errorMessage = "Database Not Found";
}
}
OK, now echo $errorMessage right below or above the form, to inform the user that the Email, or Username is taken. I'm pretty sure I have a duplicate function in here for the Email, but this code does work; disregard if somebody says it's vulnerable to SQL injection; this is a working EXAMPLE! If you want to do MySQL real escape string, just Google it. I had to rewrite a couple things because I don't want my full code on a public board, if for some odd reason this doesn't work; send me an eMail(canadezo121#gmail.com) and I'll send you the full page code. (Which WORKS!) This code will probably raise some concerns with other more professional coders, this example gives you a good logical viewpoint of what goes on and how it works. You can adjust it to MySQLi, PDO, etc as you get more familiar with PHP and MySQL.
1 you must verify if the username all ready exists in database (Select)
2 if not exists after you can insert the new user
i am currently in the process of creating a registration page for my website, i have managed to make it work and it adds the user to my main table user_info, however i also have other tables that i want the system to insert the user into when they join, such as a log for their ip address, the problem is i thought it would be a simple cas of selecting the user info and then inserting the fields into the ip_address table, but i keep getting the error
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'terminated')' at line 1"
Anyway here is my code for the whole php script, the new lines of code that cause the error are from lines 171 - 176 (The last 5 lines at the bottom of the big block of code).
Thanks
<?php
if (isset ($_POST['firstname'])){
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers
$email = $_POST['email'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
$paypal_email = $_POST['paypal_email'];
$country = $_POST['country'];
$kingdom_name = $_POST['kingdom_name'];
$kingdom_motto = $_POST['kingdom_motto'];
$referal = $_POST['referal'];
$email = stripslashes($email);
$password = stripslashes($password);
$cpassword = stripslashes($cpassword);
$email = strip_tags($email);
$password = strip_tags($password);
$cpassword = strip_tags($cpassword);
// Connect to database
include_once "connect_to_mysql.php";
$emailCHecker = mysql_real_escape_string($email);
$emailCHecker = str_replace("`", "", $emailCHecker);
// Database duplicate username check setup for use below in the error handling if else conditionals
$sql_uname_check = mysql_query("SELECT username FROM user_info WHERE username='$username'");
$uname_check = mysql_num_rows($sql_uname_check);
// Database duplicate e-mail check setup for use below in the error handling if else conditionals
$sql_email_check = mysql_query("SELECT email FROM user_info WHERE email='$emailCHecker'");
$email_check = mysql_num_rows($sql_email_check);
// Error handling for missing data
if ((!$firstname) || (!$lastname) || (!$username) || (!$email) || (!$password) || (!$cpassword) || (!$paypal_email) || (!$kingdom_name) || (!$kingdom_motto)) {
$errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';
if(!$firstname){
$errorMsg .= ' * Firstname<br />';
}
if(!$lastname){
$errorMsg .= ' * Lastname<br />';
}
if(!$username){
$errorMsg .= ' * Username<br />';
}
if(!$email){
$errorMsg .= ' * Email<br />';
}
if(!$password){
$errorMsg .= ' * Password<br />';
}
if(!$cpassword){
$errorMsg .= ' * Password Check<br />';
}
if(!$paypal_email){
$errorMsg .= ' * Paypal Email<br />';
}
if(!$kingdom_name){
$errorMsg .= ' * Kingdom Name<br />';
}
if(!$kingdom_motto){
$errorMsg .= ' * Kingdom Motto<br />';
}
} else if ($password != $cpassword) {
$errorMsg = 'ERROR: Your Password fields below do not match<br />';
} else if (strlen($username) < 4) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />";
} else if (strlen($username) > 20) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />";
} else if ($uname_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />";
} else if ($email_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />";
} else { // Error handling is ended, process the data and add member to database
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
// Add MD5 Hash to the password variable
$db_password = md5($password);
// GET USER IP ADDRESS
$ipaddress = getenv('REMOTE_ADDR');
// Add user info into the database table for the main site table
$sql = mysql_query("INSERT INTO user_info (firstname, lastname, username, email, password, country, sign_up_date)
VALUES('$firstname','$lastname','$username','$email','$password', '$country', now())")
or die (mysql_error());
$id = mysql_insert_id();
// Create directory(folder) to hold each user's files(pics, MP3s, etc.)
mkdir("members/$id", 0755);
////////////////////////////////////////////////////////////////////////
///////////////BUILDING THE USER PROFILES///////////////////////////////
$sql_id = ("SELECT * FROM user_info WHERE username = '$username'");
$result = mysql_query($sql_id);
$sql_result = mysql_fetch_array($result);
$sql = mysql_query("INSERT INTO ip_log (id, ip_log) VALUES ('$id', '$ipaddress'") or die (mysql_error());
include_once 'registration_success.php';
exit();
} // Close else after duplication checks
} else { // if the form is not posted with variables, place default empty variables so no warnings or errors show
$errorMsg = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$password= "";
$cpassword = "";
$paypal_email = "";
$kingdom_name = "";
$kingdom_motto = "";
$referal = "";
}
?>
Closing parentheses missing here:
"INSERT INTO ip_log (id, ip_log) VALUES ('$id', '$ipaddress'"