I have a posting script where I need to put the post in a database but I need some data from another table to put into the post table, and I do not know how to do this, here's my code.
<body>
<?php
include ("include/header.html");
include ("include/sidebar.html");
?>
<div class="container">
<?php
require_once('appvars.php');
require_once('connectvars.php');
// Make sure the user is logged in before going any further.
if (!isset($_SESSION['user_id'])) {
echo '<p class="login">Please log in to access this page.</p>';
exit();
}
else {
echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '. Log out.</p>');
}
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (isset($_POST['submit'])) {
// Grab the profile data from the POST
$post1 = mysqli_real_escape_string($dbc, trim($_POST['post1']));
$error = false;
// Update the profile data in the database
if (!$error) {
if (!empty($post1)) {
// Only set the picture column if there is a new picture
if (!empty($new_picture)) {
$query = "INSERT INTO `ccp2_posts` (`post`) VALUES ('$post1')";
}
else {
$query = "INSERT INTO `ccp2_posts` (`post`) VALUES ('$post1')";
}
mysqli_query($dbc, $query);
// Confirm success with the user
echo '<p>Your profile has been successfully updated. Would you like to view your profile?</p>';
mysqli_close($dbc);
exit();
}
else {
echo '<p class="error">You must enter all of the profile data (the picture is optional).</p>';
}
}
} // End of check for form submission
else {
$error = false;
// Grab the profile data from the database
$query = "SELECT first_name, last_name FROM ccp2_user WHERE user_id = '" . $_SESSION['user_id'] . "'";
$data = mysqli_query($dbc, $query);
$row = mysqli_fetch_array($data);
//DO I NEED TO PUT SOMETHING HERE TO SET A VARIABLE//
//FOR THE FIRST_NAME AND LAST_NAME VALUES TO PUT IN//
//THE DATABASE?//
if (!empty($new_picture)) {
$query = "INSERT INTO `ccp2_posts` (`first_name`, `last_name`) VALUES ('$first_name', '$last_name')";
}
else {
$query = "INSERT INTO `ccp2_posts` (`first_name`, `last_name`) VALUES ('$first_name', '$last_name')";
}
mysqli_query($dbc, $query);
else {
echo '<p class="error">There was a problem accessing your profile.</p>';
}
}
mysqli_close($dbc);
?>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MM_MAXFILESIZE; ?>" />
<fieldset>
<legend>Personal Information</legend>
<label type="hidden" for="post1">Post:</label><br />
<textarea rows="4" name="post1" id="post1" cols="50">Post Here...</textarea><br />
</fieldset>
<input type="submit" value="Save Profile" name="submit" />
</form>
</div>
<?php
include ("include/footer.html");
?>
</body>
</html>
I need to take the first_name and last_name data from my ccp2_user table and put it in the first_name and last_name area in the ccp2_posts table. Help?
Your $row variable should have the values of first_name and last_name:
$first_name = $row['first_name'];
$last_name = $row['last_name'];
Related
Iam trying to create a private messaging system in which user sends message to another user and that content is inserted into database..Iam using a random number called hash to identify a conversation between two people..table for that is "message_group" and table for saving messages is "messages"..here comes the problem..
When I type something in text area and click on sendmessage button it inserts the data into the messages database..But if type something again and try to send it , the data wont enter into database..coz of this the other person is getting only first message..Please help me solving this problem..here's the code
<html>
<head>
<title>new convo</title>
</head>
<body>
<?php include 'connect.php';?>
<?php include 'message_title_bar.php';?>
<?php include 'functions.php';?>
<div>
<?php
if(isset($_GET['user']) && !empty($_GET['user'])){
?>
<form method='post'>
<?php
if(isset($_POST['message']) && !empty($_POST['message'])){
$my_id=$_SESSION['user_id'];
$user=$_GET['user'];
$random_number=rand();
$message=$_POST['message'];
$connect = mysqli_connect('localhost','root','','php_mysql_login_system');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query_string = "SELECT `hash` FROM `message_group` WHERE (`user_one`='$my_id' AND `user_two`='$user') OR (`user_one`='$user' AND `user_two`='$my_id')";
$check_con=mysqli_query($connect,$query_string) or die(mysqli_error($connect));
if(mysqli_num_rows($check_con)==1){
echo "<p>Conversation already Started</p>";
}else{
$connect = mysqli_connect('localhost','root','','php_mysql_login_system');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
mysqli_query($connect,"INSERT INTO message_group VALUES('$my_id' , '$user' , '$random_number')");
mysqli_query($connect,"INSERT INTO messages VALUES ('','$random_number','$my_id','$message')");
echo "<p>Conversation started</p>";
}
}
?>
Enter message:<br />
<textarea name='message' rows='7' cols='60'></textarea>
<br />
<br />
<input type='submit' name="submit" value="sendmessage" />
</form>
<?php
}
else{
echo "<b>Select User</b>";
$connect = mysqli_connect('localhost','root','','php_mysql_login_system');
$user_list=mysqli_query($connect,"SELECT `id`,`username` FROM `users`");
while($run_user=mysqli_fetch_array($user_list)){
$user = $run_user['id'];
$username = $run_user['username'];
echo "<p><a href='send.php?user=$user'>$username</a></p>";
}
}
?>
</div>
</body>
</html>
Any help is appreciated.
<html><head><title>new convo</title></head><body>
<?php include 'connect.php'; ?>
<?php include 'message_title_bar.php'; ?>
<?php include 'functions.php'; ?>
<?php $connect = mysqli_connect('localhost', 'root', '', 'php_mysql_login_system'); if (mysqli_connect_errno()) echo "Failed to connect to MySQL: " . mysqli_connect_error(); ?>
<div>
<?php
if (isset($_GET['user']) && !empty($_GET['user'])) {
?>
<form method='post'>
<?php
if (isset($_POST['message']) && !empty($_POST['message'])) {
$my_id = $_SESSION['user_id'];
$user = $_GET['user'];
$message = $_POST['message'];
$query_string = "SELECT `hash` FROM `message_group` WHERE (`user_one`='$my_id' AND `user_two`='$user') OR (`user_one`='$user' AND `user_two`='$my_id')";
$check_con = mysqli_query($connect, $query_string);
if (mysqli_num_rows($check_con)) {
$f_array = mysqli_fetch_array($check_con);
$hash = $f_array['hash'];
echo "<p>Conversation already Started</p>";
} else {
$hash = rand();
mysqli_query($connect, "INSERT INTO message_group VALUES('$my_id' , '$user' , '$hash')");
echo "<p>Conversation started</p>";
}
mysqli_query($connect, "INSERT INTO messages VALUES ('', '$hash', '$my_id', '$message')");
}
?>
<label for="message">Enter message:</label>
<textarea name='message' id="message" rows='7' cols='60'></textarea>
<br/>
<br/>
<input type='submit' name="submit" value="sendmessage"/>
</form>
<?php
} else {
echo "<b>Select User</b>";
$user_list = mysqli_query($connect, "SELECT `id`,`username` FROM `users`");
while ($run_user = mysqli_fetch_array($user_list)) {
$user = $run_user['id'];
$username = $run_user['username'];
echo "<p><a href='send.php?user=$user'>$username</a></p>";
}
}
?>
</div>
</body>
</html>
There are many mistakes in code brother read basic first... and you are not using echo function to print old chat.
Just echo old chat. before post function.
steps:
1. Check if users already chatting.
2. If they are chatting echo chat which they already chatted.
3. If not chatting then start new chat.
4. if they are not chatting you dont need to echo anything just echo new message.
Your present code will just show you last message i think. because your page getting reload. and after it loads its just printing your last message in my view.. you need to print old chat as well.
I've been working on a website login, and so far, I have the database and register page set up, but I'm trying to work on a Login page. I've been trying to retrieve data from the Database's Table. I was successfull at doing so on my register page to make sure there aren't multiple usernames of the same name, so I copied some of the code and pasted it onto this page. The problem: it returns blank. Please help... ._.
`
KHS SiteSpace
<div id="header">
<img src="./IMAGES/khslogo2.png" style="margin-left:4;float:left;" width="100" hieght="100">
<b>KHS<span id="name">SiteSpace</span></a>
<!--img src="./IMAGES/Menu.png" style="float:right;margin-right:6;" height="100" width="90"-->
</div>
<div id="content">
<p id="subTitle">Login</p>
<div style="float:left;height:30%;">
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post" id="register"><br>
Username:<br>
<input type="text" name="name"><br><br>
Password:<br>
<input type="password" name="pass">
<br><br>
<input type="submit" value="Confirm">
</form>
</div>
<div style="float:right;width:50%;border-style:none none none solid; border-color:222222;border-width:4;height:30%;">
<p style="margin-left:20;font-size:20;">Output:</p>
<p style="margin-left:20;padding-bottom:15;">
<?php
error_reporting(0);
#ini_set('display_errors', 0);
session_start();
$conn = new mysqli("localhost", "shanedrgn", "getting321", "Users");
if (!$conn) {die("Failure to connect");}
$name = trim($_POST['name']);
$pass = trim($_POST['pass']);
if (empty($name) or empty($pass)) {echo "Empty Fields";} else {
$name = trim($_POST['name']);
$pass = trim($_POST['pass']);
echo "Check: The fields arent empty...";#OUTPUT
echo "Testing Variables...";#OUTPUT
//Error Trapping
$sql = "SELECT Username FROM Users where Username = '$name'";
$Data = mysqli_query($conn, $sql);
if($record=mysqli_fetch_array($Data)) {
$nameTrap = $record['Username'];
}
$sql = "SELECT Address FROM Users where Address = '$address'";
$Data = mysqli_query($conn, $sql);
if($record=mysqli_fetch_array($Data)) {
$ipTrap = $record['Address'];
}
if ($nameTrap == $name) {
echo "Check: Username Exists...";
if ($passTrap == $pass) {
echo "Password is correct!";
$_SESSION['User'] = $name;
$sql = "SELECT * FROM Users where Username = '$name'";
$Data = mysqli_query($conn, $sql);
$record=mysqli_fetch_array($Data);
session_start();
$_SESSION['id'] = $record['id'];
echo "<script>alert('You have successfully logged in!')</script>";
sleep(4);
header("Location: ./index.php"); /* Redirect browser */
exit();
} else { echo "Password Invalid";}
} else {echo "That username doesn't exist!";echo $name.";;";echo $nameTrap;}
}
?>
</p></div>
</div>
</body>
</html>`
EDIT: Added missing code
You are doing this:
echo "<script>alert('You have successfully logged in!')</script>";
sleep(4);
header("Location: ./index.php"); /* Redirect browser */
I understand, what you try, but it can't work. You can't set an Header after sending Body-Content - what you do using echo.
You should use JavaScript for your redirect, after the 4 second timeout. Use setTimeout and window.location.
I have used an isset() function on 'submit' to store and retrieve my html form inputs. However all my SQL data in my table only gets displayed after I clicked the submit function on the browser as I programmed it that way.
I would like to make it now so that even when I refresh the browser the html form input remains permanently and I do not have to click submit to fetch the entire table and display (it rather displays itself straight away).
Please show me how I can go about this?
below is my code:
<?php
require_once "connection.php";
if(isset($_POST['submit'])) {
$question = $_POST['question'];
$description = $_POST['description'];
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME );
if($conn->connect_error) {
die("connection error: " . $conn->connect_error);
} else {
echo "Submit button connected to database!";
}
}
if(isset($_POST['question']) && $_POST['description']) {
$sql = " INSERT INTO `ask` (question_id, question, description) VALUES
(NULL, '{$question}', '{$description}' ) ";
if($conn->query($sql)) {
echo "it worked";
} else {
echo "error: " . $conn->error;
exit();
}
$query = "SELECT * FROM `ask` ";
$result = $conn->query($query);
while($row = $result->fetch_assoc()) {
echo "<p> {$row['question']}</p>";
echo "<p> {$row['description']}</p>";
}
$conn->close();
}
?>
<!DOCTYPE html>
<html>
<head></head>
<body>
<div id="submitQuestion">
<form action="" method="post">
<input type="text" name="question"/>
<textarea name="description" rows="10" cols="20"></textarea>
<input type="submit" name="submit" value="ASK"/>
</form>
</div>
</body>
</html>
If I've correctly understood the question, you would like to always display all entries and add new data only when it's required. For this goal, you can connect and retrieve data independently from form submission, and insert new data only when required.
<?php
require_once "connection.php";
// Connect to database
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME );
if($conn->connect_error) {
die("connection error: " . $conn->connect_error);
}
// Insert new data if required
if(isset($_POST['submit']) && isset($_POST['question']) && isset($_POST['description']))
{
$question = $_POST['question'];
$description = $_POST['description'];
$sql = " INSERT INTO `ask` (question_id, question, description) VALUES
(NULL, '{$question}', '{$description}' ) ";
if(!$conn->query($sql)) {
echo "error during insert: " . $conn->error;
exit();
}
}
// Display data
$query = "SELECT * FROM `ask` ";
$result = $conn->query($query);
while($row = $result->fetch_assoc()) {
echo "<p> {$row['question']}</p>";
echo "<p> {$row['description']}</p>";
}
// Close database connection
$conn->close();
?>
<!DOCTYPE html>
<html>
<head></head>
<body>
<div id="submitQuestion">
<form action="" method="post">
<input type="text" name="question"/>
<textarea name="description" rows="10" cols="20"></textarea>
<input type="submit" name="submit" value="ASK"/>
</form>
</div>
</body>
</html>
<?php
require_once "connection.php";
if(isset($_POST['submit'])) {
$question = $_POST['question'];
$description = $_POST['description'];
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME );
if($conn->connect_error) {
die("connection error: " . $conn->connect_error);
} else {
echo "Submit button connected to database!";
}
}
if(isset($_POST['question']) && $_POST['description']) {
$sql = " INSERT INTO `ask` (question_id, question, description) VALUES
(NULL, '{$question}', '{$description}' ) ";
if($conn->query($sql)) {
echo "it worked";
} else {
echo "error: " . $conn->error;
exit();
}
}
$query = "SELECT * FROM `ask` ";
$result = $conn->query($query);
while($row = $result->fetch_assoc()) {
echo "<p> {$row['question']}</p>";
echo "<p> {$row['description']}</p>";
}
$conn->close();
?>
<!DOCTYPE html>
<html>
<head></head>
<body>
<div id="submitQuestion">
<form action="" method="post">
<input type="text" name="question"/>
<textarea name="description" rows="10" cols="20"></textarea>
<input type="submit" name="submit" value="ASK"/>
</form>
</div>
As I told you in the other question..
I am making a simple user update page where the user can update the password and their email, but I want to do it with two separate forms, because if I use one, and sent one of the field empty, it will update it to empty in the database. (And I want the user to be able to update only email or only username).
Here is my code:
<html>
<body>
<?php
$con=mysqli_connect();
session_start();
if (!isset($_SESSION['ID'])){
header('location:login.php');
}
//
?>
<?php
if(!isset($_POST['submit'])) {
$con=mysqli_connect();
} else {
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
}
?>
<?php
$email = mysqli_real_escape_string($con,$_POST['Email']);
$password = mysqli_real_escape_string ($con,$_POST['Password']);
$ID = $_SESSION['ID'];
$emailErr = $passwordErr="";
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$email))
{
$emailErr = "Please enter a valid Email Address";
}
else {
$sql="UPDATE `customer`
SET `Email`='$email'
WHERE `ID`='$ID'";
$result = mysqli_query($con,$sql);
echo "Update complete!";
//header("Location: userpage.html");
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
}
}
?>
<form action=<?php echo htmlspecialchars($_SERVER["PHP_SELF"])?> method="post"><br />
Email:<br /> <input type="text" name="Email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span><br /><br />
<input type="submit">
</form>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (!preg_match("/^[a-zA-Z0-9#_]*$/",$password))
{
$passwordErr = "Please enter a valid password";
}
else {
$sql="UPDATE `customer`
SET `Password`='$password'
WHERE `ID`='$ID'";
$result = mysqli_query($con,$sql);
echo "Update complete!";
//header("Location: userpage.html");
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
}
}
mysqli_close($con);
?>
<form action=<?php echo htmlspecialchars($_SERVER["PHP_SELF"])?> method="post"><br />
Password:<br /> <input type="password" name="Password">
<span class="error">* <?php echo $passwordErr;?></span><br /><br />
<input type="submit">
</form>
</body>
</html>
With this code if I update the second form (which is the password) I will get an error for the first one, because it executes on submit.
How can I make it so that I have two forms on the same page that update different rows in the table on clicking the submit button, without redirecting to a different page?
Thank you
You could give each submit (or other input) a unique name, and check if it's set after POSTing
For example, give your submit button a name:
<input type="submit" name="turtle">
And in your PHP:
<?php
if(isset($_POST['turtle'])) {
// Process the form associated with the "turtle" submit button.
} else {
// Do the other form stuff.
}
?>
Why don't you combine into one form and check if the user has entered a password?
<?php
$con = mysqli_connect();
session_start();
if (!isset($_SESSION['ID'])){
header('location:login.php');
}
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if (isset($_POST['submit'])):
$email = mysqli_real_escape_string($_POST['Email']);
$password = mysqli_real_escape_string($_POST['Password']);
$ID = $_SESSION['ID'];
// Validate Email
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$email)) {
$errors[] = "Please enter a valid Email Address";
}
// Check if the password field has been filled in
if($password) {
// If it has then do your regex...
if (!preg_match("/^[a-zA-Z0-9#_]*$/",$password)) {
$errors[] = "Please enter a valid password";
$update_password = false;
} else {
$update_password = true;
}
}
if(count($errors) == 0) {
// Update Email
$sql="UPDATE `customer`
SET `Email`='$email'
WHERE `ID`='$ID'";
$result = mysqli_query($con,$sql);
// If the test above passed then update the password
if($update_password) {
$sql="UPDATE `customer`
SET `Password`='$password'
WHERE `ID`='$ID'";
$result = mysqli_query($con,$sql);
}
echo 'Update Complete';
//header("Location: userpage.html");
}
?>
<?php else: ?>
<form action=<?php echo htmlspecialchars($_SERVER["PHP_SELF"])?> method="post"><br />
<?php if($errors): ?>
<span class="error">* <?php echo explode(', ',$errors);?></span><br /><br />
<?php endif; ?>
Email:<br /> <input type="text" name="Email" value="<?php echo $email;?>">
Password:<br /> <input type="password" name="Password">
<input type="submit" name="submit">
</form>
<?php endif; ?>
P.S I tidied up your code as it gave me a hernia.
Use hidden inputs to seperate requests
OR
Use seperate files for your different forms as targets...
OR
Use jboneca's answer
i am new in php/mysql and sorry if my question is silly. I am trying to make a register/login/logout system with php and mysql. My skills are not good and i am not a programmer, so i tried to change a script that i found on the web. It contains files, index.php, activate php. login.php, logout.php, register.php.
It worked great when I tried the example given, but i changed the code quite a bit because I wanted the user to add more values in register like first name, last name etc and not just username, password and email. So I changed the code and added more columns on the mysql database. Now it won t work, it says that can 't find user when i try to activate and i also can 't log in.
index.php: is a very simple file that has an html form and asks unknown user if he wants to login or register and also starts a session
logout.php: simply unsets session
login.php:
<?php session_start(); ?>
<html>
<body>
<?php
if(isset($_POST["user"])){
$con = mysql_connect("localhost","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("myapp", $con);
$sql = "SELECT * FROM `users` WHERE `user` LIKE '". mysql_real_escape_string($_POST["user"])
."' AND ".
"`pass` LIKE MD5('". mysql_real_escape_string($_POST["pass"])
."') AND ".
"`active` = 'DONE'";
$result = mysql_query($sql);
$found = 0;
while ($row = mysql_fetch_array($result)) {
if ($row[1]==$_POST["user"]) {
$found = 1;
}
}
if ($found) {
$_SESSION["USER"] = $_POST["user"];
?>Thank you for logging in<?
}
else {
?>User/Pass is wrong!<?
}
mysql_close($con);
}
else {
?>
Please log-in:<br/>
<form action="login.php" method="POST">
User: <input type="text" name="user"><br />
Pass: <input type="password" name="pass"><br />
<input type="submit" />
</form>
<?php
}
?>
register.php:
<?php session_start(); ?>
<html>
<body>
<?php
if(isset($_POST["user"])){
$con = mysql_connect("localhost","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("myapp", $con);
$random = rand();
$sql = "INSERT INTO `myapp`.`users` (`id`, `user`, `pass`, `active`, `firstname`, `lastname`, `mail`) ".
" VALUES (NULL, '". mysql_real_escape_string($_POST["user"])
."', MD5('".mysql_real_escape_string($_POST["pass"])
."'), '".mysql_real_escape_string($random)
."'), '".mysql_real_escape_string($_POST["firstname"])
."'), '".mysql_real_escape_string($_POST["lastname"])
."')'".mysql_real_escape_string($_POST["mail"])
."');";
mysql_query($sql);
mysql_close($con);
$message = "Please put this url http://localhost/mypage/activate.php?active=" . $random . " in your browser to activate your account.";
#mail($_POST["mail"], 'Thank you for registering', $message);
?>Thank you <?php echo $_POST["user"]; ?> we send you a confirmation e-mail in <?php echo $_POST["mail"]; ?><?php
echo $message;
}
else {
?>
Please register:<br/>
<form action="register.php" method="POST">
User: <input type="text" name="user"><br />
Pass: <input type="password" name="pass"><br />
firstname:<input type="text" name="firstname"><br />
lastname:<input type="text" name="lastname"><br />
mail: <input type="text" name="mail"><br />
<input type="submit" />
</form>
<?php
}
?>
activate.php:
<?php session_start(); ?>
<html>
<body>
<?php
if(isset($_GET["active"])){
$con = mysql_connect("localhost","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("myapp", $con);
$sql = "SELECT * FROM `users` WHERE `active` LIKE '".
mysql_real_escape_string($_GET["active"])."'";
$result = mysql_query($sql);
$found = 0;
while ($row = mysql_fetch_array($result)) {
$found = 1;
}
if ($found) {
$sql = "UPDATE `users` SET `active` ='DONE'";
$result = mysql_query($sql);
?>Thank you for activating<?
}
else {
?>Can't find user!<?
}
mysql_close($con);
}
else {
?>Invalid activation<?php
}
?>
</body>
</html>
any help would be welcome, thank you and sorry for the long post!! ^_^
In register.php, you have an error in the SQL syntax, you have too many closed parentheses.
Replace this part like this:
$sql = "INSERT INTO `myapp`.`users` (`id`, `user`, `pass`, `active`, `firstname`, `lastname`, `mail`) VALUES
(NULL,".
"'". mysql_real_escape_string($_POST["user"])."',".
"MD5('".mysql_real_escape_string($_POST["pass"])."'),".
"'".mysql_real_escape_string($random)."',".
"'".mysql_real_escape_string($_POST["firstname"])."',".
"'".mysql_real_escape_string($_POST["lastname"])."',".
"'".mysql_real_escape_string($_POST["mail"])."');";