homepage Welcome to WebmasterWorld Guest from 54.204.215.209
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Registration Page
fatthumb




msg:3327928
 9:45 pm on May 1, 2007 (gmt 0)

Hello everybody!
I have been knocking my head to the ground for almost a week with this part. I'm totally new to this scripting PHP phase. I'm using Dreamweaver for my dynamic pages and this registration page is killing me. It does the work for which is intended unless i add the user authentication behavior to it. when a new user is submitted it returns this error message.

Unknown column 'ho234' in 'where clause'

this is my code:

<?php require_once('../Connections/conn_users.php');?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc()? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string")? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue!= "")? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue!= "")? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue!= "")? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue!= "")? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue!= "")? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="registration_failed.php";
$loginUsername = $_POST['user_name'];
$LoginRS__query = sprintf("SELECT `user_name` FROM `users` WHERE `user_name`=`%s`", GetSQLValueString($loginUsername, "-1"));
mysql_select_db($database_conn_users, $conn_users);
$LoginRS=mysql_query($LoginRS__query, $conn_users) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);

//if there is a row in the database, the username was found - can not add the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO `users` (`name`, `lastname`, `user_name`, `password`, `address`, `city`, `state`, `zipcode`, `email`, `phone`) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['name'], "text"),
GetSQLValueString($_POST['lastname'], "text"),
GetSQLValueString($_POST['user_name'], "text"),
GetSQLValueString($_POST['password'], "text"),
GetSQLValueString($_POST['address'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['state'], "text"),
GetSQLValueString($_POST['zipcode'], "int"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['phone'], "text"));

mysql_select_db($database_conn_users, $conn_users);
$Result1 = mysql_query($insertSQL, $conn_users) or die(mysql_error());

$insertGoTo = "exito.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?'))? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>

any idea what a heck did I do wrong?

 

eelixduppy




msg:3328045
 12:00 am on May 2, 2007 (gmt 0)

Welcome to WebmasterWorld!

That error is coming from MySQL, therefore there is a problem with this query:

$LoginRS__query = sprintf("SELECT `user_name` FROM `users` WHERE `user_name`=`%s`", GetSQLValueString($loginUsername, "-1"));

Try something like this:

$LoginRS__query = "SELECT `user_name` FROM `users` WHERE `user_name` = '".GetSQLValueString($loginUsername, "-1")."'";

quixotic




msg:3328047
 12:02 am on May 2, 2007 (gmt 0)

At a quick glance, it looks like you used backtics `, where you probably wanted single quotes ', in your WHERE clause:

`%s` should be '%s' in your query. Like this:
$LoginRS__query = sprintf("SELECT `user_name` FROM `users` WHERE `user_name`='%s'", GetSQLValueString($loginUsername, "-1"));

The ticks are used when the value refers to a column in MySql. Since there is no column labeled ho234, you get an error. Likely what you wanted was to see if the user ho234 existed in the column user_name, ie. user_name = 'ho234'.

fatthumb




msg:3328877
 5:44 pm on May 2, 2007 (gmt 0)

thanks guys! Up and running! thank you soooo much.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved