Forum Moderators: coopster
$get_citystate = "SELECT city, state FROM zipcodes WHERE '$zipcode' = zip";
$get_citystate_results = mysql_query($get_citystate);
if (!$get_citystate_results) {
die('<p>error retrieving zipcode<br>' . 'Error: ' . mysql_error() . '</p>');
} else {
...it SHOULD display that error message, and NOT add a user to the database if they did not supply a valid 5 digit US Zipcode... however, it simply accepts whatever random letters i type in the field. I have been messing with this for over an hour, and i cannot get it to display the error message in the event of an invalid password. Does anyone out there see what is wrong with this?
I have tried to omit all specifics...
<?php
function is_alphachar($text) {
for ($i = 0; $i < strlen($text); $i++) {
if (!ereg("[A-Za-z0-9_]", $text[$i])) {
return 1;
}
}
}
if (!isset($_POST['join'])){
?>
<P align="left" class="pleft">
<B>JOIN</B><BR><BR>
Add your own entry by choosing a username and entering your name below.<BR><BR>
</P>
<P align="right" class="pright">
<FORM action="<?=$_SERVER['PHP_SELF']?>" method="post">
Desired username: <INPUT type="text" name="newname" maxlength="20" class="bord"><BR><BR>
Your name: <INPUT type="text" name="realname" class="bord"><BR><BR>
Your e-mail address: <INPUT type="text" name="email" class="bord"><BR><BR>
Your zip code: <INPUT type="text" name="zipcode" maxlength="5" class="bord"><BR><BR>
<INPUT type="submit" name="join" value="join" style="height: 22px; width: 44px; font-size: 9px; font-weight: bold; font-family: Arial; border: 2px solid ivory" onFocus="if(this.blur)this.blur()">
</FORM>
</P>
<?php
}else{
$newname = $_POST['newname'];
$realname = $_POST['realname'];
$email = $_POST['email'];
$zipcode = $_POST['zipcode'];
$password = "";
for($i=0;$i<=5;$i++) $password .= chr(97+rand(0,6));
$account = 0;
if (is_alphachar($newname) == 1) {
echo("<P style='color:red;'><B>Invalid username.</B><BR>Please use only letters, numbers, and the underscore. Your username must be between 3 and 20 characters long.");
?>
<P align="left">
<B>JOIN</B><BR><BR>
Add your own entry to the Musicians' Index by choosing a username and entering your name below.<BR><BR>
</P>
<P align="right" class="pright">
<FORM action="<?=$_SERVER['PHP_SELF']?>" method="post">
Desired username: <INPUT type="text" name="newname" maxlength="20" class="bord"><BR><BR>
Your name: <INPUT type="text" name="realname" class="bord"><BR><BR>
Your e-mail address: <INPUT type="text" name="email" class="bord"><BR><BR>
Your zip code: <INPUT type="text" name="zipcode" maxlength="5" class="bord"><BR><BR>
<INPUT type="submit" name="join" value="join" style="height: 22px; width: 44px; font-size: 9px; font-weight: bold; font-family: Arial; border: 2px solid ivory" onFocus="if(this.blur)this.blur()">
</FORM>
</P>
<?php
}else{
include("zip_database.php");
mysql_select_db($zip_db, $zip_con);
$get_citystate = "SELECT city, state FROM zipcodes WHERE '$zipcode' = zip";
$get_citystate_results = mysql_query($get_citystate);
if (!$get_citystate_results) {
die('<p>error retrieving zipcode<br>' . 'Error: ' . mysql_error() . '</p>');
} else {
while ($result = mysql_fetch_array($get_citystate_results)) {
$city = $result['city'];
$state = $result['state'];
}
mysql_close($zip_con);
include("database.php");
mysql_select_db($db, $con);
if ($_POST['newname']=='' or $_POST['realname']==''
or $_POST['email']=='') {
error('One or more required fields were left blank.\\n'.
'Please fill them in and try again.');
}
// Check for existing user with the new id
$unique = "SELECT COUNT(*) FROM musicians WHERE username = '$newname'";
$result = mysql_query($unique)or die("the index is broken".mysql_error());
if (mysql_result($result,0,0)>0) {
error('A user already exists with your chosen username.\\n'.
'Please try another.');
}
$zipcode = $_POST['zipcode'];
$sql = "insert into musicians (id, username, password, name, email, date, account, city, state, zip, nation, listing, gear, philosophy, vocalist, lyricist, rehearsal, pasystem, classical, original, cover, jam, lastdate) values ('', '$newname', '$password', '$realname', '$email', now(), '$account', '$city', '$state', '$zipcode', '', '', '', '', '', '', '', '', '', '', '', '', now())";
mysql_query($sql)or die("ERROR" .mysql_error());
mysql_close($con);
$message = "Hi $realname
Thanks for joining the
this has been edited out for semi-brevity.
";
mail($_POST['email'],"somewhere.net - PASSWORD",
$message, "From:somewhere.net <someone@somewhere.net>");
?>
<P align="right" class="pleft">
Thankyou for joining this website, <?=$realname?>.<BR><BR>
Your username is <FONT color="maroon"><?=$newname?></FONT>, and your randomly generated password has been sent to <FONT color="maroon"><?=$email?></FONT>.<BR><BR>
If your zip code is not <?=$zipcode?>, you need to update this information from your control panel after you log in.<BR><BR>
After logging in with your password you can set up your profile to begin networking with other musicians.
</P>
<?php
}
}
}
?>
$get_citystate = "SELECT city, state FROM zipcodes WHERE '$zipcode' = zip";
$get_citystate = "SELECT city, state FROM zipcodes WHERE 'zip' = $zipcode";
#This syntax works fine. I use it throughout my site. When i enter a valid zipcode, the script does exactly what i like it to.
___________________________________
$get_citystate = "SELECT city, state FROM zipcodes WHERE zip='$zipcode'";
#That's the only variation i use of it, which also works fine for me. Is my syntax supposed to be improper?
if (!$get_citystate_results) {
mysql_query()TRUEmysql_num_rows
if (mysql_num_rows($get_citystate_results) == 0) {
