0

I have an issue with a PHP page which displays a "?>" symbol in the top left corner. It looks like this:

<?php 

include_once("DBconnect.php");

$getuser = $_POST["RegUsername"];
$getpass = $_POST["Pass"];
$getrepass = $_POST["RePass"];
$getemail = $_POST["Email"];

if($getuser){
    if($getpass){
        if($getrepass){
            if($getpass == $getrepass){
                if($getemail){
                    $code = rand();
                    if(mysqli_query($link, "INSERT INTO users VALUES ('', '$getuser', '$getpass', '$getemail', '0', '$code')")){
                        echo "INFO1";
                    }
                    else{
                        echo "ERROR6";
                    }
                }
                else{
                    echo "ERROR5";
                }
            }
            else{
                echo "ERROR4";
            }
        }
        else{
            echo "ERROR3";
        }
    }
    else{
        echo "ERROR2";
    }
}
else{
    echo "ERROR1";
}

?>

And I use this jQuery function to display the PHP returned value in my HTML page:

$("#RegSubmit").click(function(){
    $.post( $("#RegForm").attr("action"),
            $("#RegForm :input").serializeArray(),
            function(info){
                $("#RegErrorLog").empty();
                $("#RegErrorLog").html(info);
            }); 

    $("#RegForm").submit(function(){
        return false;
    });
});

I always get the "?>" in front of the PHP "ERROR" returned value. How can I get rid of that? Or how can I return a value from the PHP file using a variable instead of echo

Rikesh
  • 26,156
  • 14
  • 79
  • 87
Victor
  • 109
  • 1
  • 14
  • try creating new php file. – Jai Feb 23 '15 at 09:25
  • 1
    What's in the DBConnect.php file? – Ignas Feb 23 '15 at 09:25
  • This doesn't answer your question, but it's extremely important: implement SQL sanitization. Your code as it stands could allow attackers to easily manipulate your database or even delete every record within it. This thread is a very apt discussion on the importance of SQL sanitization: https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work – 1337ingDisorder Feb 23 '15 at 09:34

2 Answers2

2

I guess there's a problem in your DBconnect.php file.

Apart from that... you should really think about validating values taken from Http POSTs in your PHP script, before using them in db queries.

Sebastian P.
  • 818
  • 8
  • 20
1

Check if you are not printing that symbol on the included file "DBconnect.php".

Luthando Ntsekwa
  • 4,192
  • 6
  • 23
  • 52