0

Okay, believe me I have been sitting here for a long time staring at this. I can't for the life of me figure out what is wrong.

I get no error message even with them turned on. When I take away the die statements it displays the text at the end so it's definitely an SQL error. Gah I hate SQL!

<?php

include('functions.php');

if(!$_POST['regtype'] || !$_POST['regemail'] || !$_POST['regpass'] || !$_POST['regpass2']) {
"You didn't fill out a required field.";
exit();
}
if($_POST['regpass'] != $_POST['regpass2']) {
"Your passwords didn't match.";
exit();
}


$regtype = protect($_POST['regtype']);
$regemail = protect($_POST['regemail']);
$regpass = protect($_POST['regpass']);
$secregpass = sha1($regpass);
$regdate = date("Y/m/d");


// seems to be right below here

$checksql = "SELECT * FROM profile WHERE email = '$regemail'";
$checkquery = mysql_query($checksql,$connect) or die(mysql_error());
$checknumrows = mysql_num_rows($checkquery) or die(mysql_error());
if($checknumrows > 0) {
    "A user with that email already exists!";
    exit();
} else {

    $inssql = "INSERT INTO profile (email, pass, type, regdate) VALUES ('$regemail', '$secregpass', '$regtype','$regdate')";
    $insquery = mysql_query($inssql, $connect) or die(mysql_error());


    //these are just some of my notes       
    //need to make confirmation mail script later - or use donation verification as everything. def need to set up mail server


    $_SESSION['email'] = $regemail;

    echo "You have successfully registered.
            <br /><br />
            You're almost done! Please pick the charity you would like to donate to, and how much you would like to donate (minimum of $25).
            <br /><br />
            If you can't decide, you can donate to our general fund, which is equitably distributed to each charity (and is not handled by us!).
            <br /><br />
            <form action='donate.php' method='get'>
            Charity:
            <br /><br />
            <select>
            <option name='charity' value='1'>Charity 1</option>
            <option name='charity' value='2'>Charity 2</option>
            <option name='charity' value='3'>Charity 3</option>
            </select>
            <br /><br />
            USD: $<input type='text' name='amount' />
            ";
}


?>

By the way, here's the 'protect' function:

function protect($string){
$string = trim(strip_tags(addslashes($string)));
return $string;

}

Brad
  • 241
  • 2
  • 5
  • 12
  • Your `protect` function actually should be named like "break user's data and make visibility of protection" – zerkms Jul 23 '11 at 11:17
  • Btw, you can start with removing `;` in the end of your every query – zerkms Jul 23 '11 at 11:20
  • That function's just fine... if that's what you're saying – Brad Jul 23 '11 at 11:25
  • And why would I remove the delimiter? I mean I tried it anyhow and it didn't work but still... – Brad Jul 23 '11 at 11:27
  • because **you cannot** specify `;` there, as long as `mysql_query` accepts 1 and only one query – zerkms Jul 23 '11 at 11:29
  • nope, the functions is not fine ;-) 1) it breaks the data 2) it doesn't protect – zerkms Jul 23 '11 at 11:30
  • 1
    "I have been sitting here for a long time" --- instead of sitting - start debugging your code. Remove all the code except of the first line and check if it works correctly. If it does - add one more line and check again. With this "tricky" algorithm you'll find exact error that doesn't work well. And first link from google about debugging in php: http://thinkvitamin.com/code/how-to-debug-in-php/ – zerkms Jul 23 '11 at 11:32
  • hmm ok... well that's good to know but it still didn't fix this problem. – Brad Jul 23 '11 at 11:32
  • ok then what kind of protection do you use for passwords? and also, I did go through and do that... the error seems to be where I indicated, the $checksql statement – Brad Jul 23 '11 at 11:34
  • what exact error is with `$checksql` query? Protection for passwords?! I just hash them as-is, without any sanitizing. – zerkms Jul 23 '11 at 11:35
  • There is no error, it's a blank screen. I have error reporting turned on both in my functions file and in php.ini. mysql_error() gives nothing. don't you worry about sql injection though? I guess I mean all form data, not just passwords. – Brad Jul 23 '11 at 11:39
  • for password hashing: http://stackoverflow.com/questions/6781931/how-do-i-create-and-store-md5-passwords-in-mysql/6781958#6781958 – Dalen Jul 23 '11 at 11:40
  • @Brad: I've given a link above. Learn how to debug your own code. – zerkms Jul 23 '11 at 11:40
  • Why is there an opening `
     – RocketR Jul 23 '11 at 11:43
  • zerkms - i feel like you say that just because you don't have a solution... like i said, I have spent over an hour debugging my code, according to the methods in that link (which I did read, by the way). I might not be the best at PHP or SQL but I know how to debug... – Brad Jul 23 '11 at 11:47
  • ah thank you rocketR. still though that did not fix the problem. man this sucks, i have no idea what's wrong. – Brad Jul 23 '11 at 11:48
  • is $connect set? after `$connect = mysql_connect('localhost', 'mysql_user', 'mysql_password');` what does `if(!$connect) die(mysql_error());` display? – yitwail Jul 23 '11 at 11:49
  • @zerkms but that is quite a good link i'll definitely bookmark it, thanks for trying. – Brad Jul 23 '11 at 11:50
  • the connection is fine, I've already tested that. the database is correct, too. the syntax seems fine. I echoed all the values I set and they're fine. it just stops at the $checksql statement. – Brad Jul 23 '11 at 11:52
  • when I echo $checkquery it prints "1". Does that give any clues? – Brad Jul 23 '11 at 11:55
  • Well I solved it, I still don't know what was wrong. I just rewrote the whole thing. Oh well, thanks for the help anyway. – Brad Jul 23 '11 at 12:16
  • "i feel like you say that just because you don't have a solution" --- dude, I'm here not for answering such boring questions. Each developer should debug his own code himself. – zerkms Jul 23 '11 at 12:30

1 Answers1

2

brad, this was probably the problem;

$checknumrows = mysql_num_rows($checkquery) or die(mysql_error());

if profile doesn't contain the given email, mysql_num_rows($checkquery) will be 0 so it executes die(mysql_error()) but there's no error so the die() doesn't print anything. In short, get rid of or die(mysql_error())

yitwail
  • 1,999
  • 3
  • 20
  • 27