PHP Small coding error

M

matrixweb

Expert Member
Joined
Apr 7, 2008
Messages
1,210
Hi , can someone please help , it says i have a error syntax error but i dont see what the error could be
PHP: 
///////////////////////////////////Registration Add User

$check = mysql_query("SELECT from xtwf_users where uname='".$user."'");
else if($action=="newuser")
{
if($pass=='')
{
echo "Error! You have typed no password";
}else if ($user=="$check")
{
echo "The username is taken";
}else{

mysql_query("INSERT INTO xtwf_users SET id='' , uname='".$user."' , password='".$pass."' , site='".$site."' , email='".$email."' , name='".$name."'");
echo "You have successfully signed up";
}
 
A

adrianx

Expert Member
Joined
Jun 30, 2008
Messages
3,761
"else if" should be fine...

I notice that your code snippet starts with -
Code: 
[B]else if[/B]($action=='newuser') { ....
That looks wrong, shouldn't it be "if($action=='newuser')"?
 
M

matrixweb

Expert Member
Joined
Apr 7, 2008
Messages
1,210
adrianx said:
"else if" should be fine...

I notice that your code snippet starts with -
Code: 
[B]else if[/B]($action=='newuser') { ....
That looks wrong, shouldn't it be "if($action=='newuser')"?
Click to expand...

never post the full file , only the part with the error , should i post the full file?
 
R

RSkeens

Expert Member
Joined
Jan 5, 2007
Messages
1,647
matrixweb said:
never post the full file , only the part with the error , should i post the full file?
Click to expand...

What he means is there should be an initial "if" before any "else if" (you will need to check if there is). I don't program in PHP but I assume that's not right.
 
A

adrianx

Expert Member
Joined
Jun 30, 2008
Messages
3,761
It could be your SQL query:
Code: 
$check = mysql_query("SELECT from xtwf_users where uname='".$user."'");
I think it should be:
Code: 
SELECT [COLOR="Red"]uname[/COLOR] from xtwf_users where uname='".$user."'"
 
M

matrixweb

Expert Member
Joined
Apr 7, 2008
Messages
1,210
adrianx said:
It could be your SQL query:
Code: 
$check = mysql_query("SELECT from xtwf_users where uname='".$user."'");
I think it should be:
Code: 
SELECT [COLOR="Red"]uname[/COLOR] from xtwf_users where uname='".$user."'"
Click to expand...

changed it but still not making a difference:( can i send you the file or post it here , you seem pretty good :)
 
J

jem

Well-Known Member
Joined
Jan 9, 2008
Messages
443
Couple of tips, always escape your stuff otherwise you expose yourself to db injection if you're pulling the $name etc from POST/GET

You should also avoid storing passwords as clear text rather MD5 them or some other basic safety.

I can't guarantee that this will solve your issue but it's clean of errors... you'll have to just re-adjust the braces etc to fit.

I didn't check for logic errors in your statements as such, but the looked ok off hand.

edit:: also when you're checking the unames you may have issues with 'Username1' and 'username1' not being seen as a username already taken since in the code you aren't (from the snippet) checking case.

Code: 
<?php

///////////////////////////////////Registration Add User
if(true){
//    
    $q = "SELECT * FROM xtwf_users WHERE uname='".$user."'";
    $check = mysql_query($q);
}else if($action=="newuser"){
    if($pass == ''){
        echo "Error! You have typed no password";
    }else if ($user == $check){
        echo "The username is taken";
    }else{
        // assuming you have ID as a autoincrement you don't need it in the query.
        $q = "INSERT INTO xtwf_users (
                `uname`,
                `password`,
                `site`,
                `email`,
                `name`
              ) VALUES (
                 '".mysql_real_escape_string($user)."', 
                 '".mysql_real_escape_string($pass)."', 
                 '".mysql_real_escape_string($site)."', 
                 '".mysql_real_escape_string($email)."', 
                 '".mysql_real_escape_string($name)."'
              )";
        mysql_query($q);
        echo "You have successfully signed up";
    }  
}
?>


I'm in PHP mode anyway cos of work i'm busy with so...
 
Last edited:
M

matrixweb

Expert Member
Joined
Apr 7, 2008
Messages
1,210
adrianx solved my other problem by change elseif to if but now on the registration page the }else{ page shows
 
A

adrianx

Expert Member
Joined
Jun 30, 2008
Messages
3,761
matrixweb said:
adrianx solved my other problem by change elseif to if but now on the registration page the }else{ page shows
Click to expand...
Sorry, my mistake... Try:
PHP: 
///////////////////////////////////Registration Add User
else if($action=="newuser")
{
$check = mysql_query('SELECT uname from xtwf_users where uname="'.$user.'"');
if($pass=='')
{
echo "Error! You have typed no password";
}else if ($user=="$check")
{
echo "The username is taken";
}else{

mysql_query("INSERT INTO xtwf_users SET id='' , uname='".$user."' , password='".$pass."' , site='".$site."' , email='".$email."' , name='".$name."'");
echo "You have successfully signed up";
}

Notice that I have moved "$check =...." to after "else if($action=="newuser")"

Hope that helps.
 
Last edited:
M

matrixweb

Expert Member
Joined
Apr 7, 2008
Messages
1,210
adrianx said:
Sorry, my mistake... Try:
PHP: 
///////////////////////////////////Registration Add User
else if($action=="newuser")
{
$check = mysql_query('SELECT uname from xtwf_users where uname="'.$user.'"');
if($pass=='')
{
echo "Error! You have typed no password";
}else if ($user=="$check")
{
echo "The username is taken";
}else{

mysql_query("INSERT INTO xtwf_users SET id='' , uname='".$user."' , password='".$pass."' , site='".$site."' , email='".$email."' , name='".$name."'");
echo "You have successfully signed up";
}

Notice that I have moved "$check =...." to after "else if($action=="newuser")"

Hope that helps.
Click to expand...

you rock!! if you ever need anything that i can help with contact me:)
 
You must log in or register to reply here.
Top