Insert daned

T

tudo2d64

New Member
Messages
2
Reaction score
0
Points
0
well, tenhoum site and to using the code Seguito

PHP: 
<? Php require_once ('Connections / rede.php');?> 
<? Php mysql_select_db ($ database_rede, $ network); 


$ Name = $ _POST ['name']; 
$ Name = $ _POST ['name']; 
$ Age = $ _POST ['age']; 
$ Sex = $ _POST ['gender']; 
$ City = $ _POST ['city']; 
$ User = $ _POST ['User']; 
$ Email1 = $ _POST ['email1']; 
$ Email2 = $ _POST ['email2']; 
$ Password2 = $ _POST ['password2']; 
Password3 $ = $ _POST ['Password3']; 





if ($ email1! = "$ email2" | | $ password2! = "$ Password3") 

header ("Location: nomeousenha.php"); 
else 
{ 




Email_validade $ = $ _POST ['email1']; 
Senha_validada $ = $ _POST ['password2']; 

$ Sql ​​= "INSERT INTO cadastrar_usuario (name, surname, age, gender, city, User, email, password) VALUES ('$ name', '$ name', '$ age', '$ sex', '$ city' , '$ User', '$ email_validade', '$ senha_validada') "; 

if (mysql_query ($ sql) or die ("Oops ... Your registration can not be completed, try again later". mysql_error ())); 


Nome_exemplo $ = $ _POST ['email1']; 

$ Sql2 = "INSERT INTO` `redesocial. Meu_perfil` `(` id `,` donodoperfil `,` sobremim `,` pensandoagora `,` city `,` sex `,` birth `) VALUES (NULL, '$ nome_exemplo' 'Sample text.', 'Sample text.', 'Sample text.', 'Sample text.', 'Sample text .')"; 

if (mysql_query ($ sql2) or die ("Oops ... Your registration can not be completed, try again later". mysql_error ())); 

Nome_exemplo $ = $ _POST ['email1']; 

$ SQL3 = "INSERT INTO nome_exibicao (id_dono, name) VALUES ('$ nome_exemplo', '$ nome_exemplo')"; 
if (mysql_query ($ SQL3) or die ("error in sql3, please report to the owner of the site so that it changes this error ... Thanks")); 

$ Eumesmo = "My Profile !!!"; 
$ Baseimagem = "brancobase.JPG"; 

$ Sql4 = "INSERT INTO friends (amigo1, amigo2, image, nomeexibicao) VALUES ('$ nome_exemplo', '$ nome_exemplo', '$ baseimagem', '$ eumesmo')"; 
if (mysql_query ($ sql4) or die ("error in sql4")); 

$ Sql5 = "INSERT INTO foto_perfil (id_dono, photo) VALUES ('$ nome_exemplo', '$ baseimagem')"; 
if (mysql_query ($ sql5) or die ("error in sql5")); 




header ("Location: usuarioexistente.php"); 
} 
?> [/ PHP] 



just that it's time to register the insert daned 

sorry for my English, is that I'm Brazilian
 
Last edited:
Dead-i

Dead-i

x10Hosting Support Ninja
Community Support
Messages
6,084
Reaction score
368
Points
83
There are some crucial errors in your script:

Firstly, you have a space after every $ symbol. There should be no space, it should be something like $name NOT $ Name

Secondly, there is a space after your <? and before your PHP code near the start. There should be no space, it should be something like <?php NOT <? PHP

Thirdly, there is a space after _POST and before ['. There should be no space, it should be something like _POST[' NOT _POST ['

Fourth, on the first line there is a space before and after the /. There are no spaces, it should be something like connections/rede.php NOT connections / rede.php

Fifth, near the start you used
Code: 
if ($ email1! = "$ email2" | | $ password2! = "$ Password3")
when it should be
Code: 
if ($email1! == "$ email2" || $password2! == "$ Password3")

Also, next time you post, wrap your code round
Code: 
 and
NOT
HTML: 
 [/ HTML].
 
T

tudo2d64

New Member
Messages
2
Reaction score
0
Points
0
Sesculpe, but the errors that you talked so that I appeared to put the message in an interactive google translators, sorry ...
going postal in Portuguese.
The error that is appearing this.

Ops... Seu cadastro não pode ser completado, tente novamente mais tardeINSERT command denied to user 'vidaloka_admin'@'localhost' for table 'meu_perfil'

and I gave all permissions phpmyadmin panel


The page code is this

PHP: 
<?php require_once('Connections/rede.php'); ?>
<?php mysql_select_db($database_rede,$rede);


$nome = $_POST['nome'];
$sobrenome=$_POST['sobrenome'];
$idade=$_POST['idade'];
$sexo=$_POST['sexo'];
$cidade=$_POST['cidade'];
$usuario=$_POST['usuario'];
$email1=$_POST['email1'];
$email2=$_POST['email2'];
$senha2=$_POST['senha2'];
$senha3=$_POST['senha3'];





if ($email1 != "$email2" || $senha2 != "$senha3")

	header("Location:nomeousenha.php");
else
{
	
	


$email_validade=$_POST['email1'];
$senha_validada=$_POST['senha2'];
	
$sql = "INSERT INTO cadastrar_usuario (nome, sobrenome, idade, sexo, cidade, usuario, email, senha) VALUES ('$nome','$sobrenome','$idade','$sexo','$cidade','$usuario','$email_validade','$senha_validada')";

if (mysql_query($sql) or die("Ops... Seu cadastro não pode ser completado, tente novamente mais tarde".mysql_error()));


$nome_exemplo = $_POST['email1'];

$sql2 = "INSERT INTO `redesocial`.`meu_perfil` (`id`, `donodoperfil`, `sobremim`, `pensandoagora`, `cidade`, `sexo`, `nascimento`) VALUES (NULL, '$nome_exemplo', 'Texto exemplo.', 'Texto exemplo.', 'Texto exemplo.', 'Texto exemplo.', 'Texto exemplo.')";

if (mysql_query($sql2) or die("Ops... Seu cadastro não pode ser completado, tente novamente mais tarde".mysql_error()));

$nome_exemplo = $_POST['email1'];

$sql3 = "INSERT INTO nome_exibicao(id_dono, nome) VALUES ('$nome_exemplo','$nome_exemplo')";
if (mysql_query($sql3) or die ("erro no sql3, favor relatar ao proprietario do site para que ele mude esse erro... Obrigado"));

$eumesmo = "Meu perfil!!!";
$baseimagem = "brancobase.JPG";

$sql4 = "INSERT INTO amizades(amigo1, amigo2, imagem, nomeexibicao) VALUES ('$nome_exemplo','$nome_exemplo','$baseimagem','$eumesmo')";
if (mysql_query($sql4) or die ("erro no sql4"));

$sql5 = "INSERT INTO foto_perfil(id_dono, foto) VALUES ('$nome_exemplo','$baseimagem')";
if(mysql_query($sql5) or die ("erro no sql5"));




header("Location:usuarioexistente.php");
}
?>

if you prefer to look at the same site that the link is


myfriends.x10.mx/myfriends
 
Last edited:
M

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
In this case, the
PHP: 
 tag would be more appropriate than [code] (which tudo2d64 has discovered).

@tudo2d64: Make sure you've followed all the steps to [URL="http://x10hosting.com/wiki/How_to_Create_a_MySQL_Database_and_User"]create a MySQL user and database[/URL].

The sample code is vulnerable to [url=http://unixwiz.net/techtips/sql-injection.html]SQL injection[/url], which is a very serious [url=http://bobby-tables.com/]security risk[/url]. To fix this hole, switch from the outdated [URL="http://x10hosting.com/forums/programming-help/162529-php-begin-deprecation-ext-mysql-start-moving-your-development-pdo-now.html"]mysql extension[/URL] to [URL=http://php.net/PDO]PDO[/URL] and use [URL=http://www.php.net/PDO.prepared-statements]prepared statements[/URL]. If you need a PDO tutorial, try "[URL=http://www.kitebird.com/articles/php-pdo.html]Writing MySQL Scripts with PHP and PDO[/URL]". The site you save may just be your own.

[URL="http://www.phpfreaks.com/blog/or-die-must-die"]Don't use [c]die[/c][/URL] when outputting HTML (which you should be doing for a registration page). You'll get invalid HTML.

Outputting database error messages to non-admin users [URL=http://msdn.microsoft.com/en-us/library/ms995351.aspx#securityerrormessages_topic2]discloses too much information[/URL]. Instead, log the MySQL error message. For some errors (such as those related to missing or invalid values), output your own [url=http://developer.apple.com/library/mac/documentation/UserExperience/Conceptual/AppleHIGuidelines/Windows/Windows.html#//apple_ref/doc/uid/20000961-TP10]error message[/url] to the user and what action the user can take to address it. For the rest, inform the user that there was an internal error.

[URL="http://en.wikipedia.org/wiki/Atomicity_(database_systems)"]All or none[/URL] of the queries must apply to the database. If the later queries fail and you don't undo the affects of the earlier queries, you will leave the database in an [url="http://en.wikipedia.org/wiki/Consistency_(database_systems)"]inconsistent[/url] state. The simplest way of doing this is to use [URL="http://dev.mysql.com/doc/refman/5.1/en/commit.html"]transactions[/URL]. You must use [URL="http://dev.mysql.com/doc/refman/5.1/en/ansi-diff-transactions.html"]InnoDB tables[/URL] for the transaction statements to work.

I don't have Portugese-language resources for any of the pages linked to above. A web search (or Google translate) should supply such.
 
Last edited:
essellar

essellar

Community Advocate
Community Support
Messages
3,295
Reaction score
227
Points
63
In addition to what misson has already posted, I'd like to point people to Joel Spolky's article Making Wrong Code Look Wrong. (Unfortunately, it's not one of the articles that has been translated into a lot of languages. If there's anyone out there who can create a decent translation into Portugese or Brazilian Portugese -- or any other language -- feel free to use the wiki that's linked from Joel's front page.)

For the tl;dr crowd, it boils down to using Charles Simonyi's original "Hungarian notation" (which was not about encapsulating the declaration and scope in a variable name, but rather about noting "type" as an ordinary, non-programming human being would understand the term). In this case, you'd name something that came directly from user input as "unsafe":

PHP: 
$unsafe_name = $_POST["name"};
//or, if "unsafe" seems like too may characters to type
$u_name = $_POST["name"];

Similarly, you'd mark checked and sanitized values as "safe". If you ever find yourself using a variable that's marked "unsafe" anywhere that it could possibly cause damage, it will stand out like a sore thumb -- and if you ever mark direct user input as "safe", your code will also give off an unpleasant odor. It's an easy way of keeping yourself out of all kinds of trouble.
 
You must log in or register to reply here.
Top