Anyone know why my scripts won't sign people up for my site? http://goboone.net/~mcovalt/signup.php

Here is the script I wrote to login people:

PHP Code:

<?
require_once('dbconnect.php'); 

mysql_query("INSERT INTO `users` (`user_id`, `email`, `password`, `handle`) VALUES (NULL, '{$Email}', '{$password}', '{$UserName}'");
$affected = mysql_affected_rows();
if($affected == 1)
{
    echo 'User made. Check email for password.';
}
else
{
    echo 'Failed to create user';
}

?>

and here is just the plain old site code:

PHP Code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Shout Out<title>

  <style type="text/css">

BODY{
    font-family: Arial; 
    color: white;
    font-size: 19px;
    margin:0px;
    padding: 10px; 
    text-align:center;
    background: #0000CD;
}

#Sign_Up{
    font-family:Arial;
    color: black;
    font-size: 11px;
    text-align: left;
    border: 5px solid #FF4500; 
    padding: 15px; 
    display: block;
    width: 300px;
    margin: auto;
    background: white
}

#Sign_Up INPUT.text {
    border:3px solid #696969;
    font-family: Arial;
    font-size: 24px;
}

#Sign_Up INPUT.button {
    font-size: 40px;
    padding: 10px;
    text-align: center;
}

#Sign_Up INPUT.link {
    font-size: 40px;
    padding: 10px;
    text-align: center;    
}

#title{
    background: #696969;
    color: white;
    padding: 0px 20px 0px 20px;
    font-size: 40px;
    width: 300px;
    margin: auto;
}

 
</style>
</head>


<body
 style="background-image: url(http://goboone.net/~mcovalt/chat/styles/color.JPG);">
<img
 src="http://goboone.net/~mcovalt/chat/styles/shoutout.JPG"
 float:left="">


<div id="title">Sign Up
</div>


<form id="Sign_Up" action="register.php" method="post">
Desired User Name:
  <br>

  <input class="text" name="UserName" type="text">
  
  <br>
  <br>
  
Your Email Address:
  <br>
    
  <input class="text" name="Email" type="text">

  <br>
  <br>
  <br>
  <br>
  <br>
  
Your New Password Will Be Sent You by Email

<? 

$password=substr(md5(microtime()),0,rand(5,2));

?>
  
  <br>
  <br>
  <br>
  <br>


 <input class="button" value="Sign Up" align="center" type="submit"><br>

  <br>
  <br>
  <br>
  <br>
 
 <a class="link" href="./index.php">Already Have an Account? Click Here to Sign In</a>

 </form>
 

</body>
</html>

Looking at the PHP code that you have, it appears that your query string is wrong. I would try something like this for your query string.

PHP Code:

 <?
require_once('dbconnect.php'); 

$password=substr(md5(microtime()),0,rand(5,2));

mysql_query("INSERT INTO users ( email, password, handle ) VALUES ( '$_POST[Email]', '$password', '$_POST[UserName]' )");
$affected = mysql_affected_rows();
if($affected == 1)
{
    echo 'User made. Check email for password.';
}
else
{
    echo 'Failed to create user';
}

?>

And for your HTML code I would use something like this:

HTML Code:

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Shout Out<title>

  <style type="text/css">

BODY{
    font-family: Arial; 
    color: white;
    font-size: 19px;
    margin:0px;
    padding: 10px; 
    text-align:center;
    background: #0000CD;
}

#Sign_Up{
    font-family:Arial;
    color: black;
    font-size: 11px;
    text-align: left;
    border: 5px solid #FF4500; 
    padding: 15px; 
    display: block;
    width: 300px;
    margin: auto;
    background: white
}

#Sign_Up INPUT.text {
    border:3px solid #696969;
    font-family: Arial;
    font-size: 24px;
}

#Sign_Up INPUT.button {
    font-size: 40px;
    padding: 10px;
    text-align: center;
}

#Sign_Up INPUT.link {
    font-size: 40px;
    padding: 10px;
    text-align: center;    
}

#title{
    background: #696969;
    color: white;
    padding: 0px 20px 0px 20px;
    font-size: 40px;
    width: 300px;
    margin: auto;
}

 
</style>
</head>


<body
 style="background-image: url(http://goboone.net/~mcovalt/chat/styles/color.JPG);">
<img
 src="http://goboone.net/~mcovalt/chat/styles/shoutout.JPG"
 float:left="">


<div id="title">Sign Up
</div>


<form id="Sign_Up" action="register.php" method="post">
Desired User Name:
  <br>

  <input class="text" name="UserName" type="text">
  
  <br>
  <br>
  
Your Email Address:
  <br>
    
  <input class="text" name="Email" type="text">

  <br>
  <br>
  <br>
  <br>
  <br>
  
Your New Password Will Be Sent You by Email
  
  <br>
  <br>
  <br>
  <br>


 <input class="button" value="Sign Up" align="center" type="submit"><br>

  <br>
  <br>
  <br>
  <br>
 
 <a class="link" href="./index.php">Already Have an Account? Click Here to Sign In</a>

 </form>
 

</body>
</html>

Some other suggestions that I can make about your code especially your HTML is try not to use <br> for spacing. It is not really the most elegant way of doing what you are trying to do. I would look into using CSS for this type of positioning. And the valid way to use that tag is like this <br /> anyways if you do decide to continue using.

Quote:

Originally Posted by dlaroche22

Looking at the PHP code that you have, it appears that your query string is wrong. I would try something like this for your query string.

PHP Code:

 <?
require_once('dbconnect.php'); 

$password=substr(md5(microtime()),0,rand(5,2));

mysql_query("INSERT INTO users ( email, password, handle ) VALUES ( '$_POST[email]', '$password', '$_POST[UserName]' )");
$affected = mysql_affected_rows();
if($affected == 1)
{
    echo 'User made. Check email for password.';
}
else
{
    echo 'Failed to create user';
}

?>

Don't simply use the above code for your script. It will probably work, but it is NOT secure. You need to first validate and sanitize any variables you insert into your database. Never trust user input. You are have a major security risk if you use the above code as is. Do some research on SQL injection attacks and you will find more information.

Edit: On looking at the first post, it looks like you may be validating already, but please make sure you do if you aren't.

Thanks for the help folks. I was planning on filtering user input, I just wanted to get that part done first. I appreciate it!