What's wrong in this code? (New user registration form)

[tallmaris]

Can you tell me what's wrong with the code? It is a multipurpose page. If there is no querystring it displays a register form, that calls the same file (POST method) and display an error message (if existing user) or a welcome message (if user has been successfully added)

Code: Select all

<?php
if (isset($azione)) //if the submit button
                             has been pressed it
                              calls the connection
                             and insert the user.
{
$host="localhost";
$user="***";
$pass="***";
if (!@mysql_connect($host,$user,$pass))
{
echo("<p>Unable to connect due to: ".mysql_error()."</p>");
exit();
}
if (!@mysql_select_db("test"))
{
echo("<p>Unable to open DB due to: ".mysql_error()."</p>");
exit();
}
/* now I select the user to see if there is
already an existing user with the same nick */
$sqlquery="SELECT * FROM utenti WHERE nick='$nick'";
$result=@mysql_query($sqlquery);
if (!$result)
{
echo("<p>Unable to exec query due to ".mysql_error()."</p>");
exit();
}
if (mysql_num_rows($result)!=0)
{
echo("<P>Exising user:</P>");
$utente=mysql_fetch_array($result);
?>
       <table width="700">
       <tr>
       <td width="25%">
       <?=$utente['nick']?>
       </td>
       <td width="25%">
       <?=$utente['cognome']?>
       </td>
       <td width="25%">
       <?=$utente['nome']?>
       </td>
       <td width="25%">
       <?=$utente['email']?>
       </td>
       </tr>
       </table>
<?   
   }
   else //nick not found in the table
   {
       $sqlquery="INSERT INTO utenti (`ID`, `nick`, `PWD`, `nome`, `cognome`,
        `email`) VALUES ('', $nick, $pwd, $nome, $cognome, $email)";
       if (!@mysql_query($sqlquery))
       {
           echo("<P>Error inserting user: ".mysql_error()."</P>");
           exit();
       }
       else
       {
           echo("<P>Utente registrato, grazie!</P>");
           echo("Torna alla <a href=\"welcome.php\">home</a> per il login");
           exit();
       }
   }
}
else //first time I call the page, so I present the register form.
{
?>
      <form method="post" action="register.php">
      Nick:<input type="text" name="nick" size="20"><br>
      PWD:<input type="text" name="pwd" size="20"><br>
      Nome:<input type="text" name="nome" size="20"><br>
      Cognome:<input type="text" name="cognome" size="20"><br>
      E-mail:<input type="text" name="email" size="20"><br>
      <input type="submit" name="azione" value="GO">
      </form>
<?
}
?>
 

All the code up here is inside the body tag. Problem is that the first IF is NEVER entered, as if the $azione variable is always =NULL, even after I submit the form.

Any help?
Thanks a lot,
Leo.

[tallmaris]

Mmmmm, I read some post and found out that the error was the setting of register_globals = On.

But the text in PHP somewhat scares me:

Code: Select all

; You should do your best to write your scripts so that they do not require
; register_globals to be on;  Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.

So, is there a way to pass form fields from a page to another (or o the same page) without using register_globals=On? I _know_ there is, since while all my scripts where not working, any other script was running perfectly (phpnuke and phpMyadmin).

Thanks,
Leo.

PS: anyway, the strange thing is that everything worked a few days ago... maybe the installation of DBG debugger made some change to the php.ini file?

[kbrill]

When you turn off register globals (something I haven't been able to do yet) you have to refer to variables by their source like $_POST['$azione'] if it was a variable that was from another form and posted.

see http://www.php.net/manual/en/security.registerglobals.php

[tallmaris]

Thanks a lot for your help!

The register_globals directive is in the PHP.INI file, located in the C:\windows directory (C:\winnt in winnt and win2k), if this was the problem...

[wiredme]

Thanks a lot for your help!

The register_globals directive is in the PHP.INI file, located in the C:\windows directory (C:\winnt in winnt and win2k), if this was the problem...

i have the same problem with this... i cannot pass variables even if register_globals =On, why is this happening... i encounter this in Windows only but in linux it ok then..

: : : :