I am working on a website that has a registration form that is connected to a database that was built by a php programmer. We can no longer afford him so, I need to fix this myself. I am just beginning to learn about php. I don’t know enough to even guess what is wrong.
I got a first error that I fixed by running a php analyzer. There was a curly bracket that was not supposed to be there, line 39. However the error message was: Call to undefined function sql_string_protect() in home7/originm2/public_html/register.php on line 39. I’m not sure if that was even the right fix for that line.
Then when I tested the form again I had another curly bracket error on line 108. (A similar error message) Now I have a third error on the line 40 which is another - Call to undefined function sql_string_protect() in /home7/originm2/public_html/register.php on line 40.
I hope someone can help me or point me in the right direction. I am going crazy!
Here is the actual code. I hope it’s okay to include it in the message.
if (isset($_POST[‘action’]) && $_POST[‘action’] == ‘register’) {
$email = $_POST[‘email’];
$sql = "SELECT * FROM User WHERE Username='$email'";
$result = $db->query($sql);
if ( $row = $result->fetch_object()) {
$is_exist = $row->Username;
$message = "The username $email already exists.<br>sql = $sql<br>";
} else {
$message = "";
}
}
if(isset($_POST[‘action’]) && $_POST[‘action’] == ‘register’ && $message == ‘’ )
$fname = sql_string_protect($_POST[‘fname’]); LINE 39
$lname = sql_string_protect($_POST[‘lname’]); LINE 40
$profession = $_POST[‘profession’];
$zipcode = sql_string_protect($_POST[‘zipcode’]);
$email = sql_string_protect($_POST[‘email’]);
$pass1 = sql_string_protect($_POST[‘pass1’]);
$pass2 = sql_string_protect($_POST[‘pass2’]);
/* register the user */
$sql = "INSERT INTO User VALUES (NULL,'$email','$pass1','$fname','$lname','$zipcode')";
$result = $db->query($sql);
$sql2 = "SELECT LAST_INSERT_ID() AS User_ID FROM User";
$result2 = $db->query($sql2);
$row2 = $result2->fetch_object();
$success = "You have successfully registered with Origin Music! Thank you!";
/* add profession details of the user */
foreach($profession as $prof) {
# $sql = sprintf("call iUserProfession('%d','%d')", $user_id, $prof);
$sql3 = "INSERT INTO UserProfession VALUES (NULL, $row2->User_ID, $prof)";
$db->query($sql3);
}
// echo 'SUCCESS';
// send out email
$to = $email;
$from = '[email protected]';
$sub = 'Registration - Origin Music';
$msg = <<<MESSAGE
Thank you $fname for registering with Origin Music!
Your Username: $email
Your Password: $pass1
Regards,
origin-music.net Team
MESSAGE;
$Headers = "Content-type: text/html\r\n";
$Headers.= "From: ".$from."\r\n";
$Headers.= "X-Mailer:PHP/".phpversion()."\r\n";
$Headers.= "X-Priority: 3\r\n";
$Headers.= "Reply-To: ".$from."\r\n";
if(!mail($to, $sub, $msg, $Headers)) {
echo 'error';
}
// send out email to Linn
$to = '[email protected]';
$from = '[email protected]';
$sub = 'Registration - Origin Music';
$msg = <<<MESSAGE
$fname $lname with email of $email has registered with Origin Music.
MESSAGE;
if(!mail($to, $sub, $msg, $Headers)) {
echo 'error';
}
LINE 108 WAS HERE - THERE WAS A CURLY BRACKET HERE THAT I TOOK OUT
$db->close();
?>