Welcome to the list, Chris. Your code is going to require some rewriting to save you a lot of headaches and serious security issues down the road. So here we go: On Thu, Jan 15, 2009 at 12:46, Chris Carter <chandan9sharma@xxxxxxxxx> wrote: <?php /* Always use full tags. If short_open_tags is on, the code will still work just fine, but if you use just short tags and it's not turned on, your code won't run. Also, full open tags allow cohabitation of PHP and XML. */ /* It would be better to keep this in a separate file, outside of the web-accessible root. For example, perhaps in /home/user/php_includes/db.inc.php This way, if anything happens - say your web host messes something up and doesn't add PHP into the httpd.conf for Apache - your code source may display, but your passwords will remain secure. Keep in mind: you may not be able to access a page via the web unless it's in ~/public_html/, www/, htdocs/, etc., but PHP can still read it. And, to make it easy to switch from one host (or account) to another, you can use dirname(). And we use include_once() here in case you decide to expand. So, for example, say this script is in /home/user/public_html/register.php - you would do: */ include_once(dirname(dirname(__FILE__)).'/php_includes/db.inc.php'); /* And in /home/user/php_includes/db.inc.php: <?php // database information $host = 'xxx'; $user = 'xxx'; $password = 'xxx'; $dbName = 'xxx'; // Store this here so you only have to set it once, then include this file elsewhere. // Connect and select the database. $conn = mysql_connect($host, $user, $password) or die(mysql_error()); $db = mysql_select_db($dbName, $conn) or die(mysql_error()); ?> */ if($_POST['submit']) { // Check to see if the user already exists. $sql = "SELECT emailAddress AS email FROM owners "; $sql .= "WHERE emailAddress='".mysql_real_escape_string($_POST['emailAddress'])."' "; $sql .= "LIMIT 0,1"; /* Several things are happening here: 1.) We're spanning the variable by using $sql = "" followed by $sql .= "" to append. 2.) We're using MySQL's `AS` aliasing syntax to shorten the column name on output (not in the DB) 3.) We're checking to see if $_POST['emailAddress'] is already registered. 4.) We're SANITIZING INPUT(!!!!) with mysql_real_escape_string(). VERY IMPORTANT!!!! 5.) We're telling MySQL that we only need the first result returned, because that will still be a positive result. */ $result = mysql_query($sql); // Get the resource ID of this query connection as $result. if(($row = mysql_fetch_assoc($result)) == True) { // Allows error suppression and validation in one shot /* This record already exists in the database, and it's accessible in $row['email'] So now you can do as you please. For example: */ echo "The user already exists ding ding ding.\n"; } else { // If there was no matching record.... // Insert new entry in the database if entry submitted $emailAddress = $_POST['emailAddress']; $confEmail = $_POST['confEmail']; $password = $_POST['password']; $confPassword = $_POST['confPassword']; $body = "Some email text"; // insert new entry into database --- REMEMBER TO SANITIZE USER INPUT HERE! $sql = "insert into `owners` (emailAddress, confEmail, password,confPassword) VALUES ("; $sql .= "'".mysql_real_escape_string($emailAddress)."',"; $sql .= "'".mysql_real_escape_string($confEmail)."',"; $sql .= "'".mysql_real_escape_string($password)."',"; $sql .= "'".mysql_real_escape_string($confPassword)."')"; if(mysql_query($sql)) { mail($emailAddress, "Thank you for registering!", $body, "From: someone@xxxxxxxxxxx"); header("Location: thankYou.php"); } else { /* If there's an error, don't show this to the user - log it with a simple log mechanism instead. */ $err = mysql_error(); $logfile = dirname(dirname(__FILE__)).'/php_includes/sqlerror.log'; // Store the log out of the web directory. // The following line writes the current file, line, SQL query, and error message received. $message = "SQL Error in ".__FILE__." near line #".__LINE__.": \"".$sql."\" (".$err.")\n"; file_put_contents($logfile,$message,FILE_APPEND); // Append the entry to the log; if the file doesn't exist, create it. // Output an error message to the user. echo "We're sorry. We're experiencing temporary issues with our database. We are working to repair this problem.\n"; } } // And thus ends the if($_POST['submit']) block ?> There are a bunch of different styles, methods, and options, which would take days to discuss.... but this should get you going on the right path. From here on, RTFM and STFW, and feel free to ask any questions here that you could find answers to on the web. Good luck! -- </Daniel P. Brown> daniel.brown@xxxxxxxxxxxx || danbrown@xxxxxxx http://www.parasane.net/ || http://www.pilotpig.net/ Unadvertised dedicated server deals, too low to print - email me to find out! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php