1 (edited by ultime 2005-04-18 03:18)

Topic: Adding Fields to Registration

Hello,

I have tried to add new fields to my registration, for example, to gather gender, age, ect.

Now, I have added the following after the timezone part:

<div class="inform">
<fieldset>
<legend>Choose your Gender</legend>
<div class="infldset">
<label>
<select id="gender" name="gender">
<option value="Male">Male</option>
<option value="Female">Female</option>
</select>
</div>
</fieldset>
</div>

I found this:

    $timezone = intval($_POST['timezone']);

and added the following right after:

    $gender = isset($_POST['gender']);

I have also modified my sql query from:

    $db->query('INSERT INTO '.$db->prefix.'users (username, group_id, password, email, email_setting, save_pass, timezone, faction, language, style, registered, registration_ip, last_visit) VALUES(\''.$db->escape($username).'\', '.$intial_group_id.', \''.$password_hash.'\', \''.$email1.'\', '.$email_setting.', '.$save_pass.', '.$timezone.', '.$faction.', \''.$db->escape($language).'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.get_remote_address().'\', '.$now.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());

To:

    $db->query('INSERT INTO '.$db->prefix.'users (username, group_id, password, email, email_setting, save_pass, timezone, faction, language, style, registered, registration_ip, last_visit, gender) VALUES(\''.$db->escape($username).'\', '.$intial_group_id.', \''.$password_hash.'\', \''.$email1.'\', '.$email_setting.', '.$save_pass.', '.$timezone.', '.$faction.', \''.$db->escape($language).'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.get_remote_address().'\', '.$now.', '.$gender.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());

My SQL for gender is:

Varchar(50)

Can anyone please tell me how to do this in easy to follow steps, I really have tried everything I could..

Thanks, ultime

Re: Adding Fields to Registration

A: I'm not exactly sure what you are looking for
B: You are looking for SQL injection unless you pass your new values to be inserted through $db->escape()

I enjoy pie :)

3

Re: Adding Fields to Registration

I'm struggling with this as well. I want to add firstname and surname to the registration process. I already have the fields in the database and it worked with a previous registration script I had.

I've added this to PunBB register.php:

    $firstname = $_POST['req_firstname'];
    $surname = $_POST['req_surname'];

or

    $firstname = pun_trim($_POST['req_firstname']);
$surname = pun_trim($_POST['req_surname']);

Made these edits:

    // Add the user
    $db->query('INSERT INTO '.$db->prefix.'users (firstname, surname, username, group_id, password, email, email_setting, save_pass, timezone, language, style, registered, registration_ip, last_visit) VALUES(\''.$firstname.''.$surname.''.$db->escape($username).'\', '.$intial_group_id.', \''.$password_hash.'\', \''.$email1.'\', '.$email_setting.', '.$save_pass.', '.$timezone.' , \''.$db->escape($language).'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.get_remote_address().'\', '.$now.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());
    $new_uid = $db->insert_id();

Added this to the form:

<p>
First name:<br />
<input type="text" name="req_firstname" size="25"><br />
Last name:<br />
<input type="text" name="req_surname" size="25"><br />
</p>

I've tried several variations, but keep getting this when I try to sign up:

An error was encountered
Error: Unable to create user.

Where's the mistake? What else did I miss?

What does $db->escape do? I've tried using that on firstname and surname, but it had no effect.

Are all the / and . and ' in the VALUES line really necessary? I've seen other scripts use much simpler lines. Did I miss a . / or ' somewhere?

Re: Adding Fields to Registration

You probably haven't created the fields in the table.

5 (edited by Peter 2007-03-04 22:43)

Re: Adding Fields to Registration

elbekko wrote:

You probably haven't created the fields in the table.

No, I definately have! Like I wrote in my post:

I already have the fields in the database and it worked with a previous registration script I had.

Re: Adding Fields to Registration

Peter wrote:

What does $db->escape do? I've tried using that on firstname and surname, but it had no effect.

It sanitizes data before inserting it into the database to prevent errors and/or SQL injects. You shouldn't need it for names as long as your code checks that the input is nothing but letters, spaces, and/or hyphens.

Your code isn't doing either, so you ought to fix that.

Peter wrote:

I've tried several variations, but keep getting this when I try to sign up:

Enable debug mode to get a clearer idea of what the error is.

And yes, you are missing some. Your code should be like this, unless I'm flubbing up the quotes and slashes as I tend to do:

$db->query('INSERT INTO '.$db->prefix.'users (firstname, surname, username, group_id, password, email, email_setting, save_pass, timezone, language, style, registered, registration_ip, last_visit) VALUES(\''.$firstname.'\', \''.$surname.'\', \''.$db->escape($username).'\', '.$intial_group_id.', \''.$password_hash.'\', \''.$email1.'\', '.$email_setting.', '.$save_pass.', '.$timezone.' , \''.$db->escape($language).'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.get_remote_address().'\', '.$now.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());
Looking for a certain modification for your forum? Please take a look here before posting.

7

Re: Adding Fields to Registration

Thanks pogenwurst! Copying your $db->query line did the trick.