Database insert not adds all the values

Discuss coding issues, and scripts related to PHP and MySQL.
mlucicom
Posts: 37

Database insert not adds all the values

Hello..i have a php social network loveparadyse.com.
and this is the class for add users to database:

Code: Select all

function query() {
		if($this->email_confirmation) {
			$salt = md5(mt_rand());
			$suspended = 2;
		} else {
			$salt = '';
			$suspended = '0';
		}
		$ref = trim($_GET['ref']);
		$query = sprintf("INSERT INTO `users` (`username`, `password`, `first_name`, `last_name`, `email`, `date`, `image`, `privacy`, `cover`, `verified`, `online`, `salted`, `suspended`, `ip`, `notificationl`, `notificationc`, `notifications`, `notificationd`, `notificationf`, `notificationg`, `notificationx`, `notificationp`, `email_comment`, `email_like`, `email_new_friend`, `email_page_invite`, `email_group_invite`, `sound_new_notification`, `sound_new_chat`, `ref`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 'default.png', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s','$ref');", $this->db->real_escape_string(strtolower($this->username)), md5($this->db->real_escape_string($this->password)), $this->db->real_escape_string($this->first_name), $this->db->real_escape_string($this->last_name), $this->db->real_escape_string($this->email), date("Y-m-d H:i:s"), ($this->profile_image ? $this->profile_image : 'default.png'), 1, $this->verified, time(), $salt, $suspended, $this->db->real_escape_string(getUserIp()), 1, 1, 1, 1, 1, 1, 1, 1, $this->email_comment, $this->email_like, $this->email_new_friend, $this->email_page_invite, $this->email_group_invite, 1, 1);
		$this->db->query($query);

		// If the account needs to be activated
		if($this->email_confirmation) {
			global $LNG;
			// Send activate account email
			sendMail($this->email, sprintf($LNG['ttl_confirm_email']), sprintf($LNG['confirm_email'], $this->username, $this->title, $this->url.'/index.php?a=welcome&activate='.$salt.'&username='.$this->username, $this->url, $this->title), $this->site_email);
			
			return notificationBox('info', $LNG['activate_email'], 1);
		} else {
			// Delete any previously pending confirmation accounts
			$this->db->query(sprintf("DELETE FROM `users` WHERE `email` = '%s' AND `suspended` = 2", $this->db->real_escape_string($this->email)));
		}
		
	}
}
ALl insert work fine but the ref value from link : domain.com?ref=value is not inserted in database
Admin Posts: 805
Hello,
Try this insert query in your code; if it not works, the problem is not from the sql insert, but from other part of the script: like a restricton on $_GET values or from database table structure.

Code: Select all

$ref = (isset($_GET['ref']) && strlen($_GET['ref'])>0) ? $this->db->real_escape_string(trim($_GET['ref'])) :'no_ref';
$query = sprintf("INSERT INTO `users` (`username`, `password`, `first_name`, `last_name`, `email`, `date`, `image`, `privacy`, `cover`, `verified`, `online`, `salted`, `suspended`, `ip`, `notificationl`, `notificationc`, `notifications`, `notificationd`, `notificationf`, `notificationg`, `notificationx`, `notificationp`, `email_comment`, `email_like`, `email_new_friend`, `email_page_invite`, `email_group_invite`, `sound_new_notification`, `sound_new_chat`, `ref`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s','%s');",
 $this->db->real_escape_string(strtolower($this->username)), md5($this->db->real_escape_string($this->password)),
 $this->db->real_escape_string($this->first_name), $this->db->real_escape_string($this->last_name),
 $this->db->real_escape_string($this->email), date("Y-m-d H:i:s"),
 ($this->profile_image ? $this->profile_image :'default.png'), 1, 'default.png',
 $this->verified, time(), $salt, $suspended, $this->db->real_escape_string(getUserIp()),
 1, 1, 1, 1, 1, 1, 1, 1,
 $this->email_comment, $this->email_like, $this->email_new_friend, $this->email_page_invite, $this->email_group_invite,
 1, 1,
 $ref);
- You can test that query in phpmyadmin by applying echo $query;, then copy the resulted string in phpmyadmin.
mlucicom Posts: 37
He insert no_ref at all new users.have you any other ideea?
Admin Posts: 805
If it is inserted 'no_ref' it means that the $_GET['ref'] is False (not in the address that accesses the file) or its value is deleted by other code in that script.