pleas tell me whats wrong with this code:
__________________________________________________ ___________________________________
maybe its not the PHP so pleas tell me what is wrong
i think i got whats wrong.. how do make "sa" in the SQL-EXPRESS to allow login for my database
PHP Code:
<style type="text/css">
<!--
body,td,th {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
color: #FFFFFF;
}
body {
background-color: #000000;
}
-->
</style>
<?php
$mssql = array(
'host' => "USER-PC\SQLEXPRESS",
'user' => "sa",
'pass' => "1234"
);
function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
if($_POST['activ'] == '1') {
$accname = anti_injection($_POST['accname']);
$accpass1 = anti_injection($_POST['accpass1']);
$accpass2 = anti_injection($_POST['accpass2']);
$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
$result1 = mssql_query("SELECT * FROM silk.dbo.users WHERE id = '".$accname."'",$con);
$row1 = mssql_num_rows($result1);
if(empty($accname) || empty($accpass1) || empty($accpass2)|| empty($accname)) {
echo "<br>You didnt fill in all fields<a href='javascript:history.back()'>Go Back</a>";
} elseif($row1 > '0' || $row2 > '0') {
echo "<br>This Account name already exists.<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 != $accpass2) {
echo "<br>The passwords did not match<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 == $accname) {
echo "<br>Account name and password are the same.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accname)) {
echo "<br>Enter a account name only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accpass1)) {
echo "<br>Enter a password only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accname) < 3 || strlen($accname) > 15) {
echo "<br>Username Must be above 3 and lower then 15 <a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accpass1) < 3 || strlen($accpass1) > 15) {
echo "<br>Password Must be above 3 and lower then 15 .<a href='javascript:history.back()'>Go Back</a>";
} else {
$accpass = md5($accpass1);
$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
mssql_query("INSERT INTO silk.dbo.users (
id,
password,
online,
unknown,
unknown2,
silk,
gold
)
VALUES (
'".$accname."',
'".$accpass."',
'0',
'0',
'0',
'0',
'0'
)",$con);
?>
<center>
<table width="500">
<tr>
<td colspan='2' align='center'><img src="top.jpg" width="500" height="300" /></td>
</tr>
<tr>
<td colspan="2" align="center" bgcolor="#333333">
Welcome to srevolution! Below are your details! Keep them safe!
</td>
</tr>
<tr>
<td bgcolor="#666666">
Account name:
</td>
<td bgcolor="#666666">
<b><?php echo "".$accname.""; ?></b>
</td>
</tr>
<tr>
<td bgcolor="#333333">
Your password:
</td>
<td bgcolor="#333333">
<b><?php echo "".$accpass1.""; ?></b>
</td>
</tr>
</table>
</center>
<?php
}
} else {
$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
$result1 = mssql_query("SELECT * FROM silk.dbo.users",$con);
$row1 = mssql_num_rows($result1);
?>
<form action='reg.php' method='POST'>
<center>
<table width="500">
<tr>
<td colspan='2' align='center'>
<img src="top.jpg" width="500" height="300" />
</td>
</tr>
<tr>
<td bgcolor="#333333">Account Name</td>
<td bgcolor="#333333">
<input type='text' name='accname' maxlength='12'>
</td>
</tr>
<tr>
<td bgcolor="#666666">Password</td>
<td bgcolor="#666666">
<input type='password' name='accpass1' maxlength='12'>
</td>
</tr>
<tr>
<td bgcolor="#333333">Again pass.</td>
<td bgcolor="#333333">
<input type='password' name='accpass2' maxlength='12'>
</td>
</tr>
<tr>
<td align='center' bgcolor="#666666">
</td>
<td align='right' bgcolor="#666666">
<input type='hidden' name='activ' value='1' />
<input name="submit" type='submit' value='Create Account' />
</td>
</tr>
</table>
</center>
</form>
<?php
}
?>
maybe its not the PHP so pleas tell me what is wrong
i think i got whats wrong.. how do make "sa" in the SQL-EXPRESS to allow login for my database