2

I am a beginner to php and mySQL and I am currently using dreamweaver for the GUI to help me learn.

I am trying to create a member registration form to register users into database. What I aim to do is to have the username be generated from the first and last name of the user. For example: First name: John, Last name: Smith. username will automatically be generated as john.smith (disregarding the capital)

I read about concatenating in php and came up with the code:

GetSQLValueString($_POST['firstname'], "text").GetSQLValueString('.'.$_POST['lastname'], "text"),

However, when I checked the stored data in mySQL it returns firstname'.lastname. i.e. john'.smith. (Notice the extra apostrophe following the firstname)

This was my source: http://forums.phpfreaks.com/index.php?topic=294444.0, the original poster mentioned that he modified some code that dreamweaver used. But I can't figure out which one to change.

See below for my existing code so far: 

<?php require_once('../Connections/connSQL.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{  if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 switch ($theType) {
case "text":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;    
case "long":
case "int":
  $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  break;
case "double":
  $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
  break;
case "date":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;
case "defined":
  $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  break;
  }
    return $theValue;
 }
}

  $editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO member (m_firstname, m_lastname, m_username, m_password, m_workphone, m_address) VALUES (%s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['firstname'], "text"),
                       GetSQLValueString($_POST['lastname'], "text"),
                       GetSQLValueString($_POST['firstname'], "text").GetSQLValueString(' .'.$_POST['lastname'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['passwordcheck'], "text"),
                       GetSQLValueString($_POST['address'], "text"));
Improve this question

1 Answer 1

Reset to default
3

You probably want this:

GetSQLValueString($_POST['firstname'] . '.' . $_POST['lastname'], "text")

Concatenate the values and then escape the resulting string, instead of escaping the values first and then trying to concatenate the result. If you really wanted to escape them first, you could do:

sprintf("CONCAT(%s, '.', %s)",
    GetSQLValueString($_POST['firstname'], "text"),
    GetSQLValueString($_POST['lastname'], "text"))

But there is no reason to.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

You are a lifesaver. Thank you so much! If I want to use the username, concatenate and add @domain.com to store it as an email what is the script I should use in php?
@alchuang Any such question can be answered as: concatenate the strings together in PHP and then escape them. When converting data from one form to another (from a "PHP string" to a "database string") you always do so at the last possible moment -- when the data actually moves between layers.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.