Welcome to the Second Life Forums Archive

These forums are CLOSED. Please visit the new forums HERE

LSL - PHP - Can someone take a look

Everett Streeter
Registered User
Join date: 28 Apr 2007
Posts: 20
09-18-2007 13:26
I am working on a registration system for my web site. I can't seem to get the info to write to my sql database.

Here is the LSL:

default
{
state_entry()

{
llSetText( "Touch to open your free account", < 1,1,1>, 1 );
}

touch_start(integer total_number)
{

string name;
string password;

name = llDetectedName(0);
password = llDetectedKey(0);

llSay( 0, "Your Login name is your Second Life Name, " + name +". Your password is " + password + ". Please copy your password from History and visit www.xxxxxxx.com where you can then change your password to something you remember.";);

llHTTPRequest( "http://www.xxxxxxxxxx.com/xxxxxxxxx.php", [HTTP_METHOD,"POST",HTTP_MIMETYPE,"application/x-www-form-urlencoded"], "name, password";);
}

}




Here is the PHP:

<?php

$host="xxxxxxxxx.secureserver.net";
$user="xxxxxxxxx";
$pwd="xxxxxxxxx";
$sys_dbname="xxxxxxxxxx";

$password = $_POST[password];
$name = $_POST[name];

$link = mysql_connect($host, $user, $pwd) or die('MySQL Error');
mysql_select_db($sys_dbname, $link) or die('MySQL Error');

$query = "INSERT INTO 'register' ('password', 'Second_Life_Name') VALUES ('".$password."', '".$name."')";

mysql_query($query) or die(mysql_error());
mysql_close();

?>



Any help/comments would be appreciated:)

Thanks,

Everett Streeter
Haruki Watanabe
llSLCrash(void);
Join date: 28 Mar 2007
Posts: 434
09-18-2007 14:20
First, I guess that there's an error in the LSL Code here:

llHTTPRequest( "http://www.xxxxxxxxxx.com/xxxxxxxxx.php", [HTTP_METHOD,"POST",HTTP_MIMETYPE,"application/x-www-form-urlencoded"], "name, password";);

Like this, you're not really passing the variables to the PHP-Script

try:

llHTTPRequest( "http://www.xxxxxxxxxx.com/xxxxxxxxx.php", [HTTP_METHOD,"POST",HTTP_MIMETYPE,"application/x-www-form-urlencoded"], "name=" + name + "&password=" + password);

in the PHP-Script, you should change this

$password = $_POST[password];
$name = $_POST[name];

to this:

$password = $_POST['password'];
$name = $_POST['name'];

without the single quotes, PHP looks for a constant with the name «password/name» which would result in a NULL-Value.
You could also put them into double quotes ($_POST["password"]) but the single quotes are better since PHP doesn't need to compile the value in the double quotes (or something like this, I can't really remember :) - but the single quotes are much more effective.

HTH
Doofus Mayo
Registered User
Join date: 7 Jun 2007
Posts: 33
09-18-2007 14:55
Another small point. If you use llInstantMessage instead of llSay(0,... when telling someone their username and password it wont be heard by anyone else around, just them.
Lyn Mimistrobell
(waiting)
Join date: 11 Jan 2007
Posts: 179
09-19-2007 02:18
Usually, PHP will succesfully read $_POST[password]. If "password" isn't defined as a constant, PHP will give a warning or notice something like "constant password isn't designed, assuming 'password'"..

Tho I agree you should use $_POST['password'] as a matter of proper coding. No properly coded script should ever have warnings or notices.

Another issue.. You should validate the name and password in PHP. Sending variables straight to the database without a check is very dangerous. (check http://en.wikipedia.org/wiki/SQL_injection).