so funzt die reg.php gut nur sobalt ich da was ändere is sie im Ar*** 
SQL
- <?php
- include("config.php");
- $connect = odbc_connect("Driver={SQL Server};Server={$host}; Database={$dbname}", $user, $pass) or die("Can't connect the MSSQL server.");
- ?>
- <html>
- <head>
- <title>Silkroad Registration</title>
- </head>
- <body>
- <table width='350'>
- <form action='reg.php?act=regis' method='POST'>
- <tr>
- <td><b><font size="5" color="white">Silkroad Registration</font></b></td><br><br>
- </tr>
- <tr>
- </tr>
- <tr>
- <td width='50px'><input value='Username' type='text' name='username'></td>
- </tr>
- <tr>
- <td width='50px'><input value='password' type='password' name='password'></td>
- </tr>
- <tr>
- <td width='50px'><input value='Player Name' type='text' name='playername'></td>
- </tr>
- <tr>
- <td width='50px'><input value='E-Mail' type='text' name='email'></td>
- </tr>
- <tr>
- <td width='50px'><input type='submit' value='Register'></td>
- </tr>
- <div style="position:relative; top:-30px; left:135px;">
- <a href="recover.php">Forgot Account ID/Pass?</a>
- </div>
- <?php
- $ip = ($_SERVER['REMOTE_ADDR']);
- if (isset($_GET['act']) AND $_GET['act'] == "regis")
- {
- $regdate = date("Y-m-d H:i:s");
- function anti_injection($sql) {
- $sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|'|"|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
- $sql = trim($sql);
- $sql = strip_tags($sql);
- $sql = addslashes($sql);
- return $sql;
- }
- $username=anti_injection($_POST['username']);
- $password=md5($_POST['password']);
- $password2=anti_injection($_POST['password']);
- $playername=anti_injection($_POST['playername']);
- $email=anti_injection($_POST['email']);
- if (!$_POST['username'] )
- {
- echo "<script>alert('Username is empty');location.href='reg.php';</script>";
- die();
- }
- else
- if (!$_POST['password'] )
- {
- echo "<script>alert('Password is empty');location.href='reg.php';</script>";
- die();
- }
- else
- if (!$_POST['playername'] )
- {
- echo "<script>alert('player name is empty');location.href='reg.php';</script>";
- die();
- }
- else
- if (!$_POST['email'] )
- {
- echo "<script>alert('E-Mail is empty');location.href='reg.php';</script>";
- die();
- }
- $query = odbc_exec($connect, "SELECT StrUserID FROM TB_User WHERE StrUserID = '$username'");
- $existing_users = odbc_num_rows($query);
- if($existing_users != 0) {
- echo "<script>alert('Username already taken!');location.href='reg.php';</script>";
- die();
- } else
- odbc_exec($connect, "INSERT INTO TB_User (StrUserID, password, Name, Email, sec_primary, sec_content, AccPlayTime, LatestUpdateTime_ToPlayTime) VALUES ('$username', '$password', '$playername', '$email', '3', '3', '0', '0')");
- echo "<script>alert('Account Registration Successful! \\nUsername: $username \\nPassword: $password2');location.href='$index';</script>";
- }
- ?>
- <br/>
- </body>
- <tr>
- </tr>
- </table>
- </html>
