login, registracia - problem :pri registracii nezapise do DB

  INDEX.PHP:

<?php

session_start();

if((isset($_SESSION['prihlaseny_uzivatel']) &&

          $_SESSION['prihlaseny_uzivatel'] != "" ) ||

   (isset($_SESSION['heslo']) &&

          $_SESSION['heslo'] != "" )) {



 include "prihlaseny_uzivatel.php";   }   

?>


_______________________________________________________________________________________________

prihlaseny_uzivatel.php:

<!doctype html>

<HTML xmlns="http://www.w3.org/1999/xhtml" xml:lang="sk" lang="sk">

 <HEAD>

  <META http-equiv="content-type" content="text/html; charset=utf-8" />

  <link rel="stylesheet" type="text/css" href="style.css" />

  <TITLE>&bull; Najväčšia slovenská internetová knižnica</TITLE>

 </HEAD>

  <body>

Prihlásený užívatež:

<b><?php echo $_SESSION['prihlaseny_uzivatel']; ?></b>.<br>

<a href="osobna_stranka.php">Upravi pofil</a>

  </body>

  </html>


_______________________________________________________________________________________________

neprihlaseny_uzivatel.php:

<!doctype html>

<HTML xmlns="http://www.w3.org/1999/xhtml" xml:lang="sk" lang="sk">

 <HEAD>

  <META http-equiv="content-type" content="text/html; charset=utf-8" />

  <link rel="stylesheet" type="text/css" href="style.css" />

  <TITLE>&bull;  Najväčšia slovenská internetová knižnica</TITLE>

 </HEAD>

  <body>

Nieste prihlĂĄsenĂ˝, aby ste mohli sĹĽahovaĹĽ musĂ­te sa prihlĂĄsiĹĽ, prihlĂĄste sa

kliknutĂ­m <a href="prihlasit_uzivatela.php">TU</a>. Ak nieste registrovanĂ˝ tak sa

zdarma registrujtu <a href="registrovat.php">TU</a>.

  </body>

  </html>


_______________________________________________________________________________________________

spojenie.inc.php:

<?php

$spojenie = mysql_connect("localhost", "root", "") or die(mysql_error());

$db = mysql_select_db("registration") or die(mysql_error());

?>


_______________________________________________________________________________________________

registrovat.php:

<?php

session_start();

ob_start();

include "spojenie.inc.php";

?>



<!doctype html>

<HTML xmlns="http://www.w3.org/1999/xhtml" xml:lang="sk" lang="sk">

 <HEAD>

  <META http-equiv="content-type" content="text/html; charset=utf-8" />

  <link rel="stylesheet" type="text/css" href="style.css" />

  <TITLE>&bull; Najväčšia slovenskĂĄ internetovĂĄ kniĹžnica</TITLE>

 </HEAD>

  <body>

 

<?php



$uzivatel = $_POST['uzivatel'];

$heslo = $_POST['heslo'];

$email = $_POST['email'];

$icq = $_POST['icq'];





if(isset($_POST['odoslat']) && $_POST['odoslat'] == "RegistrovaĹĽ") {

 if($_POST['uzivatel'] != "" &&

    $_POST['heslo'] != "" &&

    $_POST['email'] != "" &&

    $_POST['icq']   != ""){

   

$sql = mysql_query("SELECT username FROM user_info WHERE username =" . $_POST['uzivatel']);

$vysledok = mysql_query($sql) or die(mysql_error());

 if(mysql_num_rows($vysledok) != 0 ){

?>

Nick<?php echo $_POST['uzivatel'];?>už existuje.



<form action="registrovat.php" method="POST">

Nick:<input type="text" name="uzivatel"><br>

Heslo:<input type="password name="heslo" value="<?php echo $_POST['heslo']; ?>"><br>

E-Mail:<input type="text" name="email" value="<?php echo $_POST['email']; ?>"><br>

ICQ:<input type="text" name="icq" value="<?php echo $_POST['icq']; ?>"><br><br>

<input type="submit" value="RegistrovaĹĽ"> &nbsp; <input type="reset" value="VyprĂĄzdniĹĽ">

</form>



<?php

} else {

$sql = mysql_query("INSERT INTO user_info (username, password, email, icq) VALUES ('$uzivatel','$heslo','$email,'$icq')");   

echo htmlspecialchars("INSERT INTO user_info (username, password, email, icq) VALUES ('$uzivatel','$heslo','$email,'$icq')");

$vysledok = mysql_query($sql) or die(mysql_error());

$_SESSION['prihlaseny_uzivatel'] = $_POST['uzivatel'];

$_SESSION['heslo'] = $_POST['heslo'];         

?>

Ďakujeme za registráciu.



<?php

header( "Refresh: 5; URL=index.php");

echo "Vasa registracia je dokoncena !" .

      "Budete presmerovany na vyzadovanu stranku, ak ste do 5 sekund neboli presmerovany, kliknite na nasleujuci odkaz" .

      "<a href=\"index.php\">Kliknitu tu !</a>";

die();

}}

else {

?>



<form action="registrovat.php" method="POST">

Nick:<input type="text" name="uzivatel" value="<?php echo $_POST['uzivatel']; ?>"> <br>

Heslo:<input type="password name="heslo" value="<?php echo $_POST['heslo']; ?>"> <br>

E-Mail:<input type="text" name="email" value="<?php echo $_POST['email']; ?>"> <br>

ICQ:<input type="text" name="icq" value="<?php echo $_POST['icq']; ?>"> <br> <br>

<input type="submit" value="RegistrovaĹĽ"> &nbsp; <input type="reset" value="VyprĂĄzdniĹĽ">

</form>



<?php

}}

else {

?>



<form action="registrovat.php" method="POST">

Nick:<input type="text" name="uzivatel"> <br>

Heslo:<input type="password name="heslo"> <br>

E-Mail:<input type="text" name="email"> <br>

ICQ:<input type="text" name="icq"> <br> <br>

<input type="submit" value="RegistrovaĹĽ"> &nbsp; <input type="reset" value="VyprĂĄzdniĹĽ">

</form>



<?php

}

?>



</body>

</html>

PRED:
$sql = mysql_query("SELECT username FROM user_info WHERE username =" . $_POST['uzivatel']);

$vysledok = mysql_query($sql)

PO:
$sql = "SELECT username FROM user_info WHERE username =" . $_POST['uzivatel'];

$vysledok = mysql_query($sql);

PRED:
$sql = "SELECT username FROM user_info WHERE username =" . $_POST['uzivatel']);

$vysledok = mysql_query($sql);
PO:
$sql = "SELECT username FROM user_info WHERE username ='" . $_POST['uzivatel']."'";

$vysledok = mysql_query($sql);