<?php
require '../config.php';
include_once('sql_check.php');
check_inject();
$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msdb=mssql_select_db("MuOnline",$msconnect);
$user = stripslashes($_POST['user']);
$email = stripslashes($_POST['email']);
$number = stripslashes($_POST['number']);
$pass = stripslashes($_POST['pass']);
if ((eregi("[^a-zA-Z0-9_-]", $user)) ||
(eregi("[^a-zA-Z0-9\.@_-]", $email)) ||
(eregi("[^a-zA-Z0-9_-]", $number)) ||
(eregi("[^a-zA-Z0-9_-]", $pass)) )
{
echo("SQL Injection Detected. Make sure to ONLY use letters (a-Z) and numbers (0-9)!");
exit();
}
$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msdb=mssql_select_db("MuOnline",$msconnect);
$sql_email_check = mssql_query("SELECT mail_addr FROM MEMB_INFO WHERE mail_addr='$email'");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$user'");
$email_check = mssql_num_rows($sql_email_check);
$username_check = mssql_num_rows($sql_username_check);
if (empty($user) || empty($email) || empty($number) || empty($pass) ) {
echo "Please fix the following error:<br />Some fields were left blank. Please go back and try again."; $Error=1;
}
elseif (($email_check > 0) || ($username_check > 0)){
echo "Please fix the following errors: <br />";
if($email_check > 0){
echo "<strong>Your email address has already been used by another member
in our database. Please submit a different Email address!<br />";
$Error=1;
}
if ($username_check > 0){
echo "The username you have selected has already been used by another member
in our database. Please choose a different Username!<br />";
$Error=1;
}
}
if ($Error!=1){
$msquery2 = "SET IDENTITY_INSERT MEMB_INFO ON";
$msquery3 = "INSERT INTO MEMB_INFO (memb_guid,memb___id,memb__pwd,memb_name,sno__numb,post_code,addr_info,addr_deta,tel__numb,mail_addr,phon_numb,fpas_ques,fpas_answ,job__code,appl_days,modi_days,out__days,true_days,mail_chek,bloc_code,ctl1_code) VALUES ('1','$user','$pass', '1','1234','11111','$number','12343','$email','$email','1','2009-08-12','2009-08-12','2009-08-12','2009-08-12','1','0','1')";
$msquery4 = "INSERT INTO VI_CURR_INFO (ends_days,chek_code,used_time,memb___id,memb_name,memb_guid,sno__numb,Bill_Section,Bill_value,Bill_Hour,Surplus_Point,Surplus_Minute,Increase_Days ) VALUES ('2009','1',1234,'$user',1,'7','6','3','6','6','2009-08-12 23:06:00','0' )";
$msresults= mssql_query($msquery2);
$msresults= mssql_query($msquery3);
$msresults= mssql_query($msquery4);
?>
като гледам постовете, но да видим. Дано да го направите 
