Untitled

<?php
$serverName = "127.0.0.1"; //serverName\instanceName
$connectionInfo = array( "Database"=>"dnmembership", "UID"=>"DragonNest", "PWD"=>"FD9D60B133f498b");
$conn = sqlsrv_connect( $serverName, $connectionInfo);

if($conn) {

     //do nothing here.

}else{
     echo "Connection could not be established.<br />";
     die( print_r( sqlsrv_errors(), true));
}

if($_POST['submit']) // checks to see if the player has pressed submit to get to this page.
{
    //gather the submitted details and clean it using stripslashes
    $Username = stripslashes($_POST['username']);
    $Password = stripslashes($_POST['password']);
    $PasswordConfirm = stripslashes($_POST['confirmpassword']);

    //FOR EXTRA SECURITY
    mysql_real_escape_string($Username);
    mysql_real_escape_string($Password);
    mysql_real_escape_string($PasswordConfirm);

	if($PasswordConfirm !=$Password){ echo("The passwords do not match.");}
	if((!$Password) || (!$PasswordConfirm)){ echo("Please re enter your information.");}

	else{
    sqlsrv_query($conn, "INSERT INTO dnmembership.dbo.Accounts (AccountName, AccountLevelCode, GameOption, CharacterCreateLimit, LastCharacterCreateDate, CharacterMaxCount, LastLoginDate, LastLogoutDate, LastLoginIP, LastSessionID, JoinIP, RegisterDate, PublisherCode, GenderCode, BirthDate, Passphrase, NationalityCode, ChannelPartnerCode,NxLoginPwd)
VALUES ('$Username', '0', NULL, '7', NULL, '4', NULL, NULL, NULL, NULL, NULL, GETDATE(), '4', NULL, NULL, NULL, NULL, NULL, (SELECT substring(sys.fn_VarBinToHexStr(hashbytes('MD5','$Password')),3,32))) DECLARE @return_value int
EXEC @return_value = [dbo].[P_ModCashBalance]
@nvcAccountName = N'$Username', @IntCashBalance = 0
SELECT 'Return Value' = @return_value") or die("That account already exists, try a different username.");

echo("Your account has been created, have fun at BlackDN.");
	}
}
else
{
    echo("Access to this page has been denied.");
}

?>