This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
How do I get PHP errors to display?
(27 answers)
Closed 12 months ago.
I created a form with the following fields I am getting a HTTP ERROR 500 message when I hit SUBMIT button on my form. I have created the database as a MySQL database with 4 fields. My PHP code looks like below.
<?php
$yname = $_POST['yname'];
$pname = $_POST['pname'];
$details = $_POST['details'];
$links = $_POST['links'];
if (!empty($yname) || !empty($pname) || !empty($details) || !empty($links)) {
$host = "localhost";
$dbUsername = "u172756077_admin";
$dbPassword = "";
$dbname = "u172756077_Form";
$conn = new mysqli($host, $username, $dbPassword, $dbname);
if (mysqli_connect_error()) {
die('Connect Error('. mysqli_connect_errno().')'.mysqli_cnnect_error());
}
else {
$SELECT = "SELECT pname From form Where pname = ? Limit 1";
$INSERT = "INSERT Into form (yname, pname, details, links) values(?, ?, ?, ?)";
$stmt = $conn->prepare($SELECT);
$stmt->bind_param("s", $pname);
$stmt->execute();
$stmt->bind_result($pname);
$stmt->store_result();
$stmt->fetch();
$rnum = $stmt->num_rows;
if ($rnum == 0) {
$stmt->close();
$stmt = $conn->prepare($Insert);
$stmt->bind_param("ssss",$yname, $pname, $details, $links);
if ($stmt->execute()) {
echo "New record inserted sucessfully.";
}
else {
echo $stmt->error;
}
}
else {
echo "Someone already registers using this email.";
}
$stmt->close();
$conn->close();
}
}
else {
echo "All fields are required.";
die();
}
else {
echo "Submit button is not set.";
}
?>
Related
This question already has an answer here:
"No data supplied for parameters in prepared statement"
(1 answer)
Closed 1 year ago.
i'm very new to php. So, I tried to make a simple form to order sandwiches, but when I click the submit button i get this error "No data supplied for parameters in prepared statement".
Btw, I copied most of the code from a YouTube video, and I don't know what some parts of the code actually do.
that's my code:
<?php
if (isset($_POST['submit'])) {
if (isset($_POST['nombre']) && isset($_POST['apellido']) &&
isset($_POST['bocadillo']) && isset($_POST['extra']) &&
isset($_POST['comentario']) && isset($_POST['comentario'])) {
$nombre = $_POST['nombre'];
$apellido = $_POST['apellido'];
$bocadillo = $_POST['bocadillo'];
$extra = $_POST['extra'];
$comentario = $_POST['comentario'];
$host = "localhost";
$dbUsername = "------";
$dbpassword = "------";
$dbName = "------";
$conn = new mysqli($host, $dbUsername, $dbpassword, $dbName);
if ($conn->connect_error) {
die('Could not connect to the database.');
}
else {
$Select = "SELECT extra FROM pedidos WHERE extra = ? LIMIT 1";
$Insert = "INSERT INTO pedidos(nombre, apellido, bocadillo, extra, comentario) values(?, ?, ?, ?, ?)";
$stmt = $conn->prepare($Select);
$stmt->execute();
$stmt->bind_result($resultemail);
$stmt->store_result();
$stmt->fetch();
$rnum = $stmt->num_rows;
if ($rnum == 0) {
$stmt->close();
$stmt = $conn->prepare($Insert);
if ($stmt->execute()) {
echo "New record inserted sucessfully.";
}
else {
echo $stmt->error;
}
}
else {
echo "Someone already registers using this email.";
}
$stmt->close();
$conn->close();
}
}
else {
echo "All field are required.";
die();
}
}
else {
echo "Submit button is not set";
}
?>
You're missing the bind_param statements for both queries
$Select = "SELECT extra FROM pedidos WHERE extra = ? LIMIT 1";
$stmt = $conn->prepare($Select);
$stmt->bind_param("s", $extra);
$stmt->execute();
and then in the insert
$Insert = "INSERT INTO pedidos(nombre, apellido, bocadillo, extra, comentario) values(?, ?, ?, ?, ?)";
$stmt = $conn->prepare($Select);
$stmt->bind_param("sssss", $nombre, $apellido, $bocadillo, $extra, $comentario);
$stmt->execute();
https://www.w3schools.com/php/php_mysql_prepared_statements.asp
This question already has answers here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
How to check if a row exists in MySQL? (i.e. check if username or email exists in MySQL)
(4 answers)
How to prevent duplicate usernames when people register?
(4 answers)
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 1 year ago.
Been struggling with this for a few days, and read a ton of similar problems but still haven't been able to figure it out. I am trying to take user information via an html form and update my database with it, but only if the username doesn't already exist...
Issue 1: No matter what, it can keep creating entries with the same username
Issue 2: I keep getting the error Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, bool given
I am sure they are connected but for the life of me I can't figure out what the fix is.
<?php
//declare variables
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "mypassword";
$db = "user_info";
if (!empty($_POST)) {
//connect to mysqli
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $db);
//check connection
if ($mysqli->connect_error) {
die('Connect Error: ' . $mysqli->connect_errno . ': ' . $mysqli->connect_error );
}
//declare user variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$user_name = $_POST['user_name'];
$pass = $_POST['pass'];
$address = $_POST['address'];
$phone = $_POST['phone'];
//get data from form
$sql = "INSERT INTO users (first_name, last_name, user_name, pass, address, phone) VALUES
('{$mysqli->real_escape_string($first_name)}',
'{$mysqli->real_escape_string($last_name)}',
'{$mysqli->real_escape_string($user_name)}',
'{$mysqli->real_escape_string($pass)}',
'{$mysqli->real_escape_string($address)}',
'{$mysqli->real_escape_string($phone)}')";
// ** HERE IS WHERE I AM HAVING ISSUES **
//query to see if entered username already exists
$result = $mysqli->query("SELECT * FROM users WHERE user_name =$user_name");
//alert if user name taken
if (mysqli_num_rows($result) > 0) {
echo "<b>Username already taken! Please select another.</b>";
} else {
//continue to insert into database if username is unique
$insert = $mysqli->query($sql);
//print response from mysql
if ($insert) {
echo "Success! Row ID: {$mysqli->insert_id}";
} else {
die("error: {$mysqli->errno}");
}
}
//close our app
$mysqli->close();
}
?>
Try like this
<?php
if (!empty($_POST)) {
//connect to mysqli
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $db);
//check connection
if ($mysqli->connect_error) {
die('Connect Error: ' . $mysqli->connect_errno . ': ' . $mysqli->connect_error );
}
//declare user variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$user_name = $_POST['user_name'];
$pass = $_POST['pass'];
$address = $_POST['address'];
$phone = $_POST['phone'];
$query = $mysqli->prepare("SELECT count(*) FROM users WHERE user_name = ?");
$query->bind_param('s', $user_name);
$query->bind_result($cnt);
$query->execute();
$query->store_result();
$query->fetch();
$query->close();
if ($cnt > 0) {
echo "<b>Username already taken! Please select another.</b>";
} else {
$query = $mysqli->prepare("INSERT INTO users (first_name, last_name, user_name, pass, address, phone) VALUES (?,?,?,?,?,?)");
$query->bind_param('ssssss', $first_name, $last_name, $user_name, $pass, $address, $phone);
$query->execute();
if ($query->execute()) {
echo "Success! Row ID: {$query->insert_id}";
} else {
die("error: {$query->errno}");
}
$query->close();
}
}
This question already has answers here:
How to use mysqli prepared statements?
(3 answers)
Closed 2 years ago.
I'm Reviewing this code I got from YouTube to help my understanding about connecting PHP to MySQL
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$email = $_POST['email'];
$phoneCode = $_POST['phoneCode'];
$phone = $_POST['phone'];
if (!empty($username) || !empty($password) || !empty($gender) || !empty($email) || !empty($phoneCode) || !empty($phone)) {
$host = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbname = "youtube";
//create connection
$conn = new mysqli($host, $dbUsername, $dbPassword, $dbname);
if (mysqli_connect_error()) {
die('Connect Error('. mysqli_connect_errno().')'. mysqli_connect_error());
} else {
$SELECT = "SELECT email From register Where email = ? Limit 1";
$INSERT = "INSERT Into register (username, password, gender, email, phoneCode, phone) values(?, ?, ?, ?, ?, ?)";
//Prepare statement
$stmt = $conn->prepare($SELECT);
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->bind_result($email);
$stmt->store_result();
$stmt->store_result();
$stmt->fetch();
$rnum = $stmt->num_rows;
if ($rnum==0) {
$stmt->close();
$stmt = $conn->prepare($INSERT);
$stmt->bind_param("ssssii", $username, $password, $gender, $email, $phoneCode, $phone); //line 32
$stmt->execute();
echo "New record inserted sucessfully";
} else {
echo "Someone already register using this email";
}
$stmt->close();
$conn->close();
}
} else {
echo "All field are required";
die();
}
?>
My question is what "ssssii" on line 32 do?
and also what values (?,?,?,?,?,?) On $insert for?
Source: Code and Coins YouTube.
This is prepared statement. S is string i is integer.
The (?,?,?,?) is for the script to know where to bind the params to
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 3 years ago.
I’m having some problems with my database.
MySQL database is organized as:
——————————————————————
userId | value
——————————————————————
63 | {"pro":true}
The GET requests are working just fine but not the POST requests.
POST requests return me just nothing, when it should return a JSON with a success index.
This is my index.php code:
<?php
$database = "";
$username = "";
$password = "";
$servename = "localhost";
$connection = new mysqli($servername, $username, $password, $database);
if ($connection->connect_error) {
die("Connection failure: ".$connection->$connection_error);
}
header("Content-type: application/json");
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if ($_GET["userId"]) {
$result = $connection->query("SELECT value FROM main_table WHERE userId = ".$_GET["userId"]);
if ($result->num_rows > 0) {
echo $result;
}
else {
echo json_encode(array());
}
}
}
elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST["userId"] && $_POST["value"]) {
$result = $connection->query("INSERT INTO main_table (userId, value) VALUES ('".$_POST["userId"]."', '".$_POST["value"]."')");
if ($result) {
echo json_encode(array("success" => TRUE));
}
else {
echo json_encode(array("success" => FALSE));
}
}
}
$connection->close();
?>
Could you guys spot any mistakes in my code?
Thank you in advance!
your code is not secure ,Use this to avoid sql injection
Simple you can should as below code ..also better safety
For select
$query = "
SELECT *
FROM main_table
WHERE userId= ?
";
$stmt = $connection->prepare($query);
$userId=$_GET["userId"];
$stmt->bind_param("i", $userId);
$result = $stmt->get_result();
$rows=[];
while ($data = $result->fetch_assoc())
{
$rows[] = $data;
}
echo json_encode($rows);
Insert for example
$stmt = $connection->prepare("INSERT INTO main_table (value,userId) VALUES (?, ?)");
$stmt->bind_param("ii", $_POST['value'], $_POST['userId']);
if($stmt->execute())
{
echo "insert successful";
}
else
{
echo "couldn't insert successful";
}
$stmt->close();
This question already has answers here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
How can I prevent SQL injection in PHP?
(27 answers)
Reference - What does this error mean in PHP?
(38 answers)
Closed 4 years ago.
I have created this for a user registration. I am testing this to be input into the SQL database prior to going further. For some reason, this will not input into my database. Any ideas?
I appreciate your assistance.
<?php
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$email = $_POST['email'];
if (!empty($uid) || !empty($pwd) || !empty($email)) {
$host = "localhost";
$dbUsername = "connectg";
$dbPassword = "";
$dbname = "my_connectg";
//create connection
$conn = new mysqli($host, $dbUsername, $dbPassword, $dbname);
if (mysqli_connect_error()) {
die('Connect Error('. mysqli_connect_errno().')'. mysqli_connect_error());
} else {
$SELECT = "SELECT email From users Where email = ? Limit 1";
$INSERT = "INSERT Into users (uid, pwd, email) values(?, ?, ?)";
//Prepare statement
$stmt = $conn->prepare($SELECT);
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->bind_result($email);
$stmt->store_result();
$rnum = $stmt->num_rows;
if ($rnum==0) {
$stmt->close();
$stmt = $conn->prepare($INSERT);
$stmt->bind_param("ssi", $uid, $pwd, $email);
$stmt->execute();
echo "New record inserted sucessfully";
} else {
echo "Someone already register using this email";
}
$stmt->close();
$conn->close();
}
} else {
echo "All field are required";
die();
}
?>