This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 2 years ago.
I've created an update page, where users can update their cards. It's working fine on localhost, but I just uploaded it to 000webhostapp and my database doesn't update. I don't get any errors, or anything, it just doesn't update it. I'm using Xampp for the localhost.
My update code:
<?php
session_start();
define('DB_SERVER', 'localhost');
define('DB_USERNAME', '1');
define('DB_PASSWORD', '2');
define('DB_NAME', '3');
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] === false){
header("Location: login.php");
} else {
$mysqli = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
mysqli_set_charset($mysqli, "utf8");
if($mysqli === false){
die("failed to connect. " . mysqli_connect_error());
}
$id = $_GET['id'];
if (isset($_POST['sub'])) {
$name = $_POST['name'];
$phone = $_POST['phone'];
$phone2 = $_POST['phone2'];
$email = $_POST['email'];
$zipcode = $_POST['zipcode'];
$address = $_POST['address'];
$company = $_POST['company'];
$job = $_POST['job'];
$description = $_POST['description'];
$userid = $_SESSION['id'];
if (
strlen($name) < 31 &&
strlen($job) < 51 &&
strlen($zipcode) < 5 &&
strlen($email) < 51 &&
strlen($phone) < 21 &&
strlen($phone2) < 21 &&
strlen($address) < 51 &&
strlen($company) < 51 &&
strlen($description) < 501) {
$stmt = $mysqli -> prepare('UPDATE cards SET name=?, phone=?, phone2=?, email=?, zipcode=?, address=?, company=?, job=?, description=?, visibility=?, confirmed=? WHERE id = ?');
$stmt->bind_param('ssssissssiii', $name, $phone, $phone2, $email, $zipcode, $address, $company, $job, $description, $visibility, $confirmed, $id);
$success = $stmt -> execute();
if ($success) {
echo "Sikeres módosítás!";
}
} else {
echo $mysqli -> error;
}
}
$getstmt = $mysqli->prepare("SELECT * FROM cards WHERE id= ?");
if ($getstmt and
$getstmt->bind_param('i', $id) and
$getstmt->execute() and
$result = $getstmt->get_result() and
$row = $result->fetch_assoc()
) {
if($row['userid'] == $_SESSION['id']){
$name = $row['name'];
$phone = $row['phone'];
$phone2 = $row['phone2'];
$email = $row['email'];
$zipcode = $row['zipcode'];
$address = $row['address'];
$company = $row['company'];
$job = $row['job'];
$description = $row['description'];
}else{
header("Location: index.php");
}
?>
It is so frustrating because I have absolutely no idea why it doesn't work there if it's working on localhost...
The problem was that in my mysli->prepare, I wanted to use the 'visbility' and the 'confirmed' columns, but I don't change them here. Thanks #Dharman for helping me with exceptions. It helped a lot.
Related
I'm using strlen to check my inputs values. I want to forbid to the users to send data to my database if the strlen is too long. I didn't find any way to forbid it, so anyone can send as long values as he wants right now. Here's my code:
if (isset($_POST['sub'])) {
$name = $_POST['name'];
$phone = $_POST['phone'];
$phone2 = $_POST['phone2'];
$email = $_POST['email'];
$zipcode = $_POST['zipcode'];
$address = $_POST['address'];
$job = $_POST['job'];
$description = $_POST['description'];
$userid = $_SESSION['id'];
$stmt = $mysqli -> prepare('UPDATE cards SET name=?, phone=?, phone2=?, email=?, zipcode=?, address=?, job=?, description=?, visibility=?, confirmed=? WHERE id = ?');
if (
$stmt &&
$stmt->bind_param('ssssisssiii', $name, $phone, $phone2, $email, $zipcode, $address, $job, $description, $visibility, $confirmed, $id) &&
$stmt -> execute()
) {
echo "Sikeres módosítás!";
} else {
echo $mysqli -> error;
}
}
$getstmt = $mysqli->prepare("SELECT * FROM cards WHERE id= ?");
if ($getstmt and
$getstmt->bind_param('i', $id) and
$getstmt->execute() and
$result = $getstmt->get_result() and
$row = $result->fetch_assoc()
) {
if($row['userid'] == $_SESSION['id']){
$name = $row['name'];
$phone = $row['phone'];
$phone2 = $row['phone2'];
$email = $row['email'];
$zipcode = $row['zipcode'];
$address = $row['address'];
$job = $row['job'];
$description = $row['description'];
}else{
header("Location: index.php");
}
I check the length of inputs here:
if(strlen($name) > 30)
{
echo "test";
exit();
}
if(strlen($job) > 50)
{
echo "test";
exit();
}
if(strlen($email) > 50)
{
echo "test";
exit();
}
//more of these strlen checks
//and html code under that
How can I modify the echo parts to forbid to send the datas?
Well, if you really have to do it your way, you can throw an exception.
However, more common way is to bind your data to model, validate the model checking any business constraints (using the validator) and then acting accordingly. There is plenty of web frameworks providing such an abstraction in any programming language, for PHP see Laravel for inspiration.
I'm making an update page where users can edit their business cards' informations, like phone, address..
The problem is, I'm getting their cards id in this way:
Edit
so they can see their card id in the search bar and if they just simply change the id, they can edit anyone's card informations. I wanted to check if the user's id equals to his card userid - (this is a foreign key in the database) and if not, redirect him to the index page. The problem is, I'm still allowed to edit anyone's card because the userid doesn't change.
my update code:
session_start();
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_NAME', 'reg');
/* Attempt to connect to MySQL database */
$mysqli = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
// Check connection
if($mysqli === false){
die("HIBA: Nem sikerült csatlakozni. " . mysqli_connect_error());
}
$id = $_GET['id'];
var_dump($_SESSION);
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$phone = $_POST['phone'];
$phone2 = $_POST['phone2'];
$email = $_POST['email'];
$zipcode = $_POST['zipcode'];
$address = $_POST['address'];
$job = $_POST['job'];
$description = $_POST['description'];
$userid = $_SESSION['id'];
if( $_SESSION['id'] != $userid){
header("Location: index.php");
}
$stmt = $mysqli -> prepare('UPDATE cards SET name=?, phone=?, phone2=?, email=?, zipcode=?, address=?, job=?, description=?, visibility=?, confirmed=? WHERE id = ?');
if (
$stmt &&
$stmt->bind_param('ssssisssii', $name, $phone, $phone2, $email, $zipcode, $address, $job, $description, $visibility, $confirmed) &&
$stmt -> execute()
) {
echo 'Updated';
} else {
echo $mysqli -> error;
}
}
$getstmt = $mysqli->prepare("SELECT * FROM cards WHERE id= ?");
if ($getstmt and
$getstmt->bind_param('i', $id) and
$getstmt->execute() and
$result = $getstmt->get_result() and
$row = $result->fetch_assoc()
) {
$name = $row['name'];
$phone = $row['phone'];
$phone2 = $row['phone2'];
$email = $row['email'];
$zipcode = $row['zipcode'];
$address = $row['address'];
$job = $row['job'];
$description = $row['description'];
my database: (users)
id- username- password- created- admin-
----------------------------------------------
1 John 112 2020-12-23 2435
cards:
id- name- phone- phone2- email- zipcode- address- job- description- visibility- userid-
-----------------------------------------------------------------------------------------------------
1 John 112 233 a#a.com 2435 dfdf 34. test uzlh 0 1
Something Like that
$getstmt = $mysqli->prepare("SELECT * FROM cards WHERE id= ?");
if ($getstmt and
$getstmt->bind_param('i', $id) and
$getstmt->execute() and
$result = $getstmt->get_result() and
$row = $result->fetch_assoc()
) {
if($row['userid'] == $_SESSION['id']){
$name = $row['name'];
$phone = $row['phone'];
$phone2 = $row['phone2'];
$email = $row['email'];
$zipcode = $row['zipcode'];
$address = $row['address'];
$job = $row['job'];
$description = $row['description'];
}else{
header("Location: index.php");
}
}
you are trying to match $userid with $_SESSION['id'] both of these variable pointing to same value use $_GET['id'] instead of $userid
if( $_SESSION['id'] != $_GET['id']){
header("Location: index.php");
exit();
}
I am wanting to keep a table log history of executed MySQLI queries and log the specific user who executed a query and date & time the query was executed - on any (all) of my PHP pages.
What is the best way and simplest way to achieve this?
PHP
session_start();
if(!isset($_SESSION["username"])){
header("Location: login.php");
exit(); }
$connection = mysqli_connect("****", "****", "****", "****");
if (!$connection) {
die("Database connection failed: " . mysqli_connect_error());
}
if(isset($_POST['update'])) {
$accountNo = $_GET['ID'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$town = $_POST['town'];
$postcode = $_POST['postcode'];
Recommendation from a SO user:
However, there are errors with this suggestion ...many.
$query = "UPDATE usertable set firstname = '".$firstname."', surname='".$surname."', dob='".$dob."', email='".$email."', phone='".$phone."', address='".$address."', town='".$town."', postcode='".$postcode."' where accountNo='".$accountNo."'";
$log_action = mysqli_query($connection,$query);
$result = mysqli_query($connection,$query);
if($result) {
define("LOG_FILE", "https://www.*******.com/logfile.txt");
function log_action($action, $data) {
$time = date('Y-m-d h:i:s');
$user = isset($_SESSION['username']) ? $_SESSION['username'] : '';
$message = "$time\tuser=$user\taction=$action\tdata=$data\n";
file_put_contents(LOG_FILE, $message, FILE_APPEND);
}
Write a wrapper library that logs all the mysqli calls that you want to record, e.g.
function my_mysqli_query($link, $query, $resultmode = MYSQLI_STORE_RESULT) {
log_action('mysqli_query', $query);
return mysqli_query($link, $query, $resultmode);
}
function my_mysqli_prepare($link, $query) {
log_action('mysqli_prepare', $query);
return mysqli_prepare($link, $query);
}
...
define("LOG_FILE", "/path/to/logfile.txt");
function log_action($action, $data) {
$time = date('Y-m-d h:i:s');
$user = isset($_SESSION['username']) ? $_SESSION['username'] : '';
message = "$time\tuser=$user\taction=$action\tdata=$data\n";
file_put_contents(LOG_FILE, $message, FILE_APPEND);
}
I've written it to log to a file. You could log to a database table instead, it's just more code in log_action().
Then do a global replace in all your other scripts, replacing mysqli_query with my_mysqli_query, mysqli_prepare with my_mysqli_prepare, and so on. So your code would look like:
if(isset($_POST['update'])) {
$accountNo = $_GET['ID'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$town = $_POST['town'];
$postcode = $_POST['postcode'];
$query = "UPDATE usertable set firstname = '".$firstname."', surname='".$surname."', dob='".$dob."', email='".$email."', phone='".$phone."', address='".$address."', town='".$town."', postcode='".$postcode."' where accountNo='".$accountNo."'";
$result = my_mysqli_query($connection,$query);
if ($result) {
echo "Update successful";
}
}
I have the error mentioned in the title. It occurs when I click the submit button on the form. Here is my form handle file (I don't think that its necessary to copy the form codes):
<?php
$servername = "localhost";
$username = "sabashel_sabaadm";
$password = "saba1365%karaj#*";
$dbname = "sabashel_saba";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$fname = $lname = $gender = $birthdate = $organization = $degree = $field = $address = $post_code = $mobile = $email = $check_1 = $check_2 = $check_3 = $check_4 = $check_5 = $check_6 = $check_7 = $check_8 "";
$check_9 = $check_10 = $check_11 = $check_12 = $check_13 = $description = $person_image = "";
if(isset($_POST['fname']) && isset($_POST['lname']) && isset($_POST['gender']) && isset($_POST['birthdate']) && isset($_POST['degree']) && isset($_POST['filed-of-study']) && isset($_POST['address']) && isset($_POST['post-code']) && isset($_POST['mobile']) && isset($_POST['email']) && isset($_POST['check-1']) && isset($_POST['check-2']) && isset($_POST['check-3']) && isset($_POST['check-4']) && isset($_POST['check-5']) && isset($_POST['check-6']) && isset($_POST['check-7']) && isset($_POST['check-8']) && isset($_POST['check-9']) && isset($_POST['check-10']) && isset($_POST['check-11']) && isset($_POST['check-12']) && isset($_POST['check-13']) && isset($_POST['description']) && isset($_POST['person-iamge'])){
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$gender = $_POST['gender'];
$birthdate = $_POST['birdthdate'];
$organization = $_POST['organization'];
$degree = $_POST['degree'];
$field = $_POST['field-of-study'];
$address = $_POST['address'];
$post_code = $_POST['post-code'];
$mobile = $_POST['mobile'];
$email = $_POST['email'];
$check_1 = $_POST['check-1'];
$check_2 = $_POST['check-2'];
$check_3 = $_POST['check-3'];
$check_4 = $_POST['check-4'];
$check_5 = $_POST['check-5'];
$check_6 = $_POST['check-6'];
$check_7 = $_POST['check-7'];
$check_8 = $_POST['check-8'];
$check_9 = $_POST['check-9'];
$check_10 = $_POST['check-10'];
$check_11 = $_POST['check-11'];
$check_12 = $_POST['check-12'];
$check_13 = $_POST['check-13'];
$description = $_POST['description'];
$person_image = $_POST['person-image'];
$iftest = true;
}
if ($iftest == true) {
$query = "INSERT INTO volunteer (fname, lname, gender, organization, degree, field, address, post_code, mobile, email, check_1, check_2, check_3, check_4, check_5, check_6, check_7, check_8, check_9, check_10, check_11, check_12, check_13, description, person_image, birthdate) VALUES ('$fname', '$lname', '$gender', '$organization', '$degree', '$field', '$address', '$post_code', '$mobile', '$email', '$check_1', '$check_2', '$check_3', '$check_4', '$check_5', '$check_6', '$check_7', '$check_8', '$check_9', '$check_10', '$check_11', '$check_12', '$check_13', '$description', '$person_image', '$birthdate')";
}
$result = mysqli_query($conn, $query);
if ($result) {
header('Location: http://sabashelter.com/success');
}
else {
header('Location: http://sabashelter.com/fail');
}
}
$conn->close();
?>
And to mention: I have the same exact problem with another page which does the same thing and tries to add a lot of values into the database using the same code. I'm wondering if the problem in this page solves, the same method can be done to the other page as well.
As #CBroe rightly says, check your log files first. It would appear that you are missing an = on line 14.
$fname = $lname = $gender = $birthdate = $organization = $degree = $field = $address = $post_code = $mobile = $email = $check_1 = $check_2 = $check_3 = $check_4 = $check_5 = $check_6 = $check_7 = $check_8 = "";
Furthermore, you have a stray } on line 60.
Your error log file will help you resolve these issues.
This question already has answers here:
The 3 different equals
(5 answers)
Closed 6 years ago.
I think there is something wrong with my if statement since when i choose an the teacher option on the previous page, it makes me go through the student option.
My if statement takes me to the same query each time when its supposed to be varied dependent on my option
<?php
require_once 'config.php';
require_once 'databaseclass.php';
$br = "<br>";
$db = new databaseclass($pdo);
$email = $_POST["email"];
$password = $_POST["password"];
$salt = 'itnvv7b96t8ug679ytfj89';
$hashedpassword = password_hash($password, PASSWORD_DEFAULT, array(
'salt' => $salt
));
$option = $_POST["option"];
//if statement Correction
if($option == "student"){
$sql = "SELECT * FROM students WHERE email = '".$email."' AND password = '".$hashedpassword."'";
$db -> query ($sql);
$rows = $db->query($sql)->fetchAll();
$count = count($rows);
foreach ($rows as $results){
$studentID = $results->studentID;
$firstName = $results->firstName;
$surname = $results->surname;
$email = $results->email;
}
if ($count == 1){
session_start();
$_SESSION['loggedin'] = TRUE;
$_SESSION['studentID'] = $results->studentID;
$_SESSION['firstName'] = $results->firstName;
$_SESSION['surname'] = $results->surname;
$_SESSION['email'] = $results->email;
header('Location:studenthomepage.php');
}
else {
session_start();
session_destroy();
header('Location:login.html');
}
}
else{
$sql = "SELECT * FROM `teachers` WHERE `email`='".$email."' AND `password`='".$hashedpassword."'";
$db -> query ($sql);
$rows = $db->query($sql)->fetchAll();
$count = count($rows);
foreach ($rows as $results){
$teacherID = $results->teacherID;
$firstName = $results->firstName;
$surname = $results->surname;
$email = $results->email;
}
if ($count == 1){
session_start();
$_SESSION['loggedin'] = TRUE;
$_SESSION['teacherID'] = $results->teacherID;
$_SESSION['firstName'] = $results->firstName;
$_SESSION['surname'] = $results->surname;
$_SESSION['email'] = $results->email;
header('Location:teacherhomepage.php');
}
else {
session_start();
session_destroy();
header('Location:login.html');
}
}
Your if statement should be
if($option == "student") Instead of if($option = "student")
Try This. It may work.