I'm having a problem with my php code, it seems that it returns "Password Should Not Be empty" when I do input a password. I think it might be coming from my html code because I make them input it twice. Do I need to make another variable in my database for confirm password?
<?php
$firstname = filter_input(INPUT_POST, 'firstname');
$lastname = filter_input(INPUT_POST, 'lastname');
$email = filter_input(INPUT_POST, 'email');
$password = filter_input(INPUT_POST, 'password');
if (!empty($firstname)) {
if (!empty($lastname)) {
if (!empty($email)) {
if (!empty($password)) {
$host = "127.0.0.1:3307";
$dbusername = "root";
$dbpassword = "";
$dbname = "register";
// Create connection
$conn = new mysqli($host, $dbfirstname, $dblastname, $dbemail,
$dbpassword);
if (mysqli_connect_error()) {
die('Connect Error (' . mysqli_connect_errno() . ') '
. mysqli_connect_error());
} else {
$sql = "INSERT INTO Signup (firstname, lastname, email, password) values ('$firstname','$lastname','email','password')";
if ($conn->query($sql)) {
echo "New record is inserted sucessfully";
} else {
echo "Error: " . $sql . "" . $conn->error;
}
$conn->close();
}
} else {
echo "Password should not be empty";
die();
}
}
}
} else {
echo "Username should not be empty";
die();
}
Your error is because your post value is $_POST['psw'], while your code is expecting $_POST['password']. Either change your HTML form, or your PHP code so that the values are the same.
Your code is very confusing. I made it a little simpler, try this and see if you still get the same error:
# Check to see if you're getting the right variables in the first place:
var_dump($_POST); //Remove once you're sure you're getting the right stuff
if(!$firstname = filter_input(INPUT_POST, 'firstname')){
die("First name should not be empty");
}
if(!$lastname = filter_input(INPUT_POST, 'lastname')){
die("Last name should not be empty");
}
if(!$email = filter_input(INPUT_POST, 'email')){
die("Email should not be empty");
}
if(!$password = filter_input(INPUT_POST, 'password')){
die("Password should not be empty");
}
$host = "127.0.0.1:3307";
$dbusername = "root";
$dbpassword = "";
$dbname = "register";
$conn = new mysqli($host, $dbfirstname, $dblastname, $dbemail, $dbpassword);
if (mysqli_connect_error()) {
die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
$sql = "INSERT INTO Signup (firstname, lastname, email, password) values ('$firstname','$lastname','email','password')";
if (!$conn->query($sql)) {
echo "Error: " . $sql . "\r\n" . $conn->error;
$conn->close();
exit;
}
echo "New record is inserted successfully";
General guidelines
Don't nest if() statements. It makes following code very confusing.
If a boolean outcome is a deal breaker, have that outcome first in the if/else statement. For instance if the SQL query fails, have the negative outcome first in the if() statement (which will stop your code), and skip the else statement all together.
Comment your code.
<form method="post" action="overstack.php">
<div class="container">
<br>
<h1>Sign Up</h1>
<p>Please fill in this form to create an account.</p>
<hr>
<label for="firstname"><b>First Name</b></label>
<input type="text" placeholder="Enter First Name" name="firstname" required>
<label for="lastname"><b>Last Name</b></label>
<input type="text" placeholder="Enter Last Name" name="lastname" required>
<label for="email"><b>Email</b></label>
<input type="text" placeholder="Enter Email" name="email" required>
<label for="psw"><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="psw" required>
<label for="psw-repeat"><b>Repeat Password</b></label>
<input type="password" placeholder="Repeat Password" name="psw-repeat" required>
<label>
<input type="checkbox" checked="checked" name="remember" style="margin-bottom:15px"> Remember me
</label>
<p>By creating an account you agree to our Terms & Privacy.</p>
<div class="clearfix">
<button type="button" class="cancelbtn">Cancel</button>
<button type="submit" class="signupbtn">Sign Up</button>
</div>
</div>
</form>
this is my html form for the php code above
Related
I am trying to pinpoint the problem in these form scripts.
I would like to create a line in the SQL server with the data that will be inserted into the HTML form, but each time only the empty line is created without also inserting the form inputs.
HTML
<form action="insert2.php" method="post">
<label for="First_name">First_name:</label>
<input type="text" name="First_name" id="First_name">
<label for="PASSWORD">PASSWORD:</label>
<input type="text" name=value name="pass" id="pass">
<label for="Emailaddress">Emailaddress:</label>
<input type="text" name=value name="email" id="email">
<input name="submit" type="submit" value="Submit">
</form>
PHP
<?php
if(isset($_POST['submit'])){
$First_name = $_REQUEST['First_name'];
$pass = $_REQUEST['password'];
$email = $_REQUEST['Emailaddress'];
}
$servername = "host";
$username = "user";
$password = "";
$dbname = "dbname";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO users(First_name, PASSWORD, Emailaddress)
VALUES ('$First_name', '$pass', '$email')";
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
The posted values should be set as $_POST['ExampleField'] not just a variable with that name.
Ex: $First_name should be $_POST['First_name']
If you look in your error logs you are likely getting undefined variable errors with the code as it is now, because $First_name, $PASSWORD and $Emailaddress are never defined.
Also you should avoid directly putting variables into queries like that, it opens you up to large security risks. I would recommend reading up on SQL Injection (https://www.w3schools.com/sql/sql_injection.asp) and binding parameters (https://www.php.net/manual/en/pdostatement.bindparam.php) to see how to avoid those risks.
You need to retrieve the values after a submit of some sort. You have a submit button but you'll want to give it a name (I named it submit). This code should work but you'll be vulnerable to injection attacks.
PHP
<?php
if(isset($_POST['submit'])){
$First_name = $_REQUEST['First_name'];
$pass = $_REQUEST['PASSWORD'];
$email = $_REQUEST['Emailaddress'];
}
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO users(First_name, PASSWORD, Emailaddress)
VALUES('$First_name','$pass','$email')";
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
HTML
<form action="insert2.php" method="post">
<label for="First_name">First_name:</label>
<input type="text" name="First_name" id="First_name">
<label for="PASSWORD">PASSWORD:</label>
<input type="text" name="PASSWORD" id="PASSWORD">
<label for="Emailaddress">Emailaddress:</label>
<input type="text" name="Emailaddress" id="Emailaddress">
<input name="submit" type="submit" value="Submit">
</form>
Just starting out with PHP. I have code that gets user input through a form and enters the input into a mySQL table. The code has no parse errors. But when a user submits their name and email. It is not going into the table, the table is still empty, and I cannot seem to figure out the problem. Here is my code:
<div id="main">
<h1>Insert data into database using PDO</h1>
<div id="login">
<h2>Students Form</h2>
<hr/>
<form action="" method="post">
<label>Student Name :</label>
<input type="text" name="name" id="Fname" required="required" placeholder="Please Enter Your Name"/><br/><br/>
<label>Student Email :</label>
<input type="text" name="email" id="email" required="required" placeholder="Pear#gmsil.com"/><br/><br/>
<input type="submit" value=" Submit " name="submit"/><br/>
</form>
</div>
</div>
<?php
//server name
$db_hostname = "lll";
//database name
$db_database = "lll";
//username
$db_username = "lll";
$db_password = "lll;";
$db_charset = "utf8mb4";
//a string specifying the database type, the hostname and name of the database
$dsn = "mysql:host=$db_hostname;dbname=$db_database;charset=$db_charset";
$opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE =>PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false
);
try {
//create connection
$pdo = new PDO($dsn,$db_username,$db_password,$opt);
if (isset($_POST["submit"])) {
$pdo->setAttribute(PDO::ATTR_ERRMODE,
PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO students (name,email)";
VALUES ('". $_POST["name"] ."','" . $_POST["email"] . "');
if ($pdo->query($sql)) {
echo "<script type= 'text/javascript'>alert('New Student Inserted Successfully');</script>";
} else {
echo "<script type= 'text/javascript'>alert('Data not successfully Inserted.');</script>";
}
}
} catch (PDOException $e) {
echo $e->getMessage();
}
?>
in the line of code where you write the SQL statement, you placed an extra "; before the second half of the query.
Change
$sql = "INSERT INTO students (name,email)";
VALUES ('". $_POST["name"] ."','" . $_POST["email"] . "');
to
$sql = "INSERT INTO students (name,email) VALUES ('". $_POST["name"] ."','" . $_POST["email"] . "');
This should fix the problem with your failed inserts.
I know little about coding.
This is relating to a registration form i am creating. I have created the form. It is adding the form to database. But it want it to be displaying the result, for example - 'Passwords not matching, please try again' on top of the form. How to get that?
Thanks in advance
Here my code:
<?php
$conn = mysqli_connect("localhost","root","");
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
mysqli_select_db($conn, 'registration');
if(isset($_POST['submitbutton'])){
if ($_POST['password'] == $_POST['confirm_password']) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$gender = mysqli_real_escape_string($conn, $_POST['gender']);
$fname = mysqli_real_escape_string($conn, $_POST['fname']);
$lname = mysqli_real_escape_string($conn, $_POST['lname']);
$firm = mysqli_real_escape_string($conn, $_POST['firm']);
$check_email_exists = mysqli_query($conn, "SELECT email FROM users WHERE email = '$email'");
$count = mysqli_num_rows($check_email_exists);
if ($count == 0) {
$sql = "INSERT INTO users(email, password, gender, fname, lname, firm) VALUES('$email', '$password', '$gender', '$fname', '$lname', '$firm')";
if(mysqli_query($conn, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
}
// close connection
mysqli_close($conn);
} else {
die('Email exists, Please use a different email');
}
}
else {
die('Passwords not matching, please try again');
}
}
and here my html
<div class="registration-container">
<div class="registrationpage-heading">
<h2>Kostenlos und ohne Installation testen</h2>
<p>Nutzen Sie den kostenlosen Funktionumfang von bmgenerator zeitlich uneingeschränkt. Weder Bankdaten noch Kreditkarte notwendig.</p>
</div>
<div class="user-login">
<form class="login-form" action="user_login.php" method="post">
<input required type="email" name="email" id="user_email" style="color:#888" size="35" value="E-mail"
onfocus="if(this.value==this.defaultValue)this.value=''"
onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>
<input required type="password" name="password" id="user_password" style="color:#888" size="35" placeholder="Passwort"
onfocus="if(this.value==this.defaultValue)this.value=''"
onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>
<input required type="password" name="confirm_password" id="user_confirm_password" style="color:#888" size="35" placeholder="Passwort wiederholen"
onfocus="if(this.value==this.defaultValue)this.value=''"
onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>
<select name="gender">
<option>Herr</option>
<option>Frau </option>
</select><br><br>
<input required type="text" name="fname" id="user_firstname" style="color:#888" size="35" placeholder="Vorname"
onfocus="if(this.value==this.defaultValue)this.value=''"
onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>
<input required type="text" name="lname" id="user_lastname" style="color:#888" size="35" placeholder="Nachname"
onfocus="if(this.value==this.defaultValue)this.value=''"
onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>
<input required type="text" name="firm" id="user_companyname" style="color:#888" size="35" placeholder="Firmenname"
onfocus="if(this.value==this.defaultValue)this.value=''"
onblur="if(this.value=='')this.value=this.defaultValue" ><br><br>
<input type="submit" name="submitbutton" id="submit" value="Kostenlos registrieren">
</form>
</div>
<div class="register-terms">
<p>Mit der Registrierung stimmen Sie den Datenschutzbestimmungen und den AGB zu.</p>
</div>
</div>
First of all it is not recommended to place the form and the processor page on the same page to void redundant insert via refresh. However, in the processor section you have to use any mean of redirect after any end of the process, in your code die() and echo should be replaced with the redirect with a parameter of pre specified message. for instance, you have four ends in your processor, so your code should look like:
<?php
$conn = mysqli_connect("localhost","root","");
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
mysqli_select_db($conn, 'registration');
if(isset($_POST['submitbutton'])){
if ($_POST['password'] == $_POST['confirm_password']) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$gender = mysqli_real_escape_string($conn, $_POST['gender']);
$fname = mysqli_real_escape_string($conn, $_POST['fname']);
$lname = mysqli_real_escape_string($conn, $_POST['lname']);
$firm = mysqli_real_escape_string($conn, $_POST['firm']);
$check_email_exists = mysqli_query($conn, "SELECT email FROM users WHERE email = '$email'");
$count = mysqli_num_rows($check_email_exists);
if ($count == 0) {
$sql = "INSERT INTO users(email, password, gender, fname, lname, firm) VALUES('$email', '$password', '$gender', '$fname', '$lname', '$firm')";
if(mysqli_query($conn, $sql)){
header("Location: user_login.php?msg=1");
exit();
} else{
header("Location: user_login.php?msg=2");
exit();
}
// close connection
mysqli_close($conn);
} else {
header("Location: user_login.php?msg=3");
exit();
}
}
else {
header("Location: user_login.php?msg=4");
exit();
}
}
$msg = [
"Records added successfully.",
"SQL Error",
"Email exists, Please use a different email",
"Passwords not matching, please try again"
];
if (isset($_GET['msg']) && isset($msg[($_GET['msg']-1)])){
$message = $msg[($_GET['msg']-1)];
}
// In your form
....
</div>
<?php if (isset($message)): ?>
<div class="message"><?=$message;?></div>
<?php endif; ?>
<div class="user-login">
<form class="login-form....
In above scenario, submit the form page itself using
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
But make registration html to php file
<?php
if(isset($_POST['submitbutton'])){
//perform validation, display error if any
}
?>
If you want to go modular approach then use class having validate, register method after submit include class file and use methods
For each error message make a variable $message="Password not matching..." and then after <div class="user-login"> you can put:
<?php echo "<p>$message</p>"; ?>
Remember to create a blank $message="".
Hope it helps.
I'm having massive issues with creating this login system for my website and we are required to use php and oracle.
The table itself is very simple and only has a Username and Password value attached to it.
This is the code I am using and the main issue that comes with it is that the variable $password always returns a blank value.
<?php
/* Set oracle user login and password info */
$dbuser = "*MY USERNAME*";
$dbpass = "*MY PASSWORD*";
$dbname = "SSID";
$db = oci_connect($dbuser, $dbpass, $dbname);
if (!$db) {
echo "An error occurred connecting to the database";
exit;
}
$user = $_POST['user'];
$pass = $_POST['pass'];
$sql_login = "SELECT Username FROM users WHERE Username='%".$user."%'";
$login_stmt = oci_parse($db, $sql_login);
if(!$login_stmt)
{
echo "An error occurred in parsing the sql string.\n";
exit;
}
oci_execute($login_stmt);
while(oci_fetch_array($login_stmt))
{
$password = oci_result($login_stmt,"Password");
}
if ($password == "")
{
echo 'Password = blank';
}
if ($pass == $password)
{
echo 'Logged In';
}
else
{
echo 'Login Failed';
}
?>
I am using this command to try and write a value to the variable but I am having no luck.
while(oci_fetch_array($login_stmt))
{
$password = oci_result($login_stmt,"Password");
}
The form used is below, but I don't think there is a problem with it.
<form name="register" method="post" action="inc/login.php">
<div class="form_row">
<label class="contact"><strong>Username:</strong></label>
<input type="text" name="user" class="contact_input" />
</div>
<div class="form_row">
<label class="contact"><strong>Password:</strong></label>
<input type="password" name="pass" class="contact_input" />
</div>
<div class="form_row">
<div class="terms">
<input type="checkbox" name="terms" />
Remember me
</div>
</div>
<div class="form_row">
<input type="submit" class="register" value="login" />
</div>
</form>
problem is sql return 0 rows, bacase if u using in where clause % U must use like operator, not =
use this sql:
$sql_login = "SELECT Username FROM users WHERE Username like '%".$user."%'";
Here is good informatioun about this:
Equals(=) vs. LIKE
In $password = oci_result($login_stmt,"Password"); the word "Password" must be written on CAPS so it will be something like
$password = oci_result($login_stmt,"PASSWORD");
Worked that way for me
Hi i am new to PHP and i am trying to submit a registration form and it works fine but the problem is that when it gives some error like username already exists or password too short in an alert box and then it reloads the form page again and the user has to fill the whole form again i want the fields that are correct to remain unchanged
here is the form page code
<!DOCTYPE HTML>
<html>
<head>
<title>Details</title>
<link rel="stylesheet" type="text/css" href="reg.css">
</head>
<body id="body">
<div id="mmw"> <span> MAP MY WAY </span></div>
<form name="reg" id="reg" method="post" action="insert.php">
<h2>Kindly fill up your Information</h2>
<p>
<input name="username" required class="name" placeholder="Type Your User name" />
<input name="password" placeholder="Type Your Password" class="name" type="password" required />
<input name="first_name" required class="name" placeholder="Type Your First name" />
<input name="last_name" required class="name" placeholder="Type Your Last name" />
<input name="email" required class="email" placeholder="Type a valid E-Mail address" />
<input name="m_no" class="name" placeholder="Type Your Mobile #"/>
<input name="v_name" required class="name" placeholder="Type Your Vahical model and name"/>
<input name="capacity" required class="name" placeholder="Seating capacity"/>
<input name="fuel_type" required class="name" placeholder="Runs on what fuel type"/>
</p>
<p>
<input name="submit" class="btn" type="submit" value="Register" />
</p>
</form>
</div>
</body>
</html>
and here is the page that is processing the data
<?php
$con = mysqli_connect("localhost", "root", "", "map_my_way");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$first_name = mysqli_real_escape_string($con, $_POST['first_name']);
$last_name = mysqli_real_escape_string($con, $_POST['last_name']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$m_no = mysqli_real_escape_string($con, $_POST['m_no']);
$v_name = mysqli_real_escape_string($con, $_POST['v_name']);
$fuel_type = mysqli_real_escape_string($con, $_POST['fuel_type']);
$capacity = mysqli_real_escape_string($con, $_POST['capacity']);
$exists = mysqli_num_rows(mysqli_query($con,"SELECT * FROM members WHERE username='" . $username . "'"));
if ($exists > 0) {
echo "<script language=\"JavaScript\">\n";
echo "alert('username already exists!');\n";
echo "window.location='reg.php'";
echo "</script>";
}
if (strlen ($password) < 6){
echo "<script language=\"JavaScript\">\n";
echo "alert('password must be 6 characters');\n";
echo "window.location='reg.php'";
echo "</script>";
}
else{
// if ($password < 6) {
// echo "<script language=\"JavaScript\">\n";
// echo "alert('username already exists!');\n";
// echo "window.location='reg.php'";
// echo "</script>";
// } else{
//insert query
$sql = "INSERT INTO members (username, password, first_name, last_name, email, m_no, v_name, fuel_type, capacity)
VALUES ('$username', '$password', '$first_name', '$last_name', '$email', '$m_no', '$v_name', '$fuel_type', '$capacity')";
}
//}
if (!mysqli_query($con, $sql)) {
die('Error: ' . mysqli_error($con));
}
else{
header("location:pic.php");
}
// Register $username
session_start();
$_SESSION['login'] = true;
$_SESSION['username'] = $username;
mysqli_close($con);
?>
Thanks in advance
header('Location: http://example.com/some/url'); relplace it with the javascript
also try to make a function to the escape string less typing:
function security($danger) {
mysqli_real_escape_string($con, $danger)}
simply call it with the username like $username = security($_POST['username'])