so I want to make a sign up where at the first page, is the user info where the name, last name etc will be input by the user, then it will be recorded into the database and redirect to the account info page where the user input the username and password and be recorded in another database so I have to tables the student, where all the info is stored, and user, where account info is stored so the userID of the user will be the foreign key of in the student but I cant put the id number of the user to the table of the student where the first input is stored in the first page, so if I use the mysqli_insert_id it can insert the id of the last inserted user into the student table but into the next row not the row where the last input of information in the first page is located
code in the first page shs/functions/add.stud.php
<?php
session_start();
include 'database.php';
if (isset($_POST['add'])) {
echo "welcome";
}
$message = "Provide all information needed please";
$lname = $_POST['Lname'];
$fname = $_POST['Fname'];
$mname = $_POST['Mname'];
$email = $_POST['email'];
$grade = $_POST['grade'];
$strand = $_POST['strand'];
$section = $_POST['section'];
$status = $_POST['status'];
if (empty($lname) || empty($mname)) {
header("Location:../pages/user.add.php?empty=put something, will ya?");
exit();
}
else {
$sql = "INSERT INTO student (lname, fname, mname, gmail, grade, track, section, status)
VALUES ('$lname', '$fname', '$mname','$email', '$grade', '$strand', '$section', '$status')";
$result = mysqli_query($conn, $sql);
}
then in the account information (username, password)
<?php
if (isset($_POST['users'])){
include_once 'database.php';
$uid = $_POST['uid'];
$pass = $_POST['pass'];
//pag check or pag handle sa mga errors sa pag log in
if (empty($uid) || empty($pass))
{
header("location:../pages/user.add.php?signup=empty fields");
exit();
} else {
$sql = "SELECT * FROM 'user' WHERE username ='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 0) {
header("Location:.../user.add.php?the inputs are already taken");
exit();
}
else {
$hashedpass = password_hash($pass, PASSWORD_DEFAULT);
//insert the new user to the user database
$sql = "INSERT INTO user (userID, username, password)
VALUES (NULL, '$uid', '$hashedpass');";
$result = mysqli_query($conn, $sql);
//pag connect sa student database
//katung sa database sa image
$sql = "SELECT * FROM user WHERE username ='$uid'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0){
while ($row = mysqli_fetch_assoc($result)){
$userid = $row['userID'];
$sql = "INSERT INTO profileimg (userID, status)
VALUES ('$userid', 1)";
if($result=mysqli_query($conn, $sql))
{
$last_id = mysqli_insert_id($conn);
$sql = "INSERT INTO student (userID) VALUES ('$last_id')";
$result = mysqli_query($conn, $sql);
}
else {
header("Location:.../user.add.php");
exit();
}
//pag add sa id sa user paingun sa student
header("Location:../pages/user.add.php");
}
}
after putting the inputs in the first page it will redirect to another page where the user must input the account info..that's the desired function
The best way is to store the User Info in the student table then use the mysqli_insert_id function to grab the studentId. Then save the Account Info in the user table and grab the userId. Thereafter update the student table with userId where studentId is the same as the one you grabbed earlier.
$sql = "INSERT INTO student (lname, fname, mname, gmail, grade, track, section, status)
VALUES ('$lname', '$fname', '$mname','$email', '$grade', '$strand', '$section', '$status')";
$result = mysqli_query($conn, $sql);
$_SESSION['studentId'] = mysqli_insert_id($conn); //add this line to store the studentId into the session.
$sql = "INSERT INTO student (userID) VALUES ('$last_id')"; // change this line to the one below.
$sql = "UPDATE student SET userID = '$last_id' WHERE studentID = $_SESSION['studentId']";
Related
$sql3 = "INSERT INTO users_addresses (ua_user_id,ua_address_id) VALUES ('','')";
I am new in php and my hint is to link 2 tables id's in in another one called users_addresses.When a user is registered in my database i want the user_id and address_id to clone in users_addresses(ua_user_id,ua_address_id)
My tables
$sql = "INSERT INTO users (user_fname,user_mname,user_lname,user_login,user_email,user_phone)
VALUES ('{$_SESSION['userinfo']['fname']}', '{$_SESSION['userinfo']['mname']}', '{$_SESSION['userinfo']['lname']}', '{$_SESSION['userinfo']['login']}', '{$_SESSION['userinfo']['email']}', '{$_SESSION['userinfo']['phone']}')";
$sql1 = "INSERT INTO addresses (address_line_1,address_line_2,address_zip,address_city,address_province,address_country)
VALUES ('{$_SESSION['addressinfo']['adr1']}', '{$_SESSION['addressinfo']['adr2']}', '{$_SESSION['addressinfo']['zip']}', '{$_SESSION['addressinfo']['city']}', '{$_SESSION['addressinfo']['provinciq']}', '{$_SESSION['addressinfo']['durjava']}')";
$sql2 = "INSERT INTO notes (note_text)
VALUES ('{$_SESSION['noteinfo']['note']}')";
These are my others SQL codes for adding session's data in DB.
Just need get user_id from first sql. If you are using mysqli function, do this
// run your first sql: insert user
mysqli_query($con, $sql);
$user_id = mysqli_insert_id($con); // or mysqli::$insert_id
Next, you have $user_id variable with user id.
$sql1 = "INSERT INTO addresses (address_line_1,address_line_2,address_zip,address_city,address_province,address_country)
VALUES ($'{$_SESSION['addressinfo']['adr1']}', '{$_SESSION['addressinfo']['adr2']}', '{$_SESSION['addressinfo']['zip']}', '{$_SESSION['addressinfo']['city']}', '{$_SESSION['addressinfo']['provinciq']}', '{$_SESSION['addressinfo']['durjava']}')";
mysqli_query($con, $sql);
$address_id = mysqli_insert_id($con); // or mysqli::$insert_id
$sql3 = "INSERT INTO users_addresses (ua_user_id, ua_address_id) VALUES ($user_id, $address_id)";
mysqli_query($con, $sql);
Use mysqli_insert_id() to get the unique ID of the insert table, this example uses Procedural style:
<?php
include 'connection.php';
......
$InsertSQL = "INSERT INTO users (user_fname,user_mname,user_lname,user_login,user_email,user_phone)
VALUES ('{$_SESSION['userinfo']['fname']}',
'{$_SESSION['userinfo']['mname']}',
'{$_SESSION['userinfo']['lname']}',
'{$_SESSION['userinfo']['login']}',
'{$_SESSION['userinfo']['email']}',
'{$_SESSION['userinfo']['phone']}')";
$ResultSQL = mysqli_query($conn, $InsertSQL) or die(mysqli_error($conn)); // <-- execute your query
$UserID = mysqli_insert_id($conn); // <-- get the UserID
$InsertSQL = "INSERT INTO addresses (address_line_1,address_line_2,address_zip,address_city,address_province,address_country)
VALUES ('{$_SESSION['addressinfo']['adr1']}',
'{$_SESSION['addressinfo']['adr2']}',
'{$_SESSION['addressinfo']['zip']}',
'{$_SESSION['addressinfo']['city']}',
'{$_SESSION['addressinfo']['provinciq']}',
'{$_SESSION['addressinfo']['durjava']}')";
$ResultSQL = mysqli_query($conn, $InsertSQL) or die(mysqli_error($conn)); // <-- execute your query
$AddressID = mysqli_insert_id($conn); // <-- get the AddressID
$InsertSQL = "INSERT INTO user_addresses (ua_user_id,ua_address_id)
VALUES ($UserID,$AddressID)"; // <-- INSERT INTO user_address
$ResultSQL = mysqli_query($conn, $InsertSQL) or die(mysqli_error($conn)); // <-- execute your query
?>
You should also look into SQL Injection vulnerability, check out prepared statements.
Hope that helps.
This may be the most simplest errors ever but I've written a registration script.. which I would say looks okay.. only issue is that it won't insert data... it still prints a message saying registration successful but no data actually goes into the database... see code below:
<?php
include("dbconfig.php");
if(isset($_POST['register'])){
if(empty($_POST['first-name']) or empty($_POST['last-name']) or empty($_POST['email-address']) or empty($_POST['reg-username']) or empty($_POST['reg-pass'])){
header("location:index-login-page.php?msg0=Please complete the required fields.");
}
else {
$fname = $_POST['first-name'];
$lname = $_POST['last-name'];
$email = $_POST['email-address'];
$username = $_POST['reg-username'];
$pass = $_POST['reg-pass'];
$checkusername = mysql_query("SELECT username FROM users WHERE username = '$username'");
$checkemail = mysql_query("SELECT email FROM users WHERE email = '$email'");
$resultusername = mysql_num_rows($checkusername);
$resultemail = mysql_num_rows($checkemail);
if( (($resultusername) ==1) or ($resultemail)==1){
header("location:index-login-page.php?msg1= Username or email address already exists.");
}
elseif( (($resultusername) == 0) && ($resultemail) ==0) {
$insertquery =("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
header("location:index-login-page.php?msg1= Registration successful, please login.");
}
}
}
?>
Please do let me know what the error is (if there is one) because I can't seem to find it. Thanks.
Sohail.
$insertquery = ("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
Should be:
$insertquery = mysql_query("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
I have to warn you though: this is considered bad practice, you need to sanitize your database input
For some reason, the code seems to not be able to find any existing usernames. I can't find anything wrong with my code though. Any help will be appreciated.
$Name = $_POST["User"];
$Pass = $_POST["Pass"];
$get = "SELECT * FROM Logins";
$result = mysqli_query($conn, $get);
$found = false;
echo $Name;
$sql=mysqli_query("SELECT FROM Logins (ID, Username, Password) WHERE Username=$Name");
if(mysqli_num_rows($sql) > 0) {
echo "Username Taken";
} else {
$sql = "INSERT INTO Logins (ID, Username, Password) VALUES (0, '$Name', '$Pass')";
if (mysqli_query($conn, $sql)) {
echo "Account Created";
} else {
echo mysqli_error($conn);
}
}
When I post to the site, $Name is correct.
You have an incorrect syntax near your select statement. It's
SELECT FROM Logins (ID, Username, Password) WHERE Username=$Name")
You need:
SELECT ID, Username, Password
FROM Logins
WHERE Username='$Name'
Also note, you should be using prepared statement which will avoid need for quotes and will avoid your code vulnerable from SQL Injection.
My code seems to be functioning properly (i dont get any erros) but the INSERT INTO query doesnt seem to be working as the data is never being put into the database.
Here is the code:
EDIT: i edited the code slightly so it would make logical sense but it still doesn't add the data to the table. (I even removed the if statement completely and just left the query in and it didnt add it.)
<?php
//connect to user database
include("db_connect.php");
//set variables
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$date = date('Y/m/d H:i:s a');
//check if email exists
$db_query = "SELECT * FROM users WHERE email LIKE '$email'";
$db_result = mysql_query($db_query);
if(!$db_result)
{
$query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
mysql_query($query);
echo 'You have been successfully registered. Please Click Here to log in.';
}
else {
echo 'That email is already in use. Click Here to return to the sign up page.';
}
?>
You need to replace
if($email_taken)
with
if(mysql_num_rows($email_taken))
I would say it would be more like:
//check if email exists
$db_query = "SELECT * FROM users WHERE email='{$email}'";
$res = mysql_query($db_query);
$email_taken = mysql_num_rows($res);
if($email_taken == 1)
{
echo 'That email is already in use. Click Here to return to the sign up page.';
}
else {
$query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
mysql_query($query);
echo 'You have been successfully registered. Please Click Here to log in.';
}
i'm sending a post request to this code:
$name = (string)$_POST['name'];
$id = (int)$_POST['id'];
$query = "INSERT INTO Users (name, userID) VALUES ('$name', '$id')";
$result = mysqli_query($link,$query);
Which works fine and it adds a row to the table. How do i check wether the userID all ready exist in one of the following rows?
Do it like this
$query = "SELECT COUNT(*) FROM Users WHERE userID = '$id'";
$result = mysqli_query($link,$query);
if ( mysqli_fetch_assoc($result) ) {
$message = "Already exists";
} else {
$query = "INSERT INTO Users (name, userID) VALUES ('$name', '$id')";
$result = mysqli_query($link,$query);
}
Try this
$name = (string)$_POST['name'];
$id = (int)$_POST['id'];
$res = mysqli_query($link, "SELECT * FROM Users WHERE userID = '$id' LIMIT 1 ");
if($row = mysqli_fetch_assoc($res))
{
echo "this user id is already exists";
}
else
{
$query = "INSERT INTO Users (name, userID) VALUES ('$name', '$id')";
$result = mysqli_query($link,$query);
echo "record inserted successfully ";
}
REMEMBER : always use LIMIT 1 when you trying to get exactly one result.
IF you have properly set 'id' as primary key or unique key in your table, you can use the modifier IGNORE in your query you don't get an error when you try to isert a duplicate.
Doing this will result in the row only being inserted if the value of the primary key wasn't already in the table.
$query = "INSERT IGNORE INTO Users (name, userID) VALUES ('$name', '$id')";
IF you haven't set a primary key in your table you will have to do a SELECT query to find out if a row with that id is already in your table.
Make the UserID an Unique Key.
If it already exists, your code will throw an error and the row will not be insterted.
alter table Users
add unique index Unique_user (userID (8000))
Before inserting the values to the table check whether the following user id exists in the table or not
You can do it in this way
$name = $_POST['name'];
$id = $_POST['id'];
$sql = "SELECT * FROM Users WHERE userID = '$id'";
$res= mysqli_query($sql);
$num = mysqli_num_rows($res);
if($num == 0)
{
$query2 = "INSERT INTO Users (name, userID) VALUES ('$name', '$id')";
$result2 = mysqli_query($query2);
echo "record inserted successfully ";
}
else
{
echo "Record Failed !!";
}