Select data from a row in database - php

I am making a profile page in which I want the user's email to be displayed. I thought this would be quite a simple code that could be achieved using the select function from the database. However, this only works for one string and I cannot seem to figure out why.
This is my original code
session_start();
$_SESSION["user"] = $username;
$_SESSION["pass"] = $password;
$_SESSION["email"] = $email;
$connection = mysqli_connect ("localhost", "root", "", "picshare");
if ($connection ->connect_error) {
die("Connection failed: " . $connection->connect_error);
}else{
$query = mysqli_query($connection, "SELECT email FROM login WHERE username='".$_SESSION["user"]."'");
$field = mysqli_fetch_assoc($query);
if (!$query)
{
die('Error: ' . mysqli_error($con));
}if(mysqli_num_rows($query) > 0){
$field = mysqli_fetch_assoc($query);
}else{
echo "error";
$conn->close();
}}
When I try and echo $field, nothing was echoed
<p class ="right uc"><?php echo($field['email']);?></p>
I retried the code, but instead of using a session, I made a variable
$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "picshare";
$user = 'Eniola Olaogun';
$conn = new mysqli ($host, $dbusername, $dbpassword, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}else{
$query = mysqli_query($conn, "SELECT email FROM login WHERE username='".$user."'");
$field = mysqli_fetch_assoc($query);
if (!$query)
{
die('Error: ' . mysqli_error($con));
}if(mysqli_num_rows($query) > 0){
$field = mysqli_fetch_assoc($query);
echo($field['email']);
}else{
echo "error";
$conn->close();
This code displayed the email, and so I proceeded to change the $user variable to another name and the original problem occurred where nothing was echoed.
I went back to the original code and I logged in as Eniola Olaogun and the email was echoed, but as soon as I changed the person I logged in as, no email was echoed.
I am not sure why I am experiencing this problem and some help would be greatly appreciated

$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "picshare";
$user = 'Eniola Olaogun';
$conn = new mysqli ($host, $dbusername, $dbpassword, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
else {
$sql = "SELECT email FROM login WHERE username= {$user}";
$result = $conn->query($sql);
if($result->num_rows > 0) {
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
echo($row['email']);
}
else {
echo "error";
$conn->close();

error connecting to mysql database through crazy domains
It sounds like it is a permission issue based on the user you're logging in as.
Test it with a 'root' user password that has global access and then troubleshoot and isolate it from there. I'm betting you will find it then.
Pretty much impossible for me to test this remotely since I don't have your DB schema and user accounts to validate with.

Related

how to use database data to determine what action to take

I am looking to have a page with a redirect based on what is in the database.
I have a table called "nametable" and 2 columns "id" and "switch"
The id never changes, only the switch entry does. Sometimes it will have "on" as the entry, and sometimes it will have "off" as the entry (depending on what I enter in there at the time)
So I want a page where the website visitor will go to, and if the database says "on" then they will be redirected to, lets say "pageon.php" and if it says off, the visitor will be redirected to "pageoff.php"
I managed to do a simple echo to show on or off in text on the page. But I don't have the foggiest on how to have them redirected based on that.
Any thoughts on what I should search for to make this happen? And advice is appreciated.
PS. I tend to get a -1 because the site thinks I'm not specific on what I am wanting to do. If I am unclear, please tell me so I can revise before closing or -1
Thank you
EDIT: Based on the advice I was given in the comments, I have made this so far. I'm only getting a blank page though. Any thoughts?
<?php
$servername = " ";
$username = " ";
$password = " ";
$dbname = " ";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, switch FROM nametable";
$result = $conn->query($sql);
if ($row['switch'] == "on") header("Location: off.php"); else header("Location: on.php");
$conn->close();
?>
Try this:
<?php
$servername = " ";
$username = " ";
$password = " ";
$dbname = " ";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, switch FROM nametable";
$result = $conn->query($sql);
$row = $result->fetch_assoc();
if ($row['switch'] == "on"){
header("Location: off.php");
} else {
header("Location: on.php");
}
$conn->close();
?>
I got it. Thanks to the help in the comments, and the answer by #Edgaras except I made a tiny switch to have the == off, and that made it work. thank you all so much. Here is the solution.
<?php
$servername = " ";
$username = " ";
$password = " ";
$dbname = " ";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, switch FROM nametable";
$result = $conn->query($sql);
$row = $result->fetch_assoc();
if ($row['switch'] == "off"){
header("Location: off.php");
} else {
header("Location: on.php");
}
$conn->close();
?>

password_verify returns false. cant find error [duplicate]

This question already has answers here:
Using PHP 5.5's password_hash and password_verify function
(4 answers)
Closed 3 years ago.
I have been trying to figure out this problem for about 2 months and can't seem to figure it out. I have a database that returns the hashed password. I can confirm this works due to printing out all the information. It can return the non-hashed and hashed password perfectly fine but when it checks the password it will always return false.
I am not sure what to do. It could be something really easy but I seem to not be able to find it.
<?php
session_start();
$dbip = "localhost";
$dbuser = "root";
$dbpass = "";
$dbname = "projectNitro";
$conn = new mysqli($dbip, $dbuser, $dbpass, $dbname);
if($conn->connect_error) {
echo("Connection failed: " . $conn->connect_error);
}
$password = mysqli_real_escape_string($conn, $_GET["pass"]);
$email = mysqli_real_escape_string($conn, $_GET["email"]);
$sql = "SELECT * FROM users WHERE email='{$email}' LIMIT 1";
$query = mysqli_query($conn, $sql);
$pass = $_GET["pass"];
if($query == TRUE) {
$row = mysqli_fetch_array($query);
$db_password = $row['password'];
$db_usertype = $row['accountType'];
$username = $row['username'];
echo $password;
echo "<br>";
echo $db_password;
echo "<br>";
$verify = password_verify($pass, $db_password);
if($verify) {
$_SESSION['username'] = $username;
$_SESSION['at'] = $db_usertype;
header("Location: http://website.com");
} else {
echo("DB Email: "
.$row["email"]
."<br>Username: "
.$row["username"]
."<br>DB Password: "
.$row["password"]
."<br>AccountType: "
.$row["accountType"]
."<br>Inserted Email: "
.$_GET["email"]
."<br>Inserted Password: "
.$_GET["pass"]."<br>");
if(password_verify($_GET["pass"], $row["password"])) {
echo("epic<br>");
} else {
echo("not epic<br>");
}
}
} else {
header("Location: http://website.com");
}
$conn->close();
?>
You need to do baby steps. keep stepping up as long as it works.
Here is a simpler version of your code that should work with the password sample from the official doc: http://php.net/manual/en/function.password-verify.php
Also use die(); to debug your code in every {} block.
In your current code you redirect to a website in both cases it's really hard to track what is wrong if you are redirected!
You have useless and unclear variables, for instance $dbpass, $db_password is very ambiguous, even if you and I understand it makes it not maintainable. As well as your coding style, you need to indent!
The next step you need to check if this code works, is replace the hard coded password with a hard coded password you have with hard coded hash as well.
<?php
session_start();
$dbip = "localhost";
$dbuser = "root";
$dbpass = "";
$dbname = "projectNitro";
$conn = new mysqli($dbip, $dbuser, $dbpass, $dbname);
if ($conn->connect_error){
echo("Connection failed: " . $conn->connect_error) . '<br><br>';
}
$password = 'rasmuslerdorf';//mysqli_real_escape_string($conn, $_GET["pass"]);
// $email = mysqli_real_escape_string($conn, $_GET["email"]);
// $sql = "SELECT * FROM users WHERE email='{$email}' LIMIT 1";
// $query = mysqli_query($conn, $sql);
// $pass = $_GET["pass"];
// if ($query == TRUE) {
// $row = mysqli_fetch_array($query);
$db_password = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
// $username = $row['username'];
echo $password;
echo "<br>";
echo $db_password;
echo "<br>";
if (password_verify($password, $db_password)) {
die('ok');
} else {
die('not ok');
}
// } else {
// header("Location: http://website.com");
// }
$conn->close();
?>
Here I modified slightly and added a few comments along the code to help you understand the approach.
<?php
session_start();
// This array is used only like a simple namespace.
$dbCredentials = [
'host' => "localhost",
'user' => "root",
'password' => "",
'dbname' => "projectNitro"
];
$dbConn = new mysqli($dbCredentials['host'], $dbCredentials['user'], $dbCredentials['password'], $dbCredentials['dbname']);
if ($dbConn->connect_error) {
// Should not continue script if can't connect to DB.
die("Connection failed: " . $dbConn->dbConnect_error);
}
// You should check the existence of $_GET["pass"] before using it, with empty() or isset().
$passwordToCheck = mysqli_real_escape_string($dbConn, $_GET["pass"]);// Renamed var more meaningful.
$userEmail = mysqli_real_escape_string($dbConn, $_GET["email"]);
$sql = "SELECT * FROM users WHERE email='{$userEmail}' LIMIT 1";// Don't select * if you don't need everything.
$query = mysqli_query($dbConn, $sql);
$pass = $_GET["pass"];// you already have $passwordToCheck.
if ($query) {// Don't need == TRUE
// $row = mysqli_fetch_array($query);
$db_password = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
$username = $row['username'];
echo "$passwordToCheck<br>$db_password<br>";// This is way less verbose than repeating echo and uses less echo functions.
if (password_verify($passwordToCheck, $db_password)) {// Don't need to keep this condition in a variable.
die('ok');// this is just an example to test.
} else {
die('not ok');// this is just an example to test.
}
} else {
header("Location: http://website.com");// While debugging don't redirect, put die('message');
}
$dbConn->close();
?>

SQL with PHP variables

I'm trying to update db record using the code below. Even if the redirection is done, the record isn't being updated as it should be. any tips please?
<?php
session_start();
?>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "Mydatabase";
$id = $_GET["session_id()"];
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE leads SET first_name='hola' WHERE id = '$id'";
if ($conn->query($sql) === TRUE) {
header( "thank-you.php" ); die;
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
This one causes the problem.
$id = $_GET["session_id()"];
session_id() itself is a PHP function. No need for quoting. Just remove the quotes and it should be fine.
$id = $_GET[session_id()];

When I add a column, I can't retrieve it from mysql

After I add a column to my database, I want to retrieve it but not expected.
In PHP, I try reopening apache and mysql still not work.
Does anyone know how to resolve it? Thanks!
your question is not fully explanatory but with what I could try to understand you want to retrieve data or records from your database
you could try the code below and tweak it to work your way
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM databaseName";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data
while($row = $result->fetch_assoc()) {
print $row"<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>

Need help to display data from mysql database

I would need some help with showing data that I have on my database but I can't seen to be able to.`
$servername = "servername";
$username = "username";
$password = "password";
$dbname = "dbname";
$connect = mysqli_connect($servername, $username, $password, $dbname) or die ("connection failed");
//Query
$query = "SELECT * FROM 'Students'";
mysqli_master_query($dbname, $query) or die ("Error while Query");
$result = mysqli_master_query($dbname, $query);
$row = mysql_fetch_array($result);
while ($row = mysql_fetch_array($result)) {
echo "<p>".$row['Name']."</p>";
};
mysql_close($connect);
?>`
I am pretty new to this so I could have missed something simple. Any help appreciated.
Below is a sample code of the normal procedure to connect to a database and to select data from it. Please follow this type of coding since MySQL is now deprecated and MySQLi is used.
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "SELECT id, firstname, lastname FROM MyGuests";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " . $row["lastname"]. "<br>";
}
} else {
echo "0 results";
}
mysqli_close($conn);
?>
For further reference check out http://php.net/manual/en/book.mysqli.php and also https://www.w3schools.com/php/php_mysql_insert.asp

Categories