We Keep Coding

Verification of sign up [duplicate]

This question already has answers here:
Why shouldn't I use mysql_* functions in PHP?
(14 answers)
How to check if a row exists in MySQL? (i.e. check if username or email exists in MySQL)
(4 answers)
Closed 2 years ago.
I wrote a new form of signup. But it's done vice versa what I need. I show code exists if it's in DB and bypass sing-up if there is any. But I need that it shows: "Wrong code" if "sec_code" not found in my DB (created already a list of these codes) and bypass if it exists in DB. Thx. Stuck on this.
if($_GET['action'] == "save")
{
$sec_code = htmlspecialchars($_POST['sec_code'], ENT_QUOTES, '');
$yes = intval($_POST['yes']);
if(!$sec_code) {
$error = "<p class=\"er\"></p>";
}
elseif(mysql_num_rows(mysql_query("SELECT skey FROM users WHERE sec_code = '".$sec_code."'"))) {
$error = "<p class=\"er\">Security code exist!</p>";

Form doesn't send properly [duplicate]

This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 4 years ago.
I've been trying to make a form in Wordpress to post data to the database and check if the data matches and if so then it proceeds to the next form but I can't seem to get it to work properly, been testing having the form placed in the themes folder to allow straighter testing, the php looks like this:
<?php
if(isset($_POST['submit'])) {
global $wpdb;
$ordernumber = $_POST['ordernmbr'];
$orderfirstname = $_POST['firstname'];
$orderpostnumber = $_POST['postnmbr'];
// Sanitizing
$ordernumber = stripslashes_deep($ordernumber);
$orderfirstname = stripslashes_deep($orderfirstname);
$orderpostnumber = stripslashes_deep($orderpostnumber);
$sql = "SELECT * FROM wp_postmeta WHERE 'post_id' = %d";
$sql = $wpdb->prepare($sql, array($ordernumber));
$res = $wpdb->get_results($sql);
if ($res > 0) {
wp_redirect(admin_url('http://localhost/wordpress/index.php/shop/'));
die();
} else {
$error = "Not like this";
echo $error;
}
print_r($res);
}
?>
<?php
get_footer();
?>
}
The problem is that when I try to post data it gives me an error saying
Warning: Cannot modify header information - headers already sent by (output started at /Applications/XAMPP/xamppfiles/htdocs/wordpress/wp-includes/class.wp-styles.php:225) in /Applications/XAMPP/xamppfiles/htdocs/wordpress/wp-includes/pluggable.php on line 1219
how do I go on about fixing this?

You can't redirect the browser after the content has already begun being served.
That piece of code needs to be included before the theme starts loading, so it needs to be in a plugin.
When setting up the plugin, be sure to give it a high priority, and choose the right filter/action to have it load early (before any content is rendered): WP Action Reference

Unable to forward $_GET variable target PHP file [duplicate]

This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 6 years ago.
I am working on homework assignment that requires making of a simple news site with the ability to list news from different categories, to allow logged in users to comment articles and delete them.
I managed to do all of the mentioned except deletion. I get this error message "Parse error: syntax error, unexpected 'if' (T_IF) in C:......\delete.php on line 4".
Here is my show_comments.php file code:
<?php
require_once("konektor.php");
$article_id = $_GET['id'];
$qCommentShow = "
SELECT
`komentari`.`id` as `kom_id`,
`komentari`.`komentar`,
`komentari`.`korisnik_id`,
`komentari`.`sajt_id`,
`korisnici`.`username`
FROM `komentari`, `korisnici` WHERE `sajt_id` = $article_id
GROUP BY `komentari`.`id`
ORDER BY `komentari`.`id` DESC ";
$komentarPrikazi = $konektor->query($qCommentShow);
echo "<h3>Komentari korisnika</h3>";
$sviKomentari = $komentarPrikazi->fetchAll(PDO::FETCH_OBJ);
foreach($sviKomentari as $b){
echo "<div style='margin:30px 0px;'>
<p>Ime: ". $b->username ."</p><p>Komentar:</p><textarea> ". $b->komentar ."</textarea><br>
</div>";
echo "<a href ='index.php?opcija=delete&id=". $b->kom_id ."'>Izbrisi komentar</a>";
echo "<hr>";
}?>
and my delete.php file code:
<?php
require_once("konektor.php")
if (isset($_GET['id'])){
$qBrisi = "
DELETE FROM `komentari` WHERE `id` = '" .$_GET['id']. "'; AND `korisnik_id` =
'" .$_SESSION['id']. "';
";
$komentarBrisi= $konektor->query($qBrisi)
}
else {
echo "error";
include ("location: kategorije.php");
}
?>
If required, I can also post my category.php code where I list all the categories with established dynamic paging.
I have tried looking around the internet what I could be doing wrong but everywhere I checked, the code is almost identical to mine so I am really scratching my head here what I am doing wrong.
P.S I know my code is still unfinished and vulnerable to attacks but right now, I have to make a really basic and functional version of the site.

You forgot ; on line 4 in delete.php :
require_once("konektor.php")

Check Fields are filled otherwise display error in php [duplicate]

This question already has answers here:
What does ? ... : ... do? [duplicate]
(8 answers)
Closed 8 years ago.
in this i have to check if in fields data is fields then it submit otherwise it can display error with if statements
<?php
include("config.php");
$name=$_POST["name"];
$email=$_POST["email"];
$phone=$_POST["phone"];
$budget=$_POST['budget'];
$insert_query="insert into form(name,email,phone,budget) values ('$name','$email','$phone','$budget')";
$con=mysql_query($insert_query);
?>

take a look at empty() function
http://php.net/empty
if (empty($_POST["name"])) {
die('name is empty');
}

Consider the following...
thispage.php
<?php
$name = (empty($_GET['name'])) ? "Fred" : $_GET['name'];
echo $name;
?>
thispage.php = 'Fred'
thispage.php?Wilma = 'Wilma'
And usual caveats about sql injection, prepared statements, deprecated methods, etc.

First you MUST clean post fields before writing in db. Use function mysql_real_escape_string($var)
And second, you can check field data with function empty, for example:
if (!empty($_POST["name"])) {
$name = mysql_real_escape_string($_POST["name"]);
// your query
} else {
echo 'Name is empty!';
}

Making MySQL queries safe for database insertion (strings) [duplicate]

This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
Practises for getting information from $_GET/$_POST and saving it to a database?
Just wondering what exactly I should look out for with regards to safety in MySQL database insertions for users entering strings.
Currently all I'm doing is mysql_real_escape_string($string) for every $_GET or $_POST input I wish to put in the database. Is that cool? What else do I need to do?

$stmt = mysqli_prepare($con,"INSERT INTO friend_request (ToUID, FromUID) VALUES (?,?)");
mysqli_stmt_bind_param($stmt, "ii", $fid, $uid); //i-> Integer, S -> string
mysqli_stmt_execute($stmt);
if (mysqli_stmt_affected_rows($stmt))
echo 'Request Sent';
else
echo 'Something went wrong !';

This is my process:
//check to see if the request came from your server or not
$server = substr($_SERVER[HTTP_REFERER],0,LENGTH OF INCOMING PAGE);
$prevPage = ""; //the incoming page
if ($server != $prevPage) {
header("Location: $prevPage");
exit;
} else {
//pull and sanitize the data
include('link.php'); //include the link to your database
$var = $link->mysql_real_escape_string($_POST['data']);
//check for null values in required fields
//run the data through a regular expression check
//then store the information
There is so much more you could do to validate the data being entered.