Validation for inserting duplicate entries is not working using mysqli - php

I Have written a query for validating the email ids to not accept the duplicate emails while inserting into database.But it is not working and inserting duplicate email ids into database.
if(isset($_POST['submit_user'])){
$email = $_POST['user_email'];
$check=mysqli_query($conn,"select * from users where user_email='$email'");
$checkrows=mysqli_num_rows($check);
if($checkrows>0) {
echo "Email Already exists";
} else {
if($_POST['password'] == $_POST['con_password']){
$date = date('Y-m-d h:i:s');
$ins_sql = "INSERT INTO users (first_name, last_name, user_email, user_password, user_gender, user_marital_status, user_phone_no, user_designation,user_address,user_date,user_role,username) VALUES ('$_POST[first_name]', '$_POST[last_name]', '$_POST[email]', '$_POST[password]', '$_POST[gender]', '$_POST[marital_status]', '$_POST[phone_no]', '$_POST[designation]', '$_POST[address]', '$date','$_POST[user_role]' , '$_POST[username]')";
$run_sql = mysqli_query($conn,$ins_sql);
}else {
$match = '<div class="alert alert-danger">Password doesn&apos;t match!</div>';
}
}


You are checking wrong email id. change $email = $_POST['user_email']; to $email = $_POST['email'];
if(isset($_POST['submit_user'])){
$email = $_POST['email'];
$check=mysqli_query($conn,"select * from users where user_email='$email'");
$checkrows=mysqli_num_rows($check);
if($checkrows>0) {
echo "Email Already exists";
} else {
if($_POST['password'] == $_POST['con_password']){
$date = date('Y-m-d h:i:s');
$ins_sql = "INSERT INTO users (first_name, last_name, user_email, user_password, user_gender, user_marital_status, user_phone_no, user_designation,user_address,user_date,user_role,username) VALUES ('$_POST[first_name]', '$_POST[last_name]', '$_POST[email]', '$_POST[password]', '$_POST[gender]', '$_POST[marital_status]', '$_POST[phone_no]', '$_POST[designation]', '$_POST[address]', '$date','$_POST[user_role]' , '$_POST[username]')";
$run_sql = mysqli_query($conn,$ins_sql);
}else {
$match = '<div class="alert alert-danger">Password doesn&apos;t match!</div>';
}
}
}

Related

Why is my user being added to one table but not another

I am creating a profile image upload system for my users. Upon signup, the php code should create a user in the table "user" and also create a user in the "profileImg" table. I am getting no errors in my log but the user is being added to "user" but not "profileImg". Can anyone please assist. Thank you in advance.
SIGNUP.INC.PHP:
<?php
session_start();
include '../dbh.php';
$respond = array(
'status' => true,
'message' => 'There was an error',
'redirect' => '../profile.php',
'errors',
);
if (isset($_POST['submit'])) {
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$errorEmpty = false;
$errorEmail = false;
if (empty($first) || empty($last) || empty($email) || empty($pwd)) {
$respond['errors'][] = "Please fill out all fields!";
$respond['errorEmpty'] = true;
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$respond['errors'][] = "Please enter a valid email address!";
$respond['errorEmail'] = true;
} else {
$sql = "SELECT email FROM user WHERE email='$email'";
$result = mysqli_query($conn, $sql);
$emailcheck = mysqli_num_rows($result);
if ($emailcheck > 0) {
$respond['errors'][] = "That email address already exists!";
$respond['errorEmail'] = true;
}
else {
$encryptpwd = password_hash($pwd, PASSWORD_DEFAULT);
$sql = "INSERT INTO user (first, last, email, pwd)
VALUES ('$first', '$last', '$email', '$encryptpwd')";
$result = mysqli_query($conn, $sql);
$sql = "SELECT * FROM user WHERE email='$email' AND first='$first'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$email = $row['id'];
$sql = "INSERT INTO profileImg (email, status)
VALUES ('$email', 1)";
}
}
}
}
}
echo json_encode($respond);
?>
PROFILE.PHP:

This must be a violation on database level.
See this block of yours:
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$email = $row['id'];
$sqlProfile = "INSERT INTO profileImg (email, status)
VALUES ('$email', 1)";
}
}
I'm pretty sure that in your database the email column of profileImg table is a varchar, although you are inserting it as an int $email = $row['id'];
Replace that line by the this $email = $row['email'];
Code after changes:
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$email = $row['email'];
$sqlProfile = "INSERT INTO profileImg (email, status)
VALUES ('$email', 1)";
mysqli_query($conn, $sqlProfile);
}
}
Update: add mysqli_query($conn, $sqlProfile); to execute the query

Php Mysql - check variables duplication with empty command

i have user add form in my webpage.
Codes like this;
if(isset($_POST['submitted']) ==1) {
$name = mysqli_real_escape_string($dbc, $_POST['name']);
$surname = mysqli_real_escape_string($dbc, $_POST['surname']);
$date = mysqli_real_escape_string($dbc, $_POST['date']);
$email = mysqli_real_escape_string($dbc, $_POST['email']);
$password = mysqli_real_escape_string($dbc, $_POST['password']);
$city = mysqli_real_escape_string($dbc, $_POST['city']);
$q = "INSERT INTO users (name, surname, date, email, password, city) VALUES('$name', '$surname', '$date', '$email', '$password', '$city')";
$r = mysqli_query($dbc, $q);
if($r) {
$message = 'User was added';
}else{
$message = 'User could not be added because: '.mysqli_error($dbc);
$message .= '<p>'.$q.'</p>';
}
}
my submit button is:
<button type="submit" class="btn btn-default">Add User</button>
<?php if(isset($message)) { echo $message; }?>
<input type="hidden" name="submitted" value="1">
I want to check existing values in my database table with that post button.
How can i check same values in this post?

you can do something like this:
<?php
if (isset($_POST['submitted']) == 1) {
$name = mysqli_real_escape_string($dbc, $_POST['name']);
$surname = mysqli_real_escape_string($dbc, $_POST['surname']);
$date = mysqli_real_escape_string($dbc, $_POST['date']);
$email = mysqli_real_escape_string($dbc, $_POST['email']);
$password = mysqli_real_escape_string($dbc, $_POST['password']);
$city = mysqli_real_escape_string($dbc, $_POST['city']);
$q = "SELECT * FROM users WHERE email='".$email."'";
$r = mysqli_query($dbc, $q);
if ($r->num_rows == 0) {
$q = "INSERT INTO users (name, surname, date, email, password, city) VALUES('$name', '$surname', '$date', '$email', '$password', '$city')";
$r = mysqli_query($dbc, $q);
if ($r) {
$message = 'User was added';
} else {
$message = 'User could not be added because: ' . mysqli_error($dbc);
$message .= '<p>' . $q . '</p>';
}
} else {
$message = "Email does exist already";
}
}

Data is retrieved from DB but wont insert?

So when I want to retrieve data and check it i.e. if the email already exist echo already registered. That part works fine, however inserting the same data does not work. Are my conditionals ordered improperly?
(intentionally left out values for the dbhostname id pw variables)
$dbname = "hw2";
$link = mysqli_connect($dbhostname, $dbuserid, $dbpassword, $dbname);
$firstname = $_POST["signup-firstname"];
$lastname = $_POST["signup-lastname"];
$email = $_POST["signup-email"];
$password = $_POST["signup-password"];
$repassword = $_POST["signup-repassword"];
if ($password != $repassword){
echo "<br><h3>Passwords did not match. <br>Please try again.</h3>";
}
else {
$ret_email = "SELECT * FROM hw2 WHERE email = '$email'";
$result = mysqli_query($link, $ret_email);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0){
echo "This email is already registered.";
}
else{
$insert_query = "INSERT INTO hw2 (firstname, lastname, email, password, repassword) VALUES ('$firstname', '$lastname', '$email', '$password', '$repassword')";
echo "$insert_query";
}
}
?>

You should perform the query not only echoing it
mysqli_query($con,"INSERT INTO Persons (FirstName,LastName,Age)
if ($num_rows > 0){
echo "This email is already registered.";
}
else{
$insert_query = "INSERT INTO hw2 (firstname, lastname, email, password, repassword) VALUES ('$firstname', '$lastname', '$email', '$password', '$repassword')";
echo "$insert_query";
mysqli_query($link,$insert_query)
}

PHP registration not inserting new user into table

I'm following a tutorial and I've run into an issue where I can complete my registration form but my info isn't saved into the database table. All my code is the same as the tutorial. Am I missing something?
Obviously it has to do with my $insert variable, but I can't figure out what it is.
if(isset($_POST['register'])) {
$user_name = mysqli_real_escape_string($con, $_POST['user_name']);
$user_pass = mysqli_real_escape_string($con, $_POST['user_pass']);
$user_email = mysqli_real_escape_string($con, $_POST['user_email']);
$user_country = mysqli_real_escape_string($con, $_POST['user_country']);
$user_number = mysqli_real_escape_string($con, $_POST['user_number']);
$user_address = mysqli_real_escape_string($con, $_POST['user_address']);
$user_gender = mysqli_real_escape_string($con, $_POST['user_gender']);
$user_b_day = mysqli_real_escape_string($con, $_POST['b_day']);
$user_image = $_FILES['user_image']['name'];
$user_tmp = $_FILES['user_image']['tmp_name'];
if($user_address=='' OR $user_country=="" OR $user_image=="" OR $user_gender=='') {
echo "<script>alert('Please fill all the fields.')</script>";
exit();
}
if(!filter_var($user_email, FILTER_VALIDATE_EMAIL)) {
echo "<script>alert('Your email is not valid.')</script>";
exit();
}
$sel_email = "SELECT * FROM register_user WHERE user_email='" . $user_email . "';";
$run_email = mysqli_query($con, $sel_email);
$check_email = mysqli_num_rows($run_email);
if($check_email==1) {
echo "<script>alert('This email is already registered. Please choose another.')</script>";
exit();
}
else {
$_SESSION['user_email'] = $user_email;
move_uploaded_file($user_tmp, "images/$user_image");
$insert = "INSERT INTO register_user (user_name,
user_pass,
user_email,
user_country,
user_number,
user_address,
user_gender,
user_b_day,
user_image,
register_date)
VALUES ('$user_name',
'$user_pass',
'$user_email',
'$user_country',
'$user_number',
'$user_address',
'$user_gender',
'$user_b_day',
'$user_image',
NOW())";
mysqli_query($con, $insert);
echo "<script>alert('Registration successful.')</script>";
echo "<script>window.open('home.php', '_self' )</script>";
}
}

If you have no error message, try this:
$insert = "INSERT INTO register_user (user_name,
user_pass,
user_email,
user_country,
user_number,
user_address,
user_gender,
user_b_day,
user_image,
register_date)
VALUES ('".$user_name."',
'".$user_pass."',
'".$user_email."',
'".$user_country."',
'".$user_number."',
'".$user_address."',
'".$user_gender."',
'".$user_b_day."',
'".$user_image."',
NOW())";

Fatal error: Call to a member function execute() on a non-objec [duplicate]

This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 8 years ago.
I am new to PDO and keep getting a Fatal error. I am trying to first check for empty fields, then check for duplicate emails and then if that passes insert the user data into the database. After searching and searching I am absolutely lost as to where I am going wrong. Here is my code:
<?php
session_start();
require_once('includes/db_connect.php');
include('functions/email-inject-function.php');
$first_name = trim($_POST['first_name']);
$last_name = trim($_POST['last_name']);
$email = trim($_POST['email']);
$company = trim($_POST['company']);
$phone = trim($_POST['phone']);
$password = trim($_POST['password']);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if(empty($_POST["first_name"])) {
$first_name_err = "<p>What is your first name?</p>";
$errorflag = 1;
}
if(empty($_POST["last_name"])) {
$last_name_err = "<p>What is your last name?</p>";
$errorflag = 1;
}
//checks email
if(empty($_POST["email"])) {
$email_err = "<p>What is your email address?</p>";
$errorflag = 1;
}
if(empty($_POST["company"])) {
$company_err = "<p>What is your company name?</p>";
$errorflag = 1;
}
if(empty($_POST["phone"])) {
$phone_err = "<p>What is your phone number?</p>";
$errorflag = 1;
}
if(empty($_POST["password"])) {
$pass_err = "<p>Please enter a password</p>";
$errorflag = 1;
}
else {
$injected = IsInjected($email);
if ($injected == true) {
$email_valid_err = "<p>Please enter a valid email.</p>";
$errorflag = 1;
}
}
try {
// Check if email is taken
$stmt = $dbh->prepare("SELECT * FROM `admins` WHERE `email` = :email");
$stmt->execute(array('email' => $email));
if ($stmt->fetchColumn() > 0) {
throw new Exception("That email is already taken.");
}
$sql="INSERT INTO admins (first_name, last_name, email, company, phone, password, reg_date) VALUES (:first_name, :last_name, :email, :company, :phone, SHA1('$password'), NOW())";
$query = $dbh->prepare($sql);
$result->execute(array(':first_name'=>$first_name, ':last_name'=>$last_name, ':email'=>$email, ':company'=>$company, ':phone'=>$phone, ':password'=>$password ));
echo $result;
//catch any errors from try()
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
?>

Its a simple mistake:
replace $result with $query....
So:
$result->execute(array(':first_name'=>$first_name, ':last_name'=>$last_name, ':email'=>$email, ':company'=>$company, ':phone'=>$phone, ':password'=>$password ));
echo $result;
should be:
$query->execute(array(':first_name'=>$first_name, ':last_name'=>$last_name, ':email'=>$email, ':company'=>$company, ':phone'=>$phone, ':password'=>$password ));
echo $query;
the Query is also wrong:
$sql="INSERT INTO admins (first_name, last_name, email, company, phone, password, reg_date) VALUES (:first_name, :last_name, :email, :company, :phone, SHA1('$password'), NOW())";
should be
$sql="INSERT INTO admins (first_name, last_name, email, company, phone, password, reg_date) VALUES (:first_name, :last_name, :email, :company, :phone, SHA1(:password), NOW())";
Note the $password to :password

Categories