I am using this code to add some data to my already existing sql database, but the can't seem to do so, it's also not giving any errors. I have tried everything that i could think of. This is a form which lets user input the data and then when user clicks submit it gives a success message in url but i get the success message but no data in my database.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Signup Form</title>
</head>
<body>
<form action="signup.php" method="POST">
<input type="text" name="firstname" placeholder="First Name">
<br>
<input type="text" name="lastname" placeholder="Last Name">
<br>
<input type="text" name="email" placeholder="E-mail">
<br>
<input type="text" name="uid" placeholder="User name">
<br>
<input type="password" name="pwd" placeholder="Password">
<br>
<button type="submit" name="submit">Sign up</button>
</form>
<?php
$sql = "SELECT * FROM users;" ;
$result = mysqli_query($conn,$sql); //connects the database to the query we just generated
$resultcheck = mysqli_num_rows($result); // it returns the number of rows in the query
if($resultcheck > 0){
//the if condition checks if there is any data inside $resultcheck
//The mysqli_fetch_assoc() function fetches a result row as an associative array.
while($row = mysqli_fetch_assoc($result)){
echo $row['user_uid'].'<br>';
}
}
?>
</body>
</html>
<?php
include_once 'dbh.php';
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "INSERT INTO users (`user_firstname`, `user_firstname`, `user_email`, `user_uid`, `user_pwd` ) VALUES (\'$firstname\',\'$lastname\',\'$email\',\'$uid\', \'$pwd\');";
//require 'dbh.php';
mysqli_query('$conn','$sql');
/* if($result=$mysqli->query($sql)){
echo "<p>User successfully added to database</p>".'<br>';
}
else{
echo "Error enterting user into database!".mysql_error().'<br>';
} */
header("Location: index.php?signup=success");
?>
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "login_system"; // selecting the database
$conn = mysqli_connect($dbServername,$dbUsername,$dbPassword,$dbName );
//$mysqli = new mysqli('localhost','root',"",$dbName );
if(mysqli_connect_errno()){
printf("connection failed %s\n",mysqli_connect_error());
exit();
}
$mysqli->select_db("login_system");
?>
Please remove single quotes in $conn and $sql
mysqli_query($conn, $sql);
in your insert PHP file.
$sql = "INSERT INTO `users` (`user_firstname`, `user_lastname`, `user_email`, `user_uid`, `user_pwd` ) VALUES ('".$firstname."', '".$lastname ."', '".$email."', '".$uid."', '".$pwd."');";
$result=mysqli_query('$conn','$sql');
if($result)
{
echo "succsessfuly...";
}
else
{
echo "Not succsessfuly...";
}
Try this one:
<?php
include_once 'dbh.php';
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title> Signup Form </title>
</head>
<body>
<form action="signup.php" method="POST">
<input type="text" name="firstname" placeholder="First Name">
<br>
<input type="text" name="lastname" placeholder="Last Name">
<br>
<input type="text" name="email" placeholder="E-mail">
<br>
<input type="text" name="uid" placeholder="User name">
<br>
<input type="password" name="pwd" placeholder="Password">
<br>
<button type="submit" name="submit">Sign up</button>
</form>
<?php
$sql = "SELECT * FROM users; " ;
$result = $mysqli->query($sql); //connects the database to the query we just generated
$resultcheck = $result->num_rows; // it returns the number of rows in the query
if($resultcheck > 0){
while($row = $result->fetch_assoc()){
echo $row['user_uid'].'<br>';
}
}
?>
</body>
</html>
signup.php
<?php
include_once 'dbh.php';
$firstname = $mysqli->real_escape_string($_POST['firstname']);
$lastname = $mysqli->real_escape_string($_POST['lastname']);
$email = $mysqli->real_escape_string($_POST['email']);
$uid = $mysqli->real_escape_string($_POST['uid']);
$pwd = $mysqli->real_escape_string($_POST['pwd']);
$sql = "INSERT INTO users (`user_firstname`, `user_lastname`, `user_email`, `user_uid`, `user_pwd` ) VALUES ('$firstname','$lastname','$email','$uid', '$pwd');";
if($result=$mysqli->query($sql)){
echo "<p>User successfully added to database</p>".'<br>';
}
else{
echo "Error enterting user into database!".$mysqli->error.'<br>';
}
header("Location: index.php?signup=success");
dbh.php
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "login_system"; // selecting the database
$mysqli = new mysqli($dbServername,$dbUsername,$dbPassword,$dbName);
if($mysqli->connect_errno){
printf("connection failed %s\n",$mysqli->connect_error);
exit();
}
Please read this reference http://php.net/manual/en/book.mysqli.php
should be like this
$sql = "INSERT INTO users (firstname, lastname, email, uid, pwd ) VALUES ('$firstname','$lastname','$email','$uid', '$pwd')";
mysqli_query($conn,$sql);
Related
I need to сheck if username is already taken or not. And if it is ok, to redirect to another page but if not (here I am stuck) to make the "username is already taken" appear under the input line.
there is my php code:
<?php
$host = "localhost";
$dbusername = "postgres";
$dbpassword = "admroot";
$db = "local_db_server_test";
$con = pg_connect("host=$host dbname=$db user=$dbusername password=$dbpassword") or die ("Could not connect to Server\n");
if(!$con){ die('Error: Unable to open database'); }
else {
$username = $_POST['username'];
$password = $_POST['password'];
if(strlen($password) < 6) {
pg_close($con); // also can use die() but without header and redirection
header("Location:sign_up_pass_err.html");
}
$query = "INSERT INTO register(username, password) VALUES ('$username',crypt('$password',gen_salt('md5')))";
$result = pg_query($con, $query);
header("Location: login.html");
}
pg_close($con);
?>
And this is my html code:
<!DOCTYPE html>
<html>
<head></head>
<body>
<form action="sign_up.php" method="post">
<input type="text" name="username" placeholder="Username" required><br><br>
<input type="password" name="password" placeholder="Password" required><br><br>
<input type="submit" value="Sign up">
</form>
</body>
</html>
Yahallo! I have a problem in searching the user in the database and displaying them into the textfields. I have set everything to query and search the user by typing the lastname but it gives me an error
Fatal error: Uncaught exception 'mysqli_sql_exception' with message 'You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1' .
<?php
$host = "localhost";
$user = "root";
$password ="";
$database = "ntmadb";
$id = "";
$firstname = "";
$lastname = "";
$username = "";
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
// connect to mysql database
try{
$connect = mysqli_connect($host, $user, $password, $database);
} catch (mysqli_sql_exception $ex) {
echo 'Error';
}
// get values from the form
function getPosts()
{
$posts = array();
$posts[0] = $_POST['id'];
$posts[1] = $_POST['firstname'];
$posts[2] = $_POST['lastname'];
$posts[3] = $_POST['username'];
return $posts;
}
// Search
if(isset($_POST['search']))
{
$data = getPosts();
$search_Query = "SELECT * FROM members WHERE lastname = $data[2]";
$search_Result = mysqli_query($connect, $search_Query);
if($search_Result)
{
if(mysqli_num_rows($search_Result))
{
while($row = mysqli_fetch_array($search_Result))
{
$id = $row['id'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$username = $row['username'];
}
}else{
echo 'No Data For This Id';
}
}else{
echo 'Result Error';
}
}
?>
<!DOCTYPE Html>
<html>
<head>
<title>PHP INSERT UPDATE DELETE SEARCH</title>
</head>
<body>
<form action="index44.php" method="post">
<input type="text" name="id" placeholder="Id" value="<?php echo $lastname;?>"><br><br>
<input type="text" name="firstname" placeholder="First Name" value="<?php echo $firstname;?>"><br><br>
<input type="text" name="lastname" placeholder="Last Name" value="<?php echo $lastname;?>"><br><br>
<input type="text" name="username" placeholder="User Name" value="<?php echo $username;?>"><br><br>
<div>
<!-- Input For Edit Values -->
<input type="submit" name="update" value="Update">
<!-- Input For Find Values With The given ID -->
<input type="submit" name="search" value="Find">
</div>
</form>
</body>
</html>
Can someone assist in fixing it? Thank you!
Try below query.
$search_Query = "SELECT * FROM members WHERE lastname = '".$data[2]."'";
Try this:
$temp_lastname = $data[2];
$search_Query = "SELECT * FROM `members` WHERE `lastname` = '$temp_lastname'";
I wanna update just one data from a record using php form but the thing is, when i do that, the rest of the data gets removed from the record.. What do i do :/ here are my codes for updating. What is the mistake i am making.. I am very confused. Would really appreciate some help.
<?php
include('db.php');
if(isset($_POST['update']))
{
$hostname = "localhost";
$username = "root";
$password = "";
$databaseName = "winc sports";
$connect = mysqli_connect($hostname, $username, $password, $databaseName);
$id = $_POST['id'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$age = $_POST['age'];
$country=$_POST['country'];
$phone=$_POST['phone'];
$email=$_POST['email'];
$select = "SELECT * FROM studens WHERE id = '$id'";
$selected = mysqli_query($connect, $select);
$row = mysqli_fetch_assoc($selected);
if (empty($_POST['fname'])) {$fname = $row['fname'];} else {$fname = $_POST['fname'];}
if (empty($_POST['country']))
{
$country = $row['country'];
}
else {
$country = $_POST['country'];
}
if (empty($_POST['id'])) {
$id = $row['id'];
}
else {
$id = $_POST['id'];
}
if (empty($_POST['age'])) {$age = $row['age'];} else {$age = $_POST['age'];}
if (empty($_POST['phone'])) {$phone = $row['phone'];} else {$phone = $_POST['phone'];}
if (empty($_POST['email'])) {$email = $row['email'];} else {$email = $_POST['email'];}
$query = "UPDATE students SET Fname= '$fname', Lname = '$lname', Nationality = '$country', PhoneNumber = '$phone', Email= '$email', Age = '$age' WHERE Id = '$id'";
$result = mysqli_query($connect, $query);
var_dump($result);
if($result)
{
echo 'Data Updated';
}else
{
echo 'Data Not Updated';
}
mysqli_close($connect);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>PHP INSERT DATA USING PDO</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<form action="updating.php" method="post">
<input type="text" name="id" placeholder="Enter new ID"><br><br>
<input type="text" name="fname" placeholder="Enter new First Name"><br><br>
<input type="text" name="lname" placeholder="Enter new Last Name"><br><br>
<input type="number" name="age" placeholder="Enter new age" min="13" max="90"><br><br>
<input type="text" name="country" placeholder="Enter new Nationality"><br><br>
<input type="number" name="phone" placeholder="Enter new Phone Number"><br><br>
<input type="text" name="email" placeholder="Enter new Email"><br><br>
<input type="submit" name="update" value="update">
</form>
</body>
</html>
The select statement is fetching data from a table called studens. This looks like a typo of the actual table so it won't actually fetch any results for you to update. Thus, the data you wind up updating the table with is empty. Rename the initial select table to students and it should properly fetch the data.
Also, please look into prepared statements or various other methods to sanitize inputs. Using POST variables directly in a query makes you extremely vulnerable to SQL Injection.
I'm trying to link a register page with my login page to allow new users to register an account to use on my application. I've linked the form up to my tbl_Users table on MySQL in which holds all the information that the users would input into this form. I've properly set everything up using queries and such and the form displays properly at the very least. However when I click submit, the page just refreshed with the fields now empty again and no new data within my table on the database. Where am I going wrong? (Extra-note: I'm still in the process of coding in the safety code to prevent sql-injections)
ConnectorCode.php
<?php
$conn = mysqli_connect("localhost", "b4014107", "Win1", "b4014107_db2") or die (mysqli_connect_error());
?>
Register.php
<?
error_reporting(E_ALL);
ini_set('display_errors', 1);
session_start();
include('ConnectorCode.php');
if(isset($_POST['submit'])) {
$FName = $_POST['First_Name'];
$LName = $_POST['Last_Name'];
$Email = $_POST['Email'];
$UName = $_POST['User_Name'];
$Password = $_POST['Password'];
$FName = mysqli_real_escape_string($conn, $FName);
$LName = mysqli_real_escape_string($conn, $LName);
$Email = mysqli_real_escape_string($conn, $Email);
$UName = mysqli_real_escape_string($conn, $UName);
$Password = mysqli_real_escape_string($conn, $Password);
$sql = "SELECT Email FROM tbl_Users WHERE Email='$Email'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
if(mysqli_num_rows($result) == 1)
{
echo "Sorry, the email you are trying to enter already exists";
}
else
{
$query = mysqli_query($conn, "INSERT INTO tbl_Users(First_Name, Last_Name, Email, User_Name, Password) VALUES ('$FName', '$LName', '$Email', '$UName', '$Password')");
if($query)
{
echo "Thank you for registering";
}
header('Location: Index.php');
}
}
?>
<!DOCTYPE HTML>
<head>
<title>Register</title>
</head>
<body>
<h1> Register Page </h1>
<p> Please fill in the form to register <p>
<form method="post" action="">
<fieldset>
First Name: <br />
<input name="First_Name" type="text" class="input" size="25" required /> <br /> <br />
Last Name: <br />
<input name="Last_Name" type="text" class="input" size="25" required /> <br /> <br />
Email: <br />
<input name="Email" type="email" class="input" size="25" required /> <br /> <br />
Username: <br />
<input name="User_Name" type="text" class="input" size"25" required /> <br /> <br />
Password: <br />
<input name="Password" type="password" class="input" size="25" required /> <br /> <br/>
<input type="submit" name="submit" value="Register!" />
</fieldset>
</form>
</body>
</html>
You do not meet the condition isset($_POST['VALUES']) because you don't have field with name="VALUES".
Change
if(isset($_POST['VALUES'])) {
to
if(isset($_POST['submit'])) {
You had a lot missing...
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
session_start();
require_once 'ConnectorCode.php';
if(isset($_POST['submit']))
{
$FName = mysqli_real_escape_string($conn, $_POST['First_Name']);
$LName = mysqli_real_escape_string($conn, $_POST['Last_Name']);
$Email = mysqli_real_escape_string($conn, $_POST['Email']);
$UName = mysqli_real_escape_string($conn, $_POST['User_Name']);
$Password = mysqli_real_escape_string($conn, $_POST['Password']); // why did you need to repeat this all twice?
$sql = "SELECT * FROM tbl_Users WHERE Email='$Email'"; // ? didn't understand why you was asking for the Email using the Email...
$result = $conn->query($sql);
if(count($result) == 0)
{
$insert_sql = "INSERT INTO tbl_Users (First_Name,Last_Name,Email,User_Name,Password) VALUES ('$FName','$LName','$Email','$UName','$Password')";
if($conn->query($insert_sql)) // You forgot to query this
{
echo "Thank you for registering";
header('Location: index.php'); // lowercase i
exit; // you forgot this
}
}
else
{
echo "Sorry, that email already exists!";
}
$conn->close(); // you forgot this
}
?>
Hope this helps...
I have the tables users and register in my database. I've created a login page which starts a session using the users table, then people fill out a form to insert data into the register table. I've used the following code to insert the data. My code doesn't have errors but the thing is it is not inserted to my table. Please help me. Thanks.
<?php
include("includes/db.php");
session_start();
if(!isset($_SESSION['user_name'])){
header("location: login.php");
}
else { ?>
<html>
<body>
<h2>New users Signup!</h2>
<form action="login.php" method="post">
<input type="text" name = "firstname" placeholder="Firstname"/>
<input type="text" name = "lastname" placeholder="Lastname"/>
<input type="text" name = "address" placeholder="Address"/>
<input type="text" name = "contact" placeholder="Contact"/>
<input type="text" name = "email" placeholder="Email Address"/>
<input type="password" name = "password" placeholder="Password"/>
<div class = "bttn">
<button type="submit" name = "submit" class="btn btn-default">Signup</button>
</div>
</form>
</body>
</html>
<?php
if(isset($_POST['submit']))
{
$users_firstname = $_POST['firstname'];
$users_lastname = $_POST['lastname'];
$users_address = $_POST['address'];
$users_contact = $_POST['contact'];
$users_email = $_POST['email'];
$users_password = $_POST['password'];
$users_date = date('Y-m-d');
if($users_firstname=='' or $users_lastname=='' or $users_address=='' or $users_contact=='' or $users_email=='' or $users_password=='')
{
echo "<script>alert('Any of the fields is empty')</script>";
exit();
} else {
$insert_query = mysql_query("insert into users (users_firstname,users_lastname,users_address,users_contact,users_email,users_password,users_date) values ('$users_firstname','$users_lastname','$users_address','$users_contact','$users_email','$users_password','$users_date')");
$users_id=mysql_insert_id();
if(mysql_query($insert_query)) {
echo "<script>alert('post published successfuly')</script>";
}
}
}
} ?>
Now try this code:
<?php
include("includes/db.php");
session_start();
if(!isset($_SESSION['user_name'])){
header("location: login.php");
}
else {
?>
<html>
<body>
<?php
if(isset($_POST['submit']))
{
$users_firstname = $_POST['firstname'];
$users_lastname = $_POST['lastname'];
$users_address = $_POST['address'];
$users_contact = $_POST['contact'];
$users_email = $_POST['email'];
$users_password = $_POST['password'];
$users_date = date('Y-m-d');
if($users_firstname=='' or $users_lastname=='' or $users_address=='' or $users_contact=='' or $users_email=='' or $users_password=='')
{
echo "<script>alert('Any of the fields is empty')</script>";
exit();
}
else
{
$insert_query = mysql_query("INSERT INTO `users` (users_firstname, users_lastname, users_address, users_contact, users_email, users_password, users_date) values ('$users_firstname', '$users_lastname', '$users_address', '$users_contact', '$users_email', '$users_password', '$users_date')");
$users_id=mysql_insert_id();
echo "<script>alert('post published successfuly')</script>";
}
}
?>
<h2>New users Signup!</h2>
<form action="" method="post">
<input type="text" name="firstname" placeholder="Firstname"/>
<input type="text" name="lastname" placeholder="Lastname"/>
<input type="text" name="address" placeholder="Address"/>
<input type="text" name="contact" placeholder="Contact"/>
<input type="text" name="email" placeholder="Email Address"/>
<input type="password" name="password" placeholder="Password"/>
<div class="bttn">
<button type="submit" name="submit" class="btn btn-default">Signup</button>
</div>
</form>
</body>
</html>
<?php } ?>
I have:
Repositioned your PHP code for inserting to be at the top of the form
changed <form action="login.php" to <form action="" because we are executing from the same page
Your query has already run so removed the if(mysql_query...
Removed the spaces in the form e.g. name = " nameofform" to name="nameofform"
I don't see any reason for having this $users_id=mysql_insert_id();, YOu should use auto-increment for the userID on your database
But since we don't know how you have connected to your database, because also that can be an issue: you can also try this way
<?php
//connect to DB
$hostname_localhost = "localhost"; //hostname if it is not localhost
$database_localhost = "databasename";
$username_localhost = "root"; //the username if it is not root
$password_localhost = "password_if_any"; //if no password leave empty
$localhost = mysql_pconnect($hostname_localhost, $username_localhost, $password_localhost) or trigger_error(mysql_error(),E_USER_ERROR);
?>
<?php
// include("includes/db.php");
if (!isset($_SESSION)) {
session_start();
}
if(!isset($_SESSION['user_name'])){
header("location: login.php");
}
else {
?>
<html>
<body>
<?php
if(isset($_POST['submit']))
{
$users_firstname = $_POST['firstname'];
$users_lastname = $_POST['lastname'];
$users_address = $_POST['address'];
$users_contact = $_POST['contact'];
$users_email = $_POST['email'];
$users_password = $_POST['password'];
$users_date = date('Y-m-d');
if($users_firstname=='' or $users_lastname=='' or $users_address=='' or $users_contact=='' or $users_email=='' or $users_password=='')
{
echo "<script>alert('Any of the fields is empty')</script>";
exit();
}
else
{
$insert_query = sprintf("INSERT INTO `users` (users_firstname, users_lastname, users_address, users_contact, users_email, users_password, users_date) values ('$users_firstname', '$users_lastname', '$users_address', '$users_contact', '$users_email', '$users_password', '$users_date')");
mysql_select_db($database_localhost, $localhost);
$Result = mysql_query($insert_query, $localhost) or die(mysql_error());
echo "<script>alert('post published successfuly')</script>";
}
}
?>
<h2>New users Signup!</h2>
<form action="" method="post">
<input type="text" name="firstname" placeholder="Firstname"/>
<input type="text" name="lastname" placeholder="Lastname"/>
<input type="text" name="address" placeholder="Address"/>
<input type="text" name="contact" placeholder="Contact"/>
<input type="text" name="email" placeholder="Email Address"/>
<input type="password" name="password" placeholder="Password"/>
<div class = "bttn">
<button type="submit" name="submit" class="btn btn-default">Signup</button>
</div>
</form>
</body>
</html>
<?php } ?>
You should removed the whitespaces in your html-code:
Wrong
<input type="text" name = "firstname" placeholder="Firstname"/>
^^^^^
Correct
<input type="text" name="firstname" placeholder="Firstname"/>
Do not put the variables in single quotes:
$insert_query = mysql_query("INSERT INTO users
(users_firstname,users_lastname,users_address,users_contact,users_email,users_password,users_date)
VALUES
($users_firstname,$users_lastname,$users_address,$users_contact,$users_email,$users_password,$users_date)");
Update: This was wrong. The whole string is in double-quotes so the OP did correct and my notice was wrong. For information-purposes i will let stand the link to the documentation here.
Note: Unlike the double-quoted and heredoc syntaxes, variables and escape sequences for special characters will not be expanded when they occur in single quoted strings.
Read more about single- and double-quotes in the PHP documentation.
Do not double-run the query/perform wrong function-call
$insert_query = mysql_query(".......");
........
if(mysql_query($insert_query)){
echo "<script>alert('post published successfuly')</script>";
}
You already have run the query in the first line. If you want to check if it was successful, you have to use if($insert_query) {}. The call mysql_query($insert_query) is wrong because mysql_query() returns a ressource instead of the sql-query.
Do not use mysql_*() function calls. You mysqli_*() instead.
Warning
This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
mysqli_query()
PDO::query()
Check your use of session.
You are checking the $_SESSION for user_name and if it is not set, you are redirecting via header("location: login.php").
The problem is, that you are never inserting the user_name into the session, so it will always be not set.
You can set the value via $_SESSION['user_name'] = $_POST['user_name']. Have in mind that you have to set the session before checking the session-value. ;-)
remove action
Try this
<form action="" method="post">