In my project I am trying to generate a QR code with an image in it based on stored blobs (1 Qr code + 1 logo) in my SQL table.
I have thw following code but can't seem to store the new image into my table.
Any help is appreciated.
<?php
//for connection
$sName = "localhost";
$sUser = "Username";
$sPass = "Password";
$sDb = "Database";
$Conn = new mysqli ($sName, $sUser, $sPass, $sDb);
//variables i pass from another app
$Email = mysqli_real_escape_string($Conn, $_POST["PassEmail"]);
$qContent = addslashes(file_get_contents($_FILES["file"]["tmp_name"]));
$qOverlay = addslashes (file_get_contents($_FILES["overlay"]["tmp_name"]));
$Sql = "SELECT * FROM `userprofile_login` INNER JOIN `userprofile_personalprofile` ON userprofile_login.userid = userprofile_personalprofile.userid WHERE userprofile_login.email = '".$Email."' ";
$Result = mysqli_query($Conn, $Sql);
if (mysqli_num_rows ($Result) > 0) {
$Row = mysqli_fetch_assoc ($Result);
$qCheckSql = "SELECT `userid` FROM `userprofile_qr` WHERE userid = '".$Row['userid']."' ";
$qCheckResult = mysqli_query($Conn, $qCheckSql);
$Row2 = mysqli_fetch_assoc($qCheckResult);
if (mysqli_num_rows ($qCheckResult) < 1) {
//if there 0 result from previous query, insert new data
$InsertSql = "INSERT INTO `userprofile_qr` (`userid`, `qrcode`, `overlay`)
VALUES ('".$Row['userid']."', '$qContent', '$qOverlay')";
$InsertResult = mysqli_query($Conn, $InsertSql);
} else {
//is there ia a result from the previous query, update data
$UpdateSql = "UPDATE `userprofile_qr` SET
`qrcode` = '$qContent',
`overlay` = '$qOverlay'
WHERE userid = '".$Row2['userid']."' ";
$UpdateResult = mysqli_query($Conn, $UpdateSql);
}
The first part works, the problem is the bottom part where I want to combine the QR code and the logo:
$qSql = "SELECT `qrcode`, `overlay` FROM `userprofile_qr` WHERE userid = '".$Row2['userid']."' ";
$qSelect = mysqli_query($Conn, $qSql);
include 'phpqrcode/qrlib.php';
$qRow = mysqli_fetch_assoc($qSelect);
$tImage = "<img src='data:image/png;base64,".base64_encode($qRow['qrcode'])."'/>";
$tOverlay = "<img src='data:image/png;base64,".base64_encode($qRow['overlay'])."'/>";
header("Content-type: image/png");
$aQr = imagecreatefromjpeg($tImage);
$QrWidth = imagesx($aQr);
$QrHeight = imagesy($aQr);
$aOverlay = imagecreatefrompng($tOverlay);
$OverlayWidth = imagesx($aOverlay);
$OverlayHeight = imagesy($aOverlay);
$OverlayQrWidth = $QrWidth / 3;
$OverlayQrHeight = $OverlayHeight / ($OverlayWidth / $OverlayQrWidth);
imagecopyresampled($aQr, $aOverlay, $OverlayQrWidth, $OverlayQrHeight, 0, 0, $OverlayQrWidth, $OverlayQrHeight, $OverlayWidth, $OverlayHeight);
imagepng($aQr);
$oImage = "<img src='data:image/png;base64,".base64_encode($aQr)."'/>";
$UpdateCombineSql = "UPDATE `userprofile_qr` SET
`combine` = '$oImage'
WHERE userid = '".$Row2['userid']."' ";
$CombineResult = mysqli_query($Conn, $UpdateCombineSql);
echo "Success";
}
?>
Related
This is for a quiz application.
This is my comparison where $number is the question number and will increase every time the user submits an answer and we will assume $totalquestions = 3 for now as the category has only 3 questions.
I've echoed both values to make sure they are what I expect them to be and done var_dump($number == $totalQuestions); which returns true when $number = 3 but does not execute my code to redirect to the finish page once all questions are done and I have no clue why.
Any help would be great as I've been staring at this problem for hours!
<?php include('server.php'); ?>
<?php
if(!isset($_SESSION['geoScore'])){
$_SESSION['geoScore'] = 0;
}
//Get quiz category
$activeCategoryID = (int) $_GET['c'];
$query = "SELECT * FROM `category` WHERE CategoryID = $activeCategoryID";
$result = mysqli_query($db, $query);
$categoryName = mysqli_fetch_assoc($result);
echo $categoryName['CategoryName'];
//Get question number
$number = (int) $_GET['n'];
$query = "SELECT * FROM `questions` WHERE QuestionID = $number AND CategoryID = $activeCategoryID";
$result = mysqli_query($db, $query);
$question = mysqli_fetch_assoc($result);
//Get choices for question
$query = "SELECT * FROM `answers` WHERE QuestionID = $number";
$choices = mysqli_query($db, $query);
//Get total questions for category
$query = "SELECT * FROM `questions` WHERE CategoryID = $activeCategoryID";
$result = mysqli_query($db, $query);
$totalQuestions = mysqli_num_rows($result);
echo $totalQuestions;
echo $number;
var_dump($number == $totalQuestions); // returns true because values are equal
$result = mysqli_query($db, $query);
$row = mysqli_fetch_assoc($result);
$correctChoice = $row['AnswerID'];
echo $correctChoice;
if($_SERVER["REQUEST_METHOD"] == "POST"){
$number = $_POST['number'];
$selectedChoice = $_POST['choice'];
$next = $number+1;
$activeCategory = $_POST['activeCategoryID'];
$query = "SELECT * FROM `questions` WHERE CategoryID = activeCategoryID";
$result = mysqli_query($db, $query);
$totalQuestions = mysqli_num_rows($result);
//Get correct choice
$query = "SELECT * FROM `answers` WHERE QuestionID = $number AND Correct = 1";
$result = mysqli_query($db, $query);
$row = mysqli_fetch_assoc($result);
$correctChoice = $row['AnswerID'];
if($correctChoice == $selectedChoice){
$_SESSION['geoScore']++;
}
//Check to see if questions have finished
if($number == $totalQuestions){
header("Location: finish.php");
}else{
header("Location: geoQuiz.php?n=".$next."&c=".$activeCategory);
}
}
?>
EDIT: Previous working version that did not dynamically get the quiz category
<?php
if(!isset($_SESSION['geoScore'])){
$_SESSION['geoScore'] = 0;
}
//Get question number
$number = (int) $_GET['n'];
$query = "SELECT * FROM `questions` WHERE QuestionID = $number AND CategoryID = 1";
$result = mysqli_query($db, $query);
$question = mysqli_fetch_assoc($result);
//Get choices for question
$query = "SELECT * FROM `answers` WHERE QuestionID = $number";
$choices = mysqli_query($db, $query);
//Get total questions for category
$query = "SELECT * FROM `questions` WHERE CategoryID = 1";
$result = mysqli_query($db, $query);
$totalQuestions = mysqli_num_rows($result);
if($_SERVER["REQUEST_METHOD"] == "POST"){
$number = $_POST['number'];
$selectedChoice = $_POST['choice'];
$next = $number+1;
$_SESSION['activeCategory'] = "Geography";
$query = "SELECT * FROM `questions` WHERE CategoryID = 1";
$result = mysqli_query($db, $query);
$totalQuestions = mysqli_num_rows($result);
//Get correct choice
$query = "SELECT * FROM `answers` WHERE QuestionID = $number AND Correct = 1";
$result = mysqli_query($db, $query);
$row = mysqli_fetch_assoc($result);
$correctChoice = $row['AnswerID'];
echo $correctChoice;
echo $selectedChoice;
if($correctChoice == $selectedChoice){
$_SESSION['geoScore']++;
}
echo $geoScore;
//Check to see if questions have finished
if($number == $totalQuestions){
header("Location: finish.php");
}else{
header("Location: geoQuiz.php?n=".$next);
}
}
?>
The above code was my previous version which worked but I would needed to have had multiple php pages for each quiz category so I tried to change this to take the category using $_GET[] in the link from index page and it seems to all work apart from when the questions are finished and to head to finish.php
I'm trying to create a sign up form, it was working fine until I tried to add md5 to the password field set, I'm not sure why the Query failed. Any help would be much appreciated.
function sign_up(){
if(isset($_POST['register'])){
$c_email = escape_string($_POST['c_email']);
$c_name_first = escape_string($_POST['c_name_first']);
$c_name_last = escape_string($_POST['c_name_last']);
$c_pass = escape_string($_POST['c_pass']);
$c_image = escape_string($_FILES['c_image']['name']);
$c_image_tmp = escape_string($_FILES['c_image']['tmp_name']);
$c_address = escape_string($_POST['c_address']);
$c_address_details = escape_string($_POST['c_address_details']);
$c_city = escape_string($_POST['c_city']);
$c_state = escape_string($_POST['c_state']);
$c_zip = escape_string($_POST['c_zip']);
$c_contact = escape_string($_POST['c_phone']);
move_uploaded_file($c_image_tmp, "customer/customer_images/$c_image");
$query = query("SELECT customer_id FROM customers WHERE customer_email = '{$c_email}'");
confirm($query);
if(mysqli_num_rows($query) > 0){
set_message("This email or username is taken");
}else {
$insert_c = query("INSERT INTO customers (customer_firstname,customer_lastname,customer_address,c_addr_details,customer_email,customer_pass,customer_state,customer_city,customer_zip,customer_phone,customer_image) VALUES ('$c_name_first','$c_name_last','$c_address','$c_address_details','$c_email','$c_pass','$c_state','$c_city','$c_zip','$c_contact','$c_image')");
confirm($insert_c);
}
$query = "UPDATE user SET 'customer_pass' = '".md5(md5(last_id()).$c_pass)."' WHERE 'customer_id' = '".last_id()."'";
$send_update_query = query($query);
confirm($send_update_query);
set_message_success("Sign up successful!");
}
}
Try
$query = 'UPDATE user SET customer_pass = '.md5(md5(last_id()).$c_pass).' WHERE customer_id = '.last_id();
Check you string when you use " or '
I am trying to only allow a submission via the form only if a party_id exists in a table using empty, here is my code at the moment it is still allowing everything through even if there is no party_id.
Any help would be great.
if($_SERVER["REQUEST_METHOD"]== "POST") {
$party_id = (int)$_POST["partyid"];
$name = $_POST["name"];
$date = $_POST["date"];
$length = (int)$_POST["length"];
$sql = "SELECT * FROM `party` WHERE `party_id`='" . $party_id . "'";
$res = mysqli_query($link, $sql);
if(empty($party_id)) { #Were any records found?
print '<p>No Parties with that ID found! please press the back button to select another party</p>';
} else {
$record = mysqli_fetch_assoc($res);
$party_name = $record["party_name"];
$price = $record["price"];
$cost = $price * $length;
$bookable = true;
$sql2 = "SELECT * FROM `reservations`" or die("Unable to connect to database");
A simpler way might be to just check if the query returned any results like this.
if($_SERVER["REQUEST_METHOD"]== "POST") {
$party_id = (int)$_POST["partyid"];
$name = $_POST["name"];
$date = $_POST["date"];
$length = (int)$_POST["length"];
$sql = "SELECT * FROM `party` WHERE `party_id`='$party_id'";
$res = mysqli_query($link, $sql);
if ( mysqli_num_rows($res ) == 0 ) {
print '<p>No Parties with that ID found! please press the back button to select another party</p>';
} else {
$record = mysqli_fetch_assoc($res);
$party_name = $record["party_name"];
$price = $record["price"];
$cost = $price * $length;
$bookable = true;
$sql2 = "SELECT * FROM `reservations`" or die("Unable to connect to database");
Here I have a php code that connects to a database, selects a row by id and creates an associative array from this row using a while loop. Do I have to write this code over and over again to create arrays from other rows by id? Maybe there is a chance to simplify this php code somehow? Please look at my code. BTW I am new in php...
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$db = '_erica';
$conn = new mysqli($dbhost, $dbuser, $dbpass,$db);
$sql1 = "SELECT * FROM pics WHERE id = 1;";
$sql2 = "SELECT * FROM pics WHERE id = 2;";
$sql3 = "SELECT * FROM pics WHERE id = 3;";
$sql4 = "SELECT * FROM pics WHERE id = 4;";
$sql5 = "SELECT * FROM pics WHERE id = 5;";
$sql6 = "SELECT * FROM pics WHERE id = 6;";
$result1 = $conn->query($sql1);
$result2 = $conn->query($sql2);
$result3 = $conn->query($sql3);
$result4 = $conn->query($sql4);
$result5 = $conn->query($sql5);
$result6 = $conn->query($sql6);
while($row1 = $result1->fetch_assoc()) {
$bcgrnd = $row1["link"];
}
while($row2 = $result2->fetch_assoc()) {
$recipes = $row2["link"];
}
while($row3 = $result3->fetch_assoc()) {
$header = $row3["link"];
}
while($row4 = $result4->fetch_assoc()) {
$menu = $row4["link"];
}
while($row5 = $result5->fetch_assoc()) {
$beauty = $row5["link"];
}
while($row6 = $result6->fetch_assoc()) {
$kids = $row6["link"];
}
?>
You can do this in one query:
$sql = "SELECT * FROM pics WHERE id IN (1,2,3,4,5,6);";
$result = $conn->query($sql);
And then you can loop over all results like this:
$data = array();
while ($row = $result->fetch_assoc()) {
$id = $row["id"];
$link = $row["link"];
$data[$id]["link"] = $link;
// add more fields if you want
}
To access for example the link of ID 1, just do:
$data[1]["link"];
You can write one or two simple functions for this. Moreover, please note that your code is vulnerable to SQL Injection. Here is an example how you can achieve this with some simple functions:
<?php
function DB() {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$db = '_erica';
return new mysqli($dbhost, $dbuser, $dbpass,$db);
}
function query($id) {
$query = "SELECT * FROM `pics` WHERE `id` = $id";
return DB()->query($query);
}
$result = query(1); // will fetch records for ID 1
while($row = $result->fetch_assoc()) {
$bcgrnd = $row["link"];
}
$result = query(2); // will fetch records for ID 2
while($row = $result->fetch_assoc()) {
$bcgrnd = $row["link"];
}
?>
By adapting this approach, you can fetch data for a specific ID. If you don't like this solution, consider using MySQL IN clause.
Try this.
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$db = '_erica';
$conn = new mysqli($dbhost, $dbuser, $dbpass,$db);
$sql = "SELECT * FROM pics WHERE id IN (1,2,3,4,5,6);";
$result = $conn->query($sql);
while($row = $result->fetch_assoc()) {
$bcgrnd[$row["id"]][] = $row["link"];
}
?>
Why not try a Query and Limit it to 6 results, it takes up less resources just pulling 6 results:
SELECT * FROM `pics` ORDER BY `[PRIMARY KEY]` LIMIT 6
MySQL in() function finds a match in the given arguments, you can use it
select pics where id IN(1,2,3,4,5,6)
I'm currently making a simple script that takes a user input named comments and putting it in a database. Every time I use the same email, I want it to overwrite their last entry. However, it keeps putting a new entry every time. Here is my code:
if($comments){
try{
echo "<img width=\"245\" height=\"130\" src=\"logo.png\"/><br/>";
echo "<h1>Thank you. You should receive your order on xx-xx-xx</h1>";
$TF = "TRUE";
if($numrows == 0){
$postquery = "INSERT INTO TTT25 (email,card,changes,comments) VALUES ('$email','$businesscard','$TF','$comments')";
$querythepost = sqlsrv_query($conn, $postquery);
}
else{
$postquery = "UPDATE TTT25 SET changes = '$TF', comments = '$comments' WHERE email = '$email'";
$querythepost = sqlsrv_query($conn, $postquery);
}
}
catch(Exception $e){}
}
elseif($optout=="false"){
echo "<img width=\"245\" height=\"130\" src=\"logo.png\"/><br/>";
echo "<h1>Thank you. You should receive your order on xx-xx-xx</h1>";
$TF = "FALSE";
$comments = "";
if($numrows == 0){
$postquery = "INSERT INTO TTT25 (email,card,changes,comments) VALUES ('$email','$businesscard','$TF','$comments')";
$querythepost = sqlsrv_query($conn, $postquery);
}
else{
$postquery = "UPDATE TTT25 SET changes = '$TF', comments = '$comments' WHERE email = '$email'";
$querythepost = sqlsrv_query($conn, $postquery);
}
}
Sorry it must have cut off:
my num rows and other variables defined before the conditional statements:
$optout = $_GET['opt'];
$encodedemail = $_GET['email'];
$email = base64_decode($encodedemail);
$originalcard = base64_decode($_GET['card']);
$businesscard = $originalcard;
$comments = $_POST['comments'];
//$primary = md5(uniqid(rand (), true)); no longer needed
$postquery;
$TF;
$sqlmatch = sqlsrv_query("SELECT * FROM TTT25 WHERE email = '".$email."'");
$numrows = sqlsrv_num_rows($sqlmatch);
echo $numrows;