Actualy was trying to solve the problem for 3 day and now have no idea what to do.
Edit form doesn't work. I have no error messages.
There is no save data file because i only output from database.
And edit.php
<?php
include_once 'config.php';
if (isset($_POST['submit'])){
if (empty($_POST['username'])){
$errors = "Впишите ваше имя";
}elseif (empty($_POST['email'])){
$errors = "Впишите ваш email";
}elseif (empty($_POST['task'])){
$errors = "Впишите задание";
}elseif (empty($_FILES['image']['name'])){
$errors = "Вставьте картинку";
}else{
$id = $_GET['edit'];
$username = mysqli_real_escape_string($db,
trim($_POST['username']));
$email = mysqli_real_escape_string($db,
trim($_POST['email']));
$task = mysqli_real_escape_string($db,
trim($_POST['task']));
$image = mysqli_real_escape_string($db,
$_FILES['image']['name']);
$target = "uploads/".basename($_FILES['image']['name']);
$sql = "UPDATE `tasks` SET `username`='$username', `email`='$email',
`task`='$task', `image`='$image' WHERE `id`='$id'";
mysqli_query($db, $sql);
move_uploaded_file($_FILES['image']['tmp_name'], $target);
$home_url = 'http://' . $_SERVER['HTTP_HOST'];
header('Location:' . $home_url);
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>задачник</title>
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"
integrity="sha384-
BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u"
crossorigin="anonymous">
<link href="/css/style.css" rel="stylesheet">
</head>
<body>
<header>
<h3>Внесение изменений в запись</h3>
<a href="index.php" class="btn btn-default">На страницу
администратора</a>
</header>
<br>
<form method="POST" action="<?=$_SERVER['PHP_SELF'];?>" class="input_form"
enctype="multipart/form-data">
<input type="text" name="username" placeholder="Введите Имя"
class="username_input">
<input type="email" name="email" placeholder="Введите email"
class="email_input">
<br>
<br>
<input type="hidden" name="MAX_FILE_SIZE" value="300000" />
<input type="text" name="task" placeholder="Введите задание"
class="task_input">
<p>Сменить изображение</p>
<input type="file" name="image" multiple accept="image/png, image/jpeg,
image/gif">
<br>
<button type="submit" name="submit" id="add_btn">Изменить
запись</button>
</form>
I tried to var_dump($_GET('edit')); and i get the correct id of page that i want to edit, but after submit button i get redirected to index.php with no changes in db. var_dump($_POST['submit']); gives string(0), but save_task form from another folder for this proj works fine, giving string(0) after submit too.
Update query in edit.php file is not correct.
$sql = "UPDATE `tasks` SET `username`='$username', `email`='$email',`task`='$task', WHERE `id`='$id'";
Additional semicolon exists in update query before where clause.Remove it.
I think error is in $image value. debug yourself and find the error -
<?php
include_once 'config.php';
if (isset($_POST['submit'])){
echo 'form submitted? - okay <br/>';
if (empty($_POST['username'])){
$errors = "Впишите ваше имя";
}elseif (empty($_POST['email'])){
$errors = "Впишите ваш email";
}elseif (empty($_POST['task'])){
$errors = "Впишите задание";
}elseif (empty($_FILES['image']['name'])){
$errors = "Вставьте картинку";
}else{
echo 'form validated? - okay <br/>';
$id = $_GET['edit'];
$username = mysqli_real_escape_string($db,
trim($_POST['username']));
$email = mysqli_real_escape_string($db,
trim($_POST['email']));
$task = mysqli_real_escape_string($db,
trim($_POST['task']));
$image = mysqli_real_escape_string($db,
$_FILES['image']['name']);
//most probably error is here --- $_FILES['image']['name'] should gives you array!!! as you have used "multiple" in input
var_dump($_FILES, $_FILES['image'], $_FILES['image']['name']); //die('debug--');
$target = "uploads/".basename($_FILES['image']['name']);
$sql = "UPDATE `tasks` SET `username`='$username', `email`='$email',
`task`='$task', `image`='$image' WHERE `id`='$id'";
echo $sql.'<br/>' ; //copy this sql and run in phpmyadmin sql-console and check if there is any error
die('checking sql statement');
mysqli_query($db, $sql);
move_uploaded_file($_FILES['image']['tmp_name'], $target);
$home_url = 'http://' . $_SERVER['HTTP_HOST'];
//header('Location:' . $home_url);
}
}
?>
Check "action" attribute in form tag in edit.php file. action="<?=$_SERVER['PHP_SELF'];?>" .It should be action="/<?PHP echo basename($_SERVER['REQUEST_URI']); ?>".
PHP_SELF doesn't append get parameters.
Related
I can't get the users name to get updated or to deleted the user. Whatever i try doesn't work. When i click on the update button it just goes to the index page and nothing happens and the same happens when i click on the delete button too.
this is the codes i have on my server.php page:
<?php
session_start();
// initializing variables
$idmedlemmer = "";
$brukernavn = "";
$email = "";
$fornavn = "";
$etternavn = "";
$errors = array();
// connect to the database
$db = mysqli_connect("localhost", "root", "", "mymusic");
// Update User
if (isset($_POST['update'])) {
// receive all input values from the form
$brukernavn = mysqli_real_escape_string($db, $_POST['brukernavn']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($brukernavn)) { array_push($errors, "Feltet kan ikke være tomt"); }
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT brukernavn FROM medlemmer LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['brukernavn'] === $brukernavn) {
array_push($errors, "Brukernavn eksisterer allerede");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
mysqli_query($db, "UPDATE medlemmer SET brukernavn='$brukernavn' WHERE idmedlemmer=$idmedlemmer");
$_SESSION['message'] = "Brukernavnet har blitt oppdatert";
header('location: index.php');
}
}
// ...
// ...
// Delete User
if (isset($_GET['brukernavn']))
if (isset($_GET['slett'])) {
$query = sprintf("DELETE FROM medlemmer WHERE idmedlemmer='%s'");
mysqli_query($db, $query);
$_SESSION['brukernavn'] = $brukernavn;
$_SESSION['success'] = "Bruker har blitt slettet";
header('location: Login.php');
}
?>
And this is what i have on my update page:
<?php include('server.php')?>
<?php
if (isset($_GET['update'])) {
$brukernavn = $_GET['update'];
$record = mysqli_query($db, "SELECT * FROM medlemmer WHERE brukernavn=$brukernavn");
if (count($record) == 1 ) {
$n = mysqli_fetch_array($record);
$name = $n['brukernavn'];
}
}
?>
<html>
<head>
<title>Edit Data</title>
<link rel="stylesheet" type="text/css" href="stilark.css">
<meta charset="utf-8">
</head>
<body>
<form name="form1" method="post" action="index.php">
<table border="0">
<tr>
<td>Name</td>
<td><input type="text" name="brukernavn" value="<?php echo ($_SESSION['brukernavn']); ?>"></td>
</tr>
<tr>
<td><input type="hidden" name="idmedlemmer" value="<?php echo $idmedlemmer;?>"></td>
<td><input type="submit" name="update" value="update"></td>
</tr>
</table>
</form>
and this is what i have on my delete page:
<?php include('Server.php')?>
<!DOCTYPE html>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="stilark.css">
<head>
<title>Slett Bruker</title>
</head>
<body>
Tilbake
<br/><br/>
<form name="form1" method="post" action="index.php">
<table border="0">
<tr>
<td><input type="hidden" name="idmedlemmer" value="<?php echo $_GET['idmedlemmer'];?>"></td>
<td><input type="submit" name="slett" value="slett"></td>
Delete
</tr>
</table>
</body>
</html>
I have tried to check on youtube videoes and read many articles but i just cant seem to get anywhere so i am totaly stuck and appreciate all the help i can get. Hope that you can help me
I try to implement an sign in form based on webcam image, apparently, i don't errors in code, but information don't posted in database.
Here is my index with php code for insert information in database:
<?php
if (isset($_POST['desc'])) {
if (!isset($_POST['iscorrect']) || $_POST['iscorrect'] == "") {
echo "Sorry, important data to submit your question is missing. Please press back in your browser and try again and make sure you select a correct answer for the question.";
exit();
}
if (!isset($_POST['type']) || $_POST['type'] == "") {
echo "Sorry, there was an error parsing the form. Please press back in your browser and try again";
exit();
}
require_once("scripts/connect_db.php");
$name = $_POST['name'];
$email = $_POST['email'];
$name = mysqli_real_escape_string($connection, $name);
$name = strip_tags($name);
$email = mysqli_real_escape_string($connection, $email);
$email = strip_tags($email);
if (isset($_FILES['image'])) {
$name = $_FILES['image']['tmp_name'];
$image = base64_encode(
file_get_contents(
$_FILES['image']['tmp_name']
)
);
}
$sql = mysqli_query($connection, "INSERT INTO users (name,email,image) VALUES ('$name', '$email','$image')")or die(mysqli_error($connection));
header('location: index.php?msg=' . $msg . '');
$msg = 'merge';
}
?>
<?php
$msg = "";
if (isset($_GET['msg'])) {
$msg = $_GET['msg'];
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Licenta Ionut</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="application/x-javascript"> addEventListener("load", function() { setTimeout(hideURLbar, 0); }, false); function hideURLbar(){ window.scrollTo(0,1); } </script>
<!-- font files -->
<link href='//fonts.googleapis.com/css?family=Muli:400,300' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Nunito:400,300,700' rel='stylesheet' type='text/css'>
<!-- /font files -->
<!-- css files -->
<link href="css/style.css" rel='stylesheet' type='text/css' media="all" />
<link href="web.js" rel='stylesheet' type='text/css' media="all" />
<script type="text/javascript" src="web.js"></script>
<!-- /css files -->
</head>
<body>
<p style="color:#06F;"><?php echo $msg; ?></p>
<h1>LogIn with Webcam Password</h1>
<div class="log">
<div class="content1">
<h2>Sign In Form</h2>
<form>
<input type="text" name="userid" value="USERNAME" onfocus="this.value = '';" onblur="if (this.value == '') {
this.value = 'USERNAME';
}">
<input type="password" name="psw" value="PASSWORD" onfocus="this.value = '';" onblur="if (this.value == '') {
this.value = 'PASSWORD';}">
<div class="button-row">
<input type="submit" class="sign-in" value="Sign In">
<input type="reset" class="reset" value="Reset">
<div class="clear"></div>
</div>
</form>
</div>
<div class="content2">
<h2>Register</h2>
<form action="index.php", name="index.php" method="post" enctype="multipart/form-data">
<input type="text" id="name" name="name" value="Nume">
<input type="text" id="email" name="email" value="EmailAdress">
<br>
<script type="text/javascript" src="webcam.js"></script>
<script language="JavaScript">
document.write(webcam.get_html(320, 240));
</script>
<div class="button-row">
<input class="sign-in" type=button value="Configure" onClick="webcam.configure()" class="shiva">
<input class="reset" type="submit" value="Register" id="image" onClick="take_snapshot()" class="shiva">
</div>
</form>
</div>
<div class="clear"></div>
</div>
</body>
</html>
And here is the script for connection to database:
<?php
$db_host = "localhost";
// Place the username for the MySQL database here
$db_username = "Ionut";
// Place the password for the MySQL database here
$db_pass = "1993";
// Place the name for the MySQL database here
$db_name = "users";
// Run the connection here
$connection=mysqli_connect("$db_host","$db_username","$db_pass") or die (mysqli_connect_error());
mysqli_select_db($connection,"$db_name") or die ("no database");
?>
I don't find error in code and i need your advice/help!
Thank you for interest about my problem!
To solve a problem like this, break the problem into parts.
(1) First, what is the PHP file receiving? At the top of the PHP file, insert:
<?php
echo '<pre>';
print_r($_POST);
echo '</pre>';
die('-----------------------------------');
(2) If that doesn't reveal the problem, next step is to duplicate the PHP file and in the second copy, HARD CODE the information you will be submitting at the top (replacing the PHP data that would normally be submitted):
<?php
$_POST['desc'] = 'TEST - Description';
$_POST['iscorrect'] = 'what it should be';
$_POST['type'] = 'TEST - Type';
etc
Then, run that modified file and see if the data is submitted.
(3) If that doesn't reveal the problem, keep working with the duplicate PHP file and add echo statements at various places to see where the file is breaking. For example:
$name = $_POST['name'];
$email = $_POST['email'];
$name = mysqli_real_escape_string($connection, $name);
echo 'HERE 01';
$name = strip_tags($name);
$email = mysqli_real_escape_string($connection, $email);
$email = strip_tags($email);
echo 'HERE 02';
if (isset($_FILES['image'])) {
$name = $_FILES['image']['tmp_name'];
$image = base64_encode(
file_get_contents(
$_FILES['image']['tmp_name']
)
);
}
echo 'HERE 03';
$sql = mysqli_query($connection, "INSERT INTO users (name,email,image) VALUES ('$name', '$email','$image')")or die(mysqli_error($connection));
echo 'HERE 04: $sql = ' .$sql;
This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 7 years ago.
My header location doesn't works, in my wampserver it works, when I put it in my server, it doesn't, any Ideas?
If I put a echo instead of the header, it works fine.
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="css/login.css" />
</head>
<body>
<?php
require('db.php');
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysqli_real_escape_string($connection, $username);
$password = stripslashes($password);
$password = mysqli_real_escape_string($connection, $password);
$query = "SELECT * FROM `users` WHERE username='$username' and password='$password'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_num_rows( $result);
if($rows==1){
$_SESSION['username'] = $username;
header("Location: welkom.php");
}else{
echo "<div id='cancel'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='index.php'>try again</a></div>";
}
}else{
?>
<div id="login">
<div id="triangle"></div>
<h1>Log in</h1>
<form action="" method="POST" name="login">
<input type="text" name="username" placeholder="Username" required />
<input type="password" name="password" placeholder="Password" required />
<input name="submit" type="submit" value="login" />
</form>
</div>
<?php } ?>
</body>
</html>
If anything, make sure there is no output whatsoever before or after the location header and put a die() after it.... Your sessions_start() should also not work, because you already have output before the statement...
So your session start and your location header should preceed the HTML.
Take a look at what I changed:
<?php
require('db.php');
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysqli_real_escape_string($connection, $username);
$password = stripslashes($password);
$password = mysqli_real_escape_string($connection, $password);
$query = "SELECT * FROM `users` WHERE username='$username' and password='$password'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_num_rows( $result);
if($rows==1){
$_SESSION['username'] = $username;
header("Location: welkom.php");
die();
}
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="css/login.css" />
</head>
<body>
<?php
if($rows!=1){
echo "<div id='cancel'><h3>Username/password is incorrect.</h3><br />Click here to <a href='index.php'>try again</a></div>";
}else{
?>
<div id="login">
<div id="triangle"></div>
<h1>Log in</h1>
<form action="" method="POST" name="login">
<input type="text" name="username" placeholder="Username" required />
<input type="password" name="password" placeholder="Password" required />
<input name="submit" type="submit" value="login" />
</form>
</div>
<?php } ?>
</body>
</html>
You can't use header("Location: welkom.php"); where you are because headers have already been sent.
Either load all of the HTML in the page before that into a variable and then echo it once your code has come to that condition, or turn on Output Buffering.
Alternatively, re-order your code to check this condition and redirect before you send anything to the browser.
Remove this :
header("Location: welkom.php");
And try this :
echo '<script>window.location.href = "welkom.php";</script>' ;
Use full url in header location from i.e. header("Location: httP://yoursite.com/welkom.php");
that will work.
Can anyone see the error in this code as the code is only giving me back :
the name does not exist
It was all working fine now it does not.
If anyone can spot it please and correct me as I am still new to this.
<?php
// see if the form has been completed
include_once("php_includes/check_login_status.php");
include_once("php_includes/db_conx.php");
// Initialize any variables that the page might echo
$username = "";
$firstname = "";
$surname = "";
$gender = "Male";
$country = "";
$weight = "";
$height = "";
if(isset($_GET["u"])){
$username = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
}
$sql = "SELECT * FROM users WHERE username='$username' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// check if the user exists in the database
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$username = $row ["username"];
$firstname = $row["firstname"];
$surname = $row["surname"];
$weight = $row["weight"];
$height = $row["height"];
$email = $row["email"];
$gender = $row ["gender"];
}
if (isset($_POST['submit'])){
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$weight = $_POST['weight'];
$height = $_POST['height'];
$email = $_POST['email'];
$gender = $_POST['gender'];
mysql_connect ("host","****","*****"); mysql_select_db('db_k1003140');
// check if that user exist
$exists = mysql_query ("SELECT * FROM users WHERE firstname='" . $username . "'") or die ("query cant connect");
if (mysql_num_rows ($exists) != 0) {
// update the description in the database
mysql_query("UPDATE users SET firstname='$firstname', surname='$surname', weight='$weight', height='$height' WHERE username='$username'") or die ("update could not be applied");
echo "successful";
} else echo "the name does not exist";
}
?>
Here is the HTML :
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Profile Update: <?php echo $u; ?></title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" type="text/css" href="style.css">
<script src="js/main.js"></script>
<script src="js/javascript.js"></script>
<script src="js/ajax.js"></script>
<style type="text/css">
#updateform{
margin-top:24px;
}
#updateform > div {
margin-top: 12px;
}
#updateform > input {
width: 200px;
padding: 3px;
background: #F3F9DD;
}
</style>
</head>
<body>
<?php include_once("template_pageTop.php"); ?>
<div id="pageMiddle">
<div id="usernamecss"> Username: <?php echo $username; ?></div>
<form action="update.php" method="POST" id="updateform">
<div>
<div>First Name: </div>
<input id="firstname" type="text" name="firstname" value="<?php echo $firstname?>" maxlength="16">
<div>Surname: </div>
<input id="surname" type="text" name="surname" value="<?php echo $surname?>" maxlength="16">
<div>Weight: </div>
<input id="weight" type="text" name="weight" value="<?php echo $weight?>" >
<div>Height: </div>
<input id="height" type="text" name="height" value="<?php echo $height?>" >
<p> <input type="submit" name="submit" id="submit" value="Update Description"></p>
Go to Profile
</div>
</form>
</div>
<?php include_once("template_pageBottom.php"); ?>
</body>
</html>
Just a guess you comparing username field with firstname,
SELECT * FROM users WHERE firstname='" . $username . "'";
While it needs to be,
SELECT * FROM users WHERE username='" . $username . "'";
Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
I have a separate file called checklog.php which contains my session details
<?php
session_start();
if (!isset($_SESSION['logged'])){
$_SESSION = array();
header('location: login.php');
}
?>
and my main upload page where recipes are being uploaded to the database i'm trying to post the user id into the db but to no avail
<?php
require_once ("checklog.php");
require_once ("function.php");
include_once ("home_start_logged.php");
require_once ("db_connect.php");
//get form data//
$_SESSION['userid']== $_POST['userid'];
$upload = trim($_POST['Upload']);
$mealname = trim($_POST['mealname']);
$ingredients = trim($_POST['ingredients']);
$hours = trim($_POST['hours']);
$minutes = trim($_POST['minutes']);
$recipe = trim($_POST['recipe']);
echo $_SESSION['userid'];
if(trim($_POST['Submit']) =="Upload"){
if($db_server){
//clean the input now we have a db connection//
$mealname = clean_string($db_server, $mealname);
$ingredients = clean_string($db_server, $ingredients);
$hour = clean_string($db_server, $hour);
$minutes = clean_string($db_server, $minutes);
$recipe = clean_string($db_server, $recipe);
$ingredients = clean_string($db_server, $ingredients);
$image = clean_string($db_server,$image);
mysqli_select_db($db_server, $db_database) ;
//check whether the recipe exists//
$query= "SELECT mealname FROM `recipename` WHERE mealname='$mealname'";
$result = mysqli_query($db_server, $query);
if ($row = mysqli_fetch_array($result)){
$message = "Meal already exists. Please try again.";
}else{
//upload recipe to database//
$query = "INSERT INTO `recipename` (
mealname, ingredients, hours, minutes, recipe,
imagepath, userID) VALUES ('$mealname',
'$ingredients','$hours','$minutes','$recipe',
'$image','" . $_SESSION['userid'] . "')";
echo query;
mysqli_query($db_server, $query) or
die("Insert failed. ". mysqli_error($db_server));
}
my form looks like this:
<form method="post" action="upload.php" enctype="multipart/form-data">
<li>
Meal Name
<input type="text" name="mealname" />
</li>
<li>
Ingredients
<input type="text" name="ingredients" />
</li>
<li>
Cooking Time
<input type="number" name="hours" placeholder="Hours" />
<input type="number" name="minutes" placeholder="Minutes" />
</li>
<li>
Recipe
<input type="text" name="recipe"/>
</li>
<li>
Have you got a photo?
<input type="file" name="image" id="image" size="10"/>
</li>
<input type="submit" id="submit" name="Submit" value="Upload" />
</form>
this is my login form where I define $_SESSION
<?php
require_once ("function.php");
//get form data//
$username = trim($_POST['username']);
$password = trim($_POST['password']);
//start session//
if ($username&&$password) {
session_start();
require_once("db_connect.php");
//clean the input now we have a db connection//
$username = clean_string($db_server, $username);
$password = clean_string($db_server, $password);
$repeatpassword = clean_string($db_server, $repeatpassword) ;
mysqli_select_db($db_server, $db_database) ;
//check whether the username exists//
$query="SELECT * FROM Users WHERE Username='$username'";
$result=mysqli_query($db_server, $query) ;
if ($row = mysqli_fetch_array($result)){
$db_username = $row['Username'];
$db_password = $row['Password'];
$db_id = $row['userid'];
if ($username==$db_username&&salt($password)==$db_password){
$_SESSION['username']=$username;
$_SESSION['userid']=$db_id;
$_SESSION['logged']="logged";
header ('Location: phpdatabase.php');
}else{
$message = "<h1>Incorrect Password!</h1>";
}
}else{
$message = "<h1>That user does not exist!</h1>" .
"Please <a href='login.php'>try again</a>";
}
mysqli_free_result($result);
require_once ("db_close.php");
}else{
$message = "<h1>Please enter a valid username/password</h1>";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Fud.</title>
<link rel="stylesheet" type="text/css" href="site.css" />
</head>
<h1>Login</h1>
<form action='login.php' method='post'>
Username:<input type='text' name='username'><br />
Password: <input type='password' name='password'><br />
<input type='submit' name='submit' value='Login' />
<input name='reset' type='reset' value='reset' />
<h4><a href='register.php'>Register</a></h4>
</form>
<?php echo $message; ?>
Nothing appears in your form named userid so when you set :
$_SESSION['userid']= $_POST['userid'];
$_POST['userid'] is empty, maybe somewhere else you have the user id set in $_SESSION already, if that is the case you don't need to set anything new, just use that.
No session_start(); in your second file.
To access the Session global you need to start the session.
use
$_SESSION['userid']= $_POST['userid'];
not
$_SESSION['userid']== $_POST['userid'];
You are saving value from $_POST array to $_SESSION but there is no such element as $_POST['userid'] in your requesting form.
Solution: It will be best to authenticate user by logging him/her in first. Once the user is logged in you can save userid in your session which will be accessible in every page throughout your session.
Assuming your login form has a text field name userid. Put this in your login check file after starting your session and validating user.
$_SESSION['userid'] = $_POST['userid'];
Now in your page where you are inserting data into database remove line saying
$_SESSION['userid'] = $_POST['userid'];