i'm very new to PHP so i apologize if this is a simple fix but i'm experiencing a weird issue. I've created a website that uses facebook authentication. once they login, their information gets stored in a database I've created. i then created some functions that display the users facebook image and name on the profile page of my website. problem is sometimes it shows, and other times i receive this error. "notice: undefined index: fbid in /PATH/ on line 132". Here is the code.
<div id="userInfo" class="userInfo">
<h1> <?php
$dbHost = "localhost";
$dbUsername = "root";
$dbPassword = "root";
$dbName = "facebooklogin";
$conn = new mysqli($dbHost, $dbUsername, $dbPassword, $dbName);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT first_name, last_name, picture FROM users WHERE
oauth_uid = '".$_SESSION['fbid']."'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo " ". $row["first_name"]." ". $row["last_name"]."";
}
} else {
echo "0 results";
}
$conn->close();
?></h1>
userData.php
<?php
session_start();
include 'dbConfig.php';
$userData = json_decode($_POST['userData']);
if(!empty($userData)){
$oauth_provider = $_POST['oauth_provider'];
$_SESSION['fbid'] = $userData->id;
var_dump($_SESSION);
$prevQuery = "SELECT * FROM users WHERE oauth_provider =
'".$oauth_provider."' AND oauth_uid = '".$userData->id."'";
$prevResult = $db->query($prevQuery);
if($prevResult->num_rows > 0){
$query = "UPDATE users SET first_name = '".$userData-
>first_name."', last_name = '".$userData->last_name."', email =
'".$userData->email."', gender = '".$userData->gender."', locale =
'".$userData->locale."', picture = '".$userData->picture->data->url."',
link = '".$userData->link."', modified = '".date("Y-m-d H:i:s")."'
WHERE oauth_provider = '".$oauth_provider."' AND oauth_uid =
'".$userData->id."'";
$update = $db->query($query);
}else{
$query = "INSERT INTO users SET oauth_provider =
'".$oauth_provider."', oauth_uid = '".$userData->id."', first_name =
'".$userData->first_name."', last_name = '".$userData->last_name."',
email = '".$userData->email."', gender = '".$userData->gender."',
locale = '".$userData->locale."', picture = '".$userData->picture-
>data->url."', link = '".$userData->link."', created = '".date("Y-m-d
H:i:s")."', modified = '".date("Y-m-d H:i:s")."'";
$insert = $db->query($query);
}
}
?>
It seems that you don't have the variable set when you use it in the query.
Check it before the query, like:
if (isset($_SESSION['fbid'])) {
$sql = "SELECT first_name, last_name, picture FROM users WHERE
oauth_uid = '".$_SESSION['fbid']."'";
$result = $conn->query($sql); } else {
// not logged in
}
To check the values of $_SESSION, just do a var_dump($_SESSION) and you can see what is set.
Related
I'm coding an admin page where I keep track of users/visitors. I have some code so far, but I need to add ip addresses from the users/visitors to the table as well. This is my code, everything gets added to the database table except for ip address. The table is users4project and column is ip address with the int(10) UNSIGNED NOT NULL I created the table in phpmyadmin.
<?php
function visitor($record) {
// my database info
$db_host = "";
$db_username = "";
$db_password = "";
$db_name = "";
$db_table = "ipusers4project";
$counter_page = "access_page";
$counter_field = "access_counter";
$db = mysqli_connect ($db_host, $db_username, $db_password, $db_name)
or die("Host or database not accessible");
$sql_call = "INSERT INTO ".$db_table." (".$counter_page.",
".$counter_field.") VALUES ('".$record."', 1) ON DUPLICATE KEY UPDATE ".$counter_field." = ".$counter_field." + 1";
mysqli_query($db, $sql_call) or die("Error while entering");
$sql_call = "SELECT ".$counter_field. " FROM ".$db_table." WHERE ".$counter_page. " = '".$record. "'";
$sql_result = mysqli_query($db, $sql_call) or die("SQL request failed ");
$row = mysqli_fetch_assoc($sql_result);
$x = $row[$counter_field];
mysqli_close($db);
return $x;
}
?>
<?php
$ipadress = $_SERVER['REMOTE_ADDR'];
$sql = "INSERT INTO
ipusers4project
( ipadress )
VALUES
( '$ipadress')";
?>
EDIT: On index.php I have this code:
<?php
$page_name = "index.php";
?>
<title><?php echo $page_name; ?></title>
<?php
include "webcounter.php";
$access_number = visitor($page_name);
?>
Just add this as another column in the row that visitor() is adding.
<?php
function visitor($record) {
// my database info
$db_host = "";
$db_username = "";
$db_password = "";
$db_name = "";
$db_table = "ipusers4project";
$counter_page = "access_page";
$counter_field = "access_counter";
$ipadress = $_SERVER['REMOTE_ADDR'];
$db = mysqli_connect ($db_host, $db_username, $db_password, $db_name)
or die("Host or database not accessible");
$sql_call = "INSERT INTO ".$db_table." (".$counter_page.",
".$counter_field.", ipadress) VALUES ('".$record."', 1, '$ipadress') ON DUPLICATE KEY UPDATE ".$counter_field." = ".$counter_field." + 1, ipadress = VALUES(ipadress)";
mysqli_query($db, $sql_call) or die("Error while entering");
$sql_call = "SELECT ".$counter_field. " FROM ".$db_table." WHERE ".$counter_page. " = '".$record. "'";
$sql_result = mysqli_query($db, $sql_call) or die("SQL request failed ");
$row = mysqli_fetch_assoc($sql_result);
$x = $row[$counter_field];
mysqli_close($db);
return $x;
}
?>
I am trying to update my feedback in my SQL database form with help of submit button but I'm unable to do so. Please help!
if (isset($_POST['submitreport']))
{
$dbCon = mysqli_connect("localhost","root","","Hun");
$report = strip_tags($_POST['report']);
$sql = "UPDATE Feedback SET report='$report' WHERE username='$username' AND date='$date' ";
$query = mysqli_query($dbCon, $sql);
}
<?php
if (isset($_POST['submitreport']))
{
$monthDayYear = date('m-d-Y');
$dbConnnection = mysqli_connect("localhost","root","","Hun");
$dbUsername = strip_tags($_POST['report']);
$sqlQuery = "UPDATE Feedback SET report='".$report."' WHERE username='".$username."' AND date='".$monthDayYear."'";
$queryExecute = mysqli_query($dbConnection, $sqlQuery);
}
?>
<?php
if (isset($_POST['submitreport']))
{
$dbCon = mysqli_connect("localhost","root","","Hun");
$username = 'test';
$report = strip_tags($_POST['report']);
$date = date('m-d-Y');
$sql = "UPDATE Feedback SET report='".$report."' WHERE username='".$username."' AND date='".$date."'";
$query = mysqli_query($dbCon, $sql);
}
?>
I have a database which stores data. How can I view data in my database with the same username as my session? What I have tried is below. There is a session and the username is uploading in each row in the database.
This is what I'm trying to do: say I logged in as jack I typed data in and sent it to the database. It saves the name as jack and then only views the results with jack. But it is saying 0 results. Why?
<?php
session_start();
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
echo "$username";
}
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "score";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, name, description FROM all_scores WHERE username = '".$username."' ORDER BY id DESC LIMIT 5";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<p></p>";
echo "". $row["name"]. "";
echo "<p>". $row["description"]. "</p>";
}
} else {
echo "0 results";
}
$conn->close();
?>
you have two mistakes
1- SQL syntax error, correct syntax is
$sql = "SELECT id, name, description FROM all_scores WHERE username = '".$username."'";
2- the variable $username is overwritten by the username of the database
try this:
$sql = "SELECT id, name, description FROM all_scores WHERE username = '".$_SESSION['username']."'";
I need to make a Sign in form for my website. And I have to use MySQLi because MySQL will cause decaprated on my try.
So, here's the index.php code:
<?php
session_start();ob_start();
$con=mysqli_connect("localhost","root","","oos");
if (mysqli_connect_errno()) echo "Failed to connect to MySQL: " . mysqli_connect_error();
if(isset($_POST['signin']))
{
$username = $_POST['userid'];
$pass = $_POST['password'];
$query1 = "select * from admintb where adID = '$username' and adPass = 'password' ";
$result1 = mysqli_query($con,$query1) or die;
$co=0;
while($row=mysqli_fetch_assoc($result1)) $co++;
if($co==1)
{
$_SESSION['a']=$username;
header("Location: main_menu.php");
}
} ?>
The problem is, when I make $username="admin" and $password = "admin", it will go to main_menu.php alright. But when I try to do as above, base on my database, it won't go to main_menu.php.
How can I sign in, go to the main_menu.php using ID from my database?
Sorry, I already checked it, it's a stupid mistake. Inside this snippet:
$username = $_POST['userid'];
$pass = $_POST['password'];
$query1 = "select * from admintb where adID = '$username' and adPass = 'password' ";
$result1 = mysqli_query($con,$query1) or die;
fix to this:
$query1 = "select * from admintb where adID = '$username' and adPass = '$pass' ";
EDIT: I know the error is somewhere here:
$connection = #mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = #mysql_select_db($db_name,$connection) or die(mysql_error());
$sql = "SELECT * FROM authorize WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
$result = #mysql_query($sql, $connection) or die(mysql_error());
$num = mysql_num_rows($result);
$lstbalance = 0;
$balance = 0;
//set session variables if there is a match
if ($num != 0)
{
while ($sql = mysql_fetch_object($result))
{
$lstbalance = $sql -> lostbalance;
$balance = $sql -> balance;
}
}
if ($win==true)
{
$sql = "update users set lostbalance='($lstbalance+(($payouts[$result1.\'|\'.$result2.\'|\'.$result3])*(int)$_POST[\'bet\']))' WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
}
else
{
$sql = "update users set lostbalance='(lstbalance-(int)$_POST[\'bet\'])' WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
}
$result = #mysql_query($sql, $connection) or die(mysql_error());
I was able to narrow down the error to this piece of code, help appreciated. Regards.
When I comment it out everything seems to work all the connect variables are from a different file and are valid.
$lostbalance = $lstbalance+(($payouts[$result1])*(int)$_POST['bet']));
$sql = "update users set lostbalance='$lostbalance' WHERE username = '".$_SESSION['user_name']."' and password = '".$_SESSION['password']."'";
i dont understand about ur code on $payout[$result1.\'|\'.$result2.\'|\'.$result3]