This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 5 years ago.
I am writing a login form with PHP and Mysql.
I did everything its just the forgot password that is not working.
It sends me email confirmation but it does not update the password in the database.
First is the forgot page, then sends an email and redirect me to the confirm_pass.html page where is the form for the two passwords and on this page executes the confirm_pass.php where is doing everything, except updating the password in the database.
Please help.
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Make sure the two passwords match
if ( $_POST['newpassword'] == $_POST['confirmpass'] ) {
$new_password = password_hash($_POST['newpassword'], PASSWORD_BCRYPT);
$email = $mysqli->escape_string($_POST['email']);
$confirm_code = md5(rand().$password);
$result = "UPDATE `mv_db`.`users` SET `password`='$new_password', `confirm`='$confirm_code' WHERE `email`='$email'";
if ( $mysqli->query($result) ) {
header("location: login.html");
}
}
else {
$_SESSION['message'] = " The two passwords you entered don't match, try again!";
header("location: error.php");
}
}
?>
Your $_POST['email'] is not defined, because there is no "email" field in your HTML form.
So nothing is updated in database, because there is no matching record.
Related
This question already has answers here:
How to check if a row exists in MySQL? (i.e. check if username or email exists in MySQL)
(4 answers)
Reference - What does this error mean in PHP?
(38 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 4 years ago.
I have a form and fields are Name, Email, Password. Client-side validation is working perfectly. I am working on server-side validation.
I am getting the issue on else part. For testing, I added echo $email and I am getting the email id. Now that email id will check in the database is exists or not. If exist the display the error if not existing the display the not exist.
if(condition){}
elseif(condition){}
elseif(condition){}
elseif(condition){}
else{
echo $email; // here I am able to display the email id
$sql_check_email="SELECT email FROM register WHERE email =?";
$stmt = $conn->prepare($sql_check_email);
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->bind_result($email);
$rows = $stmt->fetch();
$total_rows = count($rows);
if( $total_rows > 0 ){
$_SESSION['email_error']= 'This email is alredy register with us';
header('location:register');
}else{
echo $email;// why my email id not displaying here?
echo $name;
echo $password;
echo $date_of_added;
echo"Not exist";
}
Your issue is:
$stmt->bind_result($email);
That line replaces variable with query result.
Just use another variable for results.
You also use fetch result wrong, it returns just true/false/null value of fetch state. Use bind_result binded variable to get your results.
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
I have a project that requires creating a system for a given scenario using php and mySQL. Another requirement is that it has to have logins for different users.
In my implementation it fails to authenticate even with the right credentials. I am using mysqli for this implementation. There are no syntactical errors and the field names and entered credentials are all correct.
The code in question (login.php):
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Please enter a username and password";
} else {
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Calls the 'connect.php' to connect to the database and select the database
require 'db/connect.php';
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// SQL query to fetch information of registerd users and finds user match.
$result = $db->query("SELECT * FROM `users` WHERE 'usr_pwd'='$password' AND 'usr_name'='$username'");
if ($result->num_rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: test.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($db); // Closing Connection
}
}
?>
I've also linked the github repo to my code as is: https://github.com/gussippi/furniture-store
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
Hi! The objective of this code is to log-in to a website. This code has no error but still doesn't redirect to a profile page. Please, help. Thank you!
<?php
include("dbconnect.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "post")
{
$username = $_POST['student'];
$password = $_POST['password'];
$query=mysqli_query($dbconfig,"SELECT * FROM members WHERE sn=$username AND pw=$password");
$row=mysqli_fetch_array($query,MYSQLI_ASSOC);
$count=mysqli_num_rows($query);
if($count==1)
{
$_SESSION['login_user']=$username;
header("location: main.php");
}
else
{
$error="Username or Password is invalid";
}
}
?>
You need to write you query like this
$query=mysqli_query($dbconfig,"SELECT * FROM members WHERE sn='".$username."' AND pw='".$password."'");
Your query doesn't work. Try with SELECT * FROM members WHERE sn='$username' AND pw='$password'
And also after you execute the query check if the are some errors with
if(!$query)
die(mysqli_error($dbconfig));
P.S. sanitize username and password before inserting them in a query
This question already has answers here:
Why does this PDO statement silently fail?
(2 answers)
Closed 6 years ago.
Im trying to update my data using php but it doesnt work, any ideas?
This is the code, this isnt the full code (its not done) but even the username cant be updated.
<?php
session_start();
include "dbconfig.php";
require "check.php";
if(!empty($_POST['user_name']) || !empty($_POST['user_email'])){
$user_name = trim($_POST['user_name']);
$user_email = trim($_POST['user_email']);
$count=$db_con->prepare("SELECT * FROM users WHERE user_id=:userid");
$count->bindParam(":userid",$_SESSION['user_session'],PDO::PARAM_STR,15);
$count->execute();
$row = $count->fetch(PDO::FETCH_OBJ);
$sql=$db_con->prepare("update users set user_name=:username where user_id='$row->user_id'");
$sql->bindParam(':username',$user_name,PDO::PARAM_STR, 32);
if($sql->execute()){
echo "Successfully updated Profile";
}
else{
print_r($sql->errorInfo());
}
else {
echo "No data inserted!"
}
include "home.php";
?>
I guess a syntax error in this Line
$sql=$db_con->prepare("update users set user_name=:username where user_id='$row->user_id'");
Corrected
$sql=$db_con->prepare("update users set user_name=:username where user_id="$row->user_id);
This question already has answers here:
The 3 different equals
(5 answers)
Closed 7 years ago.
i am trying to make a website using php with mysql database..
here is my code
<?php
$con=mysql_connect("localhost", "root", "");
mysql_select_db("mydatabase", $con);
$query = "INSERT INTO tblSecurity Values('".$_POST['txtUser']."','".$_POST['txtPass']."')";
$password = $_POST['txtPass'];
$confirm = $_POST['txtPassConfrm'];
mysql_query($query, $con);
if($password = $confirm)
{
Header("Location: Login.php");
}
else
{
echo"Verify your Answer";
}
?>
the problem is, how can i verify if the confirm password is same with the password inputted, this code works but it wont move to ELSE even the passwords are not the same. can anyone help me correct this please.. thanks
better practice is check two passwords are same in inputting stage.
here also code is correct , only mistake is php needs == instead of =.