I have created a login.php that works and keeps the user logged in with session.
Now, User has an option to use his "money" to buy something, so he clicks on "buy" and it opens "transfer.php" which is this below.
<?php
session_start();
$servername = "";
$username = "";
$password = "";
$dbname = "";
// Create connection header("Location:transfer2.php");
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE user SET money=money-2 WHERE id=2";
if ($conn->query($sql) === TRUE) {
exit();
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
Now, this part:$sql = "UPDATE user SET money=money-2 WHERE id=2"; I want this script to automaticly find the id from the user that is logged in currently.
Im trying to figure this out, and I am just lost.
Thanks in advance.
In the login script, set a session variable to the user's ID. Then you can use this session variable in other scripts.
$sql = "UPDATE user SET money=money-2 WHERE id = ?";
if ($stmt = $conn->prepare($sql)) {
$stmt->bind_param("i", $_SESSION['user_id']);
if ($stmt->execute()) {
exit();
} else {
die("Error updating record: " . $stmt->error);
}
} else {
die("Error updating record: " . $conn->error);
}
Related
I am looking to have a page with a redirect based on what is in the database.
I have a table called "nametable" and 2 columns "id" and "switch"
The id never changes, only the switch entry does. Sometimes it will have "on" as the entry, and sometimes it will have "off" as the entry (depending on what I enter in there at the time)
So I want a page where the website visitor will go to, and if the database says "on" then they will be redirected to, lets say "pageon.php" and if it says off, the visitor will be redirected to "pageoff.php"
I managed to do a simple echo to show on or off in text on the page. But I don't have the foggiest on how to have them redirected based on that.
Any thoughts on what I should search for to make this happen? And advice is appreciated.
PS. I tend to get a -1 because the site thinks I'm not specific on what I am wanting to do. If I am unclear, please tell me so I can revise before closing or -1
Thank you
EDIT: Based on the advice I was given in the comments, I have made this so far. I'm only getting a blank page though. Any thoughts?
<?php
$servername = " ";
$username = " ";
$password = " ";
$dbname = " ";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, switch FROM nametable";
$result = $conn->query($sql);
if ($row['switch'] == "on") header("Location: off.php"); else header("Location: on.php");
$conn->close();
?>
Try this:
<?php
$servername = " ";
$username = " ";
$password = " ";
$dbname = " ";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, switch FROM nametable";
$result = $conn->query($sql);
$row = $result->fetch_assoc();
if ($row['switch'] == "on"){
header("Location: off.php");
} else {
header("Location: on.php");
}
$conn->close();
?>
I got it. Thanks to the help in the comments, and the answer by #Edgaras except I made a tiny switch to have the == off, and that made it work. thank you all so much. Here is the solution.
<?php
$servername = " ";
$username = " ";
$password = " ";
$dbname = " ";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, switch FROM nametable";
$result = $conn->query($sql);
$row = $result->fetch_assoc();
if ($row['switch'] == "off"){
header("Location: off.php");
} else {
header("Location: on.php");
}
$conn->close();
?>
I have a little problem
I want to create a script, that creates a new line in the table, if there is a new user and in the line, change the "points" columme to zero(0)
This is my current code:
<?php
header('Content-Type: text/html; charset=Windows-1250');
$firstName = $_POST['firstname'];
$servername = "db.mysql-01.gsp-europe.net";
$username = "xxxxxxxxxx";
$password = "xxxxxxxxxxx";
$dbname = "xxxxxxxxxxx";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// sql to create table
$sql = "UPDATE `member_profile` SET points = points + 1 WHERE user_id = '$firstName'";
if ($conn->query($sql) === TRUE) {
echo "Thingz created successfully";
} else {
echo "Error doing sum thingz: " . $conn->error;
}
$conn->close();
?>
What i need in the cube: When there new user_id ($firstName) appear, create new line with this user name, and change the "points" columme from "null" into Zero(0)
Thanks for yout time, I appreciate it
If I understand well you want to check if the user exists or not. If user is new create new line with the user with 0 points and if exist increse points with 1.
<?php
header('Content-Type: text/html; charset=Windows-1250');
if(isset($_POST['firstname'])){
$firstName = $_POST['firstname'];
$servername = "db.mysql-01.gsp-europe.net";
$username = "xxxxxxxxxx";
$password = "xxxxxxxxxxx";
$dbname = "xxxxxxxxxxx";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// check if the user exist
$check = "SELECT * FROM `member_profile` WHERE user_id = '$firstName'";
$result = mysqli_query($conn,$check) or die(mysqli_error($conn));
$rows = mysqli_num_rows($result);
//if exist increse points with 1
if($rows>=1){
$sql = "UPDATE `member_profile` SET points = points + 1 WHERE user_id = '$firstName'";
if ($conn->query($sql) === TRUE) {
echo "Thingz created successfully";
} else {
echo "Error doing sum thingz: " . $conn->error;
}
}
//if don't exist create user with points 0
if($rows==0)
{
$query = "INSERT into `member_profile` (user_id, points) VALUES ( '$firstName' ,'0')";
$result = mysqli_query($conn,$query)or die(mysqli_error($conn));
$conn->close();
}
}
?>
Remember, I gave you an idea, the code is prone to sql inject
I am trying to take the value of the topay column where torecieve equals to current session user id and use it to perform operation on the user table.
But it throws a syntax error
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "bazze2";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$merge = "SELECT topay FROM merge WHERE torecieve=$_SESSION[id]";
$sql = "UPDATE user SET topay2='10000000' WHERE 'id'=$merge";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
Use a prepared query, and use a join.
$sql = "UPDATE user AS u
JOIN merge AS m ON u.id = m.topay
SET u.topay2 = '10000000'
WHERE m.toreceive = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('i', $_SESSION['id']);
if ($stmt->execute()) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $stmt->error;
}
I have this code that allows a user to reset their account from a url link
<?php
$servername = "localhost";
$username = " ";
$password = " ";
$dbname = " ";
$code = $_GET['code'];
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT com_code FROM user WHERE com_code = ".$_GET['code'];
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<form action='reset.php?code=" . $row["com_code"]. "' method='post'>Enter New Password: <input type='text' name='new_password' placeholder='New Password'><br><input type='submit' value='Submit'></form>";
}
} else {
echo "0 results";
}
$conn->close();
?>
<?php
$servername = "localhost";
$username = " ";
$password = " ";
$dbname = " ";
$pword = $_POST['new_password'];
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if (isset($_POST['Submit'])) {
$sql1 = "UPDATE user SET password='$pword', com_code=NULL WHERE com_code = '$code'";
}
if ($conn->query($sql1) === TRUE) {
echo "Password has been change successfully!";
} else {
echo "Error updating record: " . $conn->error;
}
?>
I keep getting the error:
Warning: mysqli::query(): Empty query in
/home/u590953899/public_html/notify/reset.php on line 47 Error
updating record:
When you press the submit button, it is suppose to UPDATE the database where the com_code = the $GET url
BUT
What happens is that it only reloads the page, how do I fix this?
The link to it is: http://notify.bithumor.co/reset.php?code=123456789
You should change your code to be inside isset like this :
if (isset($_POST['Submit'])) {
$sql1 = "UPDATE user SET password='$pword', com_code=NULL WHERE com_code = '$code'";
if ($conn->query($sql1) === TRUE) {
echo "Password has been change successfully!";
} else {
echo "Error updating record: " . $conn->error;
}
}
Make following changes in your code:
if (isset($_POST['Submit'])) {
$sql1 = "UPDATE user SET password='$pword', com_code IS NULL WHERE com_code = '$code'";
if ($conn->query($sql1) === TRUE) {
echo "Password has been change successfully!";
} else {
echo "Error updating record: " . $conn->error;
}
}
We use IS NULL to check NULL in mysql
if (isset($_POST['Submit'])) {
$sql1 = "UPDATE user SET password='$pword', com_code IS NULL WHERE com_code = $code";
}
Read NULL Values in MYSQL
$_POST['Submit'] will never be set, when your submit button doesn't have name="submit". Just having type="submit", or value="submit", or id="submit" will not do it. You need the name attribute for that.
First check that your input type has name="Submit", if not add it.
After that echo your query first,
if (isset($_POST['Submit'])) {
echo "UPDATE user SET password='$pword', com_code=NULL WHERE com_code = '$code'";
$sql1 = "UPDATE user SET password='$pword', com_code=NULL WHERE com_code = '$code'";
if ($conn->query($sql1) === TRUE) {
echo "Password has been change successfully!";
} else {
echo "Error updating record: " . $conn->error;
}
}
And also all the code i.e. query executing and messages should be in the same if statement ( if(isset($_POST['Submit'])) ).
I hope this works for you.
I am doing an update of values inside a MySQL database using PHP
and here is my code to update
$id = $_REQUEST['uid'];
$name = $_REQUEST['name'];
$company = $_REQUEST['company'];
$contact = $_REQUEST['contact'];
$email = $_REQUEST['email'];
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
echo "$id "."$name". "$company" . "$contact" . "$email";
if ($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
}
else
{
$sql = "UPDATE `users` SET `userName`='$name',`userEmail`='$email',`userCompany`='$company',`userContact`='$contact' WHERE userID = $id";
if (mysqli_query($conn, $sql))
{
mysqli_commit($conn);
echo "success";
}
else
{
echo "error";
}
}
mysqli_close($conn);
it does the update and changes the value in the db.
But when I login using the previous username and password, it still accepts it
code for login
$uname= $_REQUEST['loginusername'];
$pword= $_REQUEST['loginpassword'];
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
else
{
$sql = "SELECT * FROM `users` WHERE userName = '$uname' AND userPassword = '$pword'";
$return = mysqli_query($conn, $sql);
if(mysqli_num_rows($return) > 0)
{
echo 'found';
}
else
{
echo 'not found';
}
}
$conn->close();
thanks in advance
You don't update your Password field in
UPDATE `users` SET `userName`='$name',`userEmail`='$email',`userCompany`='$company',`userContact`='$contact' WHERE userID = $id
and it isn't a good practice to save clear text passwords. Its better to hash it with an hash algorithm (for example sha256) and salt it.