We Keep Coding

cannot insert into localhost(mysql) database using php [duplicate]

This question already has answers here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
Closed 3 years ago.
I can't insert the registration form data into my localhost database.
I am using xampp server, running mysql 5, php 7 and apache2. I've provided the code that can insert the form data into the database. The database is connected. I have also restarted the xampp server but it shows the same problem.
<?php
$active='Account';
include("includes/header.php");
?>
//html form with correct name values
<?php
if(isset($_POST['register'])){
$c_name = $_POST['c_name'];
$c_email = $_POST['c_email'];
$c_pass = $_POST['c_pass'];
$c_country = $_POST['c_country'];
$c_city = $_POST['c_city'];
$c_contact = $_POST['c_contact'];
$c_address = $_POST['c_address'];
$c_image = $_FILES['c_image']['name'];
$c_image_tmp = $_FILES['c_image']['tmp_name'];
move_uploaded_file($c_image_tmp,"customer/customer_images/$c_image");
$insert_customer = "insert into customers (customer_name,customer_email,customer_pass,customer_country,customer_city,customer_contact,customer_address,customer_image,customer_ip) values ('$c_name','$c_email','$c_pass','$c_country','$c_city','$c_contact','$c_address','$c_image','$c_ip')";
$result = mysqli_query($con,$insert_customer);
$sel_cart = "select * from cart where ip_add='$c_ip'";
$run_cart = mysqli_query($con,$sel_cart);
$check_cart = mysqli_num_rows($run_cart);
if($check_cart>0){
$_SESSION['customer_email']=$c_email;
echo "<script>alert('User is already present');</script>";
echo "<script>window.open('checkout.php','_self')</script>";
}else{
$_SESSION['customer_email']=$c_email;
echo "<script>alert('You have been Registered Sucessfully')</script>";
echo "<script>window.open('index.php','_self')</script>";
}
}
?>
The data should be inserted into the db when I refresh the phpmyadmin page.

Check $con variable where you define. Connection variable should be define on page and call with mysqli function.
$result = mysqli_query($con,$insert_customer);

mysqli_query() expects parameter 1 to be mysqli, boolean given [duplicate]

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
How do I display a MySQL error in PHP for a long query that depends on the user input? [duplicate]
(6 answers)
Reference - What does this error mean in PHP?
(38 answers)
Closed 4 years ago.
Hey can you guys help me with this because I can't figure it out here are the errors.
[04-Nov-2018 15:21:52 UTC] PHP Warning: mysqli_connect(): (HY000/1045):
Access denied for user 'freeload_retain'#'vps28004.inmotionhosting.com'
(using password: NO) in /home/freeloadboard/public_html/insert.php on
line 7
[04-Nov-2018 15:21:52 UTC] PHP Warning: mysqli_select_db() expects
parameter 1
to be mysqli, boolean given in /home/freeloadboard/public_html/insert.php
on line 21
[04-Nov-2018 15:21:52 UTC] PHP Warning: mysqli_query() expects parameter
1 to be mysqli, boolean given in
/home/freeloadboard/public_html/insert.php on line 45
Program:
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$con = mysqli_connect('##.##.###.##','freeload_retain','');
if(!$con)
{
echo "Not Connected to Server. ";
}
if(!mysqli_select_db($con, 'freeload_retain'))
{
echo "Database Not Selected. ";
}
$Companyname = $_POST['companyname'];
$Username = $_POST['username'];
$Password = $_POST['password'];
$Email = $_POST['email'];
$sql = "INSERT INTO clients (companyname, username, password, email)
VALUES ('$Companyname', '$Username', '$Password', '$Email')";
if(!mysqli_query($con, $sql))
{
echo "Not Inserted. ";
}
else
{
echo "Inserted. ";
}
?>
Hope you guys find out the answer soon!
Also I'm reusing this question because I can't wait another day to make another question but thanks for helping me out!

To answer your question: It's not working because you're wrapping the column names in brackets, remove these and it should work. You also have a typo. ($comapnyname = $_POST['companyname'];), should be $companyname.
However, there's a few other, bigger issues with your code. You're using the mysql functions, which are deprecated and completely removed from PHP7.
Next to that, you should use prepared statements and bind_param to prevent SQL injections, escaping strings will not accomplish this.
This what it would look like using prepared statements.
// ... Set your database connection variables
/*
* Create the database connection, notice the
* usage of mysqli instead of mysql
*/
$connect = new mysqli($host, $user, $password, $database);
/*
* The query, notice the usage of a question mark
* on the place of the variables to be inserted
*/
$sql = "INSERT INTO client (cname, tname, pname, ename) VALUES (?, ?, ?, ?)";
// Prepare the query using $connect->prepare()
$stmt = $connect->prepare($sql);
// Check if the query was prepared
if(!$stmt) {
// ... Handle your error
}
// Get $_POST variables
$companyname = $_POST['companyname'];
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
if(!$stmt->bind_param('ssss', $companyname, $username, $password, $email)) {
// ... Handle your error
}
if(!$stmt->execute()) {
// ... Handle your error
} else {
echo 'Record inserted.';
}
It also seems that you're inserting the passwords into your database as clear-text, this is a big issue. You should hash them. Write two functions, one to hash the password and one to verify it when users log in.
The first function will return the password hash and the second one will return TRUE or FALSE if the password is correct or incorrect.
function hashPassword($password) {
return password_hash($password, PASSWORD_DEFAULT);
}
function verifyPassword($password, $hash) {
return password_verify($password, $hash);
}

Warning: mysql_fetch_array() expects parameter 1 to be resource, object given [duplicate]

This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 7 years ago.
how do i solve error message
Warning: mysql_fetch_array() expects parameter 1 to be resource,
object given
my code :
if(isset($_POST['login']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$res = $MySQLiconn->query(" SELECT * FROM users WHERE username = '$username' ");
$row = mysql_fetch_array($res);
if($row['password'] == md5($password))
{
$_SESSION['login'] = $row['user_id'];
echo $_SESSION['login'];
}
else
{
echo "<script>alert('wrong details')</script>";
}
}
Can anyone help ?

The actual problem is you are mixing mysqli methods and mysql methods together.
$res = $MySQLiconn->query(" SELECT * FROM users WHERE username = '$username' ");
is in mysqli and
$row = mysql_fetch_array($res);
is in mysql. so here you are passing $res which is an object mysqli::query returns an object and mysql_fetch_array() expects a resource that is why it shows such an error. . So either use mysql or use mysqli to resolve the problem.

You are mixing mysql and mysqli calls in your code. Use mysqli_fetch_array instead of mysql_fetch_array.

PHP Notice: Undefined offset: 0 [duplicate]

This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 8 years ago.
I am trying redirect user when login successfully but I am getting error on entering wrong username and password and also redirection not working. If I insert valid username and password works great.
Error:
Notice: Undefined offset: 0 in /var/sites/l/example.com/public_html/demo/sitename/application/models/loginmodel.php on line 70
Notice: Trying to get property of non-object in /var/sites/l/example.com/public_html/demo/sitename/application/models/loginmodel.php on line 70
Warning: Cannot modify header information - headers already sent by (output started at /var/sites/l/example.com/public_html/demo/sitename/application/models/loginmodel.php:70) in /var/sites/l/example.com/public_html/demo/sitename/application/models/loginmodel.php on line 82
My Code:
session_start();
$username = strip_tags($username);
$password = strip_tags($password);
$sql = "SELECT id FROM users WHERE name='$username' and password='$password'";
$query = $this->db->prepare($sql);
$query->execute();
$records = $query->fetchAll();
$ck_userID = $records[0]->id;
//$active=$row['active'];
// echo "<pre>";
// print_r($ck_userID);
// echo "</pre>";
// die;
if ( count($ck_userID) > 0 ){
$_SESSION['login_user']=$username;
header('location: ' . URL . 'admin');
}else{
header('location: ' . URL . 'login?invalid');
}

Change
$ck_userID = $records[0]->id;
to
$ck_userID = isset($records[0]) && is_object($records[0]) ? $records[0]->id : null;
Explanation:
You have to check whethe $records[0] does exist and you should check whether it's an object (so it's not false or null).
Also care for SQL injection. You are using some kind of prepare method, but you don't prepare anything.
Another bad practice is header sending location change but no exit following.
Header start with a capital letter, location: -> Location:.

change
$records = $query->fetchAll();
$ck_userID = $records[0]->id;
if ( count($ck_userID) > 0 ){
to
$records = $query->fetchAll();
if ( count($records) > 0 ){
NOTE: your code is vulnerable to sql injections

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, object given [duplicate]

This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
warning:mysql_fetch_array() expects parameter 1 to be resource, object given [duplicate]
(3 answers)
Closed last year.
I cant seem to figure out what I'am doing wrong. So when I submit my form I get Warning error and the
Notice: Undefined variable: dbusername in /Library/WebServer/Documents/ArturoLuna_Final/loginCheck.php on line 30
$username = $_POST['username'];
$password = $_POST['password'];
if($username&&$password)
{
require 'conn.php';
$query = "SELECT * FROM users WHERE username='$username'";
$result = $mysql->query($query) or die(mysqli_error($mysql));
$numrows = $result->num_rows;
if ($numrows!=0)
{
while($row = mysql_fetch_assoc($result))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
//check to see if they match!
if($username==$dbusername&&$password==$dbpassword)
{
echo "youre In!";
}
else
echo "incorrect password!";
}
else
die("that user is dead");
//echo $numrows;
}
else
echo ("Please Enter Username")
what can I be possibly doing wrong?

Change
while($row = mysql_fetch_assoc($result))
to
while($row = $result->fetch_assoc())
You missed an i off the function name, and mixed up OO and procedural style code, so you are mixing up mysql_* result resources and mysqli_result objects.

You're mixing traditional PHP MySQL functions mysql_* with the MySQLi interface. In this case, mysql_fetch_assoc() expects a resource handle created with mysql_query().
To retrieve the correct result, you'll need to use MySQLi's method:
$row = $result->fetch_assoc();
And while you're at it, you might want to consider making the code less susceptible to MySQL injection. Properly escape any user provided input before interpolating it into a query string, or better yet, use MySQLi parameter binding facilities.