First sorry for my bad english
Second: the problem is all in my form, when sumbit he doesn't post on the same page or in another page the inserted datas.
I need it to post on the same page or on another pages when I fill the fields
And need to have the possibility to show the posted things on different pages without the possibity to let others fill the fields, but view / read only.
<?php
mysql_connect("sql.domain.com", "database", "password");
mysql_select_db("database");
$Username = $_POST['Username'];
$Password = $_POST['Password'];
$eMail = $_POST['eMail'];
$eMailPw = $_POST['eMailPw'];
$submit = $_POST['submit'];
$dbLink = mysql_connect("sql.domain.com", "database", "password");
mysql_query("SET character_set_client=utf8", $dbLink);
mysql_query("SET character_set_connection=utf8", $dbLink);
if($submit) {
if($Username && $Password && $eMail && $eMailPw) {
$insert = mysql_query("INSERT INTO commenttable (Username,Password,eMail,eMailPw) VALUES ('$Username','$Password','$eMail','$eMailPw') ");
echo "<meta HTTP-EQUIV='REFRESH' content='0; url=TEST2.php'>";
} else {
echo "please fill out all fields";
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>TEST 2</title>
</head>
<body>
<center>
<form action="TEST2.php" method="POST" >
<table border="0" cellspacing="8" cellpadding="0" >
<tr>
<td>Username</td>
<td><input type="text" name="Username" size="30" ></td>
</tr>
<tr>
<td>Password</td>
<td><input type="text" name="Password" ></td>
</tr>
<tr>
<td>eMail</td>
<td><input type="text" name="eMail" ></td>
</tr>
<tr>
<td>eMail Password</td>
<td><input type="text" name="eMailPw" ></td>
</tr>
</table>
<input type="submit" value="Submit">
</form>
<?php
$dbLink = mysql_connect("sql.domain.com", "database", "password");
mysql_query("SET character_set_results=utf8", $dbLink);
mb_language('uni');
mb_internal_encoding('UTF-8');
$getquery = mysql_query("SELECT * FROM commenttable ORDER BY id DESC");
while($rows = mysql_fetch_assoc($getquery)) {
$id = $rows['id'];
$Username = $rows['Username'];
$Password = $rows['Password'];
$eMail = $rows['eMail'];
$eMailPw = $rows['eMailPw'];
echo $Username . '<br/>' . '<br/>' . $Password . '<br/>' . '<br/>' . $eMail . '<br/>' . '<br/>' . $eMailPw . '<br/>' . '<br/>' . '<hr size="1"/>';
}
?>
</body>
</html>
First, your English is good. Second, there are a lot of things I would recommend working on before being concerned if it posts or not.
mysql vs mysqli
mysql extension depreciation warning
mysql extensions have been depreciated, so you will want to use mysqli. The benefit of working with PHP is that the documentation is very thorough. Check out this link to get familiar with the improved extensions.
mysql_connect
changes to
mysqli_connect
input type="password"
...provide a way for the user to
securely enter a password. The element is presented as a one-line
plain text editor control in which the text is obscured so that it
cannot be read, usually by replacing each character with a symbol such
as the asterisk ("*") or a dot ("•"). This character will vary
depending on the user agent and OS.
-https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/password
Here's a handy link to get familiar with different input types
if...submit
isset — Determine if a variable is set and is not NULL
-http://php.net/manual/en/function.isset.php
if($submit){
changes to
if(isset($_POST['submit'])){
<your code here>
}
redirect upon submit
It looks like you might want to redirect the user to a different page to view the data after submission. Below is an example of how to do that.
# after your query and insertion into table
$profile_url = 'http://' . $_SERVER['HTTP_HOST'] . '/profile.php';
$header('Location: ' . $profile_url);
Related
I have a issue with my login form. I'm trying to login with PHP and MySQLi but for some reason every time I press the login button. The fields within the form reset to blank fields. This is my code index.php
<html>
<head>
<title>User Login</title>
</head>
<body>
<form action="" method="post">
<table width="500" align="center" bgcolor="skyblue">
<tr align="center">
<td colspan="3"><h2>User Login</h2></td>
</tr>
<tr>
<td align="right"><b>Email</b></td>
<td><input type="text" name="email" required="required"/></td>
</tr>
<tr>
<td align="right"><b>Password:</b></td>
<td><input type="password" name="pass" required="required"></td>
</tr>
<tr align="center">
<td colspan="3">
<input type="submit" name="login" value="Login">
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
session_start();
$con = mysqli_connect("localhost","root","usbw","login");
if (mysqli_connect_errno())
{
echo "MySQLi Connection was not established:" . mysqli_connect_error();
}
// checking the user
if(isset($_POST['login'])){
$email = mysqli_real_escape_string($con,$_POST['email']);
$pass = mysqli_real_escape_string($con,$_POST['pass']);
$sel_user = "SELECT * FROM users WHERE user_email='".$email."' AND user_pass='".$pass."'";
echo $sel_user;
$run_user = mysqli_query($con, $sel_user);
$check_user = mysqli_num_rows($run_user);
echo $check_user;
if($check_user == 1){
$_SESSION['user_email']=$email;
header('Location: loggedin.html'); }
else { header('Location: index.html'); }
}
?>
I hope someone can help me to fix this issue because I really need to build a login form for my website
There's a few things I'd like to point out about your code, but the primary issue you've been having all along is that you are sending headers before you are calling the session_start(); and header("Location: ..); functions. This causes "Headers already sent" warnings, and will not break your script, but it won't function properly. You should read How to fix "Headers already sent" error in PHP.
The code below has been altered some as well, I've made a few changes to it that you really should include
Using prepared statements, to protect your database against SQL injection (see How can I prevent SQL injection in PHP?) (never, never, never, never ever trust user-input!)
Using exit after calling a header("Location .."); function (see php - Should I call exit() after calling Location: header?)
The altered code is given below, and should be placed above ANY kind of HTML.
<?php
session_start();
$con = mysqli_connect("localhost","root","usbw","login");
if (mysqli_connect_errno()) {
echo "MySQLi Connection was not established:" . mysqli_connect_error();
}
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($con, $_POST['email']);
$pass = mysqli_real_escape_string($con, $_POST['pass']);
$sql = "SELECT user_email FROM users WHERE user_email=? AND user_pass=?";
if ($stmt = $mysqli_prepare($sql)) {
mysqli_stmt_bind_param($stmt, "ss", $email, $pass);
mysqli_stmt_store_result($stmt);
// Checking if the user was valid
if (mysqli_stmt_num_rows($stmt) > 0){
$_SESSION['user_email'] = $email;
header('Location: loggedin.html');
exit;
} else {
header('Location: index.html');
exit;
}
}
}
?>
<!-- HTML form goes here, nothing(!) before this PHP -->
What you really should do is to hash your passwords - from the looks of it, your passwords are stored in clean text in the database, this is a BIG no-no!
You should use password_hash() and password_verify() for that. It's really important to protect your user should your database be breached.
To troubleshoot further, you should enable error-reporting:
error_reporting(E_ALL);
mysqli_error
mysqli_stmt_error
When you have enabled this, PHP will tell you what's wrong if you just check your logs.
dude try this
<html>
<head>
<title>User Login</title>
</head>
<body>
<form action="" method="post">
<table width="500" align="center" bgcolor="skyblue">
<tr align="center">
<td colspan="3"><h2>User Login</h2></td>
</tr>
<tr>
<td align="right"><b>Email</b></td>
<td><input type="text" name="email" required="required"/></td>
</tr>
<tr>
<td align="right"><b>Password:</b></td>
<td><input type="password" name="pass" required="required"></td>
</tr>
<tr align="center">
<td colspan="3">
<input type="submit" name="login" value="Login">
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
session_start();
$con = mysqli_connect("localhost","root","usbw","users");
if (mysqli_connect_errno())
{
echo "MySQLi Connection was not established:" . mysqli_connect_error();
}
// checking the user
if(isset($_POST['login'])){
$email = mysqli_real_escape_string($con,$_POST['email']);
$pass = mysqli_real_escape_string($con,$_POST['pass']);
$sel_user = "SELECT * FROM users WHERE user_email='".$email."' AND user_pass='".$pass."'";
$run_user = mysqli_query($con, $sel_user);
$check_user = mysqli_num_rows($run_user);
if($check_user == 1){
$_SESSION['user_email']=$email;
header('Location: loggedin.html');
}
else {
header('Location: index.html');
}
}
?>
So basically, I'm trying to make a simple, yet secure, forgotten password script.
There are two scripts, one that allows the user to enter their email address. This will then send them an email with a link that they must visit to save their new password.
The second script is where the link leads to. This script saves the new password.
For security purposes, I made a new table within my database called 'token'. It has three fields; token, email, used. Token is a random generated string of 10 letters and numbers, email is just that users email address, and used is an integer of either 1 or 0 indicating whether or not the token has been used.
You will be able to understand far more of my structure once you read over the two scripts. They are not to long, and not complex at all.
What is going wrong
Okay, so there is only one small thing going wrong, and this is within the reset-password.php script. This is where the users come to after they receive the email. Basically, I type in a new password, and click 'Reset Password', yet nothing happens. No errors or confirmations are shown, along with nothing changing within my database. I can't seem to debug this, and have been searching and trying for hours now. All help and suggestions would be greatly appreciated.
Please try to keep in mind that I am still a newbie at PHP and MySQL. Been working with PHP for approximately 8 weeks now, and MySQL for only 2.
forgot-password.php
<?php
//Forgotten password script
//Variable to save errors
$errors = array();
$email = $_POST['email'];
include 'config.php';
mysql_connect("$db_host", "$db_username", "$db_password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$query = "SELECT email FROM users WHERE email='" . $email . "'";
$result = mysql_query($query);
$num = mysql_num_rows($result);
if($num==0)
{
echo ("<div style='color:red;'>Email address is not registered</div>");
die();
}
$token = getRandomString(10);
$query = "INSERT INTO tokens (token,email) VALUES ('".$token."','".$email."')";
mysql_query($query);
//function to renerate the token
function getRandomString($length)
{
$validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZ123456789";
$validCharNumber = strlen($validCharacters);
$result = "";
for ($i = 0; $i < $length; $i++)
{
$index = mt_rand(0, $validCharNumber - 1);
$result .= $validCharacters[$index];
}
return $result;
}
//Send the reset link to the user
function mailresetlink($to,$token)
{
$subject = "Password Reset";
$message = '
<html>
<head>
<title>Password Reset</title>
</head>
<body>
<p>Click on the given link to reset your password Reset Password</p>
</body>
</html>
';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: Password Reset <noreply#domain.com>' . "\r\n";
if(mail($to,$subject,$message,$headers))
{
echo "We have sent the password reset link to your email at <strong>".$to."</strong>";
}
}
//If email is posted, send the email
if(isset($_POST['email']))
{
mailresetlink($email,$token);
}
?>
<table align="center" style="padding-bottom:40px;">
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<tr>
<td>Email Address: </td>
<td><input type="text" name="email" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Reset My Password" /></td></tr>
<input type="hidden" name="register" value="TRUE" />
</form>
</table>
reset-password.php
<?php
//Reset password script
$token = $_GET['token'];
$email;
include 'config.php';
mysql_connect("$db_host", "$db_username", "$db_password") or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
if(!isset($_POST['newpassword']))
{
$query = "SELECT email FROM tokens WHERE token='" . $token . "' AND used = 0";
$result = mysql_query($query);
while($row = mysql_fetch_array($result))
{
$email = $row['email'];
}
if ($email != '')
{
$_SESSION['email'] = $email;
}
else
{
echo "Invalid link or Password already changed";
}
}
$pass = $_POST['newpassword'];
$email = $_SESSION['email'];
//Save new password
if(isset($_POST['newpassword']) && isset($_SESSION['email']))
{
$query = "UPDATE users SET password = SHA('$password') WHERE email='" . $email . "'";
$result = mysql_query($query);
if($result)
{
mysql_query("UPDATE tokens SET used=1 WHERE token='" . $token . "'");
}
echo "Your password has been changed successfully";
if(!$result)
{
echo "An error occurred. Please try the again or contact us at admin#domain.com";
}
}
?>
<table align="center" style="padding-bottom:40px;">
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<tr>
<td>New Password:</td>
<td><input type="password" name="newpassword" id="password"/></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Change Password"></td></tr>
<input type="hidden" name="reset" value="TRUE" />
</form>
</table>
Please, if you need any more information or code, please do not hesitate to ask.
Thanks in advance!
I don't see anywhere where you are passing the token parameter to the server on the reset page after entering the new password parameter. You should have another hidden <input /> control, I would expect. $_SERVER['PHP_SELF'] does not return query string parameters. That is likely the cause of your current problem.
Specifically,
<table align="center" style="padding-bottom:40px;">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<tr>
<td>New Password:</td>
<td><input type="password" name="newpassword" id="password"/></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Change Password"></td></tr>
<input type="hidden" name="reset" value="TRUE" />
</form>
</table>
should be
<table align="center" style="padding-bottom:40px;">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<tr>
<td>New Password:</td>
<td><input type="password" name="newpassword" id="password"/></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Change Password"></td></tr>
<input type="hidden" name="reset" value="TRUE" />
<input type="hidden" name="token" value="<?php echo $_REQUEST['token']; ?>" />
</form>
</table>
Make sure you also change any $_GET['token']s to $_REQUEST['token'] as it will be GET the first time, then POST the second.
That being said, your much larger problem is the ability for me to bypass all your security by specifying ' or 1=1 or ' as my token. Or, I could be mean and do a nice '; update users set password = SHA('IKnowThisPassword') where username = 'admin'; --
Moral of the story being parameterized SQL (How can I prevent SQL injection in PHP?)
I have a login page (local intranet so dont worry about the security issues).
This page consists of the following form code :
<form action="auth.php" method="get" class="blocklogin">
<tr>
<td class="blocklogin" ><div align="left">Username: <input class="blocklogin" type="text" name="username" id="username" /><br />
</div></td>
</tr>
<tr>
<td class="blocklogin" ><div align="left">Password: <input class="blocklogin" type="password" name="password" id="password" />
</div></td>
</tr>
<tr>
<td colspan="2" class="blockloginfoot" title="Login"><input name="Login" type="submit" value="Login" /></td>
</form>
Now im trying to pass the username and password via the http link by doing the following :
http://localhost/folder/user_login.php?username=user#test&password=test123
But this does not seem to work,its suppose to use the details in the link to login. Am I missing something?
Pls help
The form action auth.php
<?php
session_start();
require_once('database.php');
$username = $_GET['username'];
$password = $_GET['password'];
$sql = "SELECT * FROM access_getaccountswithinfo WHERE username='".$username."' AND password='".$password."'";
$run = mysql_query($sql);
$row = mysql_fetch_array($run);
if (mysql_num_rows($run) == 1) {
$_SESSION['logged_in'] = true;
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
$_SESSION['packagename'] = $row['packagename'];
$_SESSION['creation-date'] = $row['creation-date'];
$_SESSION['cap'] = $row['cap'];
$_SESSION['total'] = $row['total'];
$_SESSION['remainingtopup'] = $row['remainingtopup'];
header("location: usage.php");
} else {
header("location: user_login.php");
}
mysql_close($link);
?>
Database code - database.php :
<?php
$link = mysql_connect('localhost', 'dbase', 'pass123');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
// make dbase the current db
$db_selected = mysql_select_db('dbase', $link);
if (!$db_selected) {
die ('Can\'t use foo : ' . mysql_error());
}
?>
If you try via url:
http://yourserver.com/folder/user_login.php?username=user#test&password=test123
You should use $_GET['username'] and $_GET['password'] to retrieve the value.
Otherwise if you submitting it, use $_POST['username'] and $_POST['password']
May this help.
Your html form uses the method "post" to send the data to your php script. Post data is sent in the header and the setup you have now should work.
When doing it via url you can get the parameters using "$_GET", not "$_POST".
Also, remember to htmlspecialchars() what you send from the form.
instead of using URL passing values to user_login.php where the form is...you have to pass it to auth.php which is the php that actually captures the values as follow
http://localhost/folder/auth.php?username=user#test&password=test123
I've made a register.php file to sign up for a website I'm currently building. I'm running XAMPP to host my website and test it before I upload it via a paid host. After making the php file with the help of a few video's and online forums I opened it in google chrome and filled out the registration form I had created. But upon pressing 'submit' was presented with the following errors instead of having the user info successfully written into the mysql database.
Deprecated: Function eregi_replace() is deprecated in C:\xampp\htdocs\register.php on line 53
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\register.php on line 56
Deprecated: Function eregi_replace() is deprecated in C:\xampp\htdocs\register.php on line 97
Deprecated: Function eregi_replace() is deprecated in C:\xampp\htdocs\register.php on line 98
Deprecated: Function eregi_replace() is deprecated in C:\xampp\htdocs\register.php on line 99
Deprecated: Function eregi_replace() is deprecated in C:\xampp\htdocs\register.php on line 100
I know that the reason for errors related to the eregi_replace() function is because it is no longer being supported/used by the php language. I also am aware there is an alternative of preg_replace() However the problem stands that as a newbie in the field of php I am not able to come up with a solution. I'm learning a little more everyday but I need this page done quickly to continue on with my website and with school I don't have time to try out so many multiple blocks of code to come up with a solution. I apologize; I'm going to need a little spoon feeding. :/ If you can take my code and tell me how to fix the errors listed above, or even better respond with a fixed copy of the code, It would be very greatly appreciated! Thank you for your time and once again I apologize for my lack of knowledge.
register.php:
<?php
//User check log
//include_once("Scripts/checkuserlog.php");
?>
<?php
// let's initialize vars to be printed to page in the HTML section so our script does not return errors
// they must be initialized in some server environments
$errorMsg = "";
$firstname = "";
$lastname = "";
$email1 = "";
$email2 = "";
$pass1 = "";
$pass2 = "";
// This code runs only if the form submit button is pressed
if (isset ($_POST['firstname'])){
/* Example of cleaning variables in a loop
$vars = "";
foreach ($_POST as $key => $value) {
$value = stripslashes($value);
$vars .= "$key = $value<br />";
}
print "$vars";
exit();
*/
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$firstname = stripslashes($firstname);
$lastname = stripslashes($lastname);
$email1 = stripslashes($email1);
$pass1 = stripslashes($pass1);
$email2 = stripslashes($email2);
$pass2 = stripslashes($pass2);
$firstname = strip_tags($firstname);
$lastname = strip_tags($lastname);
$email1 = strip_tags($email1);
$pass1 = strip_tags($pass1);
$email2 = strip_tags($email2);
$pass2 = strip_tags($pass2);
// Connect to database
include_once "/Scripts/connect_to_mysql.php";
$emailCHecker = mysql_real_escape_string($email1);
$emailCHecker = eregi_replace("`", "", $emailCHecker);
// Database duplicate e-mail check setup for use below in the error handling if else conditionals
$sql_email_check = mysql_query("SELECT email FROM members WHERE email='$emailCHecker'");
$email_check = mysql_num_rows($sql_email_check);
// Error handling for missing data
if ((!$firstname) || (!$lastname) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2)) {
$errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';
if(!$firstname){
$errorMsg .= ' * First Name<br />';
}
if(!$lastname){
$errorMsg .= ' * Last Name<br />';
}
if(!$email1){
$errorMsg .= ' * Email Address<br />';
}
if(!$email2){
$errorMsg .= ' * Confirm Email Address<br />';
}
if(!$pass1){
$errorMsg .= ' * Login Password<br />';
}
if(!$pass2){
$errorMsg .= ' * Confirm Login Password<br />';
}
} else if ($email1 != $email2) {
$errorMsg = 'ERROR: Your Email fields below do not match<br />';
} else if ($pass1 != $pass2) {
$errorMsg = 'ERROR: Your Password fields below do not match<br />';
} else if ($email_check > 0) {
$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside our database. Please use another.<br />";
} else { // Error handling is ended, process the data and add member to database
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
$firstname = mysql_real_escape_string($firstname);
$lastname = mysql_real_escape_string($lastname);
$email1 = mysql_real_escape_string($email1);
$pass1 = mysql_real_escape_string($pass1);
$firstname = eregi_replace("`", "", $firstname);
$lastname = eregi_replace("`", "", $lastname);
$email1 = eregi_replace("`", "", $email1);
$pass1 = eregi_replace("`", "", $pass1);
// Add MD5 Hash to the password variable
$db_password = md5($pass1);
// Add user info into the database table for the main site table(audiopeeps.com)
$sql = mysql_query("INSERT INTO members (firstname, lastname, email, password, sign_up_date)
VALUES('$firstname','$lastname','$email1','$db_password', now())")
or die (mysql_error());
$id = mysql_insert_id();
// Create directory(folder) to hold each user's files(pics, MP3s, etc.)
mkdir("members/$id", 0755);
//!!!!!!!!!!!!!!!!!!!!!!!!! Email User the activation link !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$to = "$email1";
$from = "admin#Connect.CloudNine.com";
$subject = "Complete your registration at Cloud Nine";
//Begin HTML Email Message
$message = "Hi $firstname,
Complete this step to activate your login identity at [ yourdomain ].
Click the line below to activate when ready.
localhost/activation.php?id=$id&sequence=$db_password
If the URL above is not an active link, please copy and paste it into your browser address bar
Login after successful activation using your:
E-mail Address: $email1
Password: $pass1
See you on the site!
";
//end of message
$headers = "From: $from\r\n";
$headers .= "Content-type: text\r\n";
mail($to, $subject, $message, $headers);
$msgToUser = "<h2>One Last Step - Activate through Email</h2><h4>OK $firstname, one last step to verify your email identity:</h4><br />
In a moment you will be sent an Activation link to your email address.<br /><br />
<br />
<strong><font color=\"#990000\">VERY IMPORTANT:</font></strong>
If you check your email with your host providers default email application, there may be issues with seeing the email contents. If this happens to you and you cannot read the message to activate, download the file and open using a text editor.<br /><br />
";
include_once 'msgToUser.php';
exit();
} // Close else after duplication checks
} else { // if the form is not posted with variables, place default empty variables
$errorMsg = "Fields marked with an [ * ] are required";
$firstname = "";
$lastname = "";
$email1 = "";
$email2 = "";
$pass1 = "";
$pass2 = "";
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome To Cloud Nine</title>
<link href="CSS/register.css" rel="stylesheet" type="text/css">
<link href="CSS/css_boxes_register.css" rel="stylesheet" type="text/css">
<link href="CSS/reg_table_register.css" rel="stylesheet" type="text/css">
</head>
<body>
<!--Floating Dock-->
<div id="floating_dock">
<img src="Images/cloudnine_logo.png" width="220px">
<img src="Images/button.png" width="75" height="50" id="button"></div>
<!--Floating Dock End-->
<!--Content Wrap-->
<div id="container_alt">
<form action="register.php" method="post" enctype="multipart/form-data" class="box">
<h3>Account Registration</h3>
<p> </p>
<p>
<table width="447" border="0" align="center" cellpadding="5" cellspacing="1">
<tr>
<td width="435" align="center" valign="middle"><?php print "$errorMsg"; ?></td>
</tr>
<tr>
<td align="center">First Name</td>
</tr>
<tr>
<td align="center"><input name="firstname" type="text" id="firstname" value="<?php print "$firstname";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center">Last Name</td>
</tr>
<tr>
<td align="center"><input name="lastname" type="text" id="lastname" value="<?php print "$lastname";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center">Password</td>
</tr>
<tr>
<td align="center"><input name="pass1" type="text" id="pass1" value="<?php print "$pass1";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center">Confirm Password</td>
</tr>
<tr>
<td align="center"><input name="pass2" type="text" id="pass2" value="<?php print "$pass2";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center">Email</td>
</tr>
<tr>
<td align="center"><input name="email1" type="text" id="email1" value="<?php print "$email1";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center">Confirm Email</td>
</tr>
<tr>
<td align="center"><input name="email2" type="text" id="email2" value="<?php print "$email2";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center"><input type="submit" name="submit" value="Submit Form"></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td> </td>
</tr>
</table>
</p>
</form>
</div>
</body>
</html>
No need to do regexp if you don't need it. Change
eregi_replace("`", "", $emailCHecker);
to
str_replace("`", "", $emailCHecker);
Do not use the mysql_* functions since they are deprecated. Use mysqli or PDO or whatever flavor you like but do not use mysql_* anymore!
Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL
extension should be used. See also MySQL: choosing an API guide and
related FAQ for more information.
I successfully added a column into a table in MySQL when I insert data via a PHP form, the email and the password are added successfully but not the username.
When I display the table the "Usernames" tables remains blank.
Here is the PHP form:
<html>
<head>
<title>Register</title>
</head>
<body>
<?php
if(isset($_POST['add']))
{
$dbhost = 'localhost:3036';
$dbuser = 'xxxx';
$dbpass = 'xxxxxxx';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
if(! get_magic_quotes_gpc() )
{
$email = addslashes ($_POST['email']);
$password = addslashes ($_POST['password']);
$usernames = addslashes ($_POST['usernames']);
}
else
{
$email = $_POST['email'];
$password = $_POST['password'];
$usernames = $POST['usernames'];
}
$sql = "INSERT INTO users (email,usernames,password) VALUES ('$email', '$usernames', ENCRYPT('$password'))";
mysql_select_db('dbname');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Your Email #foo.com</td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td width="100">Your Username</td>
<td><input name="usernames" type="text" id="usernames"></td>
</tr>
<tr>
<td width="100">Your Password</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="add" type="submit" id="add" value="Register">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
I added the column for usernames using the command line:
ALTER TABLE tbname ADD usernames VARCHAR(55) NOT NULL;
It was added but when a user registers, his username is not showing. Only the email and the encrypted password are added.
Any help would be greatly appreciated.
Change this line
$usernames = $POST['usernames'];
Change it to
$usernames = $_POST['usernames'];
First of all don't use mysql, use mysqli/pdo. Turn off magic quotes and if you stick with mysql (don't) switch addslashes() to mysql_real_escape_string().
And you're having:
$usernames = $POST['usernames'];
Missing _:
$usernames = $_POST['usernames'];
But your database schema (namely NOT NULL) should take care of not having empty data, so also make sure that your select is correct.
Don't use the mysql_* functions and at least escape all user input....
change
$usernames = $POST['usernames'];
to
$usernames = $_POST['usernames'];
When developing enable display_errors so you can easily spot this error:
error_reporting(E_ALL);