Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 5 years ago.
Improve this question
When the user deletes a project from my website a simple query deletes the attached records from the DB and the user is taken to the home page, which will show a bar at the top of the page "Project Deleted" I do this by having a GET 'err' in the URL, so when err isset the number next to it defines what alert should be shown at the top of the page.
The problem I am having is that the 4th alert is being shown instead of the 8th when this php script is run.
PHP:
if (mysqli_query($conn, "DELETE FROM projects WHERE id='$del' AND user_id ='$user_id'")) {
if (mysqli_query($conn, "DELETE FROM refs WHERE project_id='$del' AND user_id ='$user_id'")) {
setcookie("project_cookie", 0);
header("Location: index.php/?del=8");
}
}
Alerts.php (attached at the top of the header file):
if (isset($_GET['err'])) {
$err = $_GET['err'];
$type = "err";
if ($err == "1") { $alert = "Incorrect Email or Password"; }
elseif ($err == "2") { $alert = "Email address already exists"; }
elseif ($err == "3") { $alert = "All fields require values"; }
elseif ($err == "4") { $alert = "Reference Deleted"; }
elseif ($err == "5") { $alert = '' . '<b>' . "Signup" . '</b>' . ''. " " . "to create and save references"; }
elseif ($err == "6") { $alert = "You can only have 8 projects"; }
elseif ($err == "7") { $alert = "Select a project on the left hand side first"; }
elseif ($err == "8") { $alert = "You have deleted a project"; }
}
I have looked at this for a long while and have no idea why the 4th alert shows instead of the 8th when the PHP Delete script is run.
Change,
header("Location: index.php/?del=8");
To,
header("Location: index.php/?err=8");
Because,
if (isset($_GET['err'])) {
Not,
if (isset($_GET['del'])) {
Related
I have a login script I want if user attempt 3 invalid password then the username associated to them would be disabled or blocked for a day / 24hrs.
Since I make a if condition in php login code where status=3 alert your account is blocked for a day.
status is my database column name which count the value of invalid login of user from 1 to 3 maximum.
But issue is my here that is how I make the status automatically count or increase like 1, 2, 3 in user invalid login.
How to I add this function with my login code
I have not idea about that. On YouTube there is not any video regards this even in other website.
Stackoverflow is my last hope where someone helps user.
Please have a look at this question and help to create satatus count automatic when user inter invalid password.
My login PHP is : https://pastebin.com/QpwDtjBg
Thank you in advance
You're gonna want to use PHP's $_SESSION object.
In the code block where you detect bad user/pass combos, add an iterator to the session.
First, add a session entry to the top of your script (Or wherever you define global variables), for bad_logins, and start your session.
session_start();
$_SESSION['bad_logins'] = 0;
Then in the part of your code where you detect a bad login, increment the bad logins by 1.
$_SESSION['bad_logins']++;
This will allow you to then check for bad attempts with an if statement
if($_SESSION['bad_logins'] > 3) {
// Do something here.
}
The script you linked has some other issues you may want to address prior to adding this in though.
You just need to add an update to the field 'status' on the database with 1, 2 or 3, on the IF condition:
if($data == NULL || password_verify($password, $data['Password']) == false) {
And read that same field, when the submit form is sent every single time... if it is already 3, then just skip to the IF condition
if($data['Status'] == "//auto count//")
Something like this (haven't tested the code) and the code should be function based, at least...
`
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
if(isset($_POST['submit'])) {
$messages = array(
'INVALID_EMAIL' => "<div class='alert-box warning error'><span>Invalid format, re-enter valid email.</span></div>",
'ALL_FIELDS_REQUIRED' => "All field is mandatory! case sensitive.",
'VERIFY_EMAIL' => "Please verify your email!",
'INVALID_COMBINATION' => "Invalid username or password combinations.",
'BLOCKED' => "you are blocked for a day. <a href='#'><span>Know why?<span></a>",
);
$msg = "";
$error = false;
$con = new mysqli("localhost", "softwebs_softweb", "test#123", "softwebs_cms");
$email = $con->real_escape_string(htmlspecialchars($_POST['username']));
$password = $con->real_escape_string(htmlspecialchars($_POST['password']));
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$msg = $messages['INVALID_EMAIL'];
$error = true;
}
if ($email == "" || $password == "") {
$msg = $messages['ALL_FIELDS_REQUIRED'];
$error = true;
}
if(!$error) {
$sql = $con->query("SELECT * FROM users where Email_ID = '$email' ");
if ($sql->num_rows > 0) {
$data = $sql->fetch_array();
// Blocked
if ($date['status'] === 3) {
$msg = $messages['BLOCKED'];
$error = true;
}
if ($data['isEmailConfirm'] == "0") {
$msg = $messages['VERIFY_EMAIL'];
$error = true;
}
if ($data == NULL || password_verify($password, $data['Password']) == false) {
$msg = $messages['INVALID_COMBINATION'];
$error = true;
// Update the status + 1
$sql = $con->query("UPDATE users SET status = " . $statusData['status'] + 1 . " WHERE Email_ID = '$email' ");
}
}
}
if($error && trim($msg) !== "") {
$msg = "<div class='alert-box error'><span>$msg</span></div>";
} else {
session_start();
$_SESSION['login']=$_POST['username'];
$_SESSION['id']=$data['id'];
header('location: ./account/dashboard.php');
}
}
?>
`
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 7 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
I want to update a row on a table and it is not updating.
This is my html and php code :
<?php
if ($_GET) {
if (isset($_GET['id'])) {
$id = preg_replace('#[^0-9]#', '', $_GET['id']);
echo $id;
$query = "SELECT * FROM posts WHERE id='{$id}'";
$result = mysqli_query($connect, $query);
$rows = mysqli_fetch_assoc($result);
} elseif (empty($_GET['id'])) {
header("location: manage_posts.php");
}
}
?>
<form action="modify_post.php?id=<?php echo $id; ?>" method="post">
<h3>Post Title <?php //echo $id; ?></h3>
<input name="title" value="<?php echo $rows['title'];?>" type="text" placeholder="Title here ..." id="title" required>
<h3>Post Content</h3>
<textarea name="content" required placeholder="Title here ..." style="resize: none"><?php echo $rows['content'];?></textarea>
<br/>
<input type="submit" value="Update" id="submit"/>
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_POST['title'] != "" || $_POST['content'] != "") {
$id = preg_replace('#[^0-9]#', '', $_GET['id']);
$sql = "UPDATE posts SET title='{$_POST['title']}', content='{$_POST['content']}' WHERE id='{$id}'";
$update_result = mysqli_query($connect, $sql);
if (isset($result)) {
echo "<h2>Update successfully, redirecting back ...</h2>";
} else {
echo "Record hasn't been Updated" . mysqli_errno($result);
}
header("location: manage_posts.php");
} else {
echo "<h3>Please fill all fields</h3>";
}
}
?>
This is all what I could came up with !
I don't know where is the problem coming from ?
a) avoid sql injections e.g. with prepared statements + parameters
b) add more error handling and parameter checking.
<?php
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo 'wrong method';
}
else if ( !isset($_POST['title'], $_POST['content']) ) {
echo 'missing POST parameters';
}
else if ( !isset($_GET['id']) ) {
echo 'missing GET parameter';
}
else if ($_POST['title'] == "" || $_POST['content'] == "") {
echo '<h3>Please fill all fields</h3>';
}
else {
$stmt = $connect->prepare('UPDATE posts SET title=?, content=? WHERE id=?');
if ( !$stmt ) {
trigger_error('prepare failed', E_USER_ERROR);
}
else if ( !$stmt->bind_param('sss', $_POST['title'], $_POST['content'], $_GET['id']) ) {
trigger_error('bind_param failed', E_USER_ERROR);
}
else if ( !$stmt->execute() ) {
trigger_error('execute failed', E_USER_ERROR);
}
else {
echo '# of updated rows: ', $stmt->affected_rows();
}
}
see also
http://docs.php.net/mysqli.error-list
http://docs.php.net/mysqli-stmt.error-list
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I have php file where i need to check if variables are not empty and then update the table.Everything works fine except alert.
<?php
$con=mysql_connect("localhost","root","");
mysql_select_db("sg",$con);
error_reporting(0);
$result1=mysql_query("select DeclarationNo,DeclarantReferenceNo from sg_report where DeclarationNo='$dec' OR DeclarantReferenceNo='$dec'");
if(isset($_POST['myText'])){ $cn = $_POST['myText']; }
if(isset($_POST['myText1'])){ $dec = $_POST['myText1']; }
if(isset($_POST['tb3'])){ $rem = $_POST['tb3']; }
I want a alert box to come up when records are updated
if( !empty($dec) && !empty($rem) ){
$result=mysql_query("update sg_report set CreditNoteStatus='$cn',Remarks='$rem' where DeclarationNo='$dec' OR DeclarantReferenceNo='$dec'");
echo "<script type='text/javascript'>alert('Updated successfully!');</script>";
}
I want a alert box to come up if all values are not entered
if(empty($dec) || empty($rem) ) {
echo "<script type='text/javascript'>alert(\"Please enter all Values\");window.location=\"view3.php\";</script>";
}
?>
if(isset($_POST['myText']) && isset($_POST['myText1']) && isset($_POST['tb3']))
{
$result=mysql_query("update sg_report set CreditNoteStatus='$cn',Remarks='$rem' where DeclarationNo='$dec' OR DeclarantReferenceNo='$dec'");
if($result)
{
echo "<script type='text/javascript'>alert('Updated successfully!');</script>";
}
}
else
{
echo "<script type='text/javascript'>alert(\"Please enter all Values\");window.location=\"view3.php\";</script>";
}
Try this one
if(trim($_POST['myText'])!=''&&trim($_POST['myText1'])!=''&&trim($_POST['tb3'])!='')
{
$result=mysql_query("update sg_report set CreditNoteStatus='$cn',Remarks='$rem' where DeclarationNo='$dec' OR DeclarantReferenceNo='$dec'");
if($result)
{
echo "<script type='text/javascript'>alert('Updated successfully!');</script>";
}
}
else
{
echo "<script type='text/javascript'>alert(\"Please enter all Values\");window.location=\"view3.php\";</script>";
}
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I write this but it doesnt work, can`t find the error.
this server side code get the the variable $cpu & $display and use it in select from the data base. when the variable is not important "*" will be sent.
<?php
if (isset($_REQUEST['action']))
{
$action = $_REQUEST['action'];
}
else
{
echo "Invalid Data";
exit;
}
if ($action == "read")
{
readData();
}
function connectToDatabase()
{
$connection = mysqli_connect("localhost", "root", "", "project_pro");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
return $connection;
}
function readData()
{
$connection = connectToDatabase();
$cpu = $_REQUEST['cpu'];
$display = $_REQUEST['display'];
This is the part that problem exists:
$sql = "Select * From phones WHERE";
if ($cpu == "*")
{
}
else
{
$sql+= " phone_cpu='$cpu'";
}
if ($display == "*")
{
}
else
{
$sql+= " AND phone_display='$display'";
}
$output = array();
while ($row = mysqli_fetch_array($result))
{
$record = array();
$record['phone_id'] = $row['phone_id'];
$record['phone_cpu'] = $row['phone_cpu'];
$output[] = $record;
}
echo json_encode($output);
mysqli_close($connection);
}
The concatenation operator in PHP is . not +. So change += to .=.
I've been struggling to have a text form field required. So when some one doesn't fill his name he will receive an error like 'No title filled!'
I got this now but it doesn't work that well cause when I submit it insert into the db.
if(isset($_POST['submit'])) {
$update = "UPDATE post SET `title`='$_POST[title]', `pic`='$_POST[pic]', `youtube`='$_POST[youtube]' WHERE id = $_POST[id]";
$db->query($update) or die($db->error);
if($_POST['title'] == "") {
$error = "Title is required!";
}
if ($_POST['pic'] == "") {
$error = "Picture is required!";
}
if(isset($error)){
echo $error;
} else {
echo '<p>Your post has been updated!</p>';
}
}
You need to stop your code from being executed if an error is found, not just echo the error. All your other code that submits the data to the database should ONLY be executed if there is no error. Try something like this:
Edit: Upon seeing the update to your code, this is what you need to do:
if(isset($_POST['submit'])) {
if(!isset($_POST['title']) || trim($_POST['title']) == "") {
$error = "Title is required!";
}
if (!isset($_POST['pic']) || trim($_POST['pic']) == "") {
$error = "Picture is required!";
}
if(isset($error)){
echo $error;
} else {
$update = "UPDATE post SET `title`='" . mysql_real_escape_string($_POST['title']) . "', `pic`='" . mysql_real_escape_string($_POST['pic']) ."', `youtube`='" . mysql_real_escape_string($_POST['youtube']) ."' WHERE id = " . mysql_real_escape_string($_POST['id']);
$db->query($update) or die($db->error);
echo '<p>Your post has been updated!</p>';
}
}
The problem is, your data was being submitted to the database no matter what happened after with the validation - by the time you checked for errors it was too late, as the SQL had already been executed.
If you do it the way shown above, it will only submit if the $error variable is not set, which is what you want.
I wouldn't just rely on
if($_POST['title'] == "")
because it will not work if someone enters a space into the text field. For one thing, a title shouldn't be too long? So you can set a max-length for it?
Also maybe run a few more checks such as:
I wouldn't just rely on
if(!isset($_POST['title'] || $_POST['title'] == "" || $_POST['title'] == " ")
{
// Error
}
else
{
// Database query
}
You want the else, otherwise it will always execute the database query, whether or not they haven't filled out the form properly.