I'm a novice at mysql having trouble with inserting fields. I have created a login form and a homepage form for users to enter personal details. The login form submitted to mysql database fine, but the personal details form refused to submit; only when I specified the same fields as the first form did the form submit. Obviously, I would like to add new data in the second form, and I would appreciate tips on organizing my database, which consists of a single table profile.It stores info on every user including fields: id,username,password,avatar,location,goal, etc.
Appreciate your help & patience. I will combine the info from the two forms into a user record eventually. Right now, though, I would like to know why no new entry is created or error message displayed even though my error display is turned on.
EDIT:: sorry for not including whole code
loginform.php (works fine)
<?php
require("connect.php");
session_start();
$query = "SELECT * FROM `profile`";
if ($query_run=mysqli_query($cnn,$query))
{
echo "
<h1>Sign up for Runners World</h1>
<form action='' method='post'>
Username: <input type='text' name='username'><br>
Email: <input type='text' name='email'><br>
Password: <input type='text' name='pw'><br>
<input type='submit' name='submit' value='submit'>
</form>
";
}
else {
die("<br>could not connect to table");
}
?>
<?php
if (isset($_POST['submit']))//if you submitted the form
{
$username = $_POST['username'];
$password = $_POST['pw'];
$email = $_POST['email'];
if ($username and $password and $email)
{
$addLogin = "INSERT INTO profile (username,email,password) VALUES ('$username','$email','$password')";
$success = $cnn->query($addLogin);
if ($success)
{
$_SESSION['name']="$username";
echo("<script>location.href = 'homePage.php';</script>");
}
else
{
die("login data failed to reach database");
}
}
else {echo "please fill out all the fields";}
}
else {
$submit=null;
echo 'no form submitted';
}
?>
addDetails.php (not submitting)
<?php
session_start();
error_reporting(E_ALL);
ini_set("display_errors",1);
require("connect.php");
require("login.php");
echo "<h1>Welcome ".$_SESSION['name']."</h1>";
echo "<form action='' method='post'>
Avatar: <input type='text' name='avatar'><br>
Location: <input type='text' name='location'><br>
Descripiton: <input type='text' name='about'><br>
Daily Goal: <input type='text' name='goal'><br>
<input type='submit' value='submit' name='submit'>
</form>
";
$avatar = $_POST['avatar'];
$location = $_POST['location'];
$goal = $_POST['goal'];
$about = $_POST['about'];
if (isset($_POST['submit']))
{
$sql = "INSERT INTO profile (avatar,location,goal) VALUES ('$avatar','$location','$goal')";
if ($cnn->query($sql)===TRUE)
{echo "you have inserted profile fields";}
else
{echo "sqlQuery failed to insert fields";}
}
?>
If you want to add data to a row that already exists, look up the UPDATE command in SQL
You should change the Sql statement in 'addDetails.php' to:
UPDATE profile
SET avatar={$avatar}, location={$location}, goal={$goal}
WHERE id={$id}
By the way you should never ever use this statement in your production, it is not safe, you should keep in mind to prevent Sql injection.
Related
I am trying to implement this flow:
User signs up with email address
User receives email with validation link
User follows link to a page asking to set a password
User sets password
Here's the code I have so far:
$email = $_GET['email'];
$verification_code = $_GET['verification_code'];
$validation_message = "";
$self = htmlspecialchars($_SERVER["PHP_SELF"]);
if(isset($_POST['submit'])) {
if ($_POST['password'] == "") {
$validation_message = "Please enter a password";
echo "<form id='verify-email-form' action='$self' method='post'><h1 id='set-password-input' class='h1-splash h1-password'>Choose a password</h1><input type='hidden' name='email' value='$email'><input type='hidden' name='verification_code' value='$verification_code'><input type='password' name='password' class='text-input' placeholder='Password'><button type='submit' name='submit' id='submit-input-splash'>Go!</button></form><p id='validation-message'>$validation_message</p>";
}
else {
echo $_POST['email'];
echo $_POST['password'];
}
}
else {
require 'connect.php';
$sql = "SELECT * FROM users WHERE email='$email' AND verification_code='$verification_code' AND active='0'";
$result = $con->query($sql);
if ($result->num_rows > 0) {
echo "<form id='verify-email-form' action='$self' method='post'><h1 id='set-password-input' class='h1-splash h1-password'>Choose a password</h1><input type='hidden' name='email' value='$email'><input type='password' name='password' class='text-input' placeholder='Password'><button type='submit' name='submit' id='submit-input-splash'>Go!</button></form><p id='validation-message'>$validation_message</p>";
}
else {
echo "Invalid activation code.";
}
}
?>
The URL is in this format: www.example.com/activate.php?email=name#example.com+verification_code=1234567890
I'm tripping up at the eventuality that a user presses submit without typing anything in the password field. It reloads the page to activate.php but without the variables in the URL, so the email address can't be submitted if the user then does type a password.
Is there a workaround for this, or a better way of structuring it?
You are sending those variables as POST and trying to read them as GET: $_GET['verification_code'];
Just change the form method to GET or read the variables as POST.
I want it so that when the user types into the textarea/input and clicks save changes, the information they input has been added and saved into the database. Below is my code:
$name = $_SESSION['u_name'];
$uid = $_SESSION['u_uid'];
$id = $_SESSION['u_id'];
$con = mysqli_connect("localhost", "root", "pass123", "db_name");
if ($con->connect_error) {
die("Connection failed: " . $conn->connect_error);
echo "<script type='text/javascript'>alert('connection failed. try again');</script>";
}
$remind1 = $_POST['remind1'];
$remind2 = $_POST['remind2'];
$remind3 = $_POST['remind3'];
$remind4 = $_POST['remind4'];
$remind5 = $_POST['remind5'];
if (isset($_POST['updBtn'])){
$sql = "UPDATE reminders SET remindone='$remind1' WHERE username='$uid'";
if ($con->query($sql) === TRUE) {
echo "<script type='text/javascript'>alert('Updated successfully');</script>";
}else{
echo "<script type='text/javascript'>alert('error while updating. try again');</script>";
}
}
Below is the corresponding HTML:
<form action="body.php" method="post">
<input type="submit" class="sideBtn" value="Save Changes" name="updBtn"><br>
<input type="text" class="event" name="remind1"><br>
<input type="text" class="event" name="remind2"><br>
<input type="text" class="event" name="remind3"><br>
<textarea class="event" name="remind4"></textarea><br>
<textarea class="event" name="remind5"></textarea><br>
</form>
Ideally what would happen, is that whatever the user types into the textarea/input is updated in the database, then they can access and later tweak the text if they need to.
I have been able to pinpoint that my problem is somewhere along the $_POST variables in my PHP as, if I were to substitute the aforementioned variable with a string as such:
$sql = "UPDATE reminders SET remindone='hello' WHERE username='$uid'";
...it works perfectly. But with when using the POST variable, it does not work.
How can I fix this mistake of mine and make it so that the user is able to post text into the database? Is the $_POST variable required here or is there another method to achieve this?
Hi every one please help me I have problem with my code . I want to store my form data into database but can not instead i got success message ( thank you for your comment)
Please help me
My form code is this
com_form.php
<form method='post'>
Name: <input type='text' name='name' id='name' /><br />
Email: <input type='text' name='email' id='email' /><br />
Comment:<br />
<textarea name='comment' id='comment'></textarea><br />
<input type='hidden' name='articleid' id='articleid' value='<? echo $_GET["id"]; ?>' />
<input type='submit' value='Submit' />
</form>
</form>
and PHP code is this
manage_com.php
<?
if( $_POST )
{
$con=mysqli_connect("localhost","root","password","dbname");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="SELECT name,email,comment FROM comments ";
$retval=mysqli_query($con,$sql);
$users_name = $_POST['name'];
$users_email = $_POST['email'];
$users_comment = $_POST['comment'];
$users_name = mysqli_real_escape_string($con, $_POST['$users_name']);
$users_email = mysqli_real_escape_string($con, $_POST['$users_email']);
$users_comment = mysqli_real_escape_string($con, $_POST['$users_comment']);
$articleid = $_GET['id'];
if( ! is_numeric($articleid) )
die('invalid article id');
$query = "
INSERT INTO `pricemom_comment`.`comments` (`id`, `name`, `email`,
`comment`, `post_date`, `articleid`) VALUES (NULL, '$users_name',
'$users_email', '$users_comment',
CURRENT_TIMESTAMP, '$articleid');";
mysqli_query($con,$query);
echo "<h2>Thank you for your Comment!</h2>";
mysqli_close($con);
}
?>
page where i want to show form
page1.php
<? include("manage_com.php"); ?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>page1 created by Afzal</title>
</head>
<body>
<img src="nature.jpg" alt="beautifull nature image" style="width:700px; align:center;height:200px;">
<h2>page1 created by Afzal</h2>
<p style="width:700px;">order to display comments on a page, we first need to know what comments to show. When we setup our site we created two pages, and each page was assigned a unique id number. This ID number will be used to gather comments for that specific page. For example, when the user is on page 1, we'll select all of the comments in the database assigned to page "1".</p>
<p style="width:700px;"> Now that we have our sample SQL query, we can use it to create the php code that will print all comments on a page. Below is the example code that we created. If you're not familiar with php, any line that begins with a // is a comment, and comments are used by developers to document their code. In our example, we have quite a few comments to help explain what the code is doing, but keep in mind that most scripts do not have as many comments.</p>
<?php
include("com_form.php");
?>
</body>
</html>
please fix my problem . where i make mistakes
NOTE: I got success message ( thank you for you comment) but comment not store in my database
Your echo statement display success no matter what happend.
Perform a query and check for error:
if (!mysqli_query($con,$query))
{
echo("Error description: " . mysqli_error($con)); die;
}
I think that the problem is connected with wrong sql request. You try to insert NUll value for id field.
I'm trying to update the user password in this code. I know it is not reliable since it does not has SQL injection prevention feature, I'm just trying to learn here.
anyway, using $_request variable in my code does not work with the database query, it works when I want to display the variable with echo.
PHP code:
$newPassword=$_POST['newPassword'];
$confirmPassword=$_POST['confirmPassword'];
$userID1=$_REQUEST['ID'];
$code=$_GET['$code'];
echo "<h1>Hello " . $userID1 . "</h1>";
if (isset($_GET['submit']))
{
if($newPassword == $confirmPassword ){
mysql_query("UPDATE facultymember SET password='$newPassword' WHERE ID='$userID1'");
$message = "Your password has been updated.";
}
else
{
$message = "New password does not equal Confirm password";
}
}
HTML form:
<form name="frmChange" action='newpass.php' method="GET" onSubmit="return validatePassword()">
<div style="color:red;" "class="message"><?php if(isset($message)) { echo $message; } ?></div>
Enter a new password
<input type="text" name="newPassword">
Re-enter the new password
<input type="text" name="confirmPassword">
<input name="submit" type="submit" value="Save Changes">
</form>
wrong object to get value , when you are submitting GET request method="GET"
$newPassword=$_POST['newPassword'];
$confirmPassword=$_POST['confirmPassword'];
or
$newPassword=$_GET['newPassword'];
$confirmPassword=$_GET['confirmPassword'];
and no ID param also attached
I was wondering if someone could give me a hand. My browser is executing most of my php code, but when it gets to certain line, it prints the code instead of executing it.
My code is:
<!DOCTYPE html>
<html>
<body>
<?php
//Display registration form
function register_form(){
$date = date('D, M, Y');
echo <form action='?act=register' method='post'>
Username: <input type='text' name='username' size='30'><br>
Password: <input type='password' name='password' size='30'><br>
Confirm your password: <input type='password' name='password_conf' size='30'><br>
Email: <input type='text' name='email' size='30'><br>
<input type='hidden' name='date' value='$date'>
<input type='submit' value='Register'>
</form>;
}
?>
<?php
//Register users data.
function register(){
//Connecting to database
$connect = mysql_connect("localhost", "username" "password");
if(!$connect){
die(mysql_error());
}
//Selecting database
$select_db = mysql_select_db("database", $connect);
if(!$select_db){
die(mysql_error());
}
?>
<?php
//Collecting info
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$pass_conf = $_REQUEST['password_conf'];
$email = $_REQUEST['email'];
$date = $_REQUEST['date'];
//Check input fields
if(!empty($username)){
die("Please enter your username!<br>");
}
if(!empty($password)){
die('Please enter your password!<br>');
}
if(!empty($pass_conf)){
die("Please confirm your password!<br>");
}
if(!empty($email)){
die("Please enter your email!");
}
?>
<?php
//Check username availability
$user_check = mysql_query("SELECT username FROM users WHERE username='$username'");
$do_user_check = mysql_num_rows($user_check);
//Check if email availability
$email_check = mysql_query("SELECT email FROM users WHERE email='$email'");
$do_email_check = mysql_num_rows($email_check);
//Display errors
if($do_user_check > 0){
die("Username is already in use!<br>");
}
if($do_email_check > 0){
die("Email is already in use!");
}
//Check if passwords match
if($password != $pass_conf){
die("Passwords don't match!");
}
?>
<?php
//Register user
$insert = mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')");
if(!$insert){
die("There's little problem: ".mysql_error());
}
echo $username.", you are now registered. Thank you!<br><a href=login.php>Login</a>" ;
}
?>
<?php
switch($act){
default;
register_form();
break;
case "register";
register();
break;
}
?>
</body>
</html>
It prints a lot of the closing ?> tags, but if I remove the tag as well as its opening counterpart, it prints all the code that was between. I've been stuck on this for the last few days and really need some help. Thanks in advance.
UPDATE
I figured it out. I was executing from the directory instead of the address. (not sure if I worded that right). So instead browser pointing to registration page from "http://localhost:port/register.php" it was pointing to "file:///C:/xampp/htdocs/register.php"
Put double quotes around anything you to be echoed since there are single quotes used inside the strings. A simple example:
Ps. you have some other syntax errors as well, but if only you care.
One of them on line 45: $connect = mysql_connect("localhost", "username" "password"); this is definitely not the way it should be. Even if it was;
Notice the missing comma after `"username". Should have been like:
$connect = mysql_connect("localhost", "username", "password");
For the current problem, try this:
<?php
//Display registration form
function register_form(){
$date = date('D, M, Y');
echo "<form action='?act=register' method='post'>
Username: <input type='text' name='username' size='30'><br>
Password: <input type='password' name='password' size='30'><br>
Confirm your password: <input type='password' name='password_conf' size='30'><br>
Email: <input type='text' name='email' size='30'><br>
<input type='hidden' name='date' value='$date'>
<input type='submit' value='Register'>
</form>;";
}
?>
You need to put double quotes around your echoed strings. (double, since you use single quotes inside your tags). If you remove the php-tags, it will be interpreted as just HTML i.e. it will just be sent out to the browser.
If for some reason you hate quotes, you might like to do it as a here document:
echo <<<EOF
<form action='?act=register' method='post'>
Username: <input type='text' name='username' size='30'><br>
...
EOF
There's also at least one missing comma in you code, which will keep that part from executing (in mysql_connect).
B.t.w. you shouldn't use the mysql_*-type functions anymore. They are marked deprecated and are prone to make your code succeptible to SQL injection attacks. I recommend working into PDOs.
And just for wiw, as someone already mentioned in the comments it is not the browser that executes this code. PHP is interpreted by the webserver. The only scripting language that is actually executed browserside is still javascript (correct me if I'm wrong.).