When I login it's suppose to insert, but instead does nothing.. On my register php it inserts data to accounts, but when i insert data into online it won't work..
PS- I'm new to PDO so I don't know what i'm doing wrong
<?php
session_start();
if(isset($_SESSION['users']) != ""){
echo '<script type="text/javascript">','index();','</script>';
}
include('../php/dbConnect.php');
$username = $_POST['username'];
$password = $_POST['password'];
$query = 'SELECT * FROM `accounts` WHERE username = ?';
$queryprepare = $conn->prepare($query);
$queryprepare->bindParam(1, $username, PDO::PARAM_STR);
$queryprepare->execute();
$row = $queryprepare->fetch();
if($row['password'] == md5($password))
{
$_SESSION['online'] = true;
$_SESSION['users'] = $username;
$_SESSION['userid'] = $row['id'];
$_SESSION['name'] = $row['name'];
$_SESSION['age'] = $row['age'];
$_SESSION['image'] = $row['image'];
$check_row = 'SELECT * FROM `online` WHERE username = ?';
$check_row_fetch = $conn->prepare($check_row);
$check_row_fetch->bindParam(1, $username, PDO::PARAM_STR);
$check_row_fetch->execute();
$number_of_rows = $check_row_fetch->rowCount();
if($number_of_rows != 0) {
echo '<script type="text/javascript">','redirect();','</script>';
}
else{
$online_insert = 'INSERT INTO online (username, name, age, image) VALUES (?, ?, ?, ?)';
$online_insert_fetch = $conn->prepare($online_insert);
$online_insert_fetch->bindParam(1, $SESSION['users'], PDO::PARAM_STR);
$online_insert_fetch->bindParam(2, $SESSION['name'], PDO::PARAM_STR);
$online_insert_fetch->bindParam(3, $SESSION['age'], PDO::PARAM_STR);
$online_insert_fetch->bindParam(4, $SESSION['image'], PDO::PARAM_STR);
$online_insert_fetch->execute();
echo '<script type="text/javascript">','redirect();','</script>';
}
}
else{
echo("Wrong Credentials");
}
?>
Related
This is my login verify. Im echoing everything for debugging
<?php
echo $email = $_POST['email'];
echo $password = $_POST['password'];
include 'conn.php';
$sql = $conn->prepare("SELECT id, password FROM user_info WHERE email=?");
$sql->bind_param('s',$email);
$sql->execute();
$result = $sql->get_result();
$row = $result->fetch_assoc();
$sql->close();
echo $hash = $row['password'];
if (password_verify($password, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
$conn->close();
?>
My SignUp page
<?php
include 'conn.php';
$name = $_POST['first_name']." ".$_POST['last_name'];
$email = $_POST['email'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$password = password_hash($password, PASSWORD_DEFAULT);
$sql = $conn->prepare("INSERT INTO `user_info` (`email`, `name`, `password`, `gender`) VALUES (?, ?, ?, ?)");
$sql->bind_param('sssi', $email, $name, $password, $gender);
$sql->execute();
$sql->close();
$conn->close();
?>
Snapshot of my database
Every time it just outputs to password invalid.
I have 2 tables that require insertion from a single form.
Table1 - user_info(user_id(primary), full_name, username, user_password, email)
Table 2 - user_personal_info(user_id(foreign), username(foreign), full_name(foreign), user_profession, user_phone, age)
The user_id is auto-increment.
I am trying to take the information received on the register form and insert them into each table. However, the first table takes all the information and the second one does not. I've tried doing two separate inserts with no success. Any help would be appreciated.
$full_name = $_POST['full_name'];
$username = $_POST['username'];
$email = $_POST['email'];
$user_password = $_POST['user_password'];
$password_hash = password_hash($user_password, PASSWORD_BCRYPT);
$id = $_SESSION['user_id'];
$user_profession = NULL;
$user_phone = NULL;
$age = NULL;
$query_user_info = $connection -> prepare("SELECT * FROM user_info WHERE EMAIL=:email");
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$query_user_info->execute();
if ($query_user_info-> rowCount() > 0) {
echo '<p class="error">The email address is already registered!</p>';
}
if ($query_user_info-> rowCount() == 0) {
$query_user_info = $connection->prepare("INSERT INTO user_info(full_name,username,user_password,email) VALUES (:full_name, :username, :password_hash,:email)");
$query_user_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_info->bindParam("password_hash", $password_hash, PDO::PARAM_STR);
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$result = $query_user_info->execute();
$query_user_personal_info = $connection->prepare ("INSERT INTO user_personal_info(user_id,full_name, username, email, user_profession, user_phone, age) VALUES (:id, :full_name, :username, :email, :user_profession, :user_phone, :age)");
$query_user_personal_info->bindParam("user_id", $id, PDO::PARAM_INT);
$query_user_personal_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_personal_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_personal_info->bindParam("email", $email, PDO::PARAM_STR);
$query_user_personal_info->bindParam("user_profession", $user_profession, PDO::PARAM_STR);
$query_user_personal_info->bindParam("user_phone", $user_phone, PDO::PARAM_INT);
$query_user_personal_info->bindParam("age", $age, PDO::PARAM_INT);
$result2 = $query_user_personal_info->execute();
if ($result) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">Something went wrong!</p>';
}
if ($result2) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">no bueno :(</p>';
}
}
Shouldn't you be getting the inserted ID from the user_info table?
Try this
$full_name = $_POST['full_name'];
$username = $_POST['username'];
$email = $_POST['email'];
$user_password = $_POST['user_password'];
$password_hash = password_hash($user_password, PASSWORD_BCRYPT);
$user_profession = NULL;
$user_phone = NULL;
$age = NULL;
$query_user_info = $connection -> prepare("SELECT * FROM user_info WHERE EMAIL=:email");
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$query_user_info->execute();
if ($query_user_info-> rowCount() > 0) {
echo '<p class="error">The email address is already registered!</p>';
}
if ($query_user_info-> rowCount() == 0) {
$query_user_info = $connection->prepare("INSERT INTO user_info(full_name,username,user_password,email) VALUES (:full_name, :username, :password_hash,:email)");
$query_user_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_info->bindParam("password_hash", $password_hash, PDO::PARAM_STR);
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$result = $query_user_info->execute();
$id = $query_user_info->lastInsertId();
$query_user_personal_info = $connection->prepare ("INSERT INTO user_personal_info(user_id,full_name, username, email, user_profession, user_phone, age) VALUES (:id, :full_name, :username, :email, :user_profession, :user_phone, :age)");
$query_user_personal_info->bindParam("user_id", $id, PDO::PARAM_INT);
$query_user_personal_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_personal_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_personal_info->bindParam("email", $email, PDO::PARAM_STR);
$query_user_personal_info->bindParam("user_profession", $user_profession, PDO::PARAM_STR);
$query_user_personal_info->bindParam("user_phone", $user_phone, PDO::PARAM_INT);
$query_user_personal_info->bindParam("age", $age, PDO::PARAM_INT);
$result2 = $query_user_personal_info->execute();
if ($result) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">Something went wrong!</p>';
}
if ($result2) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">no bueno :(</p>';
}
}
Also, are $user_profession, $user_phone, and $age required in your database? If not, then you don't need those values to insert into your table if they just default to null values.
Try changing it to this
$full_name = $_POST['full_name'];
$username = $_POST['username'];
$email = $_POST['email'];
$user_password = $_POST['user_password'];
$password_hash = password_hash($user_password, PASSWORD_BCRYPT);
$query_user_info = $connection -> prepare("SELECT * FROM user_info WHERE EMAIL=:email");
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$query_user_info->execute();
if ($query_user_info-> rowCount() > 0) {
echo '<p class="error">The email address is already registered!</p>';
}
if ($query_user_info-> rowCount() == 0) {
$query_user_info = $connection->prepare("INSERT INTO user_info(full_name,username,user_password,email) VALUES (:full_name, :username, :password_hash,:email)");
$query_user_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_info->bindParam("password_hash", $password_hash, PDO::PARAM_STR);
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$result = $query_user_info->execute();
$id = $query_user_info->lastInsertId();
$query_user_personal_info = $connection->prepare ("INSERT INTO user_personal_info(user_id,full_name, username, email) VALUES (:id, :full_name, :username, :email)");
$query_user_personal_info->bindParam("user_id", $id, PDO::PARAM_INT);
$query_user_personal_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_personal_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_personal_info->bindParam("email", $email, PDO::PARAM_STR);
$result2 = $query_user_personal_info->execute();
if ($result) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">Something went wrong!</p>';
}
if ($result2) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">no bueno :(</p>';
}
}
I want to find out how to output data from database based on a single key,for example my database column are :
kodeDosen(PrimaryKey),namaDosen,email,telepon,password
and my login screen the user can only input kodeDosen and password,and i want to show the other data exept password,this is my register php:
<?php
include 'connectdb.php';
$data = json_decode(file_get_contents('php://input'), true);
$kodeDosen =$data["kodeDosen"];
$namaDosen = $data["namaDosen"];
$email = $data["email"];
$telepon = $data["telepon"];
$password= $data["password"];
$message = array("message"=>"Success");
$failure = array("message"=>"Failure,kodeDosen already used");
$sql = "INSERT INTO tbl_dosen (kodeDosen, namaDosen, email, telepon, password) VALUES ('$kodeDosen', '$namaDosen', '$email', '$telepon','$password')";
if (mysqli_query($conn, $sql)) {
echo json_encode($message);
} else {
echo json_encode($failure) ;
}
?>
and this is my login php:
<?php
include 'connectdb.php';
$data = json_decode(file_get_contents('php://input'), true);
$kodeDosen =$data["kodeDosen"];
$password = $data["password"];
$message = array("message"=>"Data found");
$failure = array("mesage"=>"Data not found");
if ($stmt = mysqli_prepare($conn, "SELECT kodeDosen, namaDosen, email, telepon FROM tbl_dosen WHERE kodeDosen =? and password = ?")) {
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "ss", $kodeDosen,$password);
/* execute query */
mysqli_stmt_execute($stmt);
/* store result */
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) > 0) {
echo json_encode($row);
}else {
echo json_encode($failure);
}
}
?>
It's not a good idea to insert a variable directly into an SQL query because of SQL injection.
I would suggest to use prepared statements on both of the queries. To pull the result from the db with prepared statements it's something like:
OOP style:
$stmt = $db->prepare("SELECT kodeDosen, namaDosen, email, telepon FROM tbl_dosen WHERE kodeDosen = ? and password = ?");
$stmt->bind_param('ss', $kodeDosen, $password);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
//result is in row
var_dump($row);
}
Procedural style:
$stmt = mysqli_prepare($conn, "SELECT kodeDosen, namaDosen, email, telepon FROM tbl_dosen WHERE kodeDosen = ? and password = ?");
mysqli_stmt_bind_param($stmt, 'ss', $kodeDosen, $password);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
while ($row = $result->fetch_assoc()) {
//result is in row
var_dump($row);
}
You can change in sql SELECT statement in login.php
$sql = "SELECT kodeDosen, namaDosen, email, telepon FROM tbl_dosen WHERE kodeDosen ='$kodeDosen' and password = '$password'";
in SELECT * means return all columns.
I think you want echo json_encode($row); rather than echo json_encode($message);
Try:
<?php
include 'connectdb.php';
$data = json_decode(file_get_contents('php://input'), true);
$kodeDosen =$data["kodeDosen"];
$password = $data["password"];
$message = array("message"=>"Data found");
$failure = array("mesage"=>"Data not found");
if ($stmt = mysqli_prepare($conn, "SELECT kodeDosen, namaDosen, email, telepon FROM tbl_dosen WHERE kodeDosen =? and password = ?")) {
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "ss", $kodeDosen,$password);
/* execute query */
mysqli_stmt_execute($stmt);
/* store result */
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc( $result );
if(mysqli_num_rows($result) > 0) {
echo json_encode($row);
}else {
echo json_encode($failure);
}
}
?>
I have two tables
tbl_cars and tbl_user
Where tbl_user has userID as Primary key
I declared it as a Foreign key on my tbl_cars
Whenever a user logs in it can't post an item to the tbl_cars I get this error
Cannot add or update a child row: a foreign key constraint fails
(u850332371_car.tbl_cars, CONSTRAINT tbl_cars_ibfk_1 FOREIGN KEY
(userID) REFERENCES tbl_user (userID))
This is my code for inserting.
Insert.php
<?PHP
$conn = new mysqli('******', '******', '******', '******');
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
error_reporting(E_ALL);
ini_set('display_errors',1);// at top of page
if(isset($_POST['txtCarModel']) && isset($_POST['txtCarType']) &&
isset($_POST['txtCapacity']) && isset($_POST['image']) &&
isset($_POST['txtFuelType']) && isset($_POST['txtPlateNumber'])){
$now = DateTime::createFromFormat('U.u', microtime(true));
$id = $now->format('YmdHis');
$upload_folder = "upload";
$path = "$upload_folder/$id.jpeg";
$image = $_POST['image'];
$fullpath = "http://carkila.esy.es/$upload_folder/$id.jpeg";
$Car_Model = $_POST['txtCarModel'];
$Car_Type = $_POST['txtCarType'];
$Capacity = $_POST['txtCapacity'];
$Fuel_Type = $_POST['txtFuelType'];
$PlateNumber = $_POST['txtPlateNumber'];
$Image = $_POST['image'];
$stmt = $conn->prepare("INSERT INTO tbl_cars (Car_Model, Car_Type, Capacity, fuelType, carPlatenuNumber, Image) VALUES (?, ?, ?,?,?,?)");
$query = "INSERT INTO tbl_cars(Car_Model, Car_Type, Capacity,fuelType, carPlatenuNumber, Image)
VALUES ('$Car_Model', '$Car_Type', $Capacity, '$Fuel_Type', '$PlateNumber', '$fullpath')";
$stmt->bind_param("ssssss", $Car_Model, $Car_Type, $Capacity,$Fuel_Type,$PlateNumber, $fullpath);
$result = $stmt->execute();
if($result === false ) {
die('execute() failed: ' . htmlspecialchars($stmt->error));
}else{
echo "New records created successfully";
}
$stmt->close();
$conn->close();
}
?>
UPDATE
This is my login with sessions. I want the userID to be in the insertion of data to the database.
login.php
<?php
require 'database-config.php';
session_start();
$username = "";
$password = "";
if(isset($_POST['username'])){
$username = $_POST['username'];
}
if (isset($_POST['password'])) {
$password = $_POST['password'];
}
$q = 'SELECT * FROM tbl_user WHERE username=:username AND password=:password';
$query = $dbh->prepare($q);
$query->execute(array(':username' => $username, ':password' => $password));
if($query->rowCount() == 0){
header('Location: index.php?err=1');
}else{
$row = $query->fetch(PDO::FETCH_ASSOC);
session_regenerate_id();
$_SESSION['sess_user_id'] = $row['userID'];
$_SESSION['sess_username'] = $row['username'];
$_SESSION['sess_userrole'] = $row['roles'];
echo $_SESSION['sess_userrole'];
session_write_close();
if( $_SESSION['sess_userrole'] == "renter"){
echo "owner";
}else if ($_SESSION['sess_userrole'] == "owner"){
echo"renter";
}
}
?>
Thank you guys. :)
whenever a user logs in it can't post an item...
Since you know which user is trying to add a record to tbl_cars, include userID in your insert.
$userID = ... //<- put the user id in this variable
$sql = 'INSERT INTO tbl_cars ('.
'userID,Car_Model,Car_Type,Capacity,fuelType,carPlatenuNumber,Image'.
') VALUES (?, ?, ?, ?, ?, ?, ?)';
$stmt = $conn->prepare($sql);
$stmt->bind_param("sssssss", $userID $Car_Model, $Car_Type, $Capacity,
$Fuel_Type,$PlateNumber, $fullpath);
$result = $stmt->execute();
I believe your problem is that userID is a required field, but the DB cannot insert a default value for you when you don't provide one because the value must be bound to a primary key in tbl_user
here is my code below that i use to register a user
<?php
header("Content-Type: application/json");
require_once("config.php");
if(isset($_POST["email"]) && isset($_POST["username"]) && isset($_POST["password"])){
$email = $_POST["email"];
$username = $_POST["username"];
$password = $_POST["password"];
}
$con = mysqli_connect(DATABASE_HOST, DATABASE_USERNAME, DATABASE_PASSWORD, DATABASE_NAME);
if($con){
echo "connection good";
}
$response = array();
$statement = mysqli_prepare($con, "SELECT * FROM accounts WHERE email = ? OR username = ?");
mysqli_stmt_bind_param($statement, "ss", $email, $username);
$result = mysqli_stmt_execute($statement);
$row = mysqli_num_rows($result);
if($row > 0){
$response["success"] = false;
$response["message"] = "Email or Username already exists.";
}else{
mysqli_stmt_close($statement);
$statement2 = mysqli_prepare($con, "INSERT INTO accounts (email, username, password) VALUES (?, ?, ?)");
mysqli_stmt_bind_param($statement2, "sss", $email, $username, $password);
$result2 = mysqli_stmt_execute($statement2);
$row2 = mysqli_affected_rows($statement2);
if($row2 > 0){
$response["success"] = true;
$response["message"] = "Account created successfuly.";
}else{
$response["success"] = false;
$response["message"] = "Creation error.";
}
}
$output = json_encode($response);
echo $output;
mysqli_close($con);
?>
at the end of the file when i check the localhost it echos "good connection br" which i cant use it with json .. how to avoid it so i caan use the response in jsonobject later