PHP using Xampp : POST is not allowed error - php

when it try to submit the form content to the database i get the following error :
{"code":"MethodNotAllowedError","message":"POST is not allowed"}
I am using Dreamweaver cc 2017 and xampp v3.2.2 to run Apache and Mysql on windows 10.
html form :
<form action="register.php" id="form1" name="form1" method="post">
and register.php content is :
<?php
$hostname_conn = "localhost";
$database_conn = "hotels";
$username_conn = "root";
$password_conn = "";
$conn = mysqli_connect($hostname_conn, $username_conn, $password_conn) or trigger_error(mysqli_error(),E_USER_ERROR);
$db=mysqli_select_db($conn,$database_conn);
$q1= "insert into users(username,email,password,number)values('$_POST[textfield]','$_POST[email]','$_POST[password]','$_POST[number]')";
$q2=mysqli_query($conn,$q1);
if(mysqli_query($conn,$q1))
{
$msg = 'User information saved successfully.';
}
else
{
$msg = 'Error: We encountered an error while inserting the new record.';
}
echo $msg;
mysqli_close($conn);
?>
</body>
</html>

using PDO:
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "hotels";
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$stmt = $conn->prepare("INSERT INTO users (username, email, password, number)
VALUES (:username, :email, :password, :number)");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':password', $password);
$stmt->bindParam(':number', $number);
$username = $_POST['textfield'];
$email = $_POST['email'];
$password = $_POST['password'];
$number = $_POST['number'];
$stmt->execute();

The problem is for syntax. Anyway you should to use good practices. Check this post How can I prevent SQL injection in PHP?
$username = $_POST["textfield"]; //unsafe
$username = mysql_real_escape_string($username); //safe
$email = mysql_real_escape_string($_POST["email"]);
$password = mysql_real_escape_string($_POST["password"]);
$number = mysql_real_escape_string($_POST["number"]);
$db=mysqli_select_db($conn,$database_conn);
$q1= "insert into users(username,email,password,number)values('".$username ."','".$email."','".$password."','".$number."')";
$q2=mysqli_query($conn,$q1);

Related

PHP Unable to insert data into database using PDO

I want to insert data given by the user into the database when I use simple mysqli it works perfectly but when I use PDO data is inserted into the database.
<?php
$server = 'localhost';
$username = 'root';
$pass = '';
$database = 'db';
try {
$conn = new PDO("mysql:host=$server;dbname=$database", $username, $pass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "Connected successfully";
} catch (PDOException $e) {
echo "Connection failed: " . $e->getMessage();
}
$name = '';
$password = '';
$email = '';
$uid = '';
$sql = "INSERT INTO users(name,email,password,userid) VALUES(?,?,?, ?)";
if (isset($_POST['username'])) {
$name = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$uid = $_POST['uid'];
$newpass = hash("sha256", $password);
if ($name != '' && $password != '' && $email != '') {
$insertUser = $conn->prepare($sql);
$insertUser->execute($name, $email, $password, $uid);
}
}
$conn = null;
Just use parameters array:
$sql = "INSERT INTO users(name,email,password,userid) VALUES(?, ?, ?, ?)";
if(isset($_POST['username']))
{
$name = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$uid = $_POST['uid'];
$newpass = hash("sha256", $password);
if($name!='' && $password!='' && $email!='')
{
$insertUser = $conn->prepare($sql);
// use ARRAY instead plain variables
$insertUser->execute([$name, $email, $password, $uid]);
}
}
Execute PHP online

Only variables should be passed by reference php

I checked similar questions here but it couldn't solve my problem. I'm creating a php user registration form and when I try to register I get this error: Strict standards: Only variables should be passed by reference in F:\wamp64\www\login\register.php on line 14
I tried it on PHP version 5.6 and 7.0 but the error is the same.
Line 14 is this:
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
Here is my entire code:
<?php
$server = 'localhost';
$username = 'root';
$password = 'root';
$database = 'auth';
try{
$conn = new PDO("mysql:host=$server;dbname=$database;", $username, $password);
} catch(PDOException $e) {
die( "Connection failed: " . $e->getMessage());
}
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password'])):
$sql = "INSERT INTO users (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute()):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;
?>
Any help is appreciated, thanks.
try
$pass = ':password';
$phash = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam($pass, $phash);

0 concat displays first and last name but only first name is saved to mysql database

<?php
$servername = "localhost";
$username = "root";
$password = "";
$databasename = "test";
$conn = new mysqli($servername , $username , $password, $databasename);
$name = $_POST["firstname"];
$last = $_POST["lastname"];
$statement = mysqli_prepare($conn, "INSERT INTO user(firstname ,lastname) VALUES(?,?)");
mysqli_stmt_bind_param($statement ,"si", $name,$last);
mysqli_stmt_execute($statement);
$response = array();
$response["success"] = true;
echo json_encode($response);
?>
where is the problem in above php script that it save the first name in database while cannot save the lastname.
The problem is because of this line,
mysqli_stmt_bind_param($statement ,"si", $name,$last);
^ see here
It should be,
mysqli_stmt_bind_param($statement ,"ss", $name,$last);

SQL INSERT TROUBLE

I'm sitting infront of this code for 2 hours i cant figure out whats wrong :(
I've been trying to have a html form which calls the php function to insert the information from the form into the database but for some reason does not work :/
here is my form code :
<?php include 'connection.php'; ?>
<html>
<body>
<form action="user_create.php" method="POST">
username: <input type="text" name="username"/>
password: <input type="text" name="password"/>
email: <input type="text" name="email"/>
<input type="submit" name='submit' value="user_create"/>
</form>
</body>
</html>
database connection
<?php
//Connecting databases
$localhost = "";
$dbuser = "";
$dbpass = "m";
$dbname = "";
$connect = mysql_connect($localhost, $dbuser, $dbpass);
mysql_select_db("$dbname", $connect);
?>
my php function
<?php include 'connection.php';?>
<?php
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$query = mysql_query("INSERT INTO users( username,password,email,type)
VALUES ('$username', '$password', '$email','1')");
mysql_query($query);
echo '<script type="text/javascript">alert("You have been registered");</script>';
}
else
{
echo '<script type="text/javascript">alert("jo");</script>';
}
?>
You should use PHP-PDO in order to avoid from SQL Injection attacks also it will fix insert trouble too.
<?php
/*** mysql hostname ***/
$hostname = 'localhost';
/*** mysql username ***/
$username = 'username';
/*** mysql password ***/
$password = 'password';
try {
$dbh = new PDO("mysql:host=$hostname;dbname=animals", $username, $password);
/*** echo a message saying we have connected ***/
echo 'Connected to database<br />';
/*** INSERT data ***/
$sql = "INSERT INTO users(username,
password,
email,
type) VALUES (
:username,
:password,
:email,
:type)";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':username', $_POST['username'], PDO::PARAM_STR);
$stmt->bindParam(':password', $_POST['password'], PDO::PARAM_STR);
$stmt->bindParam(':email', $_POST['email'], PDO::PARAM_STR);
$stmt->bindParam(':type', $_POST['type'], PDO::PARAM_INT);
$stmt->execute();
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>
Are you connecting properly?
$dbuser = "";
Maybe must be "root" or other user?
Check this part :
//Connecting databases
$localhost = "";
$dbuser = "";
$dbpass = "m";
$dbname = "";

Convert php code with Mysql ext to PDO won't work

I have decided for security to convert my simple php with mysql code to PDO,since it will tighten my security.My old code:
$host = "localhost";
$user = "username";
$pass = "pass";
$database = "mydatabase";
$linkID = mysql_connect($host, $user, $pass) or die("Could not connect to host.");
mysql_select_db($database, $linkID) or die("Could not find database.");
$name=$_POST['name'];
$message=$_POST['message'];
$ip = $_SERVER['REMOTE_ADDR'];
$query="INSERT INTO table (date_time, name, message,ip) VALUES (NOW(),'$name','$message','$ip')";
If (mysql_query($query,$linkID)){
//Success
}else{
//Failure
}
My new code is:
$hostname = 'localhost';
$username = 'username';
$password = 'pass';
$dbname = 'mydatabase';
$dbh = new PDO("mysql:host=$hostname;dbname=$dbname", $username, $password);
if($_POST['name'] && $_POST['message']) {
$name = $_POST['name'];
$message = $_POST['message'];
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "INSERT INTO table (date_time, name, message,ip)VALUES (NOW(), :name, :message,'$ip')";
$stmt = $dbh->prepare($sql);
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
$stmt->bindParam(':message', $message, PDO::PARAM_STR);
if ($stmt->execute()) {
echo "OK";
}
}
It's very strange that when i point my browser to index.php?name=someName&message=someMessage my PDO code won't echo a single thing(even echo "ok" ) or an error so i can fugure out where is the problem.
I can confirm that no data is inserted to the database.
I've even added try catch but nothing changed. My php is supporting PDO and the simple Mysql code is working.
Any ideas? Thanks
In your case,
if($_POST['name'] && $_POST['message']) {
Should be:
if($_GET['name'] && $_GET['message']) {

Categories