I made a simple registration form. How should i edit this form to add something like : user_id, or date_created?
When i add user_id column to PHPMyAdmin, the user can't register, but when i have only the values : 'First Name' ; 'Last Name' ; 'Email' ; 'Password' inside database ,everything works.
<!DOCTYPE html>
<html>
<head>
<title>Registration</title>
</head>
<body>
<?php
$lclhost = "localhost";
$pass = "";
$root = "root";
$database = "regis";
$con=mysqli_connect ("$lclhost", "$root", "$pass") or die("connection fail".mysql_error());
mysqli_select_db($con, $database) or die("database fail".mysql_error());
?>
<form method="get">
First Name : <input type="text" name="fname"><br>
Last Name : <input type="text" name="lname"><br>
Email: <input type="text" name="email"><br>
Password: <input type="Password" name="password">
<input type="submit" name="btnsubmit">
</form>
<?php
if (isset($_GET['btnsubmit']))
{
$fname = $_GET['fname'];
$lname = $_GET['lname'];
$email = $_GET['email'];
$password = $_GET['password'];
$registration = "INSERT INTO tbl_info values ('".$fname."','".$lname."','".$email."','".$password."')";
mysqli_query($con,$registration);
echo "Succes!";
}
?>
</body>
</html>
Because of your query doesnt specify columns, mysql will only work if the number of column values you provided is exactly the same as the number of columns in the database.
Adding an extra column to the database will cause the query to break because the number of columns is not longer the same.
You have two options:
OPTION 1: Add column names in your query:
"INSERT INTO tbl_info(Firstname, Lastname, EmailAddress, Password)
values ('".$fname."','".$lname."','".$email."','".$password."')";
OPTION 2: Always make sure the number of columns in the database is exactly the same as the number of values you provide in your query
NB: If you have an auto-increament id field, you do not have to include it for the first option because it will auto-add value whenever you insert a record. But you do need to include it for the second option, pass empty string or null as a value
Related
The problem is; I'm trying to fix the sign-up validation but still, it still saved in our database even if it's empty hopefully someone can provide explicit information as to were wrong in coding.
even if one of input box is empty it is still saved to our database table
<!DOCTYPE html>
<html>`enter code here`
<head>
<title>Sample Registration Form</title>
</head>
<body>
<form action="submit.php" method="POST">
<input type="text" name="userid" placeholder="USER ID"><br>
<input type="text" name="firstname" placeholder="FIRST NAME"><br>
<input type="text" name="lastname" placeholder="LAST NAME"><br>
<input type="text" name="email" placeholder="EMAIL"><br>
<input type="password" name="password" placeholder="PASSWORD"><br>
<button tabindex="submit" name="submit">Sign up</button>
</form>
<a href='login.php'><button type='submit' name='submit'>Proceed to Login</button></a>
</body>
</html>
the code above is the sign-up page
<!DOCTYPE html>
<html>
<head>
<title>Submit </title>
</head>
<body>
<?php
$dbservername = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "blogfinal";
$connect = mysqli_connect($dbservername, $dbusername, $dbpassword, $dbname);
if(isset($_POST['submit'])) {
$userid = $_POST['userid'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$checker = array("userid", "firstname", "lastname", "email", "password");
$Error = true;
foreach ($checker as $values) {
if(empty($_POST[$values])) {
echo "Error";
$Error = true;
} else {
$sql = "INSERT INTO userinformation
(userid, firstname, lastname, email, password)
VALUES ('$userid', '$firstname', '$lastname',
'$email', '$password');";
}
if(mysqli_query($connect, $sql)) {
echo "Saved Successfully<br>";
echo "<a href='login.php'><button type='submit' name='submit'>Proceed to Login</button></a>";
} else {
echo "Error Description: " . mysqli_error($connect);
}
}
}
?>
</body>
</html>
the code above is the submit function.
the problem is when we hit the sign-up even if the input-box is empty and it is still functioning and saved to our database, instead of a password, email, user, or first name is required.
[if you leave it empty then proceed to submit it show saved even there's no data on it.][1]
[the image after we hit the submit button.][2]
[hence, if we at least insert 1 data required and proceed to submit it still saved to our database, instead of showing that the other data is required][3]
[1]: https://i.stack.imgur.com/gVc0i.png
[2]: https://i.stack.imgur.com/Aizjl.png
[3]: https://i.stack.imgur.com/A04c0.png
The problem is that you're checking if each value is empty withif(empty($_POST[$values])) within a foreach loop. This if has an else that is running every time.
So even if one of the fields in empty, the query will always execute if there's at least 1 field that is not empty.
You should change the logic to make that even if just one field is empty, then the query doesn't run.
Here's a quick fix:
$Error = false;
// Check if all fields are not empty
foreach ($checker as $values) {
if(empty($_POST[$values])) {
echo "Error";
$Error = true; // If even just one field is empty, the $Error variable will be true
break;
}
}
if(!$Error) { // Check if I got an error
$sql = 'INSERT INTO userinformation,(userid, firstname, lastname, email, password) VALUES ("?", "?", "?", "?", "?");';
$stmt = $connect->prepare($sql)
$stmt->bind_param('sssss', $userid, $firstname, $lastname, $email, $password);
if($stmt->execute())
// The rest of your query
}
Furthermore please refer to the comment by #RiggsFolly to your question as your code has security issues connected to SQL Injection.
So I want to create an html form and save it to a databas in WordPress
First I created the form which I put on this page here
<form action="addperson.php" method="post">
<label>First Name:</label>
<input type="text" name="firstname"/><br>
<label>Last Name:</label>
<input type="text" name="lastname"/><br>
<label>Email:</label>
<input type="text" name="email"/><br>
<input type="submit" name=submit value="Submit"/>
</form>
Then, in public html-->wp-content-my theme I created a file called addperson.php
In this file I put the following code :
<?php
//Block 1
$user = "user"; //Enter the user name
$password = "password"; //Enter the password
$host = "host"; //Enter the host
$dbase = "database"; //Enter the database
$table = "table"; //Enter the table name
//Block 2
$firstname= $_POST['firstname_entered'];
$lastname= $_POST['lastname_entered'];
$email= $_POST['email_entered'];
//Block 3
$connection= mysql_connect ($host, $user, $password);
if (!$connection){
die ('Could not connect:' .
mysql_error());
}
mysql_select_db($database, $connection);
//Block 4
$username_table= mysql_query( "SELECT username FROM $table WHERE username= '$username'" ) or die("SELECT Error: ".mysql_error());
//Block 5
mysql_query("INSERT INTO $table (column1, column2, column3) VALUES (value1, value2, value 3)");
//Block 6
echo 'You have been added.';
//Block 7
mysql_close($connection);
?>
Then I created a database and a table email_list like so:
CREATE TABLE IF NOT EXISTS
email_list (first_name VARCHAR(50),
last_name VARCHAR(50), email VARCHAR
(50));
Next, I entered info into formhere
It saved absolutely nothing.
Where am I going wrong?
Look at your HTML.
<input type="text" name="firstname"/>
<input type="text" name="lastname"/>
<input type="text" name="email"/>
And after submiting form, that data will be under firstname, lastname, email keys in $_POST array.
So you probably should change this
$firstname = $_POST['firstname_entered'];
$lastname = $_POST['lastname_entered'];
$email = $_POST['email_entered'];
to this
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
You should also consider enabling errors displaying in php to get more info about your potentials mistakes.
// Put this on top of your php file
ini_set('display_errors', '1');
I have created a form where I want to insert mysql database when I submit the values but when I click on the submit button the database isnt updated.. dont know where I am going wrong in my code..
<html>
<head>
<title>Form Data</title>
</head>
<body>
<form action="form.php" method="post">
Server Name: <input type="text" name="server_name"> <br />
IP Address: <input type="text" name="ip_address"> <br />
Server Role: <input type="text" name="server_role"> <br />
<input type="submit" name="submit">
</form>
<?php
if (isset($_POST['submit'])) {
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "abcx";
$dbname = "serverasset_inventory";
$connection = mysqli_connect($dbhost,$dbuser,$dbpass,$dbname);
$sql = "INSERT INTO asset_inventory (server_name,ip_address,server_role)
VALUES ('$_POST[server_name]','$_POST[ip_address]'),'$_POST[server_role]')";
$state = mysqli_query($connection,$sql);
mysqli_close($connection);
}
?>
</body>
</html>
Any help?
-A
you are using a extra bracket between query and missing quote in variable's use like below
$sql = "INSERT INTO `asset_inventory` (`server_name`,`ip_address`,`server_role`)
VALUES ('".$_POST['server_name']."','".$_POST['ip_address']."','".$_POST['server_role']."')";
if you want to insert the fields
for example
your sql will be take in variables then insert it in sql
$server_name = $_POST['server_name'];
$ip_address = $_POST['ip_address'];
$server_role = $_POST['server_role'];
insert into asset_inventory (server_name,ip_address,server_role) VALUES ('$server_name','$ip_address','$server_role';
I am able to connect to mysql database however I can not display data from my form to my database. I am not sure why this is happening but I have been able to retrieve data from my database I just can not enter information into it. For now I am just trying to enter First_Name. I also get no errors when entering in data to the form. Any help would be greatly appreciated!!
<p>
<form name="input1" action="http://seanfagan.webuda.com/Final/club.php" method="post">
First_Name:<input type="text" name="First_Name"><br>
Last_Name: <input type="text" name="Last_Name"><br>
Club_Name: <input type="text" name="Club_Name"><br>
Email: <input type="text" name="Email"><br>
Club_Type: <input type="text" name="Club_Type"><br>
Members: <input type="text" name="Members"><br>
<input type="submit" value="Send"><br>
</form>
<?php
$mysql_host = "mysql14.000webhost.com";
$mysql_database = "a9576602_Final";
$mysql_user = "a9576602_Final";
$mysql_password = "*****![enter image description here][1]";
$mysql_error = "Could not connect to database!";
$conn = mysql_connect($mysql_host, $mysql_user, $mysql_password) or die ("$mysql_error");
$select_db= mysql_select_db('a9576602_Final') or die ("Couldn't select database!");
$value = $_Post['input1'];
$sql = "INSERT INTO Club (First_Name) VALUES ('First_Name')";
if (!mysql_query($sql)) {
die('Errorss: ' . mysql_error());
}
mysql_close();
?>
</p>
Assuming your connection with the database is okay. You can put a <name> attribute for your submit button to serve as a reference for sending your form via $_POST method:
<input type = "submit" name = "input1" value = "Submit">
Then using this, you can trigger your insert statement:
<?php
if(isset($_POST['input1']))
{
// make sure you also declare the variables in your form such as the first name, etc.
$firstName = $_POST['First_Name'];
mysql_query("INSERT INTO Club (First_Name) VALUES ('$firstName')");
}
?>
Hope this helps you :D
I am experimenting with PHP and Mysql. I have created a database and table at mu localhost using xampp. I have also created a file that suppose to populate my table by executing a query, but the strange thing is that i get no errors but at the same time no DATA has been inserted into my DataBase:
CODE:
register.php:
<?php
session_start();
if(isset($_POST['submitted'])){
include('connectDB.php');
$UserN = $_POST['username'];
$Upass = $_POST['password'];
$Ufn = $_POST['first_name'];
$Uln = $_POST['last_name'];
$Uemail = $_POST['email'];
$NewAccountQuery = "INSERT INTO users (user_id,username, password, first_name, last_name, emial) VALUES ('$UserN','$Upass', '$Ufn', '$Uln', '$Uemail')";
if(!mysql_query($NewAccountQuery)){
die(mysql_error());
}//end of nested if statment
$newrecord = "1 record added to the database";
}//end of if statment
?>
<html>
<head>
<title>Home Page</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Create Account</h1>
<div id="login">
<ul id="login">
<form method="post" action="register.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" submit="submit" value="Create Account" class="button">
</form>
</div>
<form action="index.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="Cancel" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">This is my site i Made coppyrights 2013 Tomazi</div>
</div>
</body>
</html>
I have also one include file which is connectDB:
<?php
session_start();
$con = mysql_connect("127.0.0.1", "root", "");
if(!$con)
die('Could not connect: ' . mysql_error());
mysql_select_db("eshop", $con) or die("Cannot select DB");
?>
Database structure:
database Name: eshop;
only one table in DB : users;
users table consists of:
user_id: A_I , PK
username
password
first_name
last_name
email
I spend a substantial amount of time to work this out did research and looked at some tutorials but with no luck
Can anyone spot what is the root of my problem...?
It is because if(isset($_POST['submitted'])){
you dont have input field with name submitted give the submit button name to submitted
<input name="submitted" type="submit" submit="submit" value="Create Account" class="button">
Check your insert query you have more fields than your values
Change :
$NewAccountQuery = "INSERT INTO users (user_id,username, password, first_name, last_name, email) VALUES ('$UserN','$Upass', '$Ufn', '$Uln', '$Uemail')";
to :
$NewAccountQuery = "INSERT INTO users (user_id,username, password, first_name, last_name, email) VALUES ('','$UserN','$Upass', '$Ufn', '$Uln', '$Uemail')";
Considering user_id is auto increment field.
Your email in query is written wrongly as emial.
Is error reporting turned on?
Put this on the top of your screen:
error_reporting(E_ALL);
ini_set('display_errors', '1');
Some good answers above, but I would also suggest you make use of newer MySQLi / PDO instead of outdated 2002 MySQL API.
Some examples: (i will use mysqli since you wrote your original example in procedural code)
connectDB.php
<?php
$db = mysqli_connect('host', 'user', 'password', 'database');
if (mysqli_connect_errno())
die(mysqli_connect_error());
?>
register.php -- i'll just write out an example php part and let you do the rest
<?php
//i'll always check if session was already started, if it was then
//there is no need to start it again
if (!isset($_SESSION)) {
session_start();
}
//no need to include again if it was already included before
include_once('connectDB.php');
//get all posted values
$username = $_POST['username'];
$userpass = $_POST['password'];
$usermail = $_POST['usermail'];
//and some more
//run checks here for if fields are empty etc?
//example check if username was empty
if($username == NULL) {
echo 'No username entered, try again';
mysqli_close($db);
exit();
} else {
//if username field is filled we will insert values into $db
//build query
$sql_query_string = "INSERT INTO _tablename_(username,userpassword,useremail) VALUES('$username','$userpass','$usermail')";
if(mysqli_query($db,$sql_query_string)) {
echo 'Record was entered into DB successfully';
mysqli_close($db);
} else {
echo 'Ooops - something went wrong.';
mysqli_close($db);
}
}
?>
this should work quite nicely and all you need to add is your proper posted values and build the form to post it, that's all.
<?php
$db = mysqli_connect('host', 'user', 'password', 'database');
if (mysqli_connect_errno())
die(mysqli_connect_error());
?>
register.php -- i'll just write out an example php part and let you do the rest
<?php
//i'll always check if session was already started, if it was then
//there is no need to start it again
if (!isset($_SESSION)) {
session_start();
}
//no need to include again if it was already included before
include_once('connectDB.php');
//get all posted values
$username = $_POST['username'];
$userpass = $_POST['password'];
$usermail = $_POST['usermail'];
//and some more
//run checks here for if fields are empty etc?
//example check if username was empty
if($username == NULL) {
echo 'No username entered, try again';
mysqli_close($db);
exit();
} else {
//if username field is filled we will insert values into $db
//build query
$sql_query_string = "INSERT INTO _tablename_(username,userpassword,useremail) VALUES('$username','$userpass','$usermail')";
if(mysqli_query($db,$sql_query_string)) {
echo 'Record was entered into DB successfully';
mysqli_close($db);`enter code here`
} else {
echo 'Ooops - something went wrong.';
mysqli_close($db);
}
}
?>