No Registration but no error too - php

The Signup page is not registering the details and details are not being saved in table called members and also it's showing no error in the signup page post submit
<?php
include_once 'header.php';
if(isset($_POST["submit"])) {
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "root";
$mysql_database = "database";
$prefix = "";
$fname = $_POST['fname'];
$pass = $_POST['pass'];
$user = $_POST['user'];
$lname = $_POST['lname'];
$college = $_POST['college'];
$gender = $_POST['gender'];
$number = $_POST['number'];
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
mysql_select_db($mysql_database,$bd) or die("Could not select database");
$query=mysql_query("SELECT * FROM members WHERE user='".$user."'");
$numrows=mysql_num_rows($query);
echo"<br><br><br><br><br><br><br>";
if($numrows==0) {
$sql="INSERT INTO members(user, pass, fname, lname, number, gender, college) VALUES('$user', '$pass', '$fname', '$lname', '$number', '$gender', '$college')";
$result=mysql_query($sql);
if($result) {
echo "Success";
} else {
echo "Failure!";
};
} else {
echo"<center>This email is already registered , Please login to Continue</center>";
}
}
?>

The only answer i can suggest you that instead of using MYSQL just use MYSQLI/ PDO because MYSQL is deprecated.
In your current code if you have error reporting on so you will sure not get error message but MYSQL deprecation warning message will be there.

The Signup page is not registering the details and details are not
being saved in table called member and also its showing no error in
the signup page post submit
The table name is called "member" right ? . And your sql query says "members"
$sql="INSERT INTO members(user,pass,fname,lname,number,gender,college) VALUES('$user','$pass','$fname','$lname','$number','$gender','$college')";
hence it will not work. But yeah, important things you need to know, Like ec45 said...
1.mysql_...() is deprecated. Use PDO instead and if you really love the mysql function, use mysqli...()
2.Never ever directly use values gotten from a form in an SQL query as it leaves you vulnerable to SQL injection. Use prepared statements .
3.Please write clean PHP code. Stuff like this is why people abuse PHP . Best regards.
Okay, i tried to quickly write a PDO version of your script . Here it is. Test it and it should work, also check that the correct column names in your databse are represented in your SQL query. Best regards
<?php
//let's ensure we can see all the errors
error_reporting( E_ALL );
ini_set("display_errors",1);
include_once "header.php";
if(isset($_POST["submit"])){
$dsn="mysql:host=localhost;dbname=database";
$user="root";
$password="root";
//this is PDO . Easier, and better.
try{
$db=newPDO($dsn,$user,$password);
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
}catch(PDOException $e){
echo " Couldn't connect to the database because of ".$e;
}
//get the values from the form
$fname = $_POST['fname'];
$pass = $_POST['pass'];
$user = $_POST['user'];
$lname = $_POST['lname'];
$college = $_POST['college'];
$gender = $_POST['gender'];
$number = $_POST['number'];
//function to insert user into the database
function createUser($fname,$pass,$user,$lname,$college,$gender,$number){
//first check to ensure its a new user. If its a new user, we carry normal activities else, echo error message
if(checkUser($email)===false){
$sql=" INSERT INTO members(user,pass,fname,lname,number,gender,college) VALUES (?,?,?,?,?,?,?)";
$data=array($user,$pass,$fname,$lname,$number,$gender,$college);
$db->prepare($sql);
$inserted=$db->execute($data);
//if it returns true and its inserted, then show a success message
$output=(($inserted)?"<section style='color:green; font-weight:bold;'> <h4> You were registered succesfully</h4> </section>":" ");
echo $output;
}else{
echo "<section style='color:red; font-weight:bold;'> <h4> Someone's already registered with that name </h4> </section>"
}
}
//helps to check if a user has already been registered
function checkUser($email){
//watch the next few lines. Showcases the prepared statements
$sql="SELECT * FROM members WHERE user = ?";
$data=array($email);
$db->prepare($sql);
$prepared=$db->execute($data);
$result=(($prepared->rowCount() > 0) ? true :false );
return $result;
}
}
?>

Related

can't retrieve data from database phpMyAdmin

I'm a beginner in learning how to set up database & PHP script and follow example
to do that, then when I run login.php script I can't retrieve data from the database ,
I really feel that is a very simple question for others but I tried to solve it But didn't succeed, so can someone take look on my code then Corrects it?
here is my php script :
init.php :
<?php
$db_name = "webapp";
$mysql_username = "root";
$mysql_password = "";
$server_name = "localhost";
$con=mysqli_connect($server_name, $mysql_username, $mysql_password, $db_name);
if (!$con) {
echo "Connection Error ......." . mysqli_connect_error();
} else {
echo "<h3>Database connection Success .....</h3>";
}
?>
login.php :
<?php
require "init.php";
$user_name = "YASER";
$user_phone = "123456";
$sql_query = "select name from user_info where user_name like'$user_name'and
user_phone like'$user_phone';";
$result = mysqli_query($con,$sql_query);
if (mysqli_num_rows($result)>0)
{
$row = mysqli_fetch_assoc($result);
$name = $row["name"];
echo "<h3> Hello And Wellcome" . $name . "</h3>";
} else {
echo " No Info Is Available .......";
}
?>
1st : First check that query is executing or failing
if(!$result){ echo mysqli_error($con); }
2nd : use = instead of like
$sql_query = "select name from user_info
where user_name='$user_name' and
user_phone='$user_phone'";
3rd : You need to give proper spacing In query
like'$user_name'and
^^^ ^^^
To
like '$user_name' and
You have error in your query.
try this to find error
$result = mysqli_query($con,$sql_query) or die(mysqli_error($con));
Your query should be like as follow...
'SELECT name FROM user_info WHERE user_name LIKE "'.$user_name.'" AND user_phone LIKE "'.$user_phone.'"';

not response for database

This is the code for database connection in php:
<?php
$connection = mysql_connect("localhost", "root", "root"); // Establishing Connection with Server
$db = mysql_select_db("fimos", $connection); // Selecting Database from Server
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$gender = $_POST["gender"]; //declare gender
$race = $_POST["race"];
$ic = $_POST["icno"];
$name = $_POST["name"];
$old_ic = $_POST["oldic"];
$add1 = $_POST["add1"];
$add2 = $_POST["add2"];
$add3 = $_POST["add3"];
$postcode = $_POST["postco"];
$town = $_POST["tow"];
$state = $_POST["state"];
$home_con = $_POST["homep"];
$fax_contact = $_POST["fax"];
$hp_con1 = $_POST["mobi1"];
$hp_con2 = $_POST["mobi2"];
$email = $_POST["email"];
if($ic !=''||$email !=''){
//Insert Query of SQL
$query = mysql_query("INSERT INTO customer_info(cust_gender, cust_race, cust_ic,
cust_name, cust_old_ic, cust_add1, cust_add2, cust_add3, cust_postcode,
cust_town, cust_state, cust_home_con, cust_fax_contact, cust_hp_contact1,
cust_hp_contact2, cust_email)
VALUES ('$gender', '$race', '$ic' , '$name', '$old_ic', '$add1', '$add2',
'$add3', '$postcode', '$town', '$state', '$home_con', '$fax_contact',
'$hp_con1', '$hp_con2', '$email')");
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
}
else{
echo "<p>Insertion Failed <br/> Some Fields are Blank....!!</p>";
}
}
mysql_close($connection); // Closing Connection with Server
Hi guys, I want to ask about the database connection, is it my code wrong somewhere?
Because I cant found any error in the code.
I click button register should come over this page to store the data.
when I come to this page display all blank.
I try to change the database name also no response.
I hope you guys can help me.
Thanks.
It should be:
$connection = mysql_connect("localhost", "root", ""); //empty the third parameter. If you have password then insert that in your third parameter
Paste this code inside your if condition so that it will return error from your sql query.
if (!$query) {
die('Invalid query: ' . mysql_error());
}
Try to use the PDO extension instead of mysql & mysqli function. The mysql_* functions are no longer maintained and community has begun the deprecation process. Instead you should learn about prepared statements and use either PDO or MySQLi there are lots of benefits of using PDO over mysqli.
Add the above code
if($ic !=''||$email !=''){
$query = mysql_query("your query");
if (!$query) {
die('Invalid query: ' . mysql_error());
} else {
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
}
}

Can't get variables from other php file

I have this code in index.php
<?php
include "ch.php";
?>
ch.php
<?php
if (isset($_POST['Murad'])) {
header("Location: Main.php");
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = mysql_real_escape_string($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$sql = "
INSERT INTO websiteusers
(fullname,lastname,userName,email,pass)
VALUES ( '$firstname', '$lastname','$userName', '$email','$password')
";
mysql_select_db('websiteusers');
$retval = mysql_query( $sql );
if (! $retval ) {
die('Could not enter data: ' . mysql_error());
return false;
} else {
echo "Entered data successfully\n";
}
$usernamecheck=mysql_query("
SELECT `userName` FROM `websiteusers`
WHERE userName='$userName'
");
if (mysql_num_rows($usernamecheck)>=1) {
echo $userName." is already taken";
return false;
}
}
?>
And
Main.PHP
<?php
include 'ch.php';
?>
And
<?php
echo $firstname=$_POST['firstname'];
?>
But it is not working. It worked before I put action in form instead of header but it didn't insert user in database now it inserts but it is not showing variables. Is there anyway to fix this?
1) Do not use mysql_ functions, it's deprecated and will be removed at PHP 7 stable release, choose between mysqli_ or PDO.
2) Don't open and close your php interpreter multiple times with no apparent reason. If your code is pure PHP, a standard is to never close it.
3) There should be nothing else for PHP or HTML to be processed/displayed after using header("Location: ...") function. It's the last thing you do at the script when you use it.

php to MySQL not working and not sure why

Its a really simple script, or at least it should be. I am kinda not sure around pHp so Im not sure where I am going wrong.
This page is called from a submit button on a form, all it is supposed to do is capture the name, email address and date of submission and add it to my database.
I can connect to the database without issue but cannot add to the database.
For some reason, everytime I load this page I also get a blank screen. pHp / SQL doesnt look like it has friendly bug reporting.
Here is the code with obvious info take outs.
<html>
<head>
</head>
<?php
$db_host = "localhost";
$db_username = "root";
$db_pass = "123";
$db_name = "emailtest";
$conn = #mysql_connect($db_host,$db_username,$db_pass,$db_name);
if ($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
} else {
echo "Good connection ";
}
if(!empty($_REQUEST['name']))
{
$name = $_REQUEST['name'];
echo "hello, $name ";
if(!empty($_REQUEST['email']))
{
$email = $_REQUEST['email'];
}
else
{
$email = NULL;
}
if($email)
{
if ($conn->query($sql) === TRUE)
{
$dateTime = date("Y/m/d");
$sql = "INSERT INTO Newsletter_signup (name, email, sign_up_date) VALUES('$name','$email','$dateTime')";
echo "Record updated successfully <br/>";
echo "The email address, $email , has been added to the newsletter.";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
}
else
{
echo 'Please go back and insert an email address.';
}
?>
<body id="body">
// body style stuff
</body>
</html>
because you define $sql after the $conn->query($sql) and $sql is empty.
You're mixing up MySQL and MySQLi
mysqli_connect returns an instance for mysqli.
Your script should throw an error for trying to call a method on a non-object, because mysql_connect returns a resource.
You should enable error reporting at first (See: this SO question + answer)
The second thing is what #LTasty said: You use $sql, which is not defined at the point you want to execute the query.
When you changed these things, you should have a look at prepared statements, because your script is vulnerable against SQL injection.
Thanks all. I would like to say that you all gave credit to the answer.
For people learning from my mistakes here is the code that now works.
I will only put up the php side code.
<?php
$db_host = "localhost";
$db_username = "root";
$db_pass = "123";
$db_name = "emailtest";
$conn = new mysqli($db_host,$db_username,$db_pass,$db_name);
$dateTime = date("Y/m/d");
if ($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
} else {
echo "Good connection ";
}
if(!empty($_REQUEST['name']))
{
$name = $_REQUEST['name'];
echo "hello, $name ";
}
if(!empty($_REQUEST['email']))
{
$email = $_REQUEST['email'];
}
else
{
$email = NULL;
}
if($email)
{
$sql = "INSERT INTO Newsletter_signup (name, email, sign_up_date) VALUES('$name','$email','$dateTime')";
if ($conn->query($sql) === TRUE)
{
echo "Record updated successfully <br/>";
echo "The email address, $email , has been added to the newsletter.";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
}
else
{
echo 'Please go back and insert an email address.';
}
?>
I havent included the error reporting that can be activiated via pHp into my script yet, but thanks for the link I will include it now.

PHP registered user check

I have PHP + AS3 user login&register modul.I want to check registered user by username.But can't do it because I'm new at PHP.If you can help it will helpfull thx.(result_message part is my AS3 info text box.)
<?php
include_once("connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
$sql = "INSERT INTO users (username, password, user_bio) VALUES ('$username', '$password', '$userbio')";
mysql_query($sql) or exit("result_message=Error");
exit("result_message=success.");
?>
Use MySQLi as your PHP function. Start there, it's safer.
Connect your DB -
$host = "////";
$user = "////";
$pass = "////";
$dbName = "////";
$db = new mysqli($host, $user, $pass, $dbName);
if($db->connect_errno){
echo "Failed to connect to MySQL: " .
$db->connect_errno . "<br>";
}
If you are getting the information from the form -
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
you can query the DB and check the username and password -
$query = "SELECT * FROM users WHERE username = '$username'";
$result = $db->query($query);
If you get something back -
if($result) {
//CHECK PASSWORD TO VERIFY
} else {
echo "No user found.";
}
then verify the password. You could also attempt to verify the username and password at the same time in your MySQL query like so -
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password';
#Brad is right, though. You should take a little more precaution when writing this as it is easily susceptible to hacks. This is a pretty good starter guide - http://codular.com/php-mysqli
Using PDO is a good start, your connect.php should include something like the following:
try {
$db = new PDO('mysql:host=host','dbname=name','mysql_username','mysql_password');
catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
Your insert would go something like:
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
$sql = "INSERT INTO users (username, password, user_bio) VALUES (?, ?, ?)";
$std = $db->prepare($sql);
$std = execute(array($username, $password, $userbio));
To find a user you could query similarly setting your $username manually of from $_POST:
$query = "SELECT * FROM users WHERE username = ?";
$std = $db->prepare($query)
$std = execute($username);
$result = $std->fetchAll();
if($result) {
foreach ($result as $user) { print_r($user); }
} else { echo "No Users found."; }
It is important to bind your values, yet another guide for reference, since I do not have enough rep yet to link for each PDO command directly from the manual, this guide and website has helped me out a lot with PHP and PDO.

Categories