$name = mysqli_real_escape_string($connection, $_POST["name"]);
$surname = mysqli_real_escape_string($connection, $_POST["surname"]);
$username = mysqli_real_escape_string($connection, $_POST["username"]);
$email = mysqli_real_escape_string($connection, $_POST["email"]);
$pw1 = mysqli_real_escape_string($connection, $_POST["pw1"]);
$query = "INSERT INTO 'users' ('id','name', 'surname', 'username', 'email', 'password') VALUES (NULL,'$name', '$surname', '$username', '$email', '$pw1')";
$result = mysqli_query($connection, $query);
if(!$result){
echo ("fail");
}
I test if the query has worked using if(!$result){ echo ("fail");} and it echoes fail every time and no data is inserted into the database every time! I have checked the syntax and i believe it is correct... could this be because of the database "collation"?
You should not use the single quote at the table or field name. You have to use a Backtick (like ``) which is located in under Esc key or left side of 1 Key or upper side of Tab key. It should looks like:
$query = "INSERT INTO `users` (`id`, `name`, `surname`, `username`, `email`,
`password`) VALUES ('null', '$name', '$surname', '$username', '$email', '$pw1')";
or
$query = "INSERT INTO users (id, name, surname, username, email,
password) VALUES ('null', '$name', '$surname', '$username', '$email', '$pw1')";
Note: If your id field is already set auto increment then you can remove id and value null. Because id value will automatically increment.
Hope it will helpful.
Related
I tried everything I could to fix the link of code but everything I tried gave me a white screen I know that this line of code is the only code is the only one that has a syntax error and the rest of the code is 100% fine. I am trying to insert name, email, password from a Form using $_POST and with md5 hashing for the password.
$link = connect to mySQL Database
$query="INSERT INTO 'users' ('name', 'email', 'password')
VALUES(
'".mysqli_real_escape_string($link, $_POST['name'])"',
'".mysqli_real_escape_string($link, $_POST['email'])."',
'".md5(md5($_POST['email']).$_POST['password'])."')";
Why don't you make it simple instead? Something like:
$name = mysqli_real_escape_string($link, $_POST['name']);
$mail = mysqli_real_escape_string($link, $_POST['email']);
$pass = md5(md5($_POST['email']).$_POST['password']);
$query="INSERT INTO `users` (`name`, `email`, `password`) VALUES('$name','$mail', '$pass')";
You missed a dot:
$query="INSERT INTO users (name, email, password)
VALUES('" . mysqli_real_escape_string($link, $_POST['name']) . "', '" . mysqli_real_escape_string($link, $_POST['email']) . "', '" . md5(md5($_POST['email']) . $_POST['password']) . "')";
query="INSERT INTO `users` (`name`, `email`, `password`)
VALUES(
'".mysqli_real_escape_string($link, $_POST['name'])"',
'".mysqli_real_escape_string($link, $_POST['email'])."',
'".md5(md5($_POST['email']).$_POST['password'])."')";
Try the following:
$name = mysqli_real_escape_string($link, $_POST['name']);
$email = mysqli_real_escape_string($link, $_POST['email']);
$password = hash('sha512', md5( md5( $_POST['email'] ).$_POST['password'] ) );
$query = "INSERT INTO `users` (`name`, `email`, `password`) VALUES('$name','$email', '$password')";
Note the backticks around table and column names. Also note the difference in echoing the following:
echo 'hashed: '.hash('sha512', md5( md5( $_POST['email'] ).$_POST['password'] ) ).'<br>md5(): '.md5( md5( $_POST['email'] ).$_POST['password'] );
In the first line of VALUES() you've missed a point.
Incorrect:
'".mysqli_real_escape_string($link, $_POST['name'])"',
Correct:
'".mysqli_real_escape_string($link, $_POST['name'])."',
Here's a rough (untested) sample of how your statement could look as a prepared statement.
$stmt = mysqli_prepare($link,
"INSERT INTO `users` (`name`, `email`, `password`) VALUES (?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sss', $_POST['name'], $_POST['email'], md5(md5($_POST['email']).$_POST['password']));
//mysqli_stmt_execute($stmt); //<--to execute query, use where you execute
Here's the manual's reference on it, http://php.net/manual/en/mysqli-stmt.bind-param.php.
I want to get the last id inserted but i don;t know how to get it in oracle. Any help will be appreciated. Below is my query.
$query = oci_parse($con,"INSERT INTO USER_LOGIN (USERNAME, PASSWORD, CNIC, ROLE_ID, PICTURE)
VALUES ('$Username', '$Password', '$CNIC', '$Role', '$Filename')");
Get above id: (don't know)
$OK = oci_parse($con,"SELECT LAST_INSERT_ID() FROM USER_LOGIN");
oci_execute($OK);
$row = oci_fetch_array($OK, OCI_ASSOC + OCI_RETURN_NULLS);
if($row)
{
$USERID = $row['USER_ID'];
}
It's not clear what you are trying to achieve (see Justin's questions). But if you want the trigger populated id of the user_login table back to your code you can use the returning clause.
$query = oci_parse($con,"INSERT INTO USER_LOGIN (USERNAME, PASSWORD, CNIC, ROLE_ID, PICTURE)
VALUES ('$Username', '$Password', '$CNIC', '$Role', '$Filename')
RETURNING YOUR_ID
INTO :LAST_INS_ID");
oci_bind_by_name($query, ':LAST_INS_ID', $theNewID, 8);
I want to do a query on a sql database, but I don't know how to define the array index as it is inside a string.
For example:
$query ="INSERT INTO Users(firstName, lastName, emailAddress, password) VALUE($_POST[firstname], $_POST[lastname], $_POST[email], $_POST[password])";
mysqli_query($link, $query);
I tried putting single quotes around the index like I would do normally but my text editor(vim) is putting a redblock around it. So I'm guessing that I'm doing something wrong.If I put double quotes around the index the left hand square bracket of goes red. If I don't put any quotes around them as in the example above I get undefined index.
You can escape your variables like this
// http://php.net/manual/en/language.types.string.php
$query ="INSERT INTO Users(firstName, lastName, emailAddress, password) VALUES ('".$_POST['firstname']."', '".$_POST['lastname']."', '".$_POST['email']."', '".$_POST['password']."')";
mysqli_query($link, $query);
or you can use mysqli_prepare
// http://php.net/manual/en/mysqli-stmt.bind-param.php
$query = "INSERT INTO Users (firstName, lastName, emailAddress, password) VALUES (?, ?, ?, ?)";
$stmt = mysqli_prepare($link, $query);
mysqli_stmt_bind_param($stmt, 'ssss'; $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['password']);
$query ="INSERT INTO Users(firstName, lastName, emailAddress, password) VALUE('".$_POST['firstname']."', '".$_POST['lastname']."', '".$_POST['email']."', '".$_POST['password']."')";
You can make query like
$fname = $_POST['firstname'];
$lname = $_POST['lastname'];
$email = $_POST['email'];
$pass = $_POST['password'];
$query="insert into person_info(firstName, lastName, emailAddress, password) values('".$fname."','".$lname."','".$email."','".$pass."')";
I hope it helps you
My connection to database works properly, but when I Send some information it does not update.
$name = mysql_escape_string($_POST['name']);
$mail = mysql_escape_string($_POST['mail1']);
$pass = mysql_escape_string($_POST['pass1']);
mysql_query("INSERT INTO `usrs` (`id`, `username`, `email`, `password`) VALUES (`NULL`, `$name`, `$mail`, `$pass`)");
I use to check data tables by:
MariaDB [BattleShip]> SELECT * FROM usrs;
output from this:
EMPTY set (0.00sec)
If your id is auto increment, don't include this column in query
...and replace value quote by '
mysql_query("INSERT INTO `usrs` (`username`, `email`, `password`) VALUES ('$name', '$mail', '$pass')");
This php insert query is not working in MYSQL xampp. I couldn't find any error
QUERY:
$query = "INSERT INTO member (id, username,fname,lname,email, password, salt )
VALUES ( '$username', '$password', '$email', '$salt' )";
you are missing $fname, $lname in query also use NULL for id if auto incremented
$query = "INSERT INTO member (id, username,fname,lname,email, password, salt )
VALUES (NULL, '$username', '$fname', '$lname', '$password', '$email', '$salt' )";
you are passing wrong number of column names.your correct query should look like this:
$query = "INSERT INTO member (username,password,email,salt )
VALUES ( '$username', '$password', '$email', '$salt' )";
You are not inserting values to all the columns specified in the query.
In your query
$query = "INSERT INTO member (id, username,fname,lname,email, password, salt )
VALUES ( '$username', '$password', '$email', '$salt' )";
You are specifying 7 columns and only 4 values .So either add more values or remove unnecessary columns specified in the query like
$query = "INSERT INTO member (username, password,email, salt )
VALUES ( '$username', '$password', '$email', '$salt' )";
OR
$query = "INSERT INTO member (id, username,fname,lname,email, password, salt )
VALUES ('$id', '$username','$fname','$lname','$email', '$password', '$salt' )";