I am not sure if I'm doing something wrong? Whenever I connect to the office wifi and test my apps registration features, the email section shows a different result from my input. Example if I enter test#test.com and the go into phpmyadmin to check, it will be test#nefiewx.legsq.nl3.gsr.awhoer.net. Is something wrong with my code or do I have to avoid using the wifi?
I had to use a vpn to access my phpmyadmin but I see that some of the address in the URL is similar to what has been entered into the database.
This is my insert code. Thank you
<?php
include '../configuration/credentials.php';
if($_SERVER['REQUEST_METHOD']=='POST'){
$conn = mysqli_connect(DB_SERVER,DB_USER,DB_PASSWORD,DB_DATABASE);
if($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
}
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$dateofbirth = $_POST["dateofbirth"];
$email = $_POST["email"];
$phone = $_POST["phone"];
$password = $_POST["password"];
$firstname = mysqli_real_escape_string($conn,trim($firstname));
$lastname = mysqli_real_escape_string($conn,trim($lastname));
$dateofbirth = mysqli_real_escape_string($conn,trim($dateofbirth));
$email = mysqli_real_escape_string($conn,trim($email));
$phone = mysqli_real_escape_string($conn,trim($phone));
$password = mysqli_real_escape_string($conn,trim($password));
$checkuserexistsquery = "SELECT email, phone FROM users WHERE email='$email' AND phone='$phone'";
$insertuserquery = "INSERT INTO users (firstname,lastname,dateofbirth,phone,email,password) VALUES ('$firstname','$lastname','$dateofbirth','$phone','$email','$password')";
$checkuserexistsresults = mysqli_query($conn,$checkuserexistsquery);
if($checkuserexistsresults===FALSE){
echo "Check user query failed";
}else{
$countcheckuserexistsresults = mysqli_num_rows($checkuserexistsresults);
if($countcheckuserexistsresults>0){
//user already exists
echo "User already exists";
while($row = $checkuserexistsresults->fetch_assoc()){
echo $row['email'];
echo $row['phone'];
}
}else{
//user doesn't exist
$insertuserresults = mysqli_query($conn,$insertuserquery);
if($insertuserresults===FALSE){
echo "Insert user query failed";
}else{
echo "Insert successful";
}
}
}
mysqli_close($conn);
}
?>
Hope I can get help with this
Related
<?php
$con = mysqli_connect("localhost","root","","social_network") or die("Connection was not established");
function InsertUser(){
global $con;
//if sign up button is pressed
if(isset($_POST['sign_up'])){
$name = $_POST['u_name'];
$pass = $_POST['u_pass'];
$email = $_POST['u_email'];
$country = $_POST['u_country'];
$gender = $_POST['u_gender'];
$b_day = $_POST['u_birthday'];
$name = $_POST['u_name'];
$date = date("d-m-y");
$status = "unverified";
$posts = "No";
//checks if the email already existist in the system
$get_email = "select * from users where user_email='$email'";
$run_email = mysqli_query($con,$get_email);
$check = mysqli_num_rows($run_email);
//if email validation
if ($check==1) {
echo "<script>alert('This email is already registered!, Try another one')</script>";
exit();
}
//password properties string length
if(strlen($pass)<8){
echo "<script>alert('Password should be minimum 8 characters')</script>";
exit();
}
else {
//inserting user input into the database
$insert = "INSERT INTO users (user_name,user_pass,user_email,user_country,user_gender,user_dob,user_image,register_date,last login,status,posts) VALUES ('$name','$pass','$email','$country','$gender','$b_day','default.jpg','$date','$date','$status','$posts')";
$run_insert = mysqli_query($con,$insert);
if($run_insert){
echo "<script>alert('Registration Successfull!')</script>";
}
}
}
}
?>
The mistake is in your query
cant give a column name like "last login"
Remove the space between and try to change the column name of "status" to anything else
I am trying to check to see if a username or email address already existed in my database. I can currently connect to my database and retrieve data from my registering form. However, my SQL statements are not able to check my database to see if the user exists or not. Any help is appreciated, thanks.
<?php
require 'database.php';
$conn = Connect();
if ($conn == true){
echo "Successfully connected to database. <br><br>";}
$username = $_POST['screenname'];
$password = $_POST['password'];
$email = $_POST['email'];
echo "$username<br>"; //just checkin if it can grab data
echo "$password<br>";
echo "$email<br>";
$sql=mysql_query("SELECT * FROM users WHERE screenname = '$username'");
if(mysql_num_rows($sql)>=1)
{
echo "Username already exists";
}
else
{
//insert query goes here
}
$sql2=mysql_query("SELECT * FROM users WHERE email = '$email'");
if(mysql_num_rows($sql2)>=1)
{
echo "Email already exists";
}
else
{
//insert query
}
?>
Logic, programming and security (SQL injection attack) bugs fixed:
<?php
require 'database.php';
$conn = Connect();
if ($conn == true){
echo "Successfully connected to database. <br><br>";
}
$username = $_POST['screenname'];
$password = $_POST['password'];
$email = $_POST['email'];
echo "$username<br>"; //just checkin if it can grab data
echo "$password<br>";
echo "$email<br>";
$sql= sprintf("SELECT * FROM users WHERE screenname='%s' OR email='%s'",
mysql_real_escape_string($username),
mysql_real_escape_string($email)
);
if(mysql_num_rows($sql)>=1)
{
echo "Username or e-mail already exists";
}
else
{
//insert query goes here
}
<?php
if(isset($_POST['btn-signup'])) {
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
$conn = new mysqli($servername, $username, $password, $dbname);
if($conn->connect_error)
{
die("Connection failed :" . $conn->connect_error);
}
$uname = trim($_POST['uname']);
$email = trim($_POST['email']);
$upass = trim($_POST['pass']);
$mobile = trim($_POST['mobile']);
$fee = trim($_POST['fee']);
$uname = strip_tags($uname);
$email = strip_tags($email);
$upass = strip_tags($upass);
$mobile = strip_tags($mobile);
$fee = strip_tags($fee);
$role = "user";
// check email exist or not
$query = "SELECT email FROM users WHERE email='$email'";
$result = mysqli_query($query);
$count = mysqli_num_rows($result); // if email not found then proceed
if ($count==0) {
$query = "INSERT INTO users(username,email,password,mobile,fee,role) VALUES('$uname','$email','$upass','$mobile','$fee','$role')";
$res = mysqli_query($query);
if ($res) {
$errTyp = "success";
$errMSG = "successfully registered, you may login now";
} else {
$errTyp = "danger";
$errMSG = "Something went wrong, try again later..." .mysql_error();
}
} else {
$errTyp = "warning";
$errMSG = "Sorry Email already in use ...";
}
mysqli_close($conn);
}
?>
whenever i click on submit button it always give me "something went wrong error" even i check for the error that has to be "sorry email already in use" but it always showing "something went wrong".
i use session also. i am newbie in php and creating a session based login system for different role such as admin and student.
please give me solution as soon as possible thank you :)
Use only "mysqli_" or "mysql_", recommended is "mysqli_"
You are connecting database with "mysqli_" and fetching the result set using "mysql_"
Learn the Difference MYSQL vs MYSQLi vs PDO
I have seen your code.
Please check the syntax of Insert query once , print the query and run in mysql db and see if it run fine or not.
I think this will resolve your issue.
I have made a registration PHP file that runs through an authentication and connects to my database that I made in phpMyAdmin. The problem is, I can put in the same username without consequence and it adds to the database, so I could put; dogs as the username and then again put the same.
How can I make it so the user is told; that username already exists choose another one.
Here's my php so far;
Also please tell me where to insert it.
<?php
require('db.php');
// If form submitted, insert values into the database.
if (isset($_POST['username'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$email = stripslashes($email);
$email = mysql_real_escape_string($email);
$password = stripslashes($password);
$password = mysql_real_escape_string($password);
$trn_date = date("Y-m-d H:i:s");
$query = "INSERT into `users` (username, password, email, trn_date) VALUES ('$username', '".md5($password)."', '$email', '$trn_date')";
$result = mysql_query($query);
if ($result) {
echo "<div class='form'><h3>You are registered successfully.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
} else {
?>
You should query the database before inserting any record (user) to users table.
Try the code below:
<?php
$username = mysql_real_escape_string( $username ); //Sql injection prevention
$existance = mysql_query("SELECT username FROM users WHERE username = '" . $username . "'");
if( !$existance ){
$query = "INSERT into `users` (username, password, email, trn_date) VALUES ('$username', '".md5($password)."', '$email', '$trn_date')";
$result = mysql_query( $query );
if ( $result ) {
echo "<div class='form'><h3>You are registered successfully.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
else{
//unsuccessful insertion
}
} else {
//the user existed already, choose another username
}
?>
Create an if-statement where you check if $username exists in the db. If it does, throw an error. If not, continue with the code.
Note
Your code is vulnerable to SQL-injection. Read this post: How can I prevent SQL injection in PHP?
Rewriting my entire answer to a working example. I'm going to assume your post variables are the same as mine: email, password, username
<?php
$errorMessage = "";
function quote_smart($value, $handle) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value, $handle) . "'";
}
return $value;
}
$email = $_POST['email'];
$password = $_POST['password'];
$username = $_POST['username'];
$email1 = $_POST['email'];
$username1 = $_POST['username'];
$password1 = $_POST['password'];
$email = htmlspecialchars($email);
$password = htmlspecialchars($password);
$username = htmlspecialchars($username);
$connect = mysql_connect("localhost","DBuser", "DBpassword");
if (!$connect) {
die(mysql_error());
}
mysql_select_db("DBName");
$results = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($row = mysql_fetch_array($results)) {
$kudots = $row['username']; }
if ($kudots != ""){
$errorMessage = "Username Already Taken";
$doNothing = 1;
}
$result = mysql_query("SELECT * FROM users WHERE email = '$email'");
while($row2 = mysql_fetch_array($results)) {
$kudots2 = $row2['email']; }
if ($kudots2 != ""){
$errorMessage = "Email Already in use";
$doNothing = 1;
}
//test to see if $errorMessage is blank
//if it is, then we can go ahead with the rest of the code
//if it's not, we can display the error
if ($errorMessage == "") {
$user_name = "DBUsername";
$pass_word = "DBPassword";
$database = "DBName";
$server = "localhost";
$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$email = quote_smart($email, $db_handle);
$password = quote_smart($password, $db_handle);
$username = quote_smart($username, $db_handle);
if ($username1 == ""){
$errorMessage = "You need a username";
}
if ($password1 == ""){
$errorMessage = $errorMessage . "<br>You need a password.";
}
if (!(isset($_POST['email']))){
$errorMessage = $errorMessage . "<br>You need an email.";
}
$SQL = "SELECT * FROM users WHERE email = $email";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);
if ($num_rows > 0) {
$errorMessage = "email already exists";
$doNothing = 1;
}
if ($errorMessage == "") {
$SQL = "INSERT INTO users (email, username, password) VALUES ($email, $username, $password)";
$result = mysql_query($SQL);
mysql_close($db_handle);
//=================================================================================
// START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login
// SEND USER TO A DIFFERENT PAGE AFTER SIGN UP
//=================================================================================
session_start();
$_SESSION['email'] = "$email1";
$_SESSION['password'] = "$password1";
header ("Location: myaccount.php");
else {
$errorMessage = "Database Not Found";
}
}
OK, now echo $errorMessage right below or above the form, to inform the user that the Email, or Username is taken. I'm pretty sure I have a duplicate function in here for the Email, but this code does work; disregard if somebody says it's vulnerable to SQL injection; this is a working EXAMPLE! If you want to do MySQL real escape string, just Google it. I had to rewrite a couple things because I don't want my full code on a public board, if for some odd reason this doesn't work; send me an eMail(canadezo121#gmail.com) and I'll send you the full page code. (Which WORKS!) This code will probably raise some concerns with other more professional coders, this example gives you a good logical viewpoint of what goes on and how it works. You can adjust it to MySQLi, PDO, etc as you get more familiar with PHP and MySQL.
1 you must verify if the username all ready exists in database (Select)
2 if not exists after you can insert the new user
I want to store user's contact no. from an android registration form in SQL database but it shows 'failure' instead of 'success' when i try to add $_post['contact'] code to my PHP file.
This is my PHP file.
register.php
<?php
define('HOST','mysql8.000webhost.com');
define('USER','a6293046_******');
define('PASS','*********');
define('DB','a6293046_insti');
$con = mysqli_connect(HOST,USER,PASS,DB);
$name = $_POST['name'];
$email = $_POST['email'];
$address = $_POST['address'];
$contact =(int)$_POST['contact'];
$institute = $_POST['institute'];
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','contact-no','$institute')";
if(mysqli_query($con,$sql)){
echo 'success';
}
else{
echo 'failure';
}
mysqli_close($con);
?>
Please tell me what i am doing wrong in it. thank you
<?php
define('HOST','mysql8.000webhost.com');
define('USER','a6293046_******');
define('PASS','*********');
define('DB','a6293046_insti');
$con = mysqli_connect(HOST,USER,PASS,DB);
$name = $_POST['name'];
$email = $_POST['email'];
$address = $_POST['address'];
$contact =$_POST['contact'];
$institute = $_POST['institute'];
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address',$contact,'$institute')";
$result=$con->query($sql);
if($result)
{
echo 'success';
}
else{
echo 'failure';
}
$con->close();
?>
remove the int for $POST_['contact'] and dnt use single quotes('') for $contact while inserting since it is a integer for string value you should give single quotes
Try this
<?php
define('HOST','mysql8.000webhost.com');
define('USER','a6293046_******');
define('PASS','*********');
define('DB','a6293046_insti');
$con = mysqli_connect(HOST,USER,PASS,DB);
//change 'somename' with the name of submit button!
if(isset($_POST['somename'])){
$error=0;
$name = $_POST['name'];
$email = $_POST['email'];
$address = $_POST['address'];
$contact = $_POST['contact'];
$institute = $_POST['institute'];
if(is_numeric($contact)){
$error=1;
}
if($error==1){
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','$contact','$institute')";
$insert= mysqli_query($con,$sql);
echo 'success';
}
else{
echo 'failure';
}
}
?>
this code will insert data in database only if $contact is numeric otherwise there will not be insert
'contact-no' is not variable.
change 'contact-no' to $contact
try this code
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','$contact','$institute')";
Offcoarse it will: you have an mistake in your SQL, you lost dollar sign and you should use $contact variable not $contact-no
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','$contact','$institute')";