I'm attempting to access my database to see if the email has been
used previously. All my attempts have failed. I can get the form to
enter the information into the database but that is it. I'm very new
to PHP so any help is appreciated.
<?php
require 'database.php';
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password'])):
$sql = "INSERT INTO noodles_gamification (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ){;
$message = 'Successfully created new user';
}else {
$stmt = $conn->prepare('SELECT email FROM noodles_gamification WHERE email = :email');
$stmt->execute(array(':email' => $_POST['email']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(!empty($row['email'])){
$error[] = 'email provided is already in use.';
}
}
endif;
?>
I think you need to check if email is already exist or not before inserting new record to database Just modify your if condition some think like
<?php
require 'database.php';
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password'])):
$stmt = $conn->prepare('SELECT email FROM noodles_gamification WHERE email = :email');
$stmt->execute(array(':email' => $_POST['email']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(!empty($row['email'])){
$error[] = 'email provided is already in use.';
} else {
$sql = "INSERT INTO noodles_gamification (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ){;
$message = 'Successfully created new user';
}
}
else {
}
endif;
?>
Related
My PDO query is not working for some reason, the page itself doesn't seem to have any error, I've been trying to fix this for like 2 months and nothing worked, I got this "final" code which not seems to have any errors and it's still not working.
<?php
require 'database.php';
$message = '';
if (!empty($_POST['username']) && !empty($_POST['email']) && !empty($_POST['phone']) && !empty($_POST['password'])) {
$sql = "INSERT INTO users (username, email, phone, password) VALUES (:username, :email, :phone, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':phone', $_POST['phone']);
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam(':password', $password);
$query = $con->prepare("SELECT username FROM users WHERE username = :username");
$query->bindParam(':username', $_POST['username']);
$query->execute();
if($query->rowCount() > 0){
?> Este usuario ya existe <?php
}
else {
if($stmt->execute()) {
header('Location: login.php');
}
else {
echo "OcurriĆ³ un error";
}
}
}
?>
I suppose that it's because you have used a inapropriate variable.
in initialisation of $stmt you used $conn and in $query you used $con
make sure to the rigth varaible
I have 2 tables that require insertion from a single form.
Table1 - user_info(user_id(primary), full_name, username, user_password, email)
Table 2 - user_personal_info(user_id(foreign), username(foreign), full_name(foreign), user_profession, user_phone, age)
The user_id is auto-increment.
I am trying to take the information received on the register form and insert them into each table. However, the first table takes all the information and the second one does not. I've tried doing two separate inserts with no success. Any help would be appreciated.
$full_name = $_POST['full_name'];
$username = $_POST['username'];
$email = $_POST['email'];
$user_password = $_POST['user_password'];
$password_hash = password_hash($user_password, PASSWORD_BCRYPT);
$id = $_SESSION['user_id'];
$user_profession = NULL;
$user_phone = NULL;
$age = NULL;
$query_user_info = $connection -> prepare("SELECT * FROM user_info WHERE EMAIL=:email");
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$query_user_info->execute();
if ($query_user_info-> rowCount() > 0) {
echo '<p class="error">The email address is already registered!</p>';
}
if ($query_user_info-> rowCount() == 0) {
$query_user_info = $connection->prepare("INSERT INTO user_info(full_name,username,user_password,email) VALUES (:full_name, :username, :password_hash,:email)");
$query_user_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_info->bindParam("password_hash", $password_hash, PDO::PARAM_STR);
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$result = $query_user_info->execute();
$query_user_personal_info = $connection->prepare ("INSERT INTO user_personal_info(user_id,full_name, username, email, user_profession, user_phone, age) VALUES (:id, :full_name, :username, :email, :user_profession, :user_phone, :age)");
$query_user_personal_info->bindParam("user_id", $id, PDO::PARAM_INT);
$query_user_personal_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_personal_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_personal_info->bindParam("email", $email, PDO::PARAM_STR);
$query_user_personal_info->bindParam("user_profession", $user_profession, PDO::PARAM_STR);
$query_user_personal_info->bindParam("user_phone", $user_phone, PDO::PARAM_INT);
$query_user_personal_info->bindParam("age", $age, PDO::PARAM_INT);
$result2 = $query_user_personal_info->execute();
if ($result) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">Something went wrong!</p>';
}
if ($result2) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">no bueno :(</p>';
}
}
Shouldn't you be getting the inserted ID from the user_info table?
Try this
$full_name = $_POST['full_name'];
$username = $_POST['username'];
$email = $_POST['email'];
$user_password = $_POST['user_password'];
$password_hash = password_hash($user_password, PASSWORD_BCRYPT);
$user_profession = NULL;
$user_phone = NULL;
$age = NULL;
$query_user_info = $connection -> prepare("SELECT * FROM user_info WHERE EMAIL=:email");
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$query_user_info->execute();
if ($query_user_info-> rowCount() > 0) {
echo '<p class="error">The email address is already registered!</p>';
}
if ($query_user_info-> rowCount() == 0) {
$query_user_info = $connection->prepare("INSERT INTO user_info(full_name,username,user_password,email) VALUES (:full_name, :username, :password_hash,:email)");
$query_user_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_info->bindParam("password_hash", $password_hash, PDO::PARAM_STR);
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$result = $query_user_info->execute();
$id = $query_user_info->lastInsertId();
$query_user_personal_info = $connection->prepare ("INSERT INTO user_personal_info(user_id,full_name, username, email, user_profession, user_phone, age) VALUES (:id, :full_name, :username, :email, :user_profession, :user_phone, :age)");
$query_user_personal_info->bindParam("user_id", $id, PDO::PARAM_INT);
$query_user_personal_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_personal_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_personal_info->bindParam("email", $email, PDO::PARAM_STR);
$query_user_personal_info->bindParam("user_profession", $user_profession, PDO::PARAM_STR);
$query_user_personal_info->bindParam("user_phone", $user_phone, PDO::PARAM_INT);
$query_user_personal_info->bindParam("age", $age, PDO::PARAM_INT);
$result2 = $query_user_personal_info->execute();
if ($result) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">Something went wrong!</p>';
}
if ($result2) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">no bueno :(</p>';
}
}
Also, are $user_profession, $user_phone, and $age required in your database? If not, then you don't need those values to insert into your table if they just default to null values.
Try changing it to this
$full_name = $_POST['full_name'];
$username = $_POST['username'];
$email = $_POST['email'];
$user_password = $_POST['user_password'];
$password_hash = password_hash($user_password, PASSWORD_BCRYPT);
$query_user_info = $connection -> prepare("SELECT * FROM user_info WHERE EMAIL=:email");
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$query_user_info->execute();
if ($query_user_info-> rowCount() > 0) {
echo '<p class="error">The email address is already registered!</p>';
}
if ($query_user_info-> rowCount() == 0) {
$query_user_info = $connection->prepare("INSERT INTO user_info(full_name,username,user_password,email) VALUES (:full_name, :username, :password_hash,:email)");
$query_user_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_info->bindParam("password_hash", $password_hash, PDO::PARAM_STR);
$query_user_info->bindParam("email", $email, PDO::PARAM_STR);
$result = $query_user_info->execute();
$id = $query_user_info->lastInsertId();
$query_user_personal_info = $connection->prepare ("INSERT INTO user_personal_info(user_id,full_name, username, email) VALUES (:id, :full_name, :username, :email)");
$query_user_personal_info->bindParam("user_id", $id, PDO::PARAM_INT);
$query_user_personal_info->bindParam("full_name", $full_name, PDO::PARAM_STR);
$query_user_personal_info->bindParam("username", $username, PDO::PARAM_STR);
$query_user_personal_info->bindParam("email", $email, PDO::PARAM_STR);
$result2 = $query_user_personal_info->execute();
if ($result) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">Something went wrong!</p>';
}
if ($result2) { // create a profile page.
echo '<p class="success">Your registration was successful!</p>';
} else {
echo '<p class="error">no bueno :(</p>';
}
}
I'm trying to implement the function where it will check whether if the user already exists in my database be for it will insert all the registration data but it doesn't seem to work =( could someone please help me identify where the error is. really appreciate all the answer in advance.
<?php
require '../ppuyakul/php/db_conn.php';
$message = '';
//Prepare date
$DOB = date("Y-m-d", strtotime( $_POST['year'].'-'. $_POST['month'].'-'. $_POST['day']));
$accessType = "0";
//Check enpty field
if(!empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['fullname']) && !empty($_POST['username']) && !empty($_POST['password_confirmation']) && !empty($_POST['gender']) && !empty($_POST['country']) && !empty($_POST['state']) && !empty($_POST['city']) && !empty($_POST['day']) && !empty($_POST['month']) && !empty($_POST['year'])):
// Enter the new user in the database
$sql = "INSERT INTO assignment2 (fullname, username, email, password, gender, country, state, city, DOB, type) VALUES (:fullname, :username, :email, :password, :gender, :country, :state, :city, :DOB, :type)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':fullname', $_POST['fullname']);
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
$stmt->bindParam(':gender', $_POST['gender']);
$stmt->bindParam(':country', $_POST['country']);
$stmt->bindParam(':state', $_POST['state']);
$stmt->bindParam(':city', $_POST['city']);
$stmt->bindParam(':DOB', $DOB);
$stmt->bindParam(':type', $accessType);
$chk = $conn->prepare("SELECT username FROM assignment2 WHERE username = :name");
$chk->bindParam(':name', $username);
$chk->execute();
if($chk->rowCount() > 0):
$message = 'Error ! ! User already exists';
else:
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;
endif;
?>
According to #Paul T. I finally found the solution here is the final code, thanks so much again for your help #Paul T.
$username = $_POST['username'];
$chk = $conn->prepare("SELECT username FROM assignment2 WHERE username = :name");
$chk->bindParam(':name', $username);
$chk->execute();
if($chk->rowCount() > 0):
$message = 'Error ! ! User already exists';
else:
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;
endif;
Right now I am trying to set up a user registration page, and I've been having trouble with verifying that the e-mail is not already in use. I figured all I had to do was make a query to my database to check and see if the e-mail was already in use. This seems pretty straight forward, so I don't know why it's giving me such a problem.
I've read several posts, and tried several approaches with PDO and mysqli, but I have still yet to get this script to function properly. Any help would be greatly appreciated.
<?php
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: /");
}
require 'database.php';
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password'])&& !empty($_POST['firstname'])&& !empty($_POST['lastname'])&& !empty($_POST['phone'])&& !empty($_POST['address'])&& !empty($_POST['city'])&& !empty($_POST['zip'])):
//check to see if e-mail is already being used
//This method always says that the email is already in use, even if I am entering a new one.
/*
$records = $conn->prepare('SELECT * FROM users WHERE email = :email');
$records->bindParam(':email', $_POST['email']);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);
if( count($results) > 0){
$message = "Sorry, that E-mail address is already registered to an account.";
}
*/
//this one never says that the email is in use.
/*
$email = $_POST['email'];
$query = mysqli_query($conn, "SELECT * FROM users WHERE email='".$email."'");
if(mysqli_num_rows($query) > 0){
$message = "Sorry, that E-mail address is already registered to an account.";
}
*/
//this was the last method I tried, and it also never says that the email is in use.
try{
$stmt2 = $conn->prepare('SELECT `email` FROM `user` WHERE email = ?');
$stmt2->bindParam(1, $_POST['email']);
$stmt2->execute();
while($row = $stmt2->fetch(PDO::FETCH_ASSOC)) {
}
}
catch(PDOException $e){
echo 'ERROR: ' . $e->getMessage();
}
if($stmt2->rowCount() > 0){
//echo "The record exists!";
$message = "Sorry, that E-mail address is already registered to an account.";
}
else{
// Enter the new user in the database
$sql = "INSERT INTO users (email, password, firstname, lastname, phone, address, city, zip) VALUES (:email, :password, :firstname, :lastname, :phone, :address, :city, :zip)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
$stmt->bindParam(':firstname', $_POST['firstname']);
$stmt->bindParam(':lastname', $_POST['lastname']);
$stmt->bindParam(':phone', $_POST['phone']);
$stmt->bindParam(':address', $_POST['address']);
$stmt->bindParam(':city', $_POST['city']);
$stmt->bindParam(':zip', $_POST['zip']);
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
}
endif;
?>
When doing COUNT(*) the server(MySQL) will only allocate memory to store the result of the count and its faster too.
this part of your code that must be corrected:
$records = $conn->prepare('SELECT count(*) FROM users WHERE email = :email');
$records->bindParam(':email', $_POST['email']);
$records->execute();
$results = $records->fetch(PDO::FETCH_NUM);
echo $results[0];
This is the section I use to add users.
<?php
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: ./index.php");
}
require 'conn.php';
$message = '';
if(!empty($_POST['name']) &&!empty($_POST['email']) && !empty($_POST['password'])):
// Enter the new user in the database
$sql = "INSERT INTO users (name, email, password) VALUES (:name,:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindValue(':name', $_POST['name']);
$stmt->bindValue(':email', $_POST['email']);
$stmt->bindValue(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;
?>
I personally do it by using a query and an if statement
$query = $conn->prepare("SELECT * FROM users WHERE email = :email");
$query->bindParam(':email', $_POST['email']);
if ($query->rowcount() = 0)
{
// insert account into database
}
else {
// display error message
}
To check if the email exists or not, you have to write a query whether that email is stored in the database. If the query result is not empty, you can show a message that the email exists. If the query result is empty, you can make him a new user.
For that you have to write this query
$sql="select name from user where email='$email'";
$stmt = $conn->prepare($sql);
if ($stmt->rowcount() = 0)
{
$sql = "INSERT INTO users (name, email, password) VALUES (:name,:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindValue(':name', $_POST['name']);
$stmt->bindValue(':email', $_POST['email']);
$stmt->bindValue(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
}
else {
$msg="Email already exists";
}