hi guys thanks if you can tell me what error i need help guys thanks for help me
<?php
$servername = "localhost"; $username = "root"; $password = "";
$dbname = "kurd";
mysql_connect("localhost","root","","kurd") or die ("not connect data base");
mysql_select_db("kurd") or die ("no found table");
if(isset($_POST['submit'])){
$name = $_POST['name'];$lastname = $_POST['lastname'];
$password =_POST['password'];
$query =" INSERT INTO kurdstan (name,lastname,password) VALUES ('$name','$lastname','$password')";
if(mysql_query($query)){
echo "<h3>THANKS FOR INSERT DATA GOOD LUCK</h3>";
}
}
?>
In your code add an else to,
if(mysql_query($query)){
echo "<h3>THANKS FOR INSERT DATA GOOD LUCK</h3>";
}
resulting in,
if(mysql_query($query)){
echo "<h3>THANKS FOR INSERT DATA GOOD LUCK</h3>";
}
else {
echo 'MYSQL Error: ' . mysql_error();
}
and you will probably see an error instead of your message which should help you to track down the problem.
NOTE
The mysql extension is now depreciated, you should use mysqli http://php.net/manual/en/book.mysqli.php or PDO http://php.net/manual/en/book.pdo.php. You should also read up on SQL injection - your data needs escaping before being used in a query string.
Related
for some reason my login script in php keeps returning invalid results, I'm using PHPMYADMIN to handle the database and mysqli to connect however whenever I submit the data though a HTML form the values always return false even if the correct username and password combo is working.
<?php
$username = $_POST["username"];
$password = $_POST["password"];
$con = mysql_connect("localhost","cnathanielwcol","","login");
if(! $con){die('Connection Failed'.mysql_error());}
$result = mysqli_query("SELECT * FROM login");
$row = mysql_fetch_array($result);
var_dump($row);
if ($row["username"]==$username) {
echo "Correct Username<br>";
} else {
echo "Wrong Username<br>";
}
if ($row["password"]==$password) {
echo "Correct Password<br>";
} else {
echo "Wrong Password<br>";
}
echo "<br><br>Username Submited Via HTML: <b>" . $username . "</b>";
echo "<br>Password Submited Via HTML: <b>" . $password . "</b>";
?>
MySQL is deprecated from new version of PHP use
$con = mysqli_connect("localhost","cnathanielwcol","FKxIHHoWWtd4Q","login");
Firstly, you need to select a single row, not all the rows in your table, you'd do that by specifying a WHERE clause, currently, you are trying to compare an array of values to a string which should be throwing an error if error reporting is enabled.
Secondly, you are mixing to different APIs, mysql_* is not mysqli_*.
Thirdly, it doesn't seems as though you are hashing your passwords, please, do so.
Fourthly, make use of prepared statements, it seems as though you are still learning so it would be best to start using them now.
Reading Material
OWASP's Password Storage Cheat Sheet
OWASP's PHP Security Cheat Sheet
Could you use mysqli_* please? You might be having a problem with your html form maybe
Change
$con = mysql_connect("localhost","cnathanielwcol","FKxIHHoWWtd4Q","login");
With
$con = mysqli_connect("localhost","cnathanielwcol","FKxIHHoWWtd4Q","login");
Your are trying to fetch the data with mysqli and your database connection is established by mysql
your full code:
$username = $_POST["username"];
$password = $_POST["password"];
$con = mysqli_connect("localhost","cnathanielwcol","","login") or die('connection is not establised'.mysqli_error($con));
$result = mysqli_query($con,"SELECT * FROM login WHERE username='$username' AND password='$password'");
$rowCheck=mysqli_num_rows($result);
if ($rowCheck>0) {
// fetch all data
//start session
echo "you are logged in ";
}
else{
echo 'username or password did not match';
}
Use hash password.your code is not safe.
GYZ i dont know why data is not inserting in my data base #Mysql
. infact im using mysqli_connect and mysql_connect both ,I'm still facing same prob ..this is my code:
<?php
$servername = 'localhost';
$username = 'root';
$password = '';
$db='school';
#mysqli_connect($servername, $username, $password);
#mysqli_select_db($db); //or die ('not Connect to db ');
if(isset($_GET['submit'])) {
$sid= $_GET['sid'];
$sname= $_GET['sname'];
$fname= $_GET['fname'];
$order= #mysqli_query("insert into school (sid,sname,fname) values ('$sid','$sname','$fname');");
if ($order) {
echo '<br>Input data is successful';
} else {
echo '<br>Input data is not valid';
}
} ?>
I revisited the question and posted the following, seeing that nobody posted one.
You didn't pass the db connection to mysqli_select_db() nor for mysqli_query() and need to assign a variable to the connection first.
Both of those require it in mysqli_ and you may have been accustomed to mysql_ in the past. MySQLi_ is different than MySQL_ when it comes to certain functions that needs a connection.
Sidenote: The # symbol is an error suppressor. Remove it during testing/development.
Another sidenote: Both your database and table bear the same name of school. Make sure that this is correct.
<?php
$servername = 'localhost';
$username = 'root';
$password = '';
$db='school';
$connect = mysqli_connect($servername, $username, $password, $db);
if($connect){
echo "Connected";
}
else {
echo "Error: " . mysqli_error($connect);
}
// This isn't needed. You can pass all 4 parameters in one shot.
// $database = mysqli_select_db($connect, $db); //or die ('not Connect to db ');
if(isset($_GET['submit'])) {
$sid= $_GET['sid'];
$sname= $_GET['sname'];
$fname= $_GET['fname'];
$order= mysqli_query($connect, "INSERT INTO school (sid,sname,fname) VALUES ('$sid','$sname','$fname');");
if ($order) {
echo '<br>Input data is successful.';
} else {
// Uncomment the one below once everything is ok.
// echo '<br>Input data is not valid.';
// Comment this below once there are no errors.
echo "There was an error: " . mysqli_error($connect);
}
}
References:
http://php.net/manual/en/function.mysqli-connect.php
http://php.net/manual/en/mysqli.select-db.php
http://php.net/manual/en/mysqli.query.php
Check for errors also via PHP and the query:
http://php.net/manual/en/mysqli.error.php
http://php.net/manual/en/function.error-reporting.php
And make sure you're running this off a webserver, or if local that PHP/MySQL are installed, running properly and using http://localhost as opposed to file:///.
Your code is also open to an SQL injection, use a prepared statement.
References:
https://en.wikipedia.org/wiki/SQL_injection
https://en.wikipedia.org/wiki/Prepared_statement
Footnotes:
You seem to want to use this in a table. <form> cannot be child of <table> if you are using those tags outside of the form which wasn't posted in your question; there are stray <td></td> tags.
I'm trying to display a message upon a successful user registration however what I have doesn't seem to be working and just submits/refreshes the page. No message pops up even though data has successful been entered into the SQL database. Any tips or ideas?
<?php
require('php/connect.php');
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO `user` (username, password, email) VALUES ('$username', '$password', '$email')";
$result = mysql_query($query);
if($result){
echo $msg = "Successful Registration!";
}
}
?>
Learning PHP currently so sorry if there's a really obvious answer here!
Edit: Forgot to include echo. Just needed a second pair of eyes, sorry guys. Thanks for the tips!
First of all have this on consideration:
If you're getting started on PHP, please stop using mysql. It's deprecated, instead, you can use either PDO or MySQLi
As for your issue, your message is not being printed. Please make sure you echo the $msg variable:
$msg = "Successful Registration!";
echo $msg;
In mysqli a standard connection would be:
$DBConnect = new mysqli('serverName', 'userName', 'userPassword', 'dbName');
And that's it, that's all you need to start querying your database using mysqli.
For a mysql connection, try debugging it, see if there's a connection:
$connection = mysql_connect('localhost', 'userName', 'userPassword');
if (!$connection) {
die('Could not connect: ' . mysql_error());
}
Try to echo message
if($result)
{
echo $msg = "Successful Registration!";
}
<?php
echo "Successfully registered!";
?>
I have no idea what's going on. I usually have simple sign in pages like this done very quickly but this one isn't working and I cannot spot the error.
<?php
$con=mysql_connect("db_server","db_user","db_pass","db");
if (!$con)
{
echo "Failed to connect to MySQL: " . mysql_error();
}
$username = $_GET['username'];
$password = $_GET['password'];
$query="SELECT username FROM users ";
//$query.="WHERE `username`=".$username;
//$query.=" AND `password`=".$password;
echo "query=".$query."<br/>";
$result = mysql_query($query, $con);
echo "result=".$result."<br/>";
if($result){
$row = mysql_fetch_assoc($result);
$data = $row['username'];
echo "data=".$data;
}else{
echo "something went wrong:".mysql_error();
}
mysql_close($con);
?>
im using mysql_* instead of mysqli_* as the server im running it on is 5.2; not sure if that is relevant but I was getting an unrecognized function error originally.
There is only one entry in the database. As I said, I use the regular SQL code through phpmyadmin and i get the results i need.
Also not sure if relevant. I'm echoing $result and nothing comes out. Isnt it supposed to echo "false"?
You have a major error in your logic, for one. If there is an error connecting to MySQL, you print the error, but yet proceed to query the broken connection - you are also not selecting a database.
Also, this approach is for PHP4. Unless you are stuck in PHP4 on this project, moving into the PHP5 world would be a good idea.
I recommend looking into PDO:
http://www.php.net/manual/en/book.pdo.php
As for not getting errors, check your error_reporting and display_errors settings in your .ini
Try this one.
<?php
$con=mysql_connect("db_server","db_user","db_pass");
mysql_select_db("db");
if (!$con)
{
echo "Failed to connect to MySQL: " . mysql_error();
}
$username = $_GET['username'];
$password = $_GET['password'];
$query=mysql_query("SELECT username FROM users");
if($query){
$row = mysql_fetch_assoc($query);
$data = $row['username'];
echo $data;
}else{
echo "something went wrong:".mysql_error();
}
mysql_close($con);
?>
I'm trying to look up user's username using $_GET but not actually seing the result of the query. Here's the code:
<?php
$host = "localhost";
$username = "root";
$password = "toor"; // :)
$database = "db";
$link = mysql_connect($host, $username, $password);
if(!$link){
exit('Could not connect to database: '. mysql_error());
}
$email = mysql_real_escape_string(htmlspecialchars(stripslashes($_GET["e"])));
$query = "SELECT username FROM cc_card WHERE email = '$email'";
$result = mysql_query($query);
if(mysql_num_rows($result)){
$user = mysql_fetch_assoc($result);
echo $user['username'];
} else {
echo "Something's wrong";
}
it's only returnung "Something's wrong". I wanted it to display the username field of the cc_card table where email = email. What am I doing wrong?
If you're getting "Something's wrong" from the posted code it means nowhere in the cc_card table does the email column match the email value you specify in your query.
You need to verify that the contents of your sanitized $email variable do, in fact, exist somewhere in the table. Try:
} else {
echo "Something's wrong";
var_dump($email);
}
To see the contents of the sanitized $email variable and manually query the database from the shell (or phpmyadmin or whatever) to find whether the value you're specifying exists or not. I'm betting it doesn't exist.
You'd better add the error check after the query.
if (!$result) {
die('Error: ' . mysql_error());
}
If no error, then it means there is no matched email in your database.