So when I want to retrieve data and check it i.e. if the email already exist echo already registered. That part works fine, however inserting the same data does not work. Are my conditionals ordered improperly?
(intentionally left out values for the dbhostname id pw variables)
$dbname = "hw2";
$link = mysqli_connect($dbhostname, $dbuserid, $dbpassword, $dbname);
$firstname = $_POST["signup-firstname"];
$lastname = $_POST["signup-lastname"];
$email = $_POST["signup-email"];
$password = $_POST["signup-password"];
$repassword = $_POST["signup-repassword"];
if ($password != $repassword){
echo "<br><h3>Passwords did not match. <br>Please try again.</h3>";
}
else {
$ret_email = "SELECT * FROM hw2 WHERE email = '$email'";
$result = mysqli_query($link, $ret_email);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0){
echo "This email is already registered.";
}
else{
$insert_query = "INSERT INTO hw2 (firstname, lastname, email, password, repassword) VALUES ('$firstname', '$lastname', '$email', '$password', '$repassword')";
echo "$insert_query";
}
}
?>
You should perform the query not only echoing it
mysqli_query($con,"INSERT INTO Persons (FirstName,LastName,Age)
if ($num_rows > 0){
echo "This email is already registered.";
}
else{
$insert_query = "INSERT INTO hw2 (firstname, lastname, email, password, repassword) VALUES ('$firstname', '$lastname', '$email', '$password', '$repassword')";
echo "$insert_query";
mysqli_query($link,$insert_query)
}
Related
I have a registration page, which is tied to this process.php code below. When I run this code, it returns "Error". Did I make a mistake somewhere?
<?php
require_once ('newmeowconnection.php');
if (isset($_POST['form_input']) && $_POST['form_input'] == 'registration') {
registerUser();
}
function registerUser() {
$query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at)
VALUES('{$_POST['first_name']}','{$_POST['last_name']}','{$_POST['email']}', '{$_POST['password']}', NOW(), NOW())";
$run = mysqli_query($query);
if ($run) {
$_SESSION['loggedin'] = TRUE;
$_SESSION['user'] = $_POST['email'];
header('Location: http://localhost/homepage.php');
} else {
echo 'Error';
}
}
?>
mysqli_query need run on connection object or pass connection to it:
$run = mysqli->query($connection, $query);
or
$run = $connection->query($query);
The problem is you are using single quotes-inside single-quotes. For instance '{$_POST['first_name']}' is read as {$_POST[ being one thing first_name as a SQL variable and ]} another string.
Try the following
...
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at) VALUES('{$first_name}','{$last_name}','{$email}', '{$password}', NOW(), NOW())";
...
I'm trying to insert values from a register form to the database but I keep getting the message 'User Registration Failed', and I don't know why.
<?php
include("home.html");
require('connect.php');
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')";
$result = mysqli_query($connection, $query);
if($result)
{
$smsg = "User Created Successfully";
}
else
{
$fmsg ="User Registration Failed";
}
}
i'm new to this PHP please help me here i'm unable to insert values into table.
But if i gave values directly to insert command in place of variables it works.
<?php
include ("db.php");
$msg = "";
if(isset($_POST["submit"]))
{
$name = $_POST["name"];
$email = $_POST["email"];
$password = $_POST["password"];
$name = mysqli_real_escape_string($db, $name);
$email = mysqli_real_escape_string($db, $email);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql="SELECT email FROM users2 WHERE email='$email'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
if(mysqli_num_rows($result) == 1)
{
$msg = "Sorry...This email already exist...";
}
else
{
$query = mysqli_query($db, "INSERT INTO users2 (name, email, password)VALUES ('$name', '$email', '$password')");
if($query)
{
$msg = "Thank You! you are now registered.";
}
}
}
?>
$sql = "INSERT INTO users2 (name, email, password) VALUES (?,?,?)";
if (!$stmt = $db->prepare($sql)) {
die($db->error);
}
$stmt->bind_param("sss", $name, $email, $password);
if (!$stmt->execute()) {
die($stmt->error);
}
I don't know what is the problem in my above question but
i used the above query instead of the one i used the in question and Boom it is a success.
if any one of you know whats the problem in the question please let me know.
You have to concat the variable in string of insert not just put as variable
$query = mysqli_query($db,"INSERT INTO users2 (name, email, password)VALUES ('".$name."', '".$email."', '".$password."')")
or
$query = mysqli_query($db,"INSERT INTO users2 (name, email, password)VALUES ('{$name}', '{$email}', '{$password}')")
You should use prepare statement for this mysql_real_escape_string-versus-Prepared-Statements
Never use md5() is-md5-considered-insecure
Prefer password_hash() or password_verify() Manuel
``
Not sure why but when I hit submit on register form it wont insert data into database, it performs the last else statement at the bottom by redirecting to signup success page which confuses me. I had it working but I did something and I cant figure out what is wrong..
<?php
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = md5($_POST['password']);
$email = $_POST['email'];
$Fname = $_POST['Fname'];
$Lname = $_POST['Lname'];
$Display1 = $_POST['Display1'];
$Display2 = $_POST['Display2'];
$query = mysql_query("SELECT * FROM users WHERE username ='$username'");
if(empty($username) or empty($password) or empty($email) or empty($Fname) or empty($Lname) or empty($Display1)) {
echo '<p>Fields Empty!</p>';
} else if(mysql_num_rows($query) > 0){
$query = mysql_query("SELECT * FROM users WHERE username ='$username' AND password ='$password'");
echo'<p>Username or Password Already Exists!</p>';
} else {
mysql_query("INSERT INTO users VALUES('', '$username', '$password', '2', 'a', '$Fname', '$Lname', '$email', '$Display1', '$Display2')");
$subject = "Membership Confirmation";
$message = "Hello, You have registered an account on Joepepjoepep.com";
$from = "From: joepep235#gmail.com";
header("location:signuppayment.php");
mail($email, $subject, $message, $from);
}
}
?>
Create a unique key for your username field in the table definition.
Then a username can only be once in the table and a second insert query with the same username will fail with a specific error code. (and you avoid the race condition because of your multiple queries)
You can check for that error code and then display the "username already in use" error message.
Try this:
You forgot to put the rows you need to be inserted in your database.
mysql_query("INSERT INTO users VALUES('', '$username', '$password', '2', 'a', '$Fname', '$Lname', '$email', '$Display1', '$Display2')");
Change this into something like this:
mysql_query("INSERT INTO users(id, username, password, Display1, Display2, email, Fname, Lname, user_level, type) VALUES ('', '$username', '$password', '$Display1', '$Display2', '$email', '$Fname', '$Lname', '2', 'a')");
and so apply this in your code:
<?php
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = md5($_POST['password']);
$email = $_POST['email'];
$Fname = $_POST['Fname'];
$Lname = $_POST['Lname'];
$Display1 = $_POST['Display1'];
$Display2 = $_POST['Display2'];
$query = mysql_query("SELECT * FROM users WHERE username ='$username'");
if((empty($username)) || (empty($password)) || (empty($email)) || (empty($Fname)) || (empty($Lname)) || (empty($Display1))) {
echo '<p>Fields Empty!</p>';
} else if(mysql_num_rows($query) > 0){
$query = mysql_query("SELECT * FROM users WHERE username ='$username' AND password ='$password'");
echo'<p>Username or Password Already Exists!</p>';
} else {
mysql_query("INSERT INTO users(id, username, password, Display1, Display2, email, Fname, Lname, user_level, type) VALUES ('', '$username', '$password', '$Display1', '$Display2', '$email', '$Fname', '$Lname', '2', 'a')");
$subject = "Membership Confirmation";
$message = "Hello, You have registered an account on Joepepjoepep.com";
$from = "From: joepep235#gmail.com";
header("location:signuppayment.php");
mail($email, $subject, $message, $from);
}
}
?>
Hope this helps.
I am attempting to write a user registration system for my web site.
I am running PHP 5 on my web server and am getting this error:
Parse error: syntax error, unexpected ';' in /nfs/.../processreg.php on line 18
Line 18:
if (mysql_num_rows($s?>0))
The rest of the code is this:
<?php
include("db.php");
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) {
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);
//Get MD5 hash of password
$password = md5($_POST['password']);
//Check to see if username exists
$sql = mysql_query("SELECT username FROM usersystem WHERE username = '".$username."'");
if(mysql_num_rows($s?>0)) {
die("Username taken.");
}
mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created.");
}
?>
I do not understand the error because there is not a ';' at the end of this line.
if (mysql_num_rows($s?>0))
should be
if (mysql_num_rows($sql) > 0)
and....
die (mysql_error()); echo "Account created.";)
should be
die (mysql_error()); echo "Account created.";
17 if (mysql_num_rows($s?>0))
Should be something like
17 if (mysql_num_rows($sql) > 0)
The issue being that that ?> in there actually matches your opening <?php declaration. Looks like you accidentally typed that in.
You've also got an error on your last line:
mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created.";)
This should be separated into two statements (you've got your echo statement inside the die())
mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error());
echo "Account created.";
if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) {
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);
//Get MD5 hash of password
$password = md5($_POST['password']);
// or as suggested sha1
$password = sha1($_POST['password']);
//Check to see if username exists
$sql = mysql_query("SELECT username FROM usersystem WHERE username = '".$username."'");
if(mysql_num_rows($sql) > 0)) {
echo "Username taken, try again";
} else {
mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( $username', '$password', '$email')") or die(mysql_error()));
echo "Account created.";
}
}
?>