I've combed through this site non-stop looking for the solution to my problems but have come up empty handed still.
Here's the problem, whenever I use the following INSERT INTO statement nothing is inserted into my database, the code runs without a hitch but at the end of the day my database is still empty(excluding values I manually inserted myself).
I would also like to point out that I ran a SELECT FROM statement that returned manually inserted values from the database nicely.
Anyway here's the code:
Connecting to database
$link = mysqli_connect("localhost", "root", "", "prototype");
Insert code
if ($error) echo "There were error(s) in your signup details:".$error;
else
{
$query = "SELECT * FROM `users` WHERE email = '".mysqli_real_escape_string($link, $_POST['email'])."'";
$result = mysqli_query($link, $query);
$results = mysqli_num_rows($result);
echo $results;
if ($results) echo " This email address is already taken. Would you like to log in?";
else
{
$query = "INSERT INTO `users`(`email`, `password`) VALUES ('".mysqli_real_escape_string($link, $_POST['email']).', '.md5(md5($_POST['email']).$_POST['password'])."')";
mysqli_query($link, $query);
echo "You've been registered!";
$_SESSION['id'] = mysqli_insert_id($link);
print_r($_SESSION);
// Redirect to logged in page
}
Try to change your insert query as below
$query = "INSERT INTO `users`(`email`, `password`) VALUES ('".mysqli_real_escape_string($link, $_POST['email'])."', '".md5(md5($_POST['email']).$_POST['password'])."')";
Related
I need to insert values into multiple table. Please correct my code because it just double the inserted value on table_attendace
if(isset($_POST['text']))
{
$text =$_POST['text'];
// insert query
$sql = "INSERT INTO table_attendance(NAME,TIMEIN) VALUES('$text',NOW())";
$query =mysqli_query($conn,$sql) or die(mysqli_error($conn));
if($query==1)
{
$ins="INSERT INTO table_attendancebackup(NAME,TIMEIN) VALUES('$text',NOW())";
$quey=mysqli_query($conn,$sql) or die(mysqli_error($conn));
if ($quey==1) {
$_SESSION['success'] = 'Action Done';
}else{
$_SESSION['error'] = $conn->error;
}
}
}
In the second query, you reused the first query $sql again, instead of using $ins.
It should be
$quey=mysqli_query($conn,$ins) or die(mysqli_error($conn));
you can write two queries in single variable with semicolon then you can save the same data in both table.
And
$quey=mysqli_query($conn,$sql) or die(mysqli_error($conn)); -> in this line you placed the $ins variable wrongly instead of $ins.
$sql = "INSERT INTO table_attendance(NAME,TIMEIN) VALUES('$text',NOW()); INSERT INTO table_ttendancebackup(NAME,TIMEIN) VALUES('$text',NOW())";
$query = mysqli_query($conn, $sql) or die(mysqli_error($conn));
This is my code, we have database called "our_new_database".
The connection is fine, as well as the HTML Form and credentials and I still cannot insert information into the database.
Table is created, I can see the columns and lines in XAMPP / phpMyAdmin.
The only error I'm getting is the last echo of the If/Else Statement - "Could not register".
Tried everything I can and still cannot make this insertion to work normally.
Can someone advise me something?
<?php
include "app".DIRECTORY_SEPARATOR."config.php";
include "app".DIRECTORY_SEPARATOR."db-connection.php";
include "app".DIRECTORY_SEPARATOR."form.php";
$foo_connection = db_connect($host, $user_name, $user_password, $dbname);
$sql = "CREATE TABLE user_info(
user_name_one VARCHAR(30) NOT NULL,
user_name_two VARCHAR(30) NOT NULL,
user_email VARCHAR(70) NOT NULL UNIQUE
)";
if(mysqli_query($foo_connection, $sql)){
echo "Table created successfully";
}
else {
echo "Error creating table - table already exist.".mysqli_connect_error($foo_connection);
}
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$user_name_one = $_POST["userOne"];
$user_name_two = $_POST["userTwo"];
$user_email = $_POST["userEmail"];
$sql = "INSERT INTO user_info (userOne,userTwo,userEmail) VALUES('".$_POST['userOne']."',('".$_POST['userTwo']."',('".$_POST['userEmail']."')";
if(mysqli_query($foo_connection,$sql))
{
echo "Successfully Registered";
}
else
{
echo "Could not register";
}
}
$foo_connection->close();
You should avoid the direct use of variables in SQL statements, instead, you should use parameterized queries.
This also should avoid the need to string concatenation and manipulation problems.
$stmt = $foo_connection->prepare("INSERT INTO user_info
(user_name_one,user_name_two,user_email))
VALUES(?,?,?)");
$stmt->bind_param('sss', $user_name_one, $user_name_two, $user_email );
$stmt->execute();
You need to change
$sql = "INSERT INTO user_info (userOne,userTwo,userEmail) VALUES('".$_POST['userOne']."',('".$_POST['userTwo']."',('".$_POST['userEmail']."')";
To
$sql = "INSERT INTO `user_info`(`user_name_one`,`user_name_two`,`user_emai`l) VALUES ('$user_name_one','$user_name_two','$user_email')";
remember you should use prepared query
$sql= $foo_connection->prepare("INSERT INTO user_info
(user_name_one,user_name_two,user_email))
VALUES(?,?,?)");
$sql->bind_param('sss', $user_name_one, $user_name_two, $user_email );
$sql->execute();
$sql = "INSERT INTO user_info (userOne,userTwo,userEmail) VALUES('".$_POST['userOne']."','".$_POST['userTwo']."','".$_POST['userEmail']."')";
I reckon your parentheses on this line:
$sql = "INSERT INTO user_info (userOne,userTwo,userEmail) VALUES('".$_POST['userOne']."',('".$_POST['userTwo']."',('".$_POST['userEmail']."')";
Do not match, it should look like something like this:
$sql = "INSERT INTO user_info (userOne,userTwo,userEmail) VALUES('".$_POST['userOne']."','".$_POST['userTwo']."','".$_POST['userEmail']."')";
Cause for know your query is:
"INSERT INTO user_info (userOne,userTwo,userEmail) VALUES('value',('value1',('value2')"
As said above you might use:
echo $foo_connection->error
To see some errors displayed
I am attempting to post a column into my database here as a test and I am unable to do so. I've used the code below and it doesn't seem to be posting. Unless I am missing a trick with PHPmyAdmin I cannot seem to get it working. Any chance anyone could help? Thanks in advance!
<?php
$link = mysqli_connect("XXXX", "XXXX",
"XXXX", "XXXX");
if (mysqli_connect_error ()) {
die("The connection has failed");
}
$query = "INSERT INTO `users` (`email`, `password`)
VALUES('owen#owen.com', 'hfudhf8ahdfufh')";
mysqli_query($link, $query);
$query = "SELECT * FROM users";
if($result = mysqli_query($link, $query)) {
$row = mysqli_fetch_array($result);
echo"Your Email is ".$row["email"];
echo" and your Password is ".$row["password"];
}
?>
The problem is that you're only fetching one row of results. Unless the table was empty before you ran the script, there's no reason to expect that row to be the one that you just added.
If the table has an auto-increment ID field, you can fetch that row:
$query = "SELECT * FROM users WHERE id = LAST_INSERT_ID()";
I have the php:
$con=mysqli_connect("127.0.0.1","foo","bar","quaz");
if($con){
$sql = "INSERT INTO `virtual_users` (`domain_id`, `password` , `email`)
VALUES ('2', ENCRYPT('".$password."', CONCAT('\$6\$', SUBSTRING(SHA(RAND()), -16))), '".$user."#".$domain."');";
$query = mysqli_query($con, $sql);
if(!$query){
echo $sql;
}else{
echo "Success adding new email user!";
}
}
For some reason when I run this query it always returns $sql. This means that the connection is fine but the query is not.
When I then run the the echo of $sql directly on the mysql database it works perfectly!! I have no idea what is going wrong! Any ideas?
That's because you should be outputting the reason for the failure, not the query that caused the failure:
$result = mysqli_query($con, $sql) or die(mysqli_error($con));
^^^^^^^^^^^^^^^^^^^^^^^^^^^
There's exactly ONE way for a query to succeed, and a near infinite number of ways for it to fail. Just having "valid" sql means nothing.
Some code starts with selecting data then check if row numbers are 0 to insert then continue the normal process. The problem is that the normal process is depending on the select statement which does not exist because it was stored before the insert. How can I refresh data request inside PHP without ajax or anything related to html? Here's an example to explain:
$user = $_GET['user']; // not stored user
$select = mysql_query("SELECT * FROM `table` WHERE username = ".$user);
$row = mysql_fetch_array($select);
$rownum = mysql_num_rows($select);
if(!$rownum){
mysql_query("INSERT INTO table (username, something) VALUES ('$user', 1)");
}
/* Here comes the problem */
if($row['something'] == 0){
die("Not found !"); // THIS if returns true since it was not found at first place before inserting
// i want it to refresh the $select data so it could be read as 1
}
How I solved it so far is by repeatedly using the $select and $row code below the insert statement
if(!$rownum){
mysql_query("INSERT INTO table (username, something) VALUES ('$user', 1)");
}
$select = mysql_query("SELECT * FROM `table` WHERE username = ".$user);
$row = mysql_fetch_array($select);
[..]
I want a simpler way to do this
If you know whats in the newly created record, you could just create a new array $row=array('username'->'bob', ...);
BUT if you have default values in the table, or add other things later, you going to have to do a second select.
$user=urldecode($_GET['user']);
$result=mysql_query("SELECT * FROM `table` WHERE username='".mysql_real_escape_string($user)."'");
if(!$result) die("SQL ERROR");
if(mysql_num_rows($result)>0)
{
$row = mysql_fetch_array($select);
}
else
{
mysql_query("INSERT INTO table (username, something) VALUES ('".mysql_real_escape_string($user)."', 1)");
$result=mysql_query("SELECT * FROM `table` WHERE username='".mysql_real_escape_string($user)."'");
if(!$result) die("SQL ERROR");
if(mysql_num_rows($result)==0) die("MAJOR ERRORS IN SQL");
$row = mysql_fetch_array($result);
}
I prefer to use $result as this is the result of you running the query.