So here is what I'm trying to do. I'm trying to take information that has been entered on MySQL database and display it in an php file. With my code I've included below I am able to view the data for one user I login with, but once I logout and login with a different user the old users information is still displayed there is no update for the new users information. I also have made sure to end the session by creating a logout button which I have also included below.
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "****";
$dbname = "database";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, username, passcode, email, Address, City, Country, Zip, FirstName, LastName, About FROM admin WHERE ";
$result = $conn->query($sql);
$row = $result->fetch_assoc();
?>
Snippet of my HTML
<html>
div class="form-group">
<label for="exampleInputEmail1">Email address</label>
<input type="email" class="form-control" placeholder="Email" value="<?php echo $row["email"]; ?>">
</div>
<html>
Logout php code
<?php
session_start();
session_destroy();
header("Location: index.php");
?>
change your sql query to this:
$sql = "SELECT id, username, passcode, email, Address, City, Country, Zip, FirstName, LastName, About FROM admin WHERE username = <variable_having_user_name_value>";
In case of other identifier than username (like email or id):
$sql = "SELECT id, username, passcode, email, Address, City, Country, Zip, FirstName, LastName, About FROM admin WHERE < identifier > = <variable_having_identifier_value>";
$sql = "SELECT id, username, passcode, email, Address, City, Country, Zip, FirstName, LastName, About FROM admin WHERE ";
$result = $conn->query($sql);
There is no WHERE data in your SQL. So I guess MySQL give you always the same user.
You need to provide a condition like :
// Get your user's profile data (from session for exemple)
$email = $_SESSION['email'];
$passcode = your_cypher_function($_SESSION['passcode']);
// Then complete your query
$sql = "SELECT id, username, passcode, email, Address, City, Country, Zip, FirstName, LastName, About FROM admin WHERE email = $email AND passcode = $passcode";
Don't forget to protect your data from SQL injection. I gave you an easy exemple for quick testing.
Related
When I submit a form I get form submit success, but I cant see the data in database
Am using Hostinger phpmyAdmin
Name:
Email address:
Phone:
Twitter:
Comment:
if(isset($_POST['submit'])){
define('DB_NAME','u111425464_arub');
define('DB_USER','u111425464_arub');
define('DB_PASSWORD','');
define('DB_HOST','localhost');
$conn = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);
if(!$conn){
die('Sorry, we could not connect at this time:'.mysql_error());
}
$db_selected=mysql_select_db(DB_NAME, $conn);
if(!$db_selected){
die('Cannot use'.DB_NAME.':'.mysql_error());
}
mysql_select_db("users", $conn);
$sql = "INSERT INTO usercontacts (ID, name, email, phone, twitter, comment) VALUES ('$_POST[name]', '$_POST[email]', '$_POST[phone]', '$_POST[twitter]', '$_POST[comment]')";
mysql_query($sql,$conn);
mysql_close($conn);
}
No data in database
First thing you have used two times select db. Verify both. Next try with quotes like.
If id is auto increment then no need to pass id.
$sql = "INSERT INTO users (ID, ==name, email, phone, twitter, comment)
VALUES ('".$_POST["name"]."','".$_POST["email"]."','".$_POST["phone"]."','".$_POST["twitter"]."','".$_POST["comment"]."')";
Here is my main PHP code:
<?php
define('dbServer', 'localhost');
$dbUsername = 'root';
$dbPassword = '';
define('dbName', '1');
$dbConnection = mysqli_connect(dbServer, $dbUsername, $dbPassword, dbName);
if(!$dbConnection){
die("Unsuccessful Connection: " . mysqli_connect_error());
}
// All user data will be taken from the form //
$emailAddress = $_POST['emailaddress'];
$firstName = $_POST['firstname'];
$lastName = $_POST['lastname'];
$streetAddress = $_POST['streetaddress'];
$phoneNumber = $_POST['phonenumber'];
$comments = $_POST['comments'];
$sql = "INSERT INTO user-submission (email, firstName, lastName, address, phoneNumber, comment) VALUES ('$emailAddress', '$firstName', '$lastName', '$streetAddress', '$phoneNumber', '$comments')";
$result = mysqli_query($dbConnection, $sql);
if (!$result){
die('Error: ' . mysqli_connect_error());
}
?>
My SQL database contains the rows ID, email, firstName, lastName, address, phoneNumber, comment. They are in a database called '1' (for testing purposes) and a table called 'user-submission'.
I have been unable to query this information into my table. I have been successful prior to this on other SQL and PHP pairings. What am I doing wrong this time?
Add this right below the opening php tag at the top then the server will tell you what the error is. Copy the error here if you need help decyfering
error_reporting( E_ALL );
First you need to make changes so hackers don't abuse your code.
Just wait till johnny;drop tables; comes by and wipes out your database.
// All user data will be taken from the form //
$emailAddress = mysqli_real_escape_string($dbConnections,$_POST['emailaddress']);
$firstName = mysqli_real_escape_string($dbConnections,$_POST['firstname']);
$lastName = mysqli_real_escape_string($dbConnections,$_POST['lastname']);
$streetAddress = mysqli_real_escape_string($dbConnections,$_POST['streetaddress']);
$phoneNumber = mysqli_real_escape_string($dbConnections,$_POST['phonenumber']);
$comments = mysqli_real_escape_string($dbConnections,$_POST['comments']);
$sql = "INSERT INTO `user-submission` (email, firstName, lastName, address, phoneNumber, comment) VALUES (?,?,?,?,?,?)";
$prep=$dbConnections->prepare($sql);
$prep->bind_param("ssssss",$emailAddress,$firstName,$lastName,$streetAddress,$phoneNumber,$comments);
#actually puts everything together, and puts it in the database
$prep-execute();
This may be the most simplest errors ever but I've written a registration script.. which I would say looks okay.. only issue is that it won't insert data... it still prints a message saying registration successful but no data actually goes into the database... see code below:
<?php
include("dbconfig.php");
if(isset($_POST['register'])){
if(empty($_POST['first-name']) or empty($_POST['last-name']) or empty($_POST['email-address']) or empty($_POST['reg-username']) or empty($_POST['reg-pass'])){
header("location:index-login-page.php?msg0=Please complete the required fields.");
}
else {
$fname = $_POST['first-name'];
$lname = $_POST['last-name'];
$email = $_POST['email-address'];
$username = $_POST['reg-username'];
$pass = $_POST['reg-pass'];
$checkusername = mysql_query("SELECT username FROM users WHERE username = '$username'");
$checkemail = mysql_query("SELECT email FROM users WHERE email = '$email'");
$resultusername = mysql_num_rows($checkusername);
$resultemail = mysql_num_rows($checkemail);
if( (($resultusername) ==1) or ($resultemail)==1){
header("location:index-login-page.php?msg1= Username or email address already exists.");
}
elseif( (($resultusername) == 0) && ($resultemail) ==0) {
$insertquery =("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
header("location:index-login-page.php?msg1= Registration successful, please login.");
}
}
}
?>
Please do let me know what the error is (if there is one) because I can't seem to find it. Thanks.
Sohail.
$insertquery = ("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
Should be:
$insertquery = mysql_query("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
I have to warn you though: this is considered bad practice, you need to sanitize your database input
My code seems to be functioning properly (i dont get any erros) but the INSERT INTO query doesnt seem to be working as the data is never being put into the database.
Here is the code:
EDIT: i edited the code slightly so it would make logical sense but it still doesn't add the data to the table. (I even removed the if statement completely and just left the query in and it didnt add it.)
<?php
//connect to user database
include("db_connect.php");
//set variables
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$date = date('Y/m/d H:i:s a');
//check if email exists
$db_query = "SELECT * FROM users WHERE email LIKE '$email'";
$db_result = mysql_query($db_query);
if(!$db_result)
{
$query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
mysql_query($query);
echo 'You have been successfully registered. Please Click Here to log in.';
}
else {
echo 'That email is already in use. Click Here to return to the sign up page.';
}
?>
You need to replace
if($email_taken)
with
if(mysql_num_rows($email_taken))
I would say it would be more like:
//check if email exists
$db_query = "SELECT * FROM users WHERE email='{$email}'";
$res = mysql_query($db_query);
$email_taken = mysql_num_rows($res);
if($email_taken == 1)
{
echo 'That email is already in use. Click Here to return to the sign up page.';
}
else {
$query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
mysql_query($query);
echo 'You have been successfully registered. Please Click Here to log in.';
}
i do have an additional column called "id" but it is a primary key with auto increment, if i put that in the values it adds the id but the the firstname data is always 0 and the firstname data enters the lastname and the lastname data enters the username and the username data enters the email field and the email data enters the password field and the password data enters the confirmpassword field and finally the confirmpassword data and country data enters the country field. Below are my codes
?>
<?php
//connection to the database server
$hostname="localhost";
$user="root";
$password="";
$connection = mysql_connect($hostname, $user, $password) or die ("cannot connect to mysql database server");
//selection of database
mysql_select_db("jewelgallery", $connection) or die ("cannot reach jewelgallery database");
$firstname = $_POST['firstName'];
$lastname = $_POST['lastName'];
$username = $_POST['username'];
$email = $_POST['email'];
$password1 =$_POST['password'];
$password2 =$_POST['confirmPassword'];
$country =$_POST['country'];
$sql2="select * from customer_account where username = '$username'";
$results = mysql_query($sql2, $connection) or die(mysql_error());
$numOfRecords1 = mysql_num_rows($results);
$_SESSION["username"] = $username;
if ($numOfRecords1 != 0)
{
echo "<h3>This Username ". $_SESSION["username"]." Has been chosen by another user</h3> <a href=registercustomer.html> Please Try Again </a>";
header("Refresh:5;url=registercustomer.html");
exit;
}
$sql="insert into customer_account(firstname, lastname, username, email, password, confirmpassword, country)
Values('$firstname', '$lastname', '$username', '$email', '$password1', '$password2' '$country')";
mysql_query($sql, $connection) or die(mysql_error());
mysql_close($connection);
echo "Registration Successful. <a href=../index.html> Continue </a>";
header("Refresh:5;url=../index.html");
?>
You're missing a comma:
'$password2' '$country')";
^^^^^
HERE
Corrected:
$sql="insert into customer_account(firstname, lastname, username, email, password, confirmpassword, country)
Values('$firstname', '$lastname', '$username', '$email', '$password1', '$password2', '$country')";