I am trying to insert data submitted in a form, into a MySQL Database, and I can't see the problem in my code(except for MySQL injection, that I will work to resolve after actually being able to insert any data). I have searched in Stack Overflow, and found someone who probably worked by the same manual, but I work in localhost, he's on GoDaddy. The solution given there doesn't work for me.
Here is my code for the HTML and the PHP code:
<?php
require'connection/connect.php';
?>
<?php
if(isset($_POST['Register'])){
session_start();
$Fname = $_POST['FirstName'];
$Lname = $_POST['LastName'];
$Email = $_POST['Email'];
$pw = $_POST['Password'];
$sql= $con->query("INSERT INTO user (Fname,Lname,Email,Password) values('{$Fname}', '{$Lname}', '{$Email}', '{$pw}')");
}
?>
<!DOCTYPE html >
<html>
<head>
<link href="css/Master.css" rel="stylesheet" type="text/css" />
<link href="css/Menu.css" rel="stylesheet" type="text/css" />
<title>Register</title>
</head>
<body>
<div class="container">
<div class="header">
</div>
<div class="menu">
<div id="NavBar">
<nav>
<ul>
<li>
Login
</li>
<li>
Register
</li>
</ul>
</nav>
</div>
</div>
<div class="leftBody"></div>
<div class="rightBody">
<form action="" method="post" name="RegisterForm" id="RegisterForm">
<div class="FormElement">
<input name="FirstName" id="FirstName" type="text" placeholder="First Name" class="TField">
</div><br>
<div class="FormElement">
<input name="LastName" id="LastName" type="text" placeholder="Last Name" class="TField">
</div><br>
<div class="FormElement">
<input name="Email" id="Email" type="email" placeholder="E-Mail" class="TField">
</div><br>
<div class="FormElement">
<input name="Password" id="Password" type="password" placeholder="Password" class="TField">
</div><br>
<input name="Register" id="Register" type="button" value="Register" class="regButton">
</form>
</div>
<div class="footer"></div>
</div>
</body>
</html>
And this is my connection.php file:
That it does show that it connects.
<?php
$host="localhost";
$username="root";
$password="";
$dataBase="users";
$con=mysqli_connect($host,$username,$password,$dataBase);
if (!$con) {
die("Could not connect: " . mysqli_error());
}
echo "Connected successfully";
?>
And a picture of my database in phpMyAdmin:
Database
I have tried also using this line like this for some reason, but to no avail.:
$sql= $con->query("INSERT INTO user
(Fname,Lname,Email,Password)
values ('Fname', 'Lname', 'Email', 'pw')");
i didn't see submit button that actually submit the form. So if i am not wrong please try to use
<input name="Register" id="Register" type="submit" value="Register" class="regButton">
your code should be run
$sql= $con->query("INSERT INTO user
(Fname,Lname,Email,Password)
VALUES('$Fname', '$Lname', '$Email', '$pw')");
Related
This is an update query for a simple crud im a beginner and it doesnt seem to work.I have tried multiple ways but it just doesnt work the $value seems to be null and it redirects towrds the unsuccessful page
<?php
include 'db.php';
if(isset($_GET['updte']))
{
$id=$_GET['id'];
$name = $_GET['name'];
$email=$_GET['email'];
$password=$_GET['pass'];
$sql2="UPDATE `users` SET `name` = '$name', `email` = '$email', `password` = '$password' WHERE `users`.`id` =$id";
$val=$db->query($sql2);
if ($val){
header('Location:show.php');
}
else{
header('Location:nsuccess.php');
}
}
<!doctype html>
<?php include 'db.php';
$id=$_GET['id'];
$sql="select * from users where id='$id'";
$rows=$db->query($sql);
$row=$rows->fetch_assoc();
?>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<title>List</title>
</head>
<body>
<div class="container">
<div class="row" style="margin-top: 70px;">
<h1 class="text-center">All Users List</h1>
<div class="col-md-10 col-md-offset-1">
<table class="table">
<hr><br>
<form method="get" action="up.php">
<div class="form-group">
<h1><?php echo $row['id'];?></h1>
<label>Name</label>
<input type="text" required name="name" value="<?php echo $row['name'];?>" class="form-control">
<label>Email</label>
<input type="email" required name="email" value="<?php echo $row['email'];?>" class="form-control">
<label>Password</label>
<input type="password" required name="pass" value="<?php echo $row['password'];?>" class="form-control">
</div>
<input type="submit" name="updte" value="Update" class="btn btn-success">
</form>
</table>
<button onclick="history.go(-1);" class="btn btn-primary">Back </button>
</div>
</div>
</div>
</body>
</html>
Just want the values to be updated
For one, you have #password in your update statement instead of $password.
DB might be looking for it's own variable that's not been set
First and very important: You are wide open for SQL injections.
Then any user can override any user settings by providing a combination of id, name, mail and password simply by editing the URL.
You used #password instead of $password.
This question already has answers here:
Difference between <input type='button' /> and <input type='submit' />
(4 answers)
Closed 5 years ago.
im a learning HTML, PHP and mysql and i have been following a few tutorials as i learn by doing not by researching. I have an issue with the website i have followed the tutorial to the end and no matter how many times i go through i cannot find a single issue, error reporting doesnt show any errors either.
ill give you the code however i dont want someone to fix my mistake and send the code back, I would much rarther someone point out where my mistake is and explain my mistake for me to fix. Thank you in advance.
<?php
error_reporting(E_ALL);
define('DB_HOST', 'localhost');
define('DB_NAME', 'website');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
$con = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (isset($_POST['Register'])) {
if (!empty($_POST['Email'])) {
$query = mysqli_prepare($con, "SELECT * FROM users WHERE Email = ?");
mysqli_stmt_bind_param($query, "s", $_POST['Email']);
mysqli_stmt_execute($query);
mysqli_stmt_store_result($query);
if(mysqli_stmt_num_rows($query) != 0)
{
echo "SORRY...YOU ARE ALREADY REGISTERED USER...";
}
else
{
$query = mysqli_prepare($con, "INSERT INTO user (First_Name,Last_Name,Email,Password) VALUES ($First_Name, $Last_Name, $Email, $Password)");
mysqli_stmt_bind_param($query, "ssss", $_POST['First_Name'], $_POST['Last_Name'], $_POST['Email'], $_POST['Password']);
mysqli_stmt_execute($query);
echo "REGISTRATION SUCCESSFUL";
}
}
}
?>
<!doctype html>
<html>
<head>
<link href="CSS/master.css" rel="stylesheet" type="text/css" />
<link href="CSS/menu.css" rel="stylesheet" type="text/css" />
<meta charset="utf-8">
<title>Adult Gaming Underground</title>
</head>
<body>
<div class="Container">
<div class='Header'></div>
<div class="Menu"
<ul id="nav">
<li>Home</li>
<li><a class="hsubs" href="#">Meet the team</a>
</li>
<li><a class="hsubs" href="#">Reviews</a>
<ul class="subs">
<li>Reviews</li>
<li>Hints & Tips</li>
</ul>
</li>
<li><a class="hsubs" href="#">Charity Events</a></li>
<li>Store</li>
<li>About Us</li>
<li>Account
<ul class="subs">
<li>LogIn</li>
<li>Register</li>
<li>Reset Password</li>
</ul>
</li>
</ul>
</div>
<div class='LeftBody'></div>
<div class='RightBody'>
<form id="RegisterForm" method="POST" name="RegisterForm">
<div class="FormElement">
<input name="First_Name" type="text" required="required" class="TField" id="First_Name" placeholder="First Name">
</div>
<div class="FormElement">
<input name="Last_Name" type="text" required="required" class="TField" id="Last_Name" placeholder="Last Name">
</div>
<div class="FormElement">
<input name="Email" type="email" required="required" class="TField" id="Email" placeholder="Email">
</div>
<div class="FormElement">
<input name="Password" type="password" required="required" class="TField" id="Password" placeholder="Password">
</div>
<div class="FormElement">
<input name="Register" type="button" class="button" id="Register" value="Register">
</div>
</form>
</div>
<div class='Footer'></div>
</div>
</body>
</html>
Change your input type button to submit
<input name="Register" type="submit" class="button" id="Register" value="Register">
When trying to submit my form I get the following error message:
Notice: Undefined index: application_results in C:\xampp\htdocs\cas\insert.php
This is my form php code:
<!DOCTYPE html>
<html lang="en">
<head>
<title>CAS Application</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap /3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body style="background-color:#FF9933">
<div class="container" >
<form action="insert.php" method="post" class="form-horizontal" role="form" enctype="multipart/form-data">
<h2 style="text-align:center">Application Form</h2>
</div>
<div class="form-group">
<label for="surname" class="col-sm-3 control-label">Surname</label>
<div class="col-sm-9">
<input type="text" name="surname" id="surname" placeholder="Surname" class="form-control" autofocus>
</div>
</div>
<div class="form-group">
<label for="firstName" class="col-sm-3 control-label">First Name</label>
<div class="col-sm-9">
<input type="text" name="first_name" id="first_name" placeholder="First Name" class="form-control" autofocus>
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-3 control-label">Email</label>
<div class="col-sm-9">
<input type="text" id="email" placeholder="Email" class="form-control" name="email">
</div>
</div>
<div class="col-sm-offset-3">
<h2>Application Results</h2>
<label for="application_results">Please upload your application results here:</label>
<input type="file" name="application_results" ><br>
</div>
<div class="form-group">
<div class="col-sm-6 col-sm-offset-3">
<button type="submit" class="btn btn-primary btn-block" name="submit">Submit</button>
</div>
</div>
</form>
</div>
</body>
</html>
<?php
$con = mysql_connect("localhost","root","");
mysql_select_db("cas",$con);
if(isset($_POST['submit'])) {
$file = rand(1000,100000). "-".$_FILES['application_results']['name'];
$file_loc = $_FILES['application_results']['tmp_name'];
$folder="application_results";
if(move_uploaded_file($file)) {
$sql="INSERT INTO applications (application_results) VALUES ($application_results)";
mysql_query($sql);
}
}
?>
This is my code for insertion:
<?php
$link = mysqli_connect("localhost", "root", "", "cas");
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$surname = mysqli_real_escape_string($link, $_REQUEST['surname']);
$first_name = mysqli_real_escape_string($link, $_REQUEST['first_name']);
$email = mysqli_real_escape_string($link, $_REQUEST['email']);
$application_results = mysqli_real_escape_string($link, $_REQUEST['application_results']);
// attempt insert query execution
$sql = "INSERT INTO applications ( surname, first_name,
email, application_results )
VALUES ('$surname', '$first_name', '$email', $application_results )";
if(mysqli_query($link, $sql)){
echo "Your application has been submitted.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
What I am actually trying to accomplish is after insertion when calling an applications.php page details of the applicant must be displayed together with the uploaded file for reading. I suspect most of the uploaded files will be in pdf.
My PHP page is unable to pick values from HTML form. It's sending blank strings to database. Here is my HTML and PHP code. Please find error. I am new to PHP, unable to solve the problem.
my html page:
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>LOGIN</title>
<link rel="stylesheet" href="css/reset.css">
<link rel='stylesheet prefetch' href='http://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900|RobotoDraft:400,100,300,500,700,900'>
<link rel='stylesheet prefetch' href='http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css'>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<!-- Mixins-->
<!-- Pen Title-->
<div class="pen-title">
<h1>SYNCHPHONY</h1>
</div>
<div class="rerun">Rerun Pen</div>
<div class="container">
<div class="card"></div>
<div class="card">
<h1 class="title">Login</h1>
<form name="login" action="login.php" method="POST">
<div class="input-container">
<input type="text" id="loginid" required="required"/>
<label for="loginid">Login ID</label>
<div class="bar"></div>
</div>
<div class="input-container">
<input type="password" id="password" required="required"/>
<label for="password">Password</label>
<div class="bar"></div>
</div>
<div class="button-container">
<button><span>Go</span></button>
</div>
</form>
</div>
<div class="card alt">
<div class="toggle"></div>
<h1 class="title">Register
<div class="close"></div>
</h1>
<form name="register" action="register.php" method="POST">
<div class="input-container">
<input type="text" id="loginid" required="loginid"/>
<label for="loginid">Login ID</label>
<div class="bar"></div>
</div>
<div class="input-container">
<input type="password" id="password" required="required"/>
<label for="password">Password</label>
<div class="bar"></div>
</div>
<div class="button-container">
<button value'submitb'><span>Next</span></button>
</div>
</form>
</div>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
my php page:
**strong text** <?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "syncphony";
$loginid="";
$password="";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['loginid'])){ $loginid = $_POST['loginid']; }
if(isset($_POST['password'])){ $password = $_POST['password']; }
// Escape user inputs for security
$loginid = mysqli_real_escape_string($conn,$loginid);
$password = mysqli_real_escape_string($conn,$password);
// attempt insert query execution
$sql = "INSERT INTO users (loginid, password ) VALUES ('$loginid', '$password')";
if(mysqli_query($conn, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
}
// close connection
mysqli_close($conn);
?>
The inputs inside your form tag do not have names. Try this for login:
<input type="text" id="loginid" required="required" name="loginid"/>
and this for password:
<input type="password" id="password" required="required" name="password"/>
It would be nice if you would protect your users against XSS attacks and to use encryption when you store a password. Also, you should structure your code and make sure your HTML is valid.
I am creating a user profile update page for the user logged in to edit their name, email, and profile picture. I have the text updating successfully, but I cannot get the picture update to work. There is no error produced, but the field in the DB changes from null to " " (blank). I have pasted my update account page code below, any help figuring out what is going wrong would be greatly appreciated!
<?php require 'Assets/Connections/Connections.php'; ?>
<?php session_start();
if(isset($_SESSION["UserID"])){
}else{
header('Location: LogIn.php');
die();
}
?>
<?php
$User = $_SESSION["UserID"];
$result = $con->query("SELECT * FROM user WHERE UserID ='$User'");
$row = $result->fetch_array(MYSQLI_BOTH);
$_SESSION["FirstName"] = $row['Fname'];
$_SESSION["LastName"] = $row['Lname'];
$_SESSION["Email"] = $row['Email'];
$_SESSION["PW"] = $row['Password'];
#$_SESSION["Picture"] = $row['ProfilePicture'];
?>
<?php
if(isset($_POST['Update'])){
$UpdateFName = $_POST['FirstName'];
$UpdateLName = $_POST['LastName'];
$UpdateEmail = $_POST['Email'];
$UpdatePassword = $_POST['Password'];
$StorePassword = password_hash($UpdatePassword, PASSWORD_BCRYPT, array('cost' => 10));
move_uploaded_file($_FILES['file']['tmp_name'], 'Assests/Images/'.$_FILES['file']['name']);
#move_uploaded_file($_FILES['file']['tmp_name'],"Assets/Images/".$_FILES['file']['name']);
$sql = $con->query("UPDATE user SET Fname = '{$UpdateFName}', Lname = '{$UpdateLName}', Email = '{$UpdateEmail}', Password = '{$StorePassword}', ProfileImage = '".$_FILES['file']['name']."' WHERE UserID = $User");
header('Location: Account.php');
die();
}
?>
<!doctype html>
<html>
<head>
<link href="Assets/CSS/Master.css" rel="stylesheet" type="text/css" />
<link href="Assets/CSS/Menu.css" rel="stylesheet" type="text/css" />
<meta charset="utf-8">
<title>Update Account</title>
</head>
<body>
<div class="Container">
<div class="Header"></div>
<div class="Menu">
<div id="Menu">
<nav>
<ul class="cssmenu">
<li>Home</li>
<li>Account</li>
<li>Projects</li>
<li>Users</li>
<li>LogOut</li>
</ul>
</nav>
</div>
</div>
<div class="LeftBody"></div>
<div class="RightBody">
<form id="form1" name="form1" method="post">
<div class="FormElement">
<input name="FirstName" type="text" class="TField" id="FirstName" value="<?php echo $_SESSION["FirstName"]; ?>">
</div>
<div class="FormElement">
<input name="LastName" type="text" class="TField" id="LastName" value="<?php echo $_SESSION["LastName"]; ?>">
</div>
<div class="FormElement">
<input name="Email" type="email" class="TField" id="Email" value="<?php echo $_SESSION["Email"]; ?>">
</div>
<div class="FormElement">
<input name="Password" type="password" class="TField" id="Password" placeholder="Password" required="requried">
</div>
<div class="FormElement" action="" method="post" enctype="multipart/form-data">
<input type="file" name="file">
<br><br>
</div>
<div class="FormElement">
<input name="Update" type="submit" class="button" id="Update" value="Submit Changes">
</div>
</form>
</div>
<div class="Footer"></div>
</div>
</body>
</html>
Your form element need enctype="multipart/form-data" to upload files
You form tag would be
<form id="form1" name="form1" method="post" enctype="multipart/form-data">
Wraf off action="" method="post" enctype="multipart/form-data" from your div
<div class="FormElement" action="" method="post" enctype="multipart/form-data">
<input type="file" name="file">
<br><br>
</div>
These are form element. You mention these thingn in your form
<div class="FormElement">
<input type="file" name="file">
<br><br>
</div>
Read form
Problem with tour form tag, update by this
<form action="" method="post" enctype="multipart/form-data">