There is my code of EDIT.php DB_Functions,and g.php..I'm not geting where is the fault is anyone here who can help me to find out mistake on my code
Every things happen as easy but change in table is not reflecting..my SQL query is working properly on XAMP server..
It may be silly mistake but not able to find it..
edit.php
<?php
//error_reporting(0);
include("class_db.php");
include_once('DB_Functions.php');
if (isset ($_GET['edit_id']))
{
$id=$_GET['edit_id'];
{
if(isset($_POST['nam']))
{
$id =($_POST['edit_id']);
$name=($_POST['name']);
$lastname=($_POST['lastname']);
$email=($_POST['email']);
$duser=($_POST['duser']);
$pass=($_POST['pass']);
$mob=($_POST['mob']);
$website=($_POST['website']);
$result = file_get_contents('http://localhost/rajju/demo/webservises/webservises/webservices/g.php?action=update_details&id='.$id.'&name='.$name.'&lastname='.$lastname.'&email='.$email.'&duser='.$duser.'&pass='.$pass.'&mob='.$mob.'&website='.$website);
$result = json_decode($result, true);
if($result == 'success'){
header("location:http://localhost/rajju/demo/webservises/webservises/webservices/list.php");
}
else{
print_r($result);
}
}
}
}
$select =mysql_query("select * from users where id=$id");
$var = mysql_fetch_object($select);
?>
DB_Functions.php
public function updateUser($id,$name,$lastname,$email,$duser,$pass,$mob,$website)
{
$app_list =mysql_query("UPDATE users SET name='".$name."',lastname='".$lastname."',email='".$email."',duser='".$duser."',pass='".$pass."',mob='".$mob."',website='".$website."' WHERE id='".$id."'");
if ($app_list) {
return true;
} else {
return false;
}
}
g.php
else if($tag == 'update_details')
{
$db = new DB_Functions();
//$id = ($_GET['id']);
$name=($_GET['name']);
$lastname=($_GET['lastname']);
$email=($_GET['email']);
$duser=($_GET['duser']);
$pass=($_GET['pass']);
$mob=($_GET['mob']);
$website=($_GET['website']);
//exit (json_encode($name));
if ($db ->updateUser($name,$lastname,$email,$duser,$pass,$mob,$website))
{
exit (json_encode('success'));
}else
{
exit (json_encode('errorzz'));
}
}
The following should work. Note this still wont totally protect you against xss and other attacks. However its a lot better than using mysql_query!! Additionally, you should sanatise and check your incoming $_GET params and Salt+Hash your passwords.
<?php
$conn = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$sql = "UPDATE users SET name=:name, lastname=:lastname, email=:email, duser=:duser, pass=:pass, mob=:mob, website=:website, WHERE id=:id";;
$st = $conn->prepare( $sql );
$st->bindValue(":name", $name, PDO::PARAM_STR);
$st->bindValue(":lastname", $lastname, PDO::PARAM_STR);
$st->bindValue(":email", $email, PDO::PARAM_STR);
$st->bindValue(":duser", $duser, PDO::PARAM_STR);
$st->bindValue(":pass", $pass, PDO::PARAM_STR);
$st->bindValue(":mob", $mob, PDO::PARAM_STR);
$st->bindValue(":website", $website, PDO::PARAM_STR);
$st->bindValue(":id", $id, PDO::PARAM_INT);
$st->execute();
?>
Related
can you help out a beginner trying to learn PHP? I wrote a code for changing password without any validations yet, just to change it and it does not work. It's been days I've been trying and couldn't figure out what's wrong. Thanks in advance.
id is variable name in database where id is kept.
db connection is done with first line and it definitely works.
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start();
print_r($_SESSION);
function changePSW()
{
//$password = $_POST['currPassword']; // required
$newPassword = $_POST['newPassword']; // required
//$newPassword2 = $_POST['NewPassword2']; // required
$newPasswordH = password_hash($newPassword, PASSWORD_DEFAULT);
echo($newPassword);
$id = $_SESSION['userID'];
echo($id);
// create PDO connection object
$dbConn = new DatabaseConnection();
$pdo = $dbConn->getConnection();
try {
$statement = $pdo->prepare("SELECT * FROM `users` WHERE id = :id LIMIT 1");
$statement->bindParam(':id', $id);
$statement->execute();
$result = $statement->fetchAll(PDO::FETCH_ASSOC);
echo "SADASDASD";
// no user matching the email
if (empty($result)) {
$_SESSION['error_message'] = 'Couldnt find user';
header('Location: /Online-store/userForm.php');
return;
}
$sql = "UPDATE users SET password=:newPasswordH WHERE id = :id";
// Prepare statement
$stmt = $pdo->prepare($sql);
echo "AFGHANIKO";
// execute the query
$update_status = $stmt->execute(array(':password' => $newPasswordH, ':id' => $id));
echo "IHAAA";
echo($update_status);
if ($update_status === TRUE) {
echo("Record updated successfully" . "\r\n");
echo nl2br("\nPassword: ");
echo ($newPassword);
echo nl2br("\nHashed Password: ");
echo ($newPasswordH);
return true;
} else {
echo "Error updating record";
die();
}
} catch (PDOException $e) {
// usually this error is logged in application log and we should return an error message that's meaninful to user
return $e->getMessage();
}
}
if($_SESSION['isLoggedIn'] == true) {
require_once("database/DatabaseConnection.php");
unset($_SESSION['success_message']);
unset($_SESSION['error_message']);
changePSW();
}
?>
$update_status = $stmt->execute(array(':newPasswordH' => $newPasswordH, ':id' => $id));
This is what I needed to have instead of
$update_status = $stmt->execute(array(':password' => $newPasswordH, ':id' => $id));
i am trying to test an api using postman , each time i try to signup i keep getting "unexpected e".
Don't really know what is going on
here is my code:
$app->post('/signup', function() {
$app = \Slim\Slim::getInstance();
$name = $app->request()->post('name');
$email = $app->request()->post('email');
$pass = $app->request()->post('pass');
$app->response->setStatus(200);
$app->response()->headers->set('Content-Type', 'application/json');
try
{
$db = getDB();
$sth = $db->prepare("select count(*) as count from user WHERE email=:email");
$sth->bindParam(':email', $email, PDO::PARAM_INT);
$sth->execute();
$row = $sth->fetch();
if($row['count']>0){
$output = array(
'status'=>"0",
'operation'=>"student already registered"
);
echo json_encode($output);
$db = null;
return;
}
else{
// where i try to insert values into my database.
$sth = $db->prepare("INSERT INTO user (name, email,password)
VALUES(:name,:email,:pass)");
$sth->bindParam(':name', $name, PDO::PARAM_INT);
$sth->bindParam(':email', $email, PDO::PARAM_INT);
$sth->bindParam(':pass', $pass, PDO::PARAM_INT);
$sth->execute();
$output = array(
'status'=>"1",
'operation'=>"success"
);
echo json_encode($output);
$db = null;
return;
}
}
catch(Exception $ex){
echo $ex;
}
});
"unexpected e" happens because Postman was expecting the output to be a JSON response.
When you get the response, click the 'Raw' or 'Preview' tab. Or choose one of the other formats from the drop-down menu. You'll see the rest of the response.
Here is the Problem, I want to create a Post-Method for my Webservice. I'm uing the Slim Framework with PHP7 and an SQLite3 Database. I have the following code implemented:
$app->post('/api/generalinformation', function ($request) {
try {
$db = new PDO("sqlite:D:/Schule/notfunk_app/IPNF.db") or die("Cannot open Database");
$query = "insert into nlv_GeneralInformation (SystemID, InformationID, Title, Description, Importance) values (:SystemID, :InformationID, :Title, :Description, :Importance);";
$stmt = $db->prepare($query);
if($stmt === false){
die("prepare() failed");
}
$SystemID = $request->getparsedBody()["SystemID"];
$InformationID = $request->getparsedBody()["InformationID"];
$Title = $request->getparsedBody()["Title"];
$Description = $request->getparsedBody()["Description"];
$Importance = $request->getparsedBody()["Importance"];
$stmt->bindParam(":SystemID", $SystemID, PDO::PARAM_INT);
$stmt->bindParam(":InformationID", $InformationID, PDO::PARAM_INT);
$stmt->bindParam(":Title", $Title, PDO::PARAM_STR);
$stmt->bindParam(":Description", $Description, PDO::PARAM_STR);
$stmt->bindParam(":Importance", $Importance, PDO::PARAM_INT);
$stmt->execute();
$db = null;
} catch (PDOException $e) {
echo $e->getMessage();
}
});
But the prepare() funktion always returns me false. I've testet the query and it works.
I have been trying to overcome this problem for a while now and i need your help on this.
The code on the below only insert one record in mysql table and only one. Data from html forms are posted very well but it simple doesn't record more than once. I also use phpmyadmin and i don't know what is the problem. I'd be appriciated if you could help me.
Here is the code:
try {
$DBH = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
$STH1 = $DBH->query("SELECT isim, adet, kategori
FROM stock
WHERE isim = '$isim' AND kategori = '$kategori'");
$STH1->setFetchMode(PDO::FETCH_ASSOC);
if($STH1->rowCount() == 0) {
echo "There is no such record";
}
else {
$STH2 = $DBH->prepare("INSERT INTO outgoing
(isim, adet, nereye, cikis_tarih, kategori)
values
(:isim, :adet, :nereye, :cikis_tarih, :kategori)");
$STH2->bindParam(':isim', $isim, PDO::PARAM_STR);
$STH2->bindParam(':adet', $adet, PDO::PARAM_STR);
$STH2->bindParam(':nereye', $nereye, PDO::PARAM_STR);
$STH2->bindParam(':cikis_tarih', $cikis_tarih, PDO::PARAM_STR);
$STH2->bindParam(':kategori', $kategori, PDO::PARAM_STR);
$STH2->execute();
}
}
catch(PDOException $e) {
echo $e->getMessage();
}
?>
Instead of doing:
$STH2->bindParam(':isim', $isim, PDO::PARAM_STR);
$STH2->bindParam(':adet', $adet, PDO::PARAM_STR);
$STH2->bindParam(':nereye', $nereye, PDO::PARAM_STR);
$STH2->bindParam(':cikis_tarih', $cikis_tarih, PDO::PARAM_STR);
$STH2->bindParam(':kategori', $kategori, PDO::PARAM_STR);
$STH2->execute();
Execute it through an array:
$STH2->execute(array(':isim'=>$isim,
':adet'=>$adet,
':nereye'=>$nereye,
':cikis_tarih'=>$cikis_tarih,
':kategori'=>$kategori));
The code in question is like this:
if (isset($_SESSION['logged_in'])) {
if (isset($_POST['title'], $_POST['content'], $_POST['id'])) {
$title = $_POST['title'];
$content = $_POST['content'];
$id = $_POST['id'];
}
if (empty($title) or empty($content) or empty($id)) {
$error = 'All fields are required!';
} else {
try {
$query = $pdo->prepare("UPDATE articles SET article_title = ?, article_content = ? WHERE article_id = ? ");
$query->bindValue(1, 'title');
$query->bindValue(2, 'content');
$query->bindValue(3, 'id');
$query->execute();
header('Location: index.php');
} catch (PDOException $e) {
print_r($e->errorInfo);
die();
}
}
}
It gives me no error whatsoever and the table does not update.
P.S. I am quite new to PHP in general so please bear with me if my errors are somewhat trivial, I just don't have anyone else to ask.
If you are new to PHP then I would suggest you try an alternative way of executing queries with placeholders (?) since it is much simpler.
First set up your connection.
try {
# First let us connect to our database
$db = new \PDO("mysql:host=localhost;dbname=xx;charset=utf8", "xx", "xx", []);
} catch(\PDOException $e){
echo "Error connecting to mysql: ". $e->getMessage();
}
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
Now call prepare/execute methods like:
$stmt = $db->prepare("
UPDATE articles
SET article_title = ?, article_content = ?
WHERE article_id = ?
");
$stmt->execute(array($article_title, $article_content,$article_id));
if($stmt->rowCount()) {
echo 'success';
} else {
echo 'update failed';
}
$query->bindValue(1, 'title');
$query->bindValue(2, 'content');
$query->bindValue(3, 'id');
The second value to bindValue should be the value, not the name of the value, something like;
$query->bindValue(1, $title);
$query->bindValue(2, $content);
$query->bindValue(3, $id, PDO::PARAM_INT);