I have a small issue with updating my database upon a submit.
I have the following in my Database:
a varchar called iUserCash.
Upon login I would like to edit this row in my database table.
The html looks like this:
<form method="post">
<table class="sign_up_form" align="center" width="30%" border="0">
<tr>
<td>
<input type="text" name="cashBalance" placeholder="Nye beløb"/>
</td>
<td>
<button type="submit" name="btn-update" class="betting-btn">OPDATER</button>
</td>
<td>
</tr>
<tr>
</tr>
</table>
</form>
And my sql looks like this:
session_start();
include_once 'controllers/dbConnect.php';
if(!isset($_SESSION['user']))
{
header("Location: index.php");
}
$res=mysql_query("SELECT * FROM oneusers WHERE iUserId=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);
if(isset($_POST['btn-update']))
{
$ucash = mysql_real_escape_string($_POST['cashBalance']);
if(mysql_query("UPDATE oneusers SET iUserCash = '$ucash' WHERE iUserId='$res'"))
{
?>
<script>alert('successfully registered ');</script>
<?php
}
else
{
?>
<script>alert('error while registering you...');</script>
<?php
}
}
It returns the success message just fine, but it just doesnt update anything. Can anyone tell me what I am doing wrong? :)
Thanks in advance.
you have a error at
mysql_query("UPDATE oneusers SET iUserCash = '$ucash' WHERE iUserId='$res'")
you are using $res for iUserId but it's a db resource...
it seems that, $_SESSION['user'] is the id that you need in query... so try it like
mysql_query("UPDATE oneusers SET iUserCash = '$ucash' WHERE iUserId=" . $_SESSION['user']);
Related
I have this Add Edit Delete form, the problem is:
when I put everything and I click on ADD it says "Data added successfully." but the data isn't in my table of phpAdmin and it not shows in the page...
Or is simply because my hoster doens't work with MySQLi but with MySQL?
Without talking about SQL Injections because Im not so expert and dont know how protect from that, this pages will be protected with login area so only restricted members will access to it.
index.php
<?php
//including the database connection file
include_once("config.php");
//fetching data in descending order (lastest entry first)
//$result = mysql_query("SELECT * FROM users ORDER BY id DESC"); // mysql_query is deprecated
$result = mysqli_query($mysqli, "SELECT * FROM `user` ORDER BY id DESC"); // using mysqli_query instead
?>
<html>
<head>
<title>Homepage</title>
</head>
<body>
Add New Data<br/><br/>
<table width='80%' border=0>
<tr bgcolor='#CCCCCC'>
<td>Steam Username</td>
<td>Steam Password</td>
<td>Steam Guard Code</td>
<td>Update</td>
</tr>
<?php
//while($res = mysql_fetch_array($result)) { // mysql_fetch_array is deprecated, we need to use mysqli_fetch_array
while($res = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>".$res['steamUE']."</td>";
echo "<td>".$res['steamPW']."</td>";
echo "<td>".$res['steamGC']."</td>";
echo "<td>Edit | Delete</td>";
}
?>
</table>
</body>
</html>
add.html
<html>
<head>
<title>Add Data</title>
</head>
<body>
Home
<br/><br/>
<form action="add.php" method="post" name="form1">
<table width="25%" border="0">
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamUE"></td>
</tr>
<tr>
<td>Steam Password</td>
<td><input type="text" name="steamPW"></td>
</tr>
<tr>
<td>Steam Guard Code</td>
<td><input type="text" name="steamGC"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="Submit" value="Add"></td>
</tr>
</table>
</form>
</body>
</html>
edit.php
<?php
// including the database connection file
include_once("config.php");
if(isset($_POST['update']))
{
$id = mysqli_real_escape_string($mysqli, $_POST['id']);
$steamUE = mysqli_real_escape_string($mysqli, $_POST['steamUE']);
$steamPW = mysqli_real_escape_string($mysqli, $_POST['steamPW']);
$steamGC = mysqli_real_escape_string($mysqli, $_POST['steamGC']);
// checking empty fields
if(empty($steamUE) || empty($steamPW) || empty($steamGC)) {
if(empty($steamUE)) {
echo "<font color='red'>Steam Username field is empty.</font><br/>";
}
if(empty($steamPW)) {
echo "<font color='red'>Steam Password field is empty.</font><br/>";
}
if(empty($steamGC)) {
echo "<font color='red'>Steam Guard Code field is empty.</font><br/>";
}
} else {
//updating the table
$result = mysqli_query($mysqli, "UPDATE `user` SET steamUE='$steamUE',steamPW='$steamPW',steamGC='$steamGC' WHERE id='$id'");
//redirectig to the display page. In our case, it is index.php
header("Location: index.php");
}
}
?>
<?php
//getting id from url
$id = $_GET['id'];
//selecting data associated with this particular id
$result = mysqli_query($mysqli, "SELECT * FROM `user` WHERE id='$id'");
while($res = mysqli_fetch_array($result))
{
$steamUE = $res['steamUE'];
$steamPW = $res['steamPW'];
$steamGC = $res['steamGC'];
}
?>
<html>
<head>
<title>Edit Data</title>
</head>
<body>
Home
<br/><br/>
<form name="form1" method="post" action="edit.php">
<table border="0">
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamUE" value="<?php echo $steamUE;?>"></td>
</tr>
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamPW" value="<?php echo $steamPW;?>"></td>
</tr>
<tr>
<td>Steam Guard Code</td>
<td><input type="text" name="steamGC" value="<?php echo $steamGC;?>"></td>
</tr>
<tr>
<td><input type="hidden" name="id" value=<?php echo $_GET['id'];?>></td>
<td><input type="submit" name="update" value="Update"></td>
</tr>
</table>
</form>
</body>
</html>
delete.php
<?php
//including the database connection file
include("config.php");
//getting id of the data from url
$id = $_GET['id'];
//deleting the row from table
$result = mysqli_query($mysqli, "DELETE * FROM `user` WHERE id='$id'");
//redirecting to the display page (index.php in our case)
header("Location: index.php");
?>
add.php
<html>
<head>
<title>Add Data</title>
</head>
<body>
<?php
//including the database connection file
include_once("config.php");
if(isset($_POST['Submit'])) {
$steamUE = mysqli_real_escape_string($mysqli, $_POST['steamUE']);
$steamPW = mysqli_real_escape_string($mysqli, $_POST['steamPW']);
$steamGC = mysqli_real_escape_string($mysqli, $_POST['steamGC']);
// checking empty fields
if(empty($steamUE) || empty($steamPW) || empty($steamGC)) {
if(empty($steamUE)) {
echo "<font color='red'>Steam Username field is empty.</font><br/>";
}
if(empty($steamPW)) {
echo "<font color='red'>Steam Password field is empty.</font><br/>";
}
if(empty($steamGC)) {
echo "<font color='red'>Steam Guard Code field is empty.</font><br/>";
}
//link to the previous page
echo "<br/><a href='javascript:self.history.back();'>Go Back</a>";
} else {
// if all the fields are filled (not empty)
//insert data to database
$result = mysqli_query($mysqli, "INSERT INTO `user` (steamUE,steamPW,steamGC) VALUES ('$steamUE','$steamPW','$steamGC')");
//display success message
echo "<font color='green'>Data added successfully.";
echo "<br/><a href='index.php'>View Result</a>";
}
}
?>
</body>
</html>
config.php
<?php
/*
// mysql_connect("database-host", "username", "password")
$conn = mysql_connect("localhost","root","root")
or die("cannot connected");
// mysql_select_db("database-name", "connection-link-identifier")
#mysql_select_db("test",$conn);
*/
/**
* mysql_connect is deprecated
* using mysqli_connect instead
*/
$databaseHost = 'sql.website.com';
$databaseName = '';
$databaseUsername = '';
$databasePassword = '';
$mysqli = mysqli_connect($databaseHost, $databaseUsername, $databasePassword, $databaseName);
?>
It not doesn't says or shows any errors or any other problems, it says only data added successfully and nothing else. I don't understand why it doesn't add any data in my tables, i checked everything again and again, maybe because i'm tired but i tried to rename tables names but nothing change, is the same...
Spotted three errors,
add.php: Column names should be without ''. Check the following
$result = mysqli_query($mysqli, "INSERT INTO user (steamUE,steamPW,steam_GC) VALUES ('$steamUE','$steamPW','$steamGC')");
edit.php: '' missing from $id. Check the following
$result = mysqli_query($mysqli, "UPDATE user SET steamUE='$steamUE',steamPW='$steamPW',steamGC='$steamGC' WHERE id='$id'");
delete.php: '' missing from $id. Check the following
$result = mysqli_query($mysqli, "DELETE * FROM user WHERE id='$id'");
If the connection with DB is successful, it must work (and this answer deserves a green tick from you :D).
Or is simply because my hoster doens't work with MySQLi but with
MySQL?
Wherever I faced issues, I got some error or a blank page.
Check your dB connection. Turn to mysqli, declair it with $sql with (errno), but call your param before $sql. Use if condition to check your connection. On your add please use prepared with $stmnt and execute it.
So I'm trying to use laravel-based login table, which is the hash that I can't even compare it with basic php hash login. No, you can't make hash exactly look like laravel. But I use the remember_token that is come from users table.
Here is the code on my laravel view:
<form action="http://localhost/log/index.php" method="post">
<input type="hidden" value="{{ Auth::user()->remember_token }}" name="wex">
<button type="submit" class="btn btn-default">Check</button>
</form>
As you can see, I'm trying to POST remember_token value, that will received on my http://localhost/log/index.php as variable.
Index.php (Not use Laravel):
<?php
include "koneksi.php";
if (isset($_POST['wex'])) {
$token = $_POST['wex'];
$query = "SELECT * FROM users WHERE remember_token = '". $token ."'" ;
$result = mysqli_query($db_link,$query);
if (mysqli_num_rows($result) != 1) {
header("Location: http://localhost/laralearn/public/login");
}
session_start();
$_SESSION['user'] = "member";
}
else{
if(!isset($_SESSION['user'])){
header("Location: http://localhost/laralearn/public/login");
}
}
?>
<html>
<head>
<title>Customer</title>
</head>
<body>
<table cellpadding="5" cellspacing="5" border="1" align="center">
<tr>
<td colspan="2">If you can see this table, you are logged in. </td>
</tr>
<tr>
<td>Username:
</td>
<td><?php
while($data = mysqli_fetch_array($result))
{
echo "$data[name]";
}
?></td>
</tr>
<tr>
<td>
Token:
</td>
<td>
<?php echo $token; ?>
</td>
</tr>
</table>
</body>
</html>
The variable and page redirect if the remember_token isn't valid (working), but I can't set the session. The page keep redirecting to Laravel site.
Can you tell me where am I doing something wrong? It would be nice if you explain it and tell me what the code should look like.
Thank you.
Use in Laravel session like below:
Session::set('user', "member");
Get session variable:
Session::get('user');
I am tried to insert the values into my wampserver, I succeed to insert name column and email column but it is not possible to insert pass word field into the database please check what I done mistake here.
above image gives you a clear idea, how that pass word field looks, note that that password field i tried to save the data in VARCHAR() but not save the data please check my below php and html codes
init.php
for database connection am using this
<?php
$user_name="root";
$pass="";
$host="localhost";
$db_name="userdb";
$con=mysqli_connect($host,$user_name,$pass,$db_name);
if(!$con)
{
echo "Connection Failed....".mysqli_connect_error();
}
else
echo "<h3>Connection Success.....</h3>";
?>
register.php
<?php
$name=$_POST["name"];
$email=$_POST["email"];
$pass=$_POST["password"];
require "init.php";
$query="select * from userinfo where email like '".$email."';";
$result=mysqli_query($con,$query);
//ok
if(mysqli_num_rows($result)>0)
{
$response=array();
$code="reg_false";
$message="User already exist....";
array_push($response,array("code"=>$code,"message"=>$message));
echo json_encode(array("server_response"=>$response));
}
else
{
$querys ="insert into userinfo values ('".$name."','".$email."','".$pass."');";
$result=mysqli_query($con,$querys);
if(!$result)
{
$response=array();
$code="reg_false";
$message="Some server error occurred, Train again....";
array_push($response,array("code"=>$code,"message"=>$message));
echo json_encode(array("server_response"=>$response));
}else{
$response=array();
$code="reg_true";
$message="Registration Success....Thank you....";
array_push($response,array("code"=>$code,"message"=>$message));
echo json_encode(array("server_response"=>$response));
}
}
mysqli_close($con);
?>
register_test.html
this one is used for to send the details to the database, am using this one like as input to send data
<html>
<head> <title>Register Test....</title> </head>
<body>
<form method="post" action="register.php">
<table>
<tr>
<td>Name :</td><td><input type="text" name="name"/></td>
</tr>
<tr>
<td>Email :</td><td><input type="text" name="email"/></td>
</tr>
<tr>
<td>Password :</td><td><input type="password" name="password"/></td>
</tr>
<tr>
<td><input type="submit" value="Register"/></td>
</tr>
</table>
</form>
</body>
</html>
please check this code, and please tell where i done the mistake to got the pass word values into my database
If your other two are getting inserted, try this:
$querys ="INSERT INTO userinfo (name,email,password) VALUES ('$name','$email','$pass');
$result = $mysqli_query($con,$querys);
I'm learning PHP and am having issues getting the following code to work properly. Basically the login page displays correctly, and without errors and the variables appear to be assigned correctly, but upon page reload I just get the same login form, it appears the data has either not been passed and is therefore not being acted upon.
I've looked at the code over and over again and even tried a different method (produced same result!) so it'd be lovely if someone helpful could spend a minute and point me in the right direction.
One thing that might be an issue is my server is running 5.3.9 and the book I'm working from is PHP5 so maybe some of the function I'm calling have been deprecated. Which would be a pain...
<?php
include_once "common_db.inc";
$register_script = "register.php";
if (!isset ($userid)) {
login_form();
exit;
} else {
session_start();
session_register ("userid", "userpassword");
$username = auth_user ($_POST['userid'], $_POST['userpassword']);
if (!$username) {
$PHP_SELF = $_SERVER['PHP_SELF'];
session_unregister ("userid");
session_unregister ("userpassword");
echo "Failed to authorize. " .
"Enter a valid DX number and password." .
"Click the link below to try again.<br>\n";
echo "login<br>";
echo "Click the following link to register<br>\n";
echo "Register";
exit;
} else {
echo "Welcome, $username!";
}
}
function login_form()
{
global $PHP_SELF;
?>
<form method="post" action="<?php echo "$PHP_SELF"; ?>">
<div align="center"><center>
<h3>Please login to use the page you requested</h3>
<table width="200" cellpadding="5">
<tr>
<th width="18%" align="right" nowrap>id</th>
<td width="82%" nowrap>
<input type="text" name="userid" />
</td>
</tr>
<tr>
<th width="18%" align="right" nowrap>password</th>
<td width="82%" nowrap>
<input type="password" name="userpassword" />
</td>
</tr>
<tr>
<td colspan="2" width="100%" nowrap>
<input type="submit" value="login" name="Submit" />
</td>
</tr>
</table>
</center>
</div>
</form>
<?php
}
function auth_user($userid, $userpassword)
{
global $dbname, $user_tablename;
$link_id = db_connect($dbname);
$query = "SELECT DXNumber FROM $user_tablename WHERE DXNumber = '$userid'
AND userpassword = password ('$userpassword')";
$result = mysql_query ($query);
if (!mysql_num_rows($result)){
return 0;
}else{
$query_data = mysql_fetch_row($results);
return $query_data[0];
}
}
?>
You're not defining $userid or checking if the form has been submitted. Try:
if (!isset($_POST['userid'])) {
Your query in your auth_user function needs to look like this:
$query = "SELECT DXNumber FROM $user_tablename WHERE DXNumber = '$userid' AND userpassword ='" . $userpassword."'";
Also, you're open to sql injection. You should look into using PDO and prevent it.
try
if (!isset $_POST['userid']) {
and see if that helps. It looks like $userid is not being set before you branch.
(edited because of stupid spelling checker.)
I have a form whereby users are required to anwser their own security question before proceeding further. my form is as follows:
<form action="securitychecked.php" method="post">
<table width="70%" border="0">
<tr>
<td><?php $result = mysql_query("SELECT secret_question FROM public WHERE active = 'activated' AND ni = '". $_SESSION['ni']."'")
or die(mysql_error());
if (mysql_num_rows($result) == 0) {
echo '<hr><h4>This Person Has Not Setup A Security Question</h4><hr> ';
} else {
while($info = mysql_fetch_array($result))
{
echo $info['secret_question'];
}
}?></td>
<td><span id="sprytextfield1">
<input type="text" name="secret_answer" id="secret_answer" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td> </td>
<td><br /><input name="" type="submit" value="Continue" /></td>
</tr>
</table>
</form>
my php code looks like this:
<?php
$secret_anwser=$_POST['secret_anwser'];
$secret_anwser = stripslashes($secret_anwser);
$secret_anwser = mysql_real_escape_string($secret_anwser);
$sql="SELECT secret_anwser FROM public WHERE secret_anwser ='$secret_anwser' AND active = 'activated' AND ni = '". $_SESSION['ni']."'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
if($count==1){
header("location:votenow.php");
}
?>
I have a table called public and a field called 'secret_anwser' but i keep on getting a blank page even with the right value being entered. can anyone help me?
thanks
I guess all the secret_anwser in your PHP are typo's.
At least the fields name is secret_answer but you try to get $_POST['secret_anwser']; , you'll never find anything inside the DB.
The names of the DB and the table also may be wrong.