PHP and SQL(Trying to update my database using submit button) - php

I am trying to update my feedback in my SQL database form with help of submit button but I'm unable to do so. Please help!
if (isset($_POST['submitreport']))
{
$dbCon = mysqli_connect("localhost","root","","Hun");
$report = strip_tags($_POST['report']);
$sql = "UPDATE Feedback SET report='$report' WHERE username='$username' AND date='$date' ";
$query = mysqli_query($dbCon, $sql);
}

<?php
if (isset($_POST['submitreport']))
{
$monthDayYear = date('m-d-Y');
$dbConnnection = mysqli_connect("localhost","root","","Hun");
$dbUsername = strip_tags($_POST['report']);
$sqlQuery = "UPDATE Feedback SET report='".$report."' WHERE username='".$username."' AND date='".$monthDayYear."'";
$queryExecute = mysqli_query($dbConnection, $sqlQuery);
}
?>

<?php
if (isset($_POST['submitreport']))
{
$dbCon = mysqli_connect("localhost","root","","Hun");
$username = 'test';
$report = strip_tags($_POST['report']);
$date = date('m-d-Y');
$sql = "UPDATE Feedback SET report='".$report."' WHERE username='".$username."' AND date='".$date."'";
$query = mysqli_query($dbCon, $sql);
}
?>

Related

extracting info from database to html page error

i'm very new to PHP so i apologize if this is a simple fix but i'm experiencing a weird issue. I've created a website that uses facebook authentication. once they login, their information gets stored in a database I've created. i then created some functions that display the users facebook image and name on the profile page of my website. problem is sometimes it shows, and other times i receive this error. "notice: undefined index: fbid in /PATH/ on line 132". Here is the code.
<div id="userInfo" class="userInfo">
<h1> <?php
$dbHost = "localhost";
$dbUsername = "root";
$dbPassword = "root";
$dbName = "facebooklogin";
$conn = new mysqli($dbHost, $dbUsername, $dbPassword, $dbName);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT first_name, last_name, picture FROM users WHERE
oauth_uid = '".$_SESSION['fbid']."'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo " ". $row["first_name"]." ". $row["last_name"]."";
}
} else {
echo "0 results";
}
$conn->close();
?></h1>
userData.php
<?php
session_start();
include 'dbConfig.php';
$userData = json_decode($_POST['userData']);
if(!empty($userData)){
$oauth_provider = $_POST['oauth_provider'];
$_SESSION['fbid'] = $userData->id;
var_dump($_SESSION);
$prevQuery = "SELECT * FROM users WHERE oauth_provider =
'".$oauth_provider."' AND oauth_uid = '".$userData->id."'";
$prevResult = $db->query($prevQuery);
if($prevResult->num_rows > 0){
$query = "UPDATE users SET first_name = '".$userData-
>first_name."', last_name = '".$userData->last_name."', email =
'".$userData->email."', gender = '".$userData->gender."', locale =
'".$userData->locale."', picture = '".$userData->picture->data->url."',
link = '".$userData->link."', modified = '".date("Y-m-d H:i:s")."'
WHERE oauth_provider = '".$oauth_provider."' AND oauth_uid =
'".$userData->id."'";
$update = $db->query($query);
}else{
$query = "INSERT INTO users SET oauth_provider =
'".$oauth_provider."', oauth_uid = '".$userData->id."', first_name =
'".$userData->first_name."', last_name = '".$userData->last_name."',
email = '".$userData->email."', gender = '".$userData->gender."',
locale = '".$userData->locale."', picture = '".$userData->picture-
>data->url."', link = '".$userData->link."', created = '".date("Y-m-d
H:i:s")."', modified = '".date("Y-m-d H:i:s")."'";
$insert = $db->query($query);
}
}
?>
It seems that you don't have the variable set when you use it in the query.
Check it before the query, like:
if (isset($_SESSION['fbid'])) {
$sql = "SELECT first_name, last_name, picture FROM users WHERE
oauth_uid = '".$_SESSION['fbid']."'";
$result = $conn->query($sql); } else {
// not logged in
}
To check the values of $_SESSION, just do a var_dump($_SESSION) and you can see what is set.

Echo var before insert to database

Is it possible to show variable username before I am putting it into DB? Echo, alert, console or something? I want to check what is in $username before do INSERT
<?php
require_once 'connect.php';
$data = json_decode(file_get_contents("php://input"));
$username = mysqli_real_escape_string($connect, $data->username);
$query = "INSERT into tablename (username) VALUES ('$username')";
mysqli_query($connect, $query);
echo true;
?>
Try this
$username = mysqli_real_escape_string($connect, $data->username);
if($username)
{
echo $username;
$query = "INSERT into tablename (username) VALUES ('$username')";
mysqli_query($connect, $query);
}
<?php
require_once 'connect.php';
$data = json_decode(file_get_contents("php://input"));
$username = mysqli_real_escape_string($connect, $data->username);
$query = "INSERT into tablename (username) VALUES ('$username')";
echo "<script>alert('".$username."')</script>";
mysqli_query($connect, $query);
echo true;
?>

I cant´t add data to my database

Godd night. I have this code for php to add data to my database but i dont get succes.
<?php
require("config.inc.php");
if (!empty($_POST)) {
$user = $_POST['User'];
$mail = $_POST['Mail'];
$token = $_POST['Token'];
$pass = $_POST['Pass'];
$result = mysqli_query($con,"SELECT 1 FROM Proteos where
User='$user'");
$row = mysqli_fetch_array($result);
$data = $row[0];
if($data==0){
echo $data;
echo "Hey, un grato saludo mister ".$user."!\n";
$query = "INSERT INTO Proteos (User, Mail ) VALUES ($user,$mail ) ";
}
mysqli_close($con)
And this is my config.inc
<?php
define('DB_SERVER','mysql.smartfreehosting.net');
define('DB_NAME','u178665800_prote');
define('DB_USER','u178665800_carin');
define('DB_PASS','xxxxxx');
$con = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
mysql_select_db(DB_NAME,$con);
?>
Put your value in single quote And than execute query
$query = "INSERT INTO Proteos (User, Mail ) VALUES ($user,$mail ) ";
to
$query = "INSERT INTO Proteos (User, Mail ) VALUES ('$user','$mail') ";
And after that pass $query to mysqli_query like
mysqli_query($con,$query);
String values have to be passed in quotes. Also execute the query .
To debug use mysqli_error
$query = "INSERT INTO Proteos (User, Mail ) VALUES ('{$user}','{$mail}' ) ";
mysqli_query($con,$query);
or
mysqli_query($conn, $query) or die(mysqli_error($conn));
to connect with mysqli (ref) change in config.inc
$con = mysqli_connect(DB_SERVER,DB_USER,DB_PASS, DB_NAME);
You are inserting VARCHAR (string) data into Database without single quotes.
Data without single quotes is considered as either table/field names or integers or keywords.
Your entered data being none of these is causing errors.
Corrected SQL:
$query = "INSERT INTO Proteos (User, Mail ) VALUES ('$user','$mail') ";
<?php
require("config.inc.php");
if (!empty($_POST)) {
$user = $_POST['User'];
$mail = $_POST['Mail'];
$token = $_POST['Token'];
$pass = $_POST['Pass'];
$result = mysqli_query($con,"SELECT 1 FROM Proteos where
User='$user'");
$row = mysqli_fetch_array($result);
$data = $row[0];
if($data==0){
echo $data;
echo "Hey, un grato saludo mister ".$user."!\n";
mysqli_query($con,"INSERT INTO Proteos (User, Mail ) VALUES ('$user','$mail' ) ") or die(mysqli_error());
}
mysqli_close($con);
check above code, values are insert using 'var' like '$user','$mail'
any error shows in the query helps to find the code or die(mysqli_error())

Can't sign up using my DB

I need to make a Sign in form for my website. And I have to use MySQLi because MySQL will cause decaprated on my try.
So, here's the index.php code:
<?php
session_start();ob_start();
$con=mysqli_connect("localhost","root","","oos");
if (mysqli_connect_errno()) echo "Failed to connect to MySQL: " . mysqli_connect_error();
if(isset($_POST['signin']))
{
$username = $_POST['userid'];
$pass = $_POST['password'];
$query1 = "select * from admintb where adID = '$username' and adPass = 'password' ";
$result1 = mysqli_query($con,$query1) or die;
$co=0;
while($row=mysqli_fetch_assoc($result1)) $co++;
if($co==1)
{
$_SESSION['a']=$username;
header("Location: main_menu.php");
}
} ?>
The problem is, when I make $username="admin" and $password = "admin", it will go to main_menu.php alright. But when I try to do as above, base on my database, it won't go to main_menu.php.
How can I sign in, go to the main_menu.php using ID from my database?
Sorry, I already checked it, it's a stupid mistake. Inside this snippet:
$username = $_POST['userid'];
$pass = $_POST['password'];
$query1 = "select * from admintb where adID = '$username' and adPass = 'password' ";
$result1 = mysqli_query($con,$query1) or die;
fix to this:
$query1 = "select * from admintb where adID = '$username' and adPass = '$pass' ";

Syntax error in MySQL statement

EDIT: I know the error is somewhere here:
$connection = #mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = #mysql_select_db($db_name,$connection) or die(mysql_error());
$sql = "SELECT * FROM authorize WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
$result = #mysql_query($sql, $connection) or die(mysql_error());
$num = mysql_num_rows($result);
$lstbalance = 0;
$balance = 0;
//set session variables if there is a match
if ($num != 0)
{
while ($sql = mysql_fetch_object($result))
{
$lstbalance = $sql -> lostbalance;
$balance = $sql -> balance;
}
}
if ($win==true)
{
$sql = "update users set lostbalance='($lstbalance+(($payouts[$result1.\'|\'.$result2.\'|\'.$result3])*(int)$_POST[\'bet\']))' WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
}
else
{
$sql = "update users set lostbalance='(lstbalance-(int)$_POST[\'bet\'])' WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
}
$result = #mysql_query($sql, $connection) or die(mysql_error());
I was able to narrow down the error to this piece of code, help appreciated. Regards.
When I comment it out everything seems to work all the connect variables are from a different file and are valid.
$lostbalance = $lstbalance+(($payouts[$result1])*(int)$_POST['bet']));
$sql = "update users set lostbalance='$lostbalance' WHERE username = '".$_SESSION['user_name']."' and password = '".$_SESSION['password']."'";
i dont understand about ur code on $payout[$result1.\'|\'.$result2.\'|\'.$result3]

Categories