i am having an issue with my code...im not sure what is causing it to be entered in twice in my database. the information inputted in the form is inserted in the database and then there is another entry below it but it is empty. it happens everytime the form is submitted. how do i fix it?
<?php
// form data //
$id = $_POST['id'];
$joined = date("Y/m/d");
$uname = $_POST['uname'];
$email = $_POST['email'];
// Create connection
$connect = mysql_connect("localhost","user","pass");
mysql_select_db("db"); //select database
//register into database
$sql = mysql_query("
INSERT INTO table VALUES
('','$joined','$uname','$email')
");
echo "thanks for signing up!";
?>
I suspect this might have something to do with .htaccess redirect the second time which might explain the insert but with blank values. Please verify that the values are not null before inserting. This will keep your blank values away.
Also, check your .htaccess and fix whatever problem is causing it to hit your page twice.
There is no need to mention the id as blank as the query automatically fetches the id which is defined as primary key and auto increment.You query should like this and after the tablename you can also specify the column name from the database:
$sql=mysql_query("insert into `table`(joined,uname,column) values('$joined','$uname','$email')");
You must use validation in your form to fix duplicate date in the database.You use the id field in your form so definitely you should use of javascript.
Related
I am currently looking to run a basic insert query using PHP to submit HTML form data to MySQL database.
Unfortunately however the insert process isnt running.
In my Insert syntax I have tried including $_POST[fieldname], ive tried including variables as below, and ive even played around with different apostrphes but nothing seems to be working.
as a side dish, im also getting truck load of wamp deprication errors which is overwhelming, ive disabled in php.ini and php for apache.ini file and still coming up.
If anyone can advise what is wrong with my insert and anything else id be much thankful.
Ill keep this intro straightfoward.
Person logs in, if they try to get in without login they go back to login page to login.
I connect to database using external config file to save me updating in 50 places when hosting elsewhere.
Config file is working fine so not shown below.
database is called mydb.
Im storing the text field items into variables, then using the variables in the insert query.
unitID is an auto increment field so I leave that blank when running the insert.
Unfortunately nothing is going in to the mysql database.
Thanks in advance.
PS the text fieldnames are all correctly matched up
<?php
//Start the session
session_start();
//check the user is logged in
if (!(isset($_SESSION['Username']) )) {
header ("Location: LoginPage.php?i=1");
exit();
}
//Connect to the database
include 'config.php';
$UserName = $_SESSION['Username'];
$UserIdentification = $_SESSION['UserID'];
if(isset($_GET['i'])){
if($_GET['i'] == '1'){
$tblName="sightings";
//Form Values into store
$loco =$_POST['txtloco'];
$where =$_POST['txtwhere'];
$when =$_POST['txtdate'];
$time =$_POST['txttime'];
$origin =$_POST['txtorigin'];
$dest =$_POST['txtdest'];
$headcode =$_POST['txtheadcode'];
$sql= "INSERT INTO sightings (unitID, Class, Sighted, Date, Time, Origin, Destination, Headcode, UserID) VALUES ('','$loco', '$where', '$when', '$time', '$origin', '$dest', '$headcode', '$UserIdentification')";
mysql_select_db('mydb');
$result=mysql_query($sql, $db);
if($result){
$allocationsuccess = "Save Successful";
header ('Refresh: 2; url= create.php');
}
else {
$allocationsuccess = "The submission failed :(";
}
}
}
?>
"unitID is an auto increment field so I leave that blank when running
the insert"
That's not how it works. You have to omit it completely from the INSERT statement. The code thinks you're trying to set that field to a blank string, which is not allowed.
$sql= "INSERT INTO sightings (Class, Sighted, Date, Time, Origin, Destination, Headcode, UserID) VALUES ('$loco', '$where', '$when', '$time', '$origin', '$dest', '$headcode', '$UserIdentification')";
should fix that particular issue. MySQL will generate a value automatically for the field and insert it for you when it creates the row.
If your code had been logging the message produced by mysql_error() whenever mysql_query() returns false then you'd have seen an error being generated by your query, which might have given you a clue as to what was happening.
P.S. As mentioned in the comments, you need to re-write your code with a newer mysql code library and better techniques including parameterisation, to avoid the various vulnerabilities you're currently exposed to.
Have the following code that's executed when a script is ran. (I've just changed the login for display purposes).
<?php
$conn = mysql_connect("localhost", "root", "pw123");
mysql_select_db("test_db", $conn);
$sql = "INSERT INTO test_table (fname)
VALUES ('$fname')";
mysql_query($sql);
mysql_close($conn);
?>
I've edited the code down slightly so it doesn't show every value I'm trying to enter, but essentially, everything is entering as a blank value, or in the case of numerical inputs is defaulting to 0. I can't seem to figure out why this is. The variables are definitely not blank before hand as I've got them out putting on the web page to test as such.
For reference I assign $fname a value when the input box is changed using :
fname = $("#fname").val();
(Posted on behalf of OP):
Solved this myself anyway, instead of executing the MySQL statements in the initial page that user enters data, I moved it to the secondary web page, which opens once a user has submitted their information.
$fname is empty in your script and you need declarate the variable before:
$fname = 'David';
$sql = "INSERT INTO test_table (fname) VALUES ('$fname')";
:)
I'm trying to make a voting system for a database currently records are rendered in php on screen with images for an up or down vote. When clicked they run the php scripts upvote.php or downvote.php respectively, they pass the id value (integer of the record being manipulated.
Currently it works, the scripts increment and decrement the records votes value as intended. I was, however, trying to stop a user doing this multiple times for one record. I was trying to achieve this by using a session and naming it the value of the id and before altering the votes value checking if the session for that id has been set.
I am going to use my 'upvote.php' as my example:
//Upvote Script
//begin session
session_start();
//database connection credentials import
include("../scripts/connection_variables.php");
//connect to mysql or display error
#mysql_connect("$db_host","$db_username","$db_pass") or die ("Could not connect to the database, please try again shortly. If problem persists please refer to help then contact support.");
//select database or or display error
#mysql_select_db("$db_name") or die ("Could not connect to the database, please try again shortly. If problem persists please refer to help then contact support.");
//collect id
$id = $_GET['id'];
//check if user has already voted for this
if(isset($_SESSION[$id])) {
//session has been set for this id, so don't execute the script
exit();
}else{
//set the session
$_SESSION[$id] = "The punniest thing about puns is that they are really punny.";
//increment the votes value
$query = "UPDATE punniest_database SET votes= 1 + votes WHERE id='$id'";
mysql_query($query);
}
The default serializer used for sessions cannot handle numeric-only keys. It also emits a warning message during shutdown, you should see it in your logs (assuming you have logging enabled, look for Unknown).
Older serialize handlers cannot store numeric index nor string index contains special characters
(quote from link below)
You can test it with the following script, save it somewhere and refresh a few times:
<?php
session_start();
$_SESSION[time()] = true;
var_dump($_SESSION);
The most portable solution is prefixing the keys with a static string. Alternatively you can change the serialize handler used for sessions.
Kinda new to mysql and php
I have a hit counter for each page on my site and a private page that list all pages and hits.
I have a button that will reset all pages to zero and next to each page listing I have a reset button that will reset each page individually. This all was using a text file but now I am swtching to mysql database. I have coded the "RESET ALL" button to work but can not get the individual page buttons to work.
the processing code is:
if($_POST[ind_reset]) {
$ind_reset = $_POST[ind_reset];
mysql_connect("server", "username", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$sql = 'UPDATE counters SET Hits =\'0\' WHERE Page = \'$ind_reset\';';
}
and the html form code is a string:
$page_reset = "<form id='Reset' action='counter_update.php' method='post'>
<button type='submit' name='ind_reset' value='$formPage'>RESET</button>
</form>";
Let's start with the first thing:
if($_POST[ind_reset]) {
should be
if($_POST['ind_reset']) {
It works without quotes because PHP is silently correcting your error. If you turned error reporting to E_ALL, you would get to see the error message.
One thing that you need to consider is that you can never trust POST data to be what you think it's supposed to be. Maybe you put in a typo. Maybe a hacker is sending you fake POST data. Whichever it is, it will mess up your code if the wrong thing gets put in that database update. For this reason, instead of simply plugging in that POST value into your database, you should have a checker to make sure that the value is a valid one. When I do things like this, I make an array of possible values and use only those values when updating or inserting into the database. Example:
$pages = array('value_on_page'=>'value_put_in_database',
'xyz'=>'thing_in_database_2');
//the valid things to post are either 'value_on_page' or 'xyz',
//but what goes into the database are the values those keys point to
//e.g. if $_POST['ind_reset'] == 'xyz', $ind_reset will be 'thing_in_database_2'
$key = $_POST['ind_reset'];
if(!isset($pages[$key])) {
//if that posted value isn't a key in the array, it's bad
error_log('Invalid posted page'.$key);
} else {
//this is a valid posted page
$ind_reset = $pages[$key];
//** do the database stuff right here in this spot **//
}
Now, for the reason your posted code doesn't work, you are missing the final, crucial part of doing a database query: the part where you actually run the query.
$conn = mysql_connect("server", "username", "password") or error_log(mysql_error());
mysql_select_db("database") or error_log(mysql_error());
$sql = 'UPDATE counters SET Hits =\'0\' WHERE Page = \'$ind_reset\';';
mysql_query($sql, $conn) or error_log(mysql_error());
I hope you have noted that I replaced "die" with "error_log." If you do error_log(mysql_error(), 1, 'youremail#example.com'), it will email it to you. Otherwise, as with in my examples, it gets put into wherever your system's error log file is. You can then have a nice history of your database errors so that, when you inevitably return to StackOverflow with more questions, you can tell us exactly what's been going on. If you use a file, just make sure to either rotate the error log file's name (I name them according to the day's date) or clear it out regularly, or it can get really, really long.
Using the mysqli code you posted in your comment is a better idea than the mysql_* functions, but you don't quite have it correct. The "bind_param" part sticks your variable into the spot where the question mark is. If your variable is a string, you put "s" first, or if it's an integer, you put "i" first, etc. And make sure you close things once you're done with them.
$db = new mysqli("server", "username", "password", "database");
if(!$db->connect_errno) {
$stmt = $db->prepare("UPDATE counters SET Hits = '0' where Page = ?");
$stmt->bind_param('s',$ind_reset); //assuming $ind_reset is a string
if(!$stmt->execute()) {
error_log($stmt->error);
}
$stmt->close();
} else {
error_log($db->connect_error);
}
$db->close();
In my admin section, I want the user to be able to click a button and a HTML report to display all fields from all tables with the user id that is set in that session.
So $user_id = intval($_SESSION['user_id']);
Would the button be something like:
<?php
if (isset($_POST['doReport'])) {
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$query = ("SELECT user_id FROM users WHERE user_id = '$user_id');
}
// redirect to report page
header('Location: report.php?id=' . $user_id);
?>
<p align="center">
<input name="doReport" type="submit" id="doThesisReport" value="View Report">
Also, what would be the best way to lay it out in the report page as I have 7 tables.
I am looking for a quick easy fix
Thank you!
You have a mistake: " char missed at the end of $query declaration.
I don't understand your trouble. If you want to use $_SESSION['user_id'], you can use it at any page without passing it in url.
And please don't put several questions in one.
The good way to achieve this would be :
Make a button witch redirects to a new page, say "report.php".
Now create the following logic for redirect page:
Fetch the USER-ID from session using the code you've used above.
Make the database connection on this page.
You forgot to use mysql_select_db(); to select the database.
Write the query like :
$query = ("SELECT user_id FROM users WHERE user_id = '$user_id'");
// you left "
Fire the query using $result=mysql_query($query); Note that the result from database is saved into $result.
You can use tables to display data as per you liking but quick way would be to use print_r($result)
Close the connection using mysql_close();
Hopefully since the question is not clear, I've posted the basic logic.
EDITED : forgot to put query in code block.