MySQL insert username and password via php error - php

MySQL is not inserting the correct username and password in the database. The php code is:
<?php
$username = $_POST["email"];
$password = $_POST["password"];
require 'database.php';
$myquery = "INSERT INTO verify (`username`, `password`) VALUES ('$username','$password')";
$query = mysql_query($myquery);
if (!$query) {
echo mysql_error();
die;
}
?>
I checked the database.php, it is absolutely fine. It is showing username and password as pranav even though the values are different.
Thanks in advance.

Try to re-order you code, maybe some vars are overwritting his values:
<?php
require 'database.php';
$username = $_POST["email"];
$password = $_POST["password"];
$myquery = "INSERT INTO verify (`username`, `password`) VALUES ('$username','$password')";
$query = mysql_query($myquery);
if (!$query) {
echo mysql_error();
die;
}
?>

I found out what the error was . It was happening because the database.php was coded like this.
PHP:
<?php
$username="pranav";
$password="pranav";
$host="localhost";
$database="requester";
$server = mysql_connect($host, $username, $password);
$connection = mysql_select_db ($database, $server);
$table='verify'
?>
The username and password was getting rewritten.
Thanks Grommy

Related

PHP is not passing proper data to MYSQL

I am unable to pass proper data to MySQL I have no idea what is wrong done by me please help me out my code is as follow:
$con = mysqli_connect('localhost', 'root', '', 'database');
if($con) {
echo "we are connected";
} else {
die("connection failed");
}
if(isset($_POST['submit'])) {
// echo "Yeah it works";
$user = $_POST['username'];
$pass = $_POST['password'];
$query = "INSERT INTO users(username, password) VALUES ('$user', '$pass')";
$result = mysqli_query($con, $query);
if(!$result) {
die("Query failed");
}
}
When I run this code I'm getting 0 for username and 0 for password. whatever I type for username and password I get 0 in database.
Try this code, which also removes SQL injections.
$con = mysqli_connect('localhost', 'root', '', 'database');
if(! $con )
die('Unable to connect');
foreach(array('submit', 'username', 'password') as $arg)
if(! isset($_POST[$arg]) )
die('Missing argument(s)');
unset($arg);
http_response_code(200);
$username = $con->real_escape_string($_POST['username']);
$password = $con->real_escape_string($_POST['password']);
$query = "INSERT INTO users (username, password) VALUES ('{$username}', '{$password}')";
if(! mysqli_query($con, $query))
http_response_code(400);
If this code doesn't work, make sure that username and password from your table are varchar's not int's. (Because your script inserts a 0 value)

Insert into mysql database through php

I try to insert some information about user but it gives error no database selected (im using phpmyadmin and xampp btw)
code:
<?php
$username = $_POST['username'];
$name = $_POST['name'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
if($password == $cpassword)
{
mysql_escape_string($username);
mysql_escape_string($name);
mysql_escape_string($password);
mysql_escape_string($cpassword);
$md5pass = md5($password);
mysql_select_db("users");
mysql_query("INSERT INTO users (id, username, name, password) VALUES (DEFAULT, '$username', '$name', '$md5pass'") or die(mysql_error());
}
else
{
die("Passwords don't match");
}
?>
You haven't established connection with your mysql database.
Use following code to make connection with server.
$link = mysql_connect('your servers address', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
else
{
//rest of your code
}

Simple Insert Variable PHP into MySQL

I have a simple bit of code that I can't get working.
<?php
$mysqli_connection = new MySQLi('localhost', 'root', 'secret', 'edgeserver');
if ($mysqli_connection->connect_error) {
echo "Not connected, error: " . $mysqli_connection->connect_error;
$username = 'Eddie';
$username = mysql_real_escape_string($username);
$email = 'eddie_the_eagle#hotmail.com';
$email = mysql_real_escape_string($email);
$sql = "INSERT INTO `users` (`username`, `email`)
VALUES ( '".$username."', '".$email."')";
$res = $mysqli_connection->query($sql);
}
?>
When I run the code no error appears but the users table remains empty.
Try This
<?php
$mysqli_connection = new MySQLi('localhost', 'root', 'secret', 'edgeserver');
if ($mysqli_connection->connect_error)
{
echo "Not connected, error: " . $mysqli_connection->connect_error;
}//Change
$username = 'Eddie';
$username = mysqli_real_escape_string($mysqli_connection,$username);//Change
$email = 'eddie_the_eagle#hotmail.com';
$email = mysqli_real_escape_string($mysqli_connection,$email); //Change
$sql = "INSERT INTO users (username, email) VALUES ( '".$username."', '".$email."')";
$res = $mysqli_connection->query($sql);
?>
You were mixing two API's mysql and mysqli. Stop using deprecated mysql
$username = mysqli_real_escape_string($mysqli_connection,$username);
$email = mysqli_real_escape_string($mysqli_connection,$email);
And you forgot to close your if condition too
if ($mysqli_connection->connect_error) {
echo "Not connected, error: " . $mysqli_connection->connect_error;
}//<------forgot
There are two problems:-
you are mixing mysql_* with mysqli_*
no error checking is done.
Try like this:-
<?php
$mysqli_connection = new MySQLi('localhost', 'root', 'secret', 'edgeserver');
if ($mysqli_connection->connect_error)
{
echo "Not connected, error: " . $mysqli_connection->connect_error;
}//Change
$username = 'Eddie';
$username = mysqli_real_escape_string($mysqli_connection,$username);//connection link must be provided as a first parameter
$email = 'eddie_the_eagle#hotmail.com';
$email = mysqli_real_escape_string($mysqli_connection,$email); //same here
$sql = "INSERT INTO users (username, email) VALUES ( '".$username."', '".$email."')";
$res = $mysqli_connection->query($sql);
?>
Note:-Please habitat yourselves to use error reporting when you are going to do any stuff. thanks.
You forgot to close your if statement, so your insert logic will only run if there is an connect error.
Move the last } to a new line after
$mysqli_connection->connect_error;

query not sending to database

Embarrassing question here as it's obviously something so simple that's going wrong.
(Also for anyone who claims 'duplicate', I've spent 3 hours on here looking up relevant questions and putting numerous answers into practice but to no avail, hence the need for the question.)
I'm in the process of making a user registration form using PHP and MySQL, everything submits fine, however, I don't see the values in my database? So obviously it isn't submitting fine.
THE QUESTION
Why isn't it submitting?
I've done a var_dump($_POST); and the result is :
array(4) { ["name"]=> string(14) "Foo Bar" ["email"]=> string(18) "foob#bar.com" ["password"]=> string(8) "foobar123" ["submit"]=> string(8) "Register" }
I've also done print_r($query); on the query to see what's being passed and the result is:
INSERT INTO user_info (name, email, password) VALUES ('Foo Bar', 'foo#bar.com', '$2y$10$36UQIGc6OwFrNs/TBfc6letRlrrdRGGoj.lh65puJElDJER08ozQe')
The table user_info already exists and my connection to the database is fine.
I've tried using backward commas for the column names, I've also tried not using commas for the values but nothing seems to be submitting.
Here's the code:
HTML -
<form method="post" name="register-form" action="database.php">
Name: <input type="text" name="name"><br>
Email: <input type="email" name="email"><br>
Password: <input type="password" name="password">
<input type="submit" name="submit" value="Register" />
</form>
PHP -
<?php
require 'dbconnect.php';
function registerUser() {
$username = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$hash = password_hash($password, PASSWORD_BCRYPT);
$mysqli = mysqli_init();
$query = "INSERT INTO user_info (name, email, password) VALUES ('$username', '$email', '$hash')";
$mysqli->query($con, $query); //$con referenced in dbconnect to connect to db
var_dump($_POST);
print_r($query);
}
if(isset($_POST['submit']) === TRUE){
registerUser();
}
?>
dbconnect.php
<?php
$dbserver = 'localhost';
$dbusername = 'foo';
$dbpassword = 'bar';
$dbdatabase = 'usersdb';
$con = mysqli_connect($dbserver, $dbusername, $dbpassword, $dbdatabase);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
I'm starting to think this might be permission related but it's on my localhost using XAMPP so surely it can't be? Any help would be greatly appreciated! Thank you.
Inside your function registerUser there is no $con defined.
create a connection and your data will get inserted.
function registerUser($con) {
$username = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$hash = password_hash($password, PASSWORD_BCRYPT);
$mysqli = mysqli_init();
$query = "INSERT INTO user_info (name, email, password) VALUES ('$username', '$email', '$hash')";
$mysqli->query($con, $query); //$con referenced in dbconnect to connect to db
var_dump($_POST);
print_r($query);
}
The problem lies here:
$mysqli = mysqli_init();
$query = "INSERT INTO user_info (name, email, password) VALUES ('$username', '$email', '$hash')";
$mysqli->query($con, $query); //$con referenced in dbconnect to connect to db
You need to establish a connection using mysqli_real_connect after mysqli_init or use the constructor new mysqli() instead of those two. Also $mysqli->query uses the $mysqli object and takes only one parameter, your query. If you have specified the connection somewhere else, you need to use mysqli_query. See http://php.net/manual/de/mysqli.query.php
This is the solution :
in your dbconnect.php reaplace this line
$con = mysqli_connect($dbserver, $dbusername, $dbpassword, $dbdatabase);
with
$mysqli = new mysqli($dbserver, $dbusername, $dbpassword, $dbdatabase);
and reaplace the content of database.php with this :
require 'dbconnect.php';
$username = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$hash = password_hash($password, PASSWORD_BCRYPT);
if(isset($_POST['submit']) === TRUE){
// $mysqli = mysqli_init();
$query = "INSERT INTO user_info (name, email, password) VALUES ('$username', '$email', '$hash')";
$mysqli->query($query); //$con referenced in dbconnect to connect to db
var_dump($_POST);
print_r($query);
}
this should work

PHP registered user check

I have PHP + AS3 user login&register modul.I want to check registered user by username.But can't do it because I'm new at PHP.If you can help it will helpfull thx.(result_message part is my AS3 info text box.)
<?php
include_once("connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
$sql = "INSERT INTO users (username, password, user_bio) VALUES ('$username', '$password', '$userbio')";
mysql_query($sql) or exit("result_message=Error");
exit("result_message=success.");
?>
Use MySQLi as your PHP function. Start there, it's safer.
Connect your DB -
$host = "////";
$user = "////";
$pass = "////";
$dbName = "////";
$db = new mysqli($host, $user, $pass, $dbName);
if($db->connect_errno){
echo "Failed to connect to MySQL: " .
$db->connect_errno . "<br>";
}
If you are getting the information from the form -
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
you can query the DB and check the username and password -
$query = "SELECT * FROM users WHERE username = '$username'";
$result = $db->query($query);
If you get something back -
if($result) {
//CHECK PASSWORD TO VERIFY
} else {
echo "No user found.";
}
then verify the password. You could also attempt to verify the username and password at the same time in your MySQL query like so -
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password';
#Brad is right, though. You should take a little more precaution when writing this as it is easily susceptible to hacks. This is a pretty good starter guide - http://codular.com/php-mysqli
Using PDO is a good start, your connect.php should include something like the following:
try {
$db = new PDO('mysql:host=host','dbname=name','mysql_username','mysql_password');
catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
Your insert would go something like:
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
$sql = "INSERT INTO users (username, password, user_bio) VALUES (?, ?, ?)";
$std = $db->prepare($sql);
$std = execute(array($username, $password, $userbio));
To find a user you could query similarly setting your $username manually of from $_POST:
$query = "SELECT * FROM users WHERE username = ?";
$std = $db->prepare($query)
$std = execute($username);
$result = $std->fetchAll();
if($result) {
foreach ($result as $user) { print_r($user); }
} else { echo "No Users found."; }
It is important to bind your values, yet another guide for reference, since I do not have enough rep yet to link for each PDO command directly from the manual, this guide and website has helped me out a lot with PHP and PDO.

Categories