I am trying to post data to my url but the form is not recognising anything being posted.
http://localhost/webpanel/createkeys.php?pcname=joe&username=guessme
so surely in the code below the $post values should be stored?
$_POST['pcname'];
$_POST['username'];
But when I load that url I posted I get this error:
Fatal error: Uncaught exception 'PDOException' with message
'SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'pcname'
cannot be null' in
The rest of the code is posted below, it is a short php file but cannot work out the issue.
<?php
// if(!isset($_POST) || empty($_POST['pcname'])) {
// exit;
// }
$pcname = $_POST['pcname'];
$username = $_POST['username'];
include 'db.php';
$stmt = $connection->prepare('INSERT INTO dummy (pcname, username, privatekey) VALUES (?, ?, ?)');
$stmt->execute([
$pcname,
$username,
$privatekey
]);
You have to use $_GET instead of $_POST :
$_GET['pcname'];
$_GET['username'];
$_GET, you bold use $_REQUEST which holds both but this is commonly bad practice.
You can simulate $_POST by performing a Curl request within php.
http://php.net/manual/en/book.curl.php
Related
OK, I originally posted this a question about php, but have since realized it could be a server configuration problem, which I know little about. I left the php script in case, and am hoping someone might have some pointers on this - I already checked permissions (755).
"NetworkError: 500 Internal Server Error - http://localhost/register.php?name=uname&password=upassword"
I was hoping someone here would be able to catch my error - sorry if this is obvious I've been learning as I go.
<?php
define('USER', 'root');
define('PASS', 'password');
$dbh = new PDO('mysql:host=localhost;dbname=users', USER, PASS);
$uname = $_POST['uname'];
$upassword = password_hash($_POST['upassword'], PASSWORD_DEFAULT);
$query = 'INSERT INTO `users` (`name`, `password`) VALUES (?,?)';
$query->bind_param($uname, $upassword);
$queryResults = $dbh->prepare($query);
$queryResults->execute();
$queryResults = null;
$dbh = null; // close the connection
?>
This keeps giving me a 500 internal server error indicating the php script, (in firebug for firefox), and I can't really figure out where I'm going wrong. I can also post ajax if needed.
You are using a Query String http://localhost/register.php?name=uname&password=upassword". Its purely a GET Method.
Your have to check whether the GET Method is exist then you need to access the GET Method Data.
$uname = "";
if(isset($_GET['uname'])) {
$uname = $_GET['uname'];
}
$upassword = "";
if(isset($_GET['password'])) {
$upassword = $_GET['password'];
}
if(($uname != "") && ($upassword != "")) {
$upassword = password_hash($upassword, PASSWORD_DEFAULT)
$query = sprintf("INSERT INTO `users` (`name`, `password`) VALUES (%s, %s)", $uname, $upassword);
----- Statements ------
}
I don't know why it's throwing 500 error, but you clearly have error in code.
Your $query variable is string and it does not have $query->bind_param() method. I assume you are trying to do this (bind_param is MySqli while bindParam is PDO):
$dbh->prepare($query);
$sth->bindParam($uname, $upassword);
Also since you are passing variables via URL, than you must use $_GET instead of $_POST. Just make sure you first check if these parameters exists in $_GET and only than use them:
if (!empty($_GET['name'])) {
$uname = $_GET['name'];
}
NOTE ?name=uname&password=upassword means variable names are name and password. It's values are $_GET['name'] = 'uname' / $_GET['password'] = 'upassword'.
Never pass username and password using $_GET as it's insecure. Better use some secure file to save them.
I'm trying to use one post in 2 different if statements.
What I'm trying to achieve is that I want to insert 3 values in mysql with post.
$action = $_POST['action'];
if($action == "checkCharacterName"){
$username = $_POST['name'];
}
it gets the character name here ^
and then in different action it gets the password:
if($action == "registerUser"){
$password = $_POST['password'];
$qry = $db->prepare ( 'INSERT INTO user_data (id, username, password, gold)
VALUES (null, "'. $username .'","'. $password .'", 500)');
$qry->execute();
but it shows this error:
Undefined variable: username
The posts are sending through swf, so I'm not able to change it cause its not mine swf
You work in PHP. This is a STATELESS langage. It means each time you post data, the whole script is executed but NO VARIABLES are saved. There is two ways to bypass this.
Adding state : Save the $username in the $_SESSION object or in the $_COOKIE object.
Working stateless : Do your request in only ONE POST. (Sending the username and the password at same time.
More informations to maintain a state here
I'm trying to learn how to make a registration form. I was getting an error message: "PDOException : SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'firstname' cannot be null"
Someone told me I could fix it with AJAX, which is something I want to learn anyway. But I'm not sure what I'm doing.
First, I took the PHP code out of my main page (register.php) and put it in a new file (reg-code.php). Then I included reg-code.php in register.php.
Next, I put the following in the head section of register.php:
<script>
submitHandler: function(form) {
$.post(
'/test/register/reg-code.php',
$(form).serialize(),
success: function() {
// display success message or something
It works!
}
);
};
</script>
I fixed one syntax error, but I get another one on the line success: function() {
But I'm not even sure if I'm moving in the right direction. The tutorials are confusing.
This is the PHP code I put in a separate file:
try {
$sql = "INSERT INTO members (firstname, lastname, username, password, password_confirm, email, age) VALUES (:firstname, :lastname, :username, :password, :password_confirm, :email, :age)";
$query = $pdo->prepare($sql);
$query->bindParam(':firstname', $_GET['firstname'], PDO::PARAM_STR);
$query->bindParam(':lastname', $_GET['lastname'], PDO::PARAM_STR);
$query->bindParam(':username', $_GET['username'], PDO::PARAM_STR);
$query->bindParam(':password', $_GET['password'], PDO::PARAM_STR);
$query->bindParam(':password_confirm', $_GET['password_confirm'], PDO::PARAM_STR);
$query->bindParam(':email', $_GET['email'], PDO::PARAM_STR);
$query->bindParam(':age', $_GET['age'], PDO::PARAM_STR);
$query->execute();
} catch (PDOException $e) {
echo 'PDOException : '. $e->getMessage();
}
Do I just have to figure out a syntax error, or do I need to go back to square one?
That error message means that the firstname variable is not being passed in properly. Make sure the name/id of your form field is indeed "firstname".
actually there is no problem with your procedure but
In your members table firstname column is not null and you are passing null value to it
If you use jQuery $.post - then in your php-script you should use $_POST variables:
$query->bindParam(':firstname', $_POST['firstname'], PDO::PARAM_STR);
// etc
Also:
success: function() {
// display success message or something
It works! // this string will cause syntax error
}
Use standard alert() function:
success: function() {
// display success message or something
alert('It works!');
}
First of all, Ajax has nothing to do with that error you get! So you might wan't to consider changing your title.
But anyway.
This means that your $_GET['firstname'] doesn't have a value, which means that no input from your registration form is send trough to your code.
And my suggestion would be that you change all you $_GET varibles to $_POST['inputfieldname'].
Because if you are using a form to send the data, you can't access them trough GET, as GET is used to acces data sent via the URL, so let's say you sent something with the url, and the url was www.yoururl.com/sent.php?something=bla
You would get the value from "something" like so $_GET['something'] and that would now have the data "bla", just to clarify.
The reason it says that the column cannot be null, is because that you have set that rule in your database, and if you removed that, i would just be a blank field.
Hope it helps a bit.
When I bind data in my php file to my database. I check by database and the values are all NULL? What is wrong?
Also: How can I pass a hashed password to be stored in my database? I know how to password_hash and password_verify. I can't figure out how to store a hashed password.
/*the variables are declared in a html form in another file. The action attribute
calls this php file with this code here. I use POST to get the user input for
each of the variables first, last, password, and initials*/
//create database connection
$dbc = mysqli_connect ('domain', 'root', 'password', 'database')
or die ('Error connecting');
//my condition to check for value when user enters data from html form. I use POST and isset.
if (isset($_POST['first']) && isset($_POST['last']) && isset($_POST['password']) &&
isset ($_POST['initials'])) {
//This is where I bind the data to prevent sql injection attacks.
$thisdb= mysqli_prepare($dbc, "INSERT INTO database VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sssd', $first, $last, $password, $initials);
mysqli_stmt_execute($thisdb);
mysqli_stmt_close($thisdb);
}
else
{ echo('user missing data'); exit();}
// close database
mysqli_close ($dbc);
Use:
mysqli_stmt_bind_param($stmt, 'sssd', $_POST['first'], $_POST['last'], $_POST['password'], $_POST['initials']);
You were binding to variables that you never assigned.
Apart from the undefined variables that are already mentioned, you might run into problems as you are declaring your initials as a double:
mysqli_stmt_bind_param($stmt, 'sssd', $first, $last, $password, $initials);
^ are you sure initials is supposed to be a double?
You probably want:
mysqli_stmt_bind_param($stmt, 'ssss', $_POST['first'], $_POST['last'], $_POST['password'], $_POST['initials']);
You should add error handling to your database to see where what problem occurs exactly.
Note: Storing passwords in plain text is a very bad idea, you need to salt and hash them.
EDIT
Thanks for the help so far. I have edited my post to reflect the changes suggested below. I am using PDO for my database connection. The code I have now is as follows:
HTML
<a href="includes/delete-customer.php?userID='.$row->customer_id.'">
PHP
<?php
//MySQL Database Connect
include 'includes/config.php';
// confirm that the 'id' variable has been set
if (isset($_GET['userID']) && is_numeric($_GET['userID']))
{
// get the 'id' variable from the URL
$id = $_GET['userID'];
/* Delete row from the customer table */
$id = $dbh->exec("DELETE FROM customer WHERE customer_id = '$id'");
$stmt->execute();
}
?>
config.php
<?php
/*** mysql hostname ***/
$hostname = 'localhost';
/*** mysql username ***/
$username = 'user';
/*** mysql password ***/
$password = 'password';
try {
$dbh = new PDO("mysql:host=$hostname;dbname=testDB", $username, $password);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>
I'm pretty sure the HTML is correct now and the issue lies with the delete-customer.php file. I am currently receiving the following error: Fatal error: Call to a member function exec() on a non-object
I'm not sure of how to implement the PDO query correctly. Any further advice is much appreciated.
Your HTML section says:
<a href="includes/delete-customer.php?customer_id=$id['.$row->customer_id.']">
Is this your exact HTML syntax? This argument should be the actual numerical id, i.e. --
<a href="includes/delete-customer.php?customer_id=3">
-- either by echoing $row->customer_id (assuming it exists), or some other method of knowing that user id.
Your HTML only needs to send the actual data, not any sort of variable syntax. Your receiving PHP ($_GET['customer_id']) will interpret that for you and properly pass that to MySQL.
Your URL passes userID as the get parameter, yet in your php script you're trying to access customer_id. Try changing your code to retrieve userID and it should work
if (isset($_GET['userID']) && is_numeric($_GET['userID']))
<a href="includes/delete-customer.php?customer_id=<?php echo $id[$row->customer_id]; ?>">
assuming $id[$row->customer_id] is valid.
Plus, you really shouldn't delete from database on get var unless you're doing some admin validation / access rules and guarantee you don't have anyone on the job who will go rogue and manually type in numbers there.. That's just plain crazy.