This question already has answers here:
PHP MySQL insert not working
(6 answers)
Closed 6 years ago.
I have created a webpage named Register.php which should insert data into my database. The problem with this is that the registration page works but then when I try to log in the information was not added into my database is there anything that I did wrong that I cannot find?
<?php
echo "<h1>Register</h1>";
$submit = $_POST['submit'];
//form data
$FullName = strip_tags($_POST['FullName']);
$UserName = strip_tags($_POST['UserName']);
$Password = strip_tags($_POST['Password']);
$RepeatPassword = strip_tags($_POST['RepeatPassword']);
if ($submit)
{
//open database
$connect = mysql_connect("localhost","root","");
mysql_select_db("cs266db_db1");
$namecheck = mysql_query("SELECT UserName FROM user_ID WHERE UserName='$UserName'");
$count = mysql_num_rows($namecheck);
if ($count!=0)
{
die("UserName already taken");
}
//check for existence
if($FullName&&$UserName&&$Password&&$RepeatPassword)
{
//check password and repeat password match
if($Password==$RepeatPassword)
{
//check length of username and fullname
if (strlen($UserName) > 25 || strlen($FullName)>25)
{
echo "Length of username or fullname is over 25 characters!";
}
else {
//check password
if(strlen($Password)>25 || strlen($Password) < 6) {
echo "Password must be between 6 and 25 characters";
} else {
//encrypt password
$Password = md5($Password);
$RepeatPassword = md5($RepeatPassword);
$queryreg = mysql_query("INSERT INTO user_id VALUES (FullName='".$FullName."',UserName='".$UserName."',Password='".$Password."'");
}
die("You have been registered <a href='index1.php'> Return to Login Page </a>");
}
}
else{
echo "Your passwords do not match";
}
} else {
echo "Please fill in all fields!";
}
}
?>
<html>
<form action="register.php" method="POST">
<table>
<tr>
<td>
Your full name:
</td>
<td>
<input type="text" name="FullName" value="<?php echo $FullName ?>">
</td>
</tr>
<tr>
<td>
Choose a username:
</td>
<td>
<input type="text" name="UserName" value="<?php echo $UserName ?>">
</td>
</tr>
<tr>
<td>
Choose a password:
</td>
<td>
<input type="password" name="Password">
</td>
</tr>
<tr>
<td>
Repeat your password:
</td>
<td>
<input type="password" name="RepeatPassword">
</td>
</tr>
</table>
<br>
<input type="submit" name="submit" value="Register">
</form>
</html>
Im getting an error of this as well(I am running on netbeans):
Notice: Undefined index: submit in
C:\Xampp\htdocs\Resume_DB\register.php on line 4 Notice: Undefined
index: FullName in C:\Xampp\htdocs\Resume_DB\register.php on line 7
Notice: Undefined index: UserName in
C:\Xampp\htdocs\Resume_DB\register.php on line 8 Notice: Undefined
index: Password in C:\Xampp\htdocs\Resume_DB\register.php on line 9
Notice: Undefined index: RepeatPassword in
C:\Xampp\htdocs\Resume_DB\register.php on line 10
Does this have to do with my problem of insertion? If so can you help! Please and thank you!
I don't think the the way you run the insert is even valid in MySql,
I just tried it on my MySql on wamp and the line does not return error but all the values that are been insert are NULL
I'm talking about this line
insert into tmp_table values (`field_1`='value_1', `field_2`='value_2', `field_3`='value_3' ...)
Do you get empty rows in your DB or no rows at all ?
Related
My register.php file is working but when submit button is clicked. This is error message I get
Notice: Use of undefined constant username - assumed 'username' in C:\xampp\htdocs\Hamza\register.php on line 18
You have been registered! Return to login page
However it does not add any users to the database though, what am I doing wrong? I believe something along INSERT INTO users VALUES is incorrect. I searched around and spent 2 hours solving it but can't figure out what's wrong. Any help would be useful, thanks.
register.php file
<?php
echo "<h1>Register</h1>";
$submit = #$_POST['submit'];
//form data
$fullname = strip_tags(#$_POST['fullname']);
$username = strip_tags(#$_POST['username']);
$password = strip_tags(#$_POST['password']);
$repeatpassword = strip_tags(#$_POST['repeatpassword']);
$date = date ("y-m-d");
if ($submit)
{
//check for existance
if ($fullname&&username&&$password&&$repeatpassword)
{
if ($password==$repeatpassword)
{
//check char length of username and fullname
if (strlen($username)>25||strlen($fullname)>25)
{
echo "Length of username or fullname is too long";
}
else
{
//check password length
if (strlen($password)>25||strlen($password)<6)
{
echo "Password must be between 6 and 25 characters";
}
else
{
//register the user!
// encrypt password
$password = md5($password);
$repeatpassword = md5($repeatpassword);
//open database
$connect = mysql_connect("localhost","root","");
mysql_select_db("phplogin"); //select database
$queryreg = mysql_query("
INSERT INTO users VALUES ('','".$fullname."','".$username."','".$password."','".$date."')
");
die ("You have been registered! <a href='index.php'>Return to login page</a>");
}
}
}
else
echo "Your passwords do not match!";
}
else
echo "Please fill in <b>all</b> fields!";
}
?>
<html>
<p>
<form action='register.php' method='POST'>
<table>
<tr>
<td>
Your full name:
</td>
<td>
<input type='text' name='fullname' value='<?php echo $fullname; ?>'
</td>
</tr>
<tr>
<td>
Choose a username:
</td>
<td>
<input type='text' name='username' value='<?php echo $username; ?>'
</td>
</tr>
<tr>
<td>
Choose a password:
</td>
<td>
<input type='password' name='password'>
</td>
</tr>
<tr>
<td>
Repeat your password:
</td>
<td>
<input type='password' name='repeatpassword'>
</td>
</tr>
</table>
<p>
<input type='submit' name='submit' value='Register'>
</form>
</html>
Check your 18th line:
if ($fullname&&username&&$password&&$repeatpassword)
You forgot to put $ sign for username.
when write anything in form and click Enter button, there is no error, but when i write the username and password correct the error show up
i tried echo "$_POST['username']"; // print username if username doesn't match ?
Error:
Notice: Undefined index: username in ..
Notice: Undefined index: password in ..
this is my form
<form action="2.php" method="post">
<table align="center">
<tr>
<td>Username</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Enter" />
</td>
</tr>
</table>
</form>
and this my second page
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$connection = mysql_connect('localhost', 'root', '');
if (!$connection){
die('Could not connect');
exit;
}
mysql_select_db('dbName') or die( "Unable to select database");
$query = "SELECT * FROM admin WHERE username = '$username'";
$result = mysql_query($query) or die(mysql_error());
$num = mysql_num_rows($result); // number of rows
if ($num > 0){
$i = 0;
while ($i < $num){
$row = mysql_fetch_array($result);
if ( ($password) == $row['password'] && ($username) == $row['username'] ){
header('location:2.php');
$_SESSION['sessionname'] = $username;
$_SESSION['sessionpass'] = $password;
}
elseif ( ($password) != $row['password'] && ($username) == $row['username'] ) {
echo "Wrong Password <a href='1.php' >Click Here</a>";
}
$i++;
}
}else {
echo "Username <strong><u>$_POST[username]</u></strong> invalid ! <a href='1.php' >Click Here</a> ";
}
?>
There is no reason to assign the username and password variables in the way you did. Simply assign the post data to the variables as you normally would with a session.
I am building a social network, and trying to implement PDO instead of mysql, and I haven't finished implementing all of the PDO because I can't find a way to make a working version of PDO for inserting my table values. I have no clue why it is resulting in this but here is the code. As the title says, with the PDO code I have provided, I fill in all of the fields, click sign up, and it displays "Please fill in all fields" at the top of the header. If more code is needed (for other .php pages please comment, as I do not know what all is needed. I picked the ones that I knew went together.).
original working mysql code to insert user's input into the database
("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','d','0')");
die("<h2>Welcome to Rebel Connect</h2>Login to your account to get started.");
Index.php
<? include("inc/incfiles/header.inc.php"); ?>
<?
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sign up Date
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$statement = $db->prepare('SELECT username FROM users WHERE username= :username');
//query succeeded
if ($statement->execute(array(':username' => $un))) {
//user exists
if ($statement->rowCount() > 0){
//check all of the fields have been filled in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the length of the password is between 5 and 30 characters long
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
//prepare the SQL statement
$db_connect = $db->prepare
("INSERT INTO users(
fname,
lname,
username,
email,
password,
d,
0
)
Value (
:fn,
:ln,
:un,
:em,
:pswd,
:d,
0
)"
);
//bind the parameters
$db_connect->bindParam(':fn', $fn);
$db_connect->bindParam(':ln', $ln);
$db_connect->bindParam(':un', $un);
$db_connect->bindParam(':em', $em);
$db_connect->bindParam(':pswd', $pwsd);
$db_connect->bindParam(':d', $d);
//execute the prepared statement
$db_connect->execute();
}
die("<h2>Welcome to Rebel Connect</h2>Login to your account to get started.");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all fields";
}
}
else
{
echo "Username already taken.";
}
}
else {
echo "Your e-mails don't match!";
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
$password_login=md5($password_login);
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysql_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_Session["password_login"] = $password_login;
exit("<meta http-equiv=\"refresh\" content=\"0\">");
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
<div style="float: left;">
<table class="homepageTable">
<tr>
<td width="60%" valign="top">
<h2>Already a member? Login below.</h2>
<form action="index.php" method="post" name="form1" id="form1">
<input type="text" size="25" name="user_login" id="user_login" placeholder="username" title="username"/>
<br />
<input type="password" size="25" name="password_login" id="password_login" placeholder="password" title="Password"/>
<br />
<input type="submit" name="button" id="button" value="Login to your account!">
</form>
</td>
<td width="40%" valign="top">
<h2>Sign up below...</h2>
<form action="#" method="post">
<input type="text" size="25" name="fname" placeholder="First Name" title="First Name" value="<? echo $fn; ?>">
<input type="text" size="25" name="lname" placeholder="Last Name" title="Last Name" value="<? echo $ln; ?>">
<input type="text" size="25" name="username" placeholder="Username" title="Username" value="<? echo $un; ?>">
<input type="text" size="25" name="email" placeholder="Email" title="Email" value="<? echo $em; ?>">
<input type="text" size="25" name="email2" placeholder="Re-enter Email" title="Re-enter Email" value="<? echo $em2; ?>">
<input type="password" size="25" name="password" placeholder="Password" title="Password" value="<? echo $pswd; ?>">
<input type="password" size="25" name="password2" placeholder="Re-enter Password" title="Re-enter Password" value="<? echo $pswd2; ?>"><br />
<input type="submit" name="reg" value="Sign Up!">
</form>
</td>
</tr>
</table>
</body>
</html>
header.inc.php
<?
include ("inc/scripts/db_connect.inc.php");
session_start();
if (!isset($_SESSION["user_login"])) {
}
else
{
header("location: home.php");
}
?>
<html>
<head>
<link href="css/main.css" rel="stylesheet" type="text/css">
<title>Rebel Reach - PHS Student Social Network</title>
</head>
<body>
<div class="headerMenu">
<div id="wrapper">
<div class="logo">
<img src="img/find_friends_logo.png">
</div>
<div class="search_box">
<form method="get" action="search.php" id="search">
<input name="q" type="text" size="60" placeholder="Search..." />
</form>
</div>
<div id="menu">
Home
About
Sign Up
Login
</div>
</div>
</div>
<br />
<br />
<br />
<br />
db_connect.inc.php
<?
$db = new PDO('mysql:host=localhost;dbname=socialnetwork', '*********', '*********');
?>
results after taking off #
Notice: Undefined index: reg in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 3
Notice: Undefined index: fname in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 14
Notice: Undefined index: lname in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 15
Notice: Undefined index: username in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 16
Notice: Undefined index: email in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 17
Notice: Undefined index: email2 in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 18
Notice: Undefined index: password in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 19
Notice: Undefined index: password2 in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 20
While running the below script it shows the errorError: Unknown column 'email' in 'field list'.
<?php
include("connect.php");
if($loggedin == '1')
die("You can't register another account while you're logged in.");
if(isset($_POST['submit']))
{
$uname = trim($_POST['username']);
if($_POST["regkey"]!="171717")
die("Invalid Registration Key. <br> <a href= register.php>Back</a>");
if($_POST["pass"]!=$_POST["pass2"])
die("Passwords do not match. <br> <a href= register.php>Back</a>");
// Make sure all forms were filled out.
if((!isset($_POST['username'])) || (!isset($_POST['pass']))
|| ($uname == '') || ($_POST['pass'] == ''))
die("Please fill out the form completely. <br><br>
<a href=register.php>Continue</a>");
$check = #mysql_query("SELECT id FROM players WHERE username = '$uname'");
$check = #mysql_num_rows($check);
if($check > 0)
die("Sorry, that username has already been taken. Please try again.
<br><br>
<a href=register.php>Continue</a>");
$pass = md5($_POST['pass']);
$date = date("m/d/y");
$newPlayer = #mysql_query("INSERT INTO players (username, password,
registered,callname,email) VALUES ('$uname','$pass','$date','$_POST
[callname]','$_POST[email]')") or die("Error: ".mysql_error());
echo 'You have been registered! You may now <a href=index.php>Log in</a>.';
}
else
{
// A simple example of a form.
echo '
<center>
<form action=register.php method=post>
<p>Registration is currently<b> NOT OPEN.</b><br>
You must have a valid Registration key to register.</p>
<table border="2">
<tr>
<td>Username:</td><td><input type="text" name="username" size="20px"</input>
</td>
</tr>
<tr>
<td>Callname:</td><td><input type="text" name="callname" size="20px"</input>
</td>
</tr>
<tr>
<td>Password:</td><td><input type="password" name="pass" size="20px"</input>
</td>
</tr>
<tr>
<td>Re-type Password:</td><td><input type="password" name="pass2" size="20px"</input>
</td> </tr>
<tr>
<td>Email:</td><td><input type="text" name="email" size="20px"</input></td>
</tr>
<tr><td>Registration Key:</td><td><input type="text" name="regkey" size="20px"></input>
</td> </tr>
</table>
<input type="submit" name="submit" value="Submit"></input>
</form>';
}
?>
I'm very new to PHP and can't figure out why I'm getting this Error. Shouldn't the $_POST get that value from the form?
Thanks for reading.
It means your players table does not contain an email column. You will need to add this column to your table for this script to work.
So the incorrect part in your code is
$newPlayer = #mysql_query("INSERT INTO players(username, password, registered, callname, email)
VALUES('$uname', '$pass', '$date', '$_POST[callname]', '$_POST[email]')") or die("Error: ".mysql_error());
Add an email field in your player table.
Chances are there you misspelled email in the player.
$sql = "INSERT INTO user_registration (u_name,s_father,s_schoolname,s_rollno,s_class)
VALUES ($name,$father,$school,$rollno,$class)";
Error: INSERT INTO user_registration
(u_name,s_father,s_schoolname,s_rollno,s_class) VALUES (Azhar, hassan,
Chulli_payaan,1008,10th) Unknown column 'Azhar' in 'field list'
Im working on a form that needs a password that is between 6 and 25 characters. The username and fullname must be less than 25 characters. The username and fullname part works fine, but when I put in a password thats 10 characters long it echos out my error code as if it were less than 6. What Am I doing wrong with this?
Please take a look at the code and help me please:
The issue is within the area commented as //check password length. Thanks everone
The php code is:
<?php
echo "<h1>Register</h1>";
$submit = filter_input(INPUT_POST, 'submit');
//form data
$fullname = strip_tags (filter_input(INPUT_POST, 'fullname'));
$username = strip_tags (filter_input(INPUT_POST, 'username'));
$password = strip_tags(filter_input(INPUT_POST, 'password'));
$repeatpassword = strip_tags(filter_input(INPUT_POST, 'repeatpassword'));
$date = date("Y-m-d");
if ($submit)
{
//check for existence
if($fullname&&$username&&$password&&$repeatpassword)
{
$password = md5($password);
$repeatpassword = md5($repeatpassword);
if ($password==$repeatpassword)
{
//check char length of username and fullname
if (strlen($username)>25||strlen($fullname)>25)
{
echo "Length of username or full name is too long!";
}
else
{
//check password length
if (strlen ($password)>25 || strlen ($password)<6)
{
echo "Password must be between 6 and 25 characters";
}
else
{
//register user
}
}
}
else echo "Your passwords do not match";
}
else echo "Please fill in <b>all</b> fields!";
}
?>`
and the html is:
<html>
<form action='register.php' method='POST'>
<table>
<tr>
<td>
Your full name:
</td>
<td>
<input type='text' name='fullname'>
</td>
</tr>
<tr>
<td>
choose a username:
</td>
<td>
<input type='text' name='username'>
</td>
</tr>
<tr>
<td>
Choose a password:
</td>
<td>
<input type='password' name='password'>
</td>
</tr>
<tr>
<td>
Repeat your password:
</td>
<td>
<input type='password' name='repeatpassword'>
</td>
</tr>
<table>
<p>
<input type='submit' name='submit' value='Register'>
You overwrite the password with its MD5 sum here:
$password = md5($password);
I'd suggest using different variable names for these different values:
$password_md5 = md5($password);
Naming your variables appropraitely will remove confusion and reduce the risk of errors.
You run MD5 on your password and repeat password before you compare it. Do the comparison and length checking before you run MD5 on them.
Why won't you quit the MD5 and instead of that use Whirlpool?
$password_wp = hash('whirlpool', $password);
Still having your doubts?
If it is, your answer on Stackoverflow has already been answered :
Which one is more secured md5 or whirlpool (hashes) and Why?
{ more info }
http://md5-sha-whirlpool.reviews.r-tt.com