Querying data into phpmyadmin database table - php

I am trying to input the information from the form html into mysql table. I keep getting an error code but I do not understand it and I tried to research for solution but i came up short.
I put security because protecting my login information.
Please help me?
Here is the html:
<!DOCTYPE HTML>
<html>
<head>
<title> form</title>
<style type="text/css/css">
h2{
text-align: center;
margin-top: 2cm;
}
</style>
</head>
<body>
<form action='formDB2.php' method='POST'>
<p> Your Last Name: <input type="text" name="lastname" id="lastname" value="" size="30" /></p>
<p> Your First Name: <input type="text" name="firstname" id="firstname" value="" size="30" /></p>
<p>Age: <input name="age" type="text " id="age "/> </p>
<p>gender: <select name="sex" id="gender">
<option> Male </option>
<option>Female </option>
</select> </p>
<hr />
<p><input type="reset" value="REST"/><input type="submit" name="Submit" value="Submit" /></p>
</form>
</body>
</html>
Here the mysql/php code:
<?php
$link = mysqli_connect("localhost","*security*","*security*","*security*");
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$lastname = mysqli_real_escape_string($link, $_POST['lastname']);
$firstname = mysqli_real_escape_string($link, $_POST['firstname']);
$age = mysqli_real_escape_string($link, $_POST['age']);
$gender = mysqli_real_escape_string($link, $_POST['sex']);
$sql = "INSERT INTO trainer(trainer_id, lastname, firstname, age, gender) VALUES (0,'$firstname', '$lastname', '$age' , '$gender')";
if(mysqli_query($link,$sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
Here is the output:
Here the account I want it to display:


trainer_id is your primary key, so it must be unique. You are always setting to 0 on your code:
$sql = "INSERT INTO trainer(trainer_id, lastname, firstname, age, gender) VALUES (0,'$firstname', '$lastname', '$age' , '$gender')";
You should set the field with auto increment http://dev.mysql.com/doc/refman/5.7/en/example-auto-increment.html and don't pass anything on your code:
$sql = "INSERT INTO trainer(lastname, firstname, age, gender) VALUES ('$firstname', '$lastname', '$age' , '$gender')";

Related

Data not inserting in sqlite3 database using php

Hy guys, I have a sqlite database named signup.db and a signup table in it and I have a php code of a signup page but it us not inserting any data on submit I also am not getting Amy error even on clicking on submit
*don't mind SQL injection this is just testing I will use SQL prepared statement when I make my next project
Code
<?php
if(isset($_POST['submit'])){
//connection to sqlite3 database
$dir = 'sqlite: sign.db';
$db = new PDO($dir) or die ("Unable to open");
//select table
//saving data
$email = $_POST["Email"];
$first = $_POST["First"];
$last = $_POST["Last"];
$password = $_POST["Password"];
$male = $_POST["Male"];
$female = $_POST["Female"];
$date = $_POST["Dateofb"];
$sql = "INSERT INTO Signup (First, Last, Email, Password, Male, Female, Dateofb) VALUES ('$first', '$last', '$email', '$pass', '$male', '$female', '$date');";
$sql->execute();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="index.css" >
<script src="index.js" ></script>
<title>Survey</title>
</head>
<body>
<form action="" method="post" >
<div class="container" >
<div class="form" >
<input type="email" class="first" id="email" placeholder="Email" required="required">
<input type="text" class="second" id="first" placeholder="First name" required="required">
<input type="text" class="last" id="last" placeholder="Last name" required="required">
<input type="password" class="pass" id="pass" placeholder="Password" required="required">
<div class="day" >
<p class="bd" >Birthday Date:</p>
<input type="date" class="date" id="date" >
</div>
<div>
<div class="malee" >
<input type="checkbox" class="male" id="male" >
<p class="mal" >Male</p>
</div>
<div class="femalee" >
<input type="checkbox" class="female" id="female" >
<p class="fem" >Female</p>
</div>
</div>
<div >
<input class="submit" id="submit" type="submit" >
</div>
<div class="acc" >
already have account <a href="#" >Login</a>
</div></div>
</div>
</form>
</body>
</html>
(https://i.stack.imgur.com/vYkug.jpg)

Your code has two issues:
You should query on a db connection
$db->exec($sql);
In $sql string
$pass should be $password
$sql = "INSERT INTO Signup (First, Last, Email, Password, Male, Female, Dateofb)
VALUES ('$first', '$last',
'$email', ******'$pass'*******, '$male', '$female', '$date');";
I created sandbox for you. Working fine . You can copy this code into a separate test.php file and try running it
Check this sandbox
<?php
try {
$conn = new PDO("sqlite: sign.db");
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$email = "test2";
$first = "";
$last = "";
$password = "";
$male = "";
$female = "";
$date = "";
$sql = "CREATE TABLE IF NOT EXISTS Signup (
First text NOT NULL,
Last text NOT NULL,
Email text NOT NULL,
Password text NOT NULL,
Male text NOT NULL,
Female text NOT NULL,
Dateofb text NOT NULL
);";
$conn->exec($sql);
$sql = "INSERT INTO Signup (First, Last, Email, Password, Male, Female, Dateofb) VALUES ('$first', '$last', '$email', '$password', '$male', '$female', '$date');";
$conn->exec($sql);
echo "New record created successfully \n";
$sql = "SELECT * FROM Signup";
$result = $conn->query($sql);
while ($row = $result->fetch()) {
echo $row['Email']."\n";
}
} catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
?>

add data from html forms to database. undefined sql error and empty query error

I am trying to add data from html form to database. However , I think everthing is OK but there are 2 errors: undefined sql and empty query. I research something and I learned sql injection but I dont understand what is the difference in INSERT INTO query. How can I solve this problem?(I have also one more column in database its name is id and it is auto inceremented. So I havent add it)
<?php
include('dbConnection.php');
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="addMember.css">
<script src="addMember.js"></script>
<title>Nature Apartment-Add Member</title>
</head>
<body>
<h1>Nature Apartment</h1>
<?php
if($_SERVER["REQUEST_METHOD"]=="POST"){
if(isset($_POST['submit'])){
$apartmentID= $_REQUEST['apartmentID'];
$uname= $_REQUEST['uname'];
$pwd= $_REQUEST['pwd'];
$phoneNumber= $_REQUEST['phoneNumber'];
$secondPhoneNumber= $_REQUEST['secondPhoneNumber'];
$whoseNumber= $_REQUEST['whoseNumber'];
$sql = "INSERT INTO members (apartmentID, username, password, phoneNumber, secondPhoneNumber, whoseNumber)
VALUES '$apartmentID', '$uname', '$pwd', '$phoneNumber', '$secondPhoneNumber', '$whoseNumber')";
}
}
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
?>
<ul>
<li>HomePage</li>
<li>Members</li>
<li>Payments</li>
<li>General Expenses </li>
<li>Chat</li>
<li>Settings</li>
</ul>
<br><br>
<h2>Add New Member</h2>
<br><br>
<form id="form" method="POST" >
<label for="apartmentID">Apartment ID</label><br>
<input type="text" id="id" name="id"><br><br>
<label for="username">Username</label><br>
<input type="text" id="uname" name="uname"><br><br>
<label for="Password">Password</label><br>
<input type="password" id="pwd" name="pwd"><br><br>
<label for="phoneNumber">Phone number</label><br>
<input type="text" id="phoneNumber" name="phoneNumber"><br><br>
<label for="secondPhoneNumber">Second phone number</label><br>
<input type="text" id="secondPhoneNumber" name="secondPhoneNumber"><br><br>
<label for="whoseNumber">Whose phone number? </label><br>
<input type="text" id="whoseNumber" name="whoseNumber"><br><br>
<input type="submit" value="Add" name="submit" >
</form>
</body>
</html>

I think you forgot a bracket??
$sql = "INSERT INTO members (apartmentID, username, password, phoneNumber, secondPhoneNumber, whoseNumber)
VALUES '$apartmentID', '$uname', '$pwd', '$phoneNumber', '$secondPhoneNumber', '$whoseNumber')";
Should be
$sql = "INSERT INTO members (apartmentID, username, password, phoneNumber, secondPhoneNumber, whoseNumber)
VALUES **(**'$apartmentID', '$uname', '$pwd', '$phoneNumber', '$secondPhoneNumber', '$whoseNumber')";

Wamp database doesn't update all fields

I am inserting data in my WAMP database from user input:
PHP
<?php
$con=mysqli_connect("127.0.0.1","beni","2155","visitbulgaria");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$forename = mysqli_real_escape_string($con,$_POST['Forename']);
$surname = mysqli_real_escape_string($con,$_POST['Surname']);
$email = mysqli_real_escape_string($con,$_POST['Email']);
$username = mysqli_real_escape_string ($con,$_POST['Username']);
$password = mysqli_real_escape_string ($con,$_POST['Password']);
$sql="INSERT INTO `customer`(`Forename`, `Surname`, `Email`, `Username`, `Password`)
VALUES ('$forename', '$surname', '$email', '$username', '$password')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
HTML
<html>
<body>
<form action="insert.php" method="post">
Firstname: <input type="text" name="Forename">
Lastname: <input type="text" name="Surname">
Email: <input type="text" name="Email">
username: <input type="text" name="Username">
pass: <input type="text" name="Password">
<input type="submit">
</form>
</body>
</html>
whah happens here is that on submit it does work but when I look at the database in phpMyAdmin it has only added the first three record (forename, surname and email and then the username and password field are left blank, and I have no idea how to fix that and why it is doing it.

PHP Insert INTO Not Inserting Data

Below is my Html and php code both in separate files for my insert query it is trying to insert registration details but it keeps failing, any reasons where i am going wrong.
I have trying using different types of speech marks but it still doesnt work and the textbook i have shows this method. The database can log users in and check if user exists but can not insert data. Thanks.
<?php
include 'db.php';
session_start();
?>
<!DOCTYPE html>
<html>
<head>
</head>
<?php
include 'header.php';
?>
<div id="logincontent">
<div id="registerform" class="loginform-in">
<h1>Registration</h1>
<fieldset>
<form id="myForm" action="registerscript.php" method="POST">
Email: <input type="text" name="username"/><br />
Password: <input type="password" name="pass"/><br />
First Name: <input type="text" name="fname"/><br />
Last Name: <input type="text" name="lname"/><br />
Address 1: <input type="text" name="add1"/><br />
Address 2: <input type="text" name="add2"/><br />
Postcode: <input type="text" name="pcode"/><br />
Telephone: <input type="text" name="phone"/><br />
<button id="submit">Register</button>
</form>
<div id="ack"></div>
</fieldset>
</div>
</div>
</body>
</html>
PHP File
<?php
include('db.php');
$email = mysql_real_escape_string( $_POST["username"] );
$pass = mysql_real_escape_string( md5($_POST["pass"]) );
$firstname = mysql_real_escape_string( $_POST["fname"] );
$surname = mysql_real_escape_string( $_POST["lname"] );
$add1 = mysql_real_escape_string( $_POST["add1"] );
$add2 = mysql_real_escape_string( $_POST["add2"] );
$pcode = mysql_real_escape_string( $_POST["pcode"] );
$phone = mysql_real_escape_string( $_POST["phone"] );
if( empty($email) || empty($pass) )
{
echo "Email and Password are Mandatory";
exit();
}
$res = mysql_query("SELECT email FROM members WHERE email='$email'");
$row = mysql_fetch_row($res);
if( $row > 0 )
echo "The Email $email has already been taken. Click Forgot Password to Retrieve";
else
{
$sql = "INSERT INTO members (memberid, firstname, surname, address1, address2, postcode, telephone, email, password) VALUES (
'',
'$firstname',
'$surname',
'$add1',
'$add2',
'$pcode',
'$phone',
'$email'
'$pass')";
if( mysql_query($sql) )
echo "Registration Successfull";
else
echo "An Error Occured Please Try Again";
}
?>

You missed a comma here
'$phone',
'$email', //<-------------- Here
'$pass')";

Remove memberid from $sql = insert into ... this is probably an auto_increment type value in your mysql database.
BTW you are better off using mysqli or pdo instead of using mysql_. And with prepared statements you would limit the risk for SQL injection.

Add the following to find MySQL Error:
else
echo "An Error Occured Please Try Again";
echo mysql_errno($res) . mysql_error($res);

Unable to select table.. php & mysql

I created a table & when Submit button is hit after filling the form, those particulars should be inserted into the DB TABLE. But idk what's wrong with the code, it's echoing "Unable to select table".. My code is as follows:
<?php
if ( isset ( $_POST['submit'] ) )
{
mysql_connect("localhost","root","1234");
mysql_select_db("my_db")or die( "Unable to select database</span></p>");
$name1 = $_POST['name1'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$gender = $_POST['gender'];
$place = $_POST['place'];
$college = $_POST['college'];
$result=MYSQL_QUERY("INSERT INTO USERS3 (id,name1,email,password,confirmpassword,gender,college,place)".
"VALUES ('NULL', '$name1', '$email', '$password', '$confirmpassword', '$gender', '$place', '$college')")or die( "<p><span style=\"color: red;\">Unable to select table</span></p>");
mysql_close();
echo "<p><span style=\"color: red;\">Thank You;</span></p>";
}
else
{
// close php so we can put in our code
?>
<form id="form1" action="" method="post">
Name:
<input type="text" name="name1" /><br/>
E-mail:
<input type="text" name="email" /><br/>
Password:
<input type="password" name="password" /><br/>
Confirm Password:
<input type="password" name="confirmpassword" /><br/>
Gender:
<input type="radio" name="gender" />
Male
<input type="radio" name="gender" />
Female
<br/>
Location:
<input type="text" name="place" /><br/>
College:
<input type="text" name="college" /><br/>
<input id="submit1" class="submit" type="submit" name="submit" value="Submit"/><br/>
<input type="reset" value="reset" />
</form>
<?php
} //close the else statement
?>

PHP doesn't recognise function with capital letters. Use small-case characters:
mysql_query( "INSERT INTO USERS3 ( id, name1, email,
`password`, confirmpassword, gender, college, place)
VALUES ('NULL', '$name1', '$email',
'$password', '$confirmpassword', '$gender', '$place',
'$college')") or die( "<p><span style=\"color: red;\">Unable to select table</span></p>");
mysql_close();

If 'id' is an autoincrement field, you shouldn't be passing any value for it - the database will deal with that.

Everything looks fine.Only problem(s) could be:
The table name might be incorrect.Especially, i suspect your correct table name is users3 instead of USERS3 .
The ideal way to check is:
Add following statement before $result=.....
echo "INSERT INTO USERS3 (id,name1,email,password,confirmpassword,gender,college,place)".
"VALUES ('NULL', '$name1', '$email', '$password', '$confirmpassword', '$gender', '$place', '$college')";
Run/Load the page.
Whatever is printed - copy it.
Go to phpmyadmin and select SQL Tab.Paste what you copied in previous step and run it.
phpmyadmin will display the exact error.

Categories