I'm following a tutorial and I've run into an issue where I can complete my registration form but my info isn't saved into the database table. All my code is the same as the tutorial. Am I missing something?
Obviously it has to do with my $insert variable, but I can't figure out what it is.
if(isset($_POST['register'])) {
$user_name = mysqli_real_escape_string($con, $_POST['user_name']);
$user_pass = mysqli_real_escape_string($con, $_POST['user_pass']);
$user_email = mysqli_real_escape_string($con, $_POST['user_email']);
$user_country = mysqli_real_escape_string($con, $_POST['user_country']);
$user_number = mysqli_real_escape_string($con, $_POST['user_number']);
$user_address = mysqli_real_escape_string($con, $_POST['user_address']);
$user_gender = mysqli_real_escape_string($con, $_POST['user_gender']);
$user_b_day = mysqli_real_escape_string($con, $_POST['b_day']);
$user_image = $_FILES['user_image']['name'];
$user_tmp = $_FILES['user_image']['tmp_name'];
if($user_address=='' OR $user_country=="" OR $user_image=="" OR $user_gender=='') {
echo "<script>alert('Please fill all the fields.')</script>";
exit();
}
if(!filter_var($user_email, FILTER_VALIDATE_EMAIL)) {
echo "<script>alert('Your email is not valid.')</script>";
exit();
}
$sel_email = "SELECT * FROM register_user WHERE user_email='" . $user_email . "';";
$run_email = mysqli_query($con, $sel_email);
$check_email = mysqli_num_rows($run_email);
if($check_email==1) {
echo "<script>alert('This email is already registered. Please choose another.')</script>";
exit();
}
else {
$_SESSION['user_email'] = $user_email;
move_uploaded_file($user_tmp, "images/$user_image");
$insert = "INSERT INTO register_user (user_name,
user_pass,
user_email,
user_country,
user_number,
user_address,
user_gender,
user_b_day,
user_image,
register_date)
VALUES ('$user_name',
'$user_pass',
'$user_email',
'$user_country',
'$user_number',
'$user_address',
'$user_gender',
'$user_b_day',
'$user_image',
NOW())";
mysqli_query($con, $insert);
echo "<script>alert('Registration successful.')</script>";
echo "<script>window.open('home.php', '_self' )</script>";
}
}
If you have no error message, try this:
$insert = "INSERT INTO register_user (user_name,
user_pass,
user_email,
user_country,
user_number,
user_address,
user_gender,
user_b_day,
user_image,
register_date)
VALUES ('".$user_name."',
'".$user_pass."',
'".$user_email."',
'".$user_country."',
'".$user_number."',
'".$user_address."',
'".$user_gender."',
'".$user_b_day."',
'".$user_image."',
NOW())";
Related
I Have written a query for validating the email ids to not accept the duplicate emails while inserting into database.But it is not working and inserting duplicate email ids into database.
if(isset($_POST['submit_user'])){
$email = $_POST['user_email'];
$check=mysqli_query($conn,"select * from users where user_email='$email'");
$checkrows=mysqli_num_rows($check);
if($checkrows>0) {
echo "Email Already exists";
} else {
if($_POST['password'] == $_POST['con_password']){
$date = date('Y-m-d h:i:s');
$ins_sql = "INSERT INTO users (first_name, last_name, user_email, user_password, user_gender, user_marital_status, user_phone_no, user_designation,user_address,user_date,user_role,username) VALUES ('$_POST[first_name]', '$_POST[last_name]', '$_POST[email]', '$_POST[password]', '$_POST[gender]', '$_POST[marital_status]', '$_POST[phone_no]', '$_POST[designation]', '$_POST[address]', '$date','$_POST[user_role]' , '$_POST[username]')";
$run_sql = mysqli_query($conn,$ins_sql);
}else {
$match = '<div class="alert alert-danger">Password doesn't match!</div>';
}
}
You are checking wrong email id. change $email = $_POST['user_email']; to $email = $_POST['email'];
if(isset($_POST['submit_user'])){
$email = $_POST['email'];
$check=mysqli_query($conn,"select * from users where user_email='$email'");
$checkrows=mysqli_num_rows($check);
if($checkrows>0) {
echo "Email Already exists";
} else {
if($_POST['password'] == $_POST['con_password']){
$date = date('Y-m-d h:i:s');
$ins_sql = "INSERT INTO users (first_name, last_name, user_email, user_password, user_gender, user_marital_status, user_phone_no, user_designation,user_address,user_date,user_role,username) VALUES ('$_POST[first_name]', '$_POST[last_name]', '$_POST[email]', '$_POST[password]', '$_POST[gender]', '$_POST[marital_status]', '$_POST[phone_no]', '$_POST[designation]', '$_POST[address]', '$date','$_POST[user_role]' , '$_POST[username]')";
$run_sql = mysqli_query($conn,$ins_sql);
}else {
$match = '<div class="alert alert-danger">Password doesn't match!</div>';
}
}
}
I'm creating a Wedding Planning Web Application. My Database is connected but no data is being inserted nor am I receiving any error messages when trying to register a user.
I'm being directed straight to the linked Login page. I've tried to match the date formatting (User input as dd/mm/yyyy and being stored as yyyy/mm/dd) from php and MySQL but not sure if it's working/ if it is the issue.
I've been trying to figure out a solution for hours and I'm under pressure to solve it so I can complete my dissertation.
<?php
//Starts the session
session_start();
require_once 'DBConnect.php';
$firstname = "";
$lastname = "";
$email_address = "";
$phone_num = "";
$acc_password = "";
$weddingdate = "";
// REGISTER USER
if (isset($_POST['btn-Register']))
{
// receive all input values from the form
$firstname = mysqli_real_escape_string($DBcon, $_POST['firstname']);
$lastname = mysqli_real_escape_string($DBcon, $_POST['lastname']);
$email_address = mysqli_real_escape_string($DBcon,
$_POST['email_address']);
$phone_num = mysqli_real_escape_string($DBcon, $_POST['phone_num']);
$acc_password = mysqli_real_escape_string($DBcon,
$_POST['acc_password']);
$weddingdate = mysqli_real_escape_string($DBcon,
$_POST['weddingdate']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
// phone_num and weddingdate can be NULL
if (empty($firstname)) { array_push($errors, "First Name is
required"); }
if (empty($lastname)) { array_push($errors, "Last Name is
required"); }
if (empty($email_address)) { array_push($errors, "Email is
required"); }
if (empty($acc_password)) { array_push($errors, "Password is
required"); }
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM customer WHERE email_address =
'$email_address' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
//if user exists
if ($user['email_address'] === $email_address)
{
array_push($errors, "User already exists");
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0)
{
//encrypt the password before saving in the database
$acc_password = md5($acc_password);
$query = "INSERT INTO customer (firstname, lastname,
email_address, phone_num, acc_password, weddingdate)
VALUES('$firstname', '$lastname' '$email_address',
'$phone_num', '$acc_password', '$weddingdate')";
mysqli_query($DBcon, $query);
$_SESSION['email_address'] = $email_address;
$_SESSION['success'] = "You are now Registered";
header('location: Login.php');
}
//This should format the date with phpMyAdmin
$weddingdate = date('Y-m-d H:i', strtotime($_POST["weddingdate"]));
// LOGIN USER
if (isset($_POST['btn-Login']))
{
$email_address = mysqli_real_escape_string($DBcon,
$_POST['email_address']);
$acc_password = mysqli_real_escape_string($DBcon,
$_POST['acc_password']);
if (empty($email_address))
{
array_push($errors, "Email Address is required");
}
if (empty($acc_password))
{
array_push($errors, "Password is required");
}
if (count($errors) == 0)
{
$acc_password = md5($acc_password);
$query = "SELECT * FROM customer WHERE
email_address='$email_address' AND
acc_password='$acc_password'";
$results = mysqli_query($DBcon, $query);
if (mysqli_num_rows($results) == 1)
{
$_SESSION['email_address'] = $email_address;
$_SESSION['success'] = "You are now logged in";
header('location: Main.php');
}else
{
array_push($errors, "Wrong username/password
combination");
}
}
}
}
?>
There is syntax error in insert query line.
$query = "INSERT INTO customer (firstname, lastname, email_address, phone_num, acc_password, weddingdate)
VALUES('$firstname', '$lastname', '$email_address', '$phone_num', '$acc_password', '$weddingdate')";
One Comma , is missing after '$lastname'
The issue is probably that the variables aren't being taken as their values. You need to escape the sequence before you can add the variables. So, instead of having
$query = "INSERT INTO customer (firstname, lastname,
email_address, phone_num, acc_password, weddingdate)
VALUES('$firstname', '$lastname', '$email_address',
'$phone_num', '$acc_password', '$weddingdate')";
You need to do this
$query = "INSERT INTO customer (firstname, lastname, email_address,
phone_num, acc_password, weddingdate) VALUES(
'" . $firstname . "', '" . $lastname . "',
'" . $email_address . "', '" . $phone_num . "',
'" . $acc_password . "', '" . $weddingdate . "')";
This should fix your problem, but as a few of the other commenters have mentioned, this may leave you open to SQL injection. You should be using prepared statements to protect yourself from those vulnerabilities.
i have user add form in my webpage.
Codes like this;
if(isset($_POST['submitted']) ==1) {
$name = mysqli_real_escape_string($dbc, $_POST['name']);
$surname = mysqli_real_escape_string($dbc, $_POST['surname']);
$date = mysqli_real_escape_string($dbc, $_POST['date']);
$email = mysqli_real_escape_string($dbc, $_POST['email']);
$password = mysqli_real_escape_string($dbc, $_POST['password']);
$city = mysqli_real_escape_string($dbc, $_POST['city']);
$q = "INSERT INTO users (name, surname, date, email, password, city) VALUES('$name', '$surname', '$date', '$email', '$password', '$city')";
$r = mysqli_query($dbc, $q);
if($r) {
$message = 'User was added';
}else{
$message = 'User could not be added because: '.mysqli_error($dbc);
$message .= '<p>'.$q.'</p>';
}
}
my submit button is:
<button type="submit" class="btn btn-default">Add User</button>
<?php if(isset($message)) { echo $message; }?>
<input type="hidden" name="submitted" value="1">
I want to check existing values in my database table with that post button.
How can i check same values in this post?
you can do something like this:
<?php
if (isset($_POST['submitted']) == 1) {
$name = mysqli_real_escape_string($dbc, $_POST['name']);
$surname = mysqli_real_escape_string($dbc, $_POST['surname']);
$date = mysqli_real_escape_string($dbc, $_POST['date']);
$email = mysqli_real_escape_string($dbc, $_POST['email']);
$password = mysqli_real_escape_string($dbc, $_POST['password']);
$city = mysqli_real_escape_string($dbc, $_POST['city']);
$q = "SELECT * FROM users WHERE email='".$email."'";
$r = mysqli_query($dbc, $q);
if ($r->num_rows == 0) {
$q = "INSERT INTO users (name, surname, date, email, password, city) VALUES('$name', '$surname', '$date', '$email', '$password', '$city')";
$r = mysqli_query($dbc, $q);
if ($r) {
$message = 'User was added';
} else {
$message = 'User could not be added because: ' . mysqli_error($dbc);
$message .= '<p>' . $q . '</p>';
}
} else {
$message = "Email does exist already";
}
}
i'm new to this PHP please help me here i'm unable to insert values into table.
But if i gave values directly to insert command in place of variables it works.
<?php
include ("db.php");
$msg = "";
if(isset($_POST["submit"]))
{
$name = $_POST["name"];
$email = $_POST["email"];
$password = $_POST["password"];
$name = mysqli_real_escape_string($db, $name);
$email = mysqli_real_escape_string($db, $email);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql="SELECT email FROM users2 WHERE email='$email'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
if(mysqli_num_rows($result) == 1)
{
$msg = "Sorry...This email already exist...";
}
else
{
$query = mysqli_query($db, "INSERT INTO users2 (name, email, password)VALUES ('$name', '$email', '$password')");
if($query)
{
$msg = "Thank You! you are now registered.";
}
}
}
?>
$sql = "INSERT INTO users2 (name, email, password) VALUES (?,?,?)";
if (!$stmt = $db->prepare($sql)) {
die($db->error);
}
$stmt->bind_param("sss", $name, $email, $password);
if (!$stmt->execute()) {
die($stmt->error);
}
I don't know what is the problem in my above question but
i used the above query instead of the one i used the in question and Boom it is a success.
if any one of you know whats the problem in the question please let me know.
You have to concat the variable in string of insert not just put as variable
$query = mysqli_query($db,"INSERT INTO users2 (name, email, password)VALUES ('".$name."', '".$email."', '".$password."')")
or
$query = mysqli_query($db,"INSERT INTO users2 (name, email, password)VALUES ('{$name}', '{$email}', '{$password}')")
You should use prepare statement for this mysql_real_escape_string-versus-Prepared-Statements
Never use md5() is-md5-considered-insecure
Prefer password_hash() or password_verify() Manuel
``
Not sure why but when I hit submit on register form it wont insert data into database, it performs the last else statement at the bottom by redirecting to signup success page which confuses me. I had it working but I did something and I cant figure out what is wrong..
<?php
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = md5($_POST['password']);
$email = $_POST['email'];
$Fname = $_POST['Fname'];
$Lname = $_POST['Lname'];
$Display1 = $_POST['Display1'];
$Display2 = $_POST['Display2'];
$query = mysql_query("SELECT * FROM users WHERE username ='$username'");
if(empty($username) or empty($password) or empty($email) or empty($Fname) or empty($Lname) or empty($Display1)) {
echo '<p>Fields Empty!</p>';
} else if(mysql_num_rows($query) > 0){
$query = mysql_query("SELECT * FROM users WHERE username ='$username' AND password ='$password'");
echo'<p>Username or Password Already Exists!</p>';
} else {
mysql_query("INSERT INTO users VALUES('', '$username', '$password', '2', 'a', '$Fname', '$Lname', '$email', '$Display1', '$Display2')");
$subject = "Membership Confirmation";
$message = "Hello, You have registered an account on Joepepjoepep.com";
$from = "From: joepep235#gmail.com";
header("location:signuppayment.php");
mail($email, $subject, $message, $from);
}
}
?>
Create a unique key for your username field in the table definition.
Then a username can only be once in the table and a second insert query with the same username will fail with a specific error code. (and you avoid the race condition because of your multiple queries)
You can check for that error code and then display the "username already in use" error message.
Try this:
You forgot to put the rows you need to be inserted in your database.
mysql_query("INSERT INTO users VALUES('', '$username', '$password', '2', 'a', '$Fname', '$Lname', '$email', '$Display1', '$Display2')");
Change this into something like this:
mysql_query("INSERT INTO users(id, username, password, Display1, Display2, email, Fname, Lname, user_level, type) VALUES ('', '$username', '$password', '$Display1', '$Display2', '$email', '$Fname', '$Lname', '2', 'a')");
and so apply this in your code:
<?php
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = md5($_POST['password']);
$email = $_POST['email'];
$Fname = $_POST['Fname'];
$Lname = $_POST['Lname'];
$Display1 = $_POST['Display1'];
$Display2 = $_POST['Display2'];
$query = mysql_query("SELECT * FROM users WHERE username ='$username'");
if((empty($username)) || (empty($password)) || (empty($email)) || (empty($Fname)) || (empty($Lname)) || (empty($Display1))) {
echo '<p>Fields Empty!</p>';
} else if(mysql_num_rows($query) > 0){
$query = mysql_query("SELECT * FROM users WHERE username ='$username' AND password ='$password'");
echo'<p>Username or Password Already Exists!</p>';
} else {
mysql_query("INSERT INTO users(id, username, password, Display1, Display2, email, Fname, Lname, user_level, type) VALUES ('', '$username', '$password', '$Display1', '$Display2', '$email', '$Fname', '$Lname', '2', 'a')");
$subject = "Membership Confirmation";
$message = "Hello, You have registered an account on Joepepjoepep.com";
$from = "From: joepep235#gmail.com";
header("location:signuppayment.php");
mail($email, $subject, $message, $from);
}
}
?>
Hope this helps.