I want to store user's contact no. from an android registration form in SQL database but it shows 'failure' instead of 'success' when i try to add $_post['contact'] code to my PHP file.
This is my PHP file.
register.php
<?php
define('HOST','mysql8.000webhost.com');
define('USER','a6293046_******');
define('PASS','*********');
define('DB','a6293046_insti');
$con = mysqli_connect(HOST,USER,PASS,DB);
$name = $_POST['name'];
$email = $_POST['email'];
$address = $_POST['address'];
$contact =(int)$_POST['contact'];
$institute = $_POST['institute'];
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','contact-no','$institute')";
if(mysqli_query($con,$sql)){
echo 'success';
}
else{
echo 'failure';
}
mysqli_close($con);
?>
Please tell me what i am doing wrong in it. thank you
<?php
define('HOST','mysql8.000webhost.com');
define('USER','a6293046_******');
define('PASS','*********');
define('DB','a6293046_insti');
$con = mysqli_connect(HOST,USER,PASS,DB);
$name = $_POST['name'];
$email = $_POST['email'];
$address = $_POST['address'];
$contact =$_POST['contact'];
$institute = $_POST['institute'];
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address',$contact,'$institute')";
$result=$con->query($sql);
if($result)
{
echo 'success';
}
else{
echo 'failure';
}
$con->close();
?>
remove the int for $POST_['contact'] and dnt use single quotes('') for $contact while inserting since it is a integer for string value you should give single quotes
Try this
<?php
define('HOST','mysql8.000webhost.com');
define('USER','a6293046_******');
define('PASS','*********');
define('DB','a6293046_insti');
$con = mysqli_connect(HOST,USER,PASS,DB);
//change 'somename' with the name of submit button!
if(isset($_POST['somename'])){
$error=0;
$name = $_POST['name'];
$email = $_POST['email'];
$address = $_POST['address'];
$contact = $_POST['contact'];
$institute = $_POST['institute'];
if(is_numeric($contact)){
$error=1;
}
if($error==1){
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','$contact','$institute')";
$insert= mysqli_query($con,$sql);
echo 'success';
}
else{
echo 'failure';
}
}
?>
this code will insert data in database only if $contact is numeric otherwise there will not be insert
'contact-no' is not variable.
change 'contact-no' to $contact
try this code
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','$contact','$institute')";
Offcoarse it will: you have an mistake in your SQL, you lost dollar sign and you should use $contact variable not $contact-no
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','$contact','$institute')";
Related
I am wanting to keep a table log history of executed MySQLI queries and log the specific user who executed a query and date & time the query was executed - on any (all) of my PHP pages.
What is the best way and simplest way to achieve this?
PHP
session_start();
if(!isset($_SESSION["username"])){
header("Location: login.php");
exit(); }
$connection = mysqli_connect("****", "****", "****", "****");
if (!$connection) {
die("Database connection failed: " . mysqli_connect_error());
}
if(isset($_POST['update'])) {
$accountNo = $_GET['ID'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$town = $_POST['town'];
$postcode = $_POST['postcode'];
Recommendation from a SO user:
However, there are errors with this suggestion ...many.
$query = "UPDATE usertable set firstname = '".$firstname."', surname='".$surname."', dob='".$dob."', email='".$email."', phone='".$phone."', address='".$address."', town='".$town."', postcode='".$postcode."' where accountNo='".$accountNo."'";
$log_action = mysqli_query($connection,$query);
$result = mysqli_query($connection,$query);
if($result) {
define("LOG_FILE", "https://www.*******.com/logfile.txt");
function log_action($action, $data) {
$time = date('Y-m-d h:i:s');
$user = isset($_SESSION['username']) ? $_SESSION['username'] : '';
$message = "$time\tuser=$user\taction=$action\tdata=$data\n";
file_put_contents(LOG_FILE, $message, FILE_APPEND);
}
Write a wrapper library that logs all the mysqli calls that you want to record, e.g.
function my_mysqli_query($link, $query, $resultmode = MYSQLI_STORE_RESULT) {
log_action('mysqli_query', $query);
return mysqli_query($link, $query, $resultmode);
}
function my_mysqli_prepare($link, $query) {
log_action('mysqli_prepare', $query);
return mysqli_prepare($link, $query);
}
...
define("LOG_FILE", "/path/to/logfile.txt");
function log_action($action, $data) {
$time = date('Y-m-d h:i:s');
$user = isset($_SESSION['username']) ? $_SESSION['username'] : '';
message = "$time\tuser=$user\taction=$action\tdata=$data\n";
file_put_contents(LOG_FILE, $message, FILE_APPEND);
}
I've written it to log to a file. You could log to a database table instead, it's just more code in log_action().
Then do a global replace in all your other scripts, replacing mysqli_query with my_mysqli_query, mysqli_prepare with my_mysqli_prepare, and so on. So your code would look like:
if(isset($_POST['update'])) {
$accountNo = $_GET['ID'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$town = $_POST['town'];
$postcode = $_POST['postcode'];
$query = "UPDATE usertable set firstname = '".$firstname."', surname='".$surname."', dob='".$dob."', email='".$email."', phone='".$phone."', address='".$address."', town='".$town."', postcode='".$postcode."' where accountNo='".$accountNo."'";
$result = my_mysqli_query($connection,$query);
if ($result) {
echo "Update successful";
}
}
The $imagedoes not get assigned any thing. The alert displays an empty string. The update query is working perfectly.
<?php
if(isset($_POST['EditProfilebu']))
{
$id = $_GET['id'];
$username = $_POST['Name'];
$Email = $_POST['Email'];
$PostalCode = $_POST['PostalCode'];
$Address = $_POST['Address'];
$text = $_POST['text'];
$image = $_FILES['image']['name'];
$image_tmp = $_FILES['image']['tmp_name'];
move_uploaded_file($image_tmp,"images/$image");
echo "<script>alert('$image')</script>";
move_uploaded_file($image_tmp,"images/$image");
$query = "update users set UserName='$username',UserEmail='$Email',Picture='$image',PostalCode='$PostalCode',Address='$Address',Text='$text' where UserId='$id'";
$run = mysqli_query($mysqli,$query);
if($run)
{
echo "<script>alert('Updated')</script>";
}
}
?>
<?php
$con = mysqli_connect("localhost","root","","social_network") or die("Connection was not established");
function InsertUser(){
global $con;
//if sign up button is pressed
if(isset($_POST['sign_up'])){
$name = $_POST['u_name'];
$pass = $_POST['u_pass'];
$email = $_POST['u_email'];
$country = $_POST['u_country'];
$gender = $_POST['u_gender'];
$b_day = $_POST['u_birthday'];
$name = $_POST['u_name'];
$date = date("d-m-y");
$status = "unverified";
$posts = "No";
//checks if the email already existist in the system
$get_email = "select * from users where user_email='$email'";
$run_email = mysqli_query($con,$get_email);
$check = mysqli_num_rows($run_email);
//if email validation
if ($check==1) {
echo "<script>alert('This email is already registered!, Try another one')</script>";
exit();
}
//password properties string length
if(strlen($pass)<8){
echo "<script>alert('Password should be minimum 8 characters')</script>";
exit();
}
else {
//inserting user input into the database
$insert = "INSERT INTO users (user_name,user_pass,user_email,user_country,user_gender,user_dob,user_image,register_date,last login,status,posts) VALUES ('$name','$pass','$email','$country','$gender','$b_day','default.jpg','$date','$date','$status','$posts')";
$run_insert = mysqli_query($con,$insert);
if($run_insert){
echo "<script>alert('Registration Successfull!')</script>";
}
}
}
}
?>
The mistake is in your query
cant give a column name like "last login"
Remove the space between and try to change the column name of "status" to anything else
I am not sure if I'm doing something wrong? Whenever I connect to the office wifi and test my apps registration features, the email section shows a different result from my input. Example if I enter test#test.com and the go into phpmyadmin to check, it will be test#nefiewx.legsq.nl3.gsr.awhoer.net. Is something wrong with my code or do I have to avoid using the wifi?
I had to use a vpn to access my phpmyadmin but I see that some of the address in the URL is similar to what has been entered into the database.
This is my insert code. Thank you
<?php
include '../configuration/credentials.php';
if($_SERVER['REQUEST_METHOD']=='POST'){
$conn = mysqli_connect(DB_SERVER,DB_USER,DB_PASSWORD,DB_DATABASE);
if($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
}
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$dateofbirth = $_POST["dateofbirth"];
$email = $_POST["email"];
$phone = $_POST["phone"];
$password = $_POST["password"];
$firstname = mysqli_real_escape_string($conn,trim($firstname));
$lastname = mysqli_real_escape_string($conn,trim($lastname));
$dateofbirth = mysqli_real_escape_string($conn,trim($dateofbirth));
$email = mysqli_real_escape_string($conn,trim($email));
$phone = mysqli_real_escape_string($conn,trim($phone));
$password = mysqli_real_escape_string($conn,trim($password));
$checkuserexistsquery = "SELECT email, phone FROM users WHERE email='$email' AND phone='$phone'";
$insertuserquery = "INSERT INTO users (firstname,lastname,dateofbirth,phone,email,password) VALUES ('$firstname','$lastname','$dateofbirth','$phone','$email','$password')";
$checkuserexistsresults = mysqli_query($conn,$checkuserexistsquery);
if($checkuserexistsresults===FALSE){
echo "Check user query failed";
}else{
$countcheckuserexistsresults = mysqli_num_rows($checkuserexistsresults);
if($countcheckuserexistsresults>0){
//user already exists
echo "User already exists";
while($row = $checkuserexistsresults->fetch_assoc()){
echo $row['email'];
echo $row['phone'];
}
}else{
//user doesn't exist
$insertuserresults = mysqli_query($conn,$insertuserquery);
if($insertuserresults===FALSE){
echo "Insert user query failed";
}else{
echo "Insert successful";
}
}
}
mysqli_close($conn);
}
?>
Hope I can get help with this
Hi Guys I am having a problem that when adding form data into a database. For some reason the data is not inserted. here is my code:
<?php include_once 'secure/connect.php'; ?>
<?php
$name = "Your Name";
$email = "Your Best Email";
$msg_to_user = "";
if ($_POST['name'] != ""){
//Be sure to filter this data to deter SQL injection
$name = $_POST['name'];
$name = stripslashes($name);
$name = strip_tags($name);
$email = $_POST['email'];
$email = stripslashes($email);
$email = strip_tags($email);
$sql = mysql_query("SELECT * FROM newsletter WHERE email='$email'");
$numRows = mysql_num_rows($sql);
if(!$email){
$msg_to_user = '<h4><font color="FF0000">Please Type an email address ' . $name . '</font></h4>';
} else if ($numRows > 0) {
$msg_to_user = '<h4><font color="FF0000">' . $email . ' is already in our system</font></h4>';
} else {
$sql_insert = mysql_query("INSERT INTO newsletter (name, email, dateTime) VALUES ('$name', '$email', now())") or die (mysql_error());
$msg_to_user = '<h4><font color="0066FF">Thanks' . $name . ', You have been added successfully</font></h4>';
$name = "";
$email = "";
}
}
?>
And my html form looks like this:
<div class="topForm">
<H3 style="text-align:center">SIGN UP FOR OUR NEWSLETTER</H3>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="name" value="<?php echo $name; ?>"/>
<input type="text" name="email" value="<?php echo $email; ?>"/><br/>
<input name="mySubmitBtn" type="submit" value="SUBMIT">
<?php echo $msg_to_user; ?>
</form>
</div>
Many thanks in advance all
Phillip
This is what I have now and nothing is still working...
<?php
$name = "Your Name";
$email = "Your Best Email";
$msg_to_user = "";
if ($_POST['name'] != ""){
include_once 'secure/connect.php';
//Be sure to filter this data to deter SQL injection
$name = $_POST['name'];
$name = stripslashes($name);
$name = strip_tags($name);
$email = $_POST['email'];
$email = stripslashes($email);
$email = strip_tags($email);
$sql = mysql_query("SELECT * FROM newsletter WHERE email='$email'");
$numRows = mysql_num_rows($sql);
if(!$email){
$msg_to_user = '<h4><font color="FF0000">Please Type an email address ' . $name . '</font></h4>';
} else if ($numRows > 0) {
$msg_to_user = '<h4><font color="FF0000">' . $email . ' is already in our system</font></h4>';
} else {
$sql_insert = mysql_query("INSERT INTO newsletter (name, email) VALUES ('".$name."', '".$email."')") or die (mysql_error());
$msg_to_user = '<h4><font color="0066FF">Thanks' . $name . ', You have been added successfully</font></h4>';
$name = "";
$email = "";
}
}
?>
without regard to other errors or inconsistencies. also let me note that you should use mysqli or pdo. but php uses time()
$sql_insert = mysql_query("
INSERT INTO newsletter
(name, email, dateTime)
VALUES
('$name', '$email', ".time().")
");
or if you want a date time instead of the timestamp you can use the date() function.
You have to change now() from your code. And Use Following code.
$time = time() ;
$sql_insert = mysql_query("INSERT INTO newsletter (name, email, dateTime) VALUES ('".$name."', '".$email."', '".$time."' )") or die (mysql_error());
make sure you are connected to the database ! see what echo mysql_error(); says
if a form was submitted, catch the values, and then sanitize
insert query
ps: see what the following do:
if(isset($_POST['name']) ...
echo mysql_insert_id();
time() not now()
see the id of the new data inserted
your code, should work, if you follow these steps, and if you are connected to the database