I've created this registration form and i want to insert a text file like CV in mysql database named st_login including the table named login.In the following code i've only created a form for registration purposes and want to insert also an option allowing the user to insert a text file (CV)into the registration form and this text file to be saved into that database using Php.
This is my php code:
<html >
<head>
<title></title>
</head>
<body>
<?php
print ("<form action='register.php' method='post'>
<p>Name
<input type='text' name='firstname' />
</p>
<p>Surname
<input type='text' name='lastname' />
</p>
<p>Username
<input type='text' name='username' />
</p>
<p>Password
<input type='password' name='password' />
<p/>
<input type='submit' value='Register'/>
</form>");
extract ($_POST);
if( !($database=mysql_connect("localhost","root",""))||!(mysql_select_db("st_login",$database)) )
print("Could not connect");
if(isset($_POST['firstname'] )&&isset($_POST['lastname'])&&isset($_POST['username'])&&isset($_POST['password']) ){
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$username=$_POST['username'];
$password=$_POST['password'];
$query = "INSERT INTO login (firstname, lastname, username,password) VALUES ('$firstname', '$lastname', '$username','$password')";
}
if ( !empty($firstname)&&!empty($lastname)&&!empty($username) &&!empty($password) )
{
if(!($result=mysql_query($query,$database)))
{
print("Could not execute query");
die (mysql_error());//ose error
}
else echo "You have been registered successfully";
}
else echo "Fill in all the blank fields";
mysql_close($database);
?>
</body>
</html>
Related
I am trying to add data from html form to database. However , I think everthing is OK but there are 2 errors: undefined sql and empty query. I research something and I learned sql injection but I dont understand what is the difference in INSERT INTO query. How can I solve this problem?(I have also one more column in database its name is id and it is auto inceremented. So I havent add it)
<?php
include('dbConnection.php');
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="addMember.css">
<script src="addMember.js"></script>
<title>Nature Apartment-Add Member</title>
</head>
<body>
<h1>Nature Apartment</h1>
<?php
if($_SERVER["REQUEST_METHOD"]=="POST"){
if(isset($_POST['submit'])){
$apartmentID= $_REQUEST['apartmentID'];
$uname= $_REQUEST['uname'];
$pwd= $_REQUEST['pwd'];
$phoneNumber= $_REQUEST['phoneNumber'];
$secondPhoneNumber= $_REQUEST['secondPhoneNumber'];
$whoseNumber= $_REQUEST['whoseNumber'];
$sql = "INSERT INTO members (apartmentID, username, password, phoneNumber, secondPhoneNumber, whoseNumber)
VALUES '$apartmentID', '$uname', '$pwd', '$phoneNumber', '$secondPhoneNumber', '$whoseNumber')";
}
}
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
?>
<ul>
<li>HomePage</li>
<li>Members</li>
<li>Payments</li>
<li>General Expenses </li>
<li>Chat</li>
<li>Settings</li>
</ul>
<br><br>
<h2>Add New Member</h2>
<br><br>
<form id="form" method="POST" >
<label for="apartmentID">Apartment ID</label><br>
<input type="text" id="id" name="id"><br><br>
<label for="username">Username</label><br>
<input type="text" id="uname" name="uname"><br><br>
<label for="Password">Password</label><br>
<input type="password" id="pwd" name="pwd"><br><br>
<label for="phoneNumber">Phone number</label><br>
<input type="text" id="phoneNumber" name="phoneNumber"><br><br>
<label for="secondPhoneNumber">Second phone number</label><br>
<input type="text" id="secondPhoneNumber" name="secondPhoneNumber"><br><br>
<label for="whoseNumber">Whose phone number? </label><br>
<input type="text" id="whoseNumber" name="whoseNumber"><br><br>
<input type="submit" value="Add" name="submit" >
</form>
</body>
</html>
I think you forgot a bracket??
$sql = "INSERT INTO members (apartmentID, username, password, phoneNumber, secondPhoneNumber, whoseNumber)
VALUES '$apartmentID', '$uname', '$pwd', '$phoneNumber', '$secondPhoneNumber', '$whoseNumber')";
Should be
$sql = "INSERT INTO members (apartmentID, username, password, phoneNumber, secondPhoneNumber, whoseNumber)
VALUES **(**'$apartmentID', '$uname', '$pwd', '$phoneNumber', '$secondPhoneNumber', '$whoseNumber')";
This question already has answers here:
Why shouldn't I use mysql_* functions in PHP?
(14 answers)
Closed 3 years ago.
I am following a tutorial series (Link to Video) in which I am learning to create a comments section to a web page. I am using XAMPP as it is what the guy in the video is using. I have finished writing the code which sends the data (name, time, message) to the database and when I go to try it out nothing happens. I checked the database and there is nothing
This is the code:
index.php
<?php
date_default_timezone_set('Europe/London');
include 'dbh.inc.php';
include 'comments.inc.php';
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<?php
echo"<form method='POST' action='".setComments($conn)."'>
<input type='hidden' name='uid' value='Anonymous'>
<input type='hidden' name='date' value='".date('D-m-y H:i:s')."'>
<textarea name='message'></textarea> <br>
<button type='submit' name='commentSubmit'>Comment</button>
</form>";
?>
</body>
</html>
comments.inc.php
<?php
function setComments($conn) {
if (isset($_POST['commentSubmit'])) {
$uid = $_POST['uid'];
$date = $_POST['date'];
$message = $_POST['message'];
$sql = "INSTERT INTO comments (uid, date, message) VALUES ('$uid', '$date', '$message')";
$result = mysql_query(- $sql);
}
}
dbh.inc.php
<?php
$conn = mysqli_connect('localhost', 'root', '', 'commentsection');
if (!$conn) {
die("Connection Faild: ".mysql_connect_error());
}
Please help me.
thank you
Change
<?php
echo"<form method='POST' action='".setComments($conn)."'>
<input type='hidden' name='uid' value='Anonymous'>
<input type='hidden' name='date' value='".date('D-m-y H:i:s')."'>
<textarea name='message'></textarea> <br>
<button type='submit' name='commentSubmit'>Comment</button>
</form>";
?>
To:
<?php
// action empty send the post data to the this fila again
// setComments function have a condition to work only when POST data is present
setComments($conn);
echo"<form method='POST' action=''>
<input type='hidden' name='uid' value='Anonymous'>
<input type='hidden' name='date' value='".date('D-m-y H:i:s')."'>
<textarea name='message'></textarea> <br>
<button type='submit' name='commentSubmit'>Comment</button>
</form>";
?>
And
This:
$sql = "INSTERT INTO comments (uid, date, message) VALUES ('$uid', '$date', '$message')";
$result = mysql_query(- $sql);
}
To:
// INSERT is the correct sintaxis
$sql = "INSERT INTO comments (uid, date, message) VALUES ('$uid', '$date', '$message')";
$result = mysql_query($sql);
}
Finally
$conn = mysqli_connect('localhost', 'root', '', 'commentsection');
To:
// mysqli_connect have diferent parameters
$conn = mysql_connect('localhost', 'root', '', 'commentsection');
Tested and working
I'm not that good with PHP but i need to do a user registration form and this is what I haven done so far
<!doctype html>
<html>
<head>
<title>Register</title>
</head>
<body>
<p>Register | Login</p>
<h3>Formulario de registro</h3>
<form action="" method="POST">
Usuario: <input type="text" name="login"><br />
Contrasena: <input type="password" name="password"><br />
Email: <input type="text" name="email"><br />
Sexo: <input type="text" name="sex"><br />
Edad: <input type="text" name="age"><br />
Telefono: <input type="text" name="phone"><br />
Pais: <input type="text" name="country"><br />
Ciudad: <input type="text" name="city"><br />
Direccion: <input type="text" name="address"><br />
<input type="submit" value="Register" name="submit" />
</form>
<?php
if(isset($_POST["submit"])){
if(!empty($_POST['login']) && !empty($_POST['password'])) {
$login=$_POST['login'];
$password=$_POST['password'];
$email=$_POST['email'];
$sex=$_POST['sex'];
$age=$_POST['age'];
$phone=$_POST['phone'];
$country=$_POST['country'];
$city=$_POST['city'];
$address=$_POST['address'];
$con=mysqli_connect('localhost','root','','registro_usuarios') or die(mysql_error());
$sql="SELECT * FROM usuario ";
$result = mysqli_query($con,$sql);
if(mysqli_num_rows($result)>=0)
{
echo "I'm in";
$sql="INSERT INTO usuario (login,password,email,sex,age,phone,country,city,address)
VALUES('$login','$password','$password','$email','$sex','$age','$country','$city','$address')";
$result=mysqli_query($con,$sql);
if($result){
echo "Account Successfully Created";
} else {
echo "Failure!";
}
} else {
echo "That username already exists! Please try again with another.";
}
} else {
echo "All fields are required!";
}
}
?>
</body>
</html>
I can see the message "I'm in" in my screen but I'm also get the "Failure" message because it's not inserting anything into the the database. I have been struggling trying to find the error but nothing so far. The error should be around here
$sql="INSERT INTO usuario (login,password,email,sex,age,phone,country,city,address)
VALUES('$login','$password','$password','$email','$sex','$age','$country','$city','$address')";
$result=mysqli_query($con,$sql);
I have checked all the values from my database in case of a typo just in case you guys wonder and there is no typo.
Thanks
You wrong in sql insert.
your sql :
$sql="INSERT INTO usuario (login,password,email,sex,age,phone,country,city,address) VALUES('$login','$password','$password','$email','$sex','$age','$country','$city','$address')";
$result=mysqli_query($con,$sql);
look at the value row doesn't match with the insert fields. You insert twice $password, and no $phone.
If still error, you can add this to know what wrong with your query:
if(mysqli_query($con,$sql))
{
echo 'Success'.'</br>';
}
else
{
echo 'Fail';
echo "Error Description : ".mysqli_error($con);
}
<html>
<body>
<h1>NewsLetter Registration Time! </h1>
<form action='$_SERVER["PHP_SELF"]' method='post'>
Enter the username to be added:
<input type="text" id="nt1" name="username"/>
Enter the corresponding email-id to be added:
<input type="text" id="nt1" name="email_id"/>
<input type="submit"/>
<?php
if(isset($_POST['submit']))
{
echo "<h1 style='color:red;'> Entering Data..... </h1>";
$database=mysqli_connect('localhost','root','','userdetails')
or die("didn't work");
mysqli_query($database,"INSERT INTO userdetails (username,password)VALUES ($_POST[username],$_POST[email_id])");
mysqli_close($database);
echo "<h3 style='color:red;'> Check the database..... </h3>";
}
?>
</body>
</html>
I am not able to access Database using $_SERVER['PHP_SELF'] but the code works if I use some other php script in action. Is this a problem with xampp?
Error:
You are missing php tag in your forms and type=submit in your submit button. Also, check the manual for inserting data in database using php
<html>
<body>
<h1>NewsLetter Registration Time! </h1>
<form action='<?php $_SERVER["PHP_SELF"];?>' method='post'>
Enter the username to be added:
<input type="text" id="nt1" name="username"/>
Enter the corresponding email-id to be added:
<input type="text" id="nt1" name="email_id"/>
<input type="submit" name="submit"/>
<?php
if(isset($_POST['submit']))
{
echo "<h1 style='color:red;'> Entering Data..... </h1>";
$database=mysqli_connect('localhost','root','','userdetails')
or die("didn't work");
mysqli_query($database,"INSERT INTO userdetails (username,password)VALUES ('$_POST[username]','$_POST[email_id]')");
mysqli_close($database);
echo "<h3 style='color:red;'> Check the database..... </h3>";
}
?>
</body>
</html>
I'm trying to create a form for admin registration. The code works correctly but more than one admin can register for this page. How can I make it so that only one admin can register?
<html >
<head>
<title></title>
</head>
<body>
<?php
print ("<form action='admin.php' method='post'>
<p>Name
<input type='text' name='firstname' />
</p>
<p>Surname
<input type='text' name='lastname' />
</p>
<p>Username
<input type='text' name='username' />
</p>
<p>Password
<input type='password' name='password' />
</p>
<p>Email <input type='text' name='email'/> </p>
<input type='submit' value='Register'/>
</form>
");
if( !($database=mysql_connect("localhost","root",""))||!(mysql_select_db("st_login",$database)) )
print("Could not connect");
if(isset($_POST['firstname'] )&&isset($_POST['lastname'])&&isset($_POST['username'])&&isset($_POST['password'])
/*&&isset($_POST['notat'])&&isset($_POST['lendet'])*/&&isset($_POST['email'])){
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$username=$_POST['username'];
$password=md5($_POST['password']);
$email=$_POST['email'];
/*
$notat=$_POST['notat'];
$lendet=$_POST['lendet'];
*/
$query = "INSERT INTO login (firstname, lastname, username,password,email,admin) VALUES ('$firstname', '$lastname',
'$username','$password','$email',1)";
}
if ( !empty($firstname)&&!empty($lastname)&&!empty($username) &&!empty($password)&&!empty($email))
{
if(!($result=mysql_query($query,$database)))
{
print("Could not execute query");
die (mysql_error());//ose error
}
echo "YOU HAVE BEEN REGISTERED SUCCESSFULLY!You are the admin of this page";
}
else echo 'Fill in all the blank fields';
mysql_close($database);
?>
</body>
</html>
Here is my database
Add a check when inputting user data to the form. Check whether there are any rows where the field admin is set to 1 (or whatever you use)
Sample code for that
$result = mysql_query("SELECT firstname FROM mytable WHERE admin=1");
if(mysql_num_rows($result)== 0) {
//check if the post variables are set and input the values to the table
} else {
// Admin already exist
}
As mentioned in comments, you should stop using mysql_, and use mysqli_ or PDO with prepared statements instead, an example is given below. Keep in mind that you cannot mix APIs, so your entire code will have to be converted from one to the other.
$mysqli = new mysqli("host", "user", "password", "database");
$result = $mysqli->query("SELECT firstname FROM mytable WHERE admin=1");
if ($result->num_rows == 0)
//check if the post variables are set and input the values to the table
} else {
// Admin already exist
}
Reference
Why shouldn't I use mysql_* functions in PHP?
How can I prevent SQL injection in PHP?
Choosing an API
$mysqli->prepare (for prepared statements)