PHP Registration Script - Insert Data - php

This may be the most simplest errors ever but I've written a registration script.. which I would say looks okay.. only issue is that it won't insert data... it still prints a message saying registration successful but no data actually goes into the database... see code below:
<?php
include("dbconfig.php");
if(isset($_POST['register'])){
if(empty($_POST['first-name']) or empty($_POST['last-name']) or empty($_POST['email-address']) or empty($_POST['reg-username']) or empty($_POST['reg-pass'])){
header("location:index-login-page.php?msg0=Please complete the required fields.");
}
else {
$fname = $_POST['first-name'];
$lname = $_POST['last-name'];
$email = $_POST['email-address'];
$username = $_POST['reg-username'];
$pass = $_POST['reg-pass'];
$checkusername = mysql_query("SELECT username FROM users WHERE username = '$username'");
$checkemail = mysql_query("SELECT email FROM users WHERE email = '$email'");
$resultusername = mysql_num_rows($checkusername);
$resultemail = mysql_num_rows($checkemail);
if( (($resultusername) ==1) or ($resultemail)==1){
header("location:index-login-page.php?msg1= Username or email address already exists.");
}
elseif( (($resultusername) == 0) && ($resultemail) ==0) {
$insertquery =("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
header("location:index-login-page.php?msg1= Registration successful, please login.");
}
}
}
?>
Please do let me know what the error is (if there is one) because I can't seem to find it. Thanks.
Sohail.


$insertquery = ("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
Should be:
$insertquery = mysql_query("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
I have to warn you though: this is considered bad practice, you need to sanitize your database input

Related

adding user info and log in info in different page

so I want to make a sign up where at the first page, is the user info where the name, last name etc will be input by the user, then it will be recorded into the database and redirect to the account info page where the user input the username and password and be recorded in another database so I have to tables the student, where all the info is stored, and user, where account info is stored so the userID of the user will be the foreign key of in the student but I cant put the id number of the user to the table of the student where the first input is stored in the first page, so if I use the mysqli_insert_id it can insert the id of the last inserted user into the student table but into the next row not the row where the last input of information in the first page is located
code in the first page shs/functions/add.stud.php
<?php
session_start();
include 'database.php';
if (isset($_POST['add'])) {
echo "welcome";
}
$message = "Provide all information needed please";
$lname = $_POST['Lname'];
$fname = $_POST['Fname'];
$mname = $_POST['Mname'];
$email = $_POST['email'];
$grade = $_POST['grade'];
$strand = $_POST['strand'];
$section = $_POST['section'];
$status = $_POST['status'];
if (empty($lname) || empty($mname)) {
header("Location:../pages/user.add.php?empty=put something, will ya?");
exit();
}
else {
$sql = "INSERT INTO student (lname, fname, mname, gmail, grade, track, section, status)
VALUES ('$lname', '$fname', '$mname','$email', '$grade', '$strand', '$section', '$status')";
$result = mysqli_query($conn, $sql);
}
then in the account information (username, password)
<?php
if (isset($_POST['users'])){
include_once 'database.php';
$uid = $_POST['uid'];
$pass = $_POST['pass'];
//pag check or pag handle sa mga errors sa pag log in
if (empty($uid) || empty($pass))
{
header("location:../pages/user.add.php?signup=empty fields");
exit();
} else {
$sql = "SELECT * FROM 'user' WHERE username ='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 0) {
header("Location:.../user.add.php?the inputs are already taken");
exit();
}
else {
$hashedpass = password_hash($pass, PASSWORD_DEFAULT);
//insert the new user to the user database
$sql = "INSERT INTO user (userID, username, password)
VALUES (NULL, '$uid', '$hashedpass');";
$result = mysqli_query($conn, $sql);
//pag connect sa student database
//katung sa database sa image
$sql = "SELECT * FROM user WHERE username ='$uid'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0){
while ($row = mysqli_fetch_assoc($result)){
$userid = $row['userID'];
$sql = "INSERT INTO profileimg (userID, status)
VALUES ('$userid', 1)";
if($result=mysqli_query($conn, $sql))
{
$last_id = mysqli_insert_id($conn);
$sql = "INSERT INTO student (userID) VALUES ('$last_id')";
$result = mysqli_query($conn, $sql);
}
else {
header("Location:.../user.add.php");
exit();
}
//pag add sa id sa user paingun sa student
header("Location:../pages/user.add.php");
}
}
after putting the inputs in the first page it will redirect to another page where the user must input the account info..that's the desired function

The best way is to store the User Info in the student table then use the mysqli_insert_id function to grab the studentId. Then save the Account Info in the user table and grab the userId. Thereafter update the student table with userId where studentId is the same as the one you grabbed earlier.
$sql = "INSERT INTO student (lname, fname, mname, gmail, grade, track, section, status)
VALUES ('$lname', '$fname', '$mname','$email', '$grade', '$strand', '$section', '$status')";
$result = mysqli_query($conn, $sql);
$_SESSION['studentId'] = mysqli_insert_id($conn); //add this line to store the studentId into the session.
$sql = "INSERT INTO student (userID) VALUES ('$last_id')"; // change this line to the one below.
$sql = "UPDATE student SET userID = '$last_id' WHERE studentID = $_SESSION['studentId']";

PHP/MySQLi Not finding existing user

For some reason, the code seems to not be able to find any existing usernames. I can't find anything wrong with my code though. Any help will be appreciated.
$Name = $_POST["User"];
$Pass = $_POST["Pass"];
$get = "SELECT * FROM Logins";
$result = mysqli_query($conn, $get);
$found = false;
echo $Name;
$sql=mysqli_query("SELECT FROM Logins (ID, Username, Password) WHERE Username=$Name");
if(mysqli_num_rows($sql) > 0) {
echo "Username Taken";
} else {
$sql = "INSERT INTO Logins (ID, Username, Password) VALUES (0, '$Name', '$Pass')";
if (mysqli_query($conn, $sql)) {
echo "Account Created";
} else {
echo mysqli_error($conn);
}
}
When I post to the site, $Name is correct.

You have an incorrect syntax near your select statement. It's
SELECT FROM Logins (ID, Username, Password) WHERE Username=$Name")
You need:
SELECT ID, Username, Password
FROM Logins
WHERE Username='$Name'
Also note, you should be using prepared statement which will avoid need for quotes and will avoid your code vulnerable from SQL Injection.

Data not being inserted into database

My code seems to be functioning properly (i dont get any erros) but the INSERT INTO query doesnt seem to be working as the data is never being put into the database.
Here is the code:
EDIT: i edited the code slightly so it would make logical sense but it still doesn't add the data to the table. (I even removed the if statement completely and just left the query in and it didnt add it.)
<?php
//connect to user database
include("db_connect.php");
//set variables
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$date = date('Y/m/d H:i:s a');
//check if email exists
$db_query = "SELECT * FROM users WHERE email LIKE '$email'";
$db_result = mysql_query($db_query);
if(!$db_result)
{
$query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
mysql_query($query);
echo 'You have been successfully registered. Please Click Here to log in.';
}
else {
echo 'That email is already in use. Click Here to return to the sign up page.';
}
?>

You need to replace
if($email_taken)
with
if(mysql_num_rows($email_taken))

I would say it would be more like:
//check if email exists
$db_query = "SELECT * FROM users WHERE email='{$email}'";
$res = mysql_query($db_query);
$email_taken = mysql_num_rows($res);
if($email_taken == 1)
{
echo 'That email is already in use. Click Here to return to the sign up page.';
}
else {
$query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
mysql_query($query);
echo 'You have been successfully registered. Please Click Here to log in.';
}

Column count doesn't match value count at row 1

i do have an additional column called "id" but it is a primary key with auto increment, if i put that in the values it adds the id but the the firstname data is always 0 and the firstname data enters the lastname and the lastname data enters the username and the username data enters the email field and the email data enters the password field and the password data enters the confirmpassword field and finally the confirmpassword data and country data enters the country field. Below are my codes
?>
<?php
//connection to the database server
$hostname="localhost";
$user="root";
$password="";
$connection = mysql_connect($hostname, $user, $password) or die ("cannot connect to mysql database server");
//selection of database
mysql_select_db("jewelgallery", $connection) or die ("cannot reach jewelgallery database");
$firstname = $_POST['firstName'];
$lastname = $_POST['lastName'];
$username = $_POST['username'];
$email = $_POST['email'];
$password1 =$_POST['password'];
$password2 =$_POST['confirmPassword'];
$country =$_POST['country'];
$sql2="select * from customer_account where username = '$username'";
$results = mysql_query($sql2, $connection) or die(mysql_error());
$numOfRecords1 = mysql_num_rows($results);
$_SESSION["username"] = $username;
if ($numOfRecords1 != 0)
{
echo "<h3>This Username ". $_SESSION["username"]." Has been chosen by another user</h3> <a href=registercustomer.html> Please Try Again </a>";
header("Refresh:5;url=registercustomer.html");
exit;
}
$sql="insert into customer_account(firstname, lastname, username, email, password, confirmpassword, country)
Values('$firstname', '$lastname', '$username', '$email', '$password1', '$password2' '$country')";
mysql_query($sql, $connection) or die(mysql_error());
mysql_close($connection);
echo "Registration Successful. <a href=../index.html> Continue </a>";
header("Refresh:5;url=../index.html");
?>

You're missing a comma:
'$password2' '$country')";
^^^^^
HERE
Corrected:
$sql="insert into customer_account(firstname, lastname, username, email, password, confirmpassword, country)
Values('$firstname', '$lastname', '$username', '$email', '$password1', '$password2', '$country')";

Input in database failure

I'm having trouble with the following code:
$sql= "INSERT INTO Users(Username, Password, Lastname, Email) VALUES
('$hash', '$lastname', '$email', '$email')";
mysqli_query($MyConnection, $sql);
if(!mysqli_query($MyConnection, $sql)) {
echo 'We are sorry, there are some problems with saving your data. Please try again within a few minutes.';
}
else {
echo 'We have succesfully saved your data. An activation e-mail will now be send to the e-mail address that you
have provided us.';
}
I get no direct errors as due to mistyping or misusing a function. I do get however the message of the if-statement in a failure, the "We are sorry(..)" text.
There must be a problem with the execution of the mysqli_query($MyConnection, $sql) function. But I don't see where it is.
P.S. I can't post images, because my reputation is below 10. (Which is quite weird to limit it to that point)
As some of you have provided most / all of the code:
<?php
// Opens the connection of the MySQL Database
$MyConnection = mysqli_connect('fdb6.biz.nf', '1446018_amp', '-')
or die("Could not connect to the database, please try again");
mysqli_select_db($MyConnection,'Users');
mysqli_connect_errno();
// Website Url:
$website = 'http://www.askmephilosophy.co.nf/';
// Information provided by the user
$username = $_POST['username'];
$password = $_POST['password']; // Will get encrypted.
$lastname = $_POST['lastname'];
$email = $_POST['email'];
// A higher "cost" is more secure but consumes more processing power
$cost = 5;
// Create a random salt
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
// Prefix information about the hash so PHP knows how to verify it later.
// "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
$salt = sprintf("$2a$%02d$", $cost) . $salt;
// Hash the password with the salt
$hash = crypt($password, $salt);
$sql= "INSERT INTO Users(Username, Password, Lastname, Email) VALUES
('$hash', '$lastname', '$email', '$email')";
mysqli_query($MyConnection, $sql);
var_dump(mysqli_error($MyConnection));
if(mysqli_query($MyConnection, $sql)) {
echo 'We have succesfully saved your data. An activation e-mail will now be send to the e-mail address that you
have provided us.';
}
else {
echo 'We are sorry, there are some problems with saving your data. Please try again within a few minutes.';
mysqli_error($MyConnection);
}
mysqli_close($MyConnection);
?>

$sql= "INSERT INTO Users(Username, Password, Lastname, Email) VALUES
('$hash', '$lastname', '$email')";
This is your first issue; your table has four columns, and you're passing it three. This query is guaranteed to fail.
mysqli_query($MyConnection, $sql);
if(!mysqli_query($MyConnection, $sql)) {
You're calling the query function twice. You can do this with a single call:
if(!mysqli_query($MyConnection, $sql)) {
// add some error handling code here
// store the return value of mysqli_error() somewhere
echo 'We are sorry, there ar....';
Since you're using mysqli_, you should also be using prepared statements; I hope at least you're sanitising the database inputs before you try to add them to the database.

Why do you only have 3 values, it doesn't match the number of items you are trying to Insert (4) ...
$sql= "INSERT INTO Users(Username, Password, Lastname, Email) VALUES
('$username', '$hash', '$lastname', '$email')";
EDIT:
I would probably write it like this
$sql= "INSERT INTO Users(Username, Password, Lastname, Email) VALUES
({$username}, {$hash}, {$lastname}, {$email})";
EDIT:
Your password cannot be '-'
I would update your connection info like so:
$db = new mysqli('fdb6.biz.nf', 'user', 'pass', 'Users');
if($db->connect_errno > 0){
die('Unable to connect to database [' . $db->connect_error . ']');
}
EDIT AGAIN:
$myConnection = new mysqli('fdb6.biz.nf', 'user', 'pass', '1446018_amp');
$myConnection->mysqli_select_db($MyConnection,'Users');

try adding, I think you forgot this. Values always have to equal to columns
$sql= "INSERT INTO Users(Username, Password, Lastname, Email) VALUES
('$username', '$hash', '$lastname', '$email')";

First of all you are inserting twice that records, as there are two instances of mysqli_query($MyConnection, $sql);. You can just remove the first.
The problem here is that you are inserting 3 values in 4 fields.
Anyway you can get the specific error with
mysqli_error($MyConnection);
Add it at the end your echo forever or var_dump(mysqli_error($MyConnection)); in a new line.

Categories