Every time i refresh page it inserts same user into database - php

Here is PHP code
<?php
if(isset($_POST['Murad'])){
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$bd = mysqli_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$sql = "INSERT INTO websiteusers
(fullname,lastname,userName,email,pass)
VALUES ( '$firstname', '$lastname','$userName', '$email','$password')";
mysqli_select_db($bd,'websiteusers');
$retval = mysqli_query($bd,$sql );
if(! $retval )
{
die('Could not enter data: ');
return false;
}
else {echo "Entered data successfully\n";
}
$usernamecheck=mysqli_query($bd,"SELECT `userName` FROM `websiteusers`
WHERE userName='$userName'");
if(mysqli_num_rows($usernamecheck)>=1){
echo $userName." is already taken";
return false;
}header("Location: Main.php");}
?>
User registers then when he is in his profile page as soon as he refreshes it inserts same username again.And also username and email are unique in my dt it cant insert it and gives an error

What you can do is after the form has submitted successfully,
you can reset the form
or
redirect the user to the same page
if(! $retval )
{
die('Could not enter data: ');
return false;
}
else {
echo "Entered data successfully\n";
header("Location:samepagename.php");
}
TO reset the form
this.form.reset();
call this after form has successfully submitted

Try this:
<?php
if(isset($_POST['Murad'])) {
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$link = new PDO('mysql:dbhost='.$mysql_hostname.';dbname='.$mysql_database,$mysql_user, $mysql_password);
$unamecheck = ("SELECT userName FROM websiteusers WHERE userName = :uname");
$unamecheck = $link->prepare($unamecheck);
$unamecheck->execute(array(':uname'=>$userName));
if($unamecheck->rowCount() > 0) {
echo "Username taken";
die();
} else {
$add = ("INSERT INTO websiteusers (fullname, lastname, userName, email, pass) VALUES (:fname, :lname, :uname, :pass)");
$add = $link->prepare($add);
$add->execute(array(':fname'=>$firstname, ':lname'=>$lastname, ':uname'=>$userName, ':pass'=>$password));
if($add->rowCount() > 0) {
echo "Registration successful";
header("Location: Main.php");
} else {
echo "Registration failed";
}
}
}
?>

What you are doing right now is you insert a user in the DB and after that you perform a check if the user exists. You'll have to move some code around.
$bd = mysqli_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$usernamecheck=mysqli_query($bd,"SELECT `userName` FROM `websiteusers`
WHERE userName='$userName'");
if(mysqli_num_rows($usernamecheck)>=1){
echo $userName." is already taken";
} else {
$sql = "INSERT INTO websiteusers
(fullname,lastname,userName,email,pass)
VALUES ( '$firstname', '$lastname','$userName', '$email','$password')";
mysqli_select_db($bd,'websiteusers');
$retval = mysqli_query($bd,$sql );
if(! $retval )
{
die('Could not enter data: ');
}
else {
echo "Entered data successfully\n";
}
}
}
This way you first check if the user already exists. If does - you kill the script and the code after is not executed. Otherwise you insert a user in the DB

Related

php user registration can't connect to database

I am having problems getting my PHP to connect to my database. This is my first time ever working with PHP and I am not sure what is wrong, I have searched all over the internet without finding a solution. Hopefully you guys can help!
Here's the error:
Fatal error: Class 'mysqli_connect' not found in D:\wamp64\www\einsteindesigns\reg.php on line 4
and the code:
<?php
session_start();
$host = "localhost";
$user = "root";
$pwd = "";
$db = "userdb";
$mysqli = mysqli_connect($host, $user, $pwd, $db);
if(! $mysqli )
{
die('Could not connect: ' . mysqli_error());
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST['password'] == $_POST['confirmpassword']) {
$first = $_POST['first'];
$last = $_POST['last'];
$email = $_POST['email'];
$password = md5($_POST['password']);
$confirmpassword = md5($_POST['confirmpassword']);
$_SESSION['email'] = $email;
$sql = "INSERT INTO $db (first, last, email, password) "
. "VALUES ('$first', '$last', '$email', '$password')";
$_SESSION['message'] = "Registration Successful";
}
else {
$_SESSION['message'] = "Error: User account could not be
created. Please try again.";
}
mysqli_close($mysqli);
}
else {
$_SESSION['message'] = "Passwords do not match";
}
?>

Can't get variables from other php file

I have this code in index.php
<?php
include "ch.php";
?>
ch.php
<?php
if (isset($_POST['Murad'])) {
header("Location: Main.php");
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = mysql_real_escape_string($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$sql = "
INSERT INTO websiteusers
(fullname,lastname,userName,email,pass)
VALUES ( '$firstname', '$lastname','$userName', '$email','$password')
";
mysql_select_db('websiteusers');
$retval = mysql_query( $sql );
if (! $retval ) {
die('Could not enter data: ' . mysql_error());
return false;
} else {
echo "Entered data successfully\n";
}
$usernamecheck=mysql_query("
SELECT `userName` FROM `websiteusers`
WHERE userName='$userName'
");
if (mysql_num_rows($usernamecheck)>=1) {
echo $userName." is already taken";
return false;
}
}
?>
And
Main.PHP
<?php
include 'ch.php';
?>
And
<?php
echo $firstname=$_POST['firstname'];
?>
But it is not working. It worked before I put action in form instead of header but it didn't insert user in database now it inserts but it is not showing variables. Is there anyway to fix this?
1) Do not use mysql_ functions, it's deprecated and will be removed at PHP 7 stable release, choose between mysqli_ or PDO.
2) Don't open and close your php interpreter multiple times with no apparent reason. If your code is pure PHP, a standard is to never close it.
3) There should be nothing else for PHP or HTML to be processed/displayed after using header("Location: ...") function. It's the last thing you do at the script when you use it.

Contactus table schema

I have two HTML form in first form i am adding Id and product and second form is contact us form. I have created one table with column name is ID,Product,name,email,mobile.In first form i am adding id and product and rest of values are NULL,than form will redirect to contact us form there i am updating name,email,mobile..I am getting pop is updated successfully but when i checked in database there was no update....please help me
//insert code
<?php
try{
$product=$_POST['product'];
/*
$product2=$_POST['product2'];
$product3=$_POST['product3'];
*/
// form data
//database Connection details
$servername = "localhost";
$username = "root";
$password = "";
$database="store";
$error = "";
$conn=mysql_connect($servername, $username, $password) or die('Connection failed: ' . mysql_error());
#mysql_select_db($database, $conn) or die("Could not select your database".mysql_error());
$insertQuery = "Insert into contactus(Id,Product) values('null','$product')";
$result = mysql_query($insertQuery);
mysql_close($conn);
header('Location: /newstore/contact.html');
}
catch(Exception $e) {
echo ("<script>alert('Something went terribly wrong. Please try again later.');location.href = ''../index.html';</script>");
return false;
}
?>
//Update code
<?php
// Start the session
session_start();
?>
<?php
$_SESSION['user_name1']=$_POST['product'];
try{
// form data
$name=$_POST['name'];
$email=$_POST['email'];
$mobile=$_POST['mobile'];
$product=$_SESSION['user_name1'];
//database Connection details
$servername = "localhost";
$username = "root";
$password = "";
$database="store";
$error = "";
$conn=mysql_connect($servername, $username, $password) or die('Connection failed: ' . mysql_error());
#mysql_select_db($database, $conn) or die("Could not select your database".mysql_error());
;if ((strlen($name) < 3) or (strlen($email) < 3) or(strlen($mobile) < 3))
{
echo ("<script>alert('Something went wrong with your data inserted. Please fill the form again.');location.href = '../newstore/index.html';</script>");
}else
{
//$insertQuery = "Insert into contactus(Id,Name,Email,Mobile,Product) values('null','$name','$email','$mobile','$product')";
//$UpdateQuery = "update contactus set Name='$name',Email='$email',Mobile='$mobile' where Product='$product' ";
$UpdateQuery = "update contactus set Name='".$name."',Email='".$email."',Mobile='".$mobile."' where Product='$product' ";
$result = mysql_query($UpdateQuery);
if($result){
echo "<script>alert('Thank You. Your Data Received Succefully.');location.href = '../newstore/index.html';</script>";
}
else
{
echo "<script>alert('Something went wrong with your data inserted. Please fill the form again.');location.href = '../newstore/index.html';</script>";
}
}
mysql_close($conn);
}
catch(Exception $e) {
echo ("<script>alert('Something went terribly wrong. Please try again later.');location.href = ''../newstore/index.html';</script>");
return false;
}
?>

Insert into mysql database through php

I try to insert some information about user but it gives error no database selected (im using phpmyadmin and xampp btw)
code:
<?php
$username = $_POST['username'];
$name = $_POST['name'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
if($password == $cpassword)
{
mysql_escape_string($username);
mysql_escape_string($name);
mysql_escape_string($password);
mysql_escape_string($cpassword);
$md5pass = md5($password);
mysql_select_db("users");
mysql_query("INSERT INTO users (id, username, name, password) VALUES (DEFAULT, '$username', '$name', '$md5pass'") or die(mysql_error());
}
else
{
die("Passwords don't match");
}
?>
You haven't established connection with your mysql database.
Use following code to make connection with server.
$link = mysql_connect('your servers address', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
else
{
//rest of your code
}

Insert to table always failure

Its a simple registration with username and password, but when I try to insert it to the database it always fails and I don't know why, can someone help me with this?
include "db.php";
if (isset($_POST['submit']))
{
$username= $_POST['leguser'] ;
$password= $_POST['legpass'] ;
$pwhash = password_hash($password, PASSWORD_DEFAULT) ;
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
echo var_dump ($username);
echo var_dump ($password);
echo var_dump ($pwhash);
$sql = "SELECT * FROM tbl_users WHERE fld_username = '$username'";
$result = $conn->query($sql);
if ($result->num_rows === 1) {
echo "<script>alert('Username already used!');</script>"; }
else
{
$q = "INSERT INTO `tbl_users` (`fld_username`) VALUES ('$username')";
$result = mysql_query($q);
if ($result) {
echo 'success';
} else {
echo 'failure';
}
}
This is the code of the database connection (db.php)
<?php
$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASS = '';
$DB_NAME = 'rsi_db';
$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
die('Connection failed [' . $conn->connect_error . ']');
}
By the way I only want to input only one data on the database which is the username, for me not to get complicated with every data that I want to put in the future.

Categories