I believe my PHP to be functioning perfectly, therefore I think it's a query error. When I proceed, with form details stored in the session... it happily returns my Posted information but doesn't seem to be pulling anything from my database - there is a row in my database containing the email address I am using. Does anybody see anything blatantly wrong with this PHP?
Thanks for your help.
<?php
session_start();
$servername = "localhost";
$username = "privatedbroot";
$password = "not4ulol";
$dbname = "pdb_inventory";
$status = $_GET["action"];
$_SESSION["Cemail"] = $_POST["CEMAIL"];
$_SESSION["Access"] = md5($_POST["ACCESS"]);
$conn = new mysqli($servername, $username, $password, $dbname);
$sql = "SELECT CEMAIL, ACCESS FROM POPU WHERE `CEMAIL`= ".$_SESSION['Cemail'];
echo $sql;
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
if ($_SESSION["Access"] == $row["ACCESS"]){
echo "password correct!";
} else {
echo "password wrong!";
}
}
}else{
echo "ur email is wrong m8.";
}
?>
Try this:
$cemail = $_SESSION['Cemail'];
$sql = "SELECT CEMAIL, ACCESS FROM POPU WHERE `CEMAIL`= '$cemail'";
Related
This question already has answers here:
Single result from database using mysqli
(6 answers)
Closed 5 months ago.
I am trying to retrieve some value from a column in the database.
The idea is to retrieve the IP of the person, then check their country, after that check the database if the country is blacklisted or not. There seems to be something wrong in the code, may you please give an advise?
This is the code:
<?php
//Get IP and country name
$ip=$_SERVER['REMOTE_ADDR'];
$details = json_decode(file_get_contents("https://get.geojs.io/v1/ip/country/$ip.json"));
$country=$details->name;
$servername = "localhost";
$username = "My_Username";
$password = "My_password";
$dbname = "Database_name";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT country_name FROM uni_country";
$result = $conn->query($sql);
if (strpos($result, $country) == true) {
echo $country ." " . "is banned";
} else {
echo "Your country is not banned";
}
$conn->close();
?>
When I run it, it shows "Your country is not banned" - when it should actually say that my country is banned (I added a country to the database to test this).
The issue seems to be with reading the data from the database.
If I do echo $country; --> It actually shows my country, so it is retrieving it correctly (from geojs.io). But the code is not pulling the data from the database and verifying it.
Update:
If I do echo $result; the page returns Error 500.
Update
tried this new code, now it's saying that the country is not in the database, although it is actually there.
<?php
$ip=$_SERVER['REMOTE_ADDR'];
$details = json_decode(file_get_contents("https://get.geojs.io/v1/ip/country/$ip.json"));
$country=$details->name;
$conn = mysqli_connect("localhost", "database", "password", "username");
$query = mysqli_query("SELECT * FROM `uni_country` WHERE country_name = '$country'");
if(mysqli_num_rows($query)>0) {
echo "Country Is in the database";
}
else {
echo "Country is not in the database";
}
?>
After trying for hours, this is the correct code:
<?php
$ip=$_SERVER['REMOTE_ADDR'];
$details = json_decode(file_get_contents("https://get.geojs.io/v1/ip/country/$ip.json"));
$country=$details->name;
// Create connection
$servername = "localhost";
$username = "MyUsername";
$password = "MyPassword";
$database = "MyDatabase";
$conn = new mysqli($servername, $username, $password, $database);
$sql = "SELECT * FROM uni_country WHERE country_name ='$country'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "You country is currently banned.";
}
} else {
echo "Your country is not banned!";
}
?>
I was trying to make a page where you can log in and then change your nickname or/and password. Everything in mySQL database, but when I try to save the id to session variable, it doesn't work. Any suggestions?
I am using XAMPP, users is my table in database users, I'm not posting login form code, because it's very simple.
Everything is connected, code doesn't give any warnings or errors.
login.php (fragment):
$sql = "SELECT * FROM users WHERE nickname = '$myusername' and pass = '$mypassword' and confirmed = 1";
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$logged = true;
while($row = mysqli_fetch_assoc($result)) {
echo "id: " . $row["id"];
$_SESSION['currentId'] = $row["id"];
echo 'Id: ' . $_SESSION['currentId'];
}
}else {
$error = "Your Login Name or Password is invalid";
}
}
change.php (whole):
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "Users";
$currentId = $_SESSION['currentId'];
if($currentId<1){echo 'No Id.';}
else {echo 'CurrentId: ';
echo $currentId;}
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully <br>";
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$aCUname = mysqli_real_escape_string($conn,$_POST['CUname']);
$aCUpass = mysqli_real_escape_string($conn,$_POST['CUpass']);
$sql = "UPDATE users SET nickname = '$aCUname', pass = '$aCUpass' WHERE id = '$currentId';";
$result = mysqli_query($conn,$sql);
echo 'Updated successfully.';
}
?>
Thanks for help.
I got a solution. I just had to delete
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
from login.php. Thanks to #Shashikumar Misal !
I'm currently trying to insert username, pw to a DB, and check if the username already exists.
The problem is that the SQL (select) syntax doesn't work, nor does the (insert). I've checked around for a couple of hours in forums and Stackoverflow, and my current code is the following.
What might be the problem?
Thanks, Jimmie.
<?php
$servername = "localhost";
$username = "name";
$password = "pw";
$dbname = "dbaname";
$mysqli = new mysqli($servername, $username, $password, $dbname);
if ((isset ($_POST["identity"])) && (isset ($_POST["pin"])) && (isset ($_POST["token"])))
{
$identity = htmlspecialchars($_POST['identity'], ENT_QUOTES, "ISO-8859-1");
$pin = htmlspecialchars($_POST['pin'], ENT_QUOTES, "ISO-8859-1");
$token = htmlspecialchars($_POST['token'], ENT_QUOTES, "ISO-8859-1");
echo "$identity";
if($token == "xyz13D;A##:!#")
{
$result = $mysqli->query("SELECT `identity` FROM Users WHERE `identity` = '" . $identity . "'");
if($result->num_rows == 0)
{
echo "successCreat";
// Perform queries
mysqli_query($mysqli,"SELECT * FROM Users");
mysqli_query($mysqli,"INSERT INTO Users (identity,pin,userActivity, identityCreated) VALUES ('$identity', '$pin',1,now())");
}
else
{
echo "failureCreate";
}
}
else
{
echo"Wrong Key";
}
}
$mysqli->close();
?>
Assuming that identity is a primary key, then you can check the error flags after executing an INSERT query to see if an error occurred.
mysqli_query( $mysqli, "INSERT INTO ... " ); //< ... Represents query
if (mysqli_error( $mysqli )) {
echo "Failure";
}
else {
echo "Success";
}
Also, you should properly escape input as stated in the comments. In addition, you should check whether or not the connection attempt was successful using mysqli_connect_error.
Finally, there might be an issue in your SQL suntax which mysqli_error will also catch. A last possibility is that the POST data isn't being set properly and the code is being ignored completely.
I am trying to echo the data once in one field. However it is looping and i'm not sure what to change to make it echo once. Does anyone know how? Here is the code:
<?php
$email = $_POST['email'];
$servername = "localhost";
$username = "root";
$password = "";
$dbName = "users";
//Make Connection
$conn = new mysqli($servername, $username, $password, $dbName);
//Check Connection
if(!$conn){
die("Connection Failed. ". mysqli_connect_error());
}
$sql = "SELECT `profilepicurl` FROM users WHERE `email`='".$email."'";
$result = mysqli_query($conn ,$sql);
if(mysqli_num_rows($result) > 0){
//show data for each row
while($row = mysqli_fetch_assoc($result)){
echo $row['profilepicurl'];
}
}
?>
Thanks!
This is quite simple!
Change while($row = mysqli_fetch_assoc($result)){ to $row = mysqli_fetch_assoc($result){
Remove the while() loop and the braces:
if ( mysqli_num_rows($result) > 0 ) {
//show data for each row
$row = mysqli_fetch_assoc($result);
echo $row['profilepicurl'];
}
The correct way to stop a loop is using break:
if(mysqli_num_rows($result) > 0){
//show data for each row
while($row = mysqli_fetch_assoc($result)){
echo $row['profilepicurl'];
break;
}
}
Although, if you just need 1 value, you can remove the while loop and use only:
$row = mysqli_fetch_assoc($result);
echo $row['profilepicurl'];
Notes:
Your script is unsafe due to the possibility of sql injection, make sure you read how can i prevent sql injection in php.
i have been trying to get this script done for a while now - im kind of new to php and mysql but i have been trying to get this to check the db for the username and then if the username exists - stop checking the db and if it doesn't exists add it to the db.
here is my code:
//input from application
$test = "wheelsmanx";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT mainusername FROM CCCpro_test";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
if ($row["mainusername"] === $test) {
echo "User Name Already In Use.";
}if($row["mainusername"] !== $test){
echo "this statement";
[code that inserts into db i can do this part myself]
}
}
$conn->close();
} else {
echo "0 results";
}
$conn->close();
The problem with your code is that you do the INSERT of the new name inside an if statement that has confirmed the existence of that user already. In addition I think you messed up your SELECT statement by selecting all the users.
Look into INSERT ON DUPLICATE for a better way to do it, or revise your code as below.
$sql = "SELECT mainusername FROM CCCpro_test WHERE mainusername = $test";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "User Name Already In Use.";
}
else{ //no rows selected therefore the user doesn't exist
[code that inserts into db i can do this part myself]
}
$conn->close();
PLEASE READ I have somewhere to go so I am being lazy so I did not bind the $test variable therefore DO NOT copy and paste this code without updating it to bind the $test variable. Please read this post about PDO and variable binding to prevent SQL injection.
here is my full working code if anyone needs it - it uses the post method - from an html form .... in case some one needs to hack it to pieces for something else
well guys i appreciate all of your help :D but i have found an answer or a way around it i suppose- i thought of it all night and day on how i could make it work and i came up with this
$servername = "127.0.0.1";
$username = "TESTUSER";
$password = "TESTPASS";
$dbname = "TESTDB";
$testusername = $_POST['mainusername'];
$testpassword = $_POST['mainpassword'];
//input from application
$test = $_POST['mainusername'];
$test2 = "0";
//Count switch
$countswitch = "0";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql1 = "INSERT INTO CCCpro_test ( mainusername, mainpassword ) VALUES ('$testusername','$testpassword' )";
$sql = "SELECT mainusername FROM CCCpro_test";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
if ($row["mainusername"] === $test) {
echo "Im Sorry Username Already In Use";
$countswitch ++;
}
}
if($countswitch == $test2){
echo "User Name Registered";
$db_handle = mysql_connect($servername, $username, $password);
$db_found = mysql_select_db($dbname, $db_handle);
if ($db_found) {
$result1 = mysql_query($sql1);
mysql_close($db_handle);
}
}
if ($countswitch == 3){
echo "this";
}
} else {
echo "0 results";
}
$conn->close();