We Keep Coding

HTML form returns PHP script instead of success message

There is an html form which I want to store data from in a database. After filling the form, it returns the php script instead of success message. And no data is getting stored in the database. Can you please help?
<?php
if (isset(['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$email = $_POST['email'];
}
if (!empty($username) || !empty($password) || !empty($gender) || !empty($email) {
$host = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbname = "cakeshop";
$conn = new mysqli($host, $dbUsername, $dbPassword, $dbname);
if (mysqli_connect_error()) {
die('Connect Error('. mysqli_connect_error().)')'. mysqli_connect_error());
}else {
$SELECT = "SELECT email From register Where email = ? Limit 1"
$INSERT = "INSERT INTO register (username, password, gender, email) values(?, ?, ?, ?)";
$stmt = $conn->prepare($SELECT);
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->bind_result($email);
$stmt->store_result();
$rnum = $stmt->num_rows;
if ($rnum==0){
$stmt->close();
$stmt = $conn->prepare($INSERT);
$stmt->bind_param("ssss", $username, $password, $gender, $email);
$stmt->execute();
echo "New record inserted successfully"
}else {
echo "Someone already registered";
}
$stmt->close();
$conn->close();
}
}
?>

Number of bind variables doesn't match number of fields in prepared statement when changing a password [duplicate]

This question already has an answer here:
INSERT - Number of bind variables doesn't match number of fields in prepared statement
(1 answer)
Closed 1 year ago.
I'm trying to make a change password but the error:
Warning: mysqli_stmt_bind_result(): Number of bind variables doesn't
match number of fields in prepared statement in
/storage/ssd3/222/2815222/public_html/changepassword.php on line 12
<?php
$con = mysqli_connect("localhost", "id2815222_bigbrother", "orwell", "id2815222_orwell");
$studentno = $_POST["studentno"];
$password = $_POST["password"];
$statement = mysqli_prepare($con, "UPDATE tbl_users SET password = ? WHERE studentno = ?");
mysqli_stmt_bind_param($statement, "ss", $username, $password);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $id, $studentno, $firstname, $middlename, $lastname, $birthday, $section ,$course, $college, $password, $phonenumber, $email);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
$response["success"] = true;
}
echo json_encode($response);
?>
Any idea on how I can fix this?

Update query only return true or false it will not return updated data. So change you code like below:
<?php
$con = mysqli_connect("localhost", "id2815222_bigbrother", "orwell", "id2815222_orwell");
$studentno = $_POST["studentno"];
$password = $_POST["password"];
$statement = mysqli_prepare($con, "UPDATE tbl_users SET password = ? WHERE studentno = ?");
mysqli_stmt_bind_param($statement, "ss", $username, $password);
$res = mysqli_stmt_execute($statement); // store result in $res
$response = array();
$response["success"] = false;
if($res){ //check whether it is true or false
$response["success"] = true;
}
echo json_encode($response);
?>

Checking and deducting points using php/mysql

This is probably a very simple problem for you geniuses. I am trying to use a php code to check my database, to see if a user has enough points. Then if they have enough points, then deduct the points from there account.
This is what I'm currently using that is not working:
<?php
$con = mysqli_connect("localhost", "id177667_root", "***", "id177667_loginb");
$response = array();
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $_POST["username"]);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $userID, $name, $username, $password, $points);
$pointsint = (int)$points;
if ($pointsint > 12500){
$statement = mysqli_prepare($con, "UPDATE user SET points = points - ? WHERE username = ?");
mysqli_stmt_bind_param($statement, "is", 12500, $_POST["username"]);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $userID, $name, $username, $password, $points);
while(mysqli_stmt_fetch($statement)){
$response["success"] = true;
$response["name"] = $name;
$response["username"] = $username;
}
}else{
$response["success"] = false;
}
echo json_encode($response);
?>

You could probably do that in SQL without the first SELECT command like:
UPDATE `user` SET `points` = (
CASE
WHEN `points` > 12500 THEN `points` = `points` - ?
ELSE `points`=`points`
END
) WHERE username = ?

Cannot get Login to work on Android

I recently worked with a PHP script that is supposed to hash the password on registration from the android app. The password will hash and be added to the database, but it won't let me login now. There are no error codes coming up either. Here is the code from Android:
public LoginRequest( String username, String password, Response.Listener<String> listener) {
super(Request.Method.POST, REGISTER_REQUEST_URL, listener, null);
params = new HashMap<>();
params.put("password", password);
params.put("username", username);
Here is the PHP script I am supposed to use:
<?php
require("./Password.php");
$con = mysqli_connect("host", "user", "password", "database");
$typeusername = $_POST["username"];
$typepassword = $_POST["password"];
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $userID, $name, $phone, $username, $password, $email);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
if (password_verify($typepassword, $password)) {
$response["success"] = true;
$response["name"] = $name;
$response["phone"] = $phone;
$response["username"] = $username;
$response["password"] = $password;
$response["email"] = $email;
}
}
echo json_encode($response);
?>
Update: This is based off of a template for a login PHP file with a few modifications for my needs. This is closer to what the original template looked like:
<?php
require("./Password.php");
$con = mysqli_connect("host", "user", "password", "database");
$username = $_POST["username"];
$password = $_POST["password"];
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $colUserID, $colName, $colPhone, $colUsername, $colPassword, $colEmail);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
if (password_verify($password, $colPassword)) {
$response["success"] = true;
$response["name"] = $colName;
$response["phone"] = $colPhone;
$response["username"] = $colUsername;
$response["password"] = $colPassword;
$response["email"] = $colEmail;
}
}
echo json_encode($response);
?>
This is supposed to work with a previous database that I had setup for a tutorial series that this template is based on, but it does not work either. With a regular login PHP code, I can login just fine, but I want to be able to use the hashed passwords in my database.

Unable to store data via mysqli_connect

Hey guys currently I'm trying to create a login activity for android application and I have no idea why the user data is not stored upon registration. Is there something wrong with the php files as shown below?
Register.php stores registration for users
<?php
$con = mysqli_connect("mysql13.000webhost.com", "a1641537_fetch", "password", "a1641537_fetchdb");
$name = $_POST["name"];
$username = $_POST["username"];
$password = $_POST["password"];
$statement = mysqli_prepare($con, "INSERT INTO Fetch (name, username, password) VALUES (?, ?, ?) ");
mysqli_stmt_bind_param($statement, "sss", $name, $username, $password);
mysqli_stmt_execute($statement);
mysqli_stmt_close($statement);
mysqli_close($con);
?>
FetchUserData.php fetches username and password of a user.
<?php
$con = mysqli_connect("mysql13.000webhost.com", "a1641537_fetch", "password", "a1641537_fetchdb");
$username = $_POST["username"];
$password = $_POST["password"];
$statement = mysqli_prepare($con, "SELECT * FROM Fetch WHERE username = ? AND password = ?");
mysqli_stmt_bind_param($statement, "ss", $username, $password);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $name, $username, $password);
$user = array();
while(mysqli_stmt_fetch($statement)) {
$user[name] = $name;
$user[username] = $username;
$user[password] = $password;
}
echo json_encode($user);
mysqli_stmt_close($statement);
mysqli_close($con);
?>

fetch is a reserved word in mysql so you need to quote it in backticks.
For example:
$statement = mysqli_prepare($con, "INSERT INTO `Fetch` (name, username, password) VALUES (?, ?, ?) ");
To catch these kinds of mistakes, it is useful to add error handling. I prefer to do that by having msyqli throw an exception when anything goes wrong.
To activate that, just add mysqli_report(MYSQLI_REPORT_STRICT); to the top of your script and make sure that errors are displayed.
If you don't add any try - catch blocks yourself, php will show you a detailed unhandled exception error when a problem occurs so you can take it from there. Obviously in live code this is not the preferred way to handle that.