Php form does not post all fields to MySql - php

I checked the answers under ( PHP Form not posting all fields 2 ) and I do have names in all form fields : .... However, It is only posting the id, the date, and the name... I am so confused.
Here is my Sign-up -html- :
<legend>Registration Form</legend><p></p>
<label> Name </label>
<input id="intext" type="text" name="name" /><p></p>
<label> Email </label>
<input id="intext" type="text" name="email" /><p></p>
<label> Zip_Code </label>
<input id="intext" type="text" name="zipcode" /><p></p>
<label> UserName </label>
<input id="intext" type="text" name="user" /><p></p>
<label> Password </label>
<input type="password" name="pass" /><p></p>
<label> Confirm Password </label>
<input type="password" name="cpass" /><p> </p>
<div class="center">Comments / Inquiry </div>
<div class="center">
<textarea id="textarea" name="comments" rows="10" cols="40"></textarea>
Here is my php function:
function NewUser() { $name = $_POST['name'];
$Name = $_POST['name'];
$Email = $_POST['email'];
$Zip_Code = $_POST['zipcode'];
$UserName = $_POST['user'];
$Password = $_POST['pass'];
$Comments = $_POST['comments'];
$query = "INSERT INTO WebsiteUsers (Name, Email, Zip_Code, UserName, Password, Comments)
VALUES ('$name','$email','$zipcode','$user','$pass','$comments')";
$data = mysql_query ($query)or die(mysql_error());
if($data) { echo "Thank you for Registering with us.";
}
}
function SignUp() { if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-Up.html, is it empty or have some text
{
$query = mysql_query("SELECT * FROM WebsiteUsers WHERE UserName = '$_POST[user]' AND Password = '$_POST[pass]'") or die(mysql_error());
if(!$row = mysql_fetch_array($query) or die(mysql_error())) { newuser();
}

In your query are usign variables in lowercase but in variable declarations are with uppercase.
Can you try this code?
$query = "INSERT INTO WebsiteUsers (Name, Email, Zip_Code, UserName, Password, Comments)
VALUES ('$Name','$Email','$Zipcode','$User','$Pass','$Comments')";

please try this.
I am assuming that you do not have issue implementing $conn, the connection to database, selecting db
sign-up.php
<form action="script.php" method="POST">
<legend>Registration Form</legend>
<label> Name </label>
<input id="intext" type="text" name="name" />
<label> Email </label>
<input id="intext" type="text" name="email" />
<label> Zip_Code </label>
<input id="intext" type="text" name="zipcode" />
<label> UserName </label>
<input id="intext" type="text" name="user" />
<label> Password </label>
<input type="password" name="pass" />
<label> Confirm Password </label>
<input type="password" name="cpass" />
<div class="center"><p>Comments / Inquiry </p>
<textarea id="textarea" name="comments" rows="10" cols="40"></textarea>
</div>
</form>
script.php
<?php
function newUser($conn)
{
$name = $_POST['name'];
$email = $_POST['email'];
$zipcode = $_POST['zipcode'];
$username = $_POST['user'];
$password = $_POST['pass'];
$password2 = $_POST['cpass'];
$comments = $_POST['comments'];
if($password== $password2)
{
$query = "INSERT INTO WebsiteUsers VALUES ('".$name."','".$email."','".$zipcode."','".$username."','".$password."','".$comments."')";
if(mysql_query($query,$conn))
echo 'signup successful';
else
echo 'error inserting new user';
}
else
echo 'Password missmatched';
}
function signUp($conn)
{
if(!empty($_POST['user']))
{
$username = $_POST['user'];
$password = $_POST['pass'];
$query = "SELECT * FROM WebsiteUsers WHERE UserName = '".$username."' AND Password = '".$password."';";
$result = mysql_query($query,$conn);
if(mysql_num_rows($result)<1)
newUser($conn);
}
else
echo 'form not submitted';
}
// now calling the signUp()
$conn= mysql_connect("","","") or die("Error connecting database"); // host, user, pass to connect db
mysql_select_db(""); // select database
signUp($conn);
?>
This is just cleanup of your code. Hope this will help to solve your problem. My implementation would be completely different than this one.
And one more thing, please use mysqli_* or PDO as mysql_* is depreciated

Related

How to get a logged in user account data including memberID so user can edit or delete their account?

I have a member page that lands after user signs in. From there I need to populate that page with all their data in a form format (same as the one they filled out initially) so they can edit and update/save.
<form>
<fieldset>
<legend>Edit My Account
</legend>
<div>
<label class="label" for="username">Username</label>
<input class="user" type="text" name="username" id="username" value="<?php if(isset($error)){ echo $_POST['username']; } ?>" tabindex="2" required />
</div>
<div>
<label class="label" for="email">Email</label>
<input class="email" type="email" name="email" id="email" value="<?php if(isset($error)){ echo $_POST['email']; } ?>" tabindex="3" required />
</div>
<div>
<label class="label" for="password">Password</label>
<input class="password" type="password" name="password" id="password" tabindex="4" required />
</div>
<div>
<label class="label" for="passwordConfirm">Confirm Password</label>
<input class="password" type="password" name="passwordConfirm" id="passwordConfirm" tabindex="5" required />
</div>
<div>
<input class="showbox" type="checkbox" name="terms" id="terms" tabindex="6" onFocus="this.tabIndex=1;"onBlur="this.tabIndex=6;"required />
<label for="terms">I agree to the Terms</label>
</div>
</fieldset>
<fieldset>
<div>
<input name="submit" type="submit" value="Update" />
</div>
</fieldset>
</form>
Secondly I want them to be able to delete their entire account with a "Delete My Account" button via a input type 'submit' that would appear on same member page.
<fieldset>
<form action="delete.php?" method="post">
<input type="hidden" name="id" value="<?php echo $members['memberID']; ?>">
<input type="submit" name="submit" value="Delete My Account">
</form>
</filedset>
I've been searching for days now... mostly this platform and have not found any sound solution(s).
I'm using MySQL db using PDO $stmt = $db->prepare('INSERT INTO... to create insert for new users and that all works fine.
I include a separate connection config file for db connection as well.
I created a delete.php file for the statement.
<?php require('config.php');
$id=$_SESSION['memberID'];
$stmt = $db->prepare('DELETE FROM members where memberID = $id');
?>
I'm not able to find a solution to populate the member page with logged in user data then edit and update it and/or capture the users logged in memberID to submit the delete account request using that memberID.
Some guidance would be appreciated, Thanks!
Here is my login.php code
<?php
//include config
require_once('config.php');
//check if already logged in move to home page
if( $user->is_logged_in() ){ header('Location: memberpage.php'); }
//process login form if submitted
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($user->login($username,$password)){
$_SESSION['username'] = $username;
header('Location: memberpage.php');
exit;
} else {
$error[] = '<h2 class="red ctr thanks">Wrong username or password or your account has not been activated.</h2>';
}
}//end if submit
?>
At first you must set id user.after login user in admin page
and next you can use of that
<?php
$userId= $_GET['id'];//get user id you can use session also
if (isset($_POST['submit'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$passwordConfirm = $_POST['passwordConfirm'];
$terms = $_POST['terms'];
if (($password===$passwordConfirm) and ($terms===1)){
$query = "UPDATE members SET username = :username ,email = :email,"
."password = :password WHERE id = :id";
$stmt = $db->prepare($query);
$stmt->bindParam(':username',$username, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->bindParam(':id',$userId, PDO::PARAM_INT);
}
}
$query = "SELECT * FROM `members` WHERE id = `$userId`"; //Get user info
$sth = $db->prepare($query);
$sth ->execute();
$result = $sth->fetchAll(PDO::FETCH_ASSOC);
if ($result) {
// output data of each row
foreach($result as $row){
$username = $row['username'];
$email = $row['email'];
$password = $row['password'];
}
}
?>
<form method="post" class="form-horizontal" action="<?php filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?>">
<fieldset>
<legend>Edit My Account
</legend>
<div>
<label class="label" for="username">Username</label>
<input class="user" type="text" name="username" id="username" value="<?php echo $username ?>" tabindex="2" required />
</div>
<div>
<label class="label" for="email">Email</label>
<input class="email" type="email" name="email" id="email" value="<?php echo $email?>" tabindex="3" required />
</div>
<div>
<label class="label" for="password">Password</label>
<input class="password" type="password" name="password" value="<?php echo $password ?>" id="password" tabindex="4" required />
</div>
<div>
<label class="label" for="passwordConfirm">Confirm Password</label>
<input class="password" type="password" name="passwordConfirm" id="passwordConfirm" tabindex="5" required />
</div>
<div>
<input class="showbox" type="checkbox" name="terms" id="terms" tabindex="6" onFocus="this.tabIndex=1;"onBlur="this.tabIndex=6;"required />
<label for="terms">I agree to the Terms</label>
</div>
</fieldset>
<fieldset>
<div>
<input name="submit" type="submit" value="Update" />
</div>
</fieldset>
</form>

(isset($_POST['submitted'])) doesn't seem to work

I can't figure out what I'm doing wrong here. I've been watching different videos on this problem, and been searching for answers for a long time.
When I hit the submit button on the web page, the fields get cleared and nothing else happens. There is probably a simple mistake, but I can't find out what I'm doing wrong
<a1>
<h1>Registrer ny bruker</h1>
<hr>
<form method="post" action="" >
<input type="text" name="surName" placeholder="Etternavn" required>
<br><br>
<input type="text" name="givenName" placeholder="Fornavn" required>
<br><br>
<select name="gender">
<option value="male">male</option>
<option value="female">female</option>
</select>
<br><br>
<input type="number" name="age" placeholder="Alder" required>
<br><br>
<input type="text" name="mail" placeholder="e-post" required>
<br><br>
<input type="text" name="userName" placeholder="Brukernavn" required>
<br><br>
<input type="text" name="password" placeholder="Passord" required>
<br><br>
<input type="submit" name="submitted" value="Registrer">
</form>
</a1>
<?php
if(isset($_POST['submitted'])){
$mysqli = new mysqli('my database username and password');
$email = $mysqli->real_escape_string($_POST['mail']);
$surName = $mysqli->real_escape_string($_POST['surName']);
$givenName = $mysqli->real_escape_string($_POST['givenName']);
$username = $mysqli->real_escape_string($_POST['userName']);
$password = md5($_POST['password']);
$gender = $mysqli->real_escape_string($_POST['gender']);
$age = $mysqli->real_escape_string($_POST['age']);
$sql = "INSERT INTO blog_user (first_name, last_name, age, gender, user_password, user_name, mail)
VALUES ('$givenName','$surName','$age','$gender','$password','$username','$email')
";
$insert = $mysqli->query($sql);
if ($insert) {
echo "Succes!";
} else {
die("Error: {$mysqli->errno} : {$mysqli->error}");
}
$mysqli->close();
}
?>
Edit : I made a small typo when I first added this, so the first answers did not fix my problem. I did not give them a down vote, and I'm sorry I made a typo.
<?php
if(isset($_POST['submitted'])){
$mysqli = new mysqli('my database username and password');
$email = $mysqli->real_escape_string($_POST['mail']);
$surName = $mysqli->real_escape_string($_POST['surName']);
$givenName = $mysqli->real_escape_string($_POST['givenName']);
$username = $mysqli->real_escape_string($_POST['userName']);
$password = md5($_POST['password']);
$gender = $mysqli->real_escape_string($_POST['gender']);
$age = $mysqli->real_escape_string($_POST['age']);
$sql = "INSERT INTO blog_user (first_name, last_name, age, gender, user_password, user_name, mail)
VALUES ('$givenName','$surName','$age','$gender','$password','$username','$email')
";
$insert = $mysqli->query($sql);
if ($insert) {
echo "Succes!";
} else {
die("Error: {$mysqli->errno} : {$mysqli->error}");
}
$mysqli->close();
}
?>
you have missed if statement.
Your code is "clearing the fields" because your form is always presented first with default values. The default values are not given with the input fields, so it's therefore "cleared" everytime you execute your php-file.
<form method="post" action="" >
<input type="text" name="surName" placeholder="Etternavn" required>
<br><br>
<input type="text" name="givenName" placeholder="Fornavn" required>
<br><br>
<select name="gender">
<option value="male">male</option>
<option value="female">female</option>
</select>
<br><br>
<input type="number" name="age" placeholder="Alder" required>
<br><br>
<input type="text" name="mail" placeholder="e-post" required>
<br><br>
<input type="text" name="userName" placeholder="Brukernavn" required>
<br><br>
<input type="text" name="password" placeholder="Passord" required>
<br><br>
<input type="submit" name="submitted" value="Registrer">
</form>
For this reason you should use the form-request-part before you show the form
if(isset($_POST['submitted'])){
$mysqli = new mysqli('my database username and password');
$email = $mysqli->real_escape_string($_POST['mail']);
$surName = $mysqli->real_escape_string($_POST['surName']);
$givenName = $mysqli->real_escape_string($_POST['givenName']);
$username = $mysqli->real_escape_string($_POST['userName']);
$password = md5($_POST['password']);
$gender = $mysqli->real_escape_string($_POST['gender']);
$age = $mysqli->real_escape_string($_POST['age']);
$sql = "INSERT INTO blog_user (first_name, last_name, age, gender, user_password, user_name, mail)
VALUES ('$givenName','$surName','$age','$gender','$password','$username','$email')
";
$insert = $mysqli->query($sql);
if ($insert) {
echo "Succes!";
} else {
die("Error: {$mysqli->errno} : {$mysqli->error}");
}
$mysqli->close();
}
and show default values something like this...
<form method="post" action="" >
<input type="text" name="surName" placeholder="Etternavn"
required value="<?php echo $surName;?>">
<br><br>
<input type="text" name="givenName" placeholder="Fornavn"
required value="<?php echo $givenName;?>">
etc...
NOTE Database-query should be using prepared statements to avoid sql
injections.
Try this instead...
<?php
if(isset($_POST['submitted'])){

PHP Registration Form not saving

I have a HTML Sign Up form that allows new users to be registered to the site.:
<form action="register.php" method="POST" class="register-form">
<h1>Create Account</h1>
<label>
<span>First Name :</span>
<input id="firstname" type="text" name="firstname" placeholder="Your First Name" autocomplete="off" required/>
</label>
<label>
<span>Surname :</span>
<input id="surname" type="text" name="surname" placeholder="Your Surname" autocomplete="off" required/>
</label>
<label>
<span>Username :</span>
<input id="username" type="text" name="username" placeholder="Your Chosen Username" autocomplete="off" required/>
</label>
<label>
<span>Email :</span>
<input id="email" type="email" name="email" placeholder="Your Email Address" autocomplete="off" required/>
</label>
<label>
<span>Password :</span>
<input id="password" type="password" name="password" placeholder="Your Chosen Password" autocomplete="off" required/>
</label>
<hr>
<input name="action" type="hidden" value="signup" />
<input type="submit" class="btn register btn-success btn-lg" name="submit" value="Register">
</form>
Which goes to register.php:
<?php
$connection = mysql_connect('localhost', 'root', 'password');
if (!$connection) {
die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('gmaps1');
if (!$select_db) {
die("Database Selection Failed" . mysql_error());
}
// If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['password'])) {
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO `users` (firstname, surname, username, password, email) VALUES ('$firstname', '$surname', '$username', '$password', '$email')";
$result = mysql_query($query);
if ($result) {
header("Location: thank_you.html");
} else {
echo 'User Not Created';
}
}
?>
But when I click the Register button it doesn't save the data and returns "User Not Created". Would it be better using MySQLi rather than MySQL or is there a better way for this to work??
Error checking solved my problem - "field 'active' doesn't have a default value"
There was an inactive field in the table 'Users'. I got rid of that and it works fine. It must have been added in by mistake.
You don't get a "Database Connection Failed" so you sucessfully connected with the database
Its better to use MySQLi or PDO (my choice)
At least use mysql_real_escape and maybe a trim() but thats just a starting point when it comes to security
check wether all your database fields are named exactly the way you are adressing them inside your Insert-Statement
Do a echo $query, open phpMyAdmin (for example) and copy-paste the output inside the SQL field and send -> you may get a MySQL error you can analyse
It's better to store passwords hashed. Try inserting MD5($password) (there are way better options!) and on login do compare:
if(MD5($inputPassword) == $passwordhashFromDatabase){}

Updating Query Matter

I've defined a user settings page in my website, and there are several forms that appears on that page, I'v written a query for these fields to be updated upon clicking on "submit" button, but some how I end up having this error below;
User Could Not Be Updated Because:You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near
'SHA1(5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8)', ' WHERE id =' at
line 1
this is profile settings page codes for the form:
<?php
$uid = $_SESSION['user_id'];
$query = mysqli_query($dbc, "SELECT * FROM users WHERE id = $uid ")or die(mysql_error());
$arr = mysqli_fetch_assoc($query);
?>
<form action="?page=profileset&id=<?php echo $arr['id']; ?>" method="post" role="form">
<label for="first">First Name</label>
<input class="form-control" type="text" name="first" id="first" value="<?php echo $arr['first']; ?>" placeholder="First Name" autocomplete="off">
</div>
<div class="from-group">
<label for="last">Last Name</label>
<input class="form-control" type="text" name="last" id="last" value="<?php echo $arr['last']; ?>" placeholder="Last Name" autocomplete="off">
</div>
<br>
<div class="from-group">
<label for="email">Email Address</label>
<input class="form-control" type="text" name="email" id="email" value="<?php echo $arr['email']; ?>" placeholder="Email Address" autocomplete="off">
</div>
<div class="from-group">
<label for="password">Password</label>
<input class="form-control" type="password" name="password" id="password" value="<?php echo $arr['password']; ?>" placeholder="Password" autocomplete="off">
</div>
<button id="profile-btn-change" type="submit" class="btn">Submit Changes</button>
<input type="hidden" name="submitted" value="1">
</form>
and this is the query which updates this form;
if(isset($_POST['submitted']) == 1){
$first = mysqli_real_escape_string($dbc, $_POST['first']);
$last = mysqli_real_escape_string($dbc, $_POST['last']);
$password = SHA1($_POST['password']);
$action = 'Updated';
$q = "UPDATE users SET first = '".$first."', last = '".$last."', email = '".$_POST['email']."', password = '".$password."' WHERE id = '".$_POST['id']."'";
$r = mysqli_query($dbc, $q);
if($r){
$message = '<p class="alert alert-success">User Was '.$action.'!</p>';
} else {
$message = '<p class="alert alert-danger">User Could Not Be '.$action.' Because:'.mysqli_error($dbc);
}
}
any consideration is appreciated
You are repeating the password = part in the UPDATE query.
do
$password = sha1($_POST[password]);
instead of
$password = " password = 'SHA1($_POST[password])', ";
update
make sure you try the update query like
$q = "UPDATE users SET first = '".$first."', last = '".$last."', email = '".$_POST['email']."', password = '".$password."' WHERE id = '".$_POST['id']."'";
and try to sanitize the variables while you use them.

Registration Not Applying to SQL

I Tried to test the Registration Form to See if it would work, but every time it never actually applies to the SQL Database, Is there anything that seems to be wrong in this code, i don't seem to detect any errors, i also added the registration form in html i was using below the PHP Code
<?
session_start();
include "mysqli_config.php";
$b = $_POST['username'];
$password = md5($_POST['password']);
$a = $_POST['email'];
$username = mysqli_real_escape_string($mysqli, $b);
$email = mysqli_real_escape_string($mysqli, $a);
$c = $_POST['method'];
$method = mysqli_real_escape_string($mysqli, $c);
if ($username == NULL or $email == NULL or $password == NULL) {
echo "Please Fill Out All Forms";
} else {
if (strlen($username) <= 8 || strlen($username) >= 16) {
echo " - Your username must be between 8 and 16 chars";
} else {
if ($method == NULL) {
echo "Please Select a Payment Method";
} else {
$check = "SELECT * FROM `users` WHERE `username` = '$username'";
$checksystem = $mysqli->query($check);
if (mysqli_num_rows($checksystem) != 0) {
echo "Username Already In Use!";
} else {
$create_member = "INSERT INTO `users` (`id`,`username`, `password`, `email`,`status`,`payment`)
VALUES('','$username','$password','$email','$status','$method')";
$create = $mysqli->query($create_member);
echo "Thank You For Registering, Please <a href=loginform.php>Login Here</a>";
}
}
}
}
?>
<form action="authenticate.php" id="contact" method="post" name="contact">
<div class="cleaner h10"></div><label for="author">Username</label>
<input class="required input_field" id="author" name="username" type=
"text"> <label for="email">Password</label> <input class=
"required input_field" id="email" name="password" type="password">
<label for="email">Email</label> <input class="required input_field"
id="email" name="email" type="text"> <label for="email">Payment
Email</label> <input class="required input_field" id="email" name=
"payment" type="text"> <label for="email">Use Amazon For
Payments</label> <input class="required input_field" id="email" name=
"method" type="checkbox"> <label for="email">Use Paypal For
Payments</label> <input class="required input_field" id="email" name=
"method" type="checkbox">
<div class="cleaner h10"></div><input class="submit_btn float_l" id=
"submit" name="submit" type="submit" value="Register">
</form>
If you trying to register a new user, first make sure the id is AUTO_INCREMENT and also
change the query
$create_member = "INSERT INTO `users` (`id`,`username`, `password`, `email`,`status`,`payment`)
VALUES('','$username','$password','$email','$status','$method')";
to
$create_member = "INSERT INTO `users` (`username`, `password`, `email`,`status`,`payment`)
VALUES('$username','$password','$email','$status','$method')";

Categories