I'm trying to add the current user id from a Wordpress site to a table I have set up. All other values from inputs are going in fine, but I'm getting a php error when I try this code:
$link = mysqli_connect("localhost", "XXXXXX", "XXXXXX", "XXXXXX");
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$latLng = mysqli_real_escape_string($link, $_POST['latLng']);
$title = mysqli_real_escape_string($link, $_POST['title']);
$type = mysqli_real_escape_string($link, $_POST['type']);
$current_user = wp_get_current_user();
$WP_id = $current_user->ID;
$sql = "INSERT INTO `user_locations` ( `id` , `WP_id` , `latLng` , `type` , `title` ) VALUES ('', '$WP_id', '$latLng', '$type', '$title')";
if(mysqli_query($link, $sql)){
header("Location: leaflet-test-page");
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
The error is:
Fatal error: Call to undefined function wp_get_current_user() in /home/XXXXX/public_html/XXXXXX/insert.php on line 17
Any help identifying the reason I am getting this error would be appreciated.
Adding this worked. include_once '../../../wp-blog-header.php'; I know its nasty, but does the trick for what I need it for.
Related
Notice: Undefined index: nama in C:\xampp\htdocs\sekolah\admin\insert.php on line 13
Notice: Undefined index: nis in C:\xampp\htdocs\sekolah\admin\insert.php on line 14
<?php
/* Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
$link = mysqli_connect("localhost", "root", "root", "school");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
// Escape user inputs for security
$sekolah = mysqli_real_escape_string($link, $_POST['sekolah']);
$nama = mysqli_real_escape_string($link, $_POST['nama']);
$kelas = mysqli_real_escape_string($link, $_POST['nis']);
// attempt insert query execution
$sql = "INSERT INTO sekolah (sekolah, nama, nis) VALUES ('$sekolah', '$nama', '$nis')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
#$sekolah = mysqli_real_escape_string($link, $_POST['sekolah']);
#$nama = mysqli_real_escape_string($link, $_POST['nama']);
#$kelas = mysqli_real_escape_string($link, $_POST['nis']);
$sql = "INSERT INTO sekolah (sekolah, nama, nis) VALUES ('$sekolah', '$nama', '$nis')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
Include # before variables because in localhost you can get undefined index error.
undefined index means that ,in the $_POST array there isn't an index (key) for the keys nama and nis. It would be safer checking to see if the value is set before attempting to access it:
Use isset($_POST['nama'])to check for the existence of that variable:
I am working on a php form that submits data to one table and then images to a second table in my mysql database.
The bit i am stuck on is submitting to the second table for what ever reason it just doesnt seam to be working.
Can someone please point me in the right direction to where i am going wrong with this code?
Any help at all would be greatly appreciated
<?php
/*
Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password)
*/
$link = mysqli_connect("localhost", "***", "***", "***");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
// Escape user inputs for security
$id = mysqli_real_escape_string($link, $_POST['id']);
$title = mysqli_real_escape_string($link, $_POST['title']);
$price = mysqli_real_escape_string($link, $_POST['price']);
$sqm = mysqli_real_escape_string($link, $_POST['sqm']);
$sqm_land = mysqli_real_escape_string($link, $_POST['sqm_land']);
$type = mysqli_real_escape_string($link, $_POST['type']);
$area = mysqli_real_escape_string($link, $_POST['area']);
$location = mysqli_real_escape_string($link, $_POST['location']);
$bedroom = mysqli_real_escape_string($link, $_POST['bedroom']);
$terrace = mysqli_real_escape_string($link, $_POST['terrace']);
$orientation = mysqli_real_escape_string($link, $_POST['orientation']);
$water = mysqli_real_escape_string($link, $_POST['water']);
$seaview = mysqli_real_escape_string($link, $_POST['seaview']);
$pool = mysqli_real_escape_string($link, $_POST['pool']);
$ownerinfo = mysqli_real_escape_string($link, $_POST['ownerinfo']);
$gaddress = mysqli_real_escape_string($link, $_POST['gaddress']);
$description = mysqli_real_escape_string($link, $_POST['description']);
$image = mysqli_real_escape_string($link, $_POST['image']);
$lastid = mysqli_real_escape_string($link, $_POST['lastid']);
$seq = mysqli_real_escape_string($link, $_POST['seq']);
// attempt insert query execution
$sql = "INSERT INTO property (title, price, sqm, sqm_land, type, area, location, bedroom, terrace, orientation, water, seaview, pool, ownerinfo, gaddress, description) VALUES
('$title', '$price', '$sqm', '$sqm_land', '$type', '$area', '$location', '$bedroom', '$terrace', '$orientation', '$water', '$seaview', '$pool', '$ownerinfo', '$gaddress', '$description' )";
function insertimages($image,$lastid,$seq){
$query="insert into images(imagepath,property_id,imageorder) values('".$image."','".$lastid."','".$seq."')";
$this->execQuery($query);
}
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
Here you have declared the insertimages function but not calling. You can call like this:
if(mysqli_query($link, $sql)){
insertimages($image,$lastid,$seq);
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
I'm getting an insert error when I'm trying to insert data from a form to my database. the error is as follows :
Error: INSERT INTO users (firstname) VALUES ('a')
This is the code:
if ( isset($_POST['submit']) ) {
$registerfirstname = $_POST['firstname'];
$query = "INSERT INTO users (firstname) VALUES ('$registerfirstname')";
if(mysqli_query($conn, $query)){
echo "New user created";
}else{
echo "Error: " .$query. "<br>" . mysqli_error($conn);
}
}
You are making a little mistake here. You have to pass the variable data through the mysqli_real_escape_string() through first. An example would be ,
$registerfirstname = mysqli_real_escape_string($registerfirstname);
And after that you can use it in sql like that. This way it is more sanitized. I hope this will solve your problem.
Firstly, you should use Mysql Workbenck to prepare sql statements. If, The statements properly work on workbench.Paste into the php script.
On php side, you should use mysql_real_escape_string() function before set your variable.
Like;
$registerfirstname = mysql_real_escape_string($_POST['firstname']);
Try this:
// Create connection
$connection = new mysqli('localhost', 'username', 'password', 'dbname');
// Check connection
if ($connection->connect_error) {
die("Connection failed: " . $connection->connect_error);
}
$firstname = "John";
$firstname = mysqli_real_escape_string($firstname);
$sql = "INSERT INTO users (firstname) VALUES ('$firstname')";
if ($connection->query($sql) === TRUE) {
echo "New user created";
} else {
echo "Error: " . $sql . "<br>" . $connection->error;
}
// Close connection
$connection->close();
It should work, but if it doesn't just give us what errors are shown.
I am trying to get the count of number of rows from Vulnerability table based on the vulnerability and threat entered. But always i get a value None in place of vulnerability count.
$link = mysqli_connect("localhost", "root", "sharmi#08", "MySQL56");
// Check connection
if ($link === false) {
die("ERROR: Could not connect. " . mysqli_connect_error());
}
// Escape user inputs for security
$Vulnerability = mysqli_real_escape_string($link, $_POST['Vulnerability']);
$Threat = mysqli_real_escape_string($link, $_POST['Threat']);
/*$P_Vulnerability = mysqli_real_escape_string($link, $_POST['P_Vulnerability']);*/
/*$P_Threat = mysqli_real_escape_string($link, $_POST['P_Threat']);*/
$Threat_count = mysqli_real_escape_string($link, $_POST['Threat_count']);
$table = mysqli_real_escape_string($link, $_POST['Vul']);
// attempt insert query execution
$sql = "INSERT INTO vuln_threat(Vulnerability, Threat) VALUES ('$Vulnerability', '$Threat') ";
$Vulnerability_count = mysqli("Select count(*) from vuln_threat");
$sql = "UPDATE vuln_threat SET Vulnerability_Count='$Vulnerability_count',Threat_Count='1' WHERE Vulnerability='".$Vulnerability."' AND Threat='".$Threat."'";
//$select_result = mysqli_query($query);
if ( mysqli_query($link, $sql, $query)) {
echo "New Records added successfully." ;
} else {
echo "Please add records." ;
}
// close connection
mysqli_close($link);
mysqli_query accepts only predefined constants as the 3rd parameter when used in a procedural fashion.
http://php.net/manual/en/mysqli.query.php
I am trying to use a simple hash for users emails and passwords.
But when I run the following php script that is called on an ajax request i fet a 505 error.
<?php
$user = json_decode(file_get_contents('php://input'));
$email = $user->email;
$pass = $user->pass;
$cpass = $user->cpass;
$ssid = $user->ssid;
$type = $user->type;
$date = $user->regtime;
$con = mysqli_connect("localhost", "", "", "");
// Check connection
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$validateEmail = "SELECT `Email` FROM `newUsers` WHERE `Email` = '$email' ";
$newVar = password_hash($pass, PASSWORD_DEFAULT);
if ($result = mysqli_query($con,$validateEmail)) {
if ($result->num_rows == 0){
$sql = "INSERT INTO `newUsers`(`email`, `type`, `date`, `ssid`, `hashpass`) VALUES ('$email', '$type', '$date', '$ssid', '$newVar')";
mysqli_query($con,$sql);
}
}
mysqli_close($con);
?>
If i remove the hash attempt and leave the pass word as it is received the password gets inserted so I believe it is the hashing function that is causing the 505. Can anyone see what is going wrong with my hash attempt?