Insert into mysql database through php - php

I try to insert some information about user but it gives error no database selected (im using phpmyadmin and xampp btw)
code:
<?php
$username = $_POST['username'];
$name = $_POST['name'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
if($password == $cpassword)
{
mysql_escape_string($username);
mysql_escape_string($name);
mysql_escape_string($password);
mysql_escape_string($cpassword);
$md5pass = md5($password);
mysql_select_db("users");
mysql_query("INSERT INTO users (id, username, name, password) VALUES (DEFAULT, '$username', '$name', '$md5pass'") or die(mysql_error());
}
else
{
die("Passwords don't match");
}
?>

You haven't established connection with your mysql database.
Use following code to make connection with server.
$link = mysql_connect('your servers address', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
else
{
//rest of your code
}

Related

PHP is not passing proper data to MYSQL

I am unable to pass proper data to MySQL I have no idea what is wrong done by me please help me out my code is as follow:
$con = mysqli_connect('localhost', 'root', '', 'database');
if($con) {
echo "we are connected";
} else {
die("connection failed");
}
if(isset($_POST['submit'])) {
// echo "Yeah it works";
$user = $_POST['username'];
$pass = $_POST['password'];
$query = "INSERT INTO users(username, password) VALUES ('$user', '$pass')";
$result = mysqli_query($con, $query);
if(!$result) {
die("Query failed");
}
}
When I run this code I'm getting 0 for username and 0 for password. whatever I type for username and password I get 0 in database.
Try this code, which also removes SQL injections.
$con = mysqli_connect('localhost', 'root', '', 'database');
if(! $con )
die('Unable to connect');
foreach(array('submit', 'username', 'password') as $arg)
if(! isset($_POST[$arg]) )
die('Missing argument(s)');
unset($arg);
http_response_code(200);
$username = $con->real_escape_string($_POST['username']);
$password = $con->real_escape_string($_POST['password']);
$query = "INSERT INTO users (username, password) VALUES ('{$username}', '{$password}')";
if(! mysqli_query($con, $query))
http_response_code(400);
If this code doesn't work, make sure that username and password from your table are varchar's not int's. (Because your script inserts a 0 value)

php user registration can't connect to database

I am having problems getting my PHP to connect to my database. This is my first time ever working with PHP and I am not sure what is wrong, I have searched all over the internet without finding a solution. Hopefully you guys can help!
Here's the error:
Fatal error: Class 'mysqli_connect' not found in D:\wamp64\www\einsteindesigns\reg.php on line 4
and the code:
<?php
session_start();
$host = "localhost";
$user = "root";
$pwd = "";
$db = "userdb";
$mysqli = mysqli_connect($host, $user, $pwd, $db);
if(! $mysqli )
{
die('Could not connect: ' . mysqli_error());
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST['password'] == $_POST['confirmpassword']) {
$first = $_POST['first'];
$last = $_POST['last'];
$email = $_POST['email'];
$password = md5($_POST['password']);
$confirmpassword = md5($_POST['confirmpassword']);
$_SESSION['email'] = $email;
$sql = "INSERT INTO $db (first, last, email, password) "
. "VALUES ('$first', '$last', '$email', '$password')";
$_SESSION['message'] = "Registration Successful";
}
else {
$_SESSION['message'] = "Error: User account could not be
created. Please try again.";
}
mysqli_close($mysqli);
}
else {
$_SESSION['message'] = "Passwords do not match";
}
?>

Every time i refresh page it inserts same user into database

Here is PHP code
<?php
if(isset($_POST['Murad'])){
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$bd = mysqli_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$sql = "INSERT INTO websiteusers
(fullname,lastname,userName,email,pass)
VALUES ( '$firstname', '$lastname','$userName', '$email','$password')";
mysqli_select_db($bd,'websiteusers');
$retval = mysqli_query($bd,$sql );
if(! $retval )
{
die('Could not enter data: ');
return false;
}
else {echo "Entered data successfully\n";
}
$usernamecheck=mysqli_query($bd,"SELECT `userName` FROM `websiteusers`
WHERE userName='$userName'");
if(mysqli_num_rows($usernamecheck)>=1){
echo $userName." is already taken";
return false;
}header("Location: Main.php");}
?>
User registers then when he is in his profile page as soon as he refreshes it inserts same username again.And also username and email are unique in my dt it cant insert it and gives an error
What you can do is after the form has submitted successfully,
you can reset the form
or
redirect the user to the same page
if(! $retval )
{
die('Could not enter data: ');
return false;
}
else {
echo "Entered data successfully\n";
header("Location:samepagename.php");
}
TO reset the form
this.form.reset();
call this after form has successfully submitted
Try this:
<?php
if(isset($_POST['Murad'])) {
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$link = new PDO('mysql:dbhost='.$mysql_hostname.';dbname='.$mysql_database,$mysql_user, $mysql_password);
$unamecheck = ("SELECT userName FROM websiteusers WHERE userName = :uname");
$unamecheck = $link->prepare($unamecheck);
$unamecheck->execute(array(':uname'=>$userName));
if($unamecheck->rowCount() > 0) {
echo "Username taken";
die();
} else {
$add = ("INSERT INTO websiteusers (fullname, lastname, userName, email, pass) VALUES (:fname, :lname, :uname, :pass)");
$add = $link->prepare($add);
$add->execute(array(':fname'=>$firstname, ':lname'=>$lastname, ':uname'=>$userName, ':pass'=>$password));
if($add->rowCount() > 0) {
echo "Registration successful";
header("Location: Main.php");
} else {
echo "Registration failed";
}
}
}
?>
What you are doing right now is you insert a user in the DB and after that you perform a check if the user exists. You'll have to move some code around.
$bd = mysqli_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$usernamecheck=mysqli_query($bd,"SELECT `userName` FROM `websiteusers`
WHERE userName='$userName'");
if(mysqli_num_rows($usernamecheck)>=1){
echo $userName." is already taken";
} else {
$sql = "INSERT INTO websiteusers
(fullname,lastname,userName,email,pass)
VALUES ( '$firstname', '$lastname','$userName', '$email','$password')";
mysqli_select_db($bd,'websiteusers');
$retval = mysqli_query($bd,$sql );
if(! $retval )
{
die('Could not enter data: ');
}
else {
echo "Entered data successfully\n";
}
}
}
This way you first check if the user already exists. If does - you kill the script and the code after is not executed. Otherwise you insert a user in the DB

Can't get variables from other php file

I have this code in index.php
<?php
include "ch.php";
?>
ch.php
<?php
if (isset($_POST['Murad'])) {
header("Location: Main.php");
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = mysql_real_escape_string($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$sql = "
INSERT INTO websiteusers
(fullname,lastname,userName,email,pass)
VALUES ( '$firstname', '$lastname','$userName', '$email','$password')
";
mysql_select_db('websiteusers');
$retval = mysql_query( $sql );
if (! $retval ) {
die('Could not enter data: ' . mysql_error());
return false;
} else {
echo "Entered data successfully\n";
}
$usernamecheck=mysql_query("
SELECT `userName` FROM `websiteusers`
WHERE userName='$userName'
");
if (mysql_num_rows($usernamecheck)>=1) {
echo $userName." is already taken";
return false;
}
}
?>
And
Main.PHP
<?php
include 'ch.php';
?>
And
<?php
echo $firstname=$_POST['firstname'];
?>
But it is not working. It worked before I put action in form instead of header but it didn't insert user in database now it inserts but it is not showing variables. Is there anyway to fix this?
1) Do not use mysql_ functions, it's deprecated and will be removed at PHP 7 stable release, choose between mysqli_ or PDO.
2) Don't open and close your php interpreter multiple times with no apparent reason. If your code is pure PHP, a standard is to never close it.
3) There should be nothing else for PHP or HTML to be processed/displayed after using header("Location: ...") function. It's the last thing you do at the script when you use it.

Trouble connecting data to MySQL

I can't seem to find out why my PHP code won't allow me to store the info in MySQL when I click the submit button. Can someone tell me whats wrong with the code below?
I want to get it to the point where users submit their registration form and their info can get moved over to a MySQL database. Then, I want the users to be taken to my index.html file.
Any help is appreciated.
Thanks
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$mysql_database = "21st";
$conn = mysqli_connect($dbhost, $dbuser, $dbpass) or die("Could not connect database");
mysqli_select_db($conn, $mysql_database) or die("Could not select database");
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
if ($password == $password2) {
$sql = "INSERT INTO members (username, email, password) VALUES ('$userrname','$email','$password')";
} else {
echo "Your passwords must match";
}
?>
Try this using mysqli_query to actually run the query. When you set $sql all that did was set a variable named $sql to the query. Also note you set the variable $userrname in the query when it should be $username as set from the $_POST directly above. My adjusted version of your code below:
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$mysql_database = "21st";
$conn = mysqli_connect($dbhost, $dbuser, $dbpass) or die("Could not connect database");
mysqli_select_db($conn, $mysql_database) or die("Could not select database");
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
if ($password === $password2) {
// Set the query.
$sql = "INSERT INTO members (username, email, password)"
. " VALUES (?, ?, ?)"
;
// Bind the values to the query.
mysqli_stmt_bind_param($sql, 'sss', $username, $email, $password);
// Run the query.
mysqli_query($conn, $sql);
// Free the result set.
mysqli_free_result($sql);
// Close the connection.
mysqli_close($conn);
}
else {
echo "Your passwords must match";
}

Categories