I have this code that allows a user to reset their account from a url link
<?php
$servername = "localhost";
$username = " ";
$password = " ";
$dbname = " ";
$code = $_GET['code'];
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT com_code FROM user WHERE com_code = ".$_GET['code'];
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<form action='reset.php?code=" . $row["com_code"]. "' method='post'>Enter New Password: <input type='text' name='new_password' placeholder='New Password'><br><input type='submit' value='Submit'></form>";
}
} else {
echo "0 results";
}
$conn->close();
?>
<?php
$servername = "localhost";
$username = " ";
$password = " ";
$dbname = " ";
$pword = $_POST['new_password'];
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if (isset($_POST['Submit'])) {
$sql1 = "UPDATE user SET password='$pword', com_code=NULL WHERE com_code = '$code'";
}
if ($conn->query($sql1) === TRUE) {
echo "Password has been change successfully!";
} else {
echo "Error updating record: " . $conn->error;
}
?>
I keep getting the error:
Warning: mysqli::query(): Empty query in
/home/u590953899/public_html/notify/reset.php on line 47 Error
updating record:
When you press the submit button, it is suppose to UPDATE the database where the com_code = the $GET url
BUT
What happens is that it only reloads the page, how do I fix this?
The link to it is: http://notify.bithumor.co/reset.php?code=123456789
You should change your code to be inside isset like this :
if (isset($_POST['Submit'])) {
$sql1 = "UPDATE user SET password='$pword', com_code=NULL WHERE com_code = '$code'";
if ($conn->query($sql1) === TRUE) {
echo "Password has been change successfully!";
} else {
echo "Error updating record: " . $conn->error;
}
}
Make following changes in your code:
if (isset($_POST['Submit'])) {
$sql1 = "UPDATE user SET password='$pword', com_code IS NULL WHERE com_code = '$code'";
if ($conn->query($sql1) === TRUE) {
echo "Password has been change successfully!";
} else {
echo "Error updating record: " . $conn->error;
}
}
We use IS NULL to check NULL in mysql
if (isset($_POST['Submit'])) {
$sql1 = "UPDATE user SET password='$pword', com_code IS NULL WHERE com_code = $code";
}
Read NULL Values in MYSQL
$_POST['Submit'] will never be set, when your submit button doesn't have name="submit". Just having type="submit", or value="submit", or id="submit" will not do it. You need the name attribute for that.
First check that your input type has name="Submit", if not add it.
After that echo your query first,
if (isset($_POST['Submit'])) {
echo "UPDATE user SET password='$pword', com_code=NULL WHERE com_code = '$code'";
$sql1 = "UPDATE user SET password='$pword', com_code=NULL WHERE com_code = '$code'";
if ($conn->query($sql1) === TRUE) {
echo "Password has been change successfully!";
} else {
echo "Error updating record: " . $conn->error;
}
}
And also all the code i.e. query executing and messages should be in the same if statement ( if(isset($_POST['Submit'])) ).
I hope this works for you.
Related
I have created a login.php that works and keeps the user logged in with session.
Now, User has an option to use his "money" to buy something, so he clicks on "buy" and it opens "transfer.php" which is this below.
<?php
session_start();
$servername = "";
$username = "";
$password = "";
$dbname = "";
// Create connection header("Location:transfer2.php");
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE user SET money=money-2 WHERE id=2";
if ($conn->query($sql) === TRUE) {
exit();
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
Now, this part:$sql = "UPDATE user SET money=money-2 WHERE id=2"; I want this script to automaticly find the id from the user that is logged in currently.
Im trying to figure this out, and I am just lost.
Thanks in advance.
In the login script, set a session variable to the user's ID. Then you can use this session variable in other scripts.
$sql = "UPDATE user SET money=money-2 WHERE id = ?";
if ($stmt = $conn->prepare($sql)) {
$stmt->bind_param("i", $_SESSION['user_id']);
if ($stmt->execute()) {
exit();
} else {
die("Error updating record: " . $stmt->error);
}
} else {
die("Error updating record: " . $conn->error);
}
I am trying to take the value of the topay column where torecieve equals to current session user id and use it to perform operation on the user table.
But it throws a syntax error
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "bazze2";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$merge = "SELECT topay FROM merge WHERE torecieve=$_SESSION[id]";
$sql = "UPDATE user SET topay2='10000000' WHERE 'id'=$merge";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
Use a prepared query, and use a join.
$sql = "UPDATE user AS u
JOIN merge AS m ON u.id = m.topay
SET u.topay2 = '10000000'
WHERE m.toreceive = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('i', $_SESSION['id']);
if ($stmt->execute()) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $stmt->error;
}
I'm trying to create an upvote system where, after checking to see if you're logged in and after getting your userid, it checks if the table has your userid with the postid already in it and if it does then it means it was already upvoted. I just want to know what's wrong in my code, this is being used for learning, I don't need any complex thing.
Code:
if (isset($_GET['upvote'])) {
if ($_SESSION["loggedin"] == true) {
$upvoteid = $_GET["upvote"];
$servername = "";
$username = "";
$password = "";
$dbname = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id FROM users WHERE username=".$_SESSION["loggedinusername"];
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$userid = $row["id"];
}
$sql2 = "SELECT userid, postid FROM upvotedposts WHERE userid='".$userid."' AND postid='".$upvoteid."'";
$result2 = $conn->query($sql);
if (!$result2->numrows > 0) {
$sql = "UPDATE posts SET upvotes = upvotes + 1 WHERE id = ".$upvoteid;
if ($conn->query($sql) === TRUE) {
echo "Sucessfully upvoted";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}
} else {
echo "Failed;
}
$conn->close();
}
}
When I do click the upvote button, it simply does nothing. The issue here is that as far as I know it looks like it would work but I may be forgetting something that I am unaware of or incorrectly using something.
You are missing a closing "
echo "Failed;
should be:
echo "Failed";
I'm quite new to PHP and an absolute beginner when it comes to SQL. I'm just learning the basics and I can't get my head around why my code is generating a duplicate entry every time the form is submitted, e.g.
Name: Joe Blogs Email: info#email.co.uk
Name: Joe Blogs Email: info#email.co.uk
The database has a table called user and two columns, name and email.
My index file looks like this, it has a simple form for name and email, and inserts the data on submit:
<form method="post" action="insert.php">
<input name="name" type="text">
<input name="email" type="email">
<input type="submit" value="Submit Form">
</form>
<?php
$servername = "localhost";
$username = "DB_USER";
$password = "PASSWORD";
$dbname = "DB_NAME";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sqlout = "SELECT name, email FROM user";
$result = $conn->query($sqlout);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<b>Name:</b> " . $row["name"]. " <b>Email:</b> " . $row["email"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
<form method="post" action="wipe.php">
<input type="submit" value="Wipe ALL Data">
</form>
This insert.php file is called when the form is submitted:
<?php
$servername = "localhost";
$username = "DB_USER";
$password = "PASSWORD";
$dbname = "DB_NAME";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO user ( name, email ) VALUES ( '{$conn->real_escape_string($_POST['name'])}', '{$conn->real_escape_string($_POST['email'])}' )";
$insert = $conn->query($sql);
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
Back
I've probably made some basic mistakes but I'm not sure why it is adding duplicates. Is it something to do with connecting twice to the database in each file? Is there a better way to connect only once? Or is it caused by the form submission itself?
Because you call query twice:
$insert = $conn->query($sql);
if ($conn->query($sql) === TRUE) {
You should rewrite is as
$insert = $conn->query($sql);
if ($insert === TRUE) {
Also, you should really be using prepared statements.
Your code Call $conn->query twice
$insert = $conn->query($sql);// first time
if ($conn->query($sql) === TRUE) {// second time
if ($insert === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
You need change:
$sql = "INSERT INTO user ( name, email ) VALUES ( '{$conn->real_escape_string($_POST['name'])}', '{$conn->real_escape_string($_POST['email'])}' )";
$insert = $conn->query($sql);
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
to
$sql = "INSERT INTO user ( name, email ) VALUES ( '{$conn->real_escape_string($_POST['name'])}', '{$conn->real_escape_string($_POST['email'])}' )";
$status = $conn->query($sql);
if ($status === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
i have some problem on creating a delete query on my code.
the flow will be, moving data from one table to another, im placing delete codes but its not working
my code
<?php
require_once('php/dbase.php');
$query="INSERT INTO tbl_user (username, password, access_type) VALUES ('".$_POST['user']."','".$_POST['pass']."','staff')";
if($mysqli->query($query)){
$id=$mysqli->insert_id;
$query2="INSERT INTO tbl_accounts (id,fname,mname,lname,gender,designation,s_question,s_answer) VALUES (".$id.",'".$_POST['fname']."','".$_POST['mname']."','".$_POST['lname']."','".$_POST['gender']."','".$_POST['designation']."','".$_POST['s_question']."','".$_POST['s_answer']."')";
if($mysqli->query($query2)){
$error=0;
?>
<script type="text/javascript">
alert("The account has been successfuly verified");
location.href = "account_man.php";
</script>
<?php
}else{
$error=1;
$message="Error";
$data=array('error' =>$error , 'message'=>$message);
echo json_encode($data);
}
}else{
$error=1;
$message="Error";
$data=array('error' =>$error , 'message'=>$message);
echo json_encode($data);
}
?>
The old table is named "tbl_user_reco" and "tbl_accounts_reco".
Note: tbl_user_reco is auto increment
Delete Code
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "tdsw_db";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
// sql to delete a record
$sql = "DELETE FROM tbl_user_reco WHERE id= '.$id.'";
$sql = "DELETE FROM tbl_accounts_reco WHERE id= '.$id.'";
if (mysqli_query($conn, $sql)) {
echo "Record deleted successfully";
} else {
echo "Error deleting record: " . mysqli_error($conn);
}
mysqli_close($conn);
}else{
$error=1;
$message="Error";
$data=array('error' =>$error , 'message'=>$message);
echo json_encode($data);
}
This is my merged Add and Delete Code and when i run it shows the "Record deleted successfully" but it never deletes anything but it adds data to the new table
<?php
require_once('php/dbase.php');
$query="INSERT INTO tbl_user (username, password, access_type) VALUES ('".$_POST['user']."','".$_POST['pass']."','staff')";
if($mysqli->query($query)){
$id=$mysqli->insert_id;
$query2="INSERT INTO tbl_accounts (id,fname,mname,lname,gender,designation,s_question,s_answer) VALUES (".$id.",'".$_POST['fname']."','".$_POST['mname']."','".$_POST['lname']."','".$_POST['gender']."','".$_POST['designation']."','".$_POST['s_question']."','".$_POST['s_answer']."')";
if($mysqli->query($query2)){
$error=0;
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "tdsw_db";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
// sql to delete a record
$sql = "DELETE FROM tbl_user_reco WHERE id= '.$id.'";
$sql = "DELETE FROM tbl_accounts_reco WHERE id= '.$id.'";
if (mysqli_query($conn, $sql)) {
echo "Record deleted successfully";
} else {
echo "Error deleting record: " . mysqli_error($conn);
}
mysqli_close($conn);
}else{
$error=1;
$message="Error";
$data=array('error' =>$error , 'message'=>$message);
echo json_encode($data);
}
}else{
$error=1;
$message="Error";
$data=array('error' =>$error , 'message'=>$message);
echo json_encode($data);
}
?>
If you see this code, you are overwriting $sql, and its executing only second query,
$sql = "DELETE FROM tbl_user_reco WHERE id= '.$id.'";
$sql = "DELETE FROM tbl_accounts_reco WHERE id= '.$id.'";//$sql overwriting.
if (mysqli_query($conn, $sql)) {