My code seems to be functioning properly (i dont get any erros) but the INSERT INTO query doesnt seem to be working as the data is never being put into the database.
Here is the code:
EDIT: i edited the code slightly so it would make logical sense but it still doesn't add the data to the table. (I even removed the if statement completely and just left the query in and it didnt add it.)
<?php
//connect to user database
include("db_connect.php");
//set variables
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$date = date('Y/m/d H:i:s a');
//check if email exists
$db_query = "SELECT * FROM users WHERE email LIKE '$email'";
$db_result = mysql_query($db_query);
if(!$db_result)
{
$query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
mysql_query($query);
echo 'You have been successfully registered. Please Click Here to log in.';
}
else {
echo 'That email is already in use. Click Here to return to the sign up page.';
}
?>
You need to replace
if($email_taken)
with
if(mysql_num_rows($email_taken))
I would say it would be more like:
//check if email exists
$db_query = "SELECT * FROM users WHERE email='{$email}'";
$res = mysql_query($db_query);
$email_taken = mysql_num_rows($res);
if($email_taken == 1)
{
echo 'That email is already in use. Click Here to return to the sign up page.';
}
else {
$query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
mysql_query($query);
echo 'You have been successfully registered. Please Click Here to log in.';
}
Related
so I want to make a sign up where at the first page, is the user info where the name, last name etc will be input by the user, then it will be recorded into the database and redirect to the account info page where the user input the username and password and be recorded in another database so I have to tables the student, where all the info is stored, and user, where account info is stored so the userID of the user will be the foreign key of in the student but I cant put the id number of the user to the table of the student where the first input is stored in the first page, so if I use the mysqli_insert_id it can insert the id of the last inserted user into the student table but into the next row not the row where the last input of information in the first page is located
code in the first page shs/functions/add.stud.php
<?php
session_start();
include 'database.php';
if (isset($_POST['add'])) {
echo "welcome";
}
$message = "Provide all information needed please";
$lname = $_POST['Lname'];
$fname = $_POST['Fname'];
$mname = $_POST['Mname'];
$email = $_POST['email'];
$grade = $_POST['grade'];
$strand = $_POST['strand'];
$section = $_POST['section'];
$status = $_POST['status'];
if (empty($lname) || empty($mname)) {
header("Location:../pages/user.add.php?empty=put something, will ya?");
exit();
}
else {
$sql = "INSERT INTO student (lname, fname, mname, gmail, grade, track, section, status)
VALUES ('$lname', '$fname', '$mname','$email', '$grade', '$strand', '$section', '$status')";
$result = mysqli_query($conn, $sql);
}
then in the account information (username, password)
<?php
if (isset($_POST['users'])){
include_once 'database.php';
$uid = $_POST['uid'];
$pass = $_POST['pass'];
//pag check or pag handle sa mga errors sa pag log in
if (empty($uid) || empty($pass))
{
header("location:../pages/user.add.php?signup=empty fields");
exit();
} else {
$sql = "SELECT * FROM 'user' WHERE username ='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 0) {
header("Location:.../user.add.php?the inputs are already taken");
exit();
}
else {
$hashedpass = password_hash($pass, PASSWORD_DEFAULT);
//insert the new user to the user database
$sql = "INSERT INTO user (userID, username, password)
VALUES (NULL, '$uid', '$hashedpass');";
$result = mysqli_query($conn, $sql);
//pag connect sa student database
//katung sa database sa image
$sql = "SELECT * FROM user WHERE username ='$uid'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0){
while ($row = mysqli_fetch_assoc($result)){
$userid = $row['userID'];
$sql = "INSERT INTO profileimg (userID, status)
VALUES ('$userid', 1)";
if($result=mysqli_query($conn, $sql))
{
$last_id = mysqli_insert_id($conn);
$sql = "INSERT INTO student (userID) VALUES ('$last_id')";
$result = mysqli_query($conn, $sql);
}
else {
header("Location:.../user.add.php");
exit();
}
//pag add sa id sa user paingun sa student
header("Location:../pages/user.add.php");
}
}
after putting the inputs in the first page it will redirect to another page where the user must input the account info..that's the desired function
The best way is to store the User Info in the student table then use the mysqli_insert_id function to grab the studentId. Then save the Account Info in the user table and grab the userId. Thereafter update the student table with userId where studentId is the same as the one you grabbed earlier.
$sql = "INSERT INTO student (lname, fname, mname, gmail, grade, track, section, status)
VALUES ('$lname', '$fname', '$mname','$email', '$grade', '$strand', '$section', '$status')";
$result = mysqli_query($conn, $sql);
$_SESSION['studentId'] = mysqli_insert_id($conn); //add this line to store the studentId into the session.
$sql = "INSERT INTO student (userID) VALUES ('$last_id')"; // change this line to the one below.
$sql = "UPDATE student SET userID = '$last_id' WHERE studentID = $_SESSION['studentId']";
This may be the most simplest errors ever but I've written a registration script.. which I would say looks okay.. only issue is that it won't insert data... it still prints a message saying registration successful but no data actually goes into the database... see code below:
<?php
include("dbconfig.php");
if(isset($_POST['register'])){
if(empty($_POST['first-name']) or empty($_POST['last-name']) or empty($_POST['email-address']) or empty($_POST['reg-username']) or empty($_POST['reg-pass'])){
header("location:index-login-page.php?msg0=Please complete the required fields.");
}
else {
$fname = $_POST['first-name'];
$lname = $_POST['last-name'];
$email = $_POST['email-address'];
$username = $_POST['reg-username'];
$pass = $_POST['reg-pass'];
$checkusername = mysql_query("SELECT username FROM users WHERE username = '$username'");
$checkemail = mysql_query("SELECT email FROM users WHERE email = '$email'");
$resultusername = mysql_num_rows($checkusername);
$resultemail = mysql_num_rows($checkemail);
if( (($resultusername) ==1) or ($resultemail)==1){
header("location:index-login-page.php?msg1= Username or email address already exists.");
}
elseif( (($resultusername) == 0) && ($resultemail) ==0) {
$insertquery =("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
header("location:index-login-page.php?msg1= Registration successful, please login.");
}
}
}
?>
Please do let me know what the error is (if there is one) because I can't seem to find it. Thanks.
Sohail.
$insertquery = ("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
Should be:
$insertquery = mysql_query("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
I have to warn you though: this is considered bad practice, you need to sanitize your database input
For some reason, the code seems to not be able to find any existing usernames. I can't find anything wrong with my code though. Any help will be appreciated.
$Name = $_POST["User"];
$Pass = $_POST["Pass"];
$get = "SELECT * FROM Logins";
$result = mysqli_query($conn, $get);
$found = false;
echo $Name;
$sql=mysqli_query("SELECT FROM Logins (ID, Username, Password) WHERE Username=$Name");
if(mysqli_num_rows($sql) > 0) {
echo "Username Taken";
} else {
$sql = "INSERT INTO Logins (ID, Username, Password) VALUES (0, '$Name', '$Pass')";
if (mysqli_query($conn, $sql)) {
echo "Account Created";
} else {
echo mysqli_error($conn);
}
}
When I post to the site, $Name is correct.
You have an incorrect syntax near your select statement. It's
SELECT FROM Logins (ID, Username, Password) WHERE Username=$Name")
You need:
SELECT ID, Username, Password
FROM Logins
WHERE Username='$Name'
Also note, you should be using prepared statement which will avoid need for quotes and will avoid your code vulnerable from SQL Injection.
II created a form for inserting a new company and also on this page it is the PHP script which insert the data into the database.
I don`t know where it is the mistake in this code.
<?php
if (isset($_POST['submit']))
{
// Form has been submitted.
$query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2,
position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email)
VALUES ('{$_POST['name']}', '{$_POST['domain']}', '{$_POST['subdomain1']}',
'{$_POST['subdomain2']}', '{$_POST['position']}', '{$_POST['country']}', '{$_POST['city']}',
'{$_POST['district']}', '{$_POST['contact']}', '{$_POST['setdate']}', '{$_POST['address']}', '{$_POST['phone']}',
'{$_POST['areacode']}, '{$_POST['website']}', '{$_POST['fax']}', '{$_POST['email']}')");
$result = mysql_query($query, $connection);
if (!$result) {
echo "The company was not created.";
} else {
echo "The company was successfully created.";
}
}
?>
rewrite your code and remove those {} from the variables like that
VALUES ('$_POST['name']','$_POST['domain']', '$_POST['subdomain1']',...
1- be sure to escape them before you send them to database .
2-dont use mysql , use pdo or mysqli
to escape them do like that:
$name = mysql_real_escape_string($_POST['name']) ;
and then pass it to ur query like that
VALUES ('$name', .... <-- same with other columns
EDIT-
Try this
if (isset($_POST['submit'])) { // Form has been submitted.
$name = mysql_real_escape_string($_POST['name']) ;
$subdomain0 = mysql_real_escape_string($_POST['subdomain0']) ;
$subdomain1 = mysql_real_escape_string($_POST['subdomain1']) ;
$subdomain2 = mysql_real_escape_string($_POST['subdomain2']) ;
$position = mysql_real_escape_string($_POST['position']) ;
$country = mysql_real_escape_string($_POST['country']) ;
$city = mysql_real_escape_string($_POST['city']) ;
$district = mysql_real_escape_string($_POST['district']) ;
$contact = mysql_real_escape_string($_POST['contact']) ;
$set_up_date = mysql_real_escape_string($_POST['setdate']) ;
$address = mysql_real_escape_string($_POST['address']) ;
$phone = mysql_real_escape_string($_POST['phone']) ;
$areacode = mysql_real_escape_string($_POST['areacode']) ;
$website = mysql_real_escape_string($_POST['website']) ;
$fax = mysql_real_escape_string($_POST['fax']) ;
$email = mysql_real_escape_string($_POST['email']) ;
$query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2,
position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email)
VALUES ('$_POST['name']', '$subdomain0', '$subdomain1',
'$subdomain2', '$position', '$country', '$city',
'$district', '$contact', '$set_up_date', '$address', '$phone',
'$areacode, '$website', '$fax', '$email')");
echo "The company was successfully created.";
else {
echo "The company was not created.";
}
}
?>
you have to be careful with sql injections. you can go through the link to know of other options to mysql_* functions, as it is deprecated.
also its always better to try to find out the error by using mysql_error function to print out the error. (check the link for alternatives as this too is getting deprecated)
INSERT INTO companies
SET name = $name,
subdomain0 = $domain,
subdomain1 = $doamin1
so on
I'm noobish to coding. I set up a MYSQL database called contacts, a table called contactstable with fields id, firstname, lastname, emailaddress,postalcode and phonenumber. Each are text or varchars except for the id, which is an auto_increment, pk field. The connection doesnt give any errors, and no error is relayed through the mysqli_connect_error() method. They query doesnt go through and no query is executed. I cant figure out why.
<html>
<head>
<title>Registration</title>
</head>
<body>
<h1>Register with Us!</h1>
<h2>Registration Complete!</h2>
<div class="feedback-container" <?= isset($_REQUEST["first-name"])? "style=\"display:block\"": "style=\"display:none\""; ?>>
<?php
$firstname = $lastname = $emailaddress = $postalcode = $phonenumber = NULL;
if (isset($_REQUEST["first-name"])){
$firstname = $_REQUEST["first-name"];
$lastname = $_REQUEST["last-name"];
$emailaddress = $_REQUEST["email-address"];
$postalcode = $_REQUEST["postal-code"];
$phonenumber = $_REQUEST["phone-number"];
$dbconn = new mysqli();
$dbconn->connect("localhost","root","","contacts");
if(mysqli_connect_error()){
echo "Connection Failed";
}else{
echo "Connection Established";
}
$query = "INSERT INTO 'contactstable' ('firstname', 'lastname', 'emailaddress','postalcode','phonenumber') VALUES ('$firstname', '$lastname', '$emailaddress', '$postalcode', '$phonenumber')";
if ($dbconn->query($query) == TRUE){
echo ("Thank you for registering with us. We will shortly send a confirmation email to $emailaddress.");
}else{
echo ("<p>Your contact information was not added to our database. Please try again later or contact our webadmin at webadmin#gmail.com</p>");
}
}
?>
</div>
</body>
When it runs, it outputs the following:
"Connection Established"
"Your contact information was not added to our database. Please try again later or contact our webadmin at webadmin#gmail.com"
There are no error messages.
There is no data updated.
I'd make this
$query = "INSERT INTO 'contactstable' ('firstname', 'lastname', 'emailaddress','postalcode','phonenumber') VALUES ('$firstname', '$lastname', '$emailaddress', '$postalcode', '$phonenumber')";
look like this
$query = "INSERT INTO contactstable (firstname, lastname, emailaddress,postalcode,phonenumber) VALUES ('$firstname', '$lastname', '$emailaddress', '$postalcode', '$phonenumber')";
query should look like this.
INSERT INTO `contactstable`
(`firstname`, `lastname`, `emailaddress`,`postalcode`,`phonenumber`)
VALUES
('$firstname', '$lastname', '$emailaddress', '$postalcode', '$phonenumber')
Use backticks if you want to quote your field names.
$query = "INSERT INTO `contactstable` (`firstname`, `lastname`, `emailaddress`,`postalcode`,`phonenumber`) VALUES ('$firstname', '$lastname', '$emailaddress', '$postalcode', '$phonenumber')";
Also you can use " if you set SET sql_mode='ANSI_QUOTES'
http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html