Updated code, after information is typed in and the submit button clicked to run this code, it goes back to the account page but doesnt update the database:
<font face="ClearSans-Thin">
<font color="lightgray">
<?php
include 'editaccount.php';
include 'connection.php';
?>
<center>
<?php
if (isset($_POST['uregsubmit'])) {
$firstname = $_POST['ufirstname'];
$lastname = $_POST['ulastname'];
$email = $_POST['uemail'];
$dob = $_POST['udob'];
$user = $_POST['uregisterusername'];
$pass = $_POST['uregisterpassword'];
}
//the query
$query = "UPDATE Users SET FirstName='$firstname', LastName='$lastname' WHERE Username='$user'";
//execute the query
$result = mysqli_query($connection, $query)
or die("Error: ".mysqli_error($connection));
//check and see if any data returned
?>
</center>
Write sql query inside if statement
<?php
if (isset($_POST['uregsubmit'])) {
$firstname = $_POST['ufirstname'];
$lastname = $_POST['ulastname'];
$email = $_POST['uemail'];
$dob = $_POST['udob'];
$user = $_POST['uregisterusername'];
$pass = $_POST['uregisterpassword'];
//the query
$query = "UPDATE Users SET FirstName='$firstname', LastName='$lastname' WHERE Username='$user'";
//execute the query
$result = mysqli_query($connection, $query)
or die("Error: ".mysqli_error($connection));
//check and see if any data returned
}
?>
you have an extra comma before WHERE
Related
Trying to update the logged in users details using a form. The details are already in the form when the page loads so if the user wants to change thier mobile number for example they delete the current number, insert the new number and click update.
I get this message when I click update " Unknown column 'Adrian93' in 'where clause' " Adrian93 is the username
<?php
require('dbConnection.php');
require('checklogin.php');
if(isset($_POST['update']))
{
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$DOB = $_POST['dob'];
$natInsNo = $_POST['natInsNo'];
$address = $_POST['address'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$password = $_POST['password'];
$query = "UPDATE users SET firstName='$firstName', lastName='$lastName', DOB='$DOB', natInsNo='$natInsNo', address='$address', email='$email', mobile='$mobile', password='$password' WHERE username = {$_SESSION['username']}";
$results = mysqli_query($conn, $query) or die (mysqli_error($conn));
}
?>
Ralphs comment "Probably has to do with your squirly brackets. I'd set $username = $_SESSION['username'] before your query then just do WHERE username='$username' Also be careful for SQL injections, I'd use prepared statements in you're case as you're taking form inputs and directly placing them in your query" solved the query. Runs now without any errors.
<?php
require('checklogin.php');
if(isset($_POST['update']))
{
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$DOB = $_POST['dob'];
$natInsNo = $_POST['natInsNo'];
$address = $_POST['address'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$password = $_POST['password'];
$username = $_SESSION['username'];
$query = "UPDATE users SET firstName='$firstName', lastName='$lastName', DOB='$DOB', natInsNo='$natInsNo', address='$address', email='$email', mobile='$mobile', password='$password' WHERE username = '$username'";
$results = mysqli_query($conn, $query) or die (mysqli_error($conn));
}
?>
<?php
require_once("connect.php");
$login1 = $_POST['email'];
$password1 = $_POST['password'];
$select = "SELECT id FROM loginregistration WHERE login ='$login1', password ='$password1'";
$sql = mysqli_query($con,$select);
$row = mysqli_fetch_assoc($sql);
?>`
it seems that my mysqli_query doesn't work ,what should i do?
use AND insted of comma (,) in query near password that's why query returning false and throw that error
$select = "SELECT id FROM loginregistration WHERE login ='".$login1."' and password ='".$password1."'";
UPDATE 1
if query fail it return false . so you can use mysqli_error($con); to know the error
<?php
require_once("connect.php");
$login1 = $_POST['email'];
$password1 = $_POST['password'];
$select = "SELECT id FROM loginregistration WHERE login ='".$login1."' AND password ='".$password1."'";
$sql = mysqli_query($con,$select);
if($sql === FALSE) {
die(mysqli_error($con)); // better error handling
}
$row = mysqli_fetch_assoc($sql);
?>
I have a simple query which updates the last time a user logs in. For some reason, it is not updating the data when a user logs in. I would be grateful if someone could point out my error. Thanks
<?php
session_start();
$message="";
if(count($_POST)>0) {
$username_usr = $_POST["user_name"];
$password_usr = md5($_POST['password']);
$conn = mysql_connect("localhost","root","");
mysql_select_db("logistor_logistor",$conn);
$result = mysql_query("SELECT * FROM user_usr WHERE username_usr='" . $username_usr . "' and password_usr = '". $password_usr ."'");
$row = mysql_fetch_array($result);
if(is_array($row)) {
$_SESSION["username"] = $row[username_usr];
$_SESSION["password"] = $row[password_usr];
$_SESSION["S_name"] = $row[name_usr];
} else {
$message = "Invalid Username or Password!";
}
}
if(isset($_SESSION["username"])) {
$query = "UPDATE user_usr SET logincounter_usr = logincounter_usr+1, lastlogin_usr = NOW() WHERE username_usr = '". $_SESSION["username"] ."'";
header("Location:user_dashboard.php");
}
?>
you miss execute the query in update
$query = "UPDATE user_usr SET logincounter_usr = logincounter_usr+1, lastlogin_usr = NOW() WHERE username_usr = '". $_SESSION["username"] ."'";
$result = mysql_query($query);
Alright, I have tried and searched everywhere to fix this but no luck.
All I am trying to do is display a users username and email (Who are logged in) and then print their details to thier account page.
The problem is that all of the users in the database are being logged, I only want the users who is logged in to be displayed.
Db.php
<?php
$myConnection= mysqli_connect("localhost","root","") or die ("could not connect to mysql");
mysqli_select_db($myConnection, "register") or die ("no database");
>
Auth.php
<?php
session_start();
if(!isset($_SESSION["username"])){
header("Location: login.php");
exit(); }
?>
Login.php
<?php
require('db.php');
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysqli_real_escape_string($myConnection, $username);
$password = stripslashes($password);
$password = mysqli_real_escape_string($myConnection, $password);
//Checking is user existing in the database or not
$query = "SELECT * FROM `users` WHERE username='$username' and password='".md5($password)."'";
$result = mysqli_query($myConnection, $query) or die(mysqli_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION['username'] = $username;
$_SESSION['user_id'] = $row['user_id'];
header("Location: index.php"); // Redirect user to index.php
}else{
echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
}else{
?>
Register.php
<?php
require('db.php');
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysqli_real_escape_string($myConnection, $username);
$email = stripslashes($email);
$email = mysqli_real_escape_string($myConnection, $email);
$password = stripslashes($password);
$password = mysqli_real_escape_string($myConnection, $password);
$trn_date = date("Y-m-d H:i:s");
$query = "INSERT into `users` (username, password, email, trn_date) VALUES ('$username', '".md5($password)."', '$email', '$trn_date')";
$result = mysqli_query($myConnection, $query);
if($result){
echo "<div class='form'><h3>You are registered successfully.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
}else{
?>
Account.php //Where I want user data to be displayed on page
<?php
// SQL query
$strSQL = "SELECT * FROM users";
// Execute the query (the recordset $rs contains the result)
$rs = mysqli_query($myConnection, $strSQL);
// Loop the recordset $rs
// Each row will be made into an array ($row) using mysqli_fetch_array
while($row = mysqli_fetch_array($rs)) {
// Write the value of the column FirstName (which is now in the array $row)
echo $row['username'] . "<br />";
echo $row['email'] . "<br />";
}
// Close the database connection
mysqli_close($myConnection);
?>
$strSQL = "SELECT * FROM users";
Why that query? if you say you wanted to display only the info about users logged in, you are getting all users without conditions
Do the query for the user who is logged in at the moment, something like
$strSQL = "SELECT * FROM users WHERE username = '".$_SESSION['username']."'";
or somethinbg like this
<?php
session_start(); //Add this
//Also you have to add your connection file before your query
require('db.php');
// SQL query
$strSQL = "SELECT username, email FROM users WHERE user_id = '".$_SESSION['user_id']."'";
// Execute the query (the recordset $rs contains the result)
$rs = mysqli_query($myConnection, $strSQL);
// Loop the recordset $rs
// Each row will be made into an array ($row) using mysqli_fetch_array
while($row = mysqli_fetch_array($rs)) {
// Write the value of the column FirstName (which is now in the array $row)
echo $row['username'] . "<br />";
echo $row['email'] . "<br />";
}
// Close the database connection
mysqli_close($myConnection);
?>
I think it should have to work, tell me if it worked for you
I am learning php and MySql database. I am trying to make payroll management software. In my database both insert & delete operation are executing well but i am facing problem in update operation. Here is my php script :
<html>
<body>
<?php
session_start();
$submit = $_POST['submit'];
$term = $_POST['id'];
//open database
$connect = mysql_connect("localhost","root","#") or die("Couldn't connect");
mysql_select_db("caselab") or die("Couldn't connect");
$sql = mysql_query("SELECT id FROM users WHERE id='$term'");
$count = mysql_num_rows($sql);
if($count!=0)
{
// output data of each row
$id = $_POST['id'];
$name = strip_tags($_POST['name']);
$email = strip_tags($_POST['email']);
$address = strip_tags($_POST['address']);
$contactinfo = $_POST['contactinfo'];
if($submit)
{
//open database
$connect = mysql_connect("localhost","root","#") or die("Couldn't connect");
mysql_select_db("caselab") or die("Couldn't connect");
// Existence Check
if($name && $email && $address && $contactinfo)
{
$queryreg = mysql_query ("Update users SET username = '$name', email = '$email' , address = '$address' , contactinfo = '$contactinfo' WHERE id = $id");
echo ("Congratulations!! Your changes have been saved !! <a href='payroll.html'>Click to go back to home page</a>");
}
else
echo("Please fill all the details");
}
mysql_close($connect);
}
else
echo("No such employee. Please try again.<a href='payroll.html'>Click to go back to home page</a> ");
?>
</html>
</body>
I would be highly thankful if my problem gets resolved.
Why is there a ) before WHERE?
Update users SET username = $name, email = $email , address = $address , contactinfo = $contactinfo) WHERE id = $id");
Try this:
$myqry = "Update users SET username = '". $name."', email = '".$email."' , address = '".$address."', contactinfo = '".$contactinfo."' WHERE id = ".$id.";
echo($myqry;
$queryreg = mysql_query($myqry);
if .....
However, i need reminder you that this is not a good programming method and you need learn how to PDO after you understand the basic query concepts. http://php.net/manual/en/book.pdo.php