I've created a very basic PHP Create User form, on my personal machine it worked fine but since getting a proper host I've been encountering errors non stop. The first was that it was insecure to use the Date how I was so I disabled it, now I'm getting no errors but it's not inserting data to the table and redirects me to index.php but all I see is a blank white page. Any help?
<?PHP
include'../include_htm/global.htm';
error_reporting(-1);
//Connect to server and select databse.
$link = mysqli_connect("$DB_HOST", "$DB_USER", "$DB_PASS", "$DB_NAME")
or die ('Could not connect to database!');
//Grab information from post page
$reg_username=$_POST['username'];
$reg_password=$_POST['password'];
$email=$_POST['email'];
$avatar=$_POST['avatar'];
if($avatar == null) {
header("location:../register.php?no_avatar=true");
}
else
{
//Set variables
//$date = date('j\/m\/Y');
$false = "false";
$ipaddress = $_SERVER["REMOTE_ADDR"];
$role = "user";
//Encrypt Password With MD5
$encrypt_password=hash('sha256', $reg_password);
//Insert Information
$query = "INSERT INTO $DB_TABLE (username, password, email, role, ipaddress, avatar) VALUES ('$reg_username', '$encrypt_password', '$email', '$role', '$ipaddress', '$avatar')";
mysqli_query($link, $query);
mysqli_close($link);
//Select login details from database
$_SESSION['user'] = $reg_username;
//$query1 = "UPDATE $DB_TABLE SET avatar='$avatar' WHERE `username`='$reg_username'";
//mysqli_query($link, $query1);
//mysqli_close($link);
header("location:../index.php?welcome=true");
}
?>
//Insert Information
$stmt = $link->prepare("INSERT INTO `$DB_TABLE` (`username`, `password`, `email`, `role`, `ipaddress`, `avatar`) VALUES (?,?,?,?,?,?)");
/* bind parameters for markers */
$stmt->bind_param("ssssss", $reg_username, $encrypt_password, $email, $role, $ipaddress, $avatar);
/* execute query */
$stmt->execute();
mysqli_close($link);
Related
the data is not inserting. i think there is something wrong in
$sql = "INSERT INTO `users` (`Username`, `Password`, `FirstName`, `LastName`, `Email`, `ContactNumber`)
VALUES ('".$_POST["Username"]."','".$_POST["Password"]."','".$_POST["FirstName"]."','".$_POST["LastName"]."','".$_POST["Email"]."','".$_POST["ContactNumber"]."')";
When i try to change the statement in "else" with echo "successs"; its working.
please someone can tell me what is wrong.
<?php
error_reporting(E_ALL & ~E_NOTICE);
if(isset($_POST["Register"]))
{
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "dbuseraccounts";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$user = $_POST['Username'];
$pass = $_POST['Password'];
$query = mysqli_query($conn, "SELECT * FROM users WHERE Username= '".$user."'");
if(mysqli_num_rows($query) > 0)
{
echo "email already exists";
}
else
{
$sql = "INSERT INTO users (Username, Password, FirstName, LastName, Email, ContactNumber)
VALUES ('".$_POST["Username"]."','".$_POST["Password"]."','".$_POST["FirstName"]."','".$_POST["LastName"]."','".$_POST["Email"]."','".$_POST["ContactNumber"]."')";
}
$conn->close();
}
?>
Your data is not inserting because you haven't even executed your query.
if (mysqli_num_rows($query) > 0) {
echo "Username already exists";
} else {
$sql = "INSERT INTO users (Username, Password, FirstName, LastName, Email, ContactNumber) VALUES ('".$_POST["Username"]."','".$_POST["Password"]."','".$_POST["FirstName"]."','".$_POST["LastName"]."','".$_POST["Email"]."','".$_POST["ContactNumber"]."')";
/* Run your query and check for errors */
$query = mysqli_query($conn, $sql) or die(mysqli_error($conn));
}
Please Execute query using
mysqli_query($conn, your query);
I have run it on the local server and it worked perfectly, but when I uploaded it to my web hosting, it stopped working.
Basically when I submit the form the browser just keeps loading and when I check the database no data was inserted.
I checked my database connection and I was able to connect it but can't get data from it.
This is my php:
<?php
$servername = "localhost";
$username = "itclubac_root";
$password = "*******";
$dbname = "itclubac_itclub";
$tnp = 0;
$name = $_POST['name'];
$email = $_POST['email'];
$gender = $_POST['gender'];
$phone = $_POST['phone'];
$id = $_POST['id'];
$section = $_POST['section'];
$skills = $_POST['skills'];
$interests = $_POST['interests'];
$expectations = $_POST['expectations'];
$tnp = $_POST['tnp'];
$ip = $_SERVER['REMOTE_ADDR'];
if ( $tnp == 0 ) {
header('Location: ../../get_involved.php');
} else {
// Create connection
$con = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($con->connect_error) {
die("Connection failed: " . $con->connect_error);
}
$query = mysqli_query($con, "SELECT * FROM member_registration WHERE email = '".$email. "'");
if ( mysqli_num_rows($query) > 0 ) {
header('Location: ../../get_involved.php?status=exist');
} else {
$query = mysqli_query($con, "SELECT * FROM member_registration WHERE college_id = '".$id. "'");
if ( mysqli_num_rows( $query) > 0 ) {
header('Location: ../../get_involved.php?status=exist');
} else {
$sql = "INSERT INTO member_registration (name, email, gender, phone_no, college_id, section, skills, interests, expectations, ip_address) VALUES ('$name', '$email', '$gender', '+880$phone', '$id', '$section', '$skills', '$interests', '$expectations', '$ip')";
if ($con->query($sql) === TRUE) {
header('Location: ../../get_involved.php?status=success');
}
}
}
}
$con->close();
?>
Edit
This is the site: Form Pagehttp://itclub.acc.edu.bd/get_involved.php if you register here, the page will just keep loading. However if you try to access the registration.php directly it sends you to the form page page as I said it to. When I tested it on local, it worked perfectly but after uploading to the host this problem is occurring.
I tried to sort your code and maybe the error is related on the of your query,
$sql = "INSERT INTO member_registration (name, email, gender, phone_no, college_id, section, skills, interests, expectations, ip_address) VALUES ('$name', '$email', '$gender', '+880$phone', '$id', '$section', $'skills', '$interests', '$expectations', '$ip')";
Have you notice this part $'skills' of the line? change your code into,
$sql = "INSERT INTO member_registration (name, email, gender, phone_no, college_id, section, skills, interests, expectations, ip_address) VALUES ('$name', '$email', '$gender', '+880$phone', '$id', '$section', '$skills', '$interests', '$expectations', '$ip')";
maybe it help.
I have written the following code to insert data into my database table, but unfortunately, it doesn't work. I have double and triple-checked the code and there are no errors at all. The console also doesn't show any as well.
I have not misspelled any of the details required to connect to the database and the variables are also correct so I am at a loss.
If anyone could help it would be be deeply appreciated.
My code:
<?php
function obfuscate($type, $data) {
if ($type == "PIN"):
$f_int = (int)md5($data);
$data = str_split($data);
$rev = implode("", array_reverse($data));
$sum = array_sum($data) + $f_int;
$data = implode("", $data);
$data += $sum + $rev + 1026;
// Keep the first four digits if the result is longer
if (strlen($data) > 4):
$data = substr($data, 0, 4);
endif;
return $data;
elseif ($type == "password"):
$data = password_hash($data, PASSWORD_DEFAULT, ['cost' => 12]);
return $data;
endif;
}
function insert_user($username, $email, $password, $PIN, $Account_Type, $Account_Status, $Referrer, $Balance) {
// Connect to the server and the database or show error
$connection = mysqli_connect("localhost", "root", "") or die("Couldn't connect to the server.");
mysqli_select_db($connection, "Calisoft_flu_db") or die("Couldn't connect to the database.");
// Sanitise the data
$username = mysqli_real_escape_string($connection, $username);
$email = mysqli_real_escape_string($connection, $email);
$password = mysqli_real_escape_string($connection, $password);
$PIN = mysqli_real_escape_string($connection, $PIN);
// Get the rest of the data
$Registration_Date = date("Y-m-d");
// Obfuscate password and PIN
$password = obfuscate("password", $password);
$PIN = obfuscate("PIN", $PIN);
// Make query and insert data to database
$query = "INSERT INTO `users` (`ID`, `Username`, `Email`, `Password`, `PIN`, `Registration_Date`, `Account_Type`, `Account_Status`, `Referrer`, `Balance`) VALUES ('NULL', '$username', '$email', '$password', '$PIN', '$Registration_Date', '$Account_Type', '$Account_Status', '$Referrer', '$Balance')";
$registered = mysqli_query($connection, $query);
if ($registered) {
echo "Register successful!";
}
// End the connection
mysqli_close($connection);
}
insert_user("#user1", "user#gmail.com", "user12345678", "1234", "Member", "Active", "0", "0");
?>
You are inserting a string value of 'NULL' into your primary key, you either remove the quotes '' or omit ID from the query.
Remove Quotes:
$query = "INSERT INTO `users` (`ID`, `Username`, `Email`, `Password`, `PIN`, `Registration_Date`, `Account_Type`, `Account_Status`, `Referrer`, `Balance`) VALUES (NULL, '$username', '$email', '$password', '$PIN', '$Registration_Date', '$Account_Type', '$Account_Status', '$Referrer', '$Balance')";
Or Remove the ID column:
$query = "INSERT INTO `users` ( `Username`, `Email`, `Password`, `PIN`, `Registration_Date`, `Account_Type`, `Account_Status`, `Referrer`, `Balance`) VALUES ('$username', '$email', '$password', '$PIN', '$Registration_Date', '$Account_Type', '$Account_Status', '$Referrer', '$Balance')";
I have been breaking my head against this and still I am unable to understand that why wouldn't this work
include ("db_conn.php");
//function for sanitizing the user input
function clean_input($data)
{
$data = stripslashes($data);
$data = trim($data);
$data = htmlspecialchars($data);
return $data;
}
//registration form data validation
if(!empty($_POST['s_register_submit']))
{
$Salutation= $F_Name= $L_Name= $email= $pass= $P_Number = "";
$Salutation= clean_input($_POST['Salutation']);
$F_Name= clean_input($_POST['F_Name']);
$L_Name= clean_input($_POST['L_Name']);
$email= clean_input($_POST['email']);
$pass= clean_input($_POST['pass']);
$P_Number= clean_input($_POST['P_Number']);
$query= "INSERT INTO STUDENT (Salutation, F_Name, L_Name, email, password, phone)
VALUES
(`$Salutation`,`$F_Name`,`$L_Name`,`$email`,`$pass`,`$P_Number`)";
$query1= mysqli_query($dbhandle,$query) || die("Unable to insert");
echo "Saved";
And here are the contents for db_conn.php
$user="root";
$password="";
$host="localhost";
$dbname="Interns";
$dbhandle=mysqli_connect($host, $user, $password, $dbname);
if(!$dbhandle)
{
die("Unable to connect");
}
echo "Connected";
When running db_conn.php directly or through the script in which it is included, its echoing "Connected", still the query returns "Unable to Insert".
You wrap strings in quotes, not ticks. Ticks are reserved for identifiers.
$query= "INSERT INTO STUDENT (Salutation, F_Name, L_Name, email, password, phone)
VALUES
(`$Salutation`,`$F_Name`,`$L_Name`,`$email`,`$pass`,`$P_Number`)";
should be
$query= "INSERT INTO STUDENT (Salutation, F_Name, L_Name, email, password, phone)
VALUES
('$Salutation','$F_Name','$L_Name','$email','$pass','$P_Number')";
I am using a code to insert a users form data into the database, that bit works fine. However, i also want to run another query and update an enum value 'form2_completed?' from No to Yes. I have added in the update query and now for some reason the script is not working and says 'ERROR'
Can someone please show me where i am going wrong. thanks
<?php
session_start();
$db_hostname = 'localhost';
$db_database = 'hewden1';
$db_username = 'root';
$db_password = '';
$db_server = mysql_connect($db_hostname, $db_username, $db_password)
or die("Unable to connect to MySQL: " . mysql_error());
mysql_select_db($db_database)
or die("Unable to select database: " . mysql_error());
$cname = $_POST['cname'];
$creg = $_POST['creg'];
$address = $_POST['address'];
$post = $_POST['post'];
$contactn = $_POST['contactn'];
$contactt = $_POST['contactt'];
$email = $_POST['email'];
$vat = $_POST['vat'];
$ipaddress = $_SERVER["REMOTE_ADDR"];
$sql="INSERT INTO supplier_registration (company_name, company_reg_number, company_address, company_postcode, contact_name, contact_number, contact_email, company_vat_number, date_time, user_ip)
VALUES ('$cname', '$creg', '$address', '$post', '$contactn', '$contactt', '$email', '$vat', NOW(), '$ipaddress')";
$sql="UPDATE supplier_session SET form2_completed? = 'Yes' WHERE form2_completed? = 'No'";
$result = mysql_query($sql);
if($result){
$success = "<div class='success'></div>"; // use the $success
//encode the URL parameter as :
$success = urlencode($success);
header("Location: index.php?success=$success");
}else {
echo "ERROR";
}
?>
You are overwriting the variable $sql and not running INSERT. Try:
$sql="INSERT INTO supplier_registration (company_name, company_reg_number, company_address, company_postcode, contact_name, contact_number, contact_email, company_vat_number, date_time, user_ip)
VALUES ('$cname', '$creg', '$address', '$post', '$contactn', '$contactt', '$email', '$vat', NOW(), '$ipaddress')";
$result = mysql_query($sql);
$sql="UPDATE supplier_session SET form2_completed? = 'Yes' WHERE form2_completed? = 'No'";
$result = mysql_query($sql);
Please note that the method you have used is deprecated from php 5.5.0. so i suggest you consider mysqli or PDO. examples can be found in below php manual links
http://www.php.net/manual/en/mysqli.query.php
http://www.php.net/manual/en/pdo.query.php