I'm new to php and sql and all that stuff, and I was watching a tutorial on youtube about forums in php and wonder why this code doesn't echo "Success" when submitting the form. I also wonder why it echo out Failure before I have submitted the form. I have connected successfully to the database.
<!DOCTYPE HTML>
<html>
<head>
<title>Register</title>
</head>
<body>
<form action="register.php" method="POST">
Username: <input type="text" name="username">
<br/>
Password: <input type="password" name="password">
<br/>
Confirm Password: <input type="password" name="confirmPassword">
<br/>
Email: <input type="text" name="email">
<br/>
<input type="submit" name="submit" value="Register"> or Log in
</form>
</body>
</html>
<?php
require('connect.php');
$username = $_POST['username'];
$password = $_POST['password'];
$confirmPassword = $_POST['confirmPassword'];
$email = $_POST['email'];
if(isset($_POST["submit"])){
if($query = mysql_query("INSERT INTO users ('id', 'username', 'password', 'email') VALUES('', '".$username."', '".$password."', '".$email."')")){
echo "Success";
}else{
echo "Failure" . mysql_error();
}
}
?>
Connect.php
<?php
$connect = mysqli_connect("localhost", "root", "") or die("Could not connect to server!");
mysqli_select_db($connect, "php_forum") or die("Could not connect to database!");
?>
There are a few things wrong here.
You're using the wrong identifiers for your columns in (and being quotes):
('id', 'username', 'password', 'email')
remove them
(id, username, password, email)
or use backticks
(`id`, `username`, `password`, `email`)
mysql_error() should have thrown you an error, but it didn't because of:
You're mixing MySQL APIs with mysqli_ to connect with, then mysql_ in your query.
Those two different APIs do not intermix with each other.
Use mysqli_ exclusively and change your present query to:
if($query = mysqli_query($connect, "INSERT...
and change mysql_error() to mysqli_error($connect)
as a rewrite for that block:
if(isset($_POST["submit"])){
if($query = mysqli_query($connect,"INSERT INTO users ('id', 'username', 'password', 'email') VALUES('', '".$username."', '".$password."', '".$email."')")){
echo "Success";
}else{
echo "Failure" . mysqli_error($connect);
}
}
Just to test the error, make the changes as I outlined just above, while keeping the quotes around your columns the way you have it now. You will then see the error that MySQL will throw. You can then do as I've already outlined above and remove the quotes around the column names, or replace them with backticks.
The tutorial you saw may very well used backticks, but were probably not distinguishable enough for you to tell that they were indeed backticks and not single quotes.
However, your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.
I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.
I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.
Also, instead of doing:
$connect = mysqli_connect("localhost", "root", "") or die("Could not connect to server!");
mysqli_select_db($connect, "php_forum") or die("Could not connect to database!");
You should be checking for errors instead, just as the manual states
$link = mysqli_connect("myhost","myuser","mypassw","mybd")
or die("Error " . mysqli_error($link));
http://php.net/manual/en/function.mysqli-connect.php
So in your case:
$connect = mysqli_connect("localhost", "root", "","php_forum")
or die("Error " . mysqli_error($connect));
Edit: and I changed action="register.php" to action="" since you're using the entire code inside the same page.
<!DOCTYPE HTML>
<html>
<head>
<title>Register</title>
</head>
<body>
<form action="" method="POST">
Username: <input type="text" name="username">
<br/>
Password: <input type="password" name="password">
<br/>
Confirm Password: <input type="password" name="confirmPassword">
<br/>
Email: <input type="text" name="email">
<br/>
<input type="submit" name="submit" value="Register"> or Log in
</form>
</body>
</html>
<?php
require('connect.php');
$username = $_POST['username'];
$password = $_POST['password'];
$confirmPassword = $_POST['confirmPassword'];
$email = $_POST['email'];
if(isset($_POST["submit"])){
if($query = mysqli_query($connect,"INSERT INTO users (`id`, `username`, `password`, `email`) VALUES ('', '".$username."', '".$password."', '".$email."')")){
echo "Success";
}else{
echo "Failure" . mysqli_error($connect);
}
}
?>
:It will echo ;Failure' so executing this bit of code
else{
echo "Failure" . mysql_error();
}
whenever $_POST["submit"]) is not set and it will be not set anytime you open you page (even if you navigate to it from your bookmark of from google search results) or when you submit you FORM in GET mode
Related
I am fairly new to PHP and I was following a simple tutorial on youtube, I followed the youtube video, double and tripple checked to make sure everything I typed was correct and data was still not being inserted.
I searched the internet for hours and I came up with a fix, sort of but I don't think it's the correct way to do it
HTML
<html>
<head>
<title>Insert Form Data In MYSQL Database Using PHP</title>
</head>
<body>
<form action="insert.php" method="post">
Name : <input type="text" name="username">
<br/>
Email : <input type="text" name="email">
<br/>
<input type="submit" value="Insert">
</form>
</body>
</html>
PHP
<?php
$con = mysqli_connect('localhost','root','');
if (!$con) {
echo 'Not Connected To Server';
}
if (!mysqli_select_db($con,'tutorial')) {
echo 'Database Not Selected';
}
if (isset($_POST['username'])){
$Name = $_POST['username'];
}
if (isset($_POST['email'])){
$Email = $_POST['email'];
}
$sql = "INSERT INTO person (Name, Email) VALUES ('John', 'john#gmail.com')";
if (!mysqli_query($con,$sql)) {
echo 'Not Inserted';
} else {
echo 'Inserted Successfully!';
}
header("refresh:10; url=index.html");
?>
I replaced '$Name' and '$Email' with John and john#gmail.com, then I type it into the html form and the data goes into the database correctly.
I then found another HTML form online with more PHP but it does the same thing(not inserting any data to the database)
HTML
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Add Record Form</title>
</head>
<body>
<form action="insert1.php" method="post">
<p>
<label for="firstName">First Name:</label>
<input type="text" name="firstname" id="firstName">
</p>
<p>
<label for="lastName">Last Name:</label>
<input type="text" name="lastname" id="lastName">
</p>
<p>
<label for="emailAddress">Email Address:</label>
<input type="text" name="email" id="emailAddress">
</p>
<input type="submit" value="Submit">
</form>
</body>
</html>
PHP
<?php
/* Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
$link = mysqli_connect("localhost", "root", "", "demo");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
// Escape user inputs for security
$first_name = mysqli_real_escape_string($link, $_POST['firstname']);
$last_name = mysqli_real_escape_string($link, $_POST['lastname']);
$email_address = mysqli_real_escape_string($link, $_POST['email']);
// attempt insert query execution
$sql = "INSERT INTO persons (first_name, last_name, email_address) VALUES ('$first_name', '$last_name', '$email_address')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
The fields are blank, any help will be greatly appreacited!
Btw This is how the fields display I'm using xampp server.
I had used the below code and it works fine for me.
<?php
$link = mysqli_connect("localhost", "root", "", "dummy");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
/* Collect below values from $_POST
$firstname = 'John';
$lastname = 'Doe';
$email = 'test#gmail.com';
*/
// Escape user inputs for security
$first_name = mysqli_real_escape_string($link, $firstname);
$last_name = mysqli_real_escape_string($link, $lastname);
$email_address = mysqli_real_escape_string($link, $email);
// attempt insert query execution
$sql = "INSERT INTO accounts (account_firstname, account_lastname, account_email) VALUES ('$first_name', '$last_name', '$email_address')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
I'm trying to create a very basic registration and login system in PHP. I am very new to this, so I followed a video on YouTube. I'm guessing my problem is that I'm using some function that may have been depreciated in PHP 7. I have included the code I have below. What should I correct? I know I don't have much error handling or such yet. I just want to get the basics down and create a page where the user can register, login, and then have their user id or name displayed on the page. I got that part to work, but nothing shows up in the database when I log in. Also, how do you get the host name? I'm using a webhosting service, and not working locally. Thank you for your help!
dbh.php:
<?php
$conn = mysqli_connect("localhost", "usernamehere", "passwordhere",
"mylogindatabase");
if(!$conn)
{
die("Connection failed: ".mysqli_connect_error());
}
?>
welcome.php:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8>
<title>Title</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<form action="login.php" method="POST">
<input type="text" name="uid" placeholder="Username">
<br />
<input type="password" name="pwd" placeholder="Password">
<br />
<button type="submit">LOGIN</button>
</form>
<?php
if(isset($_SESSION['id']))
{echo $_SESSION['id'];}
else{
echo "You are not logged in!";
}
?>
<br />
<br />
<br />
<form action="signup.php" method="POST">
<input type="text" name="first" placeholder="First Name">
<br />
<input type="text" name="last" placeholder="Last Name">
<br />
<input type="text" name="uid" placeholder="Username">
<br />
<input type="password" name="pwd" placeholder="Password">
<br />
<button type="submit">SIGN UP</button>
</form>
<br />
<br />
<br />
<form action="logout.php">
<button>Log Out</button>
</form>
</body>
</html>
signup.php:
<?php
session_start();
include 'dbh.php';
$first = $_POST['first'];
$last = $_POST['last'];
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
echo $first;
echo $last;
echo $uid;
echo $pwd;
$sql = "INSERT INTO user (first, last, uid, pwd)
VALUES ('$first, $last, $uid, $pwd')";
$result = $conn->query($sql);
header("Location: welcome.php");
?>
login.php:
<?php
session_start();
include 'dbh.php';
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
echo $first;
echo $last;
echo $uid;
echo $pwd;
$sql = "SELECT * FROM user WHERE uid='$uid' AND
pwd='$pwd'";
$result = $conn->query($sql);
if(!$row = $result->fetch_assoc())
{
echo "Your username or password is incorrect!";
} else{
$_SESSION['id'] = $row['id'];
}
header("Location: welcome.php");
?>
logout.php:
<?php
session_start();
session_destroy();
header("Location: welcome.php")
?>
Your insert query should be like this :
$sql = "INSERT INTO user (first, last, uid, pwd)
VALUES ('$first', '$last', '$uid', '$pwd')";
Read this for host : http://php.net/manual/en/function.gethostname.php
EDIT: While this will work and will execute correctly, be warned that
your application will be vulnerable to SQL injection attacks without
the proper countermeasures, so when using MySQLi try to use prepared
statements instead of concatenated queries as they are vulnerable
against SQL injection. This might seem complicated and tedious at
first for beginners, but it is very necessary to keep your application
secure. You can use either prepared statements which are preferable or
simply escape the variables (less secure)
Read more here:
http://php.net/manual/en/mysqli.prepare.php
http://php.net/manual/en/mysqli.real-escape-string.php
you have small error in your sql query
$sql = "INSERT INTO user (first, last, uid, pwd)
VALUES ('$first', '$last', '$uid', '$pwd')";
learn more about sql inset query at
http://www.w3schools.com/sql/sql_insert.asp
You have typo mistake in your code. You forgot quotes in your query
So instead of this
$sql = "INSERT INTO user (first, last, uid, pwd)
VALUES ('$first, $last, $uid, $pwd')";
use this
$sql = "INSERT INTO user (first, last, uid, pwd)
VALUES ('$first', '$last', '$uid', '$pwd')";
Also,if you want to explore more then you can see this docs
Maybe you forget in :
$sql = "INSERT INTO user (first, last, uid, pwd)
VALUES ('$first, $last, $uid, $pwd')";
Your query should be:
$sql = "INSERT INTO user (first, last, uid, pwd)
VALUES ('$first', '$last', '$uid', '$pwd')";
If you need the example of how to create login multiuser, read more:
Detailed Technology Center
I am trying to build a login system with registration etc.
now for the registration i use a form and the method "post". Now it fails in what i think is sending the input trough the post. can you help me fix it? here is the code involved in it:
above !doctype
<?php
include('connect.php');
// If the values are posted, insert them into the database.
if (isset($_POST["username"]) && isset($_POST["password"])){
$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
$query = "INSERT INTO `user` (username, password, email) VALUES ($username, $password, $email)";
$result = mysqli_query($query);
if($result){
$msg = "User Created Successfully.";
}
else
{echo "fail";}
}
?>
the form:
<div class="register-form">
<?php
if(isset($msg) & !empty($msg)){
echo $msg;
}
?>
<h1>Registreer</h1>
<form action="" method="POST">
<p><label>User Name : </label>
<input id="username" type="text" name="username" placeholder="username" /></p>
<p><label>E-Mail : </label>
<input id="password" type="email" name="email" required placeholder="name#email.com" /></p>
<p><label>Password : </label>
<input id="password" type="password" name="password" placeholder="password" /></p>
<a class="btn" href="login.php">Login</a>
<input class="btn register" type="submit" name="submit" value="Registreer" />
</form>
</div>
The connect.php
<?php
$servername = "localhost";
$username = "sqluser";
$password = "Welkom01!";
$dbname = "users";
$connection = mysqli_connect($servername, $username, $password);
if (!$connection){
die("Database Connection Failed". mysqli_error($connection));
}
$select_db = mysqli_select_db($connection, $dbname);
if (!$select_db){
die("Database Selection Failed" . mysqli_error($connection));
}
?>
Thanks in advance.
As per your originally posted question and without marking it as an edit under your newly edited question, should anyone wonder why the answer.
Since we're more than likely dealing with strings
VALUES ($username, $password, $email)
needs to be wrapped inside quotes:
VALUES ('$username', '$password', '$email')
you also need to pass DB connection to your query $result = mysqli_query($query);
Edit: (you added your DB connection code after) from your original post
Since you've not shown what your DB connection is, this would be something like
$result = mysqli_query($connection,$query);
plus, adding or die(mysqli_error($connection)) to mysqli_query()
You also have a missing & in if(isset($msg) & !empty($msg)){ which should read as if(isset($msg) && !empty($msg)){
However, your present code is open to SQL injection.
Use prepared statements, or PDO with prepared statements, they're much safer.
Passwords
I also noticed that you may be storing passwords in plain text. This is not recommended.
Use one of the following:
CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
On OPENWALL
PBKDF2
PBKDF2 on PHP.net
PHP 5.5's password_hash() function.
Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/
Other links:
PBKDF2 For PHP
I am experimenting with PHP and Mysql. I have created a database and table at mu localhost using xampp. I have also created a file that suppose to populate my table by executing a query, but the strange thing is that i get no errors but at the same time no DATA has been inserted into my DataBase:
CODE:
register.php:
<?php
session_start();
if(isset($_POST['submitted'])){
include('connectDB.php');
$UserN = $_POST['username'];
$Upass = $_POST['password'];
$Ufn = $_POST['first_name'];
$Uln = $_POST['last_name'];
$Uemail = $_POST['email'];
$NewAccountQuery = "INSERT INTO users (user_id,username, password, first_name, last_name, emial) VALUES ('$UserN','$Upass', '$Ufn', '$Uln', '$Uemail')";
if(!mysql_query($NewAccountQuery)){
die(mysql_error());
}//end of nested if statment
$newrecord = "1 record added to the database";
}//end of if statment
?>
<html>
<head>
<title>Home Page</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Create Account</h1>
<div id="login">
<ul id="login">
<form method="post" action="register.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" submit="submit" value="Create Account" class="button">
</form>
</div>
<form action="index.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="Cancel" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">This is my site i Made coppyrights 2013 Tomazi</div>
</div>
</body>
</html>
I have also one include file which is connectDB:
<?php
session_start();
$con = mysql_connect("127.0.0.1", "root", "");
if(!$con)
die('Could not connect: ' . mysql_error());
mysql_select_db("eshop", $con) or die("Cannot select DB");
?>
Database structure:
database Name: eshop;
only one table in DB : users;
users table consists of:
user_id: A_I , PK
username
password
first_name
last_name
email
I spend a substantial amount of time to work this out did research and looked at some tutorials but with no luck
Can anyone spot what is the root of my problem...?
It is because if(isset($_POST['submitted'])){
you dont have input field with name submitted give the submit button name to submitted
<input name="submitted" type="submit" submit="submit" value="Create Account" class="button">
Check your insert query you have more fields than your values
Change :
$NewAccountQuery = "INSERT INTO users (user_id,username, password, first_name, last_name, email) VALUES ('$UserN','$Upass', '$Ufn', '$Uln', '$Uemail')";
to :
$NewAccountQuery = "INSERT INTO users (user_id,username, password, first_name, last_name, email) VALUES ('','$UserN','$Upass', '$Ufn', '$Uln', '$Uemail')";
Considering user_id is auto increment field.
Your email in query is written wrongly as emial.
Is error reporting turned on?
Put this on the top of your screen:
error_reporting(E_ALL);
ini_set('display_errors', '1');
Some good answers above, but I would also suggest you make use of newer MySQLi / PDO instead of outdated 2002 MySQL API.
Some examples: (i will use mysqli since you wrote your original example in procedural code)
connectDB.php
<?php
$db = mysqli_connect('host', 'user', 'password', 'database');
if (mysqli_connect_errno())
die(mysqli_connect_error());
?>
register.php -- i'll just write out an example php part and let you do the rest
<?php
//i'll always check if session was already started, if it was then
//there is no need to start it again
if (!isset($_SESSION)) {
session_start();
}
//no need to include again if it was already included before
include_once('connectDB.php');
//get all posted values
$username = $_POST['username'];
$userpass = $_POST['password'];
$usermail = $_POST['usermail'];
//and some more
//run checks here for if fields are empty etc?
//example check if username was empty
if($username == NULL) {
echo 'No username entered, try again';
mysqli_close($db);
exit();
} else {
//if username field is filled we will insert values into $db
//build query
$sql_query_string = "INSERT INTO _tablename_(username,userpassword,useremail) VALUES('$username','$userpass','$usermail')";
if(mysqli_query($db,$sql_query_string)) {
echo 'Record was entered into DB successfully';
mysqli_close($db);
} else {
echo 'Ooops - something went wrong.';
mysqli_close($db);
}
}
?>
this should work quite nicely and all you need to add is your proper posted values and build the form to post it, that's all.
<?php
$db = mysqli_connect('host', 'user', 'password', 'database');
if (mysqli_connect_errno())
die(mysqli_connect_error());
?>
register.php -- i'll just write out an example php part and let you do the rest
<?php
//i'll always check if session was already started, if it was then
//there is no need to start it again
if (!isset($_SESSION)) {
session_start();
}
//no need to include again if it was already included before
include_once('connectDB.php');
//get all posted values
$username = $_POST['username'];
$userpass = $_POST['password'];
$usermail = $_POST['usermail'];
//and some more
//run checks here for if fields are empty etc?
//example check if username was empty
if($username == NULL) {
echo 'No username entered, try again';
mysqli_close($db);
exit();
} else {
//if username field is filled we will insert values into $db
//build query
$sql_query_string = "INSERT INTO _tablename_(username,userpassword,useremail) VALUES('$username','$userpass','$usermail')";
if(mysqli_query($db,$sql_query_string)) {
echo 'Record was entered into DB successfully';
mysqli_close($db);`enter code here`
} else {
echo 'Ooops - something went wrong.';
mysqli_close($db);
}
}
?>
I have just installed xampp but I'm having problem inserting data into MySQL table.
The data I inserted does not appear in phpmyadmin. I am not sure what is the problem.
Any help will be gratefully appreciated, here is my code:
<html>
<head>
<title>Test</title>
<body>
<form action="test.php" method="post">
Firstname: <input type="text" name="firstname" />
Lastname: <input type="text" name="lastname" />
Age: <input type="text" name="age" />
<input type="submit"name="submit" value="submit"/>
</form>
<?php
$host ="localhost";
$username = "***";
$password = "***";
$database = "***";
$table ="persons";
$con = mysql_connect("localhost","***","***");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("bucksbug_mesovot", $con);
$sql="INSERT INTO persons (firstname, lastname, age)
VALUES('$_POST[firstname]','$_POST[lastname]','$_POST[age]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Data inserted";
mysql_close($con);
?>
</body>
</html>
Although you should really switch to PDO / mysqli and prepared statements with bound parameters to avoid sql injection and breaking sql statements if your variables contain quotation marks, you will probably run into problems with PDO / mysqli as well: Your password (change it!) contains a $.
See the following example on codepad:
<?php
function test($var)
{
echo $var;
}
$test_var = "test$string";
test($test_var);
Output:
test
You will not be able to connect successfully to the database as your password will never be correct.
Change:
"=c(p$zTTH2Jm"
to:
'=c(p$zTTH2Jm'