This is my first (of many, hopefully) questions. I am creating a simple login system for a site I'm working on for uni and I have a page that allows the client to add a new user to the database;
<?php
//INSERT//
$host="localhost";
$username="root";
$password="";
$db_name="login";
$tbl_name="members";
//variables//
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$query = "INSERT INTO members VALUES ('','myusername','mypassword'')";
mysql_query($query);
echo ''.$_POST['myusername'].' has been added as a new user'.'<br/>' ;
mysql_close();
?>
This echo's that "myusername" has been added as a new user, though it doesn't insert anything into the 'members' table. Why is this? It appears to be working ok. I've had to insert an temporary user with an insert script for the time being which works but I really need the user to have the ability to do this themselves. Here is the script I used that works:
<?php
$user="root";
$password="";
$database="login";
mysql_connect('localhost',$user,$password);
#mysql_select_db($database) or die( "Unable to select database");
$query="INSERT INTO `members` VALUES (1, 'kerr', '1234')";
mysql_query($query);
mysql_close();
?>
I hope this makes sense. Thank in advance! Kerr
Set 'members' table 'id' column to auto_increment.
try:
$insert = mysql_query($query);
if($insert){
echo ''.$_POST['myusername'].' has been added as a new user'.'<br/>' ;
}
else{
echo mysql_error($insert);
}
Do you have form tag in the HTML file?
Related
I'm having a little problem with php, basically I want to get a random row from my mysql database, I am really new to php and mysql so please be kind and explain me what's going on. I've already granted all permissions on mysql, now I just have to figure out what's going on, i tried to put some echoes to debug but it seems like anything happens, there's just a blank page with nothing on it, this drives me crazy so I'd like to resolve it. Here's the code
<?php
echo "test";
$host="127.0.0.1"; // Host name
$username="username"; // Mysql username
$password="password"; // Mysql password
$db_name="mine"; // Database name
$tbl_name="accounts"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Select a random account
$min=1;
$row=mysql_fetch_assoc(mysql_query("SHOW TABLE STATUS LIKE 'mine.accounts';"));
$max=$row["Auto_increment"];
$random_id=rand($min,$max);
$row=mysql_fetch_assoc(mysql_query("SELECT * FROM `mine`.`accounts` WHERE id='$random_id'");
echo $row["username"]. ":" . $row["password"]
?>
// --- UPDATE ---
<?php
error_reporting(E_ALL); ini_set('display_errors', 1);
$host="127.0.0.1"; // Host name
$username="username"; // Mysql username
$password="password"; // Mysql password
$db_name="mine"; // Database name
$tbl_name="accounts"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Select a random account
$row = mysql_query("SELECT username AND password FROM accounts order by RAND() LIMIT 1");
WHILE ($data = mysql_fetch_array($row))
ENDWHILE;
echo $row['username'] . " " . $row['password'];
?>
On this line, you forgot the closing parentheses.
$row=mysql_fetch_assoc(mysql_query("SELECT * FROM `mine`.`accounts` WHERE id='$random_id'");
Hence the single closing parentheses while you open two.
$row=mysql_fetch_assoc(mysql_query("SELECT * FROM `mine`.`accounts` WHERE id='$random_id'"));
And you'll have to use a while loop to make $row output anything, since fetch_assoc returns an associative array:
while($row = mysql_fetch_assoc(<...>){
$max = $row['Auto_increment'];
}
Also you might wanna look into Prepared Statements or PDO as mysql_* Functions are officially deprecated.
Pretty new to PHP and MySQL.
I have created an insert statement in my php script, to transfer a row of data from one table to the next for certain fields. Only thing is, it doesn't seem to be working?
Can anybody see where the issue is?
<?php
require_once('auth.php');
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="Instruction"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql="INSERT INTO Triage (Reference,Forename,surname,D.O.B,Mobile Number,Home Number,Address,Postcode1,Email,Accident,Details);
VALUES (Reference,Forename,surname,DOB,Mobile,Home,Address,Postcode1,Email,Accident,Details)";
$result=mysql_query($sql);
//
while($rows=mysql_fetch_array($result)){
echo 'update test';
}
//
// end of while loop
echo "Successful";
echo "<BR>";
echo "<a href='list_records.php'>View result</a>";
?>
Update
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$Reference=$_REQUEST['Reference'];
$Forename=$_REQUEST['Forename'];
$surname=$_REQUEST['surname'];
$DOB=$_REQUEST['DOB'];
$Mobile=$_REQUEST['Mobile'];
$Home=$_REQUEST['Home'];
$Address=$_REQUEST['Address'];
$Postcode=$_REQUEST['Postcode1'];
$Email=$_REQUEST['Email'];
$Accident=$_REQUEST['Accident'];
$Details=$_REQUEST['Details'];
//semi colon removed
$sql="INSERT INTO Triage (Reference,Forename,surname,D.O.B,Mobile Number,Home Number,Address,Postcode1,Email,Accident,Details)
VALUES('.$Reference.','.$Forename.','.$surname.','.$DOB.','.$Mobile.','.$Home.','.$Address.','.$Postcode1.','.$Email.','.$Accident.','.$Details.')";
$result=mysql_query($sql);
echo "Successful";
echo "<BR>";
echo "<a href='list_records.php'>View result</a>";
?>
first you should fix the assignments:
$Reference=$_REQUEST['Reference'];
$Reference=$_REQUEST['Forename'];
...
should be something like:
$Reference=$_REQUEST['Reference'];
$Forename=$_REQUEST['Forename'];
$surname=$_REQUEST['surname'];
Then update the query in:
$sql="INSERT INTO Triage (Reference,Forename,surname,D.O.B,Mobile Number,Home Number,Address,Postcode1,Email,Accident,Details)
VALUES (".$Reference.",".$Forename.","...
and so on with the rest of the values.
Also
while($rows=mysql_fetch_array($result)){
won't work since result will only contain true on success.
Maybe there are more mistakes I'm not sure. But you should also check this to learn how to avoid injection:
What's the best method for sanitizing user input with PHP?
If you want to transfer data from one table to another, you should select this table somewhere. You have not anywhere in your code, you just specified columns, how is your script supposed to know where do they come from?
INSERT INTO table1 (col1, col2, col3) SELECT correspondingColumn1, correspondingColumn2, correspondingColumn3 FROM table2
P.S.: You do not use $Reference, but still, you are overwritting it
try this one
1) you mention all var name as $Reference its changed
2) query not correct plz study how wrote query..
3) REFER:http://www.w3schools.com/php/php_mysql_intro.asp
<?php
require_once('auth.php');
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="Instruction"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$Reference=$_REQUEST['Reference'];
$Forename=$_REQUEST['Forename'];
$surname=$_REQUEST['surname'];
$DOB=$_REQUEST['DOB'];
$Mobile=$_REQUEST['Mobile'];
$Home=$_REQUEST['Home'];
$Address=$_REQUEST['Address'];
$Postcode=$_REQUEST['Postcode1'];
$Email=$_REQUEST['Email'];
$Accident=$_REQUEST['Accident'];
$Details=$_REQUEST['Details'];
//semi colon removed
$sql="INSERT INTO Triage (Reference,Forename,surname,D.O.B,Mobile Number,Home Number,Address,Postcode1,Email,Accident,Details)
VALUES ('$Reference','$Forename','$surname','$DOB','$Mobile','$Home','$Address','$Postcode1','$Email','$Accident','$Details')";
$result=mysql_query($sql);
//
while($rows=mysql_fetch_array($result)){
echo 'update test';
}
//
// end of while loop
echo "Successful";
echo "<BR>";
echo "<a href='list_records.php'>View result</a>";
?>
Pretty new to PHP and MySQL.
I have created an insert statement in my php script, to transfer a row of data from one table to the next for certain fields. Only thing is, it doesn't seem to be working?
Can anybody see where the issue is?
<?php
require_once('auth.php');
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="Instruction"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$Reference=$_REQUEST['Reference'];
$Forename=$_REQUEST['Forename'];
$surname=$_REQUEST['surname'];
$DOB=$_REQUEST['DOB'];
$Mobile=$_REQUEST['Mobile'];
$Home=$_REQUEST['Home'];
$Address=$_REQUEST['Address'];
$Postcode=$_REQUEST['Postcode1'];
$Email=$_REQUEST['Email'];
$Accident=$_REQUEST['Accident'];
$Details=$_REQUEST['Details'];
//semi colon removed
$sql="INSERT INTO Triage (Reference,Forename,surname,D.O.B,Mobile Number,Home Number,Address,Postcode1,Email,Accident,Details)
VALUES('.$Reference.','.$Forename.','.$surname.','.$DOB.','.$Mobile.','.$Home.','.$Address.','.$Postcode1.','.$Email.','.$Accident.','.$Details.')";
$result=mysql_query($sql);
echo "Successful";
echo "<BR>";
echo "<a href='list_records.php'>View result</a>";
?>
You have column names like Mobile Numbe etc, you need to use `` for them also the concatenation does not look correct you should have something as
sql="INSERT INTO
Triage
(
Reference,
Forename,
surname,
`D.O.B`,
`Mobile Number`,
`Home Number`,
Address,
Postcode1,
Email,
Accident,
Details
)
VALUES
(
'".$Reference."',
'".$Forename."',
'".$surname."',
'".$DOB."',
'".$Mobile."',
'".$Home."',
'".$Address."',
'".$Postcode1."',
'".$Email."',
'".$Accident."',
'".$Details."'
)";
In addition you should use mysql_real_escape_string() for all the request data something as
$Reference=mysql_real_escape_string($_REQUEST['Reference']);
and so on for others
I have a PHP form that should insert data into my SQL database on hostgator. However it is not adding any data but the id field keeps incrementing. I do not receive any error message when submitting the form and when i go to the database the other fields are just empty thus not displaying any data.
I am pulling my hair and cant figure out what the problem is. Can someone please help me
Thanks
<?php
$host="localhost"; // Host name
$username="xxxxxx"; // Mysql username
$password="xxxxxx"; // Mysql password
$db_name="rob1124_inventory"; // Database name
$tbl_name="data"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Get values from form
$qty=$_POST['qty'];
$product=$_POST['product'];
$price=$_POST['price'];
$totalprice=$_POST['totalprice'];
$seller=$_POST['seller'];
$city=$_POST['city'];
// Insert data into mysql
$sql="INSERT INTO $tbl_name(qty, product, price, totalprice, seller,city)
VALUES('$qty', '$product', '$price', '$totalprice', '$seller', '$city')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='insert.php'>Back to main page</a>";
}
else {
echo "ERROR";
}
?>
<?php
// close connection
mysql_close();
?>
Change to utf-8 from all varchar fields of your table and
try to get mysql_error().
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
mysql_query("set names 'utf8'");
//You codes....
// Insert data into mysql
$sql="INSERT INTO $tbl_name(qty, product, price, totalprice, seller,city)
VALUES('$qty', '$product', '$price', '$totalprice', '$seller', '$city')";
$result=mysql_query($sql) or die(mysql_error());
//Your codes...
Since the id is incrementing atleast the form and the DB connect, it tries to enter data.
One usually occurring error is that the data types in the databases columns don't match with the type of data recieved. Like trying to insert chars into ints etc. Or the length of the data is to large for the assigned size in the database. Check to see that the types are correct and try again.
But still, those that are correct should be inserted. Hard to tell without knowing more about the database design.
i know this is a beginner's question .I am working on a bloodbank database project with html,php and mysql. Here as an administrator,i am trying to send messages to users.At first i am trying to see if the user with the username is present in the database.if he is present i am inserting the username and messages into the table called usermessages But i am not able to insert the data.i am getting the message "message sent successfully",but in reality it is not getting updated in the database.So here is my code,i can assure all that no spelling mistake is present in database or in phpcode.
<?php
session_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="bloodbank"; // Database name
$tbl_name="users"; // Table name
$tblname="usermessages";
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and messages is sent from form
$username=$_POST['username'];
$sql="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
if($count==1)
{
$mysql="INSERT INTO tblname(username, messages)
VALUES
('$_POST[username]','$_POST[messages]')";
echo "Message Sent Successfully";
}
else
{
echo "No user with that username found in the database";
}
?>
Try to execute the query
$mysql="INSERT INTO $tblname(username, messages)
VALUES ('$_POST[username]','$_POST[messages]')";
$return = mysql_query($my_sql);
echo "Message Sent Successfully";
You just forgotted to execute this insert query
And my advice is dont use mysql_* functions as they are depricated,use either mysqli_* functions or PDO Statements,and while you are playing with the post variables try to escape them like
mysql_real_escape_string($_POST['messages']);
Your query is good but you haven't executed it. Use mysql_query to execute your query.
Second please be careful about sql injection. Your code is shouting that come and hack me.