i do have an additional column called "id" but it is a primary key with auto increment, if i put that in the values it adds the id but the the firstname data is always 0 and the firstname data enters the lastname and the lastname data enters the username and the username data enters the email field and the email data enters the password field and the password data enters the confirmpassword field and finally the confirmpassword data and country data enters the country field. Below are my codes
?>
<?php
//connection to the database server
$hostname="localhost";
$user="root";
$password="";
$connection = mysql_connect($hostname, $user, $password) or die ("cannot connect to mysql database server");
//selection of database
mysql_select_db("jewelgallery", $connection) or die ("cannot reach jewelgallery database");
$firstname = $_POST['firstName'];
$lastname = $_POST['lastName'];
$username = $_POST['username'];
$email = $_POST['email'];
$password1 =$_POST['password'];
$password2 =$_POST['confirmPassword'];
$country =$_POST['country'];
$sql2="select * from customer_account where username = '$username'";
$results = mysql_query($sql2, $connection) or die(mysql_error());
$numOfRecords1 = mysql_num_rows($results);
$_SESSION["username"] = $username;
if ($numOfRecords1 != 0)
{
echo "<h3>This Username ". $_SESSION["username"]." Has been chosen by another user</h3> <a href=registercustomer.html> Please Try Again </a>";
header("Refresh:5;url=registercustomer.html");
exit;
}
$sql="insert into customer_account(firstname, lastname, username, email, password, confirmpassword, country)
Values('$firstname', '$lastname', '$username', '$email', '$password1', '$password2' '$country')";
mysql_query($sql, $connection) or die(mysql_error());
mysql_close($connection);
echo "Registration Successful. <a href=../index.html> Continue </a>";
header("Refresh:5;url=../index.html");
?>
You're missing a comma:
'$password2' '$country')";
^^^^^
HERE
Corrected:
$sql="insert into customer_account(firstname, lastname, username, email, password, confirmpassword, country)
Values('$firstname', '$lastname', '$username', '$email', '$password1', '$password2', '$country')";
Related
so I want to make a sign up where at the first page, is the user info where the name, last name etc will be input by the user, then it will be recorded into the database and redirect to the account info page where the user input the username and password and be recorded in another database so I have to tables the student, where all the info is stored, and user, where account info is stored so the userID of the user will be the foreign key of in the student but I cant put the id number of the user to the table of the student where the first input is stored in the first page, so if I use the mysqli_insert_id it can insert the id of the last inserted user into the student table but into the next row not the row where the last input of information in the first page is located
code in the first page shs/functions/add.stud.php
<?php
session_start();
include 'database.php';
if (isset($_POST['add'])) {
echo "welcome";
}
$message = "Provide all information needed please";
$lname = $_POST['Lname'];
$fname = $_POST['Fname'];
$mname = $_POST['Mname'];
$email = $_POST['email'];
$grade = $_POST['grade'];
$strand = $_POST['strand'];
$section = $_POST['section'];
$status = $_POST['status'];
if (empty($lname) || empty($mname)) {
header("Location:../pages/user.add.php?empty=put something, will ya?");
exit();
}
else {
$sql = "INSERT INTO student (lname, fname, mname, gmail, grade, track, section, status)
VALUES ('$lname', '$fname', '$mname','$email', '$grade', '$strand', '$section', '$status')";
$result = mysqli_query($conn, $sql);
}
then in the account information (username, password)
<?php
if (isset($_POST['users'])){
include_once 'database.php';
$uid = $_POST['uid'];
$pass = $_POST['pass'];
//pag check or pag handle sa mga errors sa pag log in
if (empty($uid) || empty($pass))
{
header("location:../pages/user.add.php?signup=empty fields");
exit();
} else {
$sql = "SELECT * FROM 'user' WHERE username ='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 0) {
header("Location:.../user.add.php?the inputs are already taken");
exit();
}
else {
$hashedpass = password_hash($pass, PASSWORD_DEFAULT);
//insert the new user to the user database
$sql = "INSERT INTO user (userID, username, password)
VALUES (NULL, '$uid', '$hashedpass');";
$result = mysqli_query($conn, $sql);
//pag connect sa student database
//katung sa database sa image
$sql = "SELECT * FROM user WHERE username ='$uid'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0){
while ($row = mysqli_fetch_assoc($result)){
$userid = $row['userID'];
$sql = "INSERT INTO profileimg (userID, status)
VALUES ('$userid', 1)";
if($result=mysqli_query($conn, $sql))
{
$last_id = mysqli_insert_id($conn);
$sql = "INSERT INTO student (userID) VALUES ('$last_id')";
$result = mysqli_query($conn, $sql);
}
else {
header("Location:.../user.add.php");
exit();
}
//pag add sa id sa user paingun sa student
header("Location:../pages/user.add.php");
}
}
after putting the inputs in the first page it will redirect to another page where the user must input the account info..that's the desired function
The best way is to store the User Info in the student table then use the mysqli_insert_id function to grab the studentId. Then save the Account Info in the user table and grab the userId. Thereafter update the student table with userId where studentId is the same as the one you grabbed earlier.
$sql = "INSERT INTO student (lname, fname, mname, gmail, grade, track, section, status)
VALUES ('$lname', '$fname', '$mname','$email', '$grade', '$strand', '$section', '$status')";
$result = mysqli_query($conn, $sql);
$_SESSION['studentId'] = mysqli_insert_id($conn); //add this line to store the studentId into the session.
$sql = "INSERT INTO student (userID) VALUES ('$last_id')"; // change this line to the one below.
$sql = "UPDATE student SET userID = '$last_id' WHERE studentID = $_SESSION['studentId']";
Here is my main PHP code:
<?php
define('dbServer', 'localhost');
$dbUsername = 'root';
$dbPassword = '';
define('dbName', '1');
$dbConnection = mysqli_connect(dbServer, $dbUsername, $dbPassword, dbName);
if(!$dbConnection){
die("Unsuccessful Connection: " . mysqli_connect_error());
}
// All user data will be taken from the form //
$emailAddress = $_POST['emailaddress'];
$firstName = $_POST['firstname'];
$lastName = $_POST['lastname'];
$streetAddress = $_POST['streetaddress'];
$phoneNumber = $_POST['phonenumber'];
$comments = $_POST['comments'];
$sql = "INSERT INTO user-submission (email, firstName, lastName, address, phoneNumber, comment) VALUES ('$emailAddress', '$firstName', '$lastName', '$streetAddress', '$phoneNumber', '$comments')";
$result = mysqli_query($dbConnection, $sql);
if (!$result){
die('Error: ' . mysqli_connect_error());
}
?>
My SQL database contains the rows ID, email, firstName, lastName, address, phoneNumber, comment. They are in a database called '1' (for testing purposes) and a table called 'user-submission'.
I have been unable to query this information into my table. I have been successful prior to this on other SQL and PHP pairings. What am I doing wrong this time?
Add this right below the opening php tag at the top then the server will tell you what the error is. Copy the error here if you need help decyfering
error_reporting( E_ALL );
First you need to make changes so hackers don't abuse your code.
Just wait till johnny;drop tables; comes by and wipes out your database.
// All user data will be taken from the form //
$emailAddress = mysqli_real_escape_string($dbConnections,$_POST['emailaddress']);
$firstName = mysqli_real_escape_string($dbConnections,$_POST['firstname']);
$lastName = mysqli_real_escape_string($dbConnections,$_POST['lastname']);
$streetAddress = mysqli_real_escape_string($dbConnections,$_POST['streetaddress']);
$phoneNumber = mysqli_real_escape_string($dbConnections,$_POST['phonenumber']);
$comments = mysqli_real_escape_string($dbConnections,$_POST['comments']);
$sql = "INSERT INTO `user-submission` (email, firstName, lastName, address, phoneNumber, comment) VALUES (?,?,?,?,?,?)";
$prep=$dbConnections->prepare($sql);
$prep->bind_param("ssssss",$emailAddress,$firstName,$lastName,$streetAddress,$phoneNumber,$comments);
#actually puts everything together, and puts it in the database
$prep-execute();
So here is what I'm trying to do. I'm trying to take information that has been entered on MySQL database and display it in an php file. With my code I've included below I am able to view the data for one user I login with, but once I logout and login with a different user the old users information is still displayed there is no update for the new users information. I also have made sure to end the session by creating a logout button which I have also included below.
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "****";
$dbname = "database";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, username, passcode, email, Address, City, Country, Zip, FirstName, LastName, About FROM admin WHERE ";
$result = $conn->query($sql);
$row = $result->fetch_assoc();
?>
Snippet of my HTML
<html>
div class="form-group">
<label for="exampleInputEmail1">Email address</label>
<input type="email" class="form-control" placeholder="Email" value="<?php echo $row["email"]; ?>">
</div>
<html>
Logout php code
<?php
session_start();
session_destroy();
header("Location: index.php");
?>
change your sql query to this:
$sql = "SELECT id, username, passcode, email, Address, City, Country, Zip, FirstName, LastName, About FROM admin WHERE username = <variable_having_user_name_value>";
In case of other identifier than username (like email or id):
$sql = "SELECT id, username, passcode, email, Address, City, Country, Zip, FirstName, LastName, About FROM admin WHERE < identifier > = <variable_having_identifier_value>";
$sql = "SELECT id, username, passcode, email, Address, City, Country, Zip, FirstName, LastName, About FROM admin WHERE ";
$result = $conn->query($sql);
There is no WHERE data in your SQL. So I guess MySQL give you always the same user.
You need to provide a condition like :
// Get your user's profile data (from session for exemple)
$email = $_SESSION['email'];
$passcode = your_cypher_function($_SESSION['passcode']);
// Then complete your query
$sql = "SELECT id, username, passcode, email, Address, City, Country, Zip, FirstName, LastName, About FROM admin WHERE email = $email AND passcode = $passcode";
Don't forget to protect your data from SQL injection. I gave you an easy exemple for quick testing.
This may be the most simplest errors ever but I've written a registration script.. which I would say looks okay.. only issue is that it won't insert data... it still prints a message saying registration successful but no data actually goes into the database... see code below:
<?php
include("dbconfig.php");
if(isset($_POST['register'])){
if(empty($_POST['first-name']) or empty($_POST['last-name']) or empty($_POST['email-address']) or empty($_POST['reg-username']) or empty($_POST['reg-pass'])){
header("location:index-login-page.php?msg0=Please complete the required fields.");
}
else {
$fname = $_POST['first-name'];
$lname = $_POST['last-name'];
$email = $_POST['email-address'];
$username = $_POST['reg-username'];
$pass = $_POST['reg-pass'];
$checkusername = mysql_query("SELECT username FROM users WHERE username = '$username'");
$checkemail = mysql_query("SELECT email FROM users WHERE email = '$email'");
$resultusername = mysql_num_rows($checkusername);
$resultemail = mysql_num_rows($checkemail);
if( (($resultusername) ==1) or ($resultemail)==1){
header("location:index-login-page.php?msg1= Username or email address already exists.");
}
elseif( (($resultusername) == 0) && ($resultemail) ==0) {
$insertquery =("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
header("location:index-login-page.php?msg1= Registration successful, please login.");
}
}
}
?>
Please do let me know what the error is (if there is one) because I can't seem to find it. Thanks.
Sohail.
$insertquery = ("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
Should be:
$insertquery = mysql_query("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
I have to warn you though: this is considered bad practice, you need to sanitize your database input
My code seems to be functioning properly (i dont get any erros) but the INSERT INTO query doesnt seem to be working as the data is never being put into the database.
Here is the code:
EDIT: i edited the code slightly so it would make logical sense but it still doesn't add the data to the table. (I even removed the if statement completely and just left the query in and it didnt add it.)
<?php
//connect to user database
include("db_connect.php");
//set variables
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$date = date('Y/m/d H:i:s a');
//check if email exists
$db_query = "SELECT * FROM users WHERE email LIKE '$email'";
$db_result = mysql_query($db_query);
if(!$db_result)
{
$query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
mysql_query($query);
echo 'You have been successfully registered. Please Click Here to log in.';
}
else {
echo 'That email is already in use. Click Here to return to the sign up page.';
}
?>
You need to replace
if($email_taken)
with
if(mysql_num_rows($email_taken))
I would say it would be more like:
//check if email exists
$db_query = "SELECT * FROM users WHERE email='{$email}'";
$res = mysql_query($db_query);
$email_taken = mysql_num_rows($res);
if($email_taken == 1)
{
echo 'That email is already in use. Click Here to return to the sign up page.';
}
else {
$query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
mysql_query($query);
echo 'You have been successfully registered. Please Click Here to log in.';
}