For learning purposes, I am creating a password manager on my local system. However there is a problem when it comes to inserting data into the database and I'm not sure why it isn't working.
My entire document can be the found below.
<?php
$user = 'root';
$pass = '';
$db = 'accounts';
$server = 'localhost';
$db_handle = mysql_connect($server, $user, $pass);
if (!$db_handle) {
echo "Unable to connect to DB: " . mysql_error();
exit;
}
$db_found = mysql_select_db($db, $db_handle);
if ($db_found) {
if (isset($_POST['type'])) {
$getOrSet = $_POST['type'];
$site = $_POST['site'];
$login = $_POST['login'];
if ($getOrSet == 'get') {
$pass = mysql_fetch_assoc(mysql_query("SELECT password FROM manager WHERE site = '$site' AND username = '$login'"))['password'];
} else if ($getOrSet == 'set') {
$url = $_POST['url'];
$pass = $_POST['pass'];
mysql_query("INSERT INTO manager (site, url, username, password) VALUES ('$site', '$url', '$login' '$pass')");
}
}
} else {
echo "Unable to select database: " . mysql_error();
}
mysql_close($db_handle);
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
<style>
#left,#right{width:50%;margin:0;padding:0;float:left;text-align:center}
form{width:300px;margin:0 auto}
label{width:300px;display:block;line-height:1.65em}
input{float:right}
#pass{width:300px}
#pass>span{float:right}
</style>
</head>
<body>
<h1>Password Manager</h1>
<div id="left">
<h2>Get Password</h2>
<form action="index.php" method="post">
<label>Site: <input type="text" name="site" /></label>
<label>Email/Username: <input type="text" name="login" /></label>
<input type="hidden" name="type" value="get" />
<?php if(isset($_POST['type'])){if ($getOrSet == 'get') {echo "<span id=\"pass\">Password: <span>$pass</span></span>";}} ?>
<input type="submit" value="Submit" />
</form>
</div>
<div id="right">
<h2>Set Password</h2>
<form action="index.php" method="post">
<label>Site: <input type="text" name="site" /></label>
<label>URL: <input type="text" name="url" /></label>
<label>Email/Username: <input type="text" name="login" /></label>
<label>Password: <input type="password" name="pass" /></label>
<input type="hidden" name="type" value="set" />
<input type="submit" value="Submit" />
</form>
</div>
</body>
</html>
Can someone please tell me why this code doesn't work?
mysql_query("INSERT INTO manager (site, url, username, password) VALUES ('$site', '$url', '$login' '$pass')");
use escapes before insert like
$site = mysql_real_escape_string($site);
$url = mysql_real_escape_string($url);
$login = mysql_real_escape_string($login);
$pass = mysql_real_escape_string($pass);
// now insert
mysql_query("INSERT INTO manager (site, url, username, password) VALUES ('$site', '$url', '$login', '$pass')");
Note : mysql_* is deprecated. use mysqli_* or PDO
The problem is that there is a missing , after '$login' so
mysql_query("INSERT INTO manager (site, url, username, password) VALUES ('$site', '$url', '$login' '$pass')");
should have been
mysql_query("INSERT INTO manager (site, url, username, password) VALUES ('$site', '$url', '$login', '$pass')")
Related
Hy guys, I have a sqlite database named signup.db and a signup table in it and I have a php code of a signup page but it us not inserting any data on submit I also am not getting Amy error even on clicking on submit
*don't mind SQL injection this is just testing I will use SQL prepared statement when I make my next project
Code
<?php
if(isset($_POST['submit'])){
//connection to sqlite3 database
$dir = 'sqlite: sign.db';
$db = new PDO($dir) or die ("Unable to open");
//select table
//saving data
$email = $_POST["Email"];
$first = $_POST["First"];
$last = $_POST["Last"];
$password = $_POST["Password"];
$male = $_POST["Male"];
$female = $_POST["Female"];
$date = $_POST["Dateofb"];
$sql = "INSERT INTO Signup (First, Last, Email, Password, Male, Female, Dateofb) VALUES ('$first', '$last', '$email', '$pass', '$male', '$female', '$date');";
$sql->execute();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="index.css" >
<script src="index.js" ></script>
<title>Survey</title>
</head>
<body>
<form action="" method="post" >
<div class="container" >
<div class="form" >
<input type="email" class="first" id="email" placeholder="Email" required="required">
<input type="text" class="second" id="first" placeholder="First name" required="required">
<input type="text" class="last" id="last" placeholder="Last name" required="required">
<input type="password" class="pass" id="pass" placeholder="Password" required="required">
<div class="day" >
<p class="bd" >Birthday Date:</p>
<input type="date" class="date" id="date" >
</div>
<div>
<div class="malee" >
<input type="checkbox" class="male" id="male" >
<p class="mal" >Male</p>
</div>
<div class="femalee" >
<input type="checkbox" class="female" id="female" >
<p class="fem" >Female</p>
</div>
</div>
<div >
<input class="submit" id="submit" type="submit" >
</div>
<div class="acc" >
already have account <a href="#" >Login</a>
</div></div>
</div>
</form>
</body>
</html>
(https://i.stack.imgur.com/vYkug.jpg)
Your code has two issues:
You should query on a db connection
$db->exec($sql);
In $sql string
$pass should be $password
$sql = "INSERT INTO Signup (First, Last, Email, Password, Male, Female, Dateofb)
VALUES ('$first', '$last',
'$email', ******'$pass'*******, '$male', '$female', '$date');";
I created sandbox for you. Working fine . You can copy this code into a separate test.php file and try running it
Check this sandbox
<?php
try {
$conn = new PDO("sqlite: sign.db");
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$email = "test2";
$first = "";
$last = "";
$password = "";
$male = "";
$female = "";
$date = "";
$sql = "CREATE TABLE IF NOT EXISTS Signup (
First text NOT NULL,
Last text NOT NULL,
Email text NOT NULL,
Password text NOT NULL,
Male text NOT NULL,
Female text NOT NULL,
Dateofb text NOT NULL
);";
$conn->exec($sql);
$sql = "INSERT INTO Signup (First, Last, Email, Password, Male, Female, Dateofb) VALUES ('$first', '$last', '$email', '$password', '$male', '$female', '$date');";
$conn->exec($sql);
echo "New record created successfully \n";
$sql = "SELECT * FROM Signup";
$result = $conn->query($sql);
while ($row = $result->fetch()) {
echo $row['Email']."\n";
}
} catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
?>
i have a problem in sending my form values to mysql database i readed all other topics and i did what they wrote but i didn't get what i want please help me :(
<?php
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "13838383";
$dbname = "users";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
?>
<?php
include("../includes/functions.php");
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="../public/stylesheets/style.css" type="text/css">
<title>Our WebPage</title>
</head>
<body>
<center>
<form action="input.php" method="post">
<fieldset>
<legend>Register</legend>
<span>UserName: </span><br />
<input type="text" name="username" placeholder="USERNAME"><br /><br />
<span>PassWord: </span><br />
<input type="text" name="lastname" placeholder="PASSWORD"><br /><br />
<input type="button" name="submit" value="submit"><br /><br />
<fieldset>
</form>
</center>
<?php
?>
<?php
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$addUserQuery = "INSERT INTO users (username, password) VALUES ({$username}, {$password});";
$added = mysqli_query($connection, $addUserQuery);
if ($added) {
echo '<br>Input data is successful';
} else {
echo '<br>Input data is not valid';
}
}
?>
</body>
</html>
and my problem is i don't know know what should i enter in action attribute in form tag thanks please help
Simply put, your variables aren't quoted, so your query is being turned into this (If someone submitted 1337user as the username, and P#ssw0rd as the password):
INSERT INTO users (username, password) VALUES (1337user, P#ssw0rd);
When it should be:
INSERT INTO users (username, password) VALUES ('1337user', 'P#ssw0rd');
Bind your variables instead: How can I prevent SQL injection in PHP?
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$addUserQuery = mysqli_prepare($connection, "INSERT INTO users (username, password) VALUES (?, ?)");
mysqli_stmt_bind_param($addUserQuery, "ss", $username, $password);
$added = mysqli_stmt_execute($addUserQuery);
if ($added) {
echo '<br>Input data is successful';
} else {
echo '<br>Input data is not valid';
}
}
I am using this code to add some data to my already existing sql database, but the can't seem to do so, it's also not giving any errors. I have tried everything that i could think of. This is a form which lets user input the data and then when user clicks submit it gives a success message in url but i get the success message but no data in my database.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Signup Form</title>
</head>
<body>
<form action="signup.php" method="POST">
<input type="text" name="firstname" placeholder="First Name">
<br>
<input type="text" name="lastname" placeholder="Last Name">
<br>
<input type="text" name="email" placeholder="E-mail">
<br>
<input type="text" name="uid" placeholder="User name">
<br>
<input type="password" name="pwd" placeholder="Password">
<br>
<button type="submit" name="submit">Sign up</button>
</form>
<?php
$sql = "SELECT * FROM users;" ;
$result = mysqli_query($conn,$sql); //connects the database to the query we just generated
$resultcheck = mysqli_num_rows($result); // it returns the number of rows in the query
if($resultcheck > 0){
//the if condition checks if there is any data inside $resultcheck
//The mysqli_fetch_assoc() function fetches a result row as an associative array.
while($row = mysqli_fetch_assoc($result)){
echo $row['user_uid'].'<br>';
}
}
?>
</body>
</html>
<?php
include_once 'dbh.php';
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "INSERT INTO users (`user_firstname`, `user_firstname`, `user_email`, `user_uid`, `user_pwd` ) VALUES (\'$firstname\',\'$lastname\',\'$email\',\'$uid\', \'$pwd\');";
//require 'dbh.php';
mysqli_query('$conn','$sql');
/* if($result=$mysqli->query($sql)){
echo "<p>User successfully added to database</p>".'<br>';
}
else{
echo "Error enterting user into database!".mysql_error().'<br>';
} */
header("Location: index.php?signup=success");
?>
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "login_system"; // selecting the database
$conn = mysqli_connect($dbServername,$dbUsername,$dbPassword,$dbName );
//$mysqli = new mysqli('localhost','root',"",$dbName );
if(mysqli_connect_errno()){
printf("connection failed %s\n",mysqli_connect_error());
exit();
}
$mysqli->select_db("login_system");
?>
Please remove single quotes in $conn and $sql
mysqli_query($conn, $sql);
in your insert PHP file.
$sql = "INSERT INTO `users` (`user_firstname`, `user_lastname`, `user_email`, `user_uid`, `user_pwd` ) VALUES ('".$firstname."', '".$lastname ."', '".$email."', '".$uid."', '".$pwd."');";
$result=mysqli_query('$conn','$sql');
if($result)
{
echo "succsessfuly...";
}
else
{
echo "Not succsessfuly...";
}
Try this one:
<?php
include_once 'dbh.php';
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title> Signup Form </title>
</head>
<body>
<form action="signup.php" method="POST">
<input type="text" name="firstname" placeholder="First Name">
<br>
<input type="text" name="lastname" placeholder="Last Name">
<br>
<input type="text" name="email" placeholder="E-mail">
<br>
<input type="text" name="uid" placeholder="User name">
<br>
<input type="password" name="pwd" placeholder="Password">
<br>
<button type="submit" name="submit">Sign up</button>
</form>
<?php
$sql = "SELECT * FROM users; " ;
$result = $mysqli->query($sql); //connects the database to the query we just generated
$resultcheck = $result->num_rows; // it returns the number of rows in the query
if($resultcheck > 0){
while($row = $result->fetch_assoc()){
echo $row['user_uid'].'<br>';
}
}
?>
</body>
</html>
signup.php
<?php
include_once 'dbh.php';
$firstname = $mysqli->real_escape_string($_POST['firstname']);
$lastname = $mysqli->real_escape_string($_POST['lastname']);
$email = $mysqli->real_escape_string($_POST['email']);
$uid = $mysqli->real_escape_string($_POST['uid']);
$pwd = $mysqli->real_escape_string($_POST['pwd']);
$sql = "INSERT INTO users (`user_firstname`, `user_lastname`, `user_email`, `user_uid`, `user_pwd` ) VALUES ('$firstname','$lastname','$email','$uid', '$pwd');";
if($result=$mysqli->query($sql)){
echo "<p>User successfully added to database</p>".'<br>';
}
else{
echo "Error enterting user into database!".$mysqli->error.'<br>';
}
header("Location: index.php?signup=success");
dbh.php
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "login_system"; // selecting the database
$mysqli = new mysqli($dbServername,$dbUsername,$dbPassword,$dbName);
if($mysqli->connect_errno){
printf("connection failed %s\n",$mysqli->connect_error);
exit();
}
Please read this reference http://php.net/manual/en/book.mysqli.php
should be like this
$sql = "INSERT INTO users (firstname, lastname, email, uid, pwd ) VALUES ('$firstname','$lastname','$email','$uid', '$pwd')";
mysqli_query($conn,$sql);
I've set up a form to insert data into a database. It's connected to it fine and can display records with no issues. However, when I want to insert data I click the submit button it removes it from the form but doesn't insert it into the db. I've tried rewriting it about 3 times now using 2 different databases but just can't figure out where I'm going on.
<html>
<head>
</head>
<body>
<form action="input.php" meathod="post">
Username: <input type="text" name="username"><br>
Password: <input type="text" name="password"><br>
<input type="submit" name="submit">
</form>
<?php
if( isset($_POST['submit'])){
//connecting to a databse
$conn = mysqli_connect("localhost","root","");
mysqli_select_db("test",$conn);
if($conn){
echo 'connected';
}
else {
die('failed to connect');
}
$sql="INSERT INTO users(username,password) VALUES ('$_POST[username]','$_POST[password]')";
mysql_query($sql,$conn);
mysqli_close($conn);
};
?>
</body>
</html>
You have few typos "meathod=post" should be method="post",mysql_query($sql,$conn) should be mysqli_query($conn,$sql) and mysqli_select_db("test",$conn) should be mysqli_select_db($conn,"test")
<html>
<head>
</head>
<body>
<form action="input.php" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="text" name="password"><br>
<input type="submit" name="submit">
</form>
<?php
if( isset($_POST['submit'])){
//connecting to a databse
$conn = mysqli_connect("localhost","root","");
mysqli_select_db($conn,"test");
if($conn){
echo 'connected';
}
else {
die('failed to connect');
}
$sql="INSERT INTO users(username,password) VALUES ('" . $_POST['username'] . "','" . $_POST['password'] . "')";
mysqli_query($conn,$sql);
mysqli_close($conn);
};
?>
</body>
</html>
you have written "meathod=post" instead of "method=post"
also I have changed
$sql="INSERT INTO users(username,password) VALUES ('$_POST[username]','$_POST[password]')";
to
$sql="INSERT INTO users(username,password) VALUES ('" . $_POST['username'] . "','" . $_POST['password'] . "')";
this style much more better
<html>
<head>
</head>
<body>
<form action="lol.php" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="text" name="password"><br>
<input type="submit" name="submit">
</form>
<?php
if( isset($_POST['submit'])){
//connecting to a databse
$conn = mysqli_connect("localhost","root","");
mysqli_select_db("test",$conn);
if($conn){
echo 'connected';
}
else {
die('failed to connect');
}
$sql="INSERT INTO users(username,password) VALUES ('" . $_POST['username'] . "','" . $_POST['password'] . "')";
mysql_query($sql,$conn);
mysqli_close($conn);
};
?>
</body>
</html>
I think problem is here
mysql_query($sql,$conn);
Replace with
mysqli_query($conn,$sql);
I hope this code will help you
<html>
<head>
</head>
<body>
<form action="input.php" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="text" name="password"><br>
<input type="submit" name="submit">
</form>
<?php
if( isset($_POST['submit'])){
//connecting to a databse
$conn = mysqli_connect("localhost","root","");
mysqli_select_db("test",$conn);
if($conn){
echo 'connected';
}
else {
die('failed to connect');
}
$sql="INSERT INTO users(username,password) VALUES (".$_POST["username"].",".$_POST["password"].")";
mysqli_query($conn,$sql);
mysqli_close($conn);
?>
</body>
</html>
Hi i am new to PHP and i am trying to submit a registration form and it works fine but the problem is that when it gives some error like username already exists or password too short in an alert box and then it reloads the form page again and the user has to fill the whole form again i want the fields that are correct to remain unchanged
here is the form page code
<!DOCTYPE HTML>
<html>
<head>
<title>Details</title>
<link rel="stylesheet" type="text/css" href="reg.css">
</head>
<body id="body">
<div id="mmw"> <span> MAP MY WAY </span></div>
<form name="reg" id="reg" method="post" action="insert.php">
<h2>Kindly fill up your Information</h2>
<p>
<input name="username" required class="name" placeholder="Type Your User name" />
<input name="password" placeholder="Type Your Password" class="name" type="password" required />
<input name="first_name" required class="name" placeholder="Type Your First name" />
<input name="last_name" required class="name" placeholder="Type Your Last name" />
<input name="email" required class="email" placeholder="Type a valid E-Mail address" />
<input name="m_no" class="name" placeholder="Type Your Mobile #"/>
<input name="v_name" required class="name" placeholder="Type Your Vahical model and name"/>
<input name="capacity" required class="name" placeholder="Seating capacity"/>
<input name="fuel_type" required class="name" placeholder="Runs on what fuel type"/>
</p>
<p>
<input name="submit" class="btn" type="submit" value="Register" />
</p>
</form>
</div>
</body>
</html>
and here is the page that is processing the data
<?php
$con = mysqli_connect("localhost", "root", "", "map_my_way");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$first_name = mysqli_real_escape_string($con, $_POST['first_name']);
$last_name = mysqli_real_escape_string($con, $_POST['last_name']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$m_no = mysqli_real_escape_string($con, $_POST['m_no']);
$v_name = mysqli_real_escape_string($con, $_POST['v_name']);
$fuel_type = mysqli_real_escape_string($con, $_POST['fuel_type']);
$capacity = mysqli_real_escape_string($con, $_POST['capacity']);
$exists = mysqli_num_rows(mysqli_query($con,"SELECT * FROM members WHERE username='" . $username . "'"));
if ($exists > 0) {
echo "<script language=\"JavaScript\">\n";
echo "alert('username already exists!');\n";
echo "window.location='reg.php'";
echo "</script>";
}
if (strlen ($password) < 6){
echo "<script language=\"JavaScript\">\n";
echo "alert('password must be 6 characters');\n";
echo "window.location='reg.php'";
echo "</script>";
}
else{
// if ($password < 6) {
// echo "<script language=\"JavaScript\">\n";
// echo "alert('username already exists!');\n";
// echo "window.location='reg.php'";
// echo "</script>";
// } else{
//insert query
$sql = "INSERT INTO members (username, password, first_name, last_name, email, m_no, v_name, fuel_type, capacity)
VALUES ('$username', '$password', '$first_name', '$last_name', '$email', '$m_no', '$v_name', '$fuel_type', '$capacity')";
}
//}
if (!mysqli_query($con, $sql)) {
die('Error: ' . mysqli_error($con));
}
else{
header("location:pic.php");
}
// Register $username
session_start();
$_SESSION['login'] = true;
$_SESSION['username'] = $username;
mysqli_close($con);
?>
Thanks in advance
header('Location: http://example.com/some/url'); relplace it with the javascript
also try to make a function to the escape string less typing:
function security($danger) {
mysqli_real_escape_string($con, $danger)}
simply call it with the username like $username = security($_POST['username'])