This question already has answers here:
PHP to check if a URL contains a query string
(4 answers)
Closed 8 years ago.
I would like to check the url to see if it contains a certain value. If yes run the code. Below is how my url would look like.
www.url.com/test/stats.php?player=neo
www.url.com/test/stats.php?player=morpheus
www.url.com/test/stats.php?player=anderson
$userName = $_GET['player'];
I would like to do something like
if ( urlheader contains $userName ) {
//run some code
}
I think what you are trying to do is this. However it won't work with $_POST
if($_GET['player']){
$username = $_GET['player']
//Do your stuff with $username here
}
Try something like below
$userName = $_GET['player'];
if (strpos($url,$userName) !== false) {
//your scripts
}
or
$userName = $_GET['player'];
if($userName == 'Your checking value')
{
//your scripts
}
Related
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 5 years ago.
I am writing a login form with PHP and Mysql.
I did everything its just the forgot password that is not working.
It sends me email confirmation but it does not update the password in the database.
First is the forgot page, then sends an email and redirect me to the confirm_pass.html page where is the form for the two passwords and on this page executes the confirm_pass.php where is doing everything, except updating the password in the database.
Please help.
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Make sure the two passwords match
if ( $_POST['newpassword'] == $_POST['confirmpass'] ) {
$new_password = password_hash($_POST['newpassword'], PASSWORD_BCRYPT);
$email = $mysqli->escape_string($_POST['email']);
$confirm_code = md5(rand().$password);
$result = "UPDATE `mv_db`.`users` SET `password`='$new_password', `confirm`='$confirm_code' WHERE `email`='$email'";
if ( $mysqli->query($result) ) {
header("location: login.html");
}
}
else {
$_SESSION['message'] = " The two passwords you entered don't match, try again!";
header("location: error.php");
}
}
?>
Your $_POST['email'] is not defined, because there is no "email" field in your HTML form.
So nothing is updated in database, because there is no matching record.
This question already has answers here:
How to check if a row exists in MySQL? (i.e. check if username or email exists in MySQL)
(4 answers)
Closed 6 years ago.
I want to check if a user already exists.
I made the following code but it is not working.
The echo in the checkUser is only to look if it jumps in the if clause.
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
$checkUserID = mysql_query("SELECT *
FROM users
WHERE username = '$username'");
if (mysql_num_rows($checkUserID) >= 1) {
//echo "User id exists already.";
echo "testststst";
$user1 = mysql_fetch_array($checkUserId);
$result = flashMessage("User is already taken, please try another one");
//print_r($user); // the data returned from the query
}else if(empty($form_errors)){
...formcheck...
}
I hope somebody can help me I don't know what to do.
I suggest you tu use PDO library. For your problem the best solution is to have the username in the table as PRIMATY KEY or with a UNIQUE CONSTRAINT. This way, if you try to insert two times the same username, the query will throw an exception (or will return false depending how you set it) and it's easier to do.
I can see the following problems with your code--
You haven't made any database connection.
You should check whether the $_POST variables are available or not. That is try to use if(isset) function to check it.
Try using prepared statements as they are more secure.
first of all ur code is vulnerable to sql injections. Wrapped the form data with the function.
<?php
//function to prevent sql injections
function validateFormData($formData) {
$formData = trim( stripslashes( htmlspecialchars( strip_tags( str_replace( array( '(', ')' ), '', $formData ) ), ENT_QUOTES ) ) );
return $formData;
}
$email = validateFormData($_POST['email']);
$username = validateFormData($_POST['username']);
$password = validateFormData($_POST['password']);
$checkUserID = mysql_query("SELECT *
FROM users
WHERE username = '$username'");
if (mysql_num_rows($checkUserID) >= 1) {
//echo "User id exists already.";
echo "testststst";
while ($row = mysqli_fetch_assoc($checkUserID)){
//set some variables to save some data
$usernameD = $row['username'];
}
//compare form username with db username{
if($usernameD === $username){
echo "Username already taken";
}else{
//continue the rest...
}
}
?>
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 6 years ago.
I'm working on a database login system in PHP but one of my users has an exclamation mark in his password which breaks it, The line where it says ($password = $_GET['p'];) is where the password gets passed in
$username = $_GET['u'];
$password = $_GET["p"];
function userLoginIpb($username, $password) { //select the password information froms elected user
$query = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT `members_pass_salt`, `members_pass_hash` FROM `members` WHERE `name` = '$username'");
$results = mysqli_fetch_assoc($query);
$password = md5(md5($results['members_pass_salt']).md5($password));
if ($password == $results['members_pass_hash']) {
return true;
} else {
return false;
}
The issue is your $_GET[] request, since a ! character will be encoded to %21.
Since you're working on the system, do it the correct way instead.
Use POST requests, as you don't want the users to copy paste a link with a password in them.
Use the new functions in PHP, password_hash() with password_verify() as they have a salt build into them making it quite secure and very easy to work with.
Bind values to a SQL string do not blindly put them in there as you are currently open to an easy SQL injection. Adding a password like pass; DROP TABLE members; will break it.
You need to use mysqli_real_escape_string:
<?php
$username = $_GET['u'];
$password = $_GET["p"];
// select the password information froms elected user
function userLoginIpb($username, $password)
{
global $___mysqli_ston;
$s = mysqli_real_escape_string($___mysqli_ston, $username);
$query = mysqli_query($___mysqli_ston, "SELECT `members_pass_salt`, `members_pass_hash` FROM `members` WHERE `name` = '$s'");
$results = mysqli_fetch_assoc($query);
$password = md5(md5($results['members_pass_salt']).md5($password));
return $password == $results['members_pass_hash'];
}
Also take a look at PDO.
This question already has answers here:
What does ? ... : ... do? [duplicate]
(8 answers)
Closed 8 years ago.
in this i have to check if in fields data is fields then it submit otherwise it can display error with if statements
<?php
include("config.php");
$name=$_POST["name"];
$email=$_POST["email"];
$phone=$_POST["phone"];
$budget=$_POST['budget'];
$insert_query="insert into form(name,email,phone,budget) values ('$name','$email','$phone','$budget')";
$con=mysql_query($insert_query);
?>
take a look at empty() function
http://php.net/empty
if (empty($_POST["name"])) {
die('name is empty');
}
Consider the following...
thispage.php
<?php
$name = (empty($_GET['name'])) ? "Fred" : $_GET['name'];
echo $name;
?>
thispage.php = 'Fred'
thispage.php?Wilma = 'Wilma'
And usual caveats about sql injection, prepared statements, deprecated methods, etc.
First you MUST clean post fields before writing in db. Use function mysql_real_escape_string($var)
And second, you can check field data with function empty, for example:
if (!empty($_POST["name"])) {
$name = mysql_real_escape_string($_POST["name"]);
// your query
} else {
echo 'Name is empty!';
}
This question already has an answer here:
Script breaking below MySQL queries, but no error being given?
(1 answer)
Closed 8 years ago.
Hello i have a problem when logging in and a resource #5 id error is returned.
1. When i login from localhost:80/ i login fine and there are no errors.
2. When i login from localhost/index.php for some reason it gives a resource id #5.
Why does this happen and how should i fix it?
The code is below:
require("connectuser.php");
require("activeuser.php");
session_start();
$makesure = stripslashes($_POST['username']);
$makesure16 = stripslashes($_POST['password']);
$applications = mysql_real_escape_string($makesure);
$mytabletop = mysql_real_escape_string($makesure16);
$encryptpassword = md5($makesure16);
$sqlstatement = "SELECT * FROM user WHERE emailaddress = '$makesure' AND password = '$encryptpassword'";
$whatever = mysql_query($sqlstatement) or die("Unable to Sign In");
$appstore = mysql_num_rows($whatever) or die($whatever);
What do i do to fix it though...
Short answer:
Remove the or die... part behind
$appstore = mysql_num_rows($whatever) or die($whatever);
Long answer: Here.
die function can't take the mysql resource $whatever. Try changing the error message to something like $appstore = mysql_num_rows($whatever) or die(mysql_error());
Edit:
$appstore = mysql_num_rows($whatever);
if($appstore === FALSE) die(mysql_error);