If the value of the result is 0 it has to go to 'cid_check_firstdep.php' otherways (if its 1) it has to go to 'cid_check_depwid.php'.
It has to work, but i don't know why it doesn't. I've tried what i could that i think would be possible to fix it, but nono.
Code:
<?php
$con = mysql_connect("localhost","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
header('Location: /ucp/error.php');
}
$sql = "SELECT validated FROM users WHERE username='".($_SESSION['username'])."'";
mysql_select_db("bluecard");
mysql_query($sql,$con);
if ($sql<'1')
{
mysql_close($con);
header('Location: /ucp/cid_check_firstdep.php');
}
else
{
mysql_close($con);
header('Location: /ucp/cid_check_depwid.php');
}
?>
or do i have to use :
if ($sql=='0')
?
|||
#John Conde
<?php
if(! get_magic_quotes_gpc() )
{
$withdraw = addslashes ($_POST['withdraw']);
}
else
{
$withdraw = $_POST['withdraw'];
}
$con = mysql_connect("localhost","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
header('Location: /ucp/error.php');
}
$__sql = "SELECT cardvalue FROM users WHERE username='".($_SESSION['username'])."'";
mysql_select_db("bluecard");
mysql_query($__sql,$con);
if ($__sql<'5000000')
{
header('Location: /ucp/includes/withdraw_fail.php');
mysql_close($con);
}
else
{
$_sql = "UPDATE users SET Bank=Bank + '$deposit' WHERE Username='".($_SESSION['username'])."'";
mysql_select_db("server");
mysql_query($_sql,$con);
$sql = "UPDATE users SET cardvalue=cardvalue +- '$deposit', thismonth_withdraw=thismonth_withdraw + '$deposit', lastwithdraw = Now() WHERE username='".($_SESSION['username'])."'";
mysql_select_db("bluecard");
mysql_query($sql,$con);
mysql_close($con);
header('Location: /ucp/includes/withdraw_done.php');
}
?>
You're checking the wrong variable for your SQL result. You're using the variable containing your query instead of the variable you never assigned to capture the result of mysql_query(). You also want to use mysql_num_rows() to see how many results were returned.:
$result = mysql_query($sql,$con);
if ($result && mysql_num_rows($result) == 1) {
FYI, you shouldn't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
Hi Morgan I change your code according to my knowledge. I think this will help you to work done.
If you found any match to the username "count($return_data)" will get 1.
Thanks.
<?php
$con = mysql_connect("localhost","root","password");
$select_db = mysql_select_db("bluecard");
if (!$con)
{
die('Could not connect: ' . mysql_error());
header('Location: /ucp/error.php');
}
$sql = "SELECT validated FROM users WHERE username='".($_SESSION['username'])."'";
$query = mysql_query($sql,$con);
$return_data = array();
while($rows = mysql_fetch_array($query)){
$return_data[]=$rows;
}
if (count($return_data)<=1)
{
mysql_close($con);
header('Location: /ucp/cid_check_firstdep.php');
}
else
{
mysql_close($con);
header('Location: /ucp/cid_check_depwid.php');
}
?>
Related
Ok i get the following error "No database selected" when trying to run a query in php. the connect file in in the connect.inc.php file and that returns no error. i an learning php so any help i thank you. Also to note the query works in phpmyadmin panel with no errors
<?php
require 'connect.inc.php';
$sql = "SELECT `name`, `address`, `city` FROM `customers` ORDER BY `id`";
if ($sql_run = mysql_query($sql)) {
echo 'Success.';
} else {
echo mysql_error();
}
?>
The mysql library is deprecated, use mysqli or PDO.
With mysqli, you can also select the database directly when you're creating the connection (and I recommend doing that when possible, if you're only working with one database) :
$db = mysqli_connect("<host>","<username>","<password>","<database>");
Replace <database> with the DB you want to use.
Either use in your connect.inc.php the mysql_select_db function just after mysql_connect:
mysql_select_db('your_database_name');
or add the database name in every query:
$sql = "SELECT `name`, `address`, `city` FROM `your_database_name`.`customers` ORDER BY `id`";
Note that the mysql library is deprecated and you should use mysqli or PDO. If you're learning, run away from any "tutorial" that still uses these deprecated functions.
hope you write write script to connect DB in this way or you can try this....
$connection = mysql_connect("$dbhost","$dbusername","$dbpass");
if (!$connection)
{
die('Could not connect: ' . mysql_error());
}
else
{
echo "Connected";
$dbcheck = mysql_select_db("$dbname");
if (!$dbcheck) {
echo mysql_error();
}else{
echo "<p>Successfully connected to the database '" . $database . "'</p>\n";
}
}
This is a basic example i have kind of filled in with your code. You will need to fill in the vars with FILL THIS as values.
<?php
$host = "FILL THIS";
$db = "FILL THIS";
$user = "FILL THIS";
$pass = "FILL THIS";
$link = mysql_connect($host,$user ,$pass);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db($db, $link);
if (!$db_selected) {
die ('Can\'t use database : ' . mysql_error());
}
require 'connect.inc.php';
$sql = "SELECT `name`, `address`, `city` FROM `customers` ORDER BY `id`";
if ($sql_run = mysql_query($sql,$link)) {
echo 'Success.';
} else {
echo mysql_error();
}
mysql_close($link);
?>
I need to display a reply data on my page from my 'feedback' field in my mysql table. I want each user to have a different 'feedback' response stored per row and fetched when the user logs into a page through a session. I have set up my database but find it difficult forming the php code to view the feedback on my page...please can someone help../
<?php
session_start();
if ($_SESSION['username'])
{
$con = mysqli_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"loginsession");
$username = $_SESSION['username'];
$sql="SELECT * FROM users WHERE username = $username";
$result = mysqli_query($con,$sql);
$feedback = mysql_query("SELECT feedback FROM users WHERE username='$username'");
echo $feedback;
}
else
header("Location: index.php");
?>
$feedback in this case is not a string, its a mysql resource. You need to fetch each row individually with something like:
echo "<PRE>";
while ($row = mysql_fetch_assoc($feedback)) {
print_r($row);
}
Also you should put $username through mysql_real_escape_string() or else your code may be vulnerable to SQL injection attacks.
Edit: (Disclaimer) The method you are using and my suggestion are very outdated and have been depreciated in php5.5 I suggest you look into prepared statements.
$sql = mysql_query("SELECT feedback FROM users WHERE username='{$username}' LIMIT 1");
$feedback = mysql_fetch_assoc($sql);
echo $feedback[0];
<?php
session_start();
if ($_SESSION['username'])
{
$con = mysqli_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"loginsession");
$username = $_SESSION['username'];
$sql='SELECT feedback FROM users WHERE username = "'.$username.'"';
$result = mysqli_query($con,$sql);
while($row = mysqli_fetch_array($result))
{
echo $row['feedback'];
}
}
else
header("location: index.php");
?>
I am trying to convert my mysql command to fit the new standard of mysqli and I will post the scripts and then the questions. I already created the table in the database.
config.php:
$dbhost="databasehost";
$dbusername="username";
$dbpassword="password";
$dbname="databasename";
$connect = mysql_connect($dbhost, $dbusername, $dbpassword);
mysql_select_db($dbname,$connect) or die ("Could not connect to database");
?>
insert.php:
include("config.php");
if (isset($_POST[firstname]) && isset($_POST[lastname]) && isset($_POST[age])) {
$sql = "INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')";
mysql_query($sql, $connect);
header("Location: add.htm");
// "1 record added";
}
else {
echo "no record added";
}
if (!mysql_query($sql,$connect))
{
die('Error: ' . mysql_error());
}
mysql_close($connect);
?>
view.php:
<?php
include("config.php");
$sql = mysql_query("SELECT * FROM Persons");
if ($sql) {
while($results = mysql_fetch_array($sql)) {
echo $results['FirstName'] . ', ' . $results['LastName'] . ', ' . $results['Age'] . '<br/>';
}
} else {
die('Error: ' . mysql_error());
}
mysql_close($connect);
?>
First, how do I modify the scripts to use the mysqli instead of mysql?
Second, when using the above script, when I add something from the
form it always add duplicate entry. How do I prevent that?
Third, to prevent sql injection what can I add to the code? I know
for php attach I can use "$firstname =
trim(strip_tags(stripslashes($_POST['firstname'])));" Will that also
cover sql injection since I am sanitizing the input?
kindly read through the official manual for the migration :
https://wikis.oracle.com/display/mysql/Converting+to+MySQLi
I've been trying to accomplish this, but as other issues I just can't figured it out. I've been reading around for posibles solutions but non of them goes along with my code, or if they do I can't figure out how or where to use them.
I have a DB where a user sends records. The database consist in few tables containing the Following "Name, Lastname, Phone". If any of this values is duplicate, I would like my code to identify and Ignore the submission of the Form if ALL this VALUES already exist on the DB.
Here is my code:
<?php
$con = mysql_connect("HOST","USER","PASS");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("testdb", $con);
$sql="INSERT INTO people (Name, LastName, Phone)
VALUES
('$_POST[Name]','$_POST[LastName]','$_POST[Phone]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Record Added";
mysql_close($con);
?>
The mysql_* function are all deprecated now, and should NEVER be used. change your code to do something like the following:
//Set up a PDO connection to MySQL
$host = 'host_name';
$dbname = 'database_name';
$user = 'user_name';
$pass = 'user_pass';
try
{
$DB = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
//Determine whether the appropriate values have been passed.
if(isset($_POST['Name']))
{
$name = $_POST['Name'];
}
else
{
echo "You must provide a name!";
exit; //This may not be what you want to do here, it's an example action
}
if(isset($_POST['LastName']))
{
$name = $_POST['LastName'];
}
else
{
echo "You must provide a last name!";
exit; //This may not be what you want to do here, it's an example action
}
if(isset($_POST['Phone']))
{
$name = $_POST['Phone'];
}
else
{
echo "You must provide a phone number!";
exit; //This may not be what you want to do here, it's an example action
}
//Set up the query using anonymous values
$sql="INSERT INTO people (Name, LastName, Phone) VALUES ('?','?','?')";
$sth = $DB->prepare($sql);
try
{
//Attempt to execute the insert statement
$sth->execute(array($_POST[Name], $_POST[LastName], $_POST[Phone]));
echo "Record Added";
}
catch(PDOException $e)
{
//If the insert failed, then you can handle the error, and determine
//what further steps need to be taken.
echo "Record Not Added";
}
Here's another question with a similar setting, that may also be useful to you:
https://stackoverflow.com/a/10414922/1507210
search in the table before insert
<?php
$con = mysql_connect("HOST","USER","PASS");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("testdb", $con);
$name = mysql_real_escape_string($_POST[Name]);
$LastName= mysql_real_escape_string($_POST[LastName]);
$Phone= mysql_real_escape_string($_POST[Phone]);
$search_res=mysql_query("SELECT * from people where Name='$Name' OR LastName='$LastName' OR Phone='$Phone'");
if(mysql_num_rows($search_res) < 1){
$sql="INSERT INTO people (Name, LastName, Phone)
VALUES
('$Name','$LastName','$Phone')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Record Added";
}else{
echo "User Already exits";
}
mysql_close($con);
?>
Try this easy solution
$result = mysql_query("SELECT * FROM TABLE WHERE Column = 'value' ");
if( mysql_num_rows($result) < 1) {
mysql_query("INSERT INTO table (column) VALUES ('value') ");
}
<body>
<?php
session_start();
function salt($pw) {
$salt = "This comment should suffice as salt.";
return sha1($salt.$pw);
}
if (isset($_POST['submit'])) {
$link = mysql_connect('localhost', 'codekadiya', 'pass');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password = salt($password);
$query = mysql_query("SELECT * FROM test WHERE username='$username' AND password='$password'");
if (mysql_num_rows($query)== 0) {
header("location:register.php");
exit;
}
else {
$_SESSION['user'] = $username;
header("location: register.php");
}
}
?>
</body>
I checked on my Connection. It says connection successful but I cant figure out what the other mistake are. Can someone guide me the mistake I have done? I can't find it.
echo 'Connected successfully';
mysql_close($link);
So you're closing the connection and then try to run queryes ? how should that work out ?
You should close the connection ( mysql_close($link); ) after you made you're query to the database ( meaning after $query = mysql_query("SEL..... )
You haven't really told us what doesn't work exactly, but it seems you are closing the MySQL link before the authentication query.
i don't tend to use isset instead i just use if($_POST["something"]) that way i get more relevant errors
also - you're closing the $link before you use it - ???