I am trying to sign up a new user to my website, but I am having trouble with the actual signup_process.php page. I currently have sign up form within signup.php and the form action within the signup_process.php. My signup page lists the sports as follows;
<label for="Archery"> Archery</label> <input type="checkbox" id="Archery" name="sport[]"value="1">"
My database shows the following;
User table:
user_id
user_email
user_username
user_password
user_firstname
user_surname
user_dob
user_gender
user_city
user_active
User sport table
usersport_id
usersport_user_id
usersport_sport_id
Here is the code on my signup_process.php
<?php
session_start();
$_SESSION['loggedin'];
$_SESSION['id'];
include "includes/connect.php";
include "includes/lists.php";
include "includes/functions.php";
?>
<?php
$_SESSION['username'] = $_POST['username'];
$_SESSION['fname'] = $_POST['fname'];
$_SESSION['surname'] = $_POST['surname'];
$_SESSION['dob'] = $_POST['dob'];
$_SESSION['emailaddress'] = $_POST['emailaddress'];
$_SESSION['password'] = $_POST['password'];
$_SESSION['gender'] = $_POST['gender'];
$_SESSION['city'] = $_POST['city'];
$_SESSION['sports'] = $_POST['sports'];
$username = $_POST['username'];
$fname = $_POST['fname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$emailaddress = $_POST['emailaddress'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$city = $_POST['city'];
$query = "INSERT INTO user (
user_username,
user_firstname,
user_surname,
user_dob,
user_email,
user_password,
user_gender,
user_city,
user_active
)
VALUES(
'".$_POST['username']."',
'".$_POST['firstname']."',
'".$_POST['surname']."',
'".$_POST['dob']."',
'".$_POST['email']."',
'".$_POST['password']."',
'".$_POST['gender']."',
'".$_POST['city']."',
'1' ) ";
mysql_query($query) or die (mysql_error());
$lastid = mysql_insert_id();
$sports = $_POST['sports'];
foreach ($sports as $key => $value){
$query2 = " INSERT INTO usersport
(
usersport_user_id, usersport_sport_id
)
VALUES(
'".$lastid."',
'".$value."'
) ";
mysql_query($query2) or die (mysql_error());
}
My signup process seemed to work before I added this which is for the allocation of sports to the new user;
$lastid = mysql_insert_id();
$sports = $_POST['sports'];
foreach ($sports as $key => $value){
$query2 = " INSERT INTO usersport
(
usersport_user_id, usersport_sport_id
)
VALUES(
'".$lastid."',
'".$value."'
) ";
mysql_query($query2) or die (mysql_error());
}
?>
Could anyone please tell me where I've gone wrong?
Related
Trying to update the logged in users details using a form. The details are already in the form when the page loads so if the user wants to change thier mobile number for example they delete the current number, insert the new number and click update.
I get this message when I click update " Unknown column 'Adrian93' in 'where clause' " Adrian93 is the username
<?php
require('dbConnection.php');
require('checklogin.php');
if(isset($_POST['update']))
{
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$DOB = $_POST['dob'];
$natInsNo = $_POST['natInsNo'];
$address = $_POST['address'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$password = $_POST['password'];
$query = "UPDATE users SET firstName='$firstName', lastName='$lastName', DOB='$DOB', natInsNo='$natInsNo', address='$address', email='$email', mobile='$mobile', password='$password' WHERE username = {$_SESSION['username']}";
$results = mysqli_query($conn, $query) or die (mysqli_error($conn));
}
?>
Ralphs comment "Probably has to do with your squirly brackets. I'd set $username = $_SESSION['username'] before your query then just do WHERE username='$username' Also be careful for SQL injections, I'd use prepared statements in you're case as you're taking form inputs and directly placing them in your query" solved the query. Runs now without any errors.
<?php
require('checklogin.php');
if(isset($_POST['update']))
{
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$DOB = $_POST['dob'];
$natInsNo = $_POST['natInsNo'];
$address = $_POST['address'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$password = $_POST['password'];
$username = $_SESSION['username'];
$query = "UPDATE users SET firstName='$firstName', lastName='$lastName', DOB='$DOB', natInsNo='$natInsNo', address='$address', email='$email', mobile='$mobile', password='$password' WHERE username = '$username'";
$results = mysqli_query($conn, $query) or die (mysqli_error($conn));
}
?>
Ho can I check the database first if a user exists then use a insert statement if it does not. The code currently only executes the select statement.
<?php
include_once('includes/dbconn.php');
if (isset($_POST['submitted'])) {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$user = $_POST['user'];
$pass = $_POST['pass'];
$query_check_user = "SELECT username FROM Users WHERE username = '$user'";
$query = "INSERT INTO Users(firstname, lastname, username, password) VALUES ('$fname','$lname','$user','$pass')";
if (mysqli_query($dbconn, $query_check_user)) {
echo "user already exists";
mysqli_close($dbconn);
}else{
mysqli_query($dbconn, $query);
}
}
?>
<?
include_once('includes/dbconn.php');
if (isset($_POST['submitted'])) {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$user = $_POST['user'];
$pass = $_POST['pass'];
//Query for count
$query_check_user = "SELECT count(*) as total FROM Users WHERE username = '$user'";
$query = "INSERT INTO Users(firstname, lastname, username, password) VALUES ('$fname','$lname','$user','$pass')";
//Execute query for count
$result = mysqli_query($dbconn, $query_check_user);
//Fetch result
$data = mysqli_fetch_assoc($result);
//Check if count >0
if ($data['total']>0) {
echo "user already exists";
mysqli_close($dbconn);
}else{
mysqli_query($dbconn, $query);
}
}
?>
you can use mysqli_num_rows(); to check the number if result if it is greater then 0 then user exist else insert user data.
my example :
include_once('includes/dbconn.php');
if (isset($_POST['submitted'])) {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$user = $_POST['user'];
$pass = $_POST['pass'];
$query_check_user = "SELECT username FROM Users WHERE username = '$user'";
$query_result = mysqli_query($query_check_user);
$query = "INSERT INTO Users(firstname, lastname, username, password) VALUES ('$fname','$lname','$user','$pass')";
if (mysqli_num_rows($query_result) > 0) {
echo "user already exists";
mysqli_close($dbconn);
}else{
mysqli_query($dbconn, $query);
}
}
as I get from your question is, you want to insert the user if the user doesn't exist, right?
$query_check_user = "SELECT username FROM Users WHERE username = '$user'";
$b = mysqli_query($dbconn,$query_check_user);
$a = mysqli_num_rows($b);
if($a<0):
mysqli_query(dbconn, "INSERT INTO Users(firstname, lastname, username, password) VALUES ('$fname','$lname','$user','$pass')");
endif;
I have the script below running on my server when the postdata is passed all the fields in the database contain the number 1 and not the data I need
<?php
$servername = "localhost";
$username = "tadmin_admin";
$password = "Revolution1990#";
$dbname = "tadmin_datalord";
$db = new PDO( 'mysql:host=webpag.cu.cc;dbname=tadmin_datalord', $username, $password );
$ip = isset($_POST['ipaddress']);
$ip =strip_tags($ip);
$useragent = $_SERVER['HTTP_USER_AGENT'];
$useragent =strip_tags($useragent);
$username = isset($_POST['fpuser1']);
$username =strip_tags($username);
$email = isset($_POST['fpuser2']);
$email =strip_tags($email);
$password = isset($_POST['fpuser3']);
$password =strip_tags($password);
$passwordc = isset($_POST['fpuser4']);
$passwordc =strip_tags($passwordc);
$address = isset($_POST['address']);
$address =strip_tags($address);
$county = isset($_POST['county']);
$county =strip_tags($county);
$country = isset($_POST['country']);
$country =strip_tags($country);
$postcode = isset($_POST['postcode']);
$postcode =strip_tags($postcode);
$title = isset($_POST['title']);
$title =strip_tags($title);
$fname = isset($_POST['fname']);
$fname =strip_tags($fname);
$lname = isset($_POST['lname']);
$lname =strip_tags($lname);
$dob = isset($_POST['dob']);
$dob =strip_tags($dob);
$sql = "INSERT INTO liningdata ( userdata, ipaddress, username,email, password, passwordc , address, county, country, postcode, title,fname, lname, dob ) VALUES ( :useragent, :ip, :username, :email,:password, :passwordc, :address, :county,:country, :postcode, :title,:fname, :lname, :dob )";
$query = $db->prepare( $sql );
$query->execute( array( ':useragent'=>$useragent , ':ip'=>$ip ':username'=>$username , ':email'=>$email , ':password'=>$password':passwordc'=>$passwordc , ':address'=>$address ,':county'=>$county ,':country'=>$country , ':postcode'=>$postcode , ':title'=>$title ,':fname'=>$fname , ':lname'=>$lname , ':dob'=>$dob ) );
if ($query){
}
else{
}
?>
Can anyone help me fix this problem? I am so stuck onto why my table only contains the digit 1 in all columns.
isset return 1, so you have to change :
$ip = (isset($_POST['ipaddress']))?strip_tags($_POST['ipaddress']):'';
$useragent = strip_tags($_SERVER['HTTP_USER_AGENT']);
$username = (isset($_POST['fpuser1']))?strip_tags($_POST['fpuser1']):'';
and so on...
So I am creating a forum and currently working on the sign up script. I have the sign up form in the signup.php page and the processing part in the signup_process.php
I have an issue where only a current user is able to sign up a new user when they are signed in, any suggestions on how to fix this. I am not able to sign up a new user when I am not logged in as a current one.
Below is my signup_process.php page:
<?php
include "includes/pagetop.php";
include "includes/header.php";
include "includes/nav.php";
?>
<?php
$_SESSION['username'] = $_POST['username'];
$_SESSION['fname'] = $_POST['fname'];
$_SESSION['surname'] = $_POST['surname'];
$_SESSION['dob'] = $_POST['dob'];
$_SESSION['emailaddress'] = $_POST['emailaddress'];
$_SESSION['password'] = $_POST['password'];
$_SESSION['gender'] = $_POST['gender'];
$_SESSION['city'] = $_POST['city'];
$_SESSION['sports'] = $_POST['sports'];
$username = $_POST['username'];
$fname = $_POST['fname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$emailaddress = $_POST['emailaddress'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$city = $_POST['city'];
$query = "INSERT INTO user
(
user_username,
user_firstname,
user_surname,
user_dob,
user_email,
user_password,
user_gender,
user_city,
user_active
)
VALUES(
'".$_POST['username']."',
'".$_POST['firstname']."',
'".$_POST['surname']."',
'".$_POST['dob']."',
'".$_POST['email']."',
'".$_POST['password']."',
'".$_POST['gender']."',
'".$_POST['city']."',
'1'
) ";
mysql_query($query) or die (mysql_error());
$lastid = mysql_insert_id();
$sports = $_POST['sports'];
foreach ($sports as $key => $value){
$query2 = " INSERT INTO usersport
(
usersport_user_id,
usersport_sport_id
)
VALUES(
'".$lastid."',
'".$value."'
)";
mysql_query($query2) or die (mysql_error());
}
?>
If you are talking about inserting duplicate users, you could solve this making on the database a primary key on username and an unique index on emailaddress.
If you are talking about the sign up page being served while a user is currently authenticated, you could create a session variable that is set to true when the current user authenticates into the system. Them you could check if this variable is false to serve the sign up page, or give a error otherwise.
And you have a sql injection vulnerability in your code, you should consider using prepared statements instead of plain text.
i'm creating a site for a client and i get an error message saying "undefined index". I'm trying to upload data to a database from 3 multi form pages and they are handled by cv.php.
The form details are stored on page 2
<?php
session_start();
if(isset($_SESSION['FirstName'])){
$_SESSION['FirstName'] = $_POST['FirstName'];}
if(isset($_SESSION['LastName'])){
$_SESSION['LastName'] = $_POST['LastName'];}
if(isset($_SESSION['dob'])){
$_SESSION['dob'] = $_POST['dob'];}
if(isset($_SESSION['Age'])){
$_SESSION['Age'] = $_POST['Age'];}
if(isset($_SESSION['AddressLine1'])){
$_SESSION['AddressLine1'] = $_POST['AddressLine1'];}
if(isset($_SESSION['AddressLine2'])){
$_SESSION['AddressLine2'] = $_POST['AddressLine2'];}
if(isset($_SESSION['City'])){
$_SESSION['City'] = $_POST['City'];}
if(isset($_SESSION['County'])){
$_SESSION['County'] = $_POST['County'];}
if(isset($_SESSION['PostCode'])){
$_SESSION['PostCode'] = $_POST['PostCode'];}
if(isset($_SESSION['Country'])){
$_SESSION['Country'] = $_POST['Country'];}
if(isset($_SESSION['Telephone'])){
$_SESSION['Telephone'] = $_POST['Telephone'];}
if(isset($_SESSION['Mobile'])){
$_SESSION['Mobile'] = $_POST['Mobile'];}
if(isset($_SESSION['Email'])){
$_SESSION['Email'] = $_POST['Email'];}
?>
Page 3
<?php
session_start();
if(isset($_SESSION['Skills'])) {
$_SESSION['Skills'] = $_POST['Skills'];}
if(isset($_SESSION['ReasonApp'])){
$_SESSION['ReasonApp'] = $_POST['ReasonApp'];}
if(isset($_SESSION['WorkName'])){
$_SESSION['WorkName'] = $_POST['WorkName'];}
if(isset($_SESSION['WorkDesc'])){
$_SESSION['WorkDesc'] = $_POST['WorkDesc'];}
if(isset($_SESSION['W_AddressLine1'])){
$_SESSION['W_AddressLine1'] = $_POST['W_AddressLine1'];}
if(isset($_SESSION['W_AddressLine2'])){
$_SESSION['W_AddressLine2'] = $_POST['W_AddressLine2'];}
if(isset($_SESSION['W_City'])){
$_SESSION['W_City'] = $_POST['W_City'];}
if(isset($_SESSION['W_Telephone'])){
$_SESSION['W_Telephone'] = $_POST['W_Telephone'];}
?>
And my CV.php
<?
session_start();
ini_set('display_errors',1);
error_reporting(E_ALL);
//include connection profile
require_once("Sql/con.php");
include("config.php");
//declare variables with sessions
$FirstName = $_SESSION['FirstName'];
$LastName = $_SESSION['LastName'];
$dob = $_SESSION['dob'];
$Age = $_SESSION['Age'];
$AddressLine1 = $_SESSION['AddressLine1'];
$AddressLine2 = $_SESSION['AddressLine2'];
$PostCode = $_SESSION['PostCode'];
$City = $_SESSION['City'];
$County = $_SESSION['County'];
$Country = $_SESSION['Country'];
$Mobile = $_SESSION['Mobile'];
$Telephone = $_SESSION['Telephone'];
$Email = $_SESSION['Email'];
$Skills = $_SESSION['Skills'];
$ReasonApp = $_SESSION['ReasonApp'];
$SchoolName = $_SESSION['SchoolName'];
$Course = $_SESSION['Course'];
$Certificate = $_SESSION['Certificate'];
$DateFrom = $_SESSION['DateFrom'];
$DateTo = $_SESSION['DateTo'];
$CollName = $_SESSION['CollName'];
$CollQualification = $_SESSION['CollQualification'];
$CollYear = $_SESSION['CollYear'];
$WorkName = $_SESSION['WorkName'];
$WorkDesc = $_SESSION['WorkDesc'];
$W_AddressLine1 = $_SESSION['W_AddressLine1'];
$W_AddressLine2 = $_SESSION['W_AddressLine2'];
$W_PostCode = $_SESSION['PostCode'];
$W_City = $_SESSION['City'];
$W_Telephone = $_SESSION['Telephone'];
//database connection
$dblink = mysqli_connect($mysql_host,$mysql_user,$mysql_pw,$mysql_db) OR DIE ("Unable to
connect to database! Please try again later.");
//inserting information into tables
$order = "INSERT INTO CV_personal
(FirstName,LastName,dob,Age,AddressLine1,AddressLine2,PostCode,City,County,Country,Mobile,Telephone,Email,Skills,ReasonApp,SchoolName,Course,Certificate,DateFrom,DateTo,CollName,CollQualification,CollYear,WorkName,WorkDesc,W_AddressLine1,W_AddressLine2,W_City,W_Telephone)
VALUES
('$FirstName',
'$LastName',
'$dob',
'$Age',
'$AddressLine1',
'$AddressLine2',
'$PostCode',
'$City',
'$County',
'$Country',
'$Mobile',
'$Telephone',
'$Email',
'$Skills',
'$ReasonApp',
'$SchoolName',
'$Course',
'$Certificate',
'$DateFrom',
'$DateTo',
'$CollName',
'$$CollQualification',
'$ColYear',
'$WorkName',
'$WorkDesc',
'$W_AddressLine1',
'$W_AddressLine2',
'$W_PostCode',
'$W_City',
'$W_Telephone',)";
//declare in the order variable
$result = mysqli_query($dblink, $order); //order executes
?>
On my final page do i need to had my form into the session because i declared a variable for them on Cv.php ?
Thank you
In your first two blocks of code, you should be checking if the $_POST[...] is set, not the $_SESSION[...] because that it what you are assigning, so it won't cause an error.
On CV.php you should check whether the $_SESSION[...] exists before assigning it to a variable or else it WILL cause an error.
Tip:
If you are going to name your variables exactly the name of all your keys in the $_SESSION array. You can just substitute you many lines with this single line:
extract($_SESSION);
More on extract: http://www.php.net/extract