I've been trying to implement the following shopping cart website on xampp. The link for the page is : http://www.w3programmers.com/build-a-shopping-cart-with-php-part-1/
However when I try running my login page I get the following error:-
Here's the tab that opens when I try to login:
Here's the login code :-
<?php
session_start();
require("config.php");
if(isset($_SESSION['SESS_LOGGEDIN']) == TRUE) {
header("Location:".$config_basedir);
}
if($_POST['submit'])
{
$loginsql = "SELECT * FROM logins WHERE username = '" . $_POST['userBox']. "' AND password = '" . $_POST['passBox'] . "'";
$loginres = mysql_query($loginsql);
$numrows = mysql_num_rows($loginres);
if($numrows == 1)
{
$loginrow = mysql_fetch_assoc($loginres);
session_register("SESS_LOGGEDIN");
session_register("SESS_USERNAME");
session_register("SESS_USERID");
$_SESSION['SESS_LOGGEDIN'] = 1;
$_SESSION['SESS_USERNAME'] = $loginrow['username'];
$_SESSION['SESS_USERID'] = $loginrow['id'];
$ordersql = "SELECT id FROM rides WHERE customer_id = " . $_SESSION['SESS_USERID'] . " AND status < 2";
$orderres = mysql_query($ordersql);
$orderrow = mysql_fetch_assoc($orderres);
session_register("SESS_ORDERNUM"); $_SESSION['SESS_ORDERNUM'] = $orderrow['id'];
header("Location:".$config_basedir);
}
else {
header("Location:http://" .$_SERVER['HTTP_HOST']. $_SERVER['SCRIPT_NAME'] . "?error=1");
}
}
else {
require("header.php");
?>
<h1>Customer Login</h1>
Please enter your username and password to log into the websites. If you do not have an account, you can get one for free by registering.
<?php
if(isset($_GET['error'])) {
echo "<strong>Incorrect username/password</strong>";
}
?>
<form action="<?php $_SERVER['SCRIPT_NAME']; ?><br />" method="POST">
<table>
<tbody>
<tr>
<td>Username</td>
<td><input type="textbox" name="userBox" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="passBox" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Log in" /></td>
</tr>
</tbody>
</table>
</form>
<?php
}
require("footer.php");
?>
And here's the header code:-
<?php
session_start();
if(isset($_SESSION['SESS_CHANGEID'])==TRUE){
session_unset();
session_regenerate_id();
}
require("config.php");
$db = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbdatabase, $db);
?>
<head>
<title><?php echo $config_sitename; ?></title>
<meta charset="utf-8"/>
<link rel="stylesheet" type="text/css" href="../stylesheet.css">
</head>
<body>
<div id="header">
<h1><?php echo $config_sitename; ?></h1>
</div>
<div id="menu">
Home
View Rides
</div>
<div id="container">
<div id="bar">
<?php
require("bar.php");
echo "<hr>";
if(isset($_SESSION['SESS_LOGGEDIN'])==True){
echo "Logged in as <strong>".$_SESSION['SESS_USERNAME']."</strong>[<a href='".$congif_basedir."logout.php'>logout</a>]";
}else{
echo "<a href='".$config_basedir."login.php'>Login</a>";
}
?>
</div>
<div id="main">
I suspect it's something to do with the header function, though I'm not really sure.
May I ask you to put here code from config.php? Or at least tell what value of $config_basedir?
Updated: $config_basedir should be URL in this format: http://localhost/ . 'some folders' . 'file name with extension', for example, like this: http://localhost/sites/shop/index.php.
If a file or folder of the file is located in the same or child directory your URL can be just: file 'file_name or folder/file_name. For example just index.php or folder/folder/index.php.
An extension like .php | .htmlmay not be mandatory depending on your server settings. That is, you can indicate the URL like this: folder/index or index; 'index' - is a file name in this case.
I have done this from one of the youtube channel .. ii just copied all the code but still its not working. can you anyone can help me on this. I have facing the error at end saying NOT INSERTED.
**index.php**
<html>
<head>
<title>Data entry practise</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<div class="wrapper">
<form action="insert.php" method="_POST">
Name: <input type="text" name="username"><br><br>
Email Address: <input type="text" name="email"><br><br>
<input type="submit" value="insert">
</form>
</div>
</body>
</html>
Now this is the inset.php code section. seems like here is some error .. please help me out
**insert.php**
<?php
$con = mysqli_connect('localhost','root','');
if(!$con)
{
echo "not connected";
}
if(!mysqli_select_db($con,'tutorial'))
{
echo 'database Note Selected';
}
$Name = $_POST['username'];
$Email = $_POST['email'];
$sql = "INSERT INTO person (Name,Email) VALUES ('$Name', '$Email')";
if(!mysqli_query($con, $sql))
{
echo "Not Inserted";
}
else
{
echo "Inserted";
}
?>
The problem is that the form method is incorrect. You have to write it without the underscore
**index.php**
<html>
<head>
<title>Data entry practise</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<div class="wrapper">
<form action="insert.php" method="POST">
Name: <input type="text" name="username"><br><br>
Email Address: <input type="text" name="email"><br><br>
<input type="submit" value="insert">
</form>
</div>
</body>
</html>
EDIT:
I think the problem is on your mysql connection. You need to add the db on the $con variable, like this:
insert.php
$con = mysqli_connect('localhost','root','', 'tutorial');
if(!$con)
{
echo "not connected";
}
if(!mysqli_select_db($con,'tutorial'))
{
echo 'database Note Selected';
}
$Name = $_POST['username'];
$Email = $_POST['email'];
$sql = "INSERT INTO person (Name,Email) VALUES ('$Name', '$Email')";
if(!mysqli_query($con, $sql))
{
echo "Not Inserted";
}
else
{
echo "Inserted";
}
?>
I tested with your code and it is working.
One more thing, you need to change the form method to "POST", without underscore, it is important.
I am writing code that produces a <textarea> for a user to input something but it isn't giving me any output besides "please include some content" which is what it means to do if there is nothing in the box. This appears even if there is content in the <textarea> and won't even say "post fail" which is what it is meant to do if it can't insert into the database.
I am asking if anybody can see if there is something I have neglected to include, or if there is something that is wrong with my code.
<?php
session_start();
require('connect.php');
if(#$_SESSION["name"]){
//echo "welcome ".$_SESSION['name'];
?>
<html>
<link rel="stylesheet" type="text/css" href="styles.css" />
<head>
<title> Welcome to faecesbook</title>
</head>
<?php include('header.php'); ?>
<form action="post.php" method="POST">
<br / >
<br / >
<br / >
<br / >
<center>
<br/>
<br/>
Type your post here:<br/>(160CharLimit)<br/>
<textarea style="resize: none; width: 800px; height: 100px;" name="con" maxlength="160">
</textarea>
<br />
<input type="submit" name="submit" value="Post" style="width: 800px;" >
</center>
</form>
<body>
</body>
</html>
<?php
$content = #$_POST['con'];
$post_date = date("d-m-y");
if(isset($_POST['submit'])){
if($content){
if($query = mysqli_query($conn, "INSERT INTO post(`postID`, `userID` , `post_date` , `in_reply_to`, `postContent` )
VALUES ('','".$_SESSION["userID"]."','".$post_date."','','".$content."')") )
echo "post successful";
}else{
echo "post fail";
}
}else{
echo "Please include some content";
}
}
?>
Try this code. It should work.
<?php
session_start();
require('connect.php');
if(#$_SESSION["name"]){
//echo "welcome ".$_SESSION['name'];
?>
<html>
<link rel="stylesheet" type="text/css" href="styles.css" />
<head>
<title> Welcome to faecesbook</title>
</head>
<?php include('header.php'); ?>
<form action="post.php" method="POST">
<br / >
<br / >
<br / >
<br / >
<center>
<br/>
<br/>
Type your post here:<br/>(160CharLimit)<br/>
<textarea style="resize: none; width: 800px; height: 100px;" name="con" maxlength="160">
</textarea>
<br />
<input type="submit" name="submit" value="Post" style="width: 800px;" >
</center>
</form>
<body>
</body>
</html>
<?php
$post_date = date("d-m-y");
if(isset($_POST['submit'])){
if(isset($_POST['con']) && $_POST['con'] != ''){
$content = #$_POST['con'];
if($query = mysqli_query($conn, "INSERT INTO post(`postID`, `userID` , `post_date` , `in_reply_to`, `postContent` )
VALUES ('','".$_SESSION["userID"]."','".$post_date."','','".$content."')") )
echo "post successful";
}else{
echo "post fail";
}
}else{
echo "Please include some content";
}
}
?>
You have a missing braces in your code
if(#$_SESSION["name"]){
//echo "welcome ".$_SESSION['name'];
Should read
if(#$_SESSION["name"]){
//echo "welcome ".$_SESSION['name'];
}
And
if($query = mysqli_query($conn, "INSERT INTO post(`postID`, `userID` , `post_date` , `in_reply_to`, `postContent` )
VALUES ('','".$_SESSION["userID"]."','".$post_date."','','".$content."')") ) // <--- here
echo "post successful";
}else{
echo "post fail";
}
Making it readable also helps reduce errors
$query = mysqli_query($conn, "INSERT INTO post(`postID`, `userID` , `post_date` , `in_reply_to`, `postContent` )
VALUES ('','".$_SESSION["userID"]."','".$post_date."','','".$content."')");
if ($query){
echo "post successful";
}else{
echo "post fail";
}
I see your code sends submited data to another page, i checked it through print_r($_POST)
I changed <form action="post.php" method="POST"> to <form action="" method="POST"> and tried and it was working, in case if the code you submited here is not "post.php" do this.
So it means someting is wrong with your insert query. So try this PDO way of inserting data.I thought of suggesting you the following easy pdo insert
$dbhost = "localhost";
$dbname = "mydatabase";
$dbusername = "root";
$dbpassword = "mypppasss";
//connection string
$link = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbusername,$dbpassword);
Inside the if($content) put the following code and try
$statement = $link->prepare("INSERT INTO post(userID,post_date,postContent)
VALUES(:inp1,:inp2,:inp3,:inp4)");
$statement->execute(array(
inp1=>$_SESSION["userID"],
inp2=>$post_date,
inp4=>$content
));
EDITED
Add this code to the form submitted page to see the posted data for debugging.
if($_POST){
echo '<pre>';
print_r($_POST);
echo '</pre>';
}
EDITED
Note:# is used to hide errors, prevent it from displaying error
messages. that doesn't mean there is no error. Remove # for debugging
EDITED
Change your whole insert query part to this and try
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO post(userID,post_date,in_reply_to,postContent)
VALUES (".$_SESSION['userID'].",".$post_date.",'',".$content.")";
if (mysqli_query($conn, $sql)) {
echo "inserted";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
This is what was wrong.
i had two set of <?php ?>, the first one in the code included require('connect.php'); within it, and the second one required it also.
<?php
require('connect.php'); <<<<<------ NEEDED TO ADD THIS
$content = #$_POST['con'];
$post_date = date("d-m-y");
$userID = mysqli_query($conn,"SELECT userID FROM users WHERE name = '".$_SESSION['name']."'");
if(isset($_POST['submit'])){
if($content){
if($query = mysqli_query($conn, "INSERT INTO post(`postID`, `userID` , `post_date` , `in_reply_to`, `postContent` )
VALUES ('','".$userID."','".$post_date."','','".$content."')") )
echo "post successful";
}else{
echo "post fail";
}
}else{
echo "Please include some content";
}
}
?>
So thats what i think the offending piece of code was. And it now will give me error saying the SQLI query was unnsuccessful, which means it is at least attempting that part, whereas before it was not.
I'm making a php file called changepassword.php and the sole purpose of the file is to allow the user to change their password. However, when they go through the form to change their password the box fields clear and I receive my echo warning echo "A Password Box was Left Empty!". This does not want to seem to update the user's password and I have no clue what do. I am new to this language so don't expect much. I would greatly appreciate some constructive input to help me code php better.
<?php
session_start();
#error_reporting(E_ALL); ini_set('display_errors', 1);
require_once('connect.php');
require_once "lib.php";
require_once "utils.php";
if(isset($_POST['submit']) && $_SESSION['active']===true)
{
if(!empty($_POST['OldPassword'])&&
!empty($_POST['NewPassword'])&&
!empty($_POST['NewPassword1']))
{
$OldPassword = mysqli_real_escape_string($link,htmlentities($_POST['OldPassword']));
$NewPassword = mysqli_real_escape_string($link,htmlentities($_POST['NewPassword']));
$NewPassword1 = mysqli_real_escape_string($link,htmlentities($_POST['NewPassword1']));
$EmailAdress = $_SESSION['EmailAdress'];
$sql = "SELECT * FROM users WHERE EmailAddress='$EmailAddress'";
if($result = mysqli_query($link, $sql))
{
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
{
$temp1=$row['Password'];
if($row['Password'] != $OldPassword)
{
echo "<div id='change_error1'>* This Does Not Match Previous Password!<br></div>";
}
}
if($NewPassword != $NewPassword1)
{
echo "<div id='change_error2'>* You Passwords DO NOT Match!</div>";
}
if($temp1 == $OldPassword && $NewPassword == $NewPassword1)
{
$sql = "UPDATE users SET Password='$NewPassword' WHERE EmailAddress='$EmailAddress'";
if($result = mysqli_query($link, $sql))
{
header("Location: profile.php");
echo "<strong>YOURE PASSWORD HAS BEEN UPDATED!</strong>";
}
}
}
}
else
{
echo "<div id='change_error3'>A Password Box was Left Empty!</div>";
}
}
?>
<html>
<head>
<title>Change Password</title>
</head>
<br></br>
<br></br>
<body class="body">
<div id="wrapper">
<div id="header">
<br>
<h1> PHP Learning Course </h1>
<br>
<?php require_once "left.php" ?>
</div>
<div id="change">
<div id="change_name">
<h3> Change Password</h3>
</div>
<p>
<div id='change_form'>
<form action='changepass.php' method='POST'>
Old Password:<br> <input name='OldPassword' type='password'/></br>
<br>
New Password:<br> <input name='NewPassword' type='password'/></br>
<br>
Confirm Password:<br> <input name='newpass1' type='password'/></br>
<br>
<input name='submit' type='submit' value='Change Password' />
</form>
</p>
</div>
</div>
<!-- end main div -->
</div>
<!-- end wrapper div -->
</body>
</html>
!empty($_POST['NewPassword1']))
index should be, newpass1
i.e. !empty($_POST['newpass1']))
because in the form, you have put,
Confirm Password:<br> <input name='newpass1' type='password'/></br>
stick with one convention to avoid these errors.
I've got a big issue with my website. I've made a profile page which will allow users to amend their details, and then submit. Upon submitting the details should be updated in the database, however I just get a blank page and nothing happens. I've been up for 30+ hours trying to figure things out but no luck. It's likely to be screwed up, as now is my brain.
Any help would be GREATLY appreciated.
Profile amend page:
<?php
session_start();
if (!isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Index</title>
<link href="External style sheet layout.css" rel="stylesheet" type="text/css" />
<h1><?php echo date("D M d, Y G:i a"); ?>
<?php $welcome = 'Hi';
if (date("H") < 12) {
$welcome = 'Good Morning';
} else if (date('H') > 11 && date("H") < 18) {
$welcome = 'Good Afternoon';
} else if(date('H') > 17) {
$welcome = 'Good Evening';
}
echo $welcome;
?></h1>
<div class="Login">
<h3><ul>
<?php if(isset($_SESSION['authenticatedUser']) && $_SESSION['authenticatedUser'] != null ) {?>
<li>Welcome <?php echo $_SESSION["authenticatedUser"] ?></li>
<li><span>Log Out</span></li>
<?php } else {?> <li><span>Log In</span></li> <?php } ?>
<li>Register</li>
<li>Basket</li>
</ul></h3>
</div>
</head>
<body>
<div id="container">
<div id="header">
<img src="Images/Schurter3.jpg" width="800" height="300" alt="Schurter" />
</div>
<div id="navigation">
<ul id="navbar">
<li>Home</li>
<li>Components
<ul>
<li>Circuit Protection
<li>Connectors</li>
<li>Switches</li>
<li>EMC Products</li>
<li>Other Products</li>
</ul>
</li>
<li>Electronic Manufacturing Services
<ul>
<li>Application Examples</li>
<li>Processes</li>
</ul>
</li>
<li>About</li>
<li>Contact</li>
</ul>
</div>
<?php
include 'db.inc';
//Check to see if a customer ID has been passed in the URL
$memberID = $_GET["memberID"];
// Has a custID been provided? If so, retrieve the customer
// details for editing.
if (!empty($memberID))
{
$connection = mysql_connect($hostname, $username, $password) or die ("Unable to connect!");
// select database
mysql_select_db($databasename) or die ("Unable to select database!");
$query = "SELECT * FROM members WHERE id = " . $memberID;
//Get the recordset
$recordSet = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
$row = mysql_fetch_assoc($recordSet);
//Check for errors
//if (!$recordSet)
// print $connection->ErrorMsg();
// else
// {
// Load all the form variables with customer data
$Firstname = $row['Firstname'];
$Surname = $row['Surname'];
$Emailaddress = $row['Emailaddress'];
$Username = $row['Username'];
$Password = $row['Password'];
// }//End else
}
?>
<form name="RegisterForm" action="ProfileUpdate.php" method="post" >
<input type="hidden" name="memberID" value="<?php echo $memberID;?>">
<label>First name*</label>
<input name="Firstname" placeholder="Enter first name here" value="<?php echo $Firstname;?>" required/>
<label>Surname*</label>
<input name="Surname" placeholder="Enter surname here" value="<?php echo $Surname;?>" required/>
<label>Email*</label>
<input name="Emailaddress" type="email" placeholder="Enter email here" value="<?php echo $Emailaddress;?>" required/>
<label>Username*</label>
<input name="Username" type="text" placeholder="Enter a desired username" value="<?php echo $Username;?>" required/>
<label>Password*</label>
<input name="Password" type="password" placeholder="Enter a desired password" value="<?php echo $Password;?>" required/>
<input id="submit" name="submit" type="submit" value="Update Details">
</form>
</body>
</html>
And this is the update action page:
<?php
require('db.inc');
$memberID = $_GET["id"];
echo $memberID;
// trim the POSTed values - gets rid of unecessary whitespace
$Firstname = $_POST['Firstname'];
$Surname = $_POST['Surname'];
$Emailaddress = $_POST['Emailaddress'];
$Username = $_POST['Username'];
$Password = $_POST['Password'];
//Here we use validation at the server
// Vaildate the firstname
?>
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head><title>Customer Details Error</title></head>
<body bgcolor="white">
<h1>Customer Details Error</h1>
<?=$errorString?>
<br>Return to the customer form
</body>
</html>
<?php
// If we made it here, then the data is valid
$connection = mysql_connect($hostname, $username, $password) or die ("Unable to connect!");
// select database
mysql_select_db($databasename) or die ("Unable to select database!");
// this is an update
if (!empty($memberID))
{
$query = "UPDATE members SET ".
"Firstname = '$Firstname', Surname = '$Surname', " .
"Emailaddress = '$Emailaddress', Username = '$Username', Password = '$Password', " .
" WHERE id = $memberID";
$recordSet = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
echo "Your updates are complete!";
}
?>
<?php
session_start();
if (!isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
Fix this one to:
<?php
session_start();
if (isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
The first one is wrong, it checks for a username if there is no username then it displays the username else it doesnt.
On-topic:
<form name="RegisterForm" action="ProfileUpdate.php" method="post" >
Change the above line to:
<form name="RegisterForm" action="ProfileUpdate.php?id=<?php echo $memberID ?>" method="post" >
As your profileUpdate.php is requesting a member ID, this is necessary and after this, the code should work!