i am trying to let a user login here is my login script atm im just checking if the username exists but for some reason its not finding any records even though the user name is right
<?php if(isset($_POST)){
print_r($_POST);
//Variables from the table
$usernamelogin = $_POST['usernamelogin'];
$passwordlogin = $_POST['passwordlogin'];
//Prevent MySQL Injections
$usernamelogin = stripslashes($usernamelogin);
$passwordlogin = stripslashes($passwordlogin);
$usernamelogin = mysqli_real_escape_string($con, $usernamelogin);
$passwordlogin = mysqli_real_escape_string($con, $passwordlogin);
$loginquery = mysqli_query($con,"SELECT * FROM reg_users WHERE user ='$usernamelogin' AND authorised ='1'") or die("Can not query DB.");
$logincount = mysqli_num_rows($loginquery);
if($logincount == 1){
echo "user exists";
} else {
echo "User doesnt exist";
}
}
?>
my table is called reg_users and user is the column the username goes into. i am doing the same thing on register and that works
Any ideas guys?
table is
`reg_users` (
`id` int(100) NOT NULL AUTO_INCREMENT,
`firstname` varchar(30) DEFAULT NULL,
`surname` varchar(30) DEFAULT NULL,
`user` varchar(255) DEFAULT NULL,
`password` varchar(512) DEFAULT NULL,
`email` varchar(50) DEFAULT NULL,
`banned` int(1) DEFAULT '0',
`authorised` int(1) DEFAULT '0',
`activationcode` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=18 DEFAULT CHARSET=latin1;
And the sqlfiddle is here
Here is the config.php which is called in the header of the page
<?php //Information to connect to your MySQL Server AND DB
$hostdb = "localhost";
$userdb = "test_nathan";
$passworddb = "xxxxx";
$db = "test_nathan";
//Connect to MySQL Server
$con = mysqli_connect($hostdb,$userdb,$passworddb,$db) or die ("could not connect");
session_save_path('../login/sessions');
require_once('functions.php');
?>
Figured out the problem guys for some reason when i was storing the variables on escaping the string there was spaces attached to the variable. thanks for the help guys.
Related
I'm trying to create a database with a php file but I don't know why when i run it, it displays this error: "Error: CREATE TABLE contaclick ( id int(20) NOT NULL auto_increment, link varchar(255) NOT NULL default '', count int(20) NOT NULL default '0', PRIMARY KEY (id) ) TYPE=MyISAM;"
Someone knows how to fix it?
my code in php is this:
<?
$login = "xxx";
$password = "xxx";
$database = "xxx";
$db = mysql_connect("xxx", $login, $password) or die ("Errore!");
mysql_select_db($database, $db);
$sql = "CREATE TABLE contaclick (
id int(20) NOT NULL auto_increment,
link varchar(255) NOT NULL default '',
count int(20) NOT NULL default '0',
PRIMARY KEY (id)
) TYPE=MyISAM;";
#mysql_query($sql) or die("Errore: $sql");
$sql = "INSERT INTO contaclick VALUES('', 'https://www.mywebsite.com/', '0')";
#mysql_query($sql) or die("Errore: $sql");
?>
TYPE is deprecated, use ENGINE instead
CREATE TABLE contaclick ( id int(20) NOT NULL auto_increment,
link varchar(255) NOT NULL default '',
count int(20) NOT NULL default '0', PRIMARY KEY (id) ) ENGINE = MyISAM
I am trying to build a friend system in php I have the tables, database and the logic in place. I am having trouble getting the friend request receiver's id.
I have registeredusers friends updates table. The registeredusers table looks like this,
CREATE TABLE `registeredusers` (
`id` int(11) NOT NULL,
`FirstName` varchar(50) NOT NULL,
`LastName` varchar(50) NOT NULL,
`UserName` varchar(50) NOT NULL,
`Email` varchar(50) NOT NULL,
`Password` varchar(255) NOT NULL,
`ResetPassword` int(7) DEFAULT NULL,
`friends` int(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
friends
CREATE TABLE `friends` (
`friend_one` int(11) NOT NULL,
`friend_two` int(11) NOT NULL,
`status` enum('0','1','2') DEFAULT '0'
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
The requester's ID would be INSERTED into friend_two and receiver's ID would get into friend_one. here's my code
<?php
include 'dbh.php';
$sql = "SELECT * FROM registeredusers";
$result = mysqli_query($connection,$sql);
$row = mysqli_fetch_assoc($result);
$username = $row['UserName'];
$requesterU = $_GET['user'];
echo "the requester is ".$requesterU;
while($row=mysqli_fetch_array($result)){
$id = $row[0];
$username = $row[1];
echo "
<form action='list of users.php'>
$id $username<input type='submit' value='send request' name='friendsbanalo'></input></form>";
}
$sql = "SELECT * FROM registeredusers WHERE UserName = '$requesterU'";
$result = mysqli_query($connection,$sql);
$row = mysqli_fetch_assoc($result);
$requester_id = $row['id'];
echo "requester's id ".$requester_id;
if(isset($_POST['friendsbanalo'])){
$sql = "INSERT INTO friends (friend_one,friend_two) VALUES('$requester_id','$reciver_userid')";
$result = mysqli_query($connection, $sql);
}else{
echo "error";
}
?>
I am not able to get the receiver's ID, can anyone tell me how can I get receiver's ID? I tried searching for the solution and the answers were too complicated for me to understand. I tried (on a separate file) INNER JOIN but I couldn't get it to work.
I am trying to execute the following query
DROP TABLE IF EXISTS `developer_messenger`;
CREATE TABLE `developer_messenger` (
`id` int(10) NOT NULL,
`title` varchar(45) NOT NULL,
`username` varchar(45) NOT NULL,
`message` varchar(45) NOT NULL,
`type` varchar(45) NOT NULL,
`date_time` varchar(45) NOT NULL,
`status` varchar(45) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
But this simple query is showing me Error in PHP
Could not get data: You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'CREATE TABLE developer_messenger ( id int(10)
NOT NULL, title varchar(' at line 1
I am a newbie, Sorry if its silly,
Help Appreciated!
In Response to your second question about magic_quotes:
if (!get_magic_quotes_gpc()) { //checks php ini if magic_quotes is not on
$title = addslashes($_POST['title']);
}
else
{
$title = stripslashes($_POST['title']);
}
addslashes(); http://php.net/manual/en/function.addslashes.php
stripslashes(); http://php.net/manual/en/function.stripslashes.php
not sure if this helps but it might that way you dont have to change php.ini
just the $data that is to be entered into sql
Your query is correct, Try exciting DROP and CREATE one by one.
This code may help you.
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// sql to create table
$sql = "CREATE TABLE `developer_messenger` (
`id` int(10) NOT NULL,
`title` varchar(45) NOT NULL,
`username` varchar(45) NOT NULL,
`message` varchar(45) NOT NULL,
`type` varchar(45) NOT NULL,
`date_time` varchar(45) NOT NULL,
`status` varchar(45) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1";
if ($conn->query($sql) === TRUE) {
echo "Table MyGuests created successfully";
} else {
echo "Error creating table: " . $conn->error;
}
$conn->close();
?>
If I register a user using this table:
CREATE TABLE IF NOT EXISTS `users`
(
`id` INT(11) NOT NULL AUTO_INCREMENT,
`md5_id` VARCHAR(200) NOT NULL,
`full_name` TINYTEXT CHARACTER SET latin1 COLLATE latin1_general_ci
NOT NULL,
`user_name` VARCHAR(10) NOT NULL,
`user_email` VARCHAR(30) NOT NULL,
`user_level` TINYINT(4) NOT NULL DEFAULT '1',
`pwd` VARCHAR(220) NOT NULL,
`nationality` VARCHAR(30) NOT NULL,
`department` VARCHAR(20) NOT NULL,
`birthday` DATE NOT NULL,
`date` DATE NOT NULL DEFAULT '0000-00-00',
`users_ip` VARCHAR(200) NOT NULL,
`activation_code` INT(10) NOT NULL DEFAULT '0',
`banned` INT(1) NOT NULL,
`ckey` VARCHAR(200) NOT NULL,
`ctime` VARCHAR(220) NOT NULL,
`approved` INT(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`id`)
)
ENGINE=INNODB
DEFAULT CHARSET=latin1
AUTO_INCREMENT=3;
and then once logged in to 'myaccount.php' use this code to enter values into another table, the language table:
if (empty($_SESSION['$user_id'])) { // user not logged in; redirect to somewhere else }
if (!empty($_POST['doLanguage']) && $_POST['doLanguage'] == 'Submit') {
$result = mysql_query("SELECT `id` FROM users WHERE `banned` = '0' order by id desc");
list($id) = mysql_fetch_row($result);
session_start();
$_SESSION['user_id'] = $id;
foreach ($_POST as $key => $value) if (empty($err)) {
for ($i = 0;$i < count($_POST["other"]);$i++) {
$native = mysql_real_escape_string($_POST['native'][$i]);
$other = mysql_real_escape_string($_POST['other'][$i]);
$other_list = mysql_real_escape_string($_POST['other_list'][$i]);
$other_read = mysql_real_escape_string($_POST['other_read'][$i]);
$other_spokint = mysql_real_escape_string($_POST['other_spokint'][$i]);
$other_spokprod = mysql_real_escape_string($_POST['other_spokprod'][$i]);
$other_writ = mysql_real_escape_string($_POST['other_writ'][$i]);
$sql_insert = "INSERT into `language`
(`user_id`,`native`,`other`,`other_list`,`other_read`, `other_spokint`
,`other_spokprod`,`other_writ` )
VALUES
('$id','$native','$other','$other_list','$other_read','$other_spokint',
'$other_spokprod','$other_writ') ";
mysql_query($sql_insert, $link) or die("Insertion Failed:" . mysql_error());
}
header("Location: myaccount.php?id=' . $_SESSION[user_id] .'");
exit();
}
}
}
All is fine until , for example I register id=3 (in users table) and then log back into id=1 and change their details in the language table, then their user_id in the language table (which is foreign key to id in users table) is 3 when it should be 1. To make things simple, the id in users table should be same as the user_id in the language table. But when going back and changing data in the languages table the user_id stays the same as the last id that registered!
Please help!
This query you have:
$result = mysql_query("SELECT `id` FROM users WHERE `banned` = '0' order by id desc");
What is the purpose of it? You are assigning to $id the first value it finds, yet the query doesn't look for user name or anything else. You probably want to user $_SESSION['$user_id'] instead of $id as your user's ID.
I am new to php and SQL so this is probably an easy question but I could not find any good sources online.
I am trying to create a SQL table when someone submits a form and this is what I have so far
include("dbstufflive.php");
$cxn = mysqli_connect($host,$user,$passwd,$dbname)
or die("Couldn't connect to server");
$sql = "CREATE TABLE IF NOT EXISTS `$company` (
`id` int(10) NOT NULL AUTO_INCREMENT,
`company_name` varchar(80) NOT NULL,
`contact` varchar(50) NOT NULL,
`email` varchar(80) NOT NULL,
`phone` varchar(13) NOT NULL,
... (long list of table data)
`description` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ";
mysqli_query($cxn,$sql);
I will of course be doing other stuff with this table but I think I have most of that under control.
The problem is that this statement does not actually create my table :( The SQL statement works in phpadmin when I enter it as is and also there are no errors when the script runs. So it goes through all of this, and more, and seems to work but the table simply doesn't appear.
I can supply more code if needed but I don't want to paste more code here than is necessary.
Thanks in advance for any help from the community.
EDIT:
I was using wrong DBinfo...wow, I am not very bright.
Your SQL Statement looks fine - from the looks of it, you are missing your login credentials. An efficient way to do so:
// Add this line
require_once('config.php');
// Then change the variables below to pull your credentials from that file.
$cxn = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD)
or die("Couldn't connect to server");
$sql = "CREATE TABLE IF NOT EXISTS `$company` (
`id` int(10) NOT NULL AUTO_INCREMENT,
`company_name` varchar(80) NOT NULL,
`contact` varchar(50) NOT NULL,
`email` varchar(80) NOT NULL,
`phone` varchar(13) NOT NULL,
... (long list of table data)
`description` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ";
mysqli_query($cxn,$sql);
Then create a new file called config.php in same directory. Put your credentials:
<?php
define('DB_HOST', 'localhost');
define('DB_USER', 'username');
define('DB_PASSWORD', 'your_password');
define('DB_DATABASE', 'database_name');
?>
You should check the result of mysqli_query (as far as i know it returns false on failure). See mysqli documentation for details, where you can read, that "Create table doesn't return a resultset" but True/false on sucess/failure.
example:
if (!mysqli->query($cxn,$sql)) {
printf("Error: %s\n", mysqli_error($cxn));
}