I Tried to test the Registration Form to See if it would work, but every time it never actually applies to the SQL Database, Is there anything that seems to be wrong in this code, i don't seem to detect any errors, i also added the registration form in html i was using below the PHP Code
<?
session_start();
include "mysqli_config.php";
$b = $_POST['username'];
$password = md5($_POST['password']);
$a = $_POST['email'];
$username = mysqli_real_escape_string($mysqli, $b);
$email = mysqli_real_escape_string($mysqli, $a);
$c = $_POST['method'];
$method = mysqli_real_escape_string($mysqli, $c);
if ($username == NULL or $email == NULL or $password == NULL) {
echo "Please Fill Out All Forms";
} else {
if (strlen($username) <= 8 || strlen($username) >= 16) {
echo " - Your username must be between 8 and 16 chars";
} else {
if ($method == NULL) {
echo "Please Select a Payment Method";
} else {
$check = "SELECT * FROM `users` WHERE `username` = '$username'";
$checksystem = $mysqli->query($check);
if (mysqli_num_rows($checksystem) != 0) {
echo "Username Already In Use!";
} else {
$create_member = "INSERT INTO `users` (`id`,`username`, `password`, `email`,`status`,`payment`)
VALUES('','$username','$password','$email','$status','$method')";
$create = $mysqli->query($create_member);
echo "Thank You For Registering, Please <a href=loginform.php>Login Here</a>";
}
}
}
}
?>
<form action="authenticate.php" id="contact" method="post" name="contact">
<div class="cleaner h10"></div><label for="author">Username</label>
<input class="required input_field" id="author" name="username" type=
"text"> <label for="email">Password</label> <input class=
"required input_field" id="email" name="password" type="password">
<label for="email">Email</label> <input class="required input_field"
id="email" name="email" type="text"> <label for="email">Payment
Email</label> <input class="required input_field" id="email" name=
"payment" type="text"> <label for="email">Use Amazon For
Payments</label> <input class="required input_field" id="email" name=
"method" type="checkbox"> <label for="email">Use Paypal For
Payments</label> <input class="required input_field" id="email" name=
"method" type="checkbox">
<div class="cleaner h10"></div><input class="submit_btn float_l" id=
"submit" name="submit" type="submit" value="Register">
</form>
If you trying to register a new user, first make sure the id is AUTO_INCREMENT and also
change the query
$create_member = "INSERT INTO `users` (`id`,`username`, `password`, `email`,`status`,`payment`)
VALUES('','$username','$password','$email','$status','$method')";
to
$create_member = "INSERT INTO `users` (`username`, `password`, `email`,`status`,`payment`)
VALUES('$username','$password','$email','$status','$method')";
Related
I'm wondering how to setup a checkbox that says...
I agree to the terms and conditions
But the users can only click the sign up button if the checkbox has been clicked.
Here is most of my whole registration page code.
<body class="login-body">
<div class="container">
<form class="form-signin" action="/register" method="POST">
<h2 class="form-signin-heading"><?php echo $website;?></h2>
<div class="login-wrap">
<?php
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['confirmpassword']) && isset($_POST['email'])) {
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, md5($_POST['password']));
$confirmpassword = mysqli_real_escape_string($con, md5($_POST['confirmpassword']));
$email = mysqli_real_escape_string($con, $_POST['email']);
if($password != $confirmpassword) {
echo "<div class=\"alert alert-danger\">The passwords you entered do not match.</div>";
$error = 'yes';
}
if(strlen($_POST['password']) < 8) {
echo "<div class=\"alert alert-danger\">Your password must be atleast 8 characters!</div>";
$error = 'yes';
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = 'yes';
echo "<div class=\"alert alert-danger\">The email you entered is invalid.</div>";
}
$result = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$username'") or die(mysqli_error($con));
if (mysqli_num_rows($result) > 0) {
$error = 'yes';
echo "<div class=\"alert alert-danger\">This username already exists.</div>";
}
$result = mysqli_query($con, "SELECT * FROM `users` WHERE `email` = '$email'") or die(mysqli_error($con));
if (mysqli_num_rows($result) > 0) {
$error = 'yes';
echo "<div class=\"alert alert-danger\">The email you entered can not be used.</div>";
}
$ip = mysqli_real_escape_string($con, $_SERVER['REMOTE_ADDR']);
$date = date('Y-m-d');
if ($error != 'yes') {
mysqli_query($con, "INSERT INTO `users` (`username`, `password`, `email`, `date`, `ip`) VALUES ('$username', '$password', '$email', '$date', '$ip')") or die(mysqli_error($con));
header("Location: /login?action=registered");
}
}
?>
<input type="text" id="username" name="username" class="form-control" placeholder="Username" value="<?php echo $_POST['username'] ?>" autofocus>
<input type="password" id="password" name="password" class="form-control" placeholder="Password">
<input type="password" id="confirmpassword" name="confirmpassword" class="form-control" placeholder="Confirm Password">
<input type="text" id="email" name="email" class="form-control" placeholder="Email" value="<?php echo $_POST['email'] ?>">
<button class="btn btn-lg btn-login btn-block" type="submit">Register</button>
</form>
<div class="registration">
Already have an account? 
<a class="" href="/login">
Sign In
</a>
</div>
</div>
</div><!-- end .container -->
Set the register button disabled on page load and change the disabled true or false based on checkbox change .
$('#submit_form').prop('disabled',true);
$('#terms').change(function()
{
$('#submit_form').prop('disabled',!$(this).is(':checked'));
});
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<input type="checkbox" name="terms" id="terms" />
<input type="submit" id="submit_form" value="register" />
You can use inline javascript, and use onchange event
<input type="checkbox" onchange="document.getElementById('submit_form').disabled = !this.checked;" />
<input type="submit" id="submit_form" value="register" />
I can't figure out what I'm doing wrong here. I've been watching different videos on this problem, and been searching for answers for a long time.
When I hit the submit button on the web page, the fields get cleared and nothing else happens. There is probably a simple mistake, but I can't find out what I'm doing wrong
<a1>
<h1>Registrer ny bruker</h1>
<hr>
<form method="post" action="" >
<input type="text" name="surName" placeholder="Etternavn" required>
<br><br>
<input type="text" name="givenName" placeholder="Fornavn" required>
<br><br>
<select name="gender">
<option value="male">male</option>
<option value="female">female</option>
</select>
<br><br>
<input type="number" name="age" placeholder="Alder" required>
<br><br>
<input type="text" name="mail" placeholder="e-post" required>
<br><br>
<input type="text" name="userName" placeholder="Brukernavn" required>
<br><br>
<input type="text" name="password" placeholder="Passord" required>
<br><br>
<input type="submit" name="submitted" value="Registrer">
</form>
</a1>
<?php
if(isset($_POST['submitted'])){
$mysqli = new mysqli('my database username and password');
$email = $mysqli->real_escape_string($_POST['mail']);
$surName = $mysqli->real_escape_string($_POST['surName']);
$givenName = $mysqli->real_escape_string($_POST['givenName']);
$username = $mysqli->real_escape_string($_POST['userName']);
$password = md5($_POST['password']);
$gender = $mysqli->real_escape_string($_POST['gender']);
$age = $mysqli->real_escape_string($_POST['age']);
$sql = "INSERT INTO blog_user (first_name, last_name, age, gender, user_password, user_name, mail)
VALUES ('$givenName','$surName','$age','$gender','$password','$username','$email')
";
$insert = $mysqli->query($sql);
if ($insert) {
echo "Succes!";
} else {
die("Error: {$mysqli->errno} : {$mysqli->error}");
}
$mysqli->close();
}
?>
Edit : I made a small typo when I first added this, so the first answers did not fix my problem. I did not give them a down vote, and I'm sorry I made a typo.
<?php
if(isset($_POST['submitted'])){
$mysqli = new mysqli('my database username and password');
$email = $mysqli->real_escape_string($_POST['mail']);
$surName = $mysqli->real_escape_string($_POST['surName']);
$givenName = $mysqli->real_escape_string($_POST['givenName']);
$username = $mysqli->real_escape_string($_POST['userName']);
$password = md5($_POST['password']);
$gender = $mysqli->real_escape_string($_POST['gender']);
$age = $mysqli->real_escape_string($_POST['age']);
$sql = "INSERT INTO blog_user (first_name, last_name, age, gender, user_password, user_name, mail)
VALUES ('$givenName','$surName','$age','$gender','$password','$username','$email')
";
$insert = $mysqli->query($sql);
if ($insert) {
echo "Succes!";
} else {
die("Error: {$mysqli->errno} : {$mysqli->error}");
}
$mysqli->close();
}
?>
you have missed if statement.
Your code is "clearing the fields" because your form is always presented first with default values. The default values are not given with the input fields, so it's therefore "cleared" everytime you execute your php-file.
<form method="post" action="" >
<input type="text" name="surName" placeholder="Etternavn" required>
<br><br>
<input type="text" name="givenName" placeholder="Fornavn" required>
<br><br>
<select name="gender">
<option value="male">male</option>
<option value="female">female</option>
</select>
<br><br>
<input type="number" name="age" placeholder="Alder" required>
<br><br>
<input type="text" name="mail" placeholder="e-post" required>
<br><br>
<input type="text" name="userName" placeholder="Brukernavn" required>
<br><br>
<input type="text" name="password" placeholder="Passord" required>
<br><br>
<input type="submit" name="submitted" value="Registrer">
</form>
For this reason you should use the form-request-part before you show the form
if(isset($_POST['submitted'])){
$mysqli = new mysqli('my database username and password');
$email = $mysqli->real_escape_string($_POST['mail']);
$surName = $mysqli->real_escape_string($_POST['surName']);
$givenName = $mysqli->real_escape_string($_POST['givenName']);
$username = $mysqli->real_escape_string($_POST['userName']);
$password = md5($_POST['password']);
$gender = $mysqli->real_escape_string($_POST['gender']);
$age = $mysqli->real_escape_string($_POST['age']);
$sql = "INSERT INTO blog_user (first_name, last_name, age, gender, user_password, user_name, mail)
VALUES ('$givenName','$surName','$age','$gender','$password','$username','$email')
";
$insert = $mysqli->query($sql);
if ($insert) {
echo "Succes!";
} else {
die("Error: {$mysqli->errno} : {$mysqli->error}");
}
$mysqli->close();
}
and show default values something like this...
<form method="post" action="" >
<input type="text" name="surName" placeholder="Etternavn"
required value="<?php echo $surName;?>">
<br><br>
<input type="text" name="givenName" placeholder="Fornavn"
required value="<?php echo $givenName;?>">
etc...
NOTE Database-query should be using prepared statements to avoid sql
injections.
Try this instead...
<?php
if(isset($_POST['submitted'])){
I checked the answers under ( PHP Form not posting all fields 2 ) and I do have names in all form fields : .... However, It is only posting the id, the date, and the name... I am so confused.
Here is my Sign-up -html- :
<legend>Registration Form</legend><p></p>
<label> Name </label>
<input id="intext" type="text" name="name" /><p></p>
<label> Email </label>
<input id="intext" type="text" name="email" /><p></p>
<label> Zip_Code </label>
<input id="intext" type="text" name="zipcode" /><p></p>
<label> UserName </label>
<input id="intext" type="text" name="user" /><p></p>
<label> Password </label>
<input type="password" name="pass" /><p></p>
<label> Confirm Password </label>
<input type="password" name="cpass" /><p> </p>
<div class="center">Comments / Inquiry </div>
<div class="center">
<textarea id="textarea" name="comments" rows="10" cols="40"></textarea>
Here is my php function:
function NewUser() { $name = $_POST['name'];
$Name = $_POST['name'];
$Email = $_POST['email'];
$Zip_Code = $_POST['zipcode'];
$UserName = $_POST['user'];
$Password = $_POST['pass'];
$Comments = $_POST['comments'];
$query = "INSERT INTO WebsiteUsers (Name, Email, Zip_Code, UserName, Password, Comments)
VALUES ('$name','$email','$zipcode','$user','$pass','$comments')";
$data = mysql_query ($query)or die(mysql_error());
if($data) { echo "Thank you for Registering with us.";
}
}
function SignUp() { if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-Up.html, is it empty or have some text
{
$query = mysql_query("SELECT * FROM WebsiteUsers WHERE UserName = '$_POST[user]' AND Password = '$_POST[pass]'") or die(mysql_error());
if(!$row = mysql_fetch_array($query) or die(mysql_error())) { newuser();
}
In your query are usign variables in lowercase but in variable declarations are with uppercase.
Can you try this code?
$query = "INSERT INTO WebsiteUsers (Name, Email, Zip_Code, UserName, Password, Comments)
VALUES ('$Name','$Email','$Zipcode','$User','$Pass','$Comments')";
please try this.
I am assuming that you do not have issue implementing $conn, the connection to database, selecting db
sign-up.php
<form action="script.php" method="POST">
<legend>Registration Form</legend>
<label> Name </label>
<input id="intext" type="text" name="name" />
<label> Email </label>
<input id="intext" type="text" name="email" />
<label> Zip_Code </label>
<input id="intext" type="text" name="zipcode" />
<label> UserName </label>
<input id="intext" type="text" name="user" />
<label> Password </label>
<input type="password" name="pass" />
<label> Confirm Password </label>
<input type="password" name="cpass" />
<div class="center"><p>Comments / Inquiry </p>
<textarea id="textarea" name="comments" rows="10" cols="40"></textarea>
</div>
</form>
script.php
<?php
function newUser($conn)
{
$name = $_POST['name'];
$email = $_POST['email'];
$zipcode = $_POST['zipcode'];
$username = $_POST['user'];
$password = $_POST['pass'];
$password2 = $_POST['cpass'];
$comments = $_POST['comments'];
if($password== $password2)
{
$query = "INSERT INTO WebsiteUsers VALUES ('".$name."','".$email."','".$zipcode."','".$username."','".$password."','".$comments."')";
if(mysql_query($query,$conn))
echo 'signup successful';
else
echo 'error inserting new user';
}
else
echo 'Password missmatched';
}
function signUp($conn)
{
if(!empty($_POST['user']))
{
$username = $_POST['user'];
$password = $_POST['pass'];
$query = "SELECT * FROM WebsiteUsers WHERE UserName = '".$username."' AND Password = '".$password."';";
$result = mysql_query($query,$conn);
if(mysql_num_rows($result)<1)
newUser($conn);
}
else
echo 'form not submitted';
}
// now calling the signUp()
$conn= mysql_connect("","","") or die("Error connecting database"); // host, user, pass to connect db
mysql_select_db(""); // select database
signUp($conn);
?>
This is just cleanup of your code. Hope this will help to solve your problem. My implementation would be completely different than this one.
And one more thing, please use mysqli_* or PDO as mysql_* is depreciated
I've defined a user settings page in my website, and there are several forms that appears on that page, I'v written a query for these fields to be updated upon clicking on "submit" button, but some how I end up having this error below;
User Could Not Be Updated Because:You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near
'SHA1(5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8)', ' WHERE id =' at
line 1
this is profile settings page codes for the form:
<?php
$uid = $_SESSION['user_id'];
$query = mysqli_query($dbc, "SELECT * FROM users WHERE id = $uid ")or die(mysql_error());
$arr = mysqli_fetch_assoc($query);
?>
<form action="?page=profileset&id=<?php echo $arr['id']; ?>" method="post" role="form">
<label for="first">First Name</label>
<input class="form-control" type="text" name="first" id="first" value="<?php echo $arr['first']; ?>" placeholder="First Name" autocomplete="off">
</div>
<div class="from-group">
<label for="last">Last Name</label>
<input class="form-control" type="text" name="last" id="last" value="<?php echo $arr['last']; ?>" placeholder="Last Name" autocomplete="off">
</div>
<br>
<div class="from-group">
<label for="email">Email Address</label>
<input class="form-control" type="text" name="email" id="email" value="<?php echo $arr['email']; ?>" placeholder="Email Address" autocomplete="off">
</div>
<div class="from-group">
<label for="password">Password</label>
<input class="form-control" type="password" name="password" id="password" value="<?php echo $arr['password']; ?>" placeholder="Password" autocomplete="off">
</div>
<button id="profile-btn-change" type="submit" class="btn">Submit Changes</button>
<input type="hidden" name="submitted" value="1">
</form>
and this is the query which updates this form;
if(isset($_POST['submitted']) == 1){
$first = mysqli_real_escape_string($dbc, $_POST['first']);
$last = mysqli_real_escape_string($dbc, $_POST['last']);
$password = SHA1($_POST['password']);
$action = 'Updated';
$q = "UPDATE users SET first = '".$first."', last = '".$last."', email = '".$_POST['email']."', password = '".$password."' WHERE id = '".$_POST['id']."'";
$r = mysqli_query($dbc, $q);
if($r){
$message = '<p class="alert alert-success">User Was '.$action.'!</p>';
} else {
$message = '<p class="alert alert-danger">User Could Not Be '.$action.' Because:'.mysqli_error($dbc);
}
}
any consideration is appreciated
You are repeating the password = part in the UPDATE query.
do
$password = sha1($_POST[password]);
instead of
$password = " password = 'SHA1($_POST[password])', ";
update
make sure you try the update query like
$q = "UPDATE users SET first = '".$first."', last = '".$last."', email = '".$_POST['email']."', password = '".$password."' WHERE id = '".$_POST['id']."'";
and try to sanitize the variables while you use them.
I have built a very simple PHP form that allows a user to send an application using the following PHP code:
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$host = '###';
$username = '###';
$pass = '###';
mysql_connect($host,$username,$pass);
mysql_select_db("###");
$status = mysql_real_escape_string($_POST['status']);
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$email = mysql_real_escape_string($_POST['email']);
$url = mysql_real_escape_string($_POST['url']);
$query = "INSERT INTO creathive_applications
VALUES (NULL,'$status','$firstname','$lastname','$email','$url')";
$result = mysql_query($query) or trigger_error(mysql_error().". Query: ".$query);
}
What I want to do is make sure that the same person doesn't apply TWICE so if the email address already exists in the database then it will show a message on the form saying "sorry looks like you've already applied".
Here is the HTML form, and I have added the message inside the fieldset, so need to do a) show this message if the email exits or show success message and then b) add #membership form to the url to make the view jump to form on the page so that the user will see the messages. Can any help with this? THANKS
<form action="" method="post">
<fieldset id="membershipform">
<div id="error"><p>sorry email in use</p></div>
<div id="success"><p>Thanks your application has been sent</p></div>
<ul class="clearfix">
<li id="li-status">
<span>I am a:</span>
<menu>
<li><label for="student"><input type="radio" name="status" id="student" checked="checked" value="Graduate" /> Graduate</label></li>
<li><label for="student2"><input type="radio" name="status" id="student2" value="Undergraduate" /> Undergraduate</label></li>
</menu>
</li>
<li id="li-firstname">
<label for="firstname">First Name</label> <input name="firstname" type="text" placeholder="First Name" id="firstname" title="First Name" />
</li>
<li id="li-lastname">
<label for="lastname">Last Name</label> <input name="lastname" type="text" placeholder="Last Name" id="lastname" title="Last Name" />
</li>
<li id="li-email">
<label for="email">Email address</label> <input name="email" type="text" placeholder="Email address" id="email" title="Email address" />
</li>
<li id="li-url">
<label for="url">URL</label> <input name="url" type="text" placeholder="URL of something you've made" id="url" title="URL of something you've made" />
</li>
<li id="li-buttons">
<input name="submit" type="submit" value="Send Application ►" title="Send Application" />
</li>
</ui>
</fieldset>
</form>
Do a select query before insert to validate there aren't any entries for the email already:
select from creathive_applications where email = $email
If any results come back, then display your message instead of inserting the record. You can add javascript onload code to move form to #membershipform if the email already existed.
You can alter table so that email id is primary so it will be unique.
You can check with another query
select from creathive_applications where emai='$email'
simple , you must check it agains your database .
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$host = '###';
$username = '###';
$pass = '###';
mysql_connect($host,$username,$pass);
mysql_select_db("###");
$status = mysql_real_escape_string($_POST['status']);
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$email = mysql_real_escape_string($_POST['email']);
$url = mysql_real_escape_string($_POST['url']);
$query_check = "SELECT COUNT(*) as existents FROM creathive_applications .... emailfiel = 'email_entered'";
switch($query_check['existents']){
case 0:
//do the insert operation
$query = "INSERT INTO creathive_applications VALUES (NULL,'$status','$firstname','$lastname','$email','$url')";
$result = mysql_query($query) or trigger_error(mysql_error().". Query: ".$query);
break;
default:
echo "no no";
}
}
Check if $email exists in your DB and if it does set $error = 1. Then if $error = 1, print the message.
$emailchk = mysql_query("SELECT * FROM creathive_applications WHERE email = '$email'");
if(mysql_num_rows($emailchk) > 0) {
$error = 1;
}
if isset($error) {
echo '<div id="error"><p>sorry email in use</p></div>';
}
You could do it like this:
PHP Code:
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$host = '###';
$username = '###';
$pass = '###';
$emailerror = null;
mysql_connect($host,$username,$pass);
mysql_select_db("###");
$status = mysql_real_escape_string($_POST['status']);
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$email = mysql_real_escape_string($_POST['email']);
$url = mysql_real_escape_string($_POST['url']);
$emailchk = mysql_query("SELECT * FROM creathive_applications WHERE email = '$email'");
if(mysql_num_rows($emailchk) == 0) {
$query = "INSERT INTO creathive_applications VALUES (NULL,'$status','$firstname','$lastname','$email','$url')";
$result = mysql_query($query) or trigger_error(mysql_error().". Query: ".$query);
}else{
$emailerror = '<span style="color:rgb(255,0,0)">Email already taken</span>';
}
}
HTML (Must be in the same file):
<form action="" method="post">
<fieldset id="membershipform">
<div id="error"><p>sorry email in use</p></div>
<div id="success"><p>Thanks your application has been sent</p></div>
<ul class="clearfix">
<li id="li-status">
<span>I am a:</span>
<menu>
<li><label for="student"><input type="radio" name="status" id="student" checked="checked" value="Graduate" /> Graduate</label></li>
<li><label for="student2"><input type="radio" name="status" id="student2" value="Undergraduate" /> Undergraduate</label></li>
</menu>
</li>
<li id="li-firstname">
<label for="firstname">First Name</label> <input name="firstname" type="text" placeholder="First Name" id="firstname" title="First Name" />
</li>
<li id="li-lastname">
<label for="lastname">Last Name</label> <input name="lastname" type="text" placeholder="Last Name" id="lastname" title="Last Name" />
</li>
<li id="li-email">
<label for="email">Email address</label> <input name="email" type="text" placeholder="Email address" id="email" title="Email address" /> <?php echo $emailerror;?>
</li>
<li id="li-url">
<label for="url">URL</label> <input name="url" type="text" placeholder="URL of something you've made" id="url" title="URL of something you've made" />
</li>
<li id="li-buttons">
<input name="submit" type="submit" value="Send Application ►" title="Send Application" />
</li>
</ui>
</fieldset>
</form>