I tried changing the code to this so it connects to the DB before anything else but now it just lingers on verify.php, no redirect, no data being sent to DB.
<?php
if(isset($_POST['submit'])){
# connect to the database here
$host="XXXXXXX"; // Host name
$username="XXXX"; // Mysql username
$password="XXXX"; // Mysql password
$db_name="XXXX"; // Database name
mysql_connect("$host", "$username", "$password")or die("cannot connect for insert");
mysql_select_db("$db_name")or die("cannot select DB to insert data");
$user_name = mysql_real_escape_string($_POST['user_name']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$email = mysql_real_escape_string($_POST['email']);
$user_password = mysql_real_escape_string($_POST['password']);
$insert_query = "INSERT INTO teachers(`user_name`,`fname`,`lname`,`email`,`password`)
VALUES('".$user_name."$','".$fname."','".$lname."','".$email."','".$user_password."');";
mysql_query($insert_query) or die(mysql_error());
mysql_close();
};
?>
You should put or die(mysql_error()); in following line:
$sql = mysql_query($query) or die(mysql_error());
Instead of:
mysql_real_escape_string($_POST['password']))or die(mysql_error());
Another thing is that you have wrong if-else statements.
You code to check which field is empty should be in following if statement:
if($row||empty($_POST['user_name'])|| empty($_POST['fname'])||empty($_POST['lname'])|| empty($_POST['email'])||empty($_POST['password'])|| empty($_POST['re_password'])||$_POST['password']!=$_POST['re_password']){
# if a field is empty, or the passwords don't match make a message
# YOU SHOULD PUT YOUR CODE TO CHECK EMPTY FIELDS SEPARATELY HERE
}
else {
# If all fields are not empty, and the passwords match,
}
You should change your check if the user already exists to something like this:
if(count($row) > 0)
instead of just
if($row)
If you only want to test if data gets inserted limit you the code to this:
<?php
if(isset($_POST['submit'])){
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="lurnn"; // Database name
/* sanitize post variables */
$user_name = mysql_real_escape_string($_POST['user_name']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$email = mysql_real_escape_string($_POST['email']);
$user_password = mysql_real_escape_string($_POST['password']);
/* Database insert query */
mysql_connect($host, $username, $password)or die("cannot connect for insert");
mysql_select_db($db_name)or die("cannot select DB to insert data");
$insert_query = "INSERT INTO teachers(`user_name`,`f_name`,`l_name`,`email`,`password`)
VALUES('".$user_name."','".$fname."','".$lname."','".$email."','".$user_password."')";
mysql_query($insert_query) or die(mysql_error());
mysql_close();
};
?>
MYSQLI_ version:
<?php
if(isset($_POST['submit'])){
$host = "host";
$user = "user";
$password = "password";
$database = "database";
/* sanitize post variables */
$user_name = mysql_real_escape_string($_POST['user_name']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$email = mysql_real_escape_string($_POST['email']);
$user_password = mysql_real_escape_string($_POST['password']);
// open connection to database
$link = mysqli_connect($host, $user, $password, $database);
IF (!$link){
echo ("Unable to connect to database!");
}
ELSE {
//INSERT VALUES INTO DATABASE
$query = "INSERT INTO teachers(`user_name`,`f_name`,`l_name`,`email`,`password`)
VALUES('".$user_name."','".$fname."','".$lname."','".$email."','".$user_password."')";
mysqli_query($link,$query) or die(mysql_error());
echo var_dump($query);
}
//close connection to database
mysqli_close($link);
};
?>
If this all fails try the following:
<?php
function submit_form(){
$host = "";
$user = "";
$password = "";
$database = "";
/* sanitize post variables */
$user_name = mysql_real_escape_string($_POST['user_name']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$email = mysql_real_escape_string($_POST['email']);
$user_password = mysql_real_escape_string($_POST['password']);
// open connection to database
$link = mysqli_connect($host, $user, $password, $database);
IF (!$link){
echo ("Unable to connect to database!");
}
ELSE {
//INSERT VALUES INTO DATABASE
$query = "INSERT INTO teachers(`user_name`,`f_name`,`l_name`,`email`,`password`)
VALUES('".$user_name."','".$fname."','".$lname."','".$email."','".$user_password."')";
mysqli_query($link,$query) or die("Insert query failed");
echo var_dump($query);
}
//close connection to database
mysqli_close($link);
}
$form = <<<EODuserform
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Form</title>
</head>
<form action="{$_SERVER['PHP_SELF']}" method="POST" name="userform">
<label for='user_name'>Username:</label></br>
<input type="text" name="user_name" id="first" maxlength="25" tabindex='1' VALUE="user_name" /></br>
<label for='fname'>First Name:</label></br>
<input type="text" name="fname" id="first" maxlength="25" tabindex='2' VALUE="firstname" /></br>
<label for='lname'>Last Name:</label></br>
<input type="text" name="lname" id='lastname' maxlength="25" tabindex='3' VALUE="lastname" /></br>
<label for='email'>E-mail:</label></br>
<input type="text" name="email" id='email' maxlength="100" tabindex='4' VALUE="email" /></br>
<label for='password'>Password:</label></br>
<input type="password" name="password" id='password' maxlength="25" tabindex='5' VALUE="password" /></br>
<label for='re-password'>Re-type password:</label></br>
<input type="password" name="re-password" id='re-password' maxlength="25" tabindex='6' VALUE="re-password" /></br>
<input type="submit" name="submit" value="Sign Up" tabindex='6' />
</form>
</body>
</html>
EODuserform;
IF(!IsSet($_POST['submit'])){ // Check if form is not send, if not display empty form.
echo $form;
}
ELSE{
// in the case you want to send something to the database use
submit_form();
echo ('Thanks for submitting your form');
}
?>
Related
I need to сheck if username is already taken or not. And if it is ok, to redirect to another page but if not (here I am stuck) to make the "username is already taken" appear under the input line.
there is my php code:
<?php
$host = "localhost";
$dbusername = "postgres";
$dbpassword = "admroot";
$db = "local_db_server_test";
$con = pg_connect("host=$host dbname=$db user=$dbusername password=$dbpassword") or die ("Could not connect to Server\n");
if(!$con){ die('Error: Unable to open database'); }
else {
$username = $_POST['username'];
$password = $_POST['password'];
if(strlen($password) < 6) {
pg_close($con); // also can use die() but without header and redirection
header("Location:sign_up_pass_err.html");
}
$query = "INSERT INTO register(username, password) VALUES ('$username',crypt('$password',gen_salt('md5')))";
$result = pg_query($con, $query);
header("Location: login.html");
}
pg_close($con);
?>
And this is my html code:
<!DOCTYPE html>
<html>
<head></head>
<body>
<form action="sign_up.php" method="post">
<input type="text" name="username" placeholder="Username" required><br><br>
<input type="password" name="password" placeholder="Password" required><br><br>
<input type="submit" value="Sign up">
</form>
</body>
</html>
"I have read a lot of problem been solved in stackoverflow similar to my problem, and have seen a lot of example, yet still my code is not inserting in to mysql. however if i hard feed the php it would insert. my info is coming as submit from html post.I have good server connection and also connection to the database, can any one help me if i miss any thing. here is my code below."
<?php
$servername = "localhost";
$username = "root";
$password = "";
$db="image";
// Create connection
$connection = mysqli_connect($servername, $username, $password, $db); // Establishing Connection with Server
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
else{
echo "Connected successfully";
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$name = $_POST['name'];
$image = $_POST['image'];
echo $name;
echo $image;
if($name !=''||$image !=''){
//Insert Query of SQL
$query = mysqli_query("INSERT INTO image (id, name, imagename) VALUES ('NULL', '$name', '$image')");
echo "Data Inserted successfully...!!";
}
else{
echo "Insertion Failed <br/> Some Fields are Blank....!!";
}
}
mysqli_close($connection); // Closing Connection with Server
?>
<form action = "test2.php" method="POST" enctype="multipart/form-data">
<label>name: </label><input type="text" name="name" />
<label>File: </label><input type="text" name="image" />
<input type="submit" />
</form>
</body>
</html>
" i expect output of 5/2 to be 2.5"
Write the name for submit button
<input type="submit" name="submit" />
then in php file
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
}
this if statement will run
you not given name attribute to button so give name="submit" and if you want to upload file then change type="file"
<?php
$servername = "localhost";
$username = "root";
$password = "";
$db="image";
// Create connection
$connection = mysqli_connect($servername, $username, $password, $db); // Establishing Connection with Server
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
else{
echo "Connected successfully";
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$name = $_POST['name'];
$image = $_POST['image'];
echo $name;
echo $image;
if($name !=''||$image !=''){
//Insert Query of SQL
$query = mysqli_query("INSERT INTO image (id, name, imagename) VALUES ('NULL', '$name', '$image')");
echo "Data Inserted successfully...!!";
}
else{
echo "Insertion Failed <br/> Some Fields are Blank....!!";
}
}
mysqli_close($connection); // Closing Connection with Server
?>
<form action = "test2.php" method="POST" enctype="multipart/form-data">
<label>name: </label><input type="text" name="name" />
<label>File: </label><input type="file" name="image" />
<input type="submit" name="submit" />
</form>
</body>
</html>
You're checking isset($_POST['submit']) but there is no input field which is posted with submit name.. you need to add the name attribute in the submit button. also you're not passing the $connection in the mysqli_query.
$servername = "localhost";
$username = "root";
$password = "";
$db="image";
// Create connection
$connection = mysqli_connect($servername, $username, $password, $db); // Establishing Connection with Server
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
else{
echo "Connected successfully";
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$name = $_POST['name'];
$image = $_POST['image'];
echo $name;
echo $image;
if($name !=''||$image !=''){
//Insert Query of SQL
$query = mysqli_query($connection, "INSERT INTO image (id, name, imagename) VALUES ('NULL', '$name', '$image')");
if($query !== false){
echo "Data Inserted successfully...!!";
}
else{
echo "Query failed";
}
}
else{
echo "Insertion Failed <br/> Some Fields are Blank....!!";
}
}
mysqli_close($connection); // Closing Connection with Server
?>
<form action = "test2.php" method="POST" enctype="multipart/form-data">
<label>name: </label><input type="text" name="name" />
<label>File: </label><input type="text" name="image" />
<input type="submit" name = "submit" />
</form>
</body>
</html>
One more suggestion always use PDO in code to prevent SQL injection. Your code is vulnerable to sql injection.
so i am working on the simple project and i dont know why, but i can't insert data into the database
Here is my connection to database
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$database = "register";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $register);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";
?>
And in this part of code i am trying to insert data:
<?php
if (isset($_POST['submitreg'])){
$username = mysqli_real_escape_string($conn, $_POST['username']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$sql = "INSERT INTO users (email, username, password) VALUES ('$email', '$username', '$password')";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
header("Location: signin.php");
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
mysqli_close($conn);
?>
And then i am inserting the code, i am getting this error:
Error: INSERT INTO users (email, username, password) VALUES ('gerulisjonas#gmail.com', 'jonas2422', 'password')
Thank you in advance :)
extra:
Form
<form id="register" class="signinform" action="includes/registerinc.php" method="post">
<div class="formcenter">
<input type="text" name="username" value="" placeholder="user name"><br>
<input type="email" name="email" value="" placeholder="email"><br>
<input type="password" id="passwordid" name="password" value="" placeholder="password"><br>
<input type="password" name="passwordtwo" value="" placeholder="repeat password"><br>
<input type="submit" name="submitreg" class="btn btn-success" value="Register"></input>
</div>
</form>
When creating your connection you named the variable that holds the database name $database, but when you pass it along to mysqli_connect you are using $register.
Try this instead:
$database = "register";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $database);
Hey guys sorry I did bother you, i just run trough my code and i found that i did not included connection.php file in my register.php file
I think I am successfully connecting to my database by:
<?php
$user = 'root';
$pass = '9KSroMDjEqNmEYY4';
$db = 'chatservice';
$host = '127.0.0.1';
$conn = new mysqli($host, $user, $pass, $db, 3306) or die("Unable to connect");
if ($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
}
?>
My question is how I would use the registration code to successfully add a user to the database. When entering the form I press register I do not get any error messages stating that the registration didn't succeed. It seems that the php code is not being reached after the initial connection. I am new to php and mySQL so any tips on formatting would be nice too!
<?php
require('connect.php');
if(isset($_POST['user']) && isset($_POST['password'])){
$user = $_POST['user'];
$id = $_POST['IDNUM'];
$password = $_POST['password'];
$query = "INSERT INTO 'users' (user ,IDNUM ,password) VALUES('$user', '$id', '$password')";
$result = mysqli_query($query);
if($result){
$msg = "Registered Sussecfully";
echo $msg;
}
else
$msg = "Error Registering";
echo $msg;
}
?>
<div class="register-form">
<title>Chat Page Start</title>
<form action="" methods="POST">
<p>
<label>Username: </label>
<input id="user" type="text" name="user" placeholder="user" />
</p>
<p>
<label>ID: </label>
<input id="IDNUM" type="text" name="IDNUM" placeholder="ID number" />
</p>
<p>
<label>Password: </label>
<input id="password" type="password" name="password" placeholder="password" />
</p>
<a class="btn" href="login.php">Login</a>
<input class="btn register" type="submit" value="Register" />
</form>
</div>
Another thing is how would I check the status of my database connection and where I should be checking this status?
your database connection is mysqli_connect and you execute the query in mysql_query is not proper.
<?php
require('connect.php');
if(isset($_POST['user']) && isset($_POST['password'])){
$user = $_POST['user'];
$id = $_POST['IDNUM'];
$password = $_POST['password'];
$query = "INSERT INTO 'users' (user ,IDNUM ,password) VALUES('$user', ' $id ', '$password')";
$result = mysqli_query($query,$conn);
if($result){
$msg = "Registered Sussecfully";
}
else
$msg = "Error Registering";
}
?>
You are connecting database using mysqli:
$conn = new mysqli('localhost', $user, $pass, $db, 3306) or die("Unable to connect");
And executing query using mysql:
$query = "INSERT INTO 'users' (user ,IDNUM ,password) VALUES('$user', '$IDNUM', '$password')";
$result = mysql_query($query);
I am trying to a items to my database (sql) using php and a form, however the data is not being added and nothing seems to happening i just stay on the create.php page.
php code
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "PolyTest";
// Create connection
$conn = mysql_connect($servername, $username, $password);
mysql_select_db($dbname)
$doorName = $_POST['doorName'];
$doorDes = $_POST['doorDes'];
$doorPrice = $_POST('doorPrice');
$doorColour = $_POST('doorColour');
$doorImage = $_POST['doorImage'];
if(!$_POST['submit']){
echo "please fill in the boxs";
header('Location: dooradd.php');
} else {
mysql_query("INSERT INTO Doors ('ID', 'name', 'description', 'price', 'colour', 'image') VALUES(NULL, '$doorName', '$doorDes', '$doorPrice', '$doorColour', '$doorImage')") or die(mysql_error());
echo "Door been added!";
header('Location: doorlist.php');
}
?>
HTML FORM
<form class="add" action="doorCreate.php" method="post">
<input type="text" name="doorName" value="doorName">
<input type="text" name="doorDes" value="doorDes">
<input type="text" name="doorPrice" value="doorPrice">
<input type="text" name="doorColour" value="doorColour">
<input type="text" name="doorImage" value="doorImage">
<input type="submit" name="submit">
</form>
change mysql_select_db($dbname) with mysql_select_db($dbname);
and change;
$doorPrice = $_POST('doorPrice');
$doorColour = $_POST('doorColour');
with
$doorPrice = $_POST['doorPrice'];
$doorColour = $_POST['doorColour'];