First off, I am aware I am open to SQL injection, this is just a prototype. But it still should be working.
For the life of me I can't figure out why I can't pull an item out of my array. What could I possibly be doing wrong? I've been fiddling with this seemingly simple query for way too long and I can't seem to get it to pull out data. I feel like it is something so simple....
$query = 'SELECT * FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$ID = $row['ID'];
I am getting no result for $ID ....
Here is my entire code:
<html>
<head>
<?php
$email = $_GET["email"];
$servername="localhost";
$username="*****";
$password="*****";
$database="*****";
$conn= mysql_connect($servername,$username,$password)or die(mysql_error());
mysql_select_db("$database",$conn);
$query = 'SELECT email FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());
//Checks if the email address exists in the system already
if (mysql_num_rows($result) ) {
die("Duplicate email found!");
}
else {
//use current date/time combination times the number 11 times the ID to get a unique confirmation number.
$query = 'SELECT * FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$ID = $row['ID'];
echo $row;
$date = date("mydhis");
$date2 = $date * 11 * $ID;
echo $ID . " <-> " . $date . " <-> <p>" . $date2;
$sql="insert into users (first,last,displayname,email,password,verification_email)values('$_GET[first]','$_GET[last]','$_GET[display]','$_GET[email]','$_GET[password]','$date2')";
$result=mysql_query($sql,$conn) or $string = mysql_error();
$confirmlink = "http://www.somewebsite.com/android/confirm.php?" . $date2;
$to = $_GET['email'];
$subject = "Thank you for Registering!";
$message = "Hello " . $_GET['display'] . " and thank you for registering with the Smeet app! To confirm your email address (and let us know you aren't a bot), please click the following link: " . $confirmlink;
$from = "noreply#smeet.com";
$headers = "From:" . $from;
mail($to,$subject,$message,$headers) or die('You have successfully registered however mail servers are currently down, you may or may not receive a confirmation email');
print "<h1>You have registered successfully</h1>";
print "You will receive an email shortly with instructions on how to confirm your email address.</a>";
}
?>
</body>
</html>
Thanks for any help at resolving this.
It was a simple answer and I figured it out!
My $ID was being pulled before the record was created, that's why it was blank! Dumb mistake on my part.
Related
I'm pretty new to php, so don't really know how to do much, but from what I've looked up, this should echo all values from the two fields.
<?php
$con = mysqli_connect('localhost', 'root', 'root', 'unityaccess');
if(mysqli_connect_errno())
{
echo "1: Connection failed"; //error code 1 = connection failed
exit();
}
$username = $_POST["name"];
$idcheckquery = "SELECT id FROM users WHERE username = '" . $username . "';";
$idcheck = mysqli_query($con, $idcheckquery) or die("7: ID check query failed"); //error code 8 = couldn't get user's id
$existingid = mysqli_fetch_assoc($idcheck);
$userid = $existingid["id"];
$itemfindquery = "SELECT itemid, equipped FROM inventory WHERE userid = '" . $userid ."';";
$itemfind = mysqli_query($con, $itemfindquery) or die("9: Couldn't find items");
while($row = $mysqli_fetch_assoc($itemfind)){
echo $row["itemid"] . ", " . $row["equipped"] . " ";
}
?>
I expect this to, when it is called in unity, to print a list of all the values in each list, but instead it doesn't echo anything.
The mysqli_fetch_assoc() function is being used as a variable ($). Just remove the dollar sign and it will work.
while($row = mysqli_fetch_assoc($itemfind)){
echo $row["itemid"] . ", " . $row["equipped"] . " ";
}
Also, try to use prepared statements to fight against SQL injections.
I am trying to send email of which one of the data is from database, i tried to look on some post here in stack-overflow but they were different;
I tried to send without the data from the database and it works fine,but after adding database fetch its not working
<?php
include 'include/connect.php';
if (isset($_POST['book2'])) {
$id = mysqli_real_escape_string($conn, $_GET['id']);
$sql = "SELECT room_price FROM room_details WHERE id='$id';";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$room_price = $row['room_price'];
$email = $_POST['email'];
$room_type = $_POST['room_type'];
$checkin = $_POST['checkin'];
$checkout = $_POST['checkout'];
$adults = $_POST['adults'];
$children = $_POST['children'];
$mailTo = "booking#johndoexxx.com";
$headers = "Guest sent e-mail from: " . $email;
$txt = "New booking received, room for " . $adults . " adults and " . $children . " child / children, reservation starts on " . $checkin . " up to " . $checkout . " whereby " . $room_type . " room is selected, Please respond to the sender!";
$heading = "New Booking!";
mail($mailTo, $heading, $headers, $txt);
header("Location: index.php?bookingsent");
}
}
} else {
echo "Booking failed to process!, observe your inputs carefully!";
}
?>
was expecting it will fetch data from form and will send the data into the targeted email.
I'm trying to build a registration page with email verification, but the verification process does not seem to work.
After typing all the user data, the user will get an email with an id and a code.
When he clicks the link, he will run through the following code:
<?php
if(isset($_GET['id']) && isset($_GET['code']))
{
$id=$_GET['id'];
$code=$_GET['code'];
include("activate_user.php");
}
?>
activate_user.php looks like that:
<?php
include("db_connect.php");
$sql = "select * from users where "
. "id = " . $id
. " and code = '" . $code . "')";
$res = mysqli_query($con, $sql);
$num = mysqli_num_rows($res);
if ($num == 1)
{
$validate = "update users set valid = 1 where "
. "id = " . $id
. " and code = '" . $code . "')";
$validate_user = mysqli_query($con, $validate);
}
mysqli_close($con);
?>
Something must be wrong with the second php file, but I'm not sure, what the problem could be. db_connect should be fine since I'm using the same when I add the user to my database. My file is still not able to change valid from 0 to 1.
Thanks in advance for your help!
UPDATE: change mysqli_affected_row to mysqli_num_rows and added '-marks before $code, but it still doesn't work
I just started learning php, i have a long way to go but i really need help with this.
So I have a page where a logged in user can create tasks and that user can select the user for who the task is. I need to do an insert query where i'll need the ID of the person selected by the user who is logged in.
This is the code that's above my HTML:
$userId = $_SESSION['id'];
$Users = "SELECT * FROM users";
$Result2 = $db->query($Users);
if(isset($_POST['submit'])){
$project = $_POST['Project'];
$task = $_POST['task'];
$user = $_POST['User'];
$date = $_POST['date'];
$query = "INSERT INTO events (projectId, userId, name, date)
VALUES ('','', '$task', '$date')";
$result = $database->query($query);
echo "it worked";
}
This is the code in my HTML select tag, where the logged in user can select the person.
<?php
while ($row2 = mysqli_fetch_assoc($Result2)) {
$uid = $row2['id'];
$name = $row2['name'];
$lastName = $row2['lastname'];
echo "<option>" . $name . " " . $lastName . " " . $uid . "</option>";
}
?>
The problem is that I need to put the $uid variable, that's currently in the whileloop in my HTML select element, IN the first if statement above my HTML. I have tried everything but i cant seem to figure out how. It perfectly shows all of the users and their ID numbers, I just need to grab them and put them in my if statement.
Your <option>tags are surely in a <select> tag. You have to give a name to your select, and that name will be the POST parameter name you can use in your PHP server-side code.
Also, you have to assign a value attribute to each option.
Your HTML print procedure become
<?php
echo '<select name="uid">';
while ($row2 = mysqli_fetch_assoc($Result2)) {
$uid = $row2['id'];
$name = $row2['name'];
$lastName = $row2['lastname'];
echo "<option value='".$uid."'>" . $name . " " . $lastName . " " . $uid . "</option>";
}
echo '</select>';
?>
and you PHP server-side code become
$userId = $_SESSION['id'];
$Users = "SELECT * FROM users";
$Result2 = $db->query($Users);
if(isset($_POST['submit'])){
$project = $_POST['Project'];
$task = $_POST['task'];
$user = $_POST['User'];
$date = $_POST['date'];
$uid = $_POST["uid"];
$query = "INSERT INTO events (projectId, userId, name, date) VALUES ('','', '$task', '$date')";
$result = $database->query($query);
echo "it worked";
}
If you're learning PHP, I advise to start correctly. Never access your superglobal parameters $_GET and $_POST directly without sanitize your inputs. Use some functions like filter_input()
I am making an email script in php. What happens is a mysql query is made, and the output of this is stored in the following strings :
$personal1 = $userinfo->salutation;
$personal2 = $userinfo->surname;
$business = $userinfo->businessname;
Next I have an if statement, this checks to see if the surname is blank, if it is, it then substitutes the salutation + surname with the business name. The problem I am having is that the emails keep being sent out with Dear, Business Name , even if the surname field is not blank, I am not sure what I am doing wrong with the following code for it to do this though ?.
if ($personal2=="") {
$name = $business; }
else {
$name = $personal1 . ' ' . $personal2;};
EDIT >>>>>>>>>>
If I echo out the contents of the strings I get :
personal1 = Mr
personal2 = Johnson
business = Hat Trick Media
Edit 2 >>>>>>>
This is some of the code, it is then passed onto the mailer.
<?php
$cf_uid = $_GET['token'];
$query = mysql_query("SELECT * FROM hqfjt_chronoforms_data_addupdatelead WHERE cf_uid = '$cf_uid'") or die(mysql_error());
$userinfo = mysql_fetch_object($query);
$personal2 = $userinfo->surname;
$personal1 = $userinfo->salutation;
$business = $userinfo->businessname;
?>
<?php
$result = mysql_query("SELECT * FROM hqfjt_chronoforms_data_addemailtemplate");
while ($row = mysql_fetch_object($result)) {
echo '<tr class="table-row">';
echo '<th class="template-name">';
echo '<div class="namerow">';
$id = $row->cf_uid;
$form_id = $row->form_id;
$query = mysql_query("SELECT `$form_id` FROM email_history WHERE cf_id = '$user_id'") or die(mysql_error());
$datesent = mysql_fetch_object($query);
$date = $datesent->$form_id;
if ($personal2=="") {
$name = $business; }
else {
$name = $personal1 . ' ' . $personal2;};
Is your code a valid statement? Your code structure is awful. Instead of...
if ($personal2=="") {
$name = $business; }
else {
$name = $personal1 . ' ' . $personal2;};
Use
if ($personal2=="") {
$name = $business;
}
else {
$name = $personal1 . ' ' . $personal2;
}
You seem to have an extra ; that you dont need.
You also dont seem to close the while loop in the code you posted...
Ok, I have found out what the problem was, $name was coming in the session from the previous page and overwriting $name on this page, I have now set it to destroy the session before it loads this page and it seems to have sorted it now, thanks for everyone's help :-)