I've been putting together my first attempt at anything PHP...and it doesnt work...
Basically when I click 'Submit' it just changed the window to display the php code, and submits nothing to mysql.
This is what I have.
<?php
require('config.php');
if(isset($_POST['submit'])){
//Perform the verification
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($email1 == $email2){
if($pass1 == $pass2){
//all good carry on
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($email1);
$email2 = mysql_escape_string($email2);
$pass1 = mysql_escape_string($pass1);
$pass2 = mysql_escape_string($pass2);
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')");
}else{
echo "Sorry, your passwords do not match.<br />";
exit();
}
}else{
echo "Sorry, your email addresses do not match.<br /><br />";
}else{
$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type="text" name="lname" /><br />
Username: <input type="text" name="uname" /><br />
Email: <input type="text" name="email1" /><br />
Confirm Email: <input type="text" name="email2" /><br />
Password: <input type="text" name="pass1" /><br />
Confirm Password: <input type="text" name="pass2" /><br />
<input type="submit" value="Register" name="submit" />
</form>
EOT;
}
?>
I'll add that the only way I could see the form was to copy the 'form' into a separate html file.
Any help wold be great and if you need more info just let me know.
Thanks
If you can see php code in your browser, your web server isn't configured properly and so this has nothing to do with php itself.
Do not pass the id field as null, just leave it out. Assuming of course the id field is set to primary index and autoincrement, which it should be.
turns out it was simply because i had mismatched my mysql_connect details.
Thanksfor the hints guys! wouldnt have figured it out otherwise.
Related
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 5 years ago.
I'm making a register page on 000webhost and I save the code, open the site up and I get this error : Parse error: syntax error, unexpected T_SL on line 40.
<?php
require('config.php');
if (isset($_POST['submit']))
{
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($email1 == $email2 && $pass1 == $pass2)
{
//All good
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($_POST['email1']);
$email2 = mysql_escape_string($_POST['email2']);
$pass1 = mysql_escape_string($_POST['pass1']);
$pass2 = mysql_escape_string($_POST['pass2']);
$pass1 = md5($pass1);
//Check if username is taken
$check = mysql_query("SELECT * FROM users WHERE uname = '$uname'")or die(mysql_error());
if (mysql_num_rows($check)>=1) echo "Username already taken";
//Put everyting in DB
else{
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')") or die(mysql_error());
echo "Registration Successful";
}
}
else{
echo "Sorry, your email's or your passwords do not match. <br />";
}
}
else{
$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type="text" name="lname" /><br />
Username: <input type="text" name="uname" /><br />
Email: <input type="text" name="email1" /><br />
Confirm Email: <input type="text" name="email2" /><br />
Password: <input type="password" name="pass1" /><br />
Confirm Password: <input type="password" name="pass2" /><br />
<input type="submit" value="Register" name="submit" /> </form>
EOT;
echo $form;
}
?>
I have spent a bit attempting to solve the issue but I cant find the problem.
Exactly on line 40 $form = <<<EOT you cannot have anything after the heredoc name, in your case you have spaces after "EOT" $form = <<<EOT[space]
I am trying to create a user registration form using php and mysql. When I try to hit the submit button no new record is added to my database. The database is functional and has worked with other forms.
HTML/FORM
<?php
include 'header.php';
?>
<section>
<div class="form">
<form action="signup.php" method="post">
<h1> Sign Up!</h1>
<p>First name:
<input type="text" name="fName" maxlength="15" required pattern="^[a-zA-Z]{3,20}$" placeholder="Enter Name" />
</p>
<p>Last name:
<input type="text" name="lName" maxlength="15" pattern="^[a-zA-Z]{3,20}$" required placeholder="Enter Last Name" />
</p>
<p>Email:
<input type="email" name="email" maxlength="40" required placeholder="Enter Email" />
</p>
<p>Username:
<input type="text" name="username" maxlength="20" ^[A-Za-z0-9_]{1,15}$ required placeholder="Enter Username" />
</p>
<p>Password:
<input type="password" name="password" maxlength="20" pattern="(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$" required placeholder="Enter Password" />
</p>
<p>Re-type Password:
<input type="password" name="password2" maxlength="20" pattern="^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).*$" required placeholder="Re-type Password" />
</p>
<p>
<button type="submit" name="signupbutton"> Sign up </button>
</p>
</form>
</div>
</section>
<div class="footerspecial">
<?php
include 'footer.php';
?>
</div>
PHP/SQL
<?php
//have they submitted at least once?
if(isset($POST['$password2'])){
$fName = $_POST['fName'];
$lName = $_POST['lName'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
//do the passwords NOT match?
if ($password !== $password2) {//do string comparison here
echo'<h2>Error: passwrods don\'t match!</h2>';
require ('registerform.php');
}
else {
//does the username already exist?
$sql = mysql_query("SELECT * FROM users WHERE username=='$username'");
if ($results=$con->query($sql)){
echo'<h2>Error: username is already taken</h2>';
require ('registerform.php');
}
else {
$sql = mysql_query("SELECT * FROM users WHERE email=='$email'");
if ($results=$con->query($sql)){
echo'<h2>Error: email already used</h2>';
require ('registerform.php');
}
else {
// If the values are posted, insert them into the database.
$sql= "INSERT INTO users (fName, lName, email, username, password, password2) VALUES ('$fName', '$lName', '$email', '$username', '$password', $password2)";
if (!$con->query($sql)){
echo 'Error: coulndt do suff';
}
else {
echo 'Account made';
}//ENDS SUCCESSFUL INSURT
}//ENDS EMAIL VALIDATION
}//ENDS THE USERNAME VALIDATION
}//END PASSWORD VALIDATION
}
?>
Picture of the form don't really know if its helpful but ya'know
https://gyazo.com/418b86ecb5090604a1f229e1e94fe3bf
I'm guessing here that your database doesn't have a password2 column (seems kind of pointless to have) so trying to insert into it will give an error.
You should read about MySQLi error reporting
Also add error_reporting(-1); at the start of your PHP file to show PHP errors.
P.S. your code is vulnerable to SQL injection, you should use prepared statements to be safe from this.
Could have multiple problems first you do not have the single quotes around $password2. This could be leading to a failed insert.
VALUES ('$fName', '$lName', '$email', '$username', '$password', $password2)";
Also I would echo the sql errors out as you are not doing. you can do this easily. Test the if statement for a true not a false
if ($con->query($sql)){
//if true then runs your code;
}
else {
echo "Error: " . $sql . "<br>" . $con->error; // This will echo out any sql errors you may have
}
Here is the code for my entire index page, which includes a register and a login. For some reason, the register part works fine, and it is inserting correctly. Yet, the login part is not working, as whenever I call the $queryrun(mysql_query($query)) on the SELECT * FROM, it does not work.
<?php
require('includes/dbconnect.php');
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$password = md5($password);
$logemail = $_POST['logemail'];
$logpassword = $_POST['logpassword'];
$logpassword = md5($logpassword);
// Register Script
if (isset($firstname) && !empty($firstname) && !empty($lastname) && !empty($email) && !empty($password)) {
$query = "INSERT INTO users VALUES('', '$firstname', '$lastname', '$email', '', 'm', '9', '$password', 'bio'";
$queryrun = mysql_query($query);
} else {
echo 'Please fill out all of the form fields';
}
// Login Script
if (!empty($logemail) && !empty($logpassword)){
$query = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
$queryrun = mysql_query($query);
while ($row = mysql_fetch_assoc($queryrun)) {
$logemail = $row['logemail'];
}
echo $logemail;
$numrows = mysql_num_rows($query);
if ($numrows > 0){
echo 'User exists';
} else {
echo 'User does not exist';
}
} else {
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form action="index.php" method="POST">
Firstname: <input type="text" name="firstname" /><br />
Lastname: <input type="text" name="lastname" /><Br />
Email: <input type="text" name="email" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" value="Submit" />
</form>
<br /><hr />
<br />
Login:<br />
<form action="index.php" method="POST">
Email:<input type="text" name="logemail" /><br />
Password: <input type="password" name="logpassword" /><br />
<input type="submit" value="Log in" /><br />
</form>
</body>
</html>
The connection to the database is fine because the register part code works, it's just the login code is returning nothing and saying that the user does note exist, when the user actually does exist
Your form field is $logemail while your mysql statement uses $email.
To get this working looks like you want:
$query = "SELECT * FROM users WHERE email = '$logemail' AND password = '$logpassword'";
But as John Conde mentions there are significant security issues.
What version of PHP are you using? This extension is deprecated as of PHP 5.5.0, you really should be using mysqli or PDO.
also
if (!empty($logemail) && !empty($logpassword)){
$query = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
you are checking for $logemail and $logpassword but putting $email and $password in the query string... also use {} in your strings for php variables. it helps keep string concatenation from getting confusing and you can use associated arrays in the string
echo "This is my string and this is the number {$number}. this is the value in my array: {$arrayvar["something"]}.";
Alright, so recently I watched a tutorial and coded along with it in Notepad++. I am attempting a simple MYSQL login/register form, but when I login- it gives me the "Wrong U/P" error echo I wrote. It saves everything in the database as the md5 and stuff. Here is my codes.
register.php
<?php
require('config.php');
if(isset($_POST['submit'])){
//Preform the verification of the nation
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($email1 == $email2) {
if($pass1 == $pass2) {
//All good. Carry on.
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($_POST['email1']);
$email2 = mysql_escape_string($_POST['email2']);
$pass1 = mysql_escape_string($_POST['pass1']);
$pass2 = mysql_escape_string($_POST['pass2']);
$pass1 = md5($pass1);
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname'");
if(mysql_num_rows($sql) > 0) {
echo "Sorry, that user already exists!";
exit();
}
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')");
}else{
echo "Sorry, your passwords do not match<br><br>";
exit();
}
}else{
echo "Sorry, your emails do not match.<br><br>";
}
}else{
$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type="text" name="lname" /><br />
Username: <input type="text" name="uname" /><br />
Email: <input type="text" name="email1" /><br />
Confirm Email: <input type="text" name="email2" /><br />
Password: <input type="password" name="pass1" /><br />
Confirm Password: <input type="password" name="pass2" /><br />
<input type="submit" value="Register" name="submit" />
</form>
EOT;
echo $form;
}
?>
login.php
<?php
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_real_escape_string($_POST['uname']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass = md5($pass);
$sql = mysql_query("SELECET * FROM `users` where `uname` = '$uname' and `pass` = '$pass'");
if(mysql_num_rows($sql) > 0){
echo "You are now logged in.";
exit();
}else{
echo "Wrong U/P combination";
}
}else{
$form = <<<EOT
<form action="login.php" method="POST">
Username: <input tye="text" name="uname" /><br>
Password: <input type="password" name="pass" /><br>
<input type="submit" name="submit" value="Login" />
</form>
EOT;
echo "$form";
}
?>
and config.php
<?php
mysql_connect("localhost", "X", "X");
mysql_select_db("X");
?>
The config.php code is correct, but I am not giving away X.
As you can see, this code echos out an error for login.php if it's incorrect. It gives me that error even if it is correct. I used MD5 hash passes, so please help!
Firstly, you're using the ` tag in there - this should be ' .
You need to either interpolate or concatenate your variables; i.e; instead of
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')");
use;
mysql_query("INSERT INTO 'users' ('id', 'name', 'lname', 'uname', 'email', 'pass') VALUES (NULL, '{$name}', '{$lname}', '{$uname}', '{$email1}', '{$pass1}')");
Anyway, aside from some good practice, have a look at this line;
$sql = mysql_query("SELECET * FROM `users` where `uname` = '$uname' and `pass` = '$pass'");
Just a small typo ruining everything for you. Change SELECET to SELECT , and you should be good to go.
Best of luck!
Eoghan
you don't need the following lines:
$email2 = mysql_escape_string($_POST['email2']);
and
`$pass2 = mysql_escape_string($_POST['pass2']);`
2. run SELECET * FROM users in order to see that the user/pwd really made it to the DB
3. add echo "$uname $pass <br>"; to the login form to make sure that it passed correctly
The other two answers are correct, but you have a more fundamental issue with this: you are using the old, deprecated mysql_* functions. Those functions are an old, procedural interface to MySQL and don't support the modern features of that RDBMS. I suggest using mysqli or PDO for an OOP approach to database access.
If you are going to stick to this ancient code, you should at least use mysql_real_escape_string() instead of mysql_escape_string().
I am a beginner PHP coder. I want it to be if when they register for my php code, it echos "You have been registered", instead of just showing a blank page. This is my code:
<?php
require('config.php');
if(isset($_POST['submit'])){
//Preform the verification of the nation
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($email1 == $email2) {
if($pass1 == $pass2) {
//All good. Carry on.
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($_POST['email1']);
$email2 = mysql_escape_string($_POST['email2']);
$pass1 = mysql_escape_string($_POST['pass1']);
$pass2 = mysql_escape_string($_POST['pass2']);
$pass1 = md5($pass1);
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname'");
if(mysql_num_rows($sql) > 0) {
echo "Sorry, that user already exists!";
exit();
}
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`,
`pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1',
'$pass1')");
}else{
echo "Sorry, your passwords do not match<br><br>";
exit();
}
}else{
echo "Sorry, your emails do not match.<br><br>";
}
}else{
$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type="text" name="lname" /><br />
Username: <input type="text" name="uname" /><br />
Email: <input type="text" name="email1" /><br />
Confirm Email: <input type="text" name="email2" /><br />
Password: <input type="password" name="pass1" /><br />
Confirm Password: <input type="password" name="pass2" /><br />
<input type="submit" value="Register" name="submit" />
</form>
EOT;
echo $form;
}
?>
As you can see, there is no echo for if everything works. Please help me add an echo if they're registrations gets registered!!
Just check the return of the insert query.
$result = mysql_query("INSERT ...");
if ($result) {
echo "Created!";
} else {
echo "Uh oh! Something went wrong!";
}
In your case - You could just type:
echo "Congratulations, You've been submitted";
or whatever you want to say just under the insert statement
before the last
}else{
in your code put
echo "You have signed up";
and that's it :)