Have problem with adding new user using mysql and php. Trying to find out how to done my problem probably all day, but I didn't this.
So I connect my db in connect.php
<?php
$db = mysql_connect("localhost","root","") or die("MySQL are not launched? Could not connect to DB");
if(!$db) {
die("Your DB variable probably has no \$db name. No DB launched");
}
if(!mysql_select_db("fdb",$db)) {
die("wrong DB name");
}
?>
made html inputs where user try to make account:
<form method="post" action="reguser.php">
type username: <input type="text" name="user" size="22"/><br>
type password: <input type="text" name="password" size="15"/><br>
retype password: <input type="text" name="password2" size="15"/><br>
type e-mail: <input type="text" name="email" size="50"/><br>
<input type="submit" value="submit"/>
and when he pushes submit it checkes on all error (ex not same passwords) but the problem i get the same error could not register from checking mysql_query($SQL)
else {
$SQL = "INSERT into users(name, password, email) VALUES ('$user','$password','$email'";
mysql_query($SQL) or die('could not register');
print "your registration complete<br>";
}
You seem to be missing a ) here:
VALUES ('$user','$password','$email'";
Try this:
VALUES ('$user','$password','$email')";
That is most likely merely a syntactical issue.
Related
I am trying to get my HTML form to post to my data base but I get nothing. I am not bothered about the security side of things at the moment I would just like it functional. I have looked all over the web for a solution and at most of the similar problems on here. I am probably just missing something stupid.
HTML
<form action="booking.php" id="booking" name="booking" method="post">
Let us know what you would like and when and we will get back to you
to confirm<br>
<label for="name">Name:</label>
<input type="text" id="name" name="name"><br>
<label for="email">Email:</label>
<input type="email" name="email" id="email" required>`
PHP
<?php
define('db_database', 'database');
define('db_user_name', 'username');
define('db_password', 'password');
define('db_server_name', 'server');
$dbconnect = mysqli_connect(db_server_name, db_user_name, db_password,
db_database);
if (!$dbconnect) {
die('Could not connect: ' . mysqli_error());
}
echo 'Connected!';
$db_selected = mysqli_select_db($dbconnect, db_database);
$name = $_POST['name'];
$mysqli = "INSERT INTO booking (name) VALUES ($name)";
?>
MySQL returned an empty result set (i.e. zero rows). (Query took 0.0004 seconds.)
Make sure that the name attribute in the input tag from your name is defined as name like: <input type="text" name="name"> Without this you can't access. Check if you get the value of the submitted form like: echo $_POST["name"]
I would recommend to get the $name variable in the SQL-Query like this: INSERT INTO booking (name) VALUES ('$name')
If it's not working after all, try to execute the query like this:
$result = mysqli_query($dbconnect, $mysqli);
(instead of your $db_selected part)
I hope I can help.
Okay so I have a webserver running off a Raspberry Pi at the moment and I have a really basic form with seven textboxes. I want the values entered into the textboxes to append to a database when I click the 'Submit' button. I have HTML code to create the form:
<!DOCTYPE html>
<html>
<head>
<title>Assignment Submission Form</title>
</head>
<body>
<form name="assi_subm" METHOD="POST" >
<p><label for="title">Title: </label><br><input id="title" name="title" type="text" size="25"></p>
<p><label for="password">Password: </label><br><input type="password" id="password" name="password" size="25" maxlength="20"></p>
<p><label for="soc">Statement of Contribution: </label><br><textarea style="width:300px;height:100px;" name="soc" id="soc"></textarea></p>
<p><label for="object">Project Objectives: </label><br><textarea style="width:300px;height:100px;" name="object" id="object"></textarea></p>
<p><label for="discuss">Review and Discussion of Technologies Used: </label><br><textarea style="width:300px;height:100px;" name="discuss" id="discuss"></textarea></p>
<p><label for="design">Design and Implementation: </label><br><textarea style="width:300px;height:100px;" name="design" id="design"></textarea></p>
<p><label for="references">References: </label><br><textarea style="width:300px;height:100px;" name="references" id="references"></textarea></p>
<p><input type="button" value="Submit"></p>
</form>
</body>
</html>
and that's fine, that opens as you'd expect. However I can't make the data from those textboxes actually append to the database when I click. I'm not totally sure if I'm even meant to be using PHP (I don't think I fully understand the concept in this situation) but I have the following code which is attempting to insert the data into the database by checking the button submission isn't empty? I'm not sure, I've been trying lots of different things but at the moment I'm just getting a blank page, I'm really confused, any help would be really appreciated.
This is my current PHP code:
<?php
$con = mysql_connect("localhost", "root", "password") or die("Could not connect");
$database = mysql_select_db("assignment_submission", $con) or die("Could not do");
$title_IP = $_POST['title'];
$password_IP = $_POST['password'];
$soc_IP = $_POST['soc'];
$object_IP = $_POST['object'];
$discuss_IP = $_POST['discuss'];
$design_IP = $_POST['design'];
$references_IP = $_POST['references'];
if (!empty($_POST)){
mysql_query($database, "INSERT INTO file_data (title, password, soc, object, discuss, design, references) values ($title_IP, $password_IP, $soc_IP, $object_IP, $discuss_IP, $design_IP, $references_IP);
}
?>
You have missing quotes around your values and a double quote plus a missing bracket.
You're also using the wrong variable $database for your insert, you can just remove it since you are using mysql_ as opposed to mysqli_ where DB connection is mandatory.
Another thing is the word references, it's a reserved word and must be wrapped in backticks.
`references`
Replace with the following:
mysql_query("INSERT INTO file_data (title, password, soc, object, discuss, design, `references`) values ('$title_IP', '$password_IP', '$soc_IP', '$object_IP', '$discuss_IP', '$design_IP', '$references_IP')");
Or you can also use:
if (!empty($_POST)){
$sql = "INSERT INTO file_data (title, password, soc, object, discuss, design, `references`) values ('$title_IP', '$password_IP', '$soc_IP', '$object_IP', '$discuss_IP', '$design_IP', '$references_IP')";
$query = mysql_query( $sql, $con );
if($query ){
echo "Success";
}
else{
die('Could not insert data: ' . mysql_error());
}
}
Your present code is open to SQL injection. Use prepared statements, or PDO.
As the very least, use mysql_real_escape_string() around your POST variables.
I.e.: $title_IP = mysql_real_escape_string($_POST['title']);
mysql_* functions deprecation notice:
http://www.php.net/manual/en/intro.mysql.php
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.
These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.
Documentation for MySQL can be found at » http://dev.mysql.com/doc/.
During development
Add error reporting to the top of your file(s)
error_reporting(E_ALL);
ini_set('display_errors', 1);
which will signal errors found.
Edit
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$con = mysql_connect("localhost", "root", "password") or die("Could not connect");
$database = mysql_select_db("assignment_submission", $con) or die("Could not do");
if (isset($_POST['submit'])){
$title_IP = $_POST['title'];
$password_IP = $_POST['password'];
$soc_IP = $_POST['soc'];
$object_IP = $_POST['object'];
$discuss_IP = $_POST['discuss'];
$design_IP = $_POST['design'];
$references_IP = $_POST['references'];
$sql = "INSERT INTO file_data (title, password, soc, object, discuss, design, `references`) values ('$title_IP', '$password_IP', '$soc_IP', '$object_IP', '$discuss_IP', '$design_IP', '$references_IP')";
$query = mysql_query( $sql, $con );
if($query ){
echo "Success";
}
else{
die('Could not insert data: ' . mysql_error());
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Assignment Submission Form</title>
</head>
<body>
<form name="assi_subm" METHOD="POST" action="">
<p><label for="title">Title: </label><br><input id="title" name="title" type="text" size="25"></p>
<p><label for="password">Password: </label><br><input type="password" id="password" name="password" size="25" maxlength="20"></p>
<p><label for="soc">Statement of Contribution: </label><br><textarea style="width:300px;height:100px;" name="soc" id="soc"></textarea></p>
<p><label for="object">Project Objectives: </label><br><textarea style="width:300px;height:100px;" name="object" id="object"></textarea></p>
<p><label for="discuss">Review and Discussion of Technologies Used: </label><br><textarea style="width:300px;height:100px;" name="discuss" id="discuss"></textarea></p>
<p><label for="design">Design and Implementation: </label><br><textarea style="width:300px;height:100px;" name="design" id="design"></textarea></p>
<p><label for="references">References: </label><br><textarea style="width:300px;height:100px;" name="references" id="references"></textarea></p>
<p><input type="submit" name="submit" value="Submit"></p>
</form>
</body>
</html>
Correct your sql query, use this code:
if (!empty($_POST)){
mysql_query($database, "INSERT INTO file_data ($title_IP, $password_IP, $soc_IP, $object_IP, $discuss_IP, $design_IP, $references_IP)
}
and $ signs in PHP are used to create as well as reference variables, so you gotta use them everywhere.
I'm working on a Uni assignment and am having trouble inserting records to MySQL database using a form. My set up is below.
I can view entries in the database with no problem. I'm new to this so sorry in advance :(
conninfo.php
<?php
$strServer="localhost";
$strDatabase="djdatabase"; // CHANGE TO YOUR DATABASE NAME HERE
$strUser="root";
$strPwd=""; // Leave blank for WAMPServer
$strDB=mysql_connect($strServer,$strUser,$strPwd)or die("Could not open database");
$database=mysql_select_db("$strDatabase",$strDB);
?>
addnewdata.php
<?php include "conninfo.php";
$newdj=$_POST["dj"]; //pick up from form
$newfn=$_POST["fn"];
$newem=$_POST["em"];
$newwe=$_POST["we"];
$newpi=$_POST["pi"];
$newev=$_POST["ev"];
$query = "INSERT INTO dj(DJName, FirstName, Email, Website, Picture, EventNumber)VALUES('$newdj', '$newfn', '$newem', '$newwe', '$newpi', '$newev)";
mysql_query($query);
header("location:showall.php");
?>
enternewdata.php
<?php include "conninfo.php";?>
<html>
<head>
</head>
<body>
<form action="addnewdata.php" method="post">
DJ Name:<input type="text" name="dj"><br>
FirstName: <input type="text" name="fn" /><br>
Email: <input type="text" name="em" /><br>
Website: <input type="text" name="we" /><br>
Picture: <input type="text" name="pi" /><br>
EventID: <input type="text" name="ev" /><br>
<br><br>
<button type="submit">Submit</button>
</form>
</body>
</html>
Many Thanks for your help :)
had better use SET command to insert data
$query = "INSERT INTO dj SET
DJName=".$newdj.",
FirstName=".$newfn.",
Email=".$newem.",
Website=".$newwe.",
Picture=".$newpi.",
EventNumber=".$newev."";
$save = mysql_query($query);
if($save){
header("location:showall.php");
}else{
die(mysql_error());
}
You are missing a quote ' wich is causing the error that you cannot see because you haven't done any debug. Anyway you should just change to this
'$newwe', '$newpi', '$newev')"; //a quote was missing after '$newv
I would suggest you to also debug query by adding or die('INVALID QUERY: ' . mysql_error());
so code would look like
mysql_query($query) or die('INVALID QUERY: ' . mysql_error());
Since you said this is an university test I don't know if you are supposed to use mysql_* function (wich are deprecated), but I would strongly reccommend to switch to mysqli or PDO if you can for security reason.
You missed ' on your query on $newev that gives you an error
$query = "INSERT INTO dj(DJName, FirstName, Email, Website, Picture, EventNumber)VALUES('$newdj', '$newfn', '$newem', '$newwe', '$newpi', '$newev)";
My DB has columns: ID, first_name, email, password, level
I have a form that i am trying to update the 'level' column based on the 'email address' entered of the existing user.
Right now i have a basic form that just inserts the info, but i need it to update existing users based on the email value.
This is what i have
<form action="update.php" method="post">
<input type="hidden" name="action" value="update" />
<fieldset>
<label for="email" />Email Address:</label>
<input value="" type="text" name="email" id="email" />
<label for="level" />Level:</label>
<input value="vip" type="text" name="level" id="level" />
<input class="button" type="image" src="/img/right/get-started-button.png" />
</fieldset>
</form>
----update.php------
<?php
$email = $_POST['email'];
$level = $_POST['level'];
mysql_connect ("localhost", "username", "pass") or die ('Error: ' . mysql_error());
mysql_select_db ("db_name");
$query="INSERT INTO users (email, level)VALUES ('".$email."','".$level."')";
mysql_query($query) or die ('Error updating database');
echo "Database Updated With: " .$email. " ".$level ;
?>
Not knowing what version of MySQL your using, you can use INSERT ON DUPLICATE KEY UPDATE syntax if your on 5+: http://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html
If your using an older version then a simple select id limit 1 should suffice to find if the record exists.
BTW: you should be using mysql_real_escape_string (or similar) before you execute your sql statement. Its also a good idea to always use back ticks ` around your field names just in case you hit a reserved word or invalid symbol in your field names.
I'm not sure If i uderstand your question correctly, but if you are looking for the sql update:
UPDATE users Set level='some_value' WHERE email="some_email_address"
So you could do:
$query="UPDATE users SET level='" .$level."' WHERE email='" .$email."'";
That is if I understood your question correctly.
As in you are trying to update an existing table, based on the email address typed into the form.
I am trying to set up my first PHP site and I really want to do it the right way. I am working on the form located: http://www.bwgblog.com/signup.
I have set up the following form:
<p><form action="/signup/register.php" method="post">
<label for="first_name">First Name</label>
<input type="text" name="first_name" />
<label for="last_name">Last Name</label>
<input type="text" name="last_name" />
<label for="company">Company</label>
<input type="text" name="company" />
<label for="job_title">Job Title</label>
<input type="text" name="job_title" />
<label for="phone">Phone</label>
<input type="text" name="phone" />
<label for="email">Email</label>
<input type="text" name="email" />
<label for="username">Choose a Username</label>
<input type="text" name="username" />
<label for="password">Choose a Password</label>
<input type="text" name="password" />
<label for="confirm_password">Confirm Your Password</label>
<input type="text" name="confirm_password" />
<input type="submit" value="Get Started" />
</form>
And here is my PHP page, register.php:
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
$con = mysql_connect("localhost","*******","******"); //Replace with your actual MySQL DB Username and Password
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("bwgblog", $con); //Replace with your MySQL DB Name
$first_name=mysql_real_escape_string($_POST['first_name']);
$last_name=mysql_real_escape_string($_POST['last_name']);
$company=mysql_real_escape_string($_POST['company']);
$job_title=mysql_real_escape_string($_POST['job_title']);
$phone=mysql_real_escape_string($_POST['phone']);
$email=mysql_real_escape_string($_POST['email']);
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$confirm_password=mysql_real_escape_string($_POST['confirm_password']);
$sql="INSERT INTO members (first_name,last_name,company,job_title,phone,email,username,password,confirm_password) VALUES ('$first_name','$last_name','$company','$job_title','$phone','$email','$username','$password','$confirm_password')";
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "The form data was successfully added to your database.";
mysql_close($con);
?>
I am trying to figure out how to add in AJAX such that it gives me two things. 1) The ability for it to check in realtime the username field as that field should be unique, and 2) the ability to have the confirm password field render a green checkmark if it == password field.
I have been looking all day for how to do this and can't get a clear look at it. Here is how the files are laid out:
signup (folder)
-> index.php
-> register.html.php
-> register.php
1) AJAX doesn't require the backend to be anything special - so the simplest solution there may be to have a 'usercheck.php' file that queries the DB for the username passed, then returns some form of true/false. You'll probably want to reply using JSON (this is easy if you have PHP 5 - see json_encode).
Regarding the AJAX frontend you'll find it easiest if you use an existing framework (I've used Mochikit and prototype, both seem fine) of which there are several. This should allow you to load the server's response easily.
If you have the AJAX use GET rather than POST (this is simpler) then you can test the response by just viewing the page with the appropriate query string. In any case using Firebug will allow you to view the calls in realtime.
2) There is no need to have the password check AJAX - that can be done simply using plain JavaScript: simply compare the .value properties of the two inputs.
Agreed with PeterJCLaw on all accounts except the choice of javascript framework. Here is how you could do it with jQuery:
// give the form an ID to use a better selector: ie: $('#myform')
// intercept form submit
$('form').submit(function(){
// check if passwords match; you might want to do more thorough validation
if($('input[name=password]').val()==$('input[name=confirm_password]').val()){
// make ajax post request and store the response in "response" variable
$.post('/signup/register.php', $(this).serialize(), function(response){
// process response here (assume JSON object has boolean property "ok"
if(response.ok==true){
// sweet, it worked!
alert('OK!');
}else{
// handle error
alert('Ooops');
}
}, 'json');
// stop the form from being submitted
return false;
}else{
// for the sake of simplicity
alert('Passwords don't match!);
}
});
Look at Jquery's validate extension.
It will simplify all of this. Checking remote values is simple too.
A relatively recent post on this with example code.
You can upload Jquery to your server, or google code hosts them. Using the google version greatly increases the chance that your customers will have already downloaded it also and can use their cached copy.
$fields = array('first_name','last_name','company','job_title','phone','email','username','password','confirm_password');
$dbfields = array(); $dbdata = array(); $dbfieldq = array(); $types = ''; //Setting Variable
foreach ($fields as $field){ //For Each Field
if (!isset($_POST[$field]){ header('Location: signup.php'); die('Please Fill in all fields, they are required'); } //Missing Field Error -- Doublecheck on serverside
array_push($dbdata, strip_tags($_POST[$field])); //Add Data - MySQLi Prepared Statements don't need to be escaped
array_push($dbfields,$field); //Add a field
array_push($dbfieldq,'?'); //Add a ?
$types += 's'; //Add a field type (string for all of these)
}
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'my_db'); //Connect
if ($mysqli->connect_error) { //If there is a connect Error
die('Connect Error (' . $mysqli->connect_errno . ') '
. $mysqli->connect_error);
}
$names = explode($dbfields); //Explode the Field Names
$questions = explode($dbfieldq); //Explode the ?
$stmt = $mysqli->prepare("INSERT INTO DBName ($names) VALUES ($questions)");
$params = $this->paramValues;
array_unshift($dbdata, implode($this->paramTypes);
call_user_func_array( array( $stmt, 'bind_param' ), $params);
$stmt->bind_param($types, $code, $language, $official, $percent);
$stmt->execute();
$mysqli->close();
A better way to do the php... Use prepared statements and loops to prepare the variables.