<?
$nick = $_POST['nick'];
$link = $_POST['link'];
$regiment = $_POST['regiment'];
$message = $_POST['message'];
$date = date('Y-m-d H:i:s');
$ip = $_SERVER['REMOTE_ADDR'];
$servername="localhost";
$username="pp";
$conn= mysql_connect($servername,$username, mygas13)or die(mysql_error());
mysql_select_db("pp",$conn);
$ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
$sql = "SELECT TIMEDIFF(NOW(), `LastPost`) AS 'TimeSinceLast'
FROM `userTable`
WHERE `ip` = '{$ip}'
AND `LastPost` > DATE_SUB(NOW(), INTERVAL 1 DAY)";
$result = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($result) > 0) {
$row = mysql_fetch_assoc($result);
$timeSinceLast = date("G\h i\m s\s", strtotime($row['TimeSinceLast']));
$sql="insert into userTable (nick,link,message,regiment,ip,date,submitted) VALUES ('$nick', '$link', '$message', '$regiment', '$ip', '$date', 'Yes') ";
$result=mysql_query($sql,$conn) or die(mysql_error());
}
else {
$servername="localhost";
$username="pp";
$conn= mysql_connect($servername,$username, mygas13)or die(mysql_error());
mysql_select_db("pp",$conn);
$sql="insert into userTable (nick,link,message,regiment,ip,date,submitted) VALUES ('$nick', '$link', '$message', '$regiment', '$ip', '$date', 'No')";
$result=mysql_query($sql,$conn) or die(mysql_error());
mysql_close($connection);
}
header("Location: thanks.html");
?>
This is my input.php. It submits the data but it also checks if multiple submissions come from one ip in 1day period. What i can't do is to update the value submitted for the rest of his/her submissions with yes. I have tried DUPLICATE KEY UPDATE but it did not work
Related
I cant insert 2 tabs at once.
It only insert 1 of them (In this example, it inserts the first one)
function addNewUser($username, $password, $email){
$time = time();
/* If admin sign up, give admin user level */
if(strcasecmp($username, ADMIN_NAME) == 0){
$ulevel = ADMIN_LEVEL;
}else{
$ulevel = USER_LEVEL;
}
$datumregistrationbla = date("d.m.Y");
$q = "INSERT INTO ".TBL_USERS." (username, password, email, userlevel, register_date) VALUES ('$username', '$password', '$email', '$ulevel', '$datumregistrationbla')";
return mysql_query($q, $this->connection);
$q = "INSERT INTO `post` (`post_id`, `from`, `to`, `betreff`, `text`, `datum`, `active`) VALUES ('', 'Fuchsfeuer', '$username', 'Test', 'Test2', '$datumregistrationbla', '0')";
return mysql_query($q, $this->connection);
}
The problem is because you return the first mysql_query and the rest will not be executed.Try removing it like this.
function addNewUser($username, $password, $email){
$time = time();
/* If admin sign up, give admin user level */
if(strcasecmp($username, ADMIN_NAME) == 0){
$ulevel = ADMIN_LEVEL;
}else{
$ulevel = USER_LEVEL;
}
$datumregistrationbla = date("d.m.Y");
$q = "INSERT INTO ".TBL_USERS." (username, password, email, userlevel, register_date) VALUES ('$username', '$password', '$email', '$ulevel', '$datumregistrationbla')";
mysql_query($q, $this->connection);
$q = "INSERT INTO `post` (`post_id`, `from`, `to`, `betreff`, `text`, `datum`, `active`) VALUES ('', 'Fuchsfeuer', '$username', 'Test', 'Test2', '$datumregistrationbla', '0')";
mysql_query($q, $this->connection);
}
Please forget using mysql_* because it is deprecated and in php 7 it was already removed.
Try to use mysqli or pdo
ok so I can connect and view the database with my php code, however I can not insert data into it.here is the query I tested with phpmyadmin which was able insert new data into my table
INSERT INTO `members` ( `id` , `username` , `email` )
VALUES ( 123456789, 'russi', 'baka#dog.com' )
then I tried to put it into my actual php file
<?php
$servername = "localhost";
$username = "root";
$password = "blablabla";
$dbname = "test_database";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO 'members' ('id', 'username', 'email')
VALUES (2339978, 'vladtheimpalor', 'vladtheimaplor#bloody.com')";
$sql = "SELECT id, username, email FROM members";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["id"]. " - username: " . $row["username"]. " -email:" . $row["email"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
so select function works but insert does not.
You are overriding your $sql variable w/o executing it. Besides that you should not use single quotes for columns, but backticks (see When to use single quotes, double quotes, and backticks in MySQL)
Change
$sql = "INSERT INTO 'members' ('id', 'username', 'email')
VALUES (2339978, 'vladtheimpalor', 'vladtheimaplor#bloody.com')";
$sql = "SELECT id, username, email FROM members";
$result = $conn->query($sql);
to
$sql = "INSERT INTO `members` (`id`, `username`, `email`)
VALUES (2339978, 'vladtheimpalor', 'vladtheimaplor#bloody.com')";
$result = $conn->query($sql);
$sql = "SELECT id, username, email FROM members";
$result = $conn->query($sql);
Change your insert to:
$sql = "INSERT INTO members (id, username, email)
VALUES (2339978, 'vladtheimpalor', 'vladtheimaplor#bloody.com')";
And call your query:
$sql = "INSERT INTO members (id, username, email)
VALUES (2339978, 'vladtheimpalor', 'vladtheimaplor#bloody.com')";
//Here, you never execute your query
$result = $conn->query($sql);
$sql = "SELECT id, username, email FROM members";
$result = $conn->query($sql);
Of course it did not work !
You never execute your INSERT...
<?php
...
$sql = "INSERT INTO 'members' ('id', 'username', 'email')
VALUES (2339978, 'vladtheimpalor', 'vladtheimaplor#bloody.com')";
$conn->exec($sql);
$sql = "SELECT id, username, email FROM members";
$result = $conn->query($sql);
...
:)
remove the single quotes around your column and table names:
$sql = "INSERT INTO members (id, username, email)
VALUES (2339978, 'vladtheimpalor', 'vladtheimaplor#bloody.com')";
single quotes are only used for char fields.
Also you never execute the insert Statement because you overwrite it.
$sql = "INSERT INTO 'members' ('id', 'username', 'email')
VALUES (2339978, 'vladtheimpalor', 'vladtheimaplor#bloody.com')";
$sql = "SELECT id, username, email FROM members";
//missing the grave accent
$sql = "INSERT INTO `members` (id, username, email)
VALUES (2339978, 'vladtheimpalor', 'vladtheimaplor#bloody.com')";
$sql = "SELECT `id`, `username`, `email` FROM `members`";
/* This is the corrrected code */
I have created a php function that allows users to save their address on the database. My issue is that part of the code doesn't run at all. The code stops running at $result2= "SELECT * FROM Addressv4 WHERE Userid = '".$id."'";
It then starts working when it reaches this line of code $insert_query = "INSERT INTO Addressv4 (Userid, Housenumber, Street, Town, Postcode, DefaultAddress)
values ('$id', '$Number', '$Street', '$Town','$Postcode', '1')";
I haven't received any syntax errors when running the code either.
Any help would be grateful.
<?php
include 'dbconnect.php';
$connection = mysqli_connect($db_host, $db_username, $db_password, $db_database);
// Check connection
if (mysqli_connect_errno($connection)) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// Getting data from HTML Form
$Number = $_POST['streetnumber'];
$Street = $_POST['street'];
$Town = $_POST['town'];
$Postcode = $_POST['postcode'];
$Username = $_POST['Username'];
$sql = mysqli_query($connection, "SELECT * FROM Userv2 WHERE Username = '".$Username."'");
if ($sql){
while($row = mysqli_fetch_array($sql)){
$id = $row['Id'];
}
}
$result2= "SELECT * FROM Addressv4 WHERE Userid = '".$id."'";
$sql1 = mysqli_query($connection, $result2);
$count = count($sql1);
if($count >=1){
echo 'Sorry you can only have 1 default address';
}
$insert_query = "INSERT INTO Addressv4 (Userid, Housenumber, Street, Town, Postcode, DefaultAddress)
values ('$id', '$Number', '$Street', '$Town','$Postcode', '1')";
$result = mysqli_query($connection, $insert_query);
header("Location: http://sots.brookes.ac.uk/~10031187/viewaddress.php");
mysqli_close($connection);
?>
maybe it's better to use
SELECT COUNT(Userid) AS countId FROM..
if ($row['countId'] > 1) {
that way the query will always return something, now there is a chance your query can return false..
what is the output of var_dump($sql1); ?
$sql1 is a resulset. You cannot count the number of lines like this.
Try :
$sql1_count = mysqli_num_rows($sql1)
Need help here...
I receive an error code saying...
SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''students' (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnu' at line 1
by the way, i put add function in php using these codes...
$Lastname = $_POST['Lastname'];
$Firstname = $_POST['Firstname'];
$Middleinitial = $_POST['Middleinitial'];
$Course = $_POST['Course'];
$Year = $_POST['Year'];
$Section = $_POST['Section'];
$Studentnumber = $_POST['Studentnumber'];
$Violation = $_POST['Violation'];
$Punishment = $_POST['Punishment'];
$Violationdate = $_POST['Violationdate'];
$Punishmentstartdate = $_POST['Punishmentstartdate'];
$CSlength = $_POST['CSlength'];
$Add = $_POST['add'];
$records = mysql_connect('localhost', 'root', '') or die(mysql_error());
mysql_select_db('records', $records);
$sql = ("INSERT INTO 'students' (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')");
$result = mysql_query($sql, $records);
if (!$result)
die("SQL Error: ".mysql_error());
echo "Success";
thanks for the answer.... :))
Get rid of the quotes around students. Either use ticks or nothing at all:
$sql = ("INSERT INTO `students` (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')");
FYI, you are wide open to SQL injections.
You just have to modify you code like this!
$Lastname = $_POST['Lastname'];
$Firstname = $_POST['Firstname'];
$Middleinitial = $_POST['Middleinitial'];
$Course = $_POST['Course'];
$Year = $_POST['Year'];
$Section = $_POST['Section'];
$Studentnumber = $_POST['Studentnumber'];
$Violation = $_POST['Violation'];
$Punishment = $_POST['Punishment'];
$Violationdate = $_POST['Violationdate'];
$Punishmentstartdate = $_POST['Punishmentstartdate'];
$CSlength = $_POST['CSlength'];
$Add = $_POST['add'];
$records = mysql_connect('localhost', 'root', '') or die(mysql_error());
mysql_select_db('records', $records);
$sql = "INSERT INTO students (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')";
$result = mysql_query($sql, $records);
if (!$result)
die("SQL Error: ".mysql_error());
echo "Success";
Try this
$Lastname = $_POST['Lastname'];
$Firstname = $_POST['Firstname'];
$Middleinitial = $_POST['Middleinitial'];
$Course = $_POST['Course'];
$Year = $_POST['Year'];
$Section = $_POST['Section'];
$Studentnumber = $_POST['Studentnumber'];
$Violation = $_POST['Violation'];
$Punishment = $_POST['Punishment'];
$Violationdate = $_POST['Violationdate'];
$Punishmentstartdate = $_POST['Punishmentstartdate'];
$CSlength = $_POST['CSlength'];
$Add = $_POST['add'];
$records = mysql_connect('localhost', 'root', '') or die(mysql_error());
mysql_select_db('records', $records);
$sql = ("INSERT INTO students (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')");
$result = mysql_query($sql, $records);
if (!$result)
die("SQL Error: ".mysql_error());
echo "Success";
Remove the brackets around the INSERT statement as well as put the table and column names inside the backtick, change it as below
$sql = "INSERT INTO `students` (`Lastname`, `Firstname`, `Middleinitial`, `Course`, `Year`, `Section`, `Studentnumber`, `Violation`, `Punishment`, `Violationdate`, `Punishmentstartdate`, `CSlength`) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')";
Since your code is too much vulnerable to SQL injection, it is better to use mysql prepared statements.Use MySQLi or PDO class to achieve it.
I have a form that sends data to the php below. No errors appear but no information is inserted into the database and I don't understand why. I have triple checked all the table names etc and everything is correct. The code echo's out what I put into the form but it doesn't update to the database!
<?php
//variables for db
$username = "";
$password = "";
$hostname = "localhost";
$dbname = "infinity";
//connection to the database
$con = mysql_connect($hostname, $username, $password);
if($con == FALSE)
{
echo 'Cannot connect to database' . mysql_error();
}
mysql_select_db($dbname, $con);
$name=$_POST["name"];
$logo=$_POST["logo"];
$logo="<img src=\"images/".$logo."\" alt=\"$name Logo\" />";
$blurb=$_POST["blurb"];
$link=$_POST["link"];
echo $name;
echo $logo;
echo $blurb;
echo $link;
//Insert Values into Database
mysql_query("INSERT INTO `infinity`.`sponsors` (`name`, `logo`, `blurb`, `link`) VALUES ('$name', '$logo', '$blurb', '$link');");
?>
Try to get an error message of you query:
mysql_query($your_query) OR die(mysql_error());
try this
mysql_query("INSERT INTO `infinity`.`sponsors` (`name`, `logo`, `blurb`, `link`)
VALUES ('$name', '$logo', '$blurb', '$link')") or die(mysql_error());
else you make check it.
$sql ="INSERT INTO `infinity`.`sponsors` (`name`, `logo`, `blurb`, `link`)
VALUES ('$name', '$logo', '$blurb', '$link')";
$sqlinset= mysql_query($sql) or die(mysql_error());
echo $sql;
echo $sqlinset;
Try this:
mysql_query("INSERT INTO `infinity`.`sponsors` (`name`, `logo`, `blurb`, `link`) VALUES ('$name', '$logo', '$blurb', '$link');", $con);
And be sure to secure those variables you put in your database from SQL ijection and XSS attacks.