Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
trying to input code into the sqldatabase...what am i missing in here?
Parse error: syntax error, unexpected T_OBJECT_OPERATOR
<?php
$name = "";
$email = "";
$msg_to_user = "";
if ($_POST['name'] != "") {
require_once("storescripts/connect_to_mysqli.php");
// Be sure to filter this data to deter SQL injection, filter before querying database
$name = $_POST['name'];
$email = $_POST['email'];
$sqlCommand = "SELECT * FROM newsletter WHERE email='$email'";
$sql = mysqli_query($myConnection,$sqlCommand);
$numRows = mysqli_num_rows($sql);
if (!$email) {
$msg_to_user = '<br /><br /><h4><font color="FF0000">Please type an email address ' . $name . '.</font></h4>';
} else if ($numRows > 0) {
$msg_to_user = '<br /><br /><h4><font color="FF0000">' . $email . ' is already in the system.</font></h4>';
} else {
$sqlCommand="INSERT INTO newsletter (name, email, dateTime) VALUES(?,?,NOW() )";
$stmt= $myConnection->prepare($sqlCommand);
$stmt=->bind_param('ss',$name,$email);
$stmt->execute();
$msg_to_user = '<br /><br /><h4><font color="0066FF">Thanks ' . $name . ', you have been added successfully.</font></h4>';
$name = "";
$email = "";
}
}
?>
You have this code:
$stmt=->bind_param('ss',$name,$email);
It should be this:
$stmt->bind_param('ss',$name,$email);
Further (unrelated) advice:
Fix your SQL injection vulnerabilities by using parameterized queries. See How can I prevent SQL injection in PHP?
Correctly and consistently indent your code to prevent unreadability.
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 4 years ago.
Improve this question
I am trying to save multidimensional array in database using json_encode. if i echo json string its showing right output but in database string is changed after insert.
here is my code:
$email=$_POST['email'];
$watchlist=$_POST['watchlist'];
$watchshow=$_POST['watchshow'];
$yearshow=$_POST['yearshow'];
$quer = "SELECT email FROM users WHERE email = '$email'";
$q = mysqli_query($conn, $quer);
$count=0;
while($row = mysqli_fetch_array($q)){
$email = $row['email'];
$count++;
}
if($count==1) //if user already exist change greeting text to "Welcome Back"
{
$quer = "SELECT watchlist FROM users WHERE email = '$email'";
$q = mysqli_query($conn, $quer);
while($row = mysqli_fetch_array($q)){
$watch = $row['watchlist'];
}
$data = json_decode($watch, TRUE);
array_push($data,$watchlist);
$add=array();
array_push($add,$watchshow);
array_push($add,$yearshow);
$data[] = $add;
$t = json_encode($data , JSON_FORCE_OBJECT);
$sql = "update users set watchlist='$t' WHERE email='$email'";
if ($conn->query($sql) === TRUE) {
echo'updated';
} else {
echo'error';
}
}
else {
$new=array();
array_push($new,$watchlist);
$add=array();
array_push($add,$watchshow);
array_push($add,$yearshow);
$new[] = $add;
$name = json_encode($new);
$sql1 = "INSERT INTO users (email,watchlist)
VALUES ('$email','$name')";
if ($conn->query($sql1) === TRUE) {
echo 'success';
} else {
echo "Error: " . $sql1 . "<br>" . $conn->error;
}
}
if i echo $name output is
{"0":{"0":"Stranger Things","1":2017}}
but after insert it's showing this in database
{"0":"Stranger Things","1":{"0":"Stranger Things","1":"2017"}}
what i am doing wrong here?
You placed echo to unnecessary variable somewhere in your code thats why it prints name 2 times.. check it properly and remove it.
{"0":"Stranger Things","1":{"0":"Stranger Things","1":"2017"}}
This is happening most probably due to $new[] = $add; when you are using Loop and passing some value inside $new[i].
In first Loop its proper {"0":"Stranger Things","1":2017}
Now in second loop when i will be 1.
So, in position of 1 , {"0":"Stranger Things","1":2017} this is getting inserted again and making final array as {"0":"Stranger Things","1":{"0":"Stranger Things","1":"2017"}}
Show the complete code as it is, to identify the error.
As per the code you have provided, output must be correct.
$email= "abc#gmail.com";
$watchshow="Stranger Things";
$yearshow= 2017;
$new=array();
$add=array();
array_push($add,$watchshow);
array_push($add,$yearshow);
$new[] = $add;
$add=array();
array_push($add,$watchshow);
array_push($add,$yearshow);
$new[] = $add;
echo $name = json_encode($new, true);
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
if(count($_POST)>0) { /* Form Required Field Validation / foreach($_POST as $key=>$value) {
if(empty($_POST[$key])) {
$message = ucwords($key) . " field is required"; break; } } / Password Matching Validation */
if($_POST['password'] != $_POST['confirm_password']){ $message = 'Passwords should be same '; }
/* Email Validation */ if(!isset($message)) { if (!filter_var($_POST["userEmail"], FILTER_VALIDATE_EMAIL)) { $message = "Invalid UserEmail"; }
}
/* Validation to check if gender is selected */ if(!isset($message)) { if(!isset($_POST["gender"])) { $message = " Gender field is required"; } }
if(!isset($message)) { require_once("dbcontroller.php"); $db_handle = new DBController();
$query = "INSERT INTO users (username, name, last_name, gender, BirthMonth, BirthDay, BirthYear, Country, email, password, phone) VALUES ('" . $_POST["userName"] . "', '" . $_POST["name"] . "', '" . $_POST["lastName"] . "', '" .$_POST["gender"] . "', '" . $_POST["BirthMonth"] . "', '" . $_POST["BirthDay"] . "' , '" . $_POST["BirthYear"] ."','". $_POST["Country"] ."', '" . $_POST["userEmail"]. "','" . $_POST["password"]. "','".$_POST["Phone"]. "')"; $result = $db_handle->insertQuery($query);
Edit: Format the code to visib;e errors better. Thanks in advance to anyone who answers.
you want to check that your email is exit in database then use this code. add this code after this line .
/* Email Validation */ if(!isset($message)) { if(!filter_var($_POST["userEmail"], FILTER_VALIDATE_EMAIL))
{ $message = "Invalid UserEmail"; }
}
your db connection need to connect for this so first connect this
require_once("dbcontroller.php"); $db_handle = new DBController();
hope your connection is ok so this code will check
<?php
$sql = "SELECT anyfiled FROM yourtable WHERE email = " .$_POST['userEmail'];
$select = mysqli_query($con, $sql);
$row = mysqli_fetch_assoc($select);
if (mysqli_num_rows($select) > 0) {
$message = "exist";
}
?>
Email Validation:
Apart from checking for common symbols like '#' and alpha-numeric, you must also check for white spaces/tabs in start and most importantly convert the incoming input using htmlspecialchars() as:
function reduceInput($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
Call the reduceInput() function on $_POST['userEmail'] and then use your filter_var() funciton to validate it.
I understand you mean not to pass exploiting strings to database? You don't have to validate these values for that. There is a php function which will pass the strings safely to your database. That's it:
mysqli_real_escape_string($mysqli_object, $_POST['userName']);
But if you'd like to validate your email and username, do this:
if (ctype_alnum($nick)==false) exit(0);// this makes your nick can only contain letters and numbers
$emailB = filter_var($email, FILTER_SANITIZE_EMAIL);//this sanitizes your email
if ((filter_var($emailB, FILTER_VALIDATE_EMAIL)==false) || ($emailB!=$email)) exit(0);//this validates your email
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 6 years ago.
Improve this question
I am trying for user login and registration forms in Android. From past 5 days, I am trying it. I am not able to get it. Can anyone help me please? This is my code user_control.php. I am including the connection.php in user_control.php.
<? php
class user {
private $db;
private $connection;
/* The below one is the consttructor*/
function __construct() {
header('Content-Type: application/json'); /* used for including json format*/
require_once 'connection.php';
$this->db = new DB_Connection();
$this->connection = $this->db->get_connection();
}
public function does_user_exist($email,$password) {
$query = "Select * from userss where email ='$email' and password = '$password'";
$result = mysqli_query($this->connection,$query);
if(mysqli_num_rows($result) > 0){
$json['success'] = 'welcome'.$email;
echo json_encode($json);
mysqli_close($this->connection);
} else {
$query = " Insert into userss(email,password) values ('$email','$password')";
$is_inserted = mysqli_query($this->connection, $query);
if($is_inserted == 1) {
$json['success'] = 'Account created, welcome '.$email;
} else {
$json['error'] = 'Wrong password';
}
echo json_encode($json);
mysqli_close($this->connection);
}
}
}
$user = new user();
if(isset($_POST['email'],$_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
if(!empty($email) && !empty($password)) {
$encrypted_password = md5($password);
$user -> does_user_exist($email,$encrypted_password);
} else {
echo json_encode("You must fill both fields");
}
}
While I am running with postman software by Chrome I am getting the error as I am getting syntax error:
unexpected 'header' (T_STRING) in http://localhost:80/opt/lampp/htdocs/user_control.php
Remove the space in your line 1. Should looks like:
<?php
Try to comment:
//header('Content-Type: application/json'); /* used for including json format*/
Source: https://stackoverflow.com/a/20620606/2381906
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
<form action = "index.php" method = "post">
username : <input type = "text" name = "uname" /><br>
password : <input type = "text" name = "pass" /><br>
submit : <input type = "submit" name = "submit" value = "submit" />
</form>
<?php
if(isset($_SESSION['id'])){echo $_SESSION['id'];}
if(isset($_POST['submit'])){
if ($_POST['submit'] == 'submit'){
$uname = $_POST['uname'];
$pass = $_POST['pass'];
$db = "davidedwardcakes";
$connect = mysql_connect('localhost', 'root', 'wtfiwwu');
$db_connect = mysql_selectdb($db, $connect);
if(!$db_connect){echo 'no';}
$query = "SELECT * FROM `users` WHERE uname ='$uname' AND pass = '$pass'";
$result = mysql_query($query, $connect);
if(mysql_num_rows($result) > 0){//echo 'index failed'; var_dump($result);}
while($row = mysql_fetch_array($result)){echo $row['uname']
. "<br>";
session_start();
echo 'peruse';
$_SESSION['id'] = $row['id'];}}
else{echo 'lol'; var_dump($query);}}
Whenever I want to login, i get the error:
string 'SELECT * FROM users WHERE uname ='brown' AND pass = 'kenji'' (length=61)
meaning that theres a problem with my $query. If I remove the $pass query from $query it works fine but doesn't when it is included. Can anybody help please.
Let me convert your code to MySQLi at least. MySQL is already deprecated.
<?php
/* ESTABLISH CONNECTION */
$connect=mysqli_connect("YourHost","YourUsername","YourPassword","YourDatabase"); /* REPLACE NECESSARY DATA */
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
/* REPLACE THE NECESSARY POST DATA BELOW AND PRACTICE ESCAPING STRINGS BEFORE USING IT INTO A QUERY TO AVOID SOME SQL INJECTIONS */
$uname=mysqli_real_escape_string($connect,$_POST['username']);
$pass=mysqli_real_escape_string($connect,$_POST['password']);
$query = "SELECT * FROM `users` WHERE uname ='$uname' AND pass ='$pass'";
$result = mysqli_query($connect,$query); /* EXECUTE QUERY */
if(mysqli_num_rows($result)==0){
echo 'login failed';
var_dump($result);
}
else {
while($row = mysqli_fetch_array($result)){
echo $row['uname'];
} /* END OF WHILE LOOP */
echo 'Successfully Logged-in.';
var_dump($query);
} /* END OF ELSE */
?>
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
I'm trying to extract this data into a while loop and its literally returning nothing at all, any ideas whats wrong?
Code:
<?php
if(isset($_GET['id'])){
require('include/db.php');
require('include/init.php');
if(isset($_GET['id']) && is_numeric($_GET['id'])){
$userid = $odb->real_escape_string($_GET['id']);
$result3 = $odb->prepare("SELECT * FROM users where ID = :id");
$result3->bindValue(":id", $userid);
$result3->execute();
while($row3 = $result3->fetch_array(MYSQLI_ASSOC)){
$username=$row['username'];
$email=$row['email'];
$rank=$row['rank'];
$membership=$row['membership'];
$expire=$row['expire'];
$status=$row['status'];
echo "
Username: ".$username."<br />
Email: ".$email."<br />
Rank: ".$rank."<br />
Membership: ".$membership."<br />
Expire: ".$expire."<br />
Status: ".$status."<br />
";
}
} else {
echo "You did not enter an ID!";
}
?>
If you need any information let me know!
Since you are using PDO, some functions have to be updated. Instead of mysql_escape_string(), you can just prepare and bind the value and PDO will escape everything. Also fetch_array() should be fetch() and MYSQLI_ASSOC should be PDO::FETCH_ASSOC.
<?php
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
if($id) {
require('include/db.php');
require('include/init.php');
// Prepare && Binding will take care of escaping the string
$result = $odb->prepare("SELECT * FROM users where ID = :id");
$result->bindValue(":id", $id);
$result->execute();
while($row = $result->fetch(PDO::FETCH_ASSOC)) {
$username = $row['username'];
$email = $row['email'];
$rank = $row['rank'];
$membership = $row['membership'];
$expire = $row['expire'];
$status = $row['status'];
echo "
Username: ".$username."<br />
Email: ".$email."<br />
Rank: ".$rank."<br />
Membership: ".$membership."<br />
Expire: ".$expire."<br />
Status: ".$status."<br />
";
}
} else {
echo "You did not enter an ID!";
}
?>