I'm currently making a simple script that takes a user input named comments and putting it in a database. Every time I use the same email, I want it to overwrite their last entry. However, it keeps putting a new entry every time. Here is my code:
if($comments){
try{
echo "<img width=\"245\" height=\"130\" src=\"logo.png\"/><br/>";
echo "<h1>Thank you. You should receive your order on xx-xx-xx</h1>";
$TF = "TRUE";
if($numrows == 0){
$postquery = "INSERT INTO TTT25 (email,card,changes,comments) VALUES ('$email','$businesscard','$TF','$comments')";
$querythepost = sqlsrv_query($conn, $postquery);
}
else{
$postquery = "UPDATE TTT25 SET changes = '$TF', comments = '$comments' WHERE email = '$email'";
$querythepost = sqlsrv_query($conn, $postquery);
}
}
catch(Exception $e){}
}
elseif($optout=="false"){
echo "<img width=\"245\" height=\"130\" src=\"logo.png\"/><br/>";
echo "<h1>Thank you. You should receive your order on xx-xx-xx</h1>";
$TF = "FALSE";
$comments = "";
if($numrows == 0){
$postquery = "INSERT INTO TTT25 (email,card,changes,comments) VALUES ('$email','$businesscard','$TF','$comments')";
$querythepost = sqlsrv_query($conn, $postquery);
}
else{
$postquery = "UPDATE TTT25 SET changes = '$TF', comments = '$comments' WHERE email = '$email'";
$querythepost = sqlsrv_query($conn, $postquery);
}
}
Sorry it must have cut off:
my num rows and other variables defined before the conditional statements:
$optout = $_GET['opt'];
$encodedemail = $_GET['email'];
$email = base64_decode($encodedemail);
$originalcard = base64_decode($_GET['card']);
$businesscard = $originalcard;
$comments = $_POST['comments'];
//$primary = md5(uniqid(rand (), true)); no longer needed
$postquery;
$TF;
$sqlmatch = sqlsrv_query("SELECT * FROM TTT25 WHERE email = '".$email."'");
$numrows = sqlsrv_num_rows($sqlmatch);
echo $numrows;
Related
I'm trying to create a sign up form, it was working fine until I tried to add md5 to the password field set, I'm not sure why the Query failed. Any help would be much appreciated.
function sign_up(){
if(isset($_POST['register'])){
$c_email = escape_string($_POST['c_email']);
$c_name_first = escape_string($_POST['c_name_first']);
$c_name_last = escape_string($_POST['c_name_last']);
$c_pass = escape_string($_POST['c_pass']);
$c_image = escape_string($_FILES['c_image']['name']);
$c_image_tmp = escape_string($_FILES['c_image']['tmp_name']);
$c_address = escape_string($_POST['c_address']);
$c_address_details = escape_string($_POST['c_address_details']);
$c_city = escape_string($_POST['c_city']);
$c_state = escape_string($_POST['c_state']);
$c_zip = escape_string($_POST['c_zip']);
$c_contact = escape_string($_POST['c_phone']);
move_uploaded_file($c_image_tmp, "customer/customer_images/$c_image");
$query = query("SELECT customer_id FROM customers WHERE customer_email = '{$c_email}'");
confirm($query);
if(mysqli_num_rows($query) > 0){
set_message("This email or username is taken");
}else {
$insert_c = query("INSERT INTO customers (customer_firstname,customer_lastname,customer_address,c_addr_details,customer_email,customer_pass,customer_state,customer_city,customer_zip,customer_phone,customer_image) VALUES ('$c_name_first','$c_name_last','$c_address','$c_address_details','$c_email','$c_pass','$c_state','$c_city','$c_zip','$c_contact','$c_image')");
confirm($insert_c);
}
$query = "UPDATE user SET 'customer_pass' = '".md5(md5(last_id()).$c_pass)."' WHERE 'customer_id' = '".last_id()."'";
$send_update_query = query($query);
confirm($send_update_query);
set_message_success("Sign up successful!");
}
}
Try
$query = 'UPDATE user SET customer_pass = '.md5(md5(last_id()).$c_pass).' WHERE customer_id = '.last_id();
Check you string when you use " or '
In my project I am trying to generate a QR code with an image in it based on stored blobs (1 Qr code + 1 logo) in my SQL table.
I have thw following code but can't seem to store the new image into my table.
Any help is appreciated.
<?php
//for connection
$sName = "localhost";
$sUser = "Username";
$sPass = "Password";
$sDb = "Database";
$Conn = new mysqli ($sName, $sUser, $sPass, $sDb);
//variables i pass from another app
$Email = mysqli_real_escape_string($Conn, $_POST["PassEmail"]);
$qContent = addslashes(file_get_contents($_FILES["file"]["tmp_name"]));
$qOverlay = addslashes (file_get_contents($_FILES["overlay"]["tmp_name"]));
$Sql = "SELECT * FROM `userprofile_login` INNER JOIN `userprofile_personalprofile` ON userprofile_login.userid = userprofile_personalprofile.userid WHERE userprofile_login.email = '".$Email."' ";
$Result = mysqli_query($Conn, $Sql);
if (mysqli_num_rows ($Result) > 0) {
$Row = mysqli_fetch_assoc ($Result);
$qCheckSql = "SELECT `userid` FROM `userprofile_qr` WHERE userid = '".$Row['userid']."' ";
$qCheckResult = mysqli_query($Conn, $qCheckSql);
$Row2 = mysqli_fetch_assoc($qCheckResult);
if (mysqli_num_rows ($qCheckResult) < 1) {
//if there 0 result from previous query, insert new data
$InsertSql = "INSERT INTO `userprofile_qr` (`userid`, `qrcode`, `overlay`)
VALUES ('".$Row['userid']."', '$qContent', '$qOverlay')";
$InsertResult = mysqli_query($Conn, $InsertSql);
} else {
//is there ia a result from the previous query, update data
$UpdateSql = "UPDATE `userprofile_qr` SET
`qrcode` = '$qContent',
`overlay` = '$qOverlay'
WHERE userid = '".$Row2['userid']."' ";
$UpdateResult = mysqli_query($Conn, $UpdateSql);
}
The first part works, the problem is the bottom part where I want to combine the QR code and the logo:
$qSql = "SELECT `qrcode`, `overlay` FROM `userprofile_qr` WHERE userid = '".$Row2['userid']."' ";
$qSelect = mysqli_query($Conn, $qSql);
include 'phpqrcode/qrlib.php';
$qRow = mysqli_fetch_assoc($qSelect);
$tImage = "<img src='data:image/png;base64,".base64_encode($qRow['qrcode'])."'/>";
$tOverlay = "<img src='data:image/png;base64,".base64_encode($qRow['overlay'])."'/>";
header("Content-type: image/png");
$aQr = imagecreatefromjpeg($tImage);
$QrWidth = imagesx($aQr);
$QrHeight = imagesy($aQr);
$aOverlay = imagecreatefrompng($tOverlay);
$OverlayWidth = imagesx($aOverlay);
$OverlayHeight = imagesy($aOverlay);
$OverlayQrWidth = $QrWidth / 3;
$OverlayQrHeight = $OverlayHeight / ($OverlayWidth / $OverlayQrWidth);
imagecopyresampled($aQr, $aOverlay, $OverlayQrWidth, $OverlayQrHeight, 0, 0, $OverlayQrWidth, $OverlayQrHeight, $OverlayWidth, $OverlayHeight);
imagepng($aQr);
$oImage = "<img src='data:image/png;base64,".base64_encode($aQr)."'/>";
$UpdateCombineSql = "UPDATE `userprofile_qr` SET
`combine` = '$oImage'
WHERE userid = '".$Row2['userid']."' ";
$CombineResult = mysqli_query($Conn, $UpdateCombineSql);
echo "Success";
}
?>
I want edit record in db table but it doesn't save in db table and nothing changed after i submit this form.
Here codes that i forgot to put.
<?php
require('db.php');
include("auth.php"); //include auth.php file on all secure pages
$id_doc=$_REQUEST['id_doc'];
$query = "SELECT * from doc where id_doc='".$id_doc."'";
$result = mysqli_query($connection, $query) or die ( mysqli_error());
$row = mysqli_fetch_assoc($result);
?>
This is my php codes
<?php
if(isset($_POST['new']) && $_POST['new']==1)
{
$id_doc=$_REQUEST['id_doc'];
$query = "SELECT * from doc where id_doc='".$id_doc."'";
$result = mysqli_query($connection, $query) or die ( mysqli_error());
$row = mysqli_fetch_assoc($result);
$title =$_REQUEST['title'];
$date = $_REQUEST['date'];
$from_to = $_REQUEST['from_to'];
$details = $_REQUEST['details'];
$d_location = $_REQUEST['d_location'];
$d_stat = $_REQUEST['d_stat'];
$update="update doc set title='".$title."', date='".$date."', from_to='".$from_to."', details='".$details."', d_location='".$d_location."', d_stat='".$d_stat."' where id_doc='".$id_doc."'";
mysqli_query($connection, $update) or die(mysql_error());
$status = "File Record Updated Successfully. </br></br><a href='v_doc.php'>View Updated Record</a>";
echo '<p style="color:#FF0000;">'.$status.'</p>';
}else {
// here some else code
}
?>
Not an answer. Too long for a comment.
The issue of parametrised queries aside, I find this easier to read:
UPDATE doc
SET title = '$title'
, date = '$date'
, from_to = '$from_to'
, details = '$details'
, d_location = '$d_location'
, d_stat = '$d_stat'
WHERE id_doc = '$id_doc'
And now see about parametrised queries
Try below:
<?php
if(isset($_POST['new']) && $_POST['new']==1)
{
$id_doc=$_REQUEST['id_doc'];
$query = "SELECT * from doc where id_doc='".$id_doc."'";
$result = mysqli_query($connection, $query) or die ( mysqli_error());
$row = mysqli_fetch_assoc($result);
$title =$_REQUEST['title'];
$date = $_REQUEST['date'];
$from_to = $_REQUEST['from_to'];
$details = $_REQUEST['details'];
$d_location = $_REQUEST['d_location'];
$d_stat = $_REQUEST['d_stat'];
$update="update doc set title='".$title."', date='".$date."', from_to='".$from_to."', details='".$details."', d_location='".$d_location."', d_stat='".$d_stat."' where id_doc='".$id_doc."'";
if(mysqli_query($connection, $update)) {
$status = "File Record Updated Successfully. </br></br><a href='v_doc.php'>View Updated Record</a>";
} else {
die(mysqli_error($connection));
}
echo '<p style="color:#FF0000;">'.$status.'</p>';
} else {
// here some else code
}
?>
This should show you exact error, once you get it. show it here, so we can check and do correction.
I'm a fairly new programmer, especially in PHP as i have come from a VB environment.
Below is the function I am having troubles with, as you can see i have had quite a few attempts (in comments). I thought id leave the comments there in case i'm closer with my other attempts.
I have never used PDO before and as you can see this function pretty much allows the user to log in.
The line if($temp == $_POST['password']) is where the problem is. Apparently $temp is undefined, but i cannot see why, i have even declared it at the top of the function to be sure. Anyone have any ideas?
public function load_user_data() {
$temp;
$sql;
try{
// $STH = dbHandler::$DBH->prepare("SELECT * FROM tblCustomer WHERE email = :email");
// $STH->bindValue(':email', $this->email);
// $STH->execute();
// $posts = $STH->fetch(PDO::FETCH_ASSOC); //If only fetch 1 line use just "fetch" instead of "fetchAll"
// echo '<pre>';
// print_r($posts);
// echo '</pre>';
//--------
$STH = dbHandler::$DBH->prepare("SELECT password FROM tblCustomer WHERE email = :email");
$STH->bindValue(':email', $_POST['usermail']);
$STH->setFetchMode(PDO::FETCH_ASSOC);
while($row = $STH->fetch()) {
$temp = $row;
}
//$temp = $STH->fetch(['password']);
// while($row = $STH->fetch()) {
// $temp = $row['password'];
// }
//--------
// $sql = "SELECT password FROM tblCustomer WHERE email = :email";
// $stmt = $PDO->query($sql);
// $row = $stmt->fetchObject();
// $temp = $row->password;
if($temp == $_POST['password']) {
$STH = dbHandler::$DBH->prepare("SELECT * FROM tblCustomer WHERE email = :email");
$STH->bindValue(':email', $this->email);
$STH->setFetchMode(PDO::FETCH_ASSOC);
echo("we have reached here");
while($row = $STH->fetch()) {
$firstname = $row['firstName'];
$lastname = $row['secondName'];
$title = $row['title'];
$companyname = $row['companyName'];
$email = $row['email'];
$phone = $row['phone'];
$email = $row['mobile'];
$startdate = $row['startDate'];
$isauthorised = $row['isAuthorised'];
$accstop = $row['accStop'];
$stopdate = $row['stopdate'];
}
}
}
catch (PDOException $e) {
print $e->getMessage();
}
}
The problem is here:
$STH = dbHandler::$DBH->prepare("SELECT password FROM tblCustomer WHERE email = :email");
$STH->bindValue(':email', $_POST['usermail']);
$STH->setFetchMode(PDO::FETCH_ASSOC);
while($row = $STH->fetch()) {
$temp = $row;
}
First, you need to do:
$STH->execute();
before you try to fetch rows.
Second, if the query doesn't match any rows, your while loop will never go into the body, so $temp will not be set. Since you apparently only expect to get one row from the query, you don't need to use while. Instead, do:
if ($temp = $STH->execute()) {
// all the code that depends on finding a row goes here
...
}
Inside that block, you'll need to do:
if ($temp['password'] == $_POST['password'])
I would appreciate it if anyone willing to tell how to echoing /print.
Below is the process of entering data into the database, before inserting it how can I echoing it to the table?
<?php
session_start();
if(isset($_POST['submit']))
{
include('class/stock_class.php');
$st = new st_exchange_conv(DEFAULT_SOURCE);
$from = mysql_real_escape_string(stripslashes($_POST['from']));
$value = floatval($_POST['amount']);
$date = date('Y-m-d H:i:s');
$_SESSION['selected'] = $from;
$stocks = $st->stocks();
asort($stocks);
foreach($stocks as $key=>$stock)
{
$st->convert($from,$key,$date);
$stc_price = $st->price($value);
$stock = mysql_real_escape_string(stripslashes($stock));
$count = "SELECT * FROM oc_stock WHERE stock = '$key'";
$result = mysql_query($count) or die(mysql_error());
$sql = '';
if(mysql_num_rows($result) == 1)
{
$sql = "UPDATE oc_stock SET stock_title = '$stock', stc_val = '$stc_price', date_updated = '$date' WHERE stock = '$key'";
}
else
{
$sql = "INSERT INTO oc_stock(stock_id,stock_title,stock,decimal_place,stc_val,date_updated) VALUES ('','$stock','$key','2',$stc_price,'$date')";
}
$result = mysql_query($sql) or die(mysql_error().'<br />'.$sql);
}
header("Location: index.php");
exit();
}
?>
Insert this:
echo "<table><tr><th>".implode(array_keys($stocks), '</th><th>')."</th></tr>";
foreach($stocks as $row) echo "<tr><td>".implode('</td><td>', $row)."</tr>";
echo "</table>";
Edit: If printing the data is the goal and the table-view is not important, I recommend print_r($stocks) instead.