This is how I want to find out about the user exists in the database but it will constantly keep themselves it exists when it does not do it.
What I want out of this code is to get the knowledge about the user in the database if it does not make it must clearly say it :)
}
else
{
$email_1 = $_post["email"];
$result = $this->mysqli->query("SELECT * FROM bruger WHERE email='$email_1'");
if(mysqli_num_rows($resut) > 0)
{
//code here!
}
else
{
?>
<div class="article-main-content">
<div class="alert-message" style="background-color:#c22525;"><span class="icon-text">⚠</span><span class="alert-content">Email Findes på hjemmesiden</span></div>
</div>
<?php
}
}
}
and i have try its here:
$email = $_post["email"]
foreach($this->mysqli->query("SELECT * FROM `bruger` WHERE email='$email'") as $row) {
if ($row['email'] !== $email) {
here are all my html code:
<form action="#" enctype="multipart/form-data" method="post">
<table width="100%" cellpadding="5" cellspacing="5">
<tr>
<td><p>Email</p></td>
<td><input type="text" name="email" class="ned_input"></td>
</tr>
<tr>
<td><p>Adgangskode</p></td>
<td><input type="password" name="password_adgangskode_1" class="ned_input"></td>
</tr>
<tr>
<td><p>Adgangskode Gentag</p></td>
<td><input type="password" name="password_adgangskode_2" class="ned_input"></td>
</tr>
<tr>
<td><p>Fornavn</p></td>
<td><input type="text" name="fornavn" class="ned_input"></td>
</tr>
<tr>
<td><p>Efternavn</p></td>
<td><input type="text" name="efternavn" class="ned_input"></td>
</tr>
<tr>
<td><p>Profilbillede</p></td>
<td><input type="file" name="file" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="opret" value="Opret bruger" style="margin-top:10px;"></td>
</tr>
</table>
</form>
EIDT HERE
if ($stmt = $this->mysqli->prepare("SELECT `id` FROM `bruger` WHERE `email`"))
{
$stmt->bind_param('s', $email_indhold);
$email_indhold = $_POST["email"];
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($id);
$stmt->fetch();
$count = $stmt->num_rows;
$stmt->close();
if($count > 0)
{
look the algorithm for this
PHP end
collect POST data first and sanitize the input.
check for the email
SELECT email FROM table WHERE email = '$post_email' LIMIT 1
if result is not empty then go forward
else gives alert of duplicate entry
Database end
to add UNIQUE KEY constraint on your db
ALTER TABLE <table name >
ADD CONSTRAINT uniqueEmail UNIQUE (< `email column` > )
using unique constraint will safe your table,it will give error when someone try to enter duplicate email.So when you execute INSERT query for the table, check what**mysqli_query** returns ( see below )
$qry = "SELECT INTO table (whatever) VALUE (whatever)";
$done = mysqli_query($qry);
check $done, if everything goes fine then it will return TRUE otherwise it will gives mysql_error( may be 1064), so by this way you can also prevent to stop duplicate email address
This code is enough if you are trying to check email id exist or not.
$email_1 = $_post["email"];
$result = mysql_query("SELECT * FROM bruger WHERE email='$email_1' LIMIT 1");
if(mysql_num_rows($resut) > 0)
{
//code here!
//$result contain other column values
}
else
{
//Email id not exist
}
Related
I have the following code to display and modify a simple sqlite table
<?php
$db = new SQLite3("my_sqlite.db");
$query = "SELECT rowid, * FROM students";
$result = $db->query($query);
if( isset($_POST['submit_data']) ){
// Gets the data from post
$name = $_POST['name'];
$email = $_POST['email'];
$query = "UPDATE students set name='$name', email='$email'";
if( $db->exec($query) ){
echo "Data is updated successfully.";
}else{
echo "Sorry, Data is not updated.";
}
}
?>
<table border="1">
<form action="" method="post">
<tr>
<td>Name</td>
<td>Email</td>
</tr>
<?php while($row = $result->fetchArray()) {?>
<tr>
<td><input name="name" type="text" value="<?php echo $row['name'];?>"></td>
<td><input name="email" type="text" value="<?php echo $row['email'];?>"></td>
</tr>
<?php } ?>
<input name="submit_data" type="submit" value="Update Data">
</form>
</table>
PROBLEM: When I change some of the information and update, the whole column changes into the same change. E.g.: if I write a the name Nick, every name changes into Nick.
First, you should only do updates for one record at a time so each record needs its own update button. Attached is the corresponding rơwid of the record. you can use:
<input type="hidden" name="rowid" value="$row['rowid]">
You should add a WHERE clause to the update statement to know exactly which records should be updated.If you omit the WHERE clause, ALL records will be updated!
The code below is supposed to check whether a username has already been taken before the form has been submitted. However once a name is typed in to the input, div elements are repeated and there is no output of data. Can anybody please assist with this problem using AJAX?
php code:
if (isset($_POST['check_username'])) {
$user_login_name = $_POST['check_username'];
$sql = "SELECT user_login_name FROM users;";
$result = mysqli_query($conn, $sql);
$rows = mysqli_fetch_array($result);
if (!empty($user_login_name)) {
foreach ($rows as $row) {
if (strpos($row, $user_login_name) != false) {
echo $row;
echo "<br>";
}
}
} else {
echo "Database empty!";
}
}
html code:
<div class="register">
<div class="band_1">
<div class="box">
<form action="../server/register.php" method="POST">
<div class="input_table">
<table>
<thead>
<tr>
<th><h1>Register to LIMS</h1></th>
</tr>
</thead>
<tbody>
<tr>
<td><input type="text" name="user_first_name" placeholder="Enter First Name"></td>
</tr>
<tr>
<td><input type="text" name="user_last_name" placeholder="Enter Last Name"></td>
</tr>
<tr>
<td><input type="text" name="user_phone" placeholder="Enter Contact Number"></td>
</tr>
<tr>
<td><input type="email" name="user_email" placeholder="Enter Email"></td>
</tr>
<tr>
<td><input type="text" name="user_login_name" placeholder="Select a Username"><p id="test"></p></td>
</tr>
<tr>
<td><input type="password" name="user_password" placeholder="Select a Password"></td>
</tr>
<tr>
<td><input type="password" name="user_password_2" placeholder="Repeat Password"></td>
</tr>
</tbody>
</table>
</div>
<button type="submit" name="user_register" class="button_1">Register</button>
<button type="button" class="button_3">Cancel</button>
</form>
</div>
</div>
</div>
and AJAX:
$(document).ready(function() {
$("input[name=user_login_name]").keyup(function(){
var user_login_name = $("input[name=user_login_name]").val();
$.post("../server/register.php", {
check_username: user_login_name
}, function(data, status) {
$("#test").html(data);
});
});
});
Seems, just improve php:
1) you need to check on emptiness user's input, 2) and select only matched, 3) and call die finally :
if (!empty($_POST['check_username'])) {
$user_login_name = $_POST['check_username'];
$sql = "SELECT user_login_name FROM users where user_login_name like '%$user_login_name%';";
$result = mysqli_query($conn, $sql);
$rows = mysqli_fetch_array($result);
if ($rows) {
foreach ($rows as $row) {
echo "$row<br>";
}
} else {
echo "Database empty!";
}
die;
}
UPDATE. Also this would better to call: $rows = mysqli_fetch_array($result, MYSQLI_ASSOC); - to prevent retrieving extra data twice.
There's your php code with a better way to check if an user exists in DB.
Just check in the query if user exists and number, you don't need to check it with php.
if(isset($_POST['check_username'])){
$user_login_name=$_POST['check_username'];
$sql="SELECT user_login_name FROM users WHERE user_login_name='$user_login_name'";
$result=mysqli_query($conn, $sql);
$numRows=mysqli_num_rows($result);
$rows=mysqli_fetch_array($result,MYSQLI_NUM);
var_dump($rows);
if($numRows>0){ // If exists rows
foreach($rows as $field)
echo $field." => ";
echo "<br>";
}
else
echo "Database empty!";
}
Also to connect your data you can try:
$.ajax({
});
Passing variables from php and you can decide if you show data or not from javascript side.
I hope it helps C:
i am creating a code for email confirmation link. user inserted email id , n stores in db. Next time when user insert id into form, first of all it will check whether email id is already present in db or not. If y then said 'already exists' & if n then insert it into db. Initially i am inserting data into db. then i want to compare user input email is with db email id. so i dont know how i retrieve data on pg then compare it. here is my code
<html>
<body>
<form name="form" method="post">
<table>
<tr>
<td>First Name</td>
<td><input type="text" name="fname" required pattern="[a-zA-Z]+" /></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" name="lname" required pattern="[a-zA-Z]+" /></td>
</tr>
<tr>
<td>Email Id</td>
<td><input type="email" name="mail" required /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="submit" /></td>
</tr>
</table>
</form>
<?php
include 'connection.php';
if(isset($_POST["submit"]))
{
$fname="'".trim(addslashes($_POST["fname"]))."'";
$lname="'".trim(addslashes($_POST["lname"]))."'";
$email="'".trim(addslashes($_POST["mail"]))."'";
$key="'".MD5(microtime())."'";
$to=$email;
$subject="Confirm your email id";
$message="Hello $fname
Click on below link to confirm your id.
www.vs.com/abcdefghojklmnopqrstuvwxyz.php?code=$key
";
$header="From :sneha#valencynetworks.com";
// echo $fname."<br />".$email."<br />".$to."<br />".$subject."<br />".$message."<br />".$header;
if(mail($to,$subject,$message,$header))
{
$sql="insert into confirm_emailid values($email,$fname,$lname,$key,'1')";
if(mysqli_query($con,$sql))
{
die("Check your id for confirmation".mysqli_error($con));
}
}
/*$sql1=mysqli_query($con,"select * from random_key where eid=$email");
while($row=mysqli_fetch_assoc($sql1))
{
echo $row['eid'];
}*/
$result="SELECT count(eid) as number_of_occurences FROM confirm_emailid WHERE eid = $_POST['mail']";
if ($row['number_of_occurences'] == 0) {
echo "this adresse isn't in the database, so add it !";
}
else {
echo "already in the database :(";
}
mysqli_close($con);
}
?>
</body>
</html>
The best way is to use Ajax for compare this email field with database emails.
Steps :
List item
On focusout from email field call ajax request
This ajax request fields contain user entered email
on php page its checks whether email exists o not if exists it gives false flag and if not it gives true flag.
4.From this method you can check email without page loading.
When your form is submited, you have an array $_POST.
So, you just have to select from your database the sames values : exemple :
SELECT count(id) as number_of_occurences FROM member WHERE mail_adresse = $_POST['e-mail'] ;
You fetch the data like you did other times, and just compare $row['number_of_occurences'] to 0.
if ($row['number_of_occurences'] == 0) {
this adresse isn't in the database, so add it !
}
else {
already in the database :(
}
index.php
<html>
<body>
<form name="form" method="post" action="process.php">
<table>
<tr>
<td>First Name</td>
<td><input type="text" name="fname" required pattern="[a-zA-Z]+" /></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" name="lname" required pattern="[a-zA-Z]+" /></td>
</tr>
<tr>
<td>Email Id</td>
<td><input type="email" name="mail" required /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="submit" /></td>
</tr>
</table>
</form>
</body>
process.php
<?php
$host = "localhost";
$user = "root";
$password = "yourpass";
$database = "your database name";
// Establish server connection and select database
$dbh = mysqli_connect($host, $user, $password, $database);
if (mysqli_connect_errno()) {
die('Unable to connect to database ' . mysqli_connect_error());
} else {
// run query to fetch records
// $result = mysqli_query($dbh, "SELECT email_address FROM users ");
/* fetch associative array */
$email = $_POST['mail'];
$query = "SELECT `eid` FROM `confirm_emailid` WHERE `eid` = '$email'";
$result = mysqli_query($dbh, $query); //$link is the connection
if (mysqli_num_rows($result) > 0) {
die('email already exists');
} else {
$query = mysqli_query($dbh, "insert into users(email_address) values('$email')");
echo 'data inserted succesfully';
}
}
I have a super easy question. I have a form that echoes out a mySQL record that the user can update. I make my changes, and it tells me that the update is successful, but when I look at the table, the changes do not go through. What is the problem here?
This is the first script.
<?php
require_once("models/config.php");
?>
<table border=1>
<tr>
<td align=center>Edit Form</td>
</tr>
<tr>
<td>
<table>
<?
$personid=$_SERVER['QUERY_STRING'];
$order = "SELECT * FROM persons where personid='$personid'";
$result = mysqli_query($mysqli,$order);
$row = mysqli_fetch_array($result);
?>
<form method="post" action="edit_data.php">
<input type="hidden" name="id" value="<? echo "$row[personid]"?>">
<tr>Person ID:<? echo "$row[personid]"?></tr>
<tr>
<td>First Name</td>
<td>
<input type="text" name="firstname"
size="20" value="<? echo "$row[firstname]"?>">
</td>
</tr>
<tr>
<td>Surname</td>
<td>
<input type="text" name="surname" size="40"
value="<? echo "$row[surname]"?>">
</td>
</tr>
<tr>
<td align="right">
<input type="submit"
name="submit value" value="Edit">
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
Which then goes through to this:
<?
require_once("models/config.php");
$personid = $_POST['personid'];
$firstname = mysqli_real_escape_string($mysqli, htmlspecialchars($_POST['firstname']));
$surname = mysqli_real_escape_string($mysqli, htmlspecialchars($_POST['surname']));
$order = "UPDATE persons SET firstname='$firstname', surname='$surname' WHERE personid='$personid'";
$result = mysqli_query($mysqli,$order);
if (!$result) {
echo "Error entering data! <BR>";
echo mysql_error();
} else {
echo "User updated to $firstname $surname <BR>";
}
?>
Is there something I am missing here?
Thanks in advance.
You are sending a hidden input named id and trying to use a $_POST['personid']
correct that
You may also pay attention to the comments you had (SQL Injection's one at least)
Your form sends the id in the field id, while you refer to it as personid.
The reason why this appears to be working, is that the update in itself is correct. $personid is treated as an empty string, so the update correctly updates all records that have an empty personid, which is no record at all.
OK, so here is a revised script with prepared statements. The script is working in the sense that updates are being made to the records. Two questions:
1) is this safe from My-SQL injections?
2) This is updating records successfully, but now it is echoing out "Error entering data!", how come?
<?
require_once("models/config.php");
$personid = $_POST['personid'];
$firstname = mysqli_real_escape_string($mysqli, htmlspecialchars($_POST['firstname']));
$surname = mysqli_real_escape_string($mysqli, htmlspecialchars($_POST['surname']));
$order = "UPDATE persons SET firstname=?, surname=? WHERE personid=?";
$stmt = mysqli_prepare($mysqli, $order);
mysqli_stmt_bind_param($stmt, "ssi", $_POST['firstname'], $_POST['surname'], $_POST['personid']);
mysqli_stmt_execute($stmt);
$result = mysqli_query($mysqli,$stmt);
if (!$result) {
echo "Error entering data! <BR>";
echo mysqli_error($mysqli);
} else {
echo "User updated to $firstname $surname <BR>";
}
?>
I'm sure the second question is a rather boneheaded one - do I just reverse the conditions?
I have a form whereby users are required to anwser their own security question before proceeding further. my form is as follows:
<form action="securitychecked.php" method="post">
<table width="70%" border="0">
<tr>
<td><?php $result = mysql_query("SELECT secret_question FROM public WHERE active = 'activated' AND ni = '". $_SESSION['ni']."'")
or die(mysql_error());
if (mysql_num_rows($result) == 0) {
echo '<hr><h4>This Person Has Not Setup A Security Question</h4><hr> ';
} else {
while($info = mysql_fetch_array($result))
{
echo $info['secret_question'];
}
}?></td>
<td><span id="sprytextfield1">
<input type="text" name="secret_answer" id="secret_answer" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td> </td>
<td><br /><input name="" type="submit" value="Continue" /></td>
</tr>
</table>
</form>
my php code looks like this:
<?php
$secret_anwser=$_POST['secret_anwser'];
$secret_anwser = stripslashes($secret_anwser);
$secret_anwser = mysql_real_escape_string($secret_anwser);
$sql="SELECT secret_anwser FROM public WHERE secret_anwser ='$secret_anwser' AND active = 'activated' AND ni = '". $_SESSION['ni']."'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
if($count==1){
header("location:votenow.php");
}
?>
I have a table called public and a field called 'secret_anwser' but i keep on getting a blank page even with the right value being entered. can anyone help me?
thanks
I guess all the secret_anwser in your PHP are typo's.
At least the fields name is secret_answer but you try to get $_POST['secret_anwser']; , you'll never find anything inside the DB.
The names of the DB and the table also may be wrong.