Could someone please help with the code below. I am trying to create a registration query, however when it is submitted, I get an error for the following line:
$insert_query = "insert into members (First_name, last_name, Address_1, Address_2, Postcode, Email, Membership_Number, Password) values('$fname','$lname','$address1','$address2','$postcode','$email','$member','$password')";
This is only affecting the first_name, as the other field names are successfully submitted.
Your help would be much appreciated!!
<?php
$con = mysql_connect("localhost","root","") or die(mysql_error());
$select_db = mysql_select_db("thistlehc",$con);
if(isset($_POST['register']))
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$address1 = mysql_real_escape_string($_POST['address1']);
$address2 = mysql_real_escape_string($_POST['address2']);
$postcode = mysql_real_escape_string($_POST['postcode']);
$email = mysql_real_escape_string($_POST['email']);
$member = mysql_real_escape_string($_POST['member']);
$password = mysql_real_escape_string($_POST['password']);
$query = "select membership_number from members where membership_number='$member'";
$link = mysql_query($query)or die(mysql_error());
$num = mysql_num_rows($link);
if ($num>0){
echo 'Membership Number already exists'; //Membership number already taken
}
else {
$insert_query = "insert into members (First_name, last_name, Address_1, Address_2, Postcode, Email, Membership_Number, Password) values('$fname','$lname','$address1','$address2','$postcode','$email','$member','$password')";
$result = mysql_query($insert_query)or die(mysql_error());
echo "Registered Successfully!";
}
?>
Look's to me like you forgot to encapsulate the contents of your if statement.
if(isset($_POST['register']))
Because it doesn't have curly brackets around the code to be executed, only the first line immediately after is executed. In your case, the if statement seemingly returned false, and the line defining $fname was not executed, hence an undefined variable.
You want to use something similar to this -
if(isset($_POST['register'])){
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$address1 = mysql_real_escape_string($_POST['address1']);
...
}
Related
Im using the following code and testing it using WAMP on my localhost.
It works fine and inserts the data however for some reason it creates duplicate row.
Is there are reason why it makes it appear twice?
<?php
require "conn.php";
$name =$_POST["name"];
$surname = $_POST["surname"];
$age = $_POST["age"];
$username = $_POST["username"];
$userpass = $_POST["password"];
$mysql_qry = "insert into employee_data(name, surname, age, username, password) values ('$name', '$surname', '$age', '$username', '$userpass')";
$result = mysqli_query($conn, $mysql_qry);
if ($conn->query($mysql_qry) === TRUE){
echo "insert success";
}
else{
echo "Error:" .$mysql_qry . "<br> " . $conn->error;
}
$conn->close();
?>
Thank you
YES, you run the query TWICE, see comments in the code
<?php
require "conn.php";
$name =$_POST["name"];
$surname = $_POST["surname"];
$age = $_POST["age"];
$username = $_POST["username"];
$userpass = $_POST["password"];
$mysql_qry = "insert into employee_data
(name, surname, age, username, password)
values ('$name', '$surname', '$age', '$username', '$userpass')";
//ONCE HERE
$result = mysqli_query($conn, $mysql_qry);
//AND AGAIN HERE
if ($conn->query($mysql_qry) === TRUE){
echo "insert success";
}
else{
echo "Error:" .$mysql_qry . "<br> " . $conn->error;
}
$conn->close();
?>
ALSO Your script is wide open to SQL Injection Attack
Even if you are escaping inputs, its not safe!
Use prepared parameterized statements in either the MYSQLI_ or PDO API's
Coded using prepared and bound queries
<?php
require "conn.php";
$sql = "insert into employee_data
(name, surname, age, username, password)
values (?,?,?,?,?)";
$stmt = $conn-prepare($sql);
$stmt->bind_param('sssss', $_POST["name"],
$_POST["surname"];
$_POST["username"];
$_POST["password"];
if ( $stmt->execute() ){
echo "insert success";
}else{
echo "Error:" .$mysql_qry . "<br> " . $conn->error;
}
$conn->close();
?>
Now I have to mention how bad it is to use Plain Text Password.
PHP provides password_hash()
and password_verify() please use them.
And here are some good ideas about passwords
I have a registration page, which is tied to this process.php code below. When I run this code, it returns "Error". Did I make a mistake somewhere?
<?php
require_once ('newmeowconnection.php');
if (isset($_POST['form_input']) && $_POST['form_input'] == 'registration') {
registerUser();
}
function registerUser() {
$query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at)
VALUES('{$_POST['first_name']}','{$_POST['last_name']}','{$_POST['email']}', '{$_POST['password']}', NOW(), NOW())";
$run = mysqli_query($query);
if ($run) {
$_SESSION['loggedin'] = TRUE;
$_SESSION['user'] = $_POST['email'];
header('Location: http://localhost/homepage.php');
} else {
echo 'Error';
}
}
?>
mysqli_query need run on connection object or pass connection to it:
$run = mysqli->query($connection, $query);
or
$run = $connection->query($query);
The problem is you are using single quotes-inside single-quotes. For instance '{$_POST['first_name']}' is read as {$_POST[ being one thing first_name as a SQL variable and ]} another string.
Try the following
...
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at) VALUES('{$first_name}','{$last_name}','{$email}', '{$password}', NOW(), NOW())";
...
i'm new to this PHP please help me here i'm unable to insert values into table.
But if i gave values directly to insert command in place of variables it works.
<?php
include ("db.php");
$msg = "";
if(isset($_POST["submit"]))
{
$name = $_POST["name"];
$email = $_POST["email"];
$password = $_POST["password"];
$name = mysqli_real_escape_string($db, $name);
$email = mysqli_real_escape_string($db, $email);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql="SELECT email FROM users2 WHERE email='$email'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
if(mysqli_num_rows($result) == 1)
{
$msg = "Sorry...This email already exist...";
}
else
{
$query = mysqli_query($db, "INSERT INTO users2 (name, email, password)VALUES ('$name', '$email', '$password')");
if($query)
{
$msg = "Thank You! you are now registered.";
}
}
}
?>
$sql = "INSERT INTO users2 (name, email, password) VALUES (?,?,?)";
if (!$stmt = $db->prepare($sql)) {
die($db->error);
}
$stmt->bind_param("sss", $name, $email, $password);
if (!$stmt->execute()) {
die($stmt->error);
}
I don't know what is the problem in my above question but
i used the above query instead of the one i used the in question and Boom it is a success.
if any one of you know whats the problem in the question please let me know.
You have to concat the variable in string of insert not just put as variable
$query = mysqli_query($db,"INSERT INTO users2 (name, email, password)VALUES ('".$name."', '".$email."', '".$password."')")
or
$query = mysqli_query($db,"INSERT INTO users2 (name, email, password)VALUES ('{$name}', '{$email}', '{$password}')")
You should use prepare statement for this mysql_real_escape_string-versus-Prepared-Statements
Never use md5() is-md5-considered-insecure
Prefer password_hash() or password_verify() Manuel
``
I have made a register form with php and mysql. It works only if it is introduced diffrent name of user each time. How can i rezolve that? because sometimes i want to insert the same name in the database.
My code:
require('connect.php');
if (isset($_POST['adresa'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$adresa = $_POST['adresa'];
$judet = $_POST['judet'];
$telefon = $_POST['telefon'];
$localitate = $_POST['localitate'];
$bon = $_POST['bon'];
$date = $_POST['date'];
$premiu = $_POST['premiu'];
$query = "INSERT INTO user (username, adresa, email,judet,telefon,localitate,bon,date,premiu,acord) VALUES ('$username', '$adresa', '$email','$judet','$telefon','$localitate','$bon','$date','$premiu','$acord')";
$result = mysql_query($query);
}
Use for check user name existence
<?php
require('connect.php');
if (isset($_POST['adresa'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$adresa = $_POST['adresa'];
$judet = $_POST['judet'];
$telefon = $_POST['telefon'];
$localitate = $_POST['localitate'];
$bon = $_POST['bon'];
$date = $_POST['date'];
$premiu = $_POST['premiu'];
$chk_query = mysql_query("Select (username) from user where username=$username");
$num = mysql_num_rows($chk_query);
if($num < 1)
{
$query = "INSERT INTO user (username, adresa, email,judet,telefon,localitate,bon,date,premiu,acord) VALUES ('$username', '$adresa', '$email','$judet','$telefon','$localitate','$bon','$date','$premiu','$acord')";
$result = mysql_query($query);
}
else { echo "User name exist"; }
}
?>
If you can't insert multiple users with the same name to the database then the username field must have been flagged as UNIQUE at table declaration.
To remove this restriction use DROP INDEX
Note that, if the username field is a primary key you will need to drop the primary key and introduce another, a BIGINT for example (Best option).
IMPORTANT : mysql_ functions are deprecated and you should stop using them. Use mysqli_ or PDO instead
My code should be checking the database to see if the custID exists, and if it does, to update the information. It it doesn't, it needs to add the customer information to the database.
Currently, when I use the code I have, each time an order is made on the website, a new custID is added to the database.
These errors are occurring:
When a new customer orders, a new row is inserted. None of the information
from the fields is put into the database, just an empty row.
When a returning customer orders, their information is drawn from the
database on a previous page, but on this page it inserts a new row and the new fields
are left blank.
If this isn't enough information or isn't clear, I will gladly offer more code and explanation.
//The information is passed through a session object from a previous page.
if (ISSET($_SESSION['fname'])) {
session_start();
$email = $_SESSION['email'];
$fname = $_SESSION['fname'];
$lname = $_SESSION['lname'];
$street = $_SESSION['street'];
$city = $_SESSION['city'];
$state = $_SESSION['state'];
$zip = $_SESSION['zip'];
$safeID = $_SESSION['safeID'];
$custID = $safeID / 507921;
}
include_once("Connection.php");
include_once("header.html");
//check if customer is already in database
$sql = "SELECT *
FROM bookcustomers
where custID = '$custID'";
$result = mysqli_query($link, $sql)
or die('SQL syntax error: ' . mysqli_error($link));
if (mysqli_num_rows($result) > 0 ) {
$sql = "UPDATE bookcustomers
set fname = '$fname',
lname = '$lname',
email = '$email',
street = '$street',
city = '$city',
state = '$state',
zip = '$zip'
WHERE custID = '$custID'";
$result = mysqli_query($link, $sql)
or die('SQL syntax error: ' . mysqli_error($link));
}
else {
$sql = "INSERT into bookcustomers (fname,
lname,
email,
street,
city,
state,
zip)
VALUES ('$fname',
'$lname',
'$email',
'$street',
'$city',
'$state',
'$zip')";
$result = mysqli_query($link, $sql)
or die('SQL syntax error: ' . mysqli_error($link));
$custID = mysqli_insert_id($link);
}
session_start should be called before your if clause.
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
If you change the top if on your php file
session_start();
if (ISSET($_SESSION['fname'])) {
$email = $_SESSION['email'];
$fname = $_SESSION['fname'];
$lname = $_SESSION['lname'];
$street = $_SESSION['street'];
$city = $_SESSION['city'];
$state = $_SESSION['state'];
$zip = $_SESSION['zip'];
$safeID = $_SESSION['safeID'];
$custID = $safeID / 507921;
}
include_once("Connection.php");
include_once("header.html");
This will resume your session, as long as you created the session correctly and set the fname session variable on the previous page.
If you've set the values correctly and change the if clause to the one above, it should work.
Can you try this, moved session_start(); top of if (ISSET($_SESSION['fname'])) { .
<?php
session_start();
if (ISSET($_SESSION['fname'])) {
$email = $_SESSION['email'];
$fname = $_SESSION['fname'];
$lname = $_SESSION['lname'];
$street = $_SESSION['street'];
$city = $_SESSION['city'];
$state = $_SESSION['state'];
$zip = $_SESSION['zip'];
$safeID = $_SESSION['safeID'];
$custID = $safeID / 507921;
}
include_once("Connection.php");
include_once("header.html");
//check if customer is already in database
$sql = "SELECT *
FROM bookcustomers
where custID = '$custID'";
$result = mysqli_query($link, $sql)
or die('SQL syntax error: ' . mysqli_error($link));
if (mysqli_num_rows($result) > 0 ) {
$sql = "UPDATE bookcustomers
set fname = '$fname',
lname = '$lname',
email = '$email',
street = '$street',
city = '$city',
state = '$state',
zip = '$zip'
WHERE custID = '$custID'";
$result = mysqli_query($link, $sql)
or die('SQL syntax error: ' . mysqli_error($link));
}
else {
$sql = "INSERT into bookcustomers (fname,
lname,
email,
street,
city,
state,
zip)
VALUES ('$fname',
'$lname',
'$email',
'$street',
'$city',
'$state',
'$zip')";
$result = mysqli_query($link, $sql)
or die('SQL syntax error: ' . mysqli_error($link));
$custID = mysqli_insert_id($link);
}
?>