So im trying to do what should seem and probably is a very simple mundane task. I am trying to check for an email address in my db. I dont know if im on the right track or not, can some one straiten me out please?
$query = "SELECT * FROM 68_users WHERE email= $email";
if($result = mysqli_query($link, $query) == $email) {
echo 'Email has been registered';
}else{
$query = "INSERT INTO 68_users (email,pass,old_pass,first_name,last_name,dob,gender,phone,fanmail)
VALUES ('$email',AES_ENCRYPT('$pass', 'something'),AES_ENCRYPT('$pass', 'something'),'$first_name','$last_name','$dob','$gender','$phone','$fanmail')"
or die(mysqli_error());
if ( !mysqli_query($link, $query) ) {
echo 'error: '.mysqli_error($link);
exit();
}
}
mysqli_close($link);
}
Thank you all for your help. I need to figure out a debugging situation for php. Right now i write in eclipse and debug on my site, very aggravating.. this is what i used:
$query = "SELECT * FROM 68_users WHERE email= '$email'";
$result = mysqli_query($link, $query);
if($result->num_rows > 0) {
echo 'This email has previously been registered';
}else{
$query = "INSERT INTO 68_users (email,pass,old_pass,first_name,last_name,dob,gender,phone,fanmail)
VALUES ('$email',AES_ENCRYPT('$pass', 'something'),AES_ENCRYPT('$pass', 'something'),'$first_name','$last_name','$dob','$gender','$phone','$fanmail')"
or die(mysqli_error());
if ( !mysqli_query($link, $query) ) {
echo 'error: '.mysqli_error($link);
exit();
}
header( 'Location: http://www.example.com/html/thankyou.html' ) ;
}
this query will fail as you need apostrophes around the email variable. also you can simply run the query and see how many rows are return:
$query = "SELECT * FROM 68_users WHERE email= '$email'";
$result = mysqli_query($link, $query);
if($result->num_rows > 0) {
echo 'Email has been registered';
}else{
// ....
}
You need quotes around the variable $email,
$query = "SELECT * FROM 68_users WHERE email= '$email'";
You will need to see the result of the rest of the code, to know if everything else works fine.
Without knowing the results of your current code, the one problem I can spot is that you want to make sure you enclose the email value in single-quotes for your query statement to ensure that it is evaluated properly:
$query = "SELECT * FROM 68_users WHERE email='$email'";
Omitting the quotes will result in an error when your query executes, which depending on your verbose handling, may or may not be visibly apparent. As a further point, this would be where basic debugging comes into play, which is a fundamental for all programmers.
Remove the equality check for your email, as your query statement is already doing that for you. If there aren't any rows returned, then it will return false and trigger the else statement:
$query = "SELECT * FROM 68_users WHERE email='$email'";
if($result = mysqli_query($link, $query)) {
// Registered
}else{
// Not Registered
}
$query = "SELECT * FROM 68_users WHERE email= '$email'";
will also return a array of values, your "if ($result ... == $email)" will fail.
*var_dump($result)* to see whats coming back from the query.
Related
I want to run two queries at a time in a function to verify the username and email separately when registering. If one of them already exists in the database, it will return the correct error message on the form.
I investigate them separately so that they can be linked to two separate messages based on a query.
If the username already exists in the database, display the corresponding message. If I put them in a single query, then the separate investigation cannot be done.
My error is: It does not allow you to run two queries at the same time and throws the following error: there is a problem with the preceding parameter. Or it returns an incorrect value.
function pl($connection) {
$query = "SELECT username FROM users WHERE username = ?";
$query2 = "SELECT email FROM users WHERE email = ?";
if ($statment = mysqli_prepare($connection, $query) && $statment2 = mysqli_prepare($connection, $query2)) {
mysqli_stmt_bind_param($statment, "s", $_POST['usern']);
mysqli_stmt_execute($statment);
$result = mysqli_stmt_get_result($statment);
$record = mysqli_fetch_assoc($result);
mysqli_stmt_bind_param($statment2, "s", $_POST['email']);
mysqli_stmt_execute($statment2);
$result2 = mysqli_stmt_get_result($statment2);
$record2 = mysqli_fetch_assoc($result2);
}
if ($result != null) {
echo "succes";
//it will enter even if there is an error
}
}
How it could be solved to execute two mysqli_prepare() at a time?
Why you do not use one query?
Something like:
$query = "SELECT username, email FROM users WHERE username = ? and email = ?";
$statment = mysqli_prepare($connection, $query);
mysqli_stmt_bind_param($statment, "ss", $_POST['usern'], $_POST['email']);
mysqli_stmt_execute($statment);
$result = mysqli_stmt_get_result($statment);
$record = mysqli_fetch_assoc($result);
if (!$record) {
echo "succes";
//it will enter even if there is an error
}
also you miss the } at end of your first if
I'm having a hard time identifying the cause of the problem of my code, which is, it won't query on the "UPDATE" part but the "SELECT" part does work. when i tried using the print_r function, it gives an errors/warnings namely:
"Warning: mysqli_query(): Couldn't fetch mysqli"** and **"Warning:
mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, null
given"
if(!isset($_POST['n_pass'])&&!isset($_POST['n_pass'])){
if(!isset($_POST['password'])||$_POST['password']==""){
echo 'enter current password';
die;
} else {
include 'include/database.php';
$fname = mysqli_real_escape_string($conn, $_POST['fname']);
$lname = mysqli_real_escape_string($conn,$_POST['lname']);
$email = mysqli_real_escape_string($conn,$_POST['email']);
$username = mysqli_real_escape_string($conn,$_POST['uname']);
$password = mysqli_real_escape_string($conn,$_POST['password']);
//Check if the password is equal to the password inside database
$sql = "SELECT password FROM users where id = $id";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$cpass = $row['password'];
$verify_pass = password_verify($password,$cpass); //check if current password is equal to the existing password
if($verify_pass != 1){
echo 'incorrect password';
die;
} else {
**//Update Data
$sql="UPDATE users SET firstname=$fname, lastname=$lname, email=$email, username=$username where id=$id";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
print_r($row['firstname']);
die;
header("Location: profile.php?successfullyupdated");
}
}
}
Your query is missing the quotes around the strings:
$sql="UPDATE users SET firstname='$fname', lastname='$lname', email='$email', username='$username' where id=$id";
You can skip only the id field since it is an Integer.
Sidenote: you are wide open to SQL Injections. You should use prepared statements.
There are plenty of resources on google to start with this topic
Finally, note that
$row = mysqli_fetch_assoc($result);
print_r($row['firstname']);
is completely useless since you are not returning anything from the UPDATE query.
You can do:
if(mysqli_query($conn, $sql)){
//query was successful - run your code here for success
}else{
//query failed - run your code here for fail
}
I am Android developer and trying to make one API for register user using PHP and Mysqli. I have made API like below
<?php
include("dbconnection.php");
$email= $_GET['email'];
$query = mysqli_query($conn, "SELECT * FROM tbl_user WHERE email='".$email."'");
if (!$query){
die('Error: ' . mysqli_error($con));
}
if(mysqli_num_rows($query) > 0){
$response='success';
}else{
$sql = "INSERT INTO tbl_user(email)VALUES ('".$email."')";
if (mysqli_query($conn, $sql)) {
$response='success';
}else {
$response='error';
}
}
echo json_encode($response);
?>
basically I am passing email as parameter like example.com/login?=abc#gmail.com
and I want check that email is already in database table or not. if email exist in database I want return user_id in response and if email is not in database than I want add that email in database and want return user_id. I have made API is working fine as I require but I do not know how to return user_id located with that email. Let me know if someone can give me idea to solve my puzzle. Thanks
The below code will create an array with message and user_id.
include("dbconnection.php");
$email= $_GET['email'];
$query = mysqli_query($conn, "SELECT * FROM tbl_user WHERE email='".$email."'");
if (!$query){
die('Error: ' . mysqli_error($con));
}
if(mysqli_num_rows($query) > 0){
// assign message to response array
$response['message']='success';
// Get the results data
while($row = mysqli_fetch_assoc($query)) {
// assign user_id to response array
$response['user_id'] = $row['user_id'];
}
}else{
$sql = "INSERT INTO tbl_user(email) VALUES ('".$email."')";
if (mysqli_query($conn, $sql)) {
$response['message']='success';
// assign last inserted id to response array
$response['user_id'] = mysqli_insert_id($conn);
}else {
$response['message']='error';
}
}
echo json_encode($response);
Prepared statements help you secure your SQL statements from SQL Injection attacks.
First of all, you should use PreparedStatement to avoid sql injection.
Then, second you can use PDO::lastInsertId()
I've combed through this site non-stop looking for the solution to my problems but have come up empty handed still.
Here's the problem, whenever I use the following INSERT INTO statement nothing is inserted into my database, the code runs without a hitch but at the end of the day my database is still empty(excluding values I manually inserted myself).
I would also like to point out that I ran a SELECT FROM statement that returned manually inserted values from the database nicely.
Anyway here's the code:
Connecting to database
$link = mysqli_connect("localhost", "root", "", "prototype");
Insert code
if ($error) echo "There were error(s) in your signup details:".$error;
else
{
$query = "SELECT * FROM `users` WHERE email = '".mysqli_real_escape_string($link, $_POST['email'])."'";
$result = mysqli_query($link, $query);
$results = mysqli_num_rows($result);
echo $results;
if ($results) echo " This email address is already taken. Would you like to log in?";
else
{
$query = "INSERT INTO `users`(`email`, `password`) VALUES ('".mysqli_real_escape_string($link, $_POST['email']).', '.md5(md5($_POST['email']).$_POST['password'])."')";
mysqli_query($link, $query);
echo "You've been registered!";
$_SESSION['id'] = mysqli_insert_id($link);
print_r($_SESSION);
// Redirect to logged in page
}
Try to change your insert query as below
$query = "INSERT INTO `users`(`email`, `password`) VALUES ('".mysqli_real_escape_string($link, $_POST['email'])."', '".md5(md5($_POST['email']).$_POST['password'])."')";
I am trying to submit data through form and came across the below error:
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given ..
Please find the code I have tried.
//connection end to my data server.
if(isset($_POST["submit"])) {
$user_name = $_POST['name'];
$user_email = $_POST['email'];
$user_skype = $_POST['skype'];
if($user_name==""){
echo "<script>alert('please enter your user name!')</script>";
exit();
}
if($user_email==""){
echo "<script>alert('please enter your email!')</script>";
exit();
}
if($user_skype==""){
echo "<script>alert('please enter your skype id.')</script>";
exit();
}
$check_email = "select * from binary where user_email = '$user_email' ";
$run = mysql_query($check_email);
if(mysql_num_rows($run)>0){
echo "<script>alert('Your email $user_email address already exist. please try another.')</script>";
exit();
}
$query= "insert into binary (user_name, user_email, user_skype) values('$user_name','$user_email','$user_skype')";
if(mysql_query($query)){
echo "<script>window.open('success.html','_self')</script>";
}
}
?>
binary is sql reserrve word
use backticks around it
$check_email = "select * from `binary` where user_email = '$user_email' ";
check this link for sql reserve word. http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
and learn mysqli_ function or P.D.O as mysql is deprcitaeted
Please update your query:
It should be
$check_email = "select * from `binary` where user_email = '".$user_email."' ";
it seems select query returns boolean false because
$check_email = "select * from binary where user_email = '$user_email' "
where user_email = '$user_email' can not parse value of '$user_email' because variable inside single quat does not parsed with their value
use:- where user_email = ".$user_email;
and everything should work