I have made a small website, non-members can register with the website, when they register their details should be stired in the database table. I had this working but now it is not, it does everything apart from store the details in the database. Can anyone help please?
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$repeatpassword=$_POST['repeatpassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = strip_tags($myusername);
$mypassword = strip_tags($mypassword);
$repeatpassword = strip_tags($repeatpassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$repeatpassword = mysql_real_escape_string($repeatpassword);
if($myusername&&$mypassword&&$repeatpassword)
{
if ($mypassword==$repeatpassword)
{
if (strlen($myusername)>10)
{
header("location:erroruname.php");
}
else
{
if (strlen($mypassword)>10||strlen($mypassword)<5)
header("location:errorpword.php");
else
{
$queryreg = mysql_query("
INSERT INTO $tbl_name VALUES('','$myusername','$mypassword')
");
session_register("myusername");
session_register("mypassword");
header("location:insertdetail.php?myusername=" . $username);
}
}
}
else
header("location:errornomatch.php");
}
else
header("location:errorfields.php");
This was never working because you aren't specifying any column names in your INSERT
INSERT INTO $tbl_name VALUES('','$myusername','$mypassword')
Needs to look like
INSERT INTO $tbl_name(`column_a`, `username`, `password`)
VALUES('','$myusername','$mypassword')
Do you have an auto-increment column in that table? If so, don't use the ' ', instead, don't enter anything at all. In that case, you should specify only the two columns (username and password).
echo the query and run manually the sql query in phpmyadmin
echo "INSERT INTO $tbl_name VALUES('','$myusername','$mypassword') "; die();
Related
Halo everyone, I got a question for how to check the permission when the user login and send the user to the page where they suppose to be. But I just can't make it. Can anyone help?
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="123456789"; // Mysql password
$db_name="hospital_db"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$permissionssql="SELECT permissions FROM $tbl_name WHERE permissions";
$permissionssqlresult=mysql_query($permissionssql);
if(permissions==admin){
header("location:admin.php");
if(permissions==employees){
header("location:employees.php");
if(permissions==employees){
header("location:otherstaff.php");
}
}
}
}
else{
echo "Wrong username or password!";
}
?>
I create a permissions on my table and it is vachar.
The permission have admin/employees/otherstaff.
I'm just trying to let the system send the user to the correct page but it always doesnt work.
I'm really appreciate if there's an answer.
thanks
Ok so I'm diving in with not much knowledge or SQLite, I have a generic checklogin php file that I would like to connect to the db to check the login. So without much of an understanding of SQLite, what am I missing, I've never worked with database either. I just need to understand a basic starting point or concept of connecting the database to this. I have a index.html that grabs the username and pw and inputs it in to check the login with the database but having trouble connecting to database with sqlite. Every time I try to login it'll just show me this php file code, is it because it's not connected to the database?
<?php
$host="localhost"; // Host name
$username="Test"; // Mysql username
$password="test"; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysqli_connect("$host", "$username", "$password")or die("cannot connect");
mysqli_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($myusername);
$mypassword = mysqli_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysqli_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
hope it helps you
function getConnected($host,$user,$pass,$db)
{
$mysqli = new mysqli($host, $user, $pass, $db);
if($mysqli->connect_error)
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
return $mysqli;
}
$mysqli = getConnected('localhost','user','password','database');
if your code really not connecting to database then it will print the message 'cannot connect to db' as you have written the die() statement.
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 3 years ago.
The following script works fine:
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
Why, when I replace only the mysql_connect and mysql_select_db statements (keeping everything else including all passwords the same) with the following, do i get the "Wrong Username or Password" echo?
mysqli_connect($host,$username,$password,$db_name) or die("cannot connect");
It is because the MySQL and MySQLi database connections are not linked. When you make a connection to database with MySQLi, you have to use that connectio.
Example:
$mysqli = new mysqli('localhost', 'user', 'password', 'database');
$result = $mysqli->query("SELECT * FROM users");
Please help to cure this error:
Fatal error: Call to undefined function mssql_real_escape_string() in
The Code:
<?php
$host="-Removed-"; // Host name
$username="-Removed-"; // Mysql username
$password="-Removed-"; // Mysql password
$db_name="-Removed-"; // Database name
$tbl_name="USERPASS";
$tbl_name2="EMPLOYEES"; // Table name
// Connect to server and select databse.
mssql_connect("$host", "$username", "$password")or die("cannot connect");
mssql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['login'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mssql_real_escape_string($myusername);
$mypassword = mssql_real_escape_string($mypassword);
$sql="SELECT *
FROM $tbl_name U, $table_name2 E
WHERE U.EMPLOYEE_ID = E.EMPLOYEE_ID
AND USERNAME='$myusername'
AND PASSWORD='$mypassword'";
$result=mssql_query($sql);
// Mysql_num_row is counting table row
$count=mssql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
.
Thank You for the help! Been trying to figure this out for forever now.
That's because thereisn't any php function called mssql_real_escape_string
If your using MSSQL Server there is no mssql_real_escape_string, only MySQL and MySQLi have it, at least I didn't find it:
http://php.net/manual/en/book.mssql.php
http://php.net/manual/en/ref.mssql.php
Unfortunately, as of right now, PHP mssql extension neither supports parameterized queries nor has an escape function. You have to either write your own escape function or use something like PDO prepared statements to prevent SQL injection.
SOLUTION: I was pointed at the wrong database thanks for the help.
the count below returns 0 but when i run it manually there is a result.
by manually i mean copying the SQL that is echo'd by my code and pasting it into the mySQL command.
<?
$host="localhost"; // Host name
$username="userName"; // Mysql username
$password="userPW"; // Mysql password
$db_name="dbName"; // Database name
$tbl_name="userBase"; // Table name
// Connect to server and select databse.
$link=mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$user=$_POST['user'];
$pass=$_POST['pass'];
// To protect MySQL injection (more detail about MySQL injection)
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$salt = substr($pass, 0, 1);
$encrypted_pswd = crypt($pass, $salt);
$sql="SELECT * FROM $tbl_name WHERE user=\"$user\" and pass=\"$encrypted_pswd\";";
echo $sql."<br>";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
echo "count=".$count."<br>";
?>
Try:
$sql = sprintf("SELECT * FROM %s WHERE user='%s' and pass='%s'", $tbl_name, $user, $encrypted_pswd);