I am having a problem with a newsletter subscription I am writing. The problem is I don't seem to be getting any errors or in fact anything at all when someone clicks submit, all that happens is they are presented with a blank white page and nothing more, so its difficult to diagnose.
Basically the policy reminder form has a field on it called newslettersubscribe, if this is equal to yes the user is also subscribed to the newsletter list as well as the policy reminder list they are signing up for. I am not 100% sure if I am using the real_escape_string functions correctly though or not ?.
<?php
$email = real_escape_string($_POST['email']);
$name = real_escape_string($_POST['name']);
$newslettersubscribe = real_escape_string($_POST['newslettersubscribe']);
if ($newslettersubscribe == 'no'){
}
else{
mysql_query("INSERT INTO ymeg_chronoforms_data_NewsletterDesigner (email, name)
VALUES ('$email', '$name')") or die(mysql_error());
}
?>
EDIT >>>>>>>>>>>>>>>>>>>
If I remove the real escape string I get the error
Unknown column 'email' in 'field list'
when hitting submit, so that probably explains the white page, what does the above error mean ?.
EDIT 2 >>>>>>>>>>>>>>>>>
This is a sample record from the database im trying to connect to :
cf_id 6
cf_uid 5f04f21f80a596f17341cec92a48b197
cf_created 2012-06-01 10:13:16
cf_modified
cf_ipaddress 217.154.186.84
cf_user_id 44
name Iain Simpson
email test#1testdsdsfswqewed.csdom
Try echoing values to make sure it isn't an issue with simply defaulting to
$newslettersubscribe = 'no';
You would need to do something simple like the following:
$email = real_escape_string($_POST['email']);
$name = real_escape_string($_POST['name']);
$newslettersubscribe = real_escape_string($_POST['newslettersubscribe']);
echo $email.' | '.$name.' | '.$newslettersubscribe;
exit();
That should at least show you what your values are for the required variables. Its all about simply troubleshooting what is coming in, and how it impacts your sql query.
Related
I have an HTML survey. I am handling it with PHP and passing it with PHP into a MySQl database. Before this section of code, I post every input, and echo it out as a summary. Every input is reading correctly in the summary, so the form seems to be working fine. I manually input 1 dataset to test the database columns, and then 1 set of data went straight from the form to the database without issue. Now, however, I tried to insert another set of data and it isn't uploading.
I have each field outlined because I have another field that is an autoincrement for when a row is inserted. On a previous form handle I did, I also had an autoincrement field that worked perfectly without including it in the insertion process, so I'm fairly certain I don't need to include it here.
Is there something in the insert code that I've overlooked? I can manually input results just fine that match exactly what I put into the survey fields, but the digital upload from survey submission to database is not being completed. I AM connected to the database, because I have an error for failed connection set up that isn't popping up (it is paired with $dbcon. $dbcon stands for database connection).
//Data Insertion
$res_ins = "INSERT INTO Survey (name, zip,
gender, income, savings, disaster, work,
res_road, work_road, evacuation, lodging,
injury, children, num_child, educ, city_prep,
PrepComments, emer_res, info, prep, fut_prep)
VALUES ('$name', '$zip', '$gender', '$income',
'$savings', '$disaster', '$work', '$res_road',
'$work_road', '$evacuation', '$lodging',
'$injury', '$children', '$num_child', '$educ',
'$city_prep', '$PrepComments', '$emer_res',
'$info', '$prep', '$fut_prep')";
$insert = $dbcon->query($res_ins);
//Terminate connection to database and end
insertion
mysqli_close($dbcon);
I can't comment because of reputation, so I have to give you a hint in the answer: did you try to use this query directly on your database, using some interface?
However, you could try to add some rows to see what is the error, before to close the connection:
if ($dbcon->query($res_ins) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $res_ins. "<br>" . $dbcon->error;
}
before executing, print the query. it will help you to find out the root cause. most common reason of this type of issue is special character. You can check is there any special character in your query.
I want to make a table with all chat messages that have been send to the server.
I got the table working but now i want to get when i click a user name like 'demo' it shows all chat messages that have been send by 'demo'
Im using this table: http://almsaeedstudio.com/AdminLTE/pages/tables/data.html
How do i get when i click like the username 'demo' a bootstrap alert box pops up with all the by user send messages appear? I mean like 'USERNAME GET FROM TABLE SHOUTS SHOUT_NAME=DEMO' and it shows all messages.
How do i do that?
Disabled form fields do NOT submit with the rest of the form:
<textarea name="shout_name" class="form-control" disabled><?php echo etc...
^^^^^^^^^^
You don't show how/where you define $shout and $shout_name, but most likely you're not validating the form input at all, and are almost certainly vulnerable to sql injection attacks.
You haven't defined the variable for $shout_name, only for:
$shout = mysqli_real_escape_string($dbc, $_POST['shout']);
where you may have meant to use or meant to add it:
$shout_name = mysqli_real_escape_string($dbc, $_POST['shout_name']);
in relation to (null, '$shout', NOW(), '$shout_name')
which is why after adding error reporting (as stated in comments between you and I), have received an undefined variable warning.
Also make sure you have initialized the session with session_start(); since you are using sessions.
Try printing $shout_name. Maybe your $_POST is incorrect.
You seem to be grabbing $_POST['shout'] into your $shout variable, but then using a $shout_name variable for the insert. Try:
$shout_name = mysqli_real_escape_string($dbc, $_POST['shout']);
Try this field with a standard post. Turn it into an input and see if it works. It could be a number of things. However try and get something in the database and build on that. If you can't get a standard one in you know there there is a problem elsewhere with your code.
EDIT: based on first reply I got below,I reworked my code and it now works... first checking the given email address to find the gamer id. Then checking the verfication state based on the gamer id. So if they change their email address in the future it will still know whether it's already been verified.
Below is my final code, (I've changed some name for items, so its not an exact copy/paste of my own code).
function email_not_verified ($email) { //check it's not already verified
include ('../connect.php'); // Include connect to database functions
$findUser= $db->prepare("SELECT game_id FROM players WHERE email=?");
$findUser->execute(array($email));
$user = $findUser->fetch();
if ( $findUser){
$veri= $db->prepare("SELECT sent_verification FROM players WHERE game_id=?");
$veri->execute(array($user["game_id"]));
$results = $veri->fetch();
$final = $results["sent_verification"];
}
if ($final == 1){
return TRUE;
}
else{
return FALSE;
}
}
Thanks again for the help.
Below, is my original question.
I'm trying to figure out a simple setup that stops a user repeatedly verifying their email address. As when they verify their email I'm awarding them a bonus of 300 credits for in store game purchases. I obviously don't want to keep dishing that out each time they follow their emailed verification link.
So I'm trying to run a check first, before the normal verification script is run.
But surprise, surprise: its not working...
I was trying to search my database for the email address with the verification field set to '1', I'd then see how many times it found this result. If it found it '0' times then that's fine to verify, if it found it once then its already been verified before.
function email_not_verified ($email) {
include ('../connect.php'); // connect to database
//check it's not already verified
$checkEmail= $db->prepare("SELECT * FROM players WHERE sent_verification=?, email=?");
$checkEmail->execute(array('1', $email));
$check2 = $checkEmail->rowCount();
if ($check2 = 1){
return TRUE;
}
else{
return FALSE;
}
}
I've been using
file_put_contents('results.txt',$check2);
to see the results of the code regardless of whether its putting out a TRUE or FALSE. But the result comes back as '0', even though I can see from looking at my database it should be '1'.
I'm not sure if there's a whole easier way to approach this, I keep trying to get my head around bind values but it's not yet sinking in... I'll continue to try.
Thanks for any help, guidance, pointing out the obvious... I feel like I've taken the wrong path with my script but can't think how else to approach it...
Cheers
Jon
Your if statement is wrong. You're using the assignment operator instead of comparison. This doesn't matter though because rowCount isn't always reliable, which is probably where the actual problem is. What you need to do is fetch the first row and see if you get a row back.
However, you probably don't want to attach this to e-mail verification. When users change their e-mail address, you will want to verify that new address and you probably don't want to give them 300 more credits each time they do. Otherwise, someone could programmatically change their e-mail address over and over again, creating a lot of credits for themselves.
I would separate out the 300 free credits as a coupon or something that can only be used once per account. On e-mail verification, if that coupon hasn't already been used up for that account, use it and mark it as such in your database. This could be done simply by adding another column for new_account_bonus_credits or something.
New to learning PHP form validation on same page. Please advise as to why my data might not be posting to the database. After filling out the form, it redirects to thank you page without sending data. Thanks!
http://pastebin.com/3T1W9Krx
Edit: Now that I know where my problem was, I have updated the Pastebin file to show the working code, which validates in the same page and checks the database for duplicate email addresses.
I was able to use Rick Kuipers suggestion below to find this error. I was trying to include a column for the primary key under VALUES, however I only needed the values for the INSERT keys, not ID or timestamp, as ID is set to auto-increment.
$sql = "INSERT INTO table (last_name, first_name, age)
VALUES (".
PrepSQL($last_name) . ", " .
PrepSQL($first_name) . ", " .
PrepSQL($age) . ")";
mysql_query($sql);
header("Location: volthankyou.php");
exit();
}
}
This could be because of a problem with your query.
Try doing the following:
echo mysql_error($db);
//header("Location: volthankyou.php");
This should display the error if there is any.
Check if mysql_query is true or false for your insert. Otherwise, it will ALWAYS try and then, redirect to thankyou. And as spencercw points out, mysql_select_db could also be failing. Always check the result of such methods.
P.S.: always check server logs
After submitting a payment form (credit cards, etc) to our payment gateway, we receive the "response_code" 1 when the payment is approved. We then use the following code to update a user's info in the database to reflect the approved transaction.
However, about every 1 out of 10 times, a user's info simply will not update even though the transaction returned an approved response. Is anything clearly wrong with this code? Or perhaps the response_code does not equal 1 for some reason?
<?php
session_start();
if ($_GET['response_code'] == 1)
{
require('scripts/global.php'); //connect to database
$email = $_SESSION['email'];
$level = 3;
$transaction_id = "" . htmlentities($_GET['transaction_id']);
mysql_query ("UPDATE `users` SET level = '$level', trans_id = '$transaction_id' WHERE `email` = '$email'"); //update user info
$error = "false";
}
else
{
$noerror = "true";
$message = "Sorry, an error occurred: " . htmlentities($_GET['response_reason_text']);
}
?>
Probably because there has been a session timeout? The WHERE uses the e-mail address, if this is not valid (not there) then you probably won't get an update.
Maybe you should check for transaction ID (or similar). I guess you've got something like that before the transaction starts?
edit: Also store if an error occurs, and try to store variables you need too. This makes it a lot easier to pinpoint the problem. Use a logfile for this for example.
Beyond the obvious security holes, you're not checking the results of your query. Try using mysql_error() and mysql_affected_rows() to see whether anything was updated. When either indicates something unusual, you'll also want to see the exact text of the query that ran. Things to check:
Was $email empty?
Did $transaction_id or $email have any apostrophes?
Do you have duplicate email addresses in the database?
Had the user already been set to level 3?
Did you lose connection to the database?
Did your script get called at all?