Whats wrong with my db_field. in line 15:
$sql = "SELECT * FROM Persons WHERE $loFmUname = '".strtolower($db_field['UserName'])."' AND $myPwd = '".$db_field['UserPwd']."'";
Code I have is
<?php
session_start();
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}
$db_exist = mysql_select_db("seta", $con);
$myUName = $_POST["username"];
$myPwd = $_POST["pwd"];
$loFmUname = strtolower($myUName);
if($db_exist){
$sql = "SELECT * FROM Persons WHERE $loFmUname = '".strtolower($db_field['UserName'])."' AND $myPwd = '".$db_field['UserPwd']."'";
$result = mysql_query($sql);
if($result){
$_SESSION['loged'] = '$loFmUname';
header('Location: index.html');
die();
} else {
echo "Invalid username and/or password please";
echo "<a href='login.php'>try again</a>";
}
} else {
echo "Sorry Database Not Found";
}
mysql_close($con);
?>
Simple: the variable db_field is not initialized anywhere with any value. You're not creating it before using it.
try this
$sql = "SELECT * FROM Persons WHERE ". $loFmUname." = '".strtolower($db_field['UserName'])."' AND ".$myPwd." = '".$db_field['UserPwd']."'";
Related
Hey I am completely new to PHP/MySqli, I would like to check before update if Scanstatus field of given ID is already "Scanned". if its already Scanned display a message as "Already Scanned" else Update.
Below code only update and doesn't check if already exists.
<?php
$id = $_POST['id'];
$connection = mysqli_connect("localhost", "username", "passwd","dbname");
if(mysqli_connect_errno())
{
echo "failed to connect " . mysqli_connect_error();
}
if(isset($_POST['Submit']))
{
$query = "UPDATE `sales` SET `ScanStatus` = 'Scanned' WHERE `id` = $id";
$result = mysqli_query($connection,$query);
if (!$result) {
die('Error' . mysqli_error($connection));
}
else
{
echo "Successfully updated";
}
}
?>
Try following php code
$id = $_POST['id'];
$connection = mysqli_connect("localhost", "username", "passwd","dbname");
if(mysqli_connect_errno())
{
echo "failed to connect " . mysqli_connect_error();
}
else{
if(isset($_POST['Submit']))
{
$sql = "UPDATE sales SET ScanStatus = 'Scanned' WHERE id = '$id'";
$result = $connection->query($sql);
if ($result->num_rows > 0) {
echo "Successfully updated";
} else {
die('Error' . mysqli_error($connection));
}
}
}
When click SUBMIT button "isset($_POST['Submit'])" will be true and direct into if statement. then run sql command and is if there is any result that sql query affected go into next if statement after true the condition "$result->num_rows > 0" then echo "Successfully updated".
As I understand, you want to update only if the ScanStatus field is not Scanned
So you can modify you existing query like this without the need to fetch the record:
$query = "UPDATE `sales` SET `ScanStatus` = 'Scanned' WHERE `id` = $id AND `ScanStatus` != 'Scanned'";
Just change the query to above and use:
if(mysqli_affected_rows($result) > 0 ){
Here is a full code:
<?php
$connection = mysqli_connect("localhost", "username", "passwd","dbname");
if(mysqli_connect_errno()) {
echo "failed to connect " . mysqli_connect_error();
}
if(isset($_POST['Submit'])) {
$id = $_POST['id'];
$query = "UPDATE `sales` SET `ScanStatus` = 'Scanned' WHERE `id` = $id AND `ScanStatus` != 'Scanned'";
$result = mysqli_query($connection, $query);
if(mysqli_affected_rows($connection) > 0 ){
echo "Successfully updated";
}
else {
echo 'Already Scanned';
}
}
You can use this code:
Use if(mysqli_affected_rows($mysqli) > 0 ) or no comparison at all.
Replace your code with this:
<?php
$id = $_POST['id'];
$connection = mysqli_connect("localhost", "username", "passwd","dbname");
if(mysqli_connect_errno())
{
echo "failed to connect " . mysqli_connect_error();
}
if(isset($_POST['Submit']))
{
$my_query = mysqli_query($connection, "SELECT * FROM `sales` WHERE `id` = ". $id . " AND `ScanStatus` = 'Scanned'");
if(mysqli_num_rows($my_query) > 0){
echo "Already ScanStatus is Scanned";
}
else{
$query = "UPDATE `sales` SET `ScanStatus` = 'Scanned' WHERE `id` = ".$id;
//echo $query;die;
$result = mysqli_query($connection, $query);
if(mysqli_affected_rows($connection) > 0 ){
echo "Successfully updated";
/* get new updated data */
$new_query = mysqli_query($connection, "SELECT * FROM `sales` WHERE `id` = '$id' LIMIT 1");
$new_info = mysqli_fetch_array($new_query);
echo "<pre>"; print_r($new_info);
}
else
{
echo "Not updated";
}
}
}
?>
I'm a bit rusty on mysql, especially now that it's mysqli... Nothing happens in the script below, the variables $row[username] etc are empty. What am I doing wrong?
<?php
session_start();
include_once('./db_config.php');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = md5(mysqli_real_escape_string($conn, $_POST['password']));
$query = "SELECT * FROM players WHERE username = '".$username."' AND password = '".$password."'";
if($res = mysqli_query($conn, $query))
{
$row = mysqli_num_rows($res);
$_SESSION['Username'] = $row['username'];
$_SESSION['uID'] = $row['id'];
$_SESSION['Join_Date'] = $row['join_date'];
mysqli_free_result($res);
header('Location: ../index.php');
} else
{
echo mysqli_error($conn);
}
?>
You are not fetching the records instead you are doing myql_num_rows(this will give only no of record)
use this to fetch records
$row = mysqli_fetch_array($res,MYSQLI_ASSOC);
<?php
session_start();
include_once('./db_config.php');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = md5(mysqli_real_escape_string($conn, $_POST['password']));
$query = "SELECT * FROM players WHERE username = '".$username."' AND password = '".$password."'";
if($res = mysqli_query($conn, $query))
{
$row = mysqli_fetch_array($res,MYSQLI_NUM);
$_SESSION['Username'] = $row['username'];
$_SESSION['uID'] = $row['id'];
$_SESSION['Join_Date'] = $row['join_date'];
mysqli_free_result($res);
header('Location: ../index.php');
} else
{
echo mysqli_error($conn);
}
?>
Upon Logging in, I have the userID stored in the SESSION. However when I call updateMarkerlocations.php it says userID is undefined. Not sure what I'm missing.
login.php
session_start();
if (!isset($_POST['submit'])){
} else {
require_once("db_const.php");
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
}
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * from userinfo WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
$result = $mysqli->query($sql);
if (!$result->num_rows == 1) {
echo "<p>Invalid username/password combination</p>";
} else {
$row = $result->fetch_assoc();
setcookie("username", time() +60*60*24*30*365);
$_SESSION['userID'] = $row['userID'];
echo "<p>Logged in successfully!, Please close the window</p>";
}
}
?>
updateMarkerLocations.php
<?php
include 'db_const.php';
function insertMarkerLocations()
{
$markerCount = 0;
if (isset($_POST['markerCount']))
$markerCount = $_POST['markerCount'];
if(isset($_SESSION["userID"]))
{
$userID = $_SESSION["userID"];
}
$con = mysql_connect(DB_HOST, DB_USER, DB_PASS);
mysql_select_db(DB_NAME);
$userID = $_POST['userID'];
for($i=0 ; $i < $markerCount; $i++){
$index = $i;
++$index;
$curMarkerID = $_POST["markerID$index"];
$curLang = $_POST["lang$index"];
$curLat = $_POST["lat$index"];
// Now write the current marker details in to the db.
$query = "INSERT INTO userinfo (userID, markerID, lang, lat ) VALUES ('$userID', '$curMarkerID', '$curLang', '$curLat')";
mysql_query($query)
or die(mysql_error());
}
$msg = "SUCCESS";
return $msg;
}
$msg = insertMarkerLocations();
echo json_encode($msg);
?>
Add this at the top of each file:
if(!isset($_SESSION)) session_start();
Also, when you do:
$userID = $_POST['userID'];
you should ensure that $_POST['userID'] exists:
if(isset($_POST['userID'])) $userID = $_POST['userID'];
Am facing challenges in the following code; please help:
<?php
session_start();
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}
$db_exist = mysql_select_db("seta", $con);
$myUName = $_POST["username"];
$myPwd = $_POST["pwd"];
$loFmUname = strtolower($myUName);
if($db_exist){
$sql = "SELECT * FROM Persons WHERE $loFmUname = 'strtolower($db_field['UserName'])' AND $myPwd = '$db_field['UserPwd']'";
$result = mysql_query($sql);
if($result){
$_session['loged'] = '$loFmUname';
header('location:index.html');
die();
}
else{
echo"Invalid username and/or password please";
echo "<a href='login.php'>try again</a>";
}
}
else{
echo "Sorry Database Not Found";
}
mysql_close($con);
?>
The error is coming on line 15.
Note that strtolower() is being used to ignore case-sensitive username.
Change the line
$sql = "SELECT * FROM Persons WHERE $loFmUname = 'strtolower($db_field['UserName'])' AND $myPwd = '$db_field['UserPwd']'";
By this one
$sql = "SELECT * FROM Persons WHERE $loFmUname = '".strtolower($db_field['UserName'])."' AND $myPwd = '".$db_field['UserPwd']."'";
This may help you.
Thanks
You need to use dot separators when doing manipulation to a variable inside a variable.
Also, should $_SESSION['loged'] = '$loFmUname'; be that, or $_SESSION['logged'] = '$loFmUname';?
<?php
session_start();
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}
$db_exist = mysql_select_db("seta", $con);
$myUName = $_POST["username"];
$myPwd = $_POST["pwd"];
$loFmUname = strtolower($myUName);
if($db_exist){
$result = mysql_query("SELECT * FROM Persons WHERE $loFmUname='" . strtolower($db_field['UserName']) . "' AND $myPwd='$db_field['UserPwd']' ");
if($result){
$_SESSION['loged'] = '$loFmUname';
header('Location: index.html');
die();
} else {
echo "Invalid username and/or password please";
echo "<a href='login.php'>try again</a>";
}
} else {
echo "Sorry Database Not Found";
}
mysql_close($con);
?>
I have the following in a php script.All I get is a blank page, no errors or nothing.
error_reporting(E_ALL);
ini_set("display_errors", 1);
$database = "mydatabase";
$con = mysql_connect("localhost", "admin", "password") or die(mysql_error());
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$db = mysql_select_db($database);
if(!$db){
die('Could not connect: ' . mysql_error());
}
if(isset($_POST['id'])){
$userid = mysql_real_escape_string($_POST['id']);
echo($userid);
}
if(isset($_POST['name')){
$username = mysql_real_escape_string(htmlentities($_POST['name']));
echo($username);
}
$query = mysql_query("SELECT * FROM userinfo
WHERE userid ='$userid'")or die(mysql_error());
if(mysql_num_rows($query) > 0){
echo "yeah";
}else{
$query = mysql_query("INSERT INTO userinfo (username,userid)
VALUES ($username,$userid)")or die(mysql_error());
if(mysql_affected_rows($query)== 1){
echo "UPDATED";
}else{
echo "NOPE";
}
}
You should format your code better. Also you where missing a close ] bracket on this line, if (isset($_POST['Name')) {
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
$database = "mydatabase";
$con = mysql_connect("localhost", "admin", "password") or die(mysql_error());
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$db = mysql_select_db($database);
if(!$db)
{
die('Could not connect: ' . mysql_error());
}
if(isset($_POST['id']))
{
$userid = mysql_real_escape_string($_POST['id']);
echo($userid);
}
if(isset($_POST['name']))
{
$username = mysql_real_escape_string(htmlentities($_POST['name']));
echo($username);
}
$query = mysql_query("SELECT * FROM userinfo WHERE userid ='$userid'")or die(mysql_error());
if(mysql_num_rows($query) > 0)
{
echo "yeah";
}
else
{
$query = mysql_query("INSERT INTO userinfo (username,userid) VALUES ($username,$userid)")or die(mysql_error());
if(mysql_affected_rows($query)== 1)
{
echo "UPDATED";
}
else
{
echo "NOPE";
}
}
?>
You also have an error in your SQL:
INSERT INTO userinfo (username,userid)
VALUES ($username,$userid)
The values here should be quoted:
INSERT INTO userinfo (username,userid)
VALUES ('$username', '$userid')