We Keep Coding

Updating database with MYSQLi

I have been updating my members site so it will work with mysqli. I'm rather new to php and mysql.
I have a page where users can edit their information in a form which posts to send_post.php.
Can anyone tell me what is wrong with my code? I just get a white screen and a syntax error, 'unexpected ',' in send_post.php on line 7'.
This is the page with my form.
<?php
// See if they are a logged in member by checking Session data
include_once("php_includes/check_login_status.php");
if (isset($_SESSION['username'])) {
// Put stored session variables into local php variable
$username = $_SESSION['username'];
}
//Connect to the database through our include
include_once "php_includes/db_conx.php";
// Query member data from the database and ready it for display
$sql = "SELECT * FROM members WHERE username='$username' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// Now make sure that user exists in the table
$numrows = mysqli_num_rows($user_query);
if($numrows < 1){
echo "That user does not exist or is not yet activated, press back";
exit();
}
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$state = $row["state"];
$city = $row["city"];
$name = $row["name"];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../assets/ico/favicon.png">
<title>Edit</title>
</head>
<body>
<br>
<div class = "container">
<div align="center">
<h3><br />
Edit your account info here<br />
<br />
</h3>
<table align="center" cellpadding="8" cellspacing="8">
<form action="send_post.php" method="post" enctype="multipart/form-data" name="form"
id="form">
<tr>
<td><div align="right">Name:</div></td>
<td><input name="city" type="text" id="city" value="<?php echo "$name"; ?>"
size="30" maxlength="24" /></td>
</tr>
<tr>
<td><div align="right">State:</div></td>
<td><input name="state" type="text" id="state" value="<?php echo "$state"; ?>"
size="30" maxlength="64" /></td>
</tr>
<tr>
<td><div align="right">City:</div></td>
<td><input name="city" type="text" id="city" value="<?php echo "$city"; ?>"
size="30" maxlength="24" /></td>
</tr>
<tr>
<td> </td>
<td><input name="Submit" type="submit" value="Submit Changes" /></td>
</tr>
</form>
</table>
</div>
</div>
</body>
</html>
This is the form processing page. send_post.php
<?php
if ($_POST['state']) {
$city = $_POST['city'];
$name = $_POST['name'];
//Connecting to sql db.
$connect = mysqli_connect("localhost","username","password","database");
$mysqli_query=($connect,"UPDATE members (`state`, `city`, `name` WHERE
username='$username'");
VALUES ('$state', '$city', '$name')";
mysqli_query($connect, $query);
mysqli_close($connect);
echo "Your information has been successfully added to the database.";
?>

Add a hidden field in the form like this
<input type="hidden" name="username" value="<?php echo $username; ?>">
Change send_post.php
<?php
//checking that all the fields have been entered
if( isset( $_POST['state'] ) && !empty( $_POST['state'] ) )
{
$state = $_POST['state'];
}
if( isset( $_POST['city'] ) && !empty( $_POST['city'] ) )
{
$city = $_POST['city'];
}
if( isset( $_POST['name'] ) && !empty( $_POST['name'] ) )
{
$name = $_POST['name'];
}
if( isset( $_POST['username'] ) && !empty( $_POST['username'] ) )
{
$username = $_POST['username'];
}
//Connecting to sql db.
$mysqli = new mysqli("localhost","username","password","database");
//updating database
$query = $mysqli->query( "UPDATE members SET `state` = '$state', `city` = '$city', `name` = '$name' WHERE `username` = '$username'" );
//closing mysqli connection
$mysqli->close;
//echoing that the information has been added
echo "Your information has been successfully added to the database.";
?>

change
$mysqli_query=($connect,"UPDATE members (`state`, `city`, `name` WHERE
username='$username'");
VALUES ('$state', '$city', '$name')";
to
$mysqli_query=($connect,"UPDATE members (`state`, `city`, `name`) VALUES ('$state', '$city', '$name') WHERE username='$username' ");

User name won't display

I try to display the user log in to the memberadd.php where i want to add other members, however, it doesn't display, instead it is blank. I post both the member add code and the log in code, it has something to do how the memberadd php didn't received the variable from the other files?
this is the memberadd code
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/chtml-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" >
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="Web Programming :: Assignment 2" />
<meta name="Keywords" content="Web, programming" />
<title>Member Login</title>
</head>
<body>
<h1>My Member System</h1>
</body>
</html>
<?php
session_start();
require_once('sqlconnect.inc.php');
if(isset($_SESSION['membername']))
{
echo "<p>Welcome back". "<br />".$_SESSION['membername']."</p>";
$conn = #mysqli_connect($host,
$user,
$pswd,
$dbnm);
if (!$conn) {
echo "<p>Database connection failure</p>";
} else {
#mysqli_select_db($conn, $dbnm)
or die ("Database not available");
}
$query = "SELECT member_name FROM team";
$result = mysqli_query($conn, $query);
if(!$result) {
echo "<p>Error with: ", $query, "</p>";
} else {
echo "<table width='10%' border='1'>";
echo "<tr><th>Member</th></tr>";
while ($row = mysqli_fetch_assoc($result)){
echo "<tr>";
echo "<td>",$row["member_name"],"</td>";
echo "</tr>";
}
echo "</table>";
mysqli_free_result($result);
}
}
//
?>
below is the login page
<?php
session_start();
require_once('sqlconnect.inc.php');
if (isset($_POST["login"]))
{
$conn = #mysqli_connect($host, $user, $pswd);
if (!$conn) {
echo "<p>Database connection failure</p>";
} else {
$selectDatabase = #mysqli_select_db($conn,$dbnm)
or die("<p>The database is not available.</p>");
}
$email = $_POST['email'];
$passw = $_POST['password'];
$query = "SELECT member_email FROM team WHERE member_email = '$email' AND password = '$passw'";
$queryResult = #mysqli_query($conn,$query)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
if(mysqli_num_rows($queryResult) == 0) //user is not found
{
header('Location: login.php');
}else{
if(mysqli_num_rows($queryResult) == 1)
{
echo ("<p>User is found, Successful login!</p>");
echo('<p>member add </p>');
echo('<p>List/Remove member </p>');
echo('<p>Log out </p>');
exit();
$query2 = "SELECT member_name FROM team WHERE member_email = '$email' AND password= '$passw'";
$queryResult2 = #mysqli_query($conn, $query2)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
$array = mysqli_fetch_row($queryResult2);
$_SESSION['membername'] = $array[0];
}
else
{
echo"<p>Email and password do not match</p>";
echo'<p>Home page </p>';
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/chtml-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" >
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="Web Programming :: Assignment 2" />
<meta name="Keywords" content="Web, programming" />
<title>Member Login</title>
</head>
<body>
<form id='login' action='login.php' method='POST'>
<fieldset >
<legend><h1>My Team System Log in Page</h1></legend>
<?php $email = isset($_POST['email']) ? filter_var($_POST['email'], FILTER_SANITIZE_STRING) : ''; ?>
<label for='email' >Email:</label>
<input type='text' name='email' id='email' maxlength="50" value="<?php echo $email; ?>" />
</div>
<br />
<div class="elements">
<label for='password' >Password:</label>
<input type='password' name='password' id='password' maxlength="50" />
</div>
<br />
<div class="submit">
<input type='submit' name='login' value='Login' />
<input type='reset' name='Submit' value='Clear' />
<br />
<div class="elements">
Home
</fieldset>
</form>
</body>
</html>

You set the session as membername but you then try to call name. As in, you should correct the bit where you display the user's name into $_SESSION['membername'].

Blank screen is usually a parse error...
echo "<p>Error with: ", $query, "</p>";
Should be
echo "<p>Error with: ".$query."</p>";
echo "<td>",$row["member_name"],"</td>";
Should be
echo "<td>".$row["member_name"]."</td>";

Well I can tell you about what I see:
You set the session of the member name like this
$_SESSION['membername'] = $array[0];
But in memberadd.php you retrieve it like this:
echo "<p>Welcome back". "<br />".$_SESSION['name']."</p>";
So you should change to the same name you set it to :
echo "<p>Welcome back". "<br />".$_SESSION['membername']."</p>";

3 errors I see -
1. your session_start() is not at the top/start of your code.
2. you echo before setting your session value
3. you use exit(); after your echo and before setting your session value.
also, you are wide open to sql injection, and you should hash your passwords.

I am sorry guys, I've made a mistake on the early file I did, which is the signup file where people registered, and I set the session name there ['name'] instead of ['membername']. Is all fine now.

Login form won't show any successful message

I am currently making a login form and although there are no error as far as i know when i tried to log in, however, it doesn't show any successful message or whatsoever so i don't know if I successfully log in or not.
<?php
session_start();
require_once('sqlconnect.inc.php');
if (isset($_POST["Login"]))
{
$conn = #mysqli_connect($host, $user, $pswd);
if (!$conn) {
echo "<p>Database connection failure</p>";
} else {
$selectDatabase = #mysqli_select_db($conn,$dbnm)
or die("<p>The database is not available.</p>");
}
$email = $_POST['email'];
$passw = $_POST['password'];
$query = "SELECT member_email FROM team WHERE member_email = '$email' AND password = '$passw'";
$queryResult = #mysqli_query($conn,$query)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
if(mysqli_num_rows($queryResult) == 0) //user is not found
{
header('Location: login.php');
}else{
if(mysqli_num_rows($queryResult) == 1)
{
echo ("<p>User is found, Successful login!</p>");
echo('<p>member add </p>');
echo('<p>Log out </p>');
$query2 = "SELECT member_name FROM team WHERE member_email = '$email' AND password= '$passw'";
$queryResult2 = #mysqli_query($conn, $query2)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
$array = mysqli_fetch_row($queryResult2);
$_SESSION['membername'] = $array[0];
}
else
{
echo"<p>Email and password do not match</p>";
echo'<p>Home page </p>';
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/chtml-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" >
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="Web Programming :: Assignment 2" />
<meta name="Keywords" content="Web, programming" />
<title>Register Page</title>
</head>
<body>
<form id='login' action='login.php' method='POST'>
<fieldset >
<legend><h1>My Team System Log in Page</h1></legend>
<?php $email = isset($_POST['email']) ? filter_var($_POST['email'], FILTER_SANITIZE_STRING) : ''; ?>
<label for='email' >Email:</label>
<input type='text' name='email' id='email' maxlength="50" value="<?php echo $email; ?>" />
</div>
<br />
<div class="elements">
<label for='password' >Password:</label>
<input type='password' name='password' id='password' maxlength="50" />
</div>
<br />
<div class="submit">
<input type='submit' name='login' value='Login' />
<input type='reset' name='Submit' value='Clear' />
<br />
<div class="elements">
Home
</fieldset>
</form>
</body>
</html>

Either you have an error from the mysql call that is being masked by using the # or the code block where you have the header function is being called. What happens if you remove the # and/or replace the header call with just a plain
echo "Debug: Test";

Displaying error message in form

I want to display error message or alert message after checking the condition.
here is my code
session_start();
$plan = #$_GET['plan'];
$plan = +$plan;
include('connect.php');
If (isset($_POST['submit']))
{
$CompanyName = $_POST['CompanyName'];
$CompanyEmail = $_POST['CompanyEmail'];
$CompanyContact = $_POST['CompanyContact'];
$CompanyAddress = $_POST['CompanyAddress'];
$RegistrationType = $_POST['RegistrationType'];
$Plans = $_POST['plan'];
$Status = "Active";
$query1 = "select count(CompanyEmail) from ApplicationRegister where CompanyEmail = '$CompanyEmail'" ;
$result1 = mysql_query($query1) or die ("ERROR: " . mysql_error());
//$result1 = mysql_result($query1, 0, 0);
//echo $result1;
while ($row = mysql_fetch_array($result1))
{
//$companyemail = $row['CompanyEmail'];
//if($companyemail != '' || $companyemail!= 'NULL')
//{
if($row['count(CompanyEmail)'] > 0)
{
echo "This E-mail id is already registered ";
}
else
{
$sql = "INSERT INTO ApplicationRegister(CompanyName, CompanyEmail, CompanyContact, CompanyAddress, RegistrationType, ApplicationPlan, ApplicationStatus, CreatedDate) VALUES ('$CompanyName', '$CompanyEmail', '$CompanyContact', '$CompanyAddress', '$RegistrationType', '$Plans', '$Status', NOW() )";
$result = mysql_query($sql) or die(mysql_error());
$id = mysql_insert_id();
$_SESSION['application_id'] = $id;
//if(isset($plan == "trail"))
if($plan == "trail")
{
header("Location: userRegister.php?id=$id");
exit();
}
else
{
header("Location : PaymentGateway.php");
exit();
}
}
}
}
?>
and after this i have placed my html form
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link href="style.css" rel="stylesheet" type="text/css" />
<title>Welcome</title>
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><h2><br />
Application Registration</h2>
<p> </p></td>
</tr>
<tr>
<td><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data" name="form1" id="form1" onsubmit="return Validate();">
<input type="hidden" name="plan" value="<?php echo $plan ?>"/>
Company Name:
<input type="text" name="CompanyName" style="width:230px; height:20px;" /><br /><br />
Company E-mail :
<input type="text" name="CompanyEmail" style="width:230px; height:20px;" /><br /><br />
Company Contact <input type="text" name="CompanyContact" style="width:230px; height:20px;" /><br /><br />
Company Address: <input type="text" name="CompanyAddress" style="width:230px; height:20px;" /><br /><br />
Select Your Registration Type : <br /><br />
Trail: <input type="radio" name="RegistrationType" value="Trail" /><br />
Paid<input type="radio" name="RegistrationType" value="Paid" /><br /><br />
<input type="hidden" name="form_submitted" value="1"/>
<input type="submit" value="REGISTER" name="submit" />
</form>
</td>
</tr>
</table>
When the user entered companyemail is already exists it should display the alert message just below the company email field in the form. But now its displaying in the starting of the page. I dont know what to use and how to use. Please suggest

$msg = "";
if($row['count(CompanyEmail)'] > 0)
{
$msg = "This E-mail id is already registered ";
}
and HTML
<input type="text" name="CompanyEmail" style="width:230px; height:20px;" /><br />
<?php echo $msg; ?>

This query will return only one record. So its not need to use while loop
$query1 = "select count(CompanyEmail) from ApplicationRegister where CompanyEmail = '$CompanyEmail'" ;
$result1 = mysql_query($query1) or die ("ERROR: " . mysql_error());
Try this,
$query1 = "select count(CompanyEmail) from ApplicationRegister where CompanyEmail = '$CompanyEmail'" ;
$result1 = mysql_query($query1);
$row = mysql_ferch_array($result1);
if($row['count(CompanyEmail)'] > 0){
error message
}else{
insert uery
}

Error when updating MySQL Database with PHP

I am a newbie, i want to update the database and when i submit the form to update the record, i get this error
Notice: Undefined index: idno in /Library/WebServer/Documents/practice/employee/edit_employee.php on line 6 Call Stack: 0.0001 633952 1. {main}() /Library/WebServer/Documents/practice/employee/edit_employee.php:0
This is the code
<?php
require_once '../includes/configuration.php';
if (!isset($_POST['enter']))
{
$employee_id_passport = $_GET['idno'];
$sql_query = "SELECT * FROM employee_master WHERE employee_id_passport = '$employee_id_passport'";
$result = mysql_query($sql_query, $connection);
$row = mysql_fetch_assoc($result);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http:www.w3.org/TR/xhthml1/DTD/xhtml1-transitional.dtd">
<html xmls="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title> </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type "text/css" href="styles/global.css" />
</head>
<body>
<form name="view_employee" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" />
Employee ID/Passport: <input type="text" name="id_passport" disabled="disabled" value="<?php echo $row['employee_id_passport']; ?>" /> <br />
First Name: <input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" /> <br />
Surname: <input type="text" name="surname" value="<?php echo $row['surname']; ?>" /> <br />
Mobile Number: <input type="text" name="mobile_number" value="<?php echo $row['mobile_number']; ?>"/> <br />
<input type="submit" value="Enter" name="submit" />
</form>
</body>
<html>
<?php
}
else
{
$_POST['employee_id_passport'] = $employee_id_passport;
$_POST['first_name'] = $first_name;
$_POST['surname'] = $surname;
$_POST['mobile_number'] = $mobile_number;
$sql_query_update = "UPDATE employee_master SET first_name = '$first_name', SET surname = '$surname', SET mobile_number = '$mobile_number', WHERE employee_id_passport = '$employee_id_passport'";
$result = mysql_query($sql_query_update, $connection);
}
?>

A few bugs in your code.
Never trust Users to input anything without validating and sanitising their data.
Always test for and act on errors or unexpected conditions.
There is no comma before the WHERE clause in an SQL command.
Try the below:
<?php
require_once '../includes/configuration.php';
if( !isset( $_POST ) ){
# No Update Form Submission
if( isset( $_GET['idno'] ) ){
# ID Number Set for Query
$employee_id_passport = mysql_real_escape_string( $_GET['idno'] );
$sql_query = "SELECT * FROM employee_master WHERE employee_id_passport = '$employee_id_passport'";
if( !( $result = mysql_query( $sql_query , $connection ) ) ){
# Query Failed
}elseif( mysql_num_rows( $result )==0 || mysql_num_rows( $result )>1 ){
# Query Succeeded, but No Rows Returned OR More than One Row Returned
}else{
$row = mysql_fetch_assoc( $result );
}
}else{
# No ID Number sent for Query
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http:www.w3.org/TR/xhthml1/DTD/xhtml1-transitional.dtd">
<html xmls="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Employee Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type "text/css" href="styles/global.css" />
</head>
<body>
<?php if( $row ){ ?>
<form name="view_employee" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" />
Employee ID/Passport: <input type="text" name="id_passport" disabled="disabled" value="<?php echo $row['employee_id_passport']; ?>" /> <br />
First Name: <input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" /> <br />
Surname: <input type="text" name="surname" value="<?php echo $row['surname']; ?>" /> <br />
Mobile Number: <input type="text" name="mobile_number" value="<?php echo $row['mobile_number']; ?>"/> <br />
<input type="submit" value="Enter" name="submit" />
</form>
<?php } ?>
</body>
<html>
<?php
} else {
# Declare Error Holder
$error = array();
# Declare Field Holder
$field = array();
# Validate
if( !isset( $_POST['employee_id_passport'] ) || $_POST['employee_id_passport']=='' )
$error['employee_id_passport'] = 'No ID/Passport Set';
elseif( !is_int( $_POST['employee_id_passport'] ) )
$error['employee_id_passport'] = 'ID/Passport is not a Number';
else
$field['employee_id_passport'] = mysql_real_escape_string( $_POST['employee_id_passport'] );
if( !isset( $_POST['first_name'] ) || $_POST['first_name']=='' )
$error['first_name'] = 'No First Name Set';
else
$field['first_name'] = mysql_real_escape_string( $_POST['first_name'] );
if( !isset( $_POST['surname'] ) || $_POST['surname']=='' )
$error['surname'] = 'No First Name Set';
else
$field['surname'] = mysql_real_escape_string( $_POST['surname'] );
if( !isset( $_POST['mobile_number'] ) || $_POST['mobile_number']=='' )
$error['mobile_number'] = 'No First Name Set';
else
$field['mobile_number'] = mysql_real_escape_string( $_POST['mobile_number'] );
if( !count( $error ) ){
# Validation was Passed
$sql_query_update = "UPDATE employee_master
SET first_name = '{$field['first_name']}',
SET surname = '{$field['surname']}',
SET mobile_number = '{$field['mobile_number']}'
WHERE employee_id_passport = '{$field['$employee_id_passport']}'";
if( !( $result = mysql_query($sql_query_update, $connection) ) ){
# Update Query Failed
}else{
# Update Query OK
}
}
?>

The key idno is not set in your $_GET superglobal. Check your query string for &indo=.