I'm trying to figue out how to make my search.php script work with mySQL. I can't get the information to show up. Not sure where the problem is.
PAGE 1:
<form action="search_result.php" method="GET">
<input type="text" name="reg" />
<input type="submit" value="Search" />
</form>
PAGE 2:
<?php
$host="localhost";
$username="XXXXXXXXXXX";
$password="XXXXXXXXXXX";
$db_name="XXXXXXXXXXXX";
$tbl_name="reg_add";
mysql_connect("$host", "$username", "$password") or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$record = $_POST['record']; // if coming from e.g. a form
$result=mysql_query(" SELECT * FROM reg_add WHERE reg='" . mysql_real_escape_string($record) . "'");
$row = mysql_fetch_assoc($result);
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$reg = $row['reg'];
?>
<input name="reg" value="<? echo "$record" ?>">
<input name="first_name" value="<? echo "$first_name" ?>">
<input name="last_name" value="<? echo "$last_name" ?>">
You form is method GET and in your PHP you use this:
$record = $_POST['record']; // if coming from e.g. a form
How are you gonna get the POST['record'] if your form has the method GET?
I guess you should or change your form to:
method="POST"
or change your $record in php to:
$record = $_GET['record'];
Try this version:
You form:
<form action="search_result.php" method="POST">
<input type="text" name="reg" id="reg" />
<input type="submit" name="Submit" id="Submit" value="Search" />
</form>
search_result.php :
<?php
$host ="localhost";
$username ="XXXXXXXXXXX";
$password ="XXXXXXXXXXX";
$db_name ="XXXXXXXXXXXX";
$tbl_name ="reg_add";
/* Connect to MySQL database */
mysql_connect("$host", "$username", "$password") or die("Error connecting to database");
mysql_select_db("$db_name")or die("Error selecting database");
$error = '';
if (isset($_POST['Submit'])) {
if (!empty($_POST['reg'])) {
$record = $_POST['reg']; // if coming from e.g. a form
$query = mysql_query("SELECT * FROM reg_add WHERE reg='" . mysql_real_escape_string($record) . "'");
$result = mysql_num_rows($query);
if ($result != 0) {
$row = mysql_fetch_array($query);
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$reg = $row['reg'];
} else {
$error = 'No result have been found!';
}
} else {
$error = 'You have not entered the search field, Go back.';
}
}
if (!empty($error)) { echo $error; }
?>
<input name="reg" value="<? echo $record; ?>">
<input name="first_name" value="<? echo $first_name; ?>">
<input name="last_name" value="<? echo $last_name; ?>">
mysql_connect("$host", "$username", "$password")
Not your problem, but no need for quotes around variables:
mysql_connect($host, $username, $password);
mysql_select_db($db_name);
You should set the variable $record somewhere:
$record = $_POST['record']; // if coming from e.g. a form
$result=mysql_query(" SELECT * FROM reg_add WHERE reg='" . mysql_real_escape_string($record) . "'");
This is just wrong:
$first_name=mysql_result($result,"first_name");
$last_name=mysql_result($result,"last_name");
$reg=mysql_result($result,"reg");
And should be:
$row = mysql_fetch_assoc($result);
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$reg = $row['reg'];
Also: you shouldn't use mysql_* functions anymore. Use either mysqli_* or PDO.
And remember that if something doesn't work you can check mysql_error() to see any error doing a query.
Syntax of mysql_result() is wrong. According to the manual, it should be
string mysql_result ( resource $result , int $row [, mixed $field = 0 ] )
SO the correct way to use it would be like
mysql_result($result, 1, "first_name");
Related
I've got this error when I try to login in to my PHP form:
Call to undefined function mysql_rum_rows()
This is my code
<?php
mysql_connect("localhost", "root", "");
mysql_select_db("login");
if(isset($_POST['inloggen'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM users WHERE username = '". $username . "' AND '" . $password . "'";
$result = mysql_query($query);
if(mysql_rum_rows($result) == 1) {
echo "Juiste gegevens!";
}
else {
echo "Onjuiste gegevens!";
}
echo "<br />";
}
?>
<form method="post" action="">
<label>Username</label>
<input type="text" name="username"/><br />
<label>Password</label>
<input type="password" name="password"/><br />
<input type="submit" name="inloggen" value="Inloggen"/>
</form>
Can anyone help me to fix this ? I'm a noob to PHP and I've got this from a book called "PHP en MySQL" So I don't know why it isn't working
You have Typo error. Need to write mysqli_num_rows
Also No need to check mysqli_num_rows().
$result = mysql_query($query);
// $result will give you boolean TRUE or FALSE
if ($result) {
echo "Juiste gegevens!";
} else {
echo "Onjuiste gegevens!";
}
Suggestions:-
1) You need to encrypt your password before save to Database. One of the simple encryption techniques is md5. and you can check password with DB by below way.
$password = md5($_POST['password']);
2) You can write your query as below:-
"SELECT * FROM users WHERE username = '$username' AND '$password'";
3) Always check for query errors. You should use mysql_error() to get query error.
Warning:-
mysql_* was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0.
Instead, the MySQLi or PDO_MySQL extension should be used.
U misstyped mysql_num_rows (mysql_rum_rows), i guess thats all about it.
Good luck.
http://php.net/manual/de/function.mysql-num-rows.php
<?php
$conn = mysqli_connect("localhost", "root", "", "login");
if (isset($_POST['inloggen'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM users WHERE username = '" . $username . "' AND '" . $password . "'";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) == 1) {
echo "Juiste gegevens!";
} else {
echo "Onjuiste gegevens!";
}
echo "<br />";
}
?>
<form method="post" action="">
<label>Username</label>
<input type="text" name="username"/><br />
<label>Password</label>
<input type="password" name="password"/><br />
<input type="submit" name="inloggen" value="Inloggen"/>
</form>
You have a typo, use mysql_num_rows instead mysql_rum_rows
I have that people can add team names to my MySQL table. Now I want them to edit it. I have tried several tutorials but i can't figure it out. I like to know what i am doing wrong.
This is my admin.php:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
if(isset($_POST['team'])){
$team = $_POST['team'];
$ID = $_POST['id'];
$query = mysql_query("SELECT * FROM e2teams WHERE Team='$team' and ID='$ID'");
if(mysql_num_rows($query) > 0 ) { //check if there is already an entry for that username
echo "$team bestaat al!";
}
else{
mysql_query("INSERT INTO e2teams (Team) VALUES ('$team')");
header("location:e2admin.php");
}
}
mysql_close();
?>
<html>
<body>
<h1>Add teams</h1>
<form action="e2admin.php" method="POST">
<input type="text" name="team" placeholder="Team naam" /><br>
<input type="submit" value="Toevoegen" />
</form>
<?php
$table = "e2teams";
$sql = "SELECT * FROM e2teams";
$result = mysql_query($sql, $dbhandle);
if(mysql_num_rows($result) > 0){
while($row = mysql_fetch_array($result)) {
echo $row['Team']. "<a href='edit.php?edit=$row[1]'>Bewerk</a><br>";
}
}
?>
</body>
</html>
The add teams works. but the edit button doesn't work yet. If I click on edit I go to the edit.php page; here I want to add the new name and need the Team to change in the MySQL row.
This is my edit.php:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
if( isset($_GET['edit'])) {
$id = $_GET['edit'];
$res = mysql_query("SELECT * FROM e2teams");
$row= mysql_fetch_array($res);
}
if (isset ($_POST['nieuwenaam'])) {
$newname = $_POST['nieuwenaam'];
$id = $_POST['id'];
$sql = "UPDATE e2teams SET Team='$newname' WHERE id='$id'";
$res = mysql_query($sql) or die ("Fout bij updaten".mysql_error());
echo "<meta http-equiv='refresh' content='0;url=edit.php'>";
}
?>
<html>
<body>
<form action="edit.php" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" /><br>
<input type="hidden" name="id" placeholder="idnaam" value"s" /><br>
<input type="submit" value="Update" />
</form>
</body>
</html>
I also like to know how to delete team names but this is maybe for a next question.
This should work:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
$id = intval($_GET['edit']);
if($id > 0) {
$res = mysql_query("SELECT * FROM e2teams WHERE `id` = $id");
$row= mysql_fetch_array($res);
$newname = mysql_real_escape_string($_POST['nieuwenaam']);
if (!empty($newname)) {
$sql = "UPDATE e2teams SET Team='$newname' WHERE id=$id";
$res = mysql_query($sql) or die ("Fout bij updaten".mysql_error());
echo "<meta http-equiv='refresh' content='0;url=edit.php?edit=$id'>";
}
}
?>
<form action="edit.php?edit=<?= $id; ?>" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" /><br>
<input type="submit" value="Update" />
</form>
</body>
</html>
Edit: Also, about the intval() and mysql_real_escape_string(). Since you were using $_GET without any filter, I've added intval() function on it. Without filtering $id you could've been easily attacked by some sort of e.g. SQL Injection. Same with mysql_real_escape_string(). You might read about this filter function in php manual. For further study I recommend changing mysql_ functions to PDO or mysqli prepared statements. Happy coding!
Check your edit form. You have to put the value attribute like this value="s" no like value"". I think thats all.
I assume when they click on the edit link it's passing the id of the team so the edit.php select should be something like:
$id = (int)$_GET['edit'];
if (!empty($id))
{
$sql = "SELECT * FROM e2teams WHERE id='$id'";
$result = mysqli_query($sql);
$row = mysql_fetch_assoc($res);
}
//... keep the rest of code as is
Now you need to change the HTML form to:
<form action="edit.php?edit=<?php echo $row['id'] ?>" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" value="<?php echo $row['Team'] ?>" /><br>
<input type="hidden" name="id" placeholder="idnaam" value"<?php echo $row['id'] ?>" /><br>
<input type="submit" value="Update" />
</form>
I tried changing the code to this so it connects to the DB before anything else but now it just lingers on verify.php, no redirect, no data being sent to DB.
<?php
if(isset($_POST['submit'])){
# connect to the database here
$host="XXXXXXX"; // Host name
$username="XXXX"; // Mysql username
$password="XXXX"; // Mysql password
$db_name="XXXX"; // Database name
mysql_connect("$host", "$username", "$password")or die("cannot connect for insert");
mysql_select_db("$db_name")or die("cannot select DB to insert data");
$user_name = mysql_real_escape_string($_POST['user_name']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$email = mysql_real_escape_string($_POST['email']);
$user_password = mysql_real_escape_string($_POST['password']);
$insert_query = "INSERT INTO teachers(`user_name`,`fname`,`lname`,`email`,`password`)
VALUES('".$user_name."$','".$fname."','".$lname."','".$email."','".$user_password."');";
mysql_query($insert_query) or die(mysql_error());
mysql_close();
};
?>
You should put or die(mysql_error()); in following line:
$sql = mysql_query($query) or die(mysql_error());
Instead of:
mysql_real_escape_string($_POST['password']))or die(mysql_error());
Another thing is that you have wrong if-else statements.
You code to check which field is empty should be in following if statement:
if($row||empty($_POST['user_name'])|| empty($_POST['fname'])||empty($_POST['lname'])|| empty($_POST['email'])||empty($_POST['password'])|| empty($_POST['re_password'])||$_POST['password']!=$_POST['re_password']){
# if a field is empty, or the passwords don't match make a message
# YOU SHOULD PUT YOUR CODE TO CHECK EMPTY FIELDS SEPARATELY HERE
}
else {
# If all fields are not empty, and the passwords match,
}
You should change your check if the user already exists to something like this:
if(count($row) > 0)
instead of just
if($row)
If you only want to test if data gets inserted limit you the code to this:
<?php
if(isset($_POST['submit'])){
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="lurnn"; // Database name
/* sanitize post variables */
$user_name = mysql_real_escape_string($_POST['user_name']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$email = mysql_real_escape_string($_POST['email']);
$user_password = mysql_real_escape_string($_POST['password']);
/* Database insert query */
mysql_connect($host, $username, $password)or die("cannot connect for insert");
mysql_select_db($db_name)or die("cannot select DB to insert data");
$insert_query = "INSERT INTO teachers(`user_name`,`f_name`,`l_name`,`email`,`password`)
VALUES('".$user_name."','".$fname."','".$lname."','".$email."','".$user_password."')";
mysql_query($insert_query) or die(mysql_error());
mysql_close();
};
?>
MYSQLI_ version:
<?php
if(isset($_POST['submit'])){
$host = "host";
$user = "user";
$password = "password";
$database = "database";
/* sanitize post variables */
$user_name = mysql_real_escape_string($_POST['user_name']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$email = mysql_real_escape_string($_POST['email']);
$user_password = mysql_real_escape_string($_POST['password']);
// open connection to database
$link = mysqli_connect($host, $user, $password, $database);
IF (!$link){
echo ("Unable to connect to database!");
}
ELSE {
//INSERT VALUES INTO DATABASE
$query = "INSERT INTO teachers(`user_name`,`f_name`,`l_name`,`email`,`password`)
VALUES('".$user_name."','".$fname."','".$lname."','".$email."','".$user_password."')";
mysqli_query($link,$query) or die(mysql_error());
echo var_dump($query);
}
//close connection to database
mysqli_close($link);
};
?>
If this all fails try the following:
<?php
function submit_form(){
$host = "";
$user = "";
$password = "";
$database = "";
/* sanitize post variables */
$user_name = mysql_real_escape_string($_POST['user_name']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$email = mysql_real_escape_string($_POST['email']);
$user_password = mysql_real_escape_string($_POST['password']);
// open connection to database
$link = mysqli_connect($host, $user, $password, $database);
IF (!$link){
echo ("Unable to connect to database!");
}
ELSE {
//INSERT VALUES INTO DATABASE
$query = "INSERT INTO teachers(`user_name`,`f_name`,`l_name`,`email`,`password`)
VALUES('".$user_name."','".$fname."','".$lname."','".$email."','".$user_password."')";
mysqli_query($link,$query) or die("Insert query failed");
echo var_dump($query);
}
//close connection to database
mysqli_close($link);
}
$form = <<<EODuserform
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Form</title>
</head>
<form action="{$_SERVER['PHP_SELF']}" method="POST" name="userform">
<label for='user_name'>Username:</label></br>
<input type="text" name="user_name" id="first" maxlength="25" tabindex='1' VALUE="user_name" /></br>
<label for='fname'>First Name:</label></br>
<input type="text" name="fname" id="first" maxlength="25" tabindex='2' VALUE="firstname" /></br>
<label for='lname'>Last Name:</label></br>
<input type="text" name="lname" id='lastname' maxlength="25" tabindex='3' VALUE="lastname" /></br>
<label for='email'>E-mail:</label></br>
<input type="text" name="email" id='email' maxlength="100" tabindex='4' VALUE="email" /></br>
<label for='password'>Password:</label></br>
<input type="password" name="password" id='password' maxlength="25" tabindex='5' VALUE="password" /></br>
<label for='re-password'>Re-type password:</label></br>
<input type="password" name="re-password" id='re-password' maxlength="25" tabindex='6' VALUE="re-password" /></br>
<input type="submit" name="submit" value="Sign Up" tabindex='6' />
</form>
</body>
</html>
EODuserform;
IF(!IsSet($_POST['submit'])){ // Check if form is not send, if not display empty form.
echo $form;
}
ELSE{
// in the case you want to send something to the database use
submit_form();
echo ('Thanks for submitting your form');
}
?>
the output didt display on the readonly form
How to print the sql result to the form which is readonly
Provide html code and action.php code. I have try to use &result on readonly form value
<body>
<form action = "action.php" method="post" >
input: <input type="text" name="v_id" />
<input type="submit" />
</body>
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if (!$conn) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db('transport_fyp207');
$id = $_POST['v_id'];
$sql = "SELECT v_price " .
"FROM vehicle " .
"WHERE v_id = $id";
$result = mysql_query($sql);
?>
<body>
<label for="textfield">output:</label>
<input name="textfield"
type="text"
id="textfield"
readonly="readonly"
value = "<?php $result ?>">
</body>
you forgot the "echo" and btw you could have the same result with less typing:
<label>
output:
<input type="text" readonly value="<?php echo $result ?>">
</label>
EDIT: as fred -ii- pointed out, this will only work if $result was set. If you want to display something in case of request failure, simply set $result to a default value, something like:
<?php echo $result ? $result : "undefined"; ?>
And also your sql query is incomplete. Read the PHP manual and see how it's done.
can someone help me please, im trying to submit a form over 3 pages. theres 3 text area fields in each and im using session start to echo the form data other the pages.
so then at the end all i have to do is echo out the form data and insert it into the mysql table ptb_registrations.
for some reason though its not working and im getting the error updating database error. i have been working on this for a few hours im sorry to say and i can not figure it out. please can someone help me and show me where i might be going wrong.
page 1:
<?php
session_start();
?>
<form class="" method="post" action="register_p2.php">
<input type="text" id="first_name" name="first_name" placeholder="First Name" />
<input type="text" id="last_name" name="last_name" placeholder="Last Name" />
<input type="email" id="email" name="email" placeholder="Email" />
<input type="submit" value="Next >" />
</form>
page 2:
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
?>
<form name="myForm" method="post" action="register_p3.php" onsubmit="return validateForm()" >
<input type="text" id="date_of_birth" name="date_of_birth" placeholder="D.O.B 10/02/1990" />
<input type="text" id="number" name="number" placeholder="Mobile Number" />
<input type="text" id="confirm" name="confirm" placeholder="Are You a UK resident?" />
<input type="submit" value="Next >" />
</form>
page 3:
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
$_SESSION['dat_of_birth'] = $date_of_birth;
$_SESSION['number'] = $number;
?>
<form class="" method="post" action="register_p4.php">
<input type="text" id="display_name" name="date_of_birth" placeholder="Display Name" />
<input type="password" id="password" name="password" placeholder="Password" />
<input type="password" id="password2" name="password2" placeholder="Password (Confirm)" />
<input type="submit" value="Next >" />
</form>
page 4: (mysql function)
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
$_SESSION['dat_of_birth'] = $date_of_birth;
$_SESSION['number'] = $number;
$_SESSION['display_name'] = $display_name;
$_SESSION['password'] = $password;
?>
<?php
////// SEND TO DATABASE
/////////////////////////////////////////////////////////
// Database Constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "");
define("DB_NAME", "database");
// 1. Create a database connection
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection) {
die("Database connection failed: " . mysql_error());
}
// 2. Select a database to use
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
//////////////////////////////////////////////////////////////
$query="INSERT INTO ptb_registrations (ID,
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
)
VALUES('NULL',
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
)";
mysql_query($query) or die ('Error updating database');
?>
<?php
function confirm_query($result_set) {
if (!$result_set) {
die("Database query failed: " . mysql_error());
}
}
function get_user_id() {
global $connection;
global $email;
$query = "SELECT *
FROM ptb_registrations
WHERE email = \"$email\"
";
$user_id_set = mysql_query($query, $connection);
confirm_query($user_id_set);
return $user_id_set;
}
?>
<?php
$user_id_set = get_user_id();
while ($user_id = mysql_fetch_array($user_id_set)) {
$cookie1 = "{$user_id["id"]}";
setcookie("ptb_registrations", $cookie1, time()+3600); /* expire in 1 hour */
}
?>
<?php include ('includes/send_email/reg_email.php'); ?>
<? ob_flush(); ?>
please can someone help me and show me where i might be going wrong.
Your code itself is just horrible. Because:
1) You mix session and database responsibilities
2) You use mysql_query() for queries you do not expect a result-set. For INSERT, UPDATE, DELETE queries should be used mysql_unbuffered_query()
3) You do not escape values using mysql_real_escape_string() so that you're vulnerable to SQL injection
4) You use procedural code and global state
5) You use deprecated mysql_* functions instead of PDO or MySQLi
6) You use string concatenation instead of sprintf(), here:
)
VALUES(
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
7) You do not validate anything in $_SESSION and $_POST. What if you have set the variables and they do not exist?
8) Your query validation is wrong, here: confirm_query($result_set) {..
I'd better stop here.
So instead of coding this way, you'd really separate responsibilities.
For session, it should look like this:
File session.php
function seesion_init(){
if ( session_id() == '' ){
return session_start();
} else {
return true;
}
}
function session_set(array $values){
foreach($values as $key => $val){
$_SESSION[$key] = $val;
}
}
/**
* It will give you a confidence that you get an existing value
* #param string $key
*/
function session_get($key){
if ( isset($_SESSION[$key]) ){
return $_SESSION[$key];
} else {
throw new RuntimeException(sprintf('Accessed to non-existing session variable %s', $key));
}
}
File: dbconnection.php
<?php
define('HOST', '...');
define('USER', '...');
...
function connect(){
if ( ! mysql_connect(...) ){
die('...');
}
if ( ! mysql_select_db('DB_NAME_HERE') ){
die('...');
}
}
function query($query){
return mysql_query($query); //<- Should only be used for SELECT queries
}
function ub_query($query){
return mysql_unbuffered_query($query); // <- Should only be used for INSERT, DELETE, UPDATE queries
}
function fetch($result){
return mysql_fetch_assoc($result);
}
File: users.php
require_once('dbconnection.php');
connect();
/**
* Returns user id by his username
*
* #return array on success
* FALSE if email does not exists
*/
function get_user_id_by_email($email) {
$query = sprintf("SELECT `id` FROM `ptb_registrations` WHERE `email` = '$email' LIMIT 1", mysql_real_escape_string($email));
$result = ub_query($query);
if ( $result ){
return fetch($result);
} else {
return false;
}
}
and so on. The concept here is to separate responsibilities for each script and then use the "part" you need.
Back to the original question
You want to insert a value into the table? Then validate this value firstly. The problem is that you do not do that. Nothing more.
In page2.php you need set session as below.
because $first_name, etc.. did not declared.
page2.php
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
page3.php
$_SESSION['dat_of_birth'] = $_POST['date_of_birth'];
$_SESSION['number'] = $_POST['number'];
page4.php
$_SESSION['display_name'] = $_POST['display_name'];
$_SESSION['password'] = $_POST['password'];
in page4.php do one more variables declaration.
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email']; etc...
then store it in database.
It is bad practice, this whole script but I believe your SQL error is because you are supplying an ID as null. ID is probably an integer and most likely auto increment. Do this instead:
$query="INSERT INTO ptb_registrations (
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
)
VALUES(
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
)";
Pge 1:
<form class="" method="post" action="register_p2.php">
<input type="text" id="first_name" name="first_name" placeholder="First Name" />
<input type="text" id="last_name" name="last_name" placeholder="Last Name" />
<input type="email" id="email" name="email" placeholder="Email" />
<input type="submit" value="Next >" />
</form>
No need of session_start here
Page2:
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
?>
<form name="myForm" method="post" action="register_p3.php" onsubmit="return validateForm()" >
<input type="text" id="date_of_birth" name="date_of_birth" placeholder="D.O.B 10/02/1990" />
<input type="text" id="number" name="number" placeholder="Mobile Number" />
<input type="text" id="confirm" name="confirm" placeholder="Are You a UK resident?" />
<input type="submit" value="Next >" />
</form>
Added $_POST
Page 3:
<?php
session_start();
// other php code here
$_SESSION['dat_of_birth'] = $_POST['date_of_birth'];
$_SESSION['number'] = $_POST['number'];
?>
<form class="" method="post" action="register_p4.php">
<input type="text" id="display_name" name="date_of_birth" placeholder="Display Name" />
<input type="password" id="password" name="password" placeholder="Password" />
<input type="password" id="password2" name="password2" placeholder="Password (Confirm)" />
<input type="submit" value="Next >" />
</form>
Added $_POST $_SESSION['first_name'] = $_POST['first_name'];
No need to add this section again in page3 :
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
Page 4:
<?php
session_start();
// other php code here
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email'];
$date_of_birth = $_SESSION['dat_of_birth'] ;
$number =$_SESSION['number'];
$display_name = $_SESSION['display_name'];
$password = $_SESSION['password'];
?>
<?php
////// SEND TO DATABASE
/////////////////////////////////////////////////////////
// Database Constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "");
define("DB_NAME", "database");
// 1. Create a database connection
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection) {
die("Database connection failed: " . mysql_error());
}
// 2. Select a database to use
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
//////////////////////////////////////////////////////////////
$query="INSERT INTO ptb_registrations (ID,
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
)
VALUES('NULL',
'".mysql_real_escape_string($first_name)."',
'".mysql_real_escape_string($last_name)."',
'".mysql_real_escape_string($email)."',
'".mysql_real_escape_string($date_of_birth)."',
'".mysql_real_escape_string($number)."',
'".mysql_real_escape_string($display_name)."',
'".mysql_real_escape_string($password)."'
)";
mysql_query($query) or die ('Error updating database');
?>
<?php
function confirm_query($result_set) {
if (!$result_set) {
die("Database query failed: " . mysql_error());
}
}
function get_user_id() {
global $connection;
global $email;
$query = "SELECT *
FROM ptb_registrations
WHERE email = \"$email\"
";
$user_id_set = mysql_query($query, $connection);
confirm_query($user_id_set);
return $user_id_set;
}
?>
<?php
$user_id_set = get_user_id();
while ($user_id = mysql_fetch_array($user_id_set)) {
$cookie1 = "{$user_id["id"]}";
setcookie("ptb_registrations", $cookie1, time()+3600); /* expire in 1 hour */
}
?>
<?php include ('includes/send_email/reg_email.php'); ?>
<? ob_flush(); ?>
Assign session to variables :
$first_name = $_SESSION['first_name'];
mysql_* functions are deprecated use mysqli_* or PDO
You code is vulnerable to mysql_injection : use atleast mysql_real_escape_string