I am creating a PHP registration page and I'm completely confused as to what to do next.
Whenever the form is validated correctly and submitted, the only table that gets updated is the USERS table and it needs to also update SecInfo and Shipping.
This is a class assignment, and I am trying to finalize the kinks. I can feel I am close if one the mysql_query's are working out of 3.
<?php
...
if($errorCount == 0){
$userSQL = "INSERT INTO Users(UserID, FName, LName, Email, Phone, Address, City, UserState, Zip) VALUES ('{$uName}', '{$fName}', '{$lName}', '{$email}', '{$phone}', '{$add}', '{$city}', '{$uState}', '{$zip}')";
$secSQL = "INSERT INTO SecInfo(UserID, Password, SQuestion, SAnswer) VALUES ('{$uName}', '{$sec_pwd}', '{$sQues}', '{$sAns}')";
$shipSQL = "INSERT INTO Shipping(ShipAdd, ShipCity, ShipState, ShipZip)VALUES ('{$shipAdd}', '{$shipCity}', '{$sState}', '{$shipZip}')";
mysql_query($userSQL);
mysql_query($secSQL);
mysql_query($shipSQL);
echo "Successfully submitted!";
}
}
}
else
echo "Form data missing for specific fields!";
}
?>
QUESTION: (If you need HTML you can ask) Is the code not inserting into SecInfo and Shipping because I am calling the mysql_query method too many times at the end?
This is a contained project, as in sql_injection isn't going to be an issue.
Do you have a specific question? I'm confused as to what you need help with exactly. But I noticed you've got quit a bit of SQL/PHP jumbled up into a long sequence of tasks. My advice, would be to start small, test your code, then carefully add new pieces of code and test it constantly, this is how you will understand where the error lies, and why the SecInfo and Shipping tables are not being updated.
Also, it looks like there is a lot of unnecessary stuff in your code, if all your doing is updating/adding to 3 tables, you shouldn't need that many lines of code.
hope this helps.
Related
I have an HTML survey. I am handling it with PHP and passing it with PHP into a MySQl database. Before this section of code, I post every input, and echo it out as a summary. Every input is reading correctly in the summary, so the form seems to be working fine. I manually input 1 dataset to test the database columns, and then 1 set of data went straight from the form to the database without issue. Now, however, I tried to insert another set of data and it isn't uploading.
I have each field outlined because I have another field that is an autoincrement for when a row is inserted. On a previous form handle I did, I also had an autoincrement field that worked perfectly without including it in the insertion process, so I'm fairly certain I don't need to include it here.
Is there something in the insert code that I've overlooked? I can manually input results just fine that match exactly what I put into the survey fields, but the digital upload from survey submission to database is not being completed. I AM connected to the database, because I have an error for failed connection set up that isn't popping up (it is paired with $dbcon. $dbcon stands for database connection).
//Data Insertion
$res_ins = "INSERT INTO Survey (name, zip,
gender, income, savings, disaster, work,
res_road, work_road, evacuation, lodging,
injury, children, num_child, educ, city_prep,
PrepComments, emer_res, info, prep, fut_prep)
VALUES ('$name', '$zip', '$gender', '$income',
'$savings', '$disaster', '$work', '$res_road',
'$work_road', '$evacuation', '$lodging',
'$injury', '$children', '$num_child', '$educ',
'$city_prep', '$PrepComments', '$emer_res',
'$info', '$prep', '$fut_prep')";
$insert = $dbcon->query($res_ins);
//Terminate connection to database and end
insertion
mysqli_close($dbcon);
I can't comment because of reputation, so I have to give you a hint in the answer: did you try to use this query directly on your database, using some interface?
However, you could try to add some rows to see what is the error, before to close the connection:
if ($dbcon->query($res_ins) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $res_ins. "<br>" . $dbcon->error;
}
before executing, print the query. it will help you to find out the root cause. most common reason of this type of issue is special character. You can check is there any special character in your query.
I have some PHP on a page a form POSTs to for processing data and storing it in a Postgres RDS on AWS. Every time I have used the form, it has worked fine for me, but I have had two customers tell me their ratings were lost. The second database insertion and the email are always fine (so far as I know), but the first insertion doesn't always work.
I have not been able to reproduce this error on my computer with either Chrome or Firefox. Can someone recommend a way to troubleshoot this/reproduce the error and/or speculate as to what the error might be? Code is below.
$statement = $db->prepare( "INSERT INTO cleanerrating (cleaner_id, appt_id, user_id, timely, effective, comments) VALUES (:contractor_id, :appt_id, :user_id, :timely, :effective, :comments)");
$statement->execute(array(':contractor_id'=>$arr['contractor_id'][0], ':appt_id'=>$appt_id, ':user_id'=>$user_id, ':timely'=>$timeliness, ':effective'=>$effectiveness, ':comments'=>$comments));
$statement = $db->prepare( "INSERT INTO recur (recur, appt_id, user_id, created) VALUES(:recur, :appt_id, :user_id, 'now')");
$statement->execute(array(':recur'=>$recur, ':appt_id'=>$appt_id, ':user_id'=>$user_id));
if($user_id){
include_once('email.php');
$mail->addAddress('hello#loq-ly.com');
$mail->AddBCC($alertEmail);
$mail->IsHTML(true);
$mail->Subject = "Received user rating for cleaning";
$mail->Body = "We received a rating for cleaner ".$contractor_id." for appointment ".$appt_id." of effectiveness: ".$effectiveness." and timeliness ".$timeliness." with comments: ".$comments."<br><br>Recur value is: ".$recur;
$mail->send();
$mail->ClearAllRecipients();
I am having some problem with the mysql. Well this is my code
class store_info{
function store_info(&$bean, $event, $arguments){
$id = $bean->id;
$name = $bean->user_name . ' ' .$bean->last_name;
$user_hash = $bean->user_hash;
$query1 = "INSERT INTO sohan_password_management (id_user, name, user_password, register_date, prompt_date, deadline) VALUES('$id', '$name', '$user_hash', NOW(), NOW() + INTERVAL default_prompt_date DAY, NOW() + INTERVAL default_deadline DAY)";
$result1 = $bean->db->query($query1, true);
$bean->save();
}
}
?>
whenever i run this code, data get store in database but it stores for 11 times. I mean same data get stored for more than one time in database. May I know what is wrong here? Till yesterday it was working fine. I don't know what happened to this now.
Try to comment/ remove $bean->save();
I think it is a after_save logic hook and it is executing multiple times.
Also, check this post as well.
http://support.sugarcrm.com/02_Documentation/04_Sugar_Developer/Sugar_Developer_Guide_6.5/03_Module_Framework/Logic_Hooks/Examples/Preventing_Infinite_Loops_with_Logic_Hooks/
I've had a similar issue before. It was due to a slow network connection and reloading the same page which kept submitting my input to the table. To fix this, I created a if statement to check the values of each item being submitted and if a certain number were the same values as a current column in the table, I told it not to input the data.
After including this if statement, it worked perfectly for me.
Not sure if you can apply the same solution to your data set, but I hope this helps.
You are calling bean save in the logic hook which is why bean is saving records multiple times.
You do not need to call the save function within a hook.
i'm trying to set up a simple multipage form, with the use of sessions to be later stored in a database in multiple tables.
however, i seem to have run into a problem. while the values of the last page get posted to the database, the session variables do not.
please, keep in mind.. me and my project partner are complete newbies to php/sql and might not have payed as much attention in class as we should have. most of the code is pretty much thrown together randomly. and identifying problems does not seem to be our strong suit.
first page / b_tickets.php
(simple html form with the values 'ticket_a', 'ticket_k' and 'ticket_vip')
second page / b_rooms.php
<?php
session_start();
$_SESSION['ticket_a'] = $_POST['ticket_a'];
$_SESSION['ticket_k'] = $_POST['ticket_k'];
$_SESSION['ticket_vip'] = $_POST['ticket_vip'];
?>
third page / b_ucp.php
<?php
session_start();
$_SESSION['room_s'] = $_POST['room_s'];
$_SESSION['room_s_extra'] = $_POST['room_s_extra'];
$_SESSION['room_d'] = $_POST['room_d'];
$_SESSION['room_d_extra'] = $_POST['room_d_extra'];
$_SESSION['room_3'] = $_POST['room_3'];
$_SESSION['room_3_extra'] = $_POST['room_3_extra'];
$_SESSION['room_10'] = $_POST['room_10'];
$_SESSION['room_10_extra'] = $_POST['room_10_extra'];
$_SESSION['pension'] = $_POST['pension'];
?>
which leads to
insert_ucp.php
(at this point an echo ยง_SESSION of the previous variables reveals that they are in fact still stored.)
<?php
session_start();
$con = mysql_connect("localhost","XX","XX");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("fatcity", $con);
$sql="INSERT INTO tickets (ticket_a, ticket_k, ticket_vip)
VALUES
('$_SESSION[ticket_a]','$_SESSION[ticket_k]','$_SESSION[ticket_vip]')";
$sql="INSERT INTO rooms (room_s, room_s_extra, room_d, room_d_extra, room_3, room_3_extra, room_10, room_10_extra, pension)
VALUES
('$_SESSION[room_s]','$_SESSION[room_s_extra]','$_SESSION[room_d]','$_SESSION[room_d_extra]','$_SESSION[room_3]','$_SESSION[room_3_extra]','$_SESSION[room_10]','$_SESSION[room_10_extra]','$_SESSION[pension]')";
$sql="INSERT INTO ucp (title, name, n_family, adress, a_housenumber, continent, country, province, region, city, telephone, email, password, payment, client, comment)
VALUES
('$_POST[title]','$_POST[name]','$_POST[n_family]','$_POST[adress]','$_POST[a_housenumber]','$_POST[continent]','$_POST[country]','$_POST[province]','$_POST[region]','$_POST[city]','$_POST[telephone]','$_POST[email]','$_POST[password]','$_POST[payment]','$_POST[client]','$_POST[comment]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con);
?>
at this point the question is not in fact about how terrible we are when it comes to php/sql- thank you.. we already figured that out. with only pretty much three days to our deadline..
but why exactly the session variables aren't saved to the database. what exactly are we overlooking?
thank you very much in advance..
RUN query every time!!!
You create variable, then overwrite it 2 times than execute it
should be:
$sql = 'smth';
mysql_query($sql);
$sql = 'smth';
mysql_query($sql);
$sql = 'smth';
mysql_query($sql);
you have
$sql = 'smth';
$sql = 'smth';
$sql = 'smth';
mysql_query($sql);
And as I've said do not use mysql_*. And your code allows sql injection
First problem I see, is that $sql variable gets overriden 2 times in the last piece of code. So, only the last query gets executed.
Second, you should use this syntax to inject non-tribial vars into strings: "INSERT ... ${someArray[someKey]} ..." - note curly braces. This is not required here, but it will save you from troubles in the future.
Third, sanitize all the input data! You will have SQL injection in the last code example.
Last, no need to session_start() in each file - just place it once in bootstrapping file and require_once it.
I agree with E_p in that only one of your queries is ever going to be executed. doing what he suggested will allow all your queries to execute.
You may also want to take a look at your tables, just from looking at your query structure I see nothing wrong with them, but you may end up having a hard time getting the info you want back out. I could be wrong since you didn't post your table structures nor was your question really regarding this, but its just something I noticed and figured I would share. Your tables do not look like they are connected to each other by any foreign keys. This may not be needed for your project, but if you needed to pull all the form data related to all ticket_a entries then you would only get a list of sessionIDs corresponding to the ticket_a column, without any info from your 'rooms' or 'upc' tables. If that is what you are going for then its fine, otherwise you may want to look into it.
I am having a problem with a newsletter subscription I am writing. The problem is I don't seem to be getting any errors or in fact anything at all when someone clicks submit, all that happens is they are presented with a blank white page and nothing more, so its difficult to diagnose.
Basically the policy reminder form has a field on it called newslettersubscribe, if this is equal to yes the user is also subscribed to the newsletter list as well as the policy reminder list they are signing up for. I am not 100% sure if I am using the real_escape_string functions correctly though or not ?.
<?php
$email = real_escape_string($_POST['email']);
$name = real_escape_string($_POST['name']);
$newslettersubscribe = real_escape_string($_POST['newslettersubscribe']);
if ($newslettersubscribe == 'no'){
}
else{
mysql_query("INSERT INTO ymeg_chronoforms_data_NewsletterDesigner (email, name)
VALUES ('$email', '$name')") or die(mysql_error());
}
?>
EDIT >>>>>>>>>>>>>>>>>>>
If I remove the real escape string I get the error
Unknown column 'email' in 'field list'
when hitting submit, so that probably explains the white page, what does the above error mean ?.
EDIT 2 >>>>>>>>>>>>>>>>>
This is a sample record from the database im trying to connect to :
cf_id 6
cf_uid 5f04f21f80a596f17341cec92a48b197
cf_created 2012-06-01 10:13:16
cf_modified
cf_ipaddress 217.154.186.84
cf_user_id 44
name Iain Simpson
email test#1testdsdsfswqewed.csdom
Try echoing values to make sure it isn't an issue with simply defaulting to
$newslettersubscribe = 'no';
You would need to do something simple like the following:
$email = real_escape_string($_POST['email']);
$name = real_escape_string($_POST['name']);
$newslettersubscribe = real_escape_string($_POST['newslettersubscribe']);
echo $email.' | '.$name.' | '.$newslettersubscribe;
exit();
That should at least show you what your values are for the required variables. Its all about simply troubleshooting what is coming in, and how it impacts your sql query.