I have a database of a schedule where volunteers can check their shifts. I'm going to email them a link to the page where they enter their email addresses into an HTML form to access this information.
Is there a way I can track which emails are queried so I can resend the schedule link to those who haven't accessed the database?
If necessary, I could add an additional 'confirmed' check box to the results and have that update the database. I like that idea, but I'm not sure how to implement (or the terminology for what that action would be).
Edit: Here's the code I'm using to implement. However I'm not getting results in the confirmed column.
$db = new mysqli("host", "user", "pass", "db");
$stmt = $db->prepare('UPDATE volConfirm SET confirmed = TRUE WHERE email = ?');
$stmt->bind_param('s', $_POST['email']);
$stmt->execute();
$stmt = $db->prepare('SELECT * from volConfirm WHERE email = ?');
$stmt->bind_param('s', $_POST['email']);
$result = $stmt->get_result();
while ($row = $result->fetch_array(MYSQLI_NUM)) {
// construct your output here using $row to access database record
echo "<h2>" . $row['agreeName'] . "</h2>";
echo "<p> You have been assigned as a volunteer for:" . $row['position'] . "</p>";
echo "<p>Your shift times are scheduled for:" . $row['shift_times'] . "</p>";
echo "<p>Your shift has been confirmed:" . $row['confirmed'] . "</p>";
}
You need to do something along the lines of:
Add a new column to your volunteers table
ALTER TABLE Volunteers ADD COLUMN Confirmed BOOLEAN NOT NULL DEFAULT FALSE;
Have the PHP in the submission page update that column:
UPDATE Volunteers SET Confirmed = TRUE WHERE Email = 'foo#bar.com';
In your code snippet:
$db = new mysqli("dbhostname", "username", "password", "dbschema");
$stmt = $db->prepare('UPDATE volConfirm SET confirmed = TRUE WHERE email = ?');
$stmt->bind_param('s', $_POST['email']);
$stmt->execute();
$stmt = $db->prepare('SELECT * from volConfirm WHERE email = ?');
$stmt->bind_param('s', $_POST['email']);
$result = $stmt->get_result();
while ($row = $result->fetch_array(MYSQLI_NUM)) {
// construct your output here using $row to access database record
}
At some point in the future, get a list of all users who have not yet accessed the page:
SELECT Email FROM Volunteers WHERE Confirmed = FALSE;
Related
I want to run two queries at a time in a function to verify the username and email separately when registering. If one of them already exists in the database, it will return the correct error message on the form.
I investigate them separately so that they can be linked to two separate messages based on a query.
If the username already exists in the database, display the corresponding message. If I put them in a single query, then the separate investigation cannot be done.
My error is: It does not allow you to run two queries at the same time and throws the following error: there is a problem with the preceding parameter. Or it returns an incorrect value.
function pl($connection) {
$query = "SELECT username FROM users WHERE username = ?";
$query2 = "SELECT email FROM users WHERE email = ?";
if ($statment = mysqli_prepare($connection, $query) && $statment2 = mysqli_prepare($connection, $query2)) {
mysqli_stmt_bind_param($statment, "s", $_POST['usern']);
mysqli_stmt_execute($statment);
$result = mysqli_stmt_get_result($statment);
$record = mysqli_fetch_assoc($result);
mysqli_stmt_bind_param($statment2, "s", $_POST['email']);
mysqli_stmt_execute($statment2);
$result2 = mysqli_stmt_get_result($statment2);
$record2 = mysqli_fetch_assoc($result2);
}
if ($result != null) {
echo "succes";
//it will enter even if there is an error
}
}
How it could be solved to execute two mysqli_prepare() at a time?
Why you do not use one query?
Something like:
$query = "SELECT username, email FROM users WHERE username = ? and email = ?";
$statment = mysqli_prepare($connection, $query);
mysqli_stmt_bind_param($statment, "ss", $_POST['usern'], $_POST['email']);
mysqli_stmt_execute($statment);
$result = mysqli_stmt_get_result($statment);
$record = mysqli_fetch_assoc($result);
if (!$record) {
echo "succes";
//it will enter even if there is an error
}
also you miss the } at end of your first if
First off, I know about sql injection and that my code is not foolproof, prone to injection etc. Will be working on that next.
Now : from my Android app to my PHP file I submit a JSON array of phone numbers like :
[{"phone_number":"+12345678"},
{"phone_number":"+23456789"},
{"phone_number":"34567890"},
{"phone_number":"45678901"}
etc... etc...
These are contacts in my app user's phone. If these contacts are people who are also users of my app then I want to insert those numbers into my contacts table.
But I can't get it to work. mysqli_fetch_assoc isn't working correctly. I don't know why.
In my contacts table I have 3 columns - an auto increment, user_id and contact_id. The first two values are inserted correctly but the contact_id is always put in as '0', which is wrong.
Here is my code :
require('dbConnect.php');
//this is me, +567890123, my user_id in the user table
$user_id = '20';
//post all contacts in my phone as a JSON array
$json = $_POST['phonenumber'];
$array = json_decode($json);
foreach ($array as $value) {
$phonenumber = $value->phone_number;
$sql = "SELECT username FROM user WHERE username = '$phonenumber'";
$result = mysqli_query($con, $sql);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0) {
echo "phonenumber is " . $phonenumber . "<br>";
// we want to put $phonenumber in the contacts table, as one of +567890123 contacts
// In the user table get the associated rows of $phonenumber
while ($row = mysqli_fetch_assoc($result)) {
// get the associated user_id in that row, that's what we want to put into the contacts table
$contact_id = $row['user_id'];
$insert_into_contacts_command = "INSERT INTO contacts VALUES(NULL, '$user_id','$contact_id')";
$insert_into_contacts_table = mysqli_query($con, $insert_into_contacts_command);
}
} //if +353864677745 is NOT in the user table...
else {
echo 'not a match.';
}
}
$contact_id = $row['user_id'];
Here $contact_id will be null, because you are trying to access not existing field $row['user_id'] of the $row .
Actually there is only one field username in your results set, as you specified:
$sql = "SELECT username FROM user WHERE username = '$phonenumber'";
Try to change your query to this:
$sql = "SELECT user_id, username FROM user WHERE username = '$phonenumber'";
Your query selects the column username, not userid.
You haven't posted anything about the table user, so it's hard to suggest a new query, but I guess it's the following:
$stmt = mysqli_prepare($con, "SELECT userid FROM user WHERE username = ?");
$stmt->bind_param("s", $phonenumber);
$stmt->execute();
$stmt->bind_result($userid);
while ($stmt->fetch()) {
// Work with $userid
}
You'll note that this uses a prepared statement with a bound parameter. That way, your code is not prone to SQL injections.
I am trying to see if a code stored in my database is the same as the one the user provides, currently
user would provide the vCode via POST but i have it set to what it actually is for testing purposes
$vCode = "69582";
Now i'm using a PDO query to get the vCode that's in the database.
$dsn1 = "mysql:dbname={$this->dbDatabaseName};host={$this->dbHostname};";
$conn1 = new PDO($dsn1, $this->user, $this->password);
$conn1->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql1 = "SELECT * FROM `accinfo` WHERE Email = :email AND vCode = :vCode";
$stmt1 = $conn1->prepare($sql1);
$stmt1->bindParam(':email', $email, PDO::PARAM_STR);
$stmt1->bindParam(':vCode', $vCode, PDO::PARAM_STR);
$stmt1->execute();
if( $stmt1->rowCount() > 0 ) {
$result = $stmt1->setFetchMode(PDO::FETCH_ASSOC);
foreach(new TableRows(new RecursiveArrayIterator($stmt1->fetchAll())) as $k=>$v) {
$actualVCode = $v;
}
Then i see if the vCode i got from the database ($actualVCode) is equal to the $vCode
if ( $actualVCode == $vCode ){
echo "match";
}
The value stored in my database is a string and is 69582, but whenever i compare them like i do above, the if statement never comes back as true. But when i echo both $vCode and $actualVCode, they both are 69582.
Instead of getting the result from the first query and checking the result with the vCode, i've modified the query to select the whole row only if the email AND the vCode matches
$sql1 = "SELECT * FROM `accinfo` WHERE Email = '$email' AND vCode = '$vCode'";
$stmt1 = $conn1->prepare($sql1);
$stmt1->execute();
if( $stmt1->rowCount() > 0 ) {
//found match
echo "found match";
}
I'm using PDO for a connection into my db. There, I have a table where I store the users. In that table I have 5 columns: id, username, password, mail and sex.
What I really want is to store in a SESSION variable, the sex of the user that has been logged in. I don't know exactly what to use, because all the examples that I've seen, are usually for printing all the results of the db into the webpage with a foreach statement, but that isn't what I want.
Actually, this is the code that I have:
$connection = new PDO('mysql:host=localhost;dbname=db', "user", "password");
$sql = 'SELECT * FROM users WHERE username = :username AND password = :password';
$statement = $connection->prepare($sql);
$statement->bindParam(':username', $_POST['username'], PDO::PARAM_STR, 12);
$statement->bindParam(':password', $_POST['password'], PDO::PARAM_STR, 30);
$result = $statement->execute();
if ($result) {
$result = $statement->fetchAll();
if (!empty($result)){
$_SESSION['login'] = true;
$_SESSION['username'] = $_POST['username'];
echo 'Hello '.$_POST['username'].', you have been connected successfully.';
}
else {
echo 'Sorry, this user do not exist.';
}
}
So, this is correctly working.
But now, what I want is to store the sex value from the db in a $_SESSION['sex'] variable. How can I do that?
Thanks.
You can just add in the session after username, you have already slected from your query
$_SESSION['username'] = $_POST['username'];
$_SESSION['sex'] = $result[0]['sex'];
You might want to remove $result from query execution, so this line
$result = $statement->execute();
Will be
$statement->execute();
Just assign it from the result row:
$_SESSION['sex'] = $result[0]['sex'];
You have to use [0] because you used fetchAll, which returns a 2-dimensional array of rows and columns.
I have a connection to a database and want to update(override) an existing string called profile by a new one.
$uid = 1;
$serProfile = 'abc';
$sql = 'UPDATE
Users
SET
profile = ?
WHERE
id = ?';
$stmt = $db->prepare($sql);
if (!$stmt) { safeExit($db->error, 'msgError'); }
$stmt->bind_param('si', $serProfile, $uid);
if (!$stmt->execute()) { safeExit($stmt->error, 'msgError'); }
$stmt->close();
However, although the variables exist, the fields exist and there are no errors, the values in the database do not get changed. How to resolve this behaviour?
Test this one
$sql = 'UPDATE Users SET profile = :profile WHERE id = :id';
$stmt = $db->prepare($sql);
$stmt->execute(array('id'=>$uid,'profile'=>$serProfile));