This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 9 years ago.
This is the code for attempting to do a update on mysql data errors stating undefined variable
mysql_connect ("localhost", "root", "");
mysql_select_db("supplierdetails");
$con = mysql_connect("localhost", "root", "");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
//Run a query
$result = mysql_query ("SELECT * FROM users WHERE id= '$id'");
while ($row = mysql_fetch_array($result))
{
$username=$row['username'];
$password=$row['password'];
}
$query = "UPDATE users SET username = '$username', password = '$password' WHERE id = '$id'";
$result = #mysql_query($query);
//Check whether the query was successful or not
if($result) {
header("message= Users Updated");
}else {
die("Query failed");
}
?>
You miss the $id value?
And can use echo to debug or check script result, not header
http://php.net/manual/en/function.header.php
Please be more specific with regards to which variable is undefined.
In the code you've posted $username and $password are only set if $result returns a result, if it doesn't then your while loop will not run and therefore $username and $password will never be set.
Also $id doesn't look as if that has been set either, unless this has been set outside of the code which you have included in your question.
Hope this helps :)
you used 2 connect no need to do while and you forgot $id
$con = mysql_connect("localhost", "root", "");
mysql_select_db("supplierdetails");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$id = $_POST['id'];
$username=$_POST['username'];
$password=$_POST['password'];
$query = "UPDATE users SET username = '".$username."', password = '".$password."' WHERE id = '".$id."'";
$result = mysql_query($query);
//Check whether the query was successful or not
if($result) {
echo "message= Users Updated";
}else {
die("Query failed");
}
?>
Related
So for some reason if the password is correct it knows and takes the user to the correct user account, but if the pass is wrong, it wont log them in but still takes them to the account page that isn't logged in.
Can someone please help me out to not re-direct them if the password is wrong
<?php
session_start();
//$connection = mysqli_connect('localhost', 'root', '');
$connection = mysqli_connect("pdb18.awardspace.net","*****","******","*****");
if (!$connection){
die("Database Connection Failed" . mysqli_error($connection));
}
$select_db = mysqli_select_db($connection, '******');
if (!$select_db)
{
die("Database Selection Failed" . mysqli_error($connection));
}
$username=trim($_POST['username']);
$password=trim($_POST['password']);
//$encoded_password = base64_encode($password);
$sql = "SELECT * from register where Username='".$username."' and Password='".$password."'";
$result = mysqli_query($connection, $sql) or die(mysqli_error($connection));
$result = $con->query($sql);
$count = mysqli_num_rows($result);
//echo $count;
if ($count == 1){
while($row = $result->fetch_assoc()) {
$id=$row['id'];
}
$_SESSION['User'] = $username;
$_SESSION['UserId'] = $id;
echo "valid";
}
else{
echo "Invalid";
}
?>
Remove this line:
$result = $con->query($sql);
You are using procedural functions, mysqli_*.
This part of code $con->query is OOP style, which you are not using in your code, and overwritting the value o $result variable.
You can use both styles, but you should use the same connection, or $connection in your case.
Hello iam working on a game on unity3d and i have a login/register system that have a database so i have these level thing i want to save in to the users database, just for testing i have created this php file:
<?PHP
$username = $_POST['username'];
$pass = $_POST['password'];
$con = mysql_connect("host","user","password") or ("Cannot connect!" . mysql_error());
if (!$con)
die('Could not connect: ' . mysql_error());
mysql_select_db("database" , $con) or die ("could not load the database" . mysql_error());
$check = mysql_query("SELECT * FROM users WHERE `username`='".$username."'");
$numrows = mysql_num_rows($check);
if($username == null)
{
die ("You are not allowed to access this site! \n");
}
else
{
if ($numrows == 0)
{
die ("Username does not exist \n");
}
else
{
$pass = md5($pass);
while($row = mysql_fetch_assoc($check))
{
if ($pass == $row['pass'])
{
die("saved-SUCCESS");
$sqlUpdate = "UPDATE users SET level='2' WHERE id='1'";
//$SQL = "UPDATE users SET level = '2' WHERE id = 1";
}
else
die("Password is wrong \n");
}
}
}
?>
it does says "saved-SUCCESS" in unity3d so that means this:
$sqlUpdate = "UPDATE users SET level='2' WHERE id='1'";
should work but it doesent
also i have tryed this:
$SQL = "UPDATE users SET level = '2' WHERE id = 1";
but it doesent work either
here is a picture of the user with id 1:
http://i.imgur.com/NZslFBN.png
and here is a picture of the structur tab:
http://i.imgur.com/ZN6PyW1.png
and yes my table is named users :)
You are not executing your second query but only printing saved-SUCCES
$sqlUpdate = "UPDATE users SET level='Rune' WHERE id='1'";
mysql_query($sqlUpdate);
die("saved-SUCCESS"); //then exit.
As side note i would advise thta your code is highly vulnerable mo mysql injection, you should use prepared statments either with PDO or mysqli, also mysql_* api are deprecated and soon will be no longer mantained.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
I just started with PHP.
I am currently working on a login script for my webpage.
When I try to run mysql_query(SELECT * FROM users WHERE username=$username)
it doesn't work.
I made sure I used the right names,
but I have always had a problem with the query function.
This is my code, does anyone see the problem?
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("host", "dbname", "password!") or die ("Couldnt connect!");
mysql_select_db("TwoogLogin") or die ('couldnt find datebase');
$query = mysql_query("SELECT * FROM users WHERE username=$username") or die ('unable to run query');
$numrows = mysql_num_rows($query);
echo $numrows;
}
else
die("Please enter a username and a password");
?>
Try this way:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username!=='' && $password!==''){
$connect = mysql_connect("host", "dbname", "password!");
if (!$connect)
{
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db("TwoogLogin",$connect);
if (!$db_selected)
{
die ("Cannot use TwoogLogin: " . mysql_error());
}
$query = "SELECT * FROM users WHERE username='$username'";
$numrows = mysql_query($query,$connect);
echo mysql_num_rows($numrows);
mysql_close($connect);
}else{
echo "Please enter a username and a password";
}
?>
As suggested in the comment below (#Pascamel) msql_* extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username!=='' && $password!==''){
$connect = mysqli_connect("host", "dbname", "password!");
if (!$connect)
{
die('Could not connect: ' . mysqli_error());
}
$db_selected = mysqli_select_db("TwoogLogin",$connect);
$query = "SELECT * FROM users WHERE username='$username'";
$numrows = mysqli_query($query,$connect);
echo mysqli_num_rows($numrows);
mysqli_close($connect);
}else{
echo "Please enter a username and a password";
}
?>
<?php
//Set appropriate value for the following statements
$connect = mysql_connect("mysql_server", "mysql_user", "mysql_password") or die ("Couldnt connect!");
mysql_select_db("database_name",$connect) or die ('couldnt find datebase');
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password)
{
$query = mysql_query("SELECT * FROM users WHERE username='$username'") or die ('unable to run query');
$numrows = mysql_num_rows($query);
echo $numrows;
}
else
die("Please enter a username and a password");
?>
Bad syntax in your query! you should use username='$username'
another reason is about bad name of column are you sure the name of your columns are right??
function DisplayPoints()
{
$con = mysql_connect("localhost", "grame2_admin", "password") ;
if (!$con) {
die("Can not connected: " . mysql_error());
}
mysql_select_db("grame2_webpage",$con);
$sql = "SELECT points FROM tablename WHERE username = $username";
$myData = mysql_query($sql,$con);
while($record = mysql_fetch_array($myData)){
It echo out info, that there is error in line 164, LINE ABOVE THIS.
echo $record['points'] ;
}
mysql_close($con);
}
the main idea is to echo out INT from specific user in webpage. Please help! :)
Change
$sql = "SELECT points FROM tablename WHERE username = $username";
to
$sql = "SELECT points FROM tablename WHERE username = '$username'";
^ ^
On a side note use prepared statements with either mysqli or PDO. mysql extension is deprecated and is no longer supported.
UPDATE The other problem is that your $username variable is not initialized. You probably need to pass it to your function as a parameter
function DisplayPoints($username)
{
...
}
And when you call your function pass a value
DisplayPoints('user1');
or
$username = $_POST['username'];
// here should go code to validate and sanitize $username
DisplayPoints($username);
I am completely new to MYSQL and PHP, so i just need to do something very basic.
I need to select a password from accounts where username = $_POST['username']... i couldn't figure this one out, i keep getting resource id(2) instead of the desired password for the entered account. I need to pass that mysql through a mysql query function and save the returned value in the variable $realpassword. Thanks!
EDIT:
this code returned Resource id (2) instead of the real password
CODE:
<?php
$con = mysql_connect('server', 'user', 'pass');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
echo '<br/> ';
// Create table
mysql_select_db("dbname", $con);
//Variables
//save the entered values
$enteredusername = $_POST['username'];
$hashedpassword = sha1($_POST['password']);
$sql = "SELECT password from accounts where username = '$enteredusername'";
$new = mysql_query($sql,$con);
echo "$new";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
?>
It will be a lot better if you use PDO together with prepared statements.
This is how you connect to a MySQL server:
$db = new PDO('mysql:host=example.com;port=3306;dbname=your_database', $mysql_user, $mysql_pass);
And this is how you select rows properly (using bindParam):
$stmt = $db->prepare('SELECT password FROM accounts WHERE username = ?;');
$stmt->bindParam(1, $enteredusername);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$password = $result['password'];
Also, binding parameters, instead of putting them immediately into query string, protects you from SQL injection (which in your case would be very likely as you do not filter input in any way).
I think your code looks something like this
$realpassword = mysql_query("SELECT password
from accounts where username = '$_POST[username]'");
echo $realpassword;
This will return a Resource which is used to point to the records in the database. What you then need to do is fetch the row where the resource is pointing. So, you do this (Note that I am going to use structural MySQLi instead of MySQL, because MySQL is deprecated now.)
$connection = mysqli_connect("localhost", "your_mysql_username",
"your_mysql_password", "your_mysql_database")
or die("There was an error");
foreach($_POST as $key=>$val) //this code will sanitize your inputs.
$_POST[$key] = mysqli_real_escape_string($connection, $val);
$result = mysqli_query($connection, "what_ever_my_query_is")
or die("There was an error");
//since you should only get one row here, I'm not going to loop over the result.
//However, if you are getting more than one rows, you might have to loop.
$dataRow = mysqli_fetch_array($result);
$realpassword = $dataRow['password'];
echo $realpassword;
So, this will take care of retrieving the password. But then you have more inherent problems. You are not sanitizing your inputs, and probably not even storing the hashed password in the database. If you are starting out in PHP and MySQL, you should really look into these things.
Edit : If you are only looking to create a login system, then you don't need to retrieve the password from the database. The query is pretty simple in that case.
$pass = sha1($_POST['Password']);
$selQ = "select * from accounts
where username = '$_POST[Username]'
and password = '$pass'";
$result = mysqli_query($connection, $selQ);
if(mysqli_num_rows($result) == 1) {
//log the user in
}
else {
//authentication failed
}
Logically speaking, the only way the user can log in is if the username and password both match. So, there will only be exactly 1 row for the username and password. That's exactly what we are checking here.
By seeing this question we can understand you are very very new to programming.So i requesting you to go thru this link http://php.net/manual/en/function.mysql-fetch-assoc.php
I am adding comment to each line below
$sql = "SELECT id as userid, fullname, userstatus
FROM sometable
WHERE userstatus = 1"; // This is query
$result = mysql_query($sql); // This is how to execute query
if (!$result) { //if the query is not successfully executed
echo "Could not successfully run query ($sql) from DB: " . mysql_error();
exit;
}
if (mysql_num_rows($result) == 0) { // if the query is successfully executed, check how many rows it returned
echo "No rows found, nothing to print so am exiting";
exit;
}
while ($row = mysql_fetch_assoc($result)) { //fetch the data from table as rows
echo $row["userid"]; //echoing each column
echo $row["fullname"];
echo $row["userstatus"];
}
hope it helps
try this
<?php
$con = mysql_connect('server', 'user', 'pass');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
echo '<br/> ';
// Create table
mysql_select_db("dbname", $con);
//Variables
//save the entered values
$enteredusername = mysql_real_escape_string($_POST['username']);
$hashedpassword = sha1($_POST['password']);
$sql = "SELECT password from accounts where username = '$enteredusername'";
$new = mysql_query($sql,$con);
$row = mysql_fetch_array($new) ;
echo $row['password'];
if (!$new)
{
die('Error: ' . mysql_error());
}
mysql_close($con);
?>
<?php
$query = "SELECT password_field_name FROM UsersTableName WHERE username_field_name =".$_POST['username'];
$result = mysql_query($query);
$row = mysql_fetch_array($result);
echo $row['password_field_name'];
?>
$username = $_POST['username'];
$login_query = "SELECT password FROM users_info WHERE users_info.username ='$username'";
$password = mysql_result($result,0,'password');