I have problem in my registration.
Look on my code:
//player.php
<?php
session_start();
class Player
{
var $name;
function _construct($name)
{
$this->$name = $name;
}
function CreatePlayer($name, $pass, $mail, $date, $type)
{
if($_POST['submit'])
{
$link = mysql_connect("localhost","wewewe", "wewewe");
if(!$con)
{
die( $return = mysql_error());
}
mysql_select_db("wewewe", $con);
mysql_query("INSERT INTO USERS (name, pass, mail, date, type) VALUES ('$name', '$pass', '$mail', '$date','$type')");
mysql_close(link);
}
return $return;
}
function LoginPlayer($name, $pass)
{
$link = mysql_connect("localhost","username", "pass");
mysql_select_db("con", $con);
$result = mysql_query("SELECT FROM USERS WHERE pass='$pass' AND name='$name'");
$count = mysql_num_rows($result);
if($count==1)
{
$_SESSION['name'] = $name;
$_SESSION['logged'] = true;
}
mysql_close($link);
}
}
?>
//reg.php
<html>
<form action="log.php" method="post">
Meno: <input type="text" name="meno">
<br>
Heslo: <input type="text" name="heslo">
<br>
Mail: <input type="text" name="mail">
<br>
Date: <input type="text" name="date">
<br>
Type: <input type="text" name="type">
<br>
<input type="submit">
<br>
</form>
<?php
include 'player.php';
$name = $_POST['meno'];
$pass = $_POST['heslo'];
$mail = $_POST['mail'];
$date = $_POST['date'];
$type = $_POST['type'];
$obj = new Player($name);
$res = $obj->CreatePlayer($name, $pass, $mail, $date, $type);
if($res==true)
{
echo "jo!";
}
else
{
echo $res;
}
?>
My problem is that if I write text to all fields and press ok, my page will restart but without any error message. And when I will look to a database, theres nothing. Why? Can anybody plese help me?
EDIT:
<?php
session_start();
class Player
{
var $name;
function _construct($name)
{
$this->$name = $name;
}
function CreatePlayer($name, $pass, $mail, $date, $type)
{
if($_POST['submit'])
{
$con = mysql_connect("localhost","wewewe", "wewewe");
if(!$con)
{
die( $return = mysql_error());
}
mysql_select_db("wewewe", $con);
$query = "INSERT INTO USERS (name, pass, mail, date, type) VALUES ('$name', '$pass', '$mail', '$date','$type')";
$retrn = var_dump($query); // SHOWS YOU QUERY STRING
mysql_query($query) or die(mysql_error()); // EXECUTES QUERY OR THROWS EXCEPTON (SHOWS ERROR TOO)
mysql_close($con);
}
return $return;
}
function LoginPlayer($name, $pass)
{
$link = mysql_connect("localhost","username", "pass");
mysql_select_db("con", $con);
$result = mysql_query("SELECT FROM USERS WHERE pass='$pass' AND name='$name'");
$count = mysql_num_rows($result);
if($count==1)
{
$_SESSION['name'] = $name;
$_SESSION['logged'] = true;
}
mysql_close($link);
}
}
?>
I think its not going inside if($_POST['submit'])
change
<input type="submit">
to
<input name="submit" type="submit" />
<input type="submit"> modify to <input type="submit" name="submit">
To debug SQL INSERTING :
mysql_select_db("wewewe", $con);
mysql_query("INSERT INTO USERS (name, pass, mail, date, type) VALUES ('$name', '$pass', '$mail', '$date','$type')");
mysql_close(link);
modify to
mysql_select_db("wewewe", $con);
$query = "INSERT INTO USERS (name, pass, mail, date, type) VALUES ('$name', '$pass', '$mail', '$date','$type')";
var_dump($query); // SHOWS YOU QUERY STRING
mysql_query($query) or die(mysql_error()); // EXECUTES QUERY OR THROWS EXCEPTON (SHOWS ERROR TOO)
mysql_close(link);
Your query in the function LoginPlayer is incorrect. You may simply fix it like this
$result = mysql_query("SELECT name FROM USERS WHERE pass='$pass' AND name='$name'");
Related
There is a registration interface where you must enter your billing information after logging in.
The goal is to record the entered data in the MySQL database and update the "billable" value to "1", however I get a syntax error.
The code is (PhP 7.3):
<?php
session_start();
if(!isset($_SESSION['username'])) {
header('location: login.php');
exit();
}
include_once('dbconnect.php');
$username = $_SESSION["username"];
$result = mysqli_query($conn, "SELECT * FROM users WHERE username = '$username'");
while($row = mysqli_fetch_array($result)) {
if ($row['billable'] == 0) {
$error = false;
if(isset($_POST['btn-updatedetails'])) {
$firstname = mysqli_real_escape_string($conn, $_REQUEST['firstname']);
$lastname = mysqli_real_escape_string($conn, $_REQUEST['lastname']);
$phone = mysqli_real_escape_string($conn, $_REQUEST['phone']);
$company = mysqli_real_escape_string($conn, $_REQUEST['company']);
$country = mysqli_real_escape_string($conn, $_REQUEST['country']);
$county = mysqli_real_escape_string($conn, $_REQUEST['county']);
$city = mysqli_real_escape_string($conn, $_REQUEST['city']);
$street = mysqli_real_escape_string($conn, $_REQUEST['street']);
$postcode = mysqli_real_escape_string($conn, $_REQUEST['postcode']);
if(empty($firstname)) {
$error = true;
$errorFirstname = 'This field cannot be left blank.';
}
if(empty($lastname)) {
$error = true;
$errorLastname = 'This field cannot be left blank.';
}
if(empty($phone)) {
$error = true;
$errorPhone = 'This field cannot be left blank.';
}
if(empty($country)) {
$error = true;
$errorCountry = 'This field cannot be left blank.';
}
if(empty($county)) {
$error = true;
$errorCounty = 'This field cannot be left blank.';
}
if(empty($city)) {
$error = true;
$errorCity = 'This field cannot be left blank.';
}
if(empty($street)) {
$error = true;
$errorStreet = 'This field cannot be left blank.';
}
if(empty($postcode)) {
$error = true;
$errorPostcode = 'This field cannot be left blank.';
}
if(!$error){
$sql = "INSERT INTO users (firstname, lastname, phone, company, country, county, city, street, postcode) VALUES ('$firstname', '$lastname', '$phone', '$company', '$country', '$county', '$city', '$street', '$postcode') WHERE username = '$username' AND UPDATE users SET billable='1' WHERE username = '$username'";
if(mysqli_query($conn, $sql)){
$successMsg = 'Success!';
}else{
echo 'Error '.mysqli_error($conn);
}
}
}
?>
<form method="POST" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
Firstname:
<input type="text" name="firstname" id="firstname"><br>
Lastname:
<input type="text" name="lastname" id="lastname"><br>
Phone:
<input type="text" name="phone" id="phone"><br>
Company (optional):
<input type="text" name="company" id="company"><br>
Country:
<input type="text" name="country" id="country"><br>
County:
<input type="text" name="county" id="county"><br>
City:
<input type="text" name="city" id="city"><br>
Street:
<input type="text" name="street" id="street"><br>
Postcode:
<input type="text" name="postcode" id="postcode"><br>
<input type="submit" name="btn-updatedetails">
</form>
<?php
} else {
echo "<3";
}
}
mysqli_close($conn);
This page returns the following error:
Error You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE username = 'Erik' AND UPDATE users SET billable='1' WHERE username = 'Erik' at line 1
MySQL database:
Where did I make a mistake?
Thank you in advance for your answer!
Have a nice day!
You did a SELECT to start with so I don't see why you want to INSERT another row for the same user. I think you just want to do a single UPDATE as such:
UPDATE users
SET
firstname = '$firstname',
lastname = '$lastname',
phone = '$phone',
company = '$company',
country = '$country',
county = '$county',
city = '$city',
street = '$street',
postcode = '$postcode',
billable = 1
WHERE username = '$username'
So i want to check if the email is already in database when creating a new account but i do not know how to make it work , because i am a beginner in php
<?php
if (isset($_POST["register"]))
{
include 'header.php';
$firstName = $connection->real_escape_string($_POST["firstName"]);
$email = $connection->real_escape_string($_POST["email"]);
$password = sha1($connection->real_escape_string($_POST["password"]));
$sql = "SELECT * FROM users WHERE email LIKE '%$email%'";
$result = mysqli_query($conn, $sql);
$queryResult = mysqli_num_rows($result);
if($queryResult >0)
echo"Email already exists";
else
{
$connection = new mysqli('mysql.hostinger.com', 'xxx', 'xxx', 'xxx');
$data = $connection->query("INSERT INTO users (username, email, password) VALUES ('$firstName', '$email', '$password')");
if ($data === false)
echo "Eroare!";
else
header( 'Location:http://alergii-help.tk/account/login.php');
}}
?>
<input type="submit" class="login100-form-btn" name="register" value="Inregistrare" required />
i don't know what is not working
the table is caled "article"
Why don't you add a unique constraint for email in the table using below query?
ALTER TABLE USERS ADD CONSTRAINT UNQ_EML UNIQUE (EMAIL)
If your code tries to insert an already existing email, then MySQL will throw such duplicate data exception while inserting and you can easily catch it and identify. Below is pseudo code to check.
if( mysql_errno() == 1062) {
// Duplicate key
} else {
// Non duplicate
}
https://dev.mysql.com/doc/refman/5.5/en/error-messages-server.html
Try:
<?php
if (isset($_POST["register"])) {
include 'header.php';
$connection = new mysqli('xxxx', 'xxx', 'xxx', 'xxxx');
$firstName = $connection->real_escape_string($_POST["firstName"]);
$email = strtolower($connection->real_escape_string($_POST["email"]));
$password = sha1($connection->real_escape_string($_POST["password"]));
$sql = "SELECT * FROM users WHERE LOWER(email) = '$email';";
$result = mysqli_query($conn, $sql);
$queryResult = mysqli_num_rows($result);
if($queryResult >0)
echo"Email already exists";
} else {
$data = $connection->query("INSERT INTO users (username, email, password) VALUES ('$firstName', '$email', '$password')");
if ($data === false) {
echo "Eroare!";
} else {
header( 'Location:http://alergii-help.tk/account/login.php');
}
}
}
?>
You need the first make the connection and then pass it before statement:
$result = mysqli_query($conn, $sql)
like below:
$conn = new mysqli('mysql.hostinger.com', 'u784726611_teze', 'b567c63b567c63', 'u784726611_teze');
$result = mysqli_query($conn, $sql);
I'm wondering what's the problem with this code?
What I want to happen is to insert record when I click the Submit Button. But it seems I'm having a problem with the isset function.
Database Name: dbase
Table Name: tblmessage
Fields:
message_id - INT - auto increment
message - TEXT
Update:
I can't still add / insert record in my database.
Thank you in advance!
<html>
<head></head>
<body>
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>">
Message: <input type = "text" name = "message">
</br></br>
<input type = "submit" name = "submit">
</form>
<?php
if (isset($_POST['submit'])) {
if (!empty($_POST['message'])) {
$conn = mysqli_connect("localhost", "root", "","dbase");
$message = $_POST['message'];
$sql = ""INSERT INTO tblmessage (message_id, message) VALUES (NULL, '$message')";
$insert = mysqli_query($conn,$sql);
if ($insert) {
echo "Message successfully added!";
}
else {
echo "Error" . mysqli_error($conn);
}
}
}
mysqli_close($conn);
?>
</body>
</html>
Working Code just copy and paste it
<html>
<head></head>
<body>
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>">
Message: <input type = "text" name = "message">
</br></br>
<input type = "submit" name = "submit">
</form>
<?php
if (isset($_POST['submit'])) {
if (!empty($_POST['message'])) {
$conn = mysqli_connect("localhost", "root", "", "dbase");
$message = $_POST['message'];
$sql = "INSERT INTO tblmessage (message_id, message) VALUES (NULL, '" . $message . "')";
$insert = mysqli_query($conn, $sql);
mysqli_close($conn);
if ($insert) {
echo "Message successfully added!";
} else {
echo "Error" . mysqli_error($conn);
}
}
}
?>
</body>
</html>
You're trying to implode a String. Read about implode.
Change:
$sql = "INSERT INTO tblmessage (message) VALUES (NULL, ".implode(',',$message).")";
$insert = mysqli_query($conn,$sql);
To:
$sql = "INSERT INTO tblmessage (message_id, message) VALUES (NULL, '$message')";
$insert = mysqli_query($conn,$sql);
You donĀ“t have any SQL-Statement in your Code.
If you want to insert the Message from your form you need to change $sql.
$sql = INSERT into dbase(your_database_field) Values ($message);
$sql-statement=mysqli_query($conn, $sql);
You should sanitize your input before sending your data to the database.
I used this code and I don't know what is the problem and I used different codes as well
what I want to do to check and not allow the user to add his email twice
<?php
include("includedb.php");
//declare variables
$name = $_POST['name'];
$email = $_POST['email'];
$tel = $_POST['tel'];
$gift = $_POST['gift'];
$formName = $_POST['formName'];
$formEmail = $_POST['formEmail'];
$formEmirate = $_POST['formEmirate'];
$birthday = $_POST['birthday'];
$date = $_POST['date'];
$result = mysqli_query("SELECT * FROM users WHERE email = '$email'") or exit(mysqli_error()); //check for duplicates
$num_rows = mysqli_num_rows($result); //number of rows where duplicates exist
if ($num_rows == 0) { //if there are no duplicates...insert
$sql = "INSERT INTO users (name, email, tel, gift, formName, formEmail, formEmirate, birthday, date)
VALUES ('$name', '$email', '$tel','$gift', '$formName', '$formEmail', '$formEmirate','$birthday',CURRENT_TIMESTAMP )";
if (!mysqli_query($sql)) {
die('Error: ' . mysqli_error());
}
}
mysqli_close();
header("location: thank-you.html?remarks=success");
?>
the problem is you are not passing any connection to the mysql_query
thus the queries are not getting queried
$conn = your connection;
$result = mysqli_query($conn,"SELECT * FROM users WHERE email = '$email'") or exit(mysqli_error()); //check for duplicates
$num_rows = mysqli_num_rows($result); //number of rows where duplicates exist
if($num_rows == 0) { //if there are no duplicates...insert
$sql = "INSERT INTO users (name, email, tel, gift, formName, formEmail, formEmirate, birthday, date)
VALUES ('$name', '$email', '$tel','$gift', '$formName', '$formEmail', '$formEmirate','$birthday',CURRENT_TIMESTAMP )";
if (!mysqli_query($conn,$sql))
{
die('Error: ' . mysqli_error());
}
}
thanks for support I found what has worked with me please find the code below and please advise me how to make it secure and protect it from sql injection
if(isset($_POST['submit'])){
$name= $_POST['name'];
$email= $_POST['email'];
$result = mysqli_query($conn,"SELECT * FROM test WHERE email = '$email'") or exit(mysqli_error()); //check for duplicates
$num_rows = mysqli_num_rows($result); //number of rows where duplicates exist
if(($num_rows) > 0){
echo "A record already exists.";
exit;
}
else{
$sql = "INSERT INTO test (name, email)
VALUES ('$name', '$email')";
if (!mysqli_query($conn,$sql))
{
die('Error: ' . mysqli_error());
}
}
if($result) {
header("Location: game.html");
}else{ echo "Not Successful"; }
mysqli_close();
}
?>
<!DOCTYPE html>
<head>
</head>
<body>
<h2>Enter your Name and Email</h2>
<form method="post">
<p><strong>First Name:</strong><br /> <input type="text" name="name" /></p>
<p><strong>email:</strong><br /> <input type="email" name="email"/></p>
<input type="submit" name="submit" value="Add Customer" />
</form>
</body>
</html>
Why it is showing a blank page insted of SORRY...YOU ARE ALREADY REGISTERED USER... when i am supplying the same email that is already registered.
connect.php
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$database ="dbpro";
$con = mysqli_connect($servername, $username, $password,$database);
// Function for passing query into database
function query($sql_query) {
global $servername;
global $username;
global $password;
global $database;
global $con;
// Check connection
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
if ($res = mysqli_multi_query($con, $sql_query)) {
return $res;
} else {
return false;
}
mysqli_close($con);
}
// Function for getting Indian Standard Time
function ist_time() {
date_default_timezone_set('Asia/Kolkata');
$time_now=mktime(date('h'),date('i'),date('s'));
$date = date('Y-m-d H:i:s', $time_now);
return $date;
}
?>
newuser.php
<?php
require'connect.php';
#$fname = mysqli_real_escape_string($con,$_POST['Fname']);
#$lname = mysqli_real_escape_string($con,$_POST['Lname']);
#$email = mysqli_real_escape_string($con,$_POST['Email']);
#$pass = mysqli_real_escape_string($con,$_POST['Password']);
#$gender = mysqli_real_escape_string($con,$_POST['Gender']);
#$country = mysqli_real_escape_string($con,$_POST['CountryCode']);
#$dob_d = mysqli_real_escape_string($con,$_POST['birthday_day']);
#$dob_m = mysqli_real_escape_string($con,$_POST['birthday_month']);
#$dob_y = mysqli_real_escape_string($con,$_POST['birthday_year']);
#$date_of_reg = ist_time();
$query = "INSERT INTO `CmUser` (`UserID`, `Fname`, `Lname`, `Email`, `Pass`, `Gender`, `Country`, `DOB_D`, `DOB_M`, `DOB_Y`, `Date_Of_Reg`) VALUES (NULL, '$fname', '$lname', '$email', '$pass', '$gender', '$country', $dob_d, $dob_m, $dob_y, '$date_of_reg');";
function NewUser() {
global $query;
$res = query($query);
if($res) {
echo "YOUR REGISTRATION IS COMPLETED..."; } else {
echo "Error in Regisrtation ".$res; }
}
function SignUp() {
global $con;
global $email;
global $pass;
if(!empty($email)) //checking the 'email' name which is from Sign-Up.html, is it empty or have some text
{
$result = mysqli_query($con,"SELECT * FROM CmUser WHERE Email = '$email';");
if(!$row = mysqli_fetch_array($result) or die(mysql_error())) {
newuser(); }
else { echo "SORRY...YOU ARE ALREADY REGISTERED USER..."; }
}
}
if(isset($_POST['submit'])) {
SignUp();
}
?>
I think the problem may be here :
$result = mysqli_query($con,"SELECT * FROM CmUser WHERE Email = '$email';");
if(!$row = mysqli_fetch_array($result) or die(mysql_error())) {
newuser(); }
else { echo "SORRY...YOU ARE ALREADY REGISTERED USER..."; }
The value $date_of_reg must be between single quotes in the query. Also, the semicolon is not mandatory:
$query = "INSERT INTO `CmUser` (`UserID`, `Fname`, `Lname`, `Email`, `Pass`, `Gender`, `Country`, `DOB_D`, `DOB_M`, `DOB_Y`, `Date_Of_Reg`) VALUES (NULL, '$fname', '$lname', '$email', '$pass', '$gender', '$country', $dob_d, $dob_m, $dob_y, '$date_of_reg')";