Jump to content

Username not being added to the database

msebar

By msebar
in PHP Coding Help

 Share

Recommended Posts

msebar Newbie

msebar

Posted
Posted

I have a membership site that a user creates a username and password at registration. The user logs in and all that works. The usersname is located in the database under users. Each page is protected and you must login to access it. Here is the code for that

checkLogin('2');

$getuser = getUserRecords($_SESSION['user_id']);

If the user login is correct they have access to the page. This all works fine as I said. On this page is a form that gets filled out. All the data except the username is added to the database for the contents of this form. I need to have the username added to the database to track who the data belongs to. Here is the code I have for this, can some tell me where I messed up.

 

The line under the the code <body> pulls the username and the echo command prints the username on the page. I repeated this code under the

if ($_SERVER['REQUEST_METHOD'] == "POST") code and it also prints the username.

<?php

// this is processed when the form is submitted
// back on to this page (POST METHOD)
    if ($_SERVER['REQUEST_METHOD'] == "POST") 
    {		$usernow = $getuser[0]['username'];
    		$userid = $usernow; 
    		echo "$userid";
    		
        # escape data and set variables
        
        $userid = addslashes($_POST["userid"]);        
        $date = addslashes($_POST["date"]);
        $temperature = addslashes($_POST["temperature"]);
        $ph = addslashes($_POST["ph"]);
        $ammonia = addslashes($_POST["ammonia"]);
        $nitrite = addslashes($_POST["nitrite"]);
        $nitrate = addslashes($_POST["nitrate"]);
        $phosphate = addslashes($_POST["phosphate"]);
        $gh = addslashes($_POST["gh"]);
        $kh = addslashes($_POST["kh"]);
        $iron = addslashes($_POST["iron"]);
        $potassium = addslashes($_POST["potassium"]);       
        $notes = addslashes($_POST["notes"]);    
        

//  # setup SQL statement
				$sql  = " INSERT INTO water_parameters ";
				$sql .= " (id, userid, date, temperature, ph, ammonia, nitrite, nitrate, phosphate, gh, kh, iron, potassium, notes) VALUES ";
				$sql .= " ('', '$userid', '$date', '$temperature', '$ph', '$ammonia', '$nitrite', '$nitrate', '$phosphate', '$gh', '$kh', '$iron', '$potassium', '$notes') ";

//  #execute SQL statement
    		$result = mysql_query($sql);
			
//   # check for error
    if (mysql_error()) { print "Database ERROR: " . mysql_error(); }

		print "<h3><font color=red>New Water Parameters Were Added</font></h3>";
} 
?>
Link to comment
Share on other sites
CroNiX Member

CroNiX

Posted
Posted (edited)

try commenting this out

$userid = addslashes($_POST["userid"]);

You're saying you get the correct username when you echo $userid? The line above is setting the value from $_POST, so use the $userid that you're echoing.

Edited by CroNiX
Link to comment
Share on other sites
gizmola Prolific Member

gizmola

Posted
Posted

I'd also use the MySQLi driver and not MySQL because that driver is now deprecated in php. That or PDO.

Not only that, but addslashes hasn't been the way to go even when mysql_ wasn't deprecated. You use mysql_real_escape_string().

 

However --- please DON'T. My advice is to convert your code to use PDO instead.

Link to comment
Share on other sites
msebar Newbie

msebar

Posted
  • Author
Posted (edited)

That worked pefect thank you very much. Once I do finish the site being I have only 3 more pages to complete I will look into converting it to MYSQLi. From what I just looked to convert it I think it most likely be a pain in the butt. But I see it has to be done.

 

Thanks once again.

Mike

Edited by msebar
Link to comment
Share on other sites
msebar Newbie

msebar

Posted
  • Author
Posted

Not only that, but addslashes hasn't been the way to go even when mysql_ wasn't deprecated. You use mysql_real_escape_string().

 

However --- please DON'T. My advice is to convert your code to use PDO instead.

Is PDO more of a pain or easier?

Link to comment
Share on other sites
Jacques1 Prolific Member

Jacques1

Posted
Posted

PDO is much more comfortable than MySQLi. For example, fetching data with a prepared statement only requries prepare(), execute() and a foreach loop. The same thing in MySQLi requires prepare(), bind_param(), execute(), bind_result() and a while loop to call fetch().

 

But more importantly, PDO is a universal database interface, it's not limited to one particular database system. If you decide to switch from MySQL to PostgreSQL, you can do that without having to rewrite your entire code again. If you want to use an embedded SQLite database, you can access it in the same way you access your main database.

  • Like 1
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.