BMag Posted October 30, 2013 Share Posted October 30, 2013 Hi everyone, I've got a simple mySQL database with 5 fields: id int(10) ip_address varchar(100) name varchar(100) email varchar(100) password varchar(100) and have created a php form, consisting of only two fields: <form id="form1" name="form1" method="post" action=""> <label for="email">email</label> <input type="text" name="email" id="email" /> <label for="password">password</label> <input type="text" name="password" id="password" /> <input type="submit" name="submit" id="submit" value="Submit" /> </form> I need for my users to enter their 'email' and 'password' and upon successful authentication, update their 'ip_address' field via $_SERVER['REMOTE_ADDR']. My php codings skills are nonexistent and as much I've Google'd tutorials on how to achieve this, I'm afraid I'll leave my system open to slq injections or something. Also, shall I include a separate connection php file for database connection or can I just include the connection settings on the form? Any help will be gratefully appreciated, Cheers, Quote Link to comment Share on other sites More sharing options...
digibucc Posted October 30, 2013 Share Posted October 30, 2013 (edited) You are asking for someone to walk you through something that is very well documented. I'll give you some pointers but you're going to have to read up on your own. when you say php form what do you mean? is it actually html in a .php file or are you just calling it a php form? the form is on the user(client/browser) end. php runs on the server's end. two different things. you have no action in <form id="form1" name="form1" method="post" action=""> , that is what will tell your form to use php for processing. change that to <form id="form1" name="form1" method="post" action="process.php"> and then create a file called "process.php". in there put: <?php $post = $_POST; foreach ($post as $key=>$value){ echo $key. ' = '. $value. '<br />'; that will give you a simple script that accepts your form data and then prints out the results. that's the first step. make sure the submitted results come through properly. then you'll want to compare them. to do this you need to GET the existing password from the database you'll also want to encrypt the password but that is ANOTHER script unless you are adding them manually. check this out for the answer to both then use PDO, with prepared statements, and you do not have to worry about injection attacks. an example of that: $db = new PDO('mysql:host=localhost;dbname=DBNAME;charset=utf8_general_ci', 'USER', 'PASS'); $sql = 'UPDATE DBNAME SET ipaddress=? WHERE email=?'; $sth = $db->prepare($sql); $sth->execute(array($_SERVER['REMOTE_ADDR'], $post['email'])); ?> note you'll need to create the database, table, and structure (email, pass, ipaddress) so read. good luck. Edited October 30, 2013 by digibucc Quote Link to comment Share on other sites More sharing options...
BMag Posted October 30, 2013 Author Share Posted October 30, 2013 Hey digibucc, Thanks very much for the reply. The database has been created and it's already populated with sample data. Yes, I have and html form. The process.php is what I was looking after, but unfortunately, like I said, my coding skills are non-existent. I thought I may be able to find someone willing to walk me through. Guess, I'm gonna have to head back to the freelancer forum. Thanks again, Quote Link to comment Share on other sites More sharing options...
digibucc Posted October 30, 2013 Share Posted October 30, 2013 the thing is the code is going to be custom to your situation, you're not asking someone to just show you working code, you are asking someone to code it for you. someone will, i just unfortunately don't have the time atm. good luck. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.