Jump to content

store to detabase


Go to solution Solved by Ch0cu3r,

Recommended Posts

hello. For some reason my script works but it doesnt store to the detabase.

I made these so it would be stored without selection input or something.

$s = 100;
$sa = 1;
$sb = 10;
$ac = 10;
$sd = 10;

 

 
And my storing results script.
        if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, drop, s, sa, sb, ac, ad) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
            $insert_stmt->bind_param('ssssssssss', $username, $email, $password, $random_salt, $drop, $s, $sa, $sb, $ac, $ad);
            // Execute the prepared query.
            if (! $insert_stmt->execute()) {
                header('Location: ../error.php?err=Registration failure: INSERT');
            }
        }

 

Link to comment
https://forums.phpfreaks.com/topic/285678-store-to-detabase/
Share on other sites

okey, so I need to create simple numbers to go to the detabase on register page. for exemple:

<?php
include_once 'db_connect.php';
include_once 'psl-config.php';
 
$error_msg = "";
 
if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
    // Sanitize and validate the data passed in
    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
    $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
    $email = filter_var($email, FILTER_VALIDATE_EMAIL);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        // Not a valid email
        $error_msg .= '<p class="error">The email address you entered is not valid</p>';
    }
 
    $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
    if (strlen($password) != 128) {
        // The hashed pwd should be 128 characters long.
        // If it's not, something really odd has happened
        $error_msg .= '<p class="error">Invalid password configuration.</p>';
    }
 	$drop = filter_input(INPUT_POST, 'my_dropdown', FILTER_SANITIZE_STRING);

    // Username validity and password validity have been checked client side.
    // This should should be adequate as nobody gains any advantage from
    // breaking these rules.
    //
 
    $prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
    $stmt = $mysqli->prepare($prep_stmt);
 
    if ($stmt) {
        $stmt->bind_param('s', $email);
        $stmt->execute();
        $stmt->store_result();
 
        if ($stmt->num_rows == 1) {
            // A user with this email address already exists
            $error_msg .= '<p class="error">A user with this email address already exists.</p>';
        }
    } else {
        $error_msg .= '<p class="error">Database error</p>';
    }
	

    // TODO: 
    // We'll also have to account for the situation where the user doesn't have
    // rights to do registration, by checking what type of user is attempting to
    // perform the operation.
 
    if (empty($error_msg)) {
        // Create a random salt
        $random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
 
        // Create salted password 
        $password = hash('sha512', $password . $random_salt);
		$hp = 100;
		$level = 1;
		$str = 10;
		$agi = 10;
		$range = 10;
        // Insert the new user into the database 
        if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, Race, health, level, str, agi, range) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
            $insert_stmt->bind_param('ssssssssss', $username, $email, $password, $random_salt, $drop, $hp, $level, $str, $agi, $range);
            // Execute the prepared query.
            if (! $insert_stmt->execute()) {
                header('Location: ../error.php?err=Registration failure: INSERT');
            }
        }
        header('Location: ./register_success.php');
    }
}?>

This is my whole register.inc page. As you know on other page there is a registraton form, which results get hare and stores in to detabase, dont really know how to explain it. 

 

$hp = 100;
$level = 1;
$str = 10;
$agi = 10;
$range = 10; 
 
This is just numbers that should be inserted into detabase, but after I added those for some reason it doesn't store them in the db.
 
Sorry for leaving not much info.
Link to comment
https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466565
Share on other sites

It sends the $username, $email, $password, $random_salt, $drop, $hp, $level, $str

to detabase, from inputs.

 

// Insert the new user into the database 

if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, Race, health, level, str, agi, range) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
$insert_stmt->bind_param('ssssssssss', $username, $email, $password, $random_salt, $drop, $hp, $level, $str, $agi, $range);
// Execute the prepared query.
if (! $insert_stmt->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
}
}
header('Location: ./register_success.php');
}

 

And I need to add custom vars to the db, like $hp to healt

Link to comment
https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466571
Share on other sites

Those extra comments add nothing of value. All they do is say what the code should be doing, which is already obvious. If it were actually doing that, you wouldn't be posting here so what you need to tell us is what it's actually doing.

 

You said it doesn't insert the data, but how exactly does it fail? Do you get redirected to the error page? Do you see the success page but no data in the DB? Have you checked the error message mysql gives you if the query fails?

 

That is all basic debugging steps you should have completed before posting. The results of those steps should have been included in your first post.

Link to comment
https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466573
Share on other sites

It doesn't show any errors, just doesn't add those numbers to detabase, it doesnt add enything after I added those. maybe I made a syntax mistake, maybe I selected the vars wrong? 

 

When I try to register. It shows Sucsessifuly registered. I got to db, no new user registered.

 

Could be that I made a mistake in detabase, for exemple: all these new vars are numbers. and to detabase I added those collums with property INI(100) - 100 length, so maybe it doesnt add because there is some colums witch is wrong.

Link to comment
https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466597
Share on other sites

  • Solution

The query could be failing due you using a reserved keyword as a column name. Range is a reserved keyword in MySQL. WHen using this column name in queries add backticks when you reference it in your query

 

if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, Race, health, level, str, agi, `range`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {

Edited by Ch0cu3r
Link to comment
https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466598
Share on other sites

The query could be failing due you using a reserved keyword as a column name. Range is a reserved keyword in MySQL. WHen using this column name in queries add backticks when you reference it in your query

 

if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, Race, health, level, str, agi, `range`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {

 i though so, that u can find the problem, by checking the code. Thanks dude, u save my a** again. Gratefull! :))

Link to comment
https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466600
Share on other sites

several words of caution about the script you found. it is at best just a demonstration of the secure login concepts that were presented. it is not a well written, finished, login script.

 

for example, in the registration process. if the prepare statement is failing due to an error, which is what is happening when you modified the insert query statement, the code doesn't attempt to run the insert query at all and it reports that registration was successful. the code should - a) detect and report errors that occur, and b) only report a successful registration if the insert query ran without any errors and actually inserted the row.

Link to comment
https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466609
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.