MuphN Posted January 25, 2014 Share Posted January 25, 2014 hello. For some reason my script works but it doesnt store to the detabase. I made these so it would be stored without selection input or something. $s = 100; $sa = 1; $sb = 10; $ac = 10; $sd = 10; And my storing results script. if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, drop, s, sa, sb, ac, ad) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) { $insert_stmt->bind_param('ssssssssss', $username, $email, $password, $random_salt, $drop, $s, $sa, $sb, $ac, $ad); // Execute the prepared query. if (! $insert_stmt->execute()) { header('Location: ../error.php?err=Registration failure: INSERT'); } } Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/ Share on other sites More sharing options...
ginerjm Posted January 25, 2014 Share Posted January 25, 2014 You are not showing enough code to validate what you want us to examine. You don't check the results of the bind-param call. How about giving us enough info to help you out? Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466563 Share on other sites More sharing options...
MuphN Posted January 25, 2014 Author Share Posted January 25, 2014 okey, so I need to create simple numbers to go to the detabase on register page. for exemple: <?php include_once 'db_connect.php'; include_once 'psl-config.php'; $error_msg = ""; if (isset($_POST['username'], $_POST['email'], $_POST['p'])) { // Sanitize and validate the data passed in $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); $email = filter_var($email, FILTER_VALIDATE_EMAIL); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { // Not a valid email $error_msg .= '<p class="error">The email address you entered is not valid</p>'; } $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING); if (strlen($password) != 128) { // The hashed pwd should be 128 characters long. // If it's not, something really odd has happened $error_msg .= '<p class="error">Invalid password configuration.</p>'; } $drop = filter_input(INPUT_POST, 'my_dropdown', FILTER_SANITIZE_STRING); // Username validity and password validity have been checked client side. // This should should be adequate as nobody gains any advantage from // breaking these rules. // $prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1"; $stmt = $mysqli->prepare($prep_stmt); if ($stmt) { $stmt->bind_param('s', $email); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows == 1) { // A user with this email address already exists $error_msg .= '<p class="error">A user with this email address already exists.</p>'; } } else { $error_msg .= '<p class="error">Database error</p>'; } // TODO: // We'll also have to account for the situation where the user doesn't have // rights to do registration, by checking what type of user is attempting to // perform the operation. if (empty($error_msg)) { // Create a random salt $random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Create salted password $password = hash('sha512', $password . $random_salt); $hp = 100; $level = 1; $str = 10; $agi = 10; $range = 10; // Insert the new user into the database if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, Race, health, level, str, agi, range) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) { $insert_stmt->bind_param('ssssssssss', $username, $email, $password, $random_salt, $drop, $hp, $level, $str, $agi, $range); // Execute the prepared query. if (! $insert_stmt->execute()) { header('Location: ../error.php?err=Registration failure: INSERT'); } } header('Location: ./register_success.php'); } }?> This is my whole register.inc page. As you know on other page there is a registraton form, which results get hare and stores in to detabase, dont really know how to explain it. $hp = 100; $level = 1; $str = 10; $agi = 10; $range = 10; This is just numbers that should be inserted into detabase, but after I added those for some reason it doesn't store them in the db. Sorry for leaving not much info. Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466565 Share on other sites More sharing options...
ginerjm Posted January 25, 2014 Share Posted January 25, 2014 Sorry - your code is just difficult to follow. Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466566 Share on other sites More sharing options...
MuphN Posted January 25, 2014 Author Share Posted January 25, 2014 (edited) Sorry - your code is just difficult to follow. No problem, I guess its my own fault though. Edited January 26, 2014 by MuphN Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466567 Share on other sites More sharing options...
mac_gyver Posted January 26, 2014 Share Posted January 26, 2014 you need to tell us what the code IS doing when it runs. is it redirecting to the error.php page or what? Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466568 Share on other sites More sharing options...
MuphN Posted January 26, 2014 Author Share Posted January 26, 2014 It sends the $username, $email, $password, $random_salt, $drop, $hp, $level, $str to detabase, from inputs. // Insert the new user into the database if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, Race, health, level, str, agi, range) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {$insert_stmt->bind_param('ssssssssss', $username, $email, $password, $random_salt, $drop, $hp, $level, $str, $agi, $range);// Execute the prepared query.if (! $insert_stmt->execute()) {header('Location: ../error.php?err=Registration failure: INSERT');}}header('Location: ./register_success.php');} And I need to add custom vars to the db, like $hp to healt Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466571 Share on other sites More sharing options...
kicken Posted January 26, 2014 Share Posted January 26, 2014 Those extra comments add nothing of value. All they do is say what the code should be doing, which is already obvious. If it were actually doing that, you wouldn't be posting here so what you need to tell us is what it's actually doing. You said it doesn't insert the data, but how exactly does it fail? Do you get redirected to the error page? Do you see the success page but no data in the DB? Have you checked the error message mysql gives you if the query fails? That is all basic debugging steps you should have completed before posting. The results of those steps should have been included in your first post. Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466573 Share on other sites More sharing options...
MuphN Posted January 26, 2014 Author Share Posted January 26, 2014 It doesn't show any errors, just doesn't add those numbers to detabase, it doesnt add enything after I added those. maybe I made a syntax mistake, maybe I selected the vars wrong? When I try to register. It shows Sucsessifuly registered. I got to db, no new user registered. Could be that I made a mistake in detabase, for exemple: all these new vars are numbers. and to detabase I added those collums with property INI(100) - 100 length, so maybe it doesnt add because there is some colums witch is wrong. Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466597 Share on other sites More sharing options...
Solution Ch0cu3r Posted January 26, 2014 Solution Share Posted January 26, 2014 (edited) The query could be failing due you using a reserved keyword as a column name. Range is a reserved keyword in MySQL. WHen using this column name in queries add backticks when you reference it in your query if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, Race, health, level, str, agi, `range`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) { Edited January 26, 2014 by Ch0cu3r Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466598 Share on other sites More sharing options...
MuphN Posted January 26, 2014 Author Share Posted January 26, 2014 The query could be failing due you using a reserved keyword as a column name. Range is a reserved keyword in MySQL. WHen using this column name in queries add backticks when you reference it in your query if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, Race, health, level, str, agi, `range`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) { i though so, that u can find the problem, by checking the code. Thanks dude, u save my a** again. Gratefull! ) Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466600 Share on other sites More sharing options...
mac_gyver Posted January 26, 2014 Share Posted January 26, 2014 several words of caution about the script you found. it is at best just a demonstration of the secure login concepts that were presented. it is not a well written, finished, login script. for example, in the registration process. if the prepare statement is failing due to an error, which is what is happening when you modified the insert query statement, the code doesn't attempt to run the insert query at all and it reports that registration was successful. the code should - a) detect and report errors that occur, and b) only report a successful registration if the insert query ran without any errors and actually inserted the row. Quote Link to comment https://forums.phpfreaks.com/topic/285678-store-to-detabase/#findComment-1466609 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.