Jump to content

Recommended Posts

Hi Guys I'm creating my own website and I want users to be able to register and log in at the momnet I'm just having trouble with letting users to log in 

 

here is the code 

 

config.php 

<?php 

$connection = mysqli_connect("localhost","root","","registration");

// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

mysqli_close($connection);
?>

This is the submit_form.php

<?php

//select your database
//$b=mysql_select_db("database_name",$a);
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$username=$_POST['username'];
//$confirmusername=$_POST['confirmusername'];
$password=$_POST['password'];
$confirmpassword=$_POST['confirmpassword'];
$email=$_POST['email'];
$confirmemail=$_POST['confirmemail'];
//Database connection
require_once("config.php");

//mysql query to insert value to database
$query="INSERT INTO 'users' (`firstname`, `lastname`, `username`, `confirmusername`, `password`, `confirmpassword`, `email` ,`confirmemail`) VALUES ('$firstname', '$lastname', '$username', '$password', '$confirmpassword', '$email' , '$confirmemail')";

$result = mysqli_query($connection,$query);
//if value inserted successyully disply success message
if(!$result) {

    die("The following SQL Failed $query");
}
echo 'Registred successfully..!!</div>';
?>

This is the error message that I'm getting 

 

Warning: mysqli_query(): Couldn't fetch mysqli in C:\xampp\htdocs\submit-form.php on line 19
The following SQL Failed INSERT INTO 'users' (`firstname`, `lastname`, `username`, `confirmusername`, `password`, `confirmpassword`, `email` ,`confirmemail`) VALUES ('richard', 'Hemmings', 'hemmo001', 'password', 'password', 'richardgwhemmings@msn.com' , 'richardgwhemmings@msn.com')

 

Can anyone shed any light onto the problem please?

 

Thanks in advance 

 

Rich

Link to comment
https://forums.phpfreaks.com/topic/287805-php-and-sqli-connection-help/
Share on other sites

If the user is new to the site, and wants to sign up,

you can add a link to a "sign up" page. Open up

your signup.php page, and you'll see some code

already there. We'll now walk you through what it

all does.

When you open up the code for the signup.php

page, you'll see quite a lot of it is code that you've

already met. It starts with the function that checks

for dangerous SQL characters. Then we check that

the form has been POSTED. The next lines are

these:

$uname = $_POST['username'];

$pword = $_POST['password'];

$uname = htmlspecialchars($uname);

$pword = htmlspecialchars($pword);

We're just getting the username and password

from the form, like we did before, and then

checking it for unwanted tags. The next thing you

need to do, though, is test that the username and

password are of the correct length. You don't want

a malicious user trying to inject megabytes of text!

$uLength = strlen($uname);

$pLength = strlen($pword);

if ($uLength >= 10 && $uLength <= 20) {

$errorMessage = "";

}

else {

$errorMessage = $errorMessage . "Username must

be between 10 and 20 characters" . "<BR>";

}

if ($pLength >= 8 && $pLength <= 16) {

$errorMessage = "";

}

else {

$errorMessage = $errorMessage . "Password must

be between 8 and 16 characters" . "<BR>";

}

What we're doing here is using the inbuilt function

strlen ( ) to get the length of the string. We then

use if .. else statements to check that the

username and password are between certain

values. If they are ok, the variable called

$errorMessage is left blank. If they are not ok, we

add some text for the error message.

Before checking the username and password

against the database, we can check to see if the

error message is blank:

if ($errorMessage == "") {

}

If it's blank, then everything is ok. In which case

the rest of the code is executed. If it's not OK, then

the user will see the text of the error message

displayed.

Inside of the if statement for the error message

check, we just set up the database code like we did

before:

$user_name = "root";

$pass_word = "";

$database = "login";

$server = "127.0.0.1";

$db_handle = mysql_connect($server, $user_name,

$pass_word);

$db_found = mysql_select_db($database,

$db_handle);

if ($db_found) {

}

We're just checking that the database can be

found. If it is, then we need to check if the

username has already been taken:

$SQL = "SELECT * FROM login WHERE L1 =

$uname";

$result = mysql_query($SQL);

$num_rows = mysql_num_rows($result);

if ($num_rows > 0) {

$errorMessage = "Username already taken";

}

else {

}

The code attempts to select all the records from

the table where a match with the username is

found. (L1 is the name of the username field in the

table.) If any records are returned, then the

variable called $num_rows will be greater than

zero. We check the value of $num_rows in an if ...

else statement.

If the username has already been taken, then we

can add something to the error message variable.

(But there are security considerations to bear in

mind here. Do you really want to tell a malicious

user that a username has already been taken? If

it's for a forum, then it's ok: the malicious user

can simply read usernames from forum posts. But

in that case, perhaps we shouldn't be using a

username to log people in?)

If the value in the variable $num_rows is still zero,

then we can go ahead and add the user to the

database:

$SQL = "INSERT INTO login (L1, L2) VALUES

($uname, $pword)";

$result = mysql_query($SQL);

mysql_close($db_handle);

Here, we use the SQL command INSERT INTO to

add a new record to the database.

After the user has been added to the database, we

can then set the session variable:

session_start();

$_SESSION['login'] = "1";

The session variable called login will be set to 1.

This means that the user can then start using the

site straight away. In fact, we redirect them to a

different page on the site:

header ("Location: page1.php");

Our new user is now a member!

 

note:>that's not a complete signup script

read again my explaination is understandable for newbie

The way you have posted your reply makes it hard for any one to read. Also when posting code it makes the post more readable if you wrap it in


tags.

 

EDIT. I have read your post but I do not see how it relates to the OP.

Edited by Ch0cu3r

@rich_hemmo: The problem is you are not connected to mysql. You need to call mysqli_connect first before running any queries

 

Also you should atleast validate and sanitize the the user input before using it in your query. And is it necessary to store the users username, password and email twice? Passwords should not be stored as plain text, they should be hashed

The way you have posted your reply makes it hard for any one to read. Also when posting code it makes the post more readable if you wrap it in


tags.

 

EDIT. I have read your post but I do not see how it relates to the OP.

It's just a copy/paste from a very bad online tutorial (to which I won't link; doesn't deserve it).

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.