rich_hemmo Posted April 16, 2014 Share Posted April 16, 2014 Hi Guys I'm creating my own website and I want users to be able to register and log in at the momnet I'm just having trouble with letting users to log in here is the code config.php <?php $connection = mysqli_connect("localhost","root","","registration"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } mysqli_close($connection); ?> This is the submit_form.php <?php //select your database //$b=mysql_select_db("database_name",$a); $firstname=$_POST['firstname']; $lastname=$_POST['lastname']; $username=$_POST['username']; //$confirmusername=$_POST['confirmusername']; $password=$_POST['password']; $confirmpassword=$_POST['confirmpassword']; $email=$_POST['email']; $confirmemail=$_POST['confirmemail']; //Database connection require_once("config.php"); //mysql query to insert value to database $query="INSERT INTO 'users' (`firstname`, `lastname`, `username`, `confirmusername`, `password`, `confirmpassword`, `email` ,`confirmemail`) VALUES ('$firstname', '$lastname', '$username', '$password', '$confirmpassword', '$email' , '$confirmemail')"; $result = mysqli_query($connection,$query); //if value inserted successyully disply success message if(!$result) { die("The following SQL Failed $query"); } echo 'Registred successfully..!!</div>'; ?> This is the error message that I'm getting Warning: mysqli_query(): Couldn't fetch mysqli in C:\xampp\htdocs\submit-form.php on line 19The following SQL Failed INSERT INTO 'users' (`firstname`, `lastname`, `username`, `confirmusername`, `password`, `confirmpassword`, `email` ,`confirmemail`) VALUES ('richard', 'Hemmings', 'hemmo001', 'password', 'password', 'richardgwhemmings@msn.com' , 'richardgwhemmings@msn.com') Can anyone shed any light onto the problem please? Thanks in advance Rich Quote Link to comment https://forums.phpfreaks.com/topic/287805-php-and-sqli-connection-help/ Share on other sites More sharing options...
Oliverkahn Posted April 16, 2014 Share Posted April 16, 2014 If the user is new to the site, and wants to sign up, you can add a link to a "sign up" page. Open up your signup.php page, and you'll see some code already there. We'll now walk you through what it all does. When you open up the code for the signup.php page, you'll see quite a lot of it is code that you've already met. It starts with the function that checks for dangerous SQL characters. Then we check that the form has been POSTED. The next lines are these: $uname = $_POST['username']; $pword = $_POST['password']; $uname = htmlspecialchars($uname); $pword = htmlspecialchars($pword); We're just getting the username and password from the form, like we did before, and then checking it for unwanted tags. The next thing you need to do, though, is test that the username and password are of the correct length. You don't want a malicious user trying to inject megabytes of text! $uLength = strlen($uname); $pLength = strlen($pword); if ($uLength >= 10 && $uLength <= 20) { $errorMessage = ""; } else { $errorMessage = $errorMessage . "Username must be between 10 and 20 characters" . "<BR>"; } if ($pLength >= 8 && $pLength <= 16) { $errorMessage = ""; } else { $errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>"; } What we're doing here is using the inbuilt function strlen ( ) to get the length of the string. We then use if .. else statements to check that the username and password are between certain values. If they are ok, the variable called $errorMessage is left blank. If they are not ok, we add some text for the error message. Before checking the username and password against the database, we can check to see if the error message is blank: if ($errorMessage == "") { } If it's blank, then everything is ok. In which case the rest of the code is executed. If it's not OK, then the user will see the text of the error message displayed. Inside of the if statement for the error message check, we just set up the database code like we did before: $user_name = "root"; $pass_word = ""; $database = "login"; $server = "127.0.0.1"; $db_handle = mysql_connect($server, $user_name, $pass_word); $db_found = mysql_select_db($database, $db_handle); if ($db_found) { } We're just checking that the database can be found. If it is, then we need to check if the username has already been taken: $SQL = "SELECT * FROM login WHERE L1 = $uname"; $result = mysql_query($SQL); $num_rows = mysql_num_rows($result); if ($num_rows > 0) { $errorMessage = "Username already taken"; } else { } The code attempts to select all the records from the table where a match with the username is found. (L1 is the name of the username field in the table.) If any records are returned, then the variable called $num_rows will be greater than zero. We check the value of $num_rows in an if ... else statement. If the username has already been taken, then we can add something to the error message variable. (But there are security considerations to bear in mind here. Do you really want to tell a malicious user that a username has already been taken? If it's for a forum, then it's ok: the malicious user can simply read usernames from forum posts. But in that case, perhaps we shouldn't be using a username to log people in?) If the value in the variable $num_rows is still zero, then we can go ahead and add the user to the database: $SQL = "INSERT INTO login (L1, L2) VALUES ($uname, $pword)"; $result = mysql_query($SQL); mysql_close($db_handle); Here, we use the SQL command INSERT INTO to add a new record to the database. After the user has been added to the database, we can then set the session variable: session_start(); $_SESSION['login'] = "1"; The session variable called login will be set to 1. This means that the user can then start using the site straight away. In fact, we redirect them to a different page on the site: header ("Location: page1.php"); Our new user is now a member! note:>that's not a complete signup script Quote Link to comment https://forums.phpfreaks.com/topic/287805-php-and-sqli-connection-help/#findComment-1476322 Share on other sites More sharing options...
rich_hemmo Posted April 16, 2014 Author Share Posted April 16, 2014 thanks for this but im confused to be honest at the moment all i want to do is just make it work simple is best at the min Quote Link to comment https://forums.phpfreaks.com/topic/287805-php-and-sqli-connection-help/#findComment-1476339 Share on other sites More sharing options...
Oliverkahn Posted April 16, 2014 Share Posted April 16, 2014 read again my explaination is understandable for newbie Quote Link to comment https://forums.phpfreaks.com/topic/287805-php-and-sqli-connection-help/#findComment-1476344 Share on other sites More sharing options...
Ch0cu3r Posted April 16, 2014 Share Posted April 16, 2014 (edited) read again my explaination is understandable for newbie The way you have posted your reply makes it hard for any one to read. Also when posting code it makes the post more readable if you wrap it in tags. EDIT. I have read your post but I do not see how it relates to the OP. Edited April 16, 2014 by Ch0cu3r Quote Link to comment https://forums.phpfreaks.com/topic/287805-php-and-sqli-connection-help/#findComment-1476348 Share on other sites More sharing options...
Ch0cu3r Posted April 16, 2014 Share Posted April 16, 2014 @rich_hemmo: The problem is you are not connected to mysql. You need to call mysqli_connect first before running any queries Also you should atleast validate and sanitize the the user input before using it in your query. And is it necessary to store the users username, password and email twice? Passwords should not be stored as plain text, they should be hashed Quote Link to comment https://forums.phpfreaks.com/topic/287805-php-and-sqli-connection-help/#findComment-1476352 Share on other sites More sharing options...
Oliverkahn Posted April 16, 2014 Share Posted April 16, 2014 ok @chuk3r and @rich_hemmo. use the md5() php function to encrypt pass.... you will password variable holding the pass into it before storing md5($password); Quote Link to comment https://forums.phpfreaks.com/topic/287805-php-and-sqli-connection-help/#findComment-1476358 Share on other sites More sharing options...
boompa Posted April 16, 2014 Share Posted April 16, 2014 The way you have posted your reply makes it hard for any one to read. Also when posting code it makes the post more readable if you wrap it in tags. EDIT. I have read your post but I do not see how it relates to the OP. It's just a copy/paste from a very bad online tutorial (to which I won't link; doesn't deserve it). Quote Link to comment https://forums.phpfreaks.com/topic/287805-php-and-sqli-connection-help/#findComment-1476361 Share on other sites More sharing options...
Ch0cu3r Posted April 16, 2014 Share Posted April 16, 2014 It's just a copy/paste from a very bad online tutorial (to which I won't link; doesn't deserve it). So you thought you would post it here... Quote Link to comment https://forums.phpfreaks.com/topic/287805-php-and-sqli-connection-help/#findComment-1476363 Share on other sites More sharing options...
maxxd Posted April 16, 2014 Share Posted April 16, 2014 You've got 8 columns listed, and only 7 values - looks like confirmusername. Quote Link to comment https://forums.phpfreaks.com/topic/287805-php-and-sqli-connection-help/#findComment-1476377 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.