msebar Posted August 16, 2014 Share Posted August 16, 2014 I have a membership site that a user creates a username and password at registration. The user logs in and all that works. The usersname is located in the database under users. Each page is protected and you must login to access it. Here is the code for that checkLogin('2'); $getuser = getUserRecords($_SESSION['user_id']); If the user login is correct they have access to the page. This all works fine as I said. On this page is a form that gets filled out. All the data except the username is added to the database for the contents of this form. I need to have the username added to the database to track who the data belongs to. Here is the code I have for this, can some tell me where I messed up. The line under the the code <body> pulls the username and the echo command prints the username on the page. I repeated this code under the if ($_SERVER['REQUEST_METHOD'] == "POST") code and it also prints the username. <?php // this is processed when the form is submitted // back on to this page (POST METHOD) if ($_SERVER['REQUEST_METHOD'] == "POST") { $usernow = $getuser[0]['username']; $userid = $usernow; echo "$userid"; # escape data and set variables $userid = addslashes($_POST["userid"]); $date = addslashes($_POST["date"]); $temperature = addslashes($_POST["temperature"]); $ph = addslashes($_POST["ph"]); $ammonia = addslashes($_POST["ammonia"]); $nitrite = addslashes($_POST["nitrite"]); $nitrate = addslashes($_POST["nitrate"]); $phosphate = addslashes($_POST["phosphate"]); $gh = addslashes($_POST["gh"]); $kh = addslashes($_POST["kh"]); $iron = addslashes($_POST["iron"]); $potassium = addslashes($_POST["potassium"]); $notes = addslashes($_POST["notes"]); // # setup SQL statement $sql = " INSERT INTO water_parameters "; $sql .= " (id, userid, date, temperature, ph, ammonia, nitrite, nitrate, phosphate, gh, kh, iron, potassium, notes) VALUES "; $sql .= " ('', '$userid', '$date', '$temperature', '$ph', '$ammonia', '$nitrite', '$nitrate', '$phosphate', '$gh', '$kh', '$iron', '$potassium', '$notes') "; // #execute SQL statement $result = mysql_query($sql); // # check for error if (mysql_error()) { print "Database ERROR: " . mysql_error(); } print "<h3><font color=red>New Water Parameters Were Added</font></h3>"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/290479-username-not-being-added-to-the-database/ Share on other sites More sharing options...
CroNiX Posted August 16, 2014 Share Posted August 16, 2014 (edited) try commenting this out $userid = addslashes($_POST["userid"]); You're saying you get the correct username when you echo $userid? The line above is setting the value from $_POST, so use the $userid that you're echoing. Edited August 16, 2014 by CroNiX Quote Link to comment https://forums.phpfreaks.com/topic/290479-username-not-being-added-to-the-database/#findComment-1487923 Share on other sites More sharing options...
CroNiX Posted August 16, 2014 Share Posted August 16, 2014 I'd also use the MySQLi driver and not MySQL because that driver is now deprecated in php. That or PDO. 1 Quote Link to comment https://forums.phpfreaks.com/topic/290479-username-not-being-added-to-the-database/#findComment-1487924 Share on other sites More sharing options...
gizmola Posted August 16, 2014 Share Posted August 16, 2014 I'd also use the MySQLi driver and not MySQL because that driver is now deprecated in php. That or PDO. Not only that, but addslashes hasn't been the way to go even when mysql_ wasn't deprecated. You use mysql_real_escape_string(). However --- please DON'T. My advice is to convert your code to use PDO instead. Quote Link to comment https://forums.phpfreaks.com/topic/290479-username-not-being-added-to-the-database/#findComment-1487925 Share on other sites More sharing options...
msebar Posted August 16, 2014 Author Share Posted August 16, 2014 (edited) That worked pefect thank you very much. Once I do finish the site being I have only 3 more pages to complete I will look into converting it to MYSQLi. From what I just looked to convert it I think it most likely be a pain in the butt. But I see it has to be done. Thanks once again. Mike Edited August 16, 2014 by msebar Quote Link to comment https://forums.phpfreaks.com/topic/290479-username-not-being-added-to-the-database/#findComment-1487926 Share on other sites More sharing options...
msebar Posted August 16, 2014 Author Share Posted August 16, 2014 Not only that, but addslashes hasn't been the way to go even when mysql_ wasn't deprecated. You use mysql_real_escape_string(). However --- please DON'T. My advice is to convert your code to use PDO instead. Is PDO more of a pain or easier? Quote Link to comment https://forums.phpfreaks.com/topic/290479-username-not-being-added-to-the-database/#findComment-1487927 Share on other sites More sharing options...
fastsol Posted August 16, 2014 Share Posted August 16, 2014 I found PDO to be easier and easier to convert too. Quote Link to comment https://forums.phpfreaks.com/topic/290479-username-not-being-added-to-the-database/#findComment-1487934 Share on other sites More sharing options...
Jacques1 Posted August 16, 2014 Share Posted August 16, 2014 PDO is much more comfortable than MySQLi. For example, fetching data with a prepared statement only requries prepare(), execute() and a foreach loop. The same thing in MySQLi requires prepare(), bind_param(), execute(), bind_result() and a while loop to call fetch(). But more importantly, PDO is a universal database interface, it's not limited to one particular database system. If you decide to switch from MySQL to PostgreSQL, you can do that without having to rewrite your entire code again. If you want to use an embedded SQLite database, you can access it in the same way you access your main database. 1 Quote Link to comment https://forums.phpfreaks.com/topic/290479-username-not-being-added-to-the-database/#findComment-1487936 Share on other sites More sharing options...
msebar Posted August 16, 2014 Author Share Posted August 16, 2014 cool and thanks everyone for the help Quote Link to comment https://forums.phpfreaks.com/topic/290479-username-not-being-added-to-the-database/#findComment-1487971 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.