Pikatucy Posted June 16, 2022 Share Posted June 16, 2022 <?php $con = mysqli_connect('localhost','root','root','users'); if(mysqli_connect_errno()) { echo "1"; exit(); } $username = $_POST["name"]; $fname = $_POST["fname"]; $lname = $_POST["lname"]; $email = $_POST["email"]; $password = $_POST["password"]; $namecheckquery = "SELECT username from users WHERE username'" . $username . "';"; $emailcheckquery = "SELECT email from users WHERE email'" . $email . "';"; $namecheck = mysqli_query($con, $namecheckquery) or die("2: Name check query failed"); $emailcheck = mysqli_query($con, $emailcheckquery) or die("2.1: Email check query failed"); if(mysqli_num_rows($namecheck) > 0) { echo "3: Name already exists"; exit(); } if(mysqli_num_rows($emailcheck) > 0) { echo "3.1: email already exists"; exit(); } //adding user to the table $salt = "\$5\$rounds=5000\$" . "steamedhams" . $username . "\$"; $hash = crypt($password, $salt); $insertuserquery = "INSERT INTO users (username, hash, salt, fname, lname, email) VALUES ($username, $hash, $salt, $fname, $lname, $email);"; ?> Hello, What's wrong with $insertuserquery... I'm totally new to php Kind regardo Quote Link to comment Share on other sites More sharing options...
Barand Posted June 16, 2022 Share Posted June 16, 2022 String literal values need to be quoted. You should be using a prepared statement, not putting those values directly into the query. You dont execute the query - you just define a string. Quote Link to comment Share on other sites More sharing options...
Pikatucy Posted June 17, 2022 Author Share Posted June 17, 2022 (edited) Hello, Thank you for your reply <?php $con = mysqli_connect('localhost','root','root','users'); if(mysqli_connect_errno()) { echo "1"; exit(); } $username = $_POST["name"]; $fname = $_POST["fname"]; $lname = $_POST["lname"]; $email = $_POST["email"]; $password = $_POST["password"]; $namecheckquery = "SELECT username from users WHERE username'" . $username . "';"; $emailcheckquery = "SELECT email from users WHERE email'" . $email . "';"; $namecheck = mysqli_query($con, $namecheckquery) or die("2: Name check query failed"); $emailcheck = mysqli_query($con, $emailcheckquery) or die("2.1: Email check query failed"); if(mysqli_num_rows($namecheck) > 0) { echo "3: Name already exists"; exit(); } if(mysqli_num_rows($emailcheck) > 0) { echo "3.1: email already exists"; exit(); } //adding user to the table $salt = "\$5\$rounds=5000\$" . "steamedhams" . $username . "\$"; $hash = crypt($password, $salt); $insertuserquery = "INSERT INTO users (username, hash, salt, fname, lname, email) VALUES ('".$username"' , '".$hash"' , '".$salt"' , '".$fname"' , '".$lname"' , '".$email"');"; mysqli_query($con, $insertuserquery) or die ("4: Insert player query failed"); echo("0"); ?> still getting an error on $insertuserquery syntax error T_CONSTANT_ENCAPES_STRING can anyone please fix it Edited June 17, 2022 by Pikatucy Quote Link to comment Share on other sites More sharing options...
Pikatucy Posted June 17, 2022 Author Share Posted June 17, 2022 @Barand Quote Link to comment Share on other sites More sharing options...
Barand Posted June 17, 2022 Share Posted June 17, 2022 $insertuserquery = "INSERT INTO users (username, hash, salt, fname, lname, email) VALUES ('$username', '$hash', '$salt', '$fname', '$lname', '$email')"; You still need to get the synatax correct in your name and email check queries. I f you can't see what's wrong, try echo $namecheckquery; Quote Link to comment Share on other sites More sharing options...
Pikatucy Posted June 18, 2022 Author Share Posted June 18, 2022 Thank you for your time and your replies the first error has been resolved Here's my last code <?php $con = mysqli_connect('localhost','root','root','stpclima_vexie'); if(mysqli_connect_errno()) { echo "1"; exit(); } $username = $_POST["name"]; $fname = $_POST["fname"]; $lname = $_POST["lname"]; $email = $_POST["email"]; $password = $_POST["password"]; $namecheckquery = "SELECT username from users WHERE username '$username' ;"; $emailcheckquery = "SELECT email from users WHERE email '$email' ;"; $namecheck = mysqli_query($con, $namecheckquery) or die("2: Name check query failed"); $emailcheck = mysqli_query($con, $emailcheckquery) or die("2.1: Email check query failed"); if(mysqli_num_rows($namecheck) > 0) { echo "3: Name already exists"; exit(); } if(mysqli_num_rows($emailcheck) > 0) { echo "3.1: email already exists"; exit(); } //adding user to the table $salt = "\$5\$rounds=5000\$" . "steamedhams" . $username . "\$"; $hash = crypt($password, $salt); $insertuserquery = "INSERT INTO users (username, hash, salt, fname, lname, email) VALUES ('$username', '$hash', '$salt', '$fname', '$lname', '$email')"; mysqli_query($con, $insertuserquery) or die ("4: Insert player query failed"); echo("0"); ?> I'm getting an error on this page "2: Name check query failed"https://stp-climatechange.net/vexie/registerer.php@Barand Quote Link to comment Share on other sites More sharing options...
Barand Posted June 18, 2022 Share Posted June 18, 2022 On 6/17/2022 at 12:12 PM, Barand said: You still need to get the synatax correct in your name and email check queries. I f you can't see what's wrong, try echo $namecheckquery; the above comment still applies Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted June 18, 2022 Share Posted June 18, 2022 (edited) your code is filled with unnecessary logic (copying variables to other variables, cryptic error handling), that doesn't help you, and you are missing needed logic, such as trimming and validate input data before using it. the current error is because you have a syntax error in the sql query statement, but the current error handling would only tell a hacker when they managed to trigger a query error. it doesn't help you when learning, developing, and debugging. when you are learning, developing, and debugging code/query(ies), you want to display all php errors and display the actual raw database statement errors. when you put your application onto a live/public server, you want to log this same information. the simple way of doing this, without adding or editing code at each database statement that can fail - connection, query, prepare, and execute, is to use exceptions for database statements and in most cases simply let php catch and handle the exception, where php will use its error related settings to control what happens with the actual error information (database statement errors will 'automatically' get displayed/logged the same as php errors.) you would then remove all the existing database statement error handling since it will no longer get executed upon an error, simplifying the code. to enable exceptions for errors for the mysqli extension, add the following line of code before the point where you make the database connection - mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); Edited June 18, 2022 by mac_gyver Quote Link to comment Share on other sites More sharing options...
Pikatucy Posted June 18, 2022 Author Share Posted June 18, 2022 (edited) Thank you @Barand, @mac_gyver for your replies and your time The problem has been resolved, there was a logic error in queries. anyway I'm facing a new error and I don't know how to solve it $insertuserquery = "INSERT INTO users (username, hash, salt, fname, lname, email) VALUES ('$username', '$hash', '$salt', '$fname', '$lname', '$email')"; mysqli_query($con, $insertuserquery) or die ("4: Insert player query failed"); Error statement: "4: Insert player query failed" I have other columns inserted into users such as balance, score, etc... but I set the default value for them as 0, should they be defined in the quoted statement above? Edited June 18, 2022 by Pikatucy Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted June 18, 2022 Share Posted June 18, 2022 5 minutes ago, Pikatucy said: Error statement: "4: Insert player query failed" if you add the line of code that i gave to use exceptions for errors for the mysqli extension, you will get an sql error telling you why the query is failing, assuming that you have php's error_reporting set to E_ALL and display_errors set to ON. having error handling like this is a fundamental troubleshooting step, i.e. trying to teach you how to fish, rather than giving you a fish to eat every time you are hungry. please take the time to learn and use the fundamentals for this task. 1 Quote Link to comment Share on other sites More sharing options...
Pikatucy Posted June 19, 2022 Author Share Posted June 19, 2022 As I'm using PHP via my hosting panel "CPanel", I'm unable to use that extension. @mac_gyver 😕 Give me that fish haha I'm unable to learn how to catch it at this moment. Maybe in the future, Ill be learning it seriously Kind regards, Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted June 19, 2022 Share Posted June 19, 2022 1 minute ago, Pikatucy said: As I'm using PHP via my hosting panel "CPanel" you should be learning and developing on a localhost development system. it is a waste of time and a security risk trying to learn and develop code/query(ies) on a live/public server. 2 minutes ago, Pikatucy said: I'm unable to use that extension your posted code IS using the mysqli database extension. the line of code i posted IS a mysqli statement. all you have to do is add that line in your code before the point where you make the database connection. if your statement means that the web host has disabled that particular function/statement, this is all the more reason to be doing this on a localhost development system. Quote Link to comment Share on other sites More sharing options...
Barand Posted June 19, 2022 Share Posted June 19, 2022 If it isn't reporting errors it may be logging them. Check the error log. 1 Quote Link to comment Share on other sites More sharing options...
Pikatucy Posted June 19, 2022 Author Share Posted June 19, 2022 [19-Jun-2022 13:18:58 UTC] PHP Fatal error: Uncaught mysqli_sql_exception: Duplicate entry '0' for key 'PRIMARY' in /home/stpclima/public_html/vexie/registerer.php:35 Stack trace: #0 /home/stpclima/public_html/vexie/registerer.php(35): mysqli_query(Object(mysqli), 'INSERT INTO use...') #1 {main} thrown in /home/stpclima/public_html/vexie/registerer.php on line 35 Quote Link to comment Share on other sites More sharing options...
Barand Posted June 19, 2022 Share Posted June 19, 2022 What is your primary key and how is it defined? Quote Link to comment Share on other sites More sharing options...
Pikatucy Posted June 19, 2022 Author Share Posted June 19, 2022 My primary key is "id" it's defined as primary key Quote Link to comment Share on other sites More sharing options...
Pikatucy Posted June 19, 2022 Author Share Posted June 19, 2022 I'm trying to pass id parameter into this query $insertuserquery = ("INSERT INTO users (id, username, hash, salt, fname, lname, email) VALUES ('".$id."','".$username."', '".$hash."', '".$salt."', '".$fname."', '".$lname."', '".$email."');"); but the problem is i have to increment the id by 1 every time i submit the query and i don't really know how to do it! $id = "SELECT id FROM users"; $id+1; Quote Link to comment Share on other sites More sharing options...
Barand Posted June 19, 2022 Share Posted June 19, 2022 Define it as id int not null auto_increment primary key Remove "id" and its value from the insert query - let mysql handle it. 1 Quote Link to comment Share on other sites More sharing options...
Pikatucy Posted June 19, 2022 Author Share Posted June 19, 2022 Thank you so much! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.