Jump to content

Error insertuserquery


Pikatucy

Recommended Posts

<?php

    $con = mysqli_connect('localhost','root','root','users');
    
    if(mysqli_connect_errno()) {
        echo "1";
        exit();
    }
    $username = $_POST["name"];
    $fname = $_POST["fname"];
    $lname = $_POST["lname"];
    $email = $_POST["email"];

    $password = $_POST["password"];
    
    $namecheckquery = "SELECT username from users WHERE username'" . $username . "';";
    $emailcheckquery = "SELECT email from users WHERE email'" . $email . "';";

    $namecheck = mysqli_query($con, $namecheckquery) or die("2: Name check query failed");
    $emailcheck = mysqli_query($con, $emailcheckquery) or die("2.1: Email check query failed");
    
    if(mysqli_num_rows($namecheck) > 0) {
        echo "3: Name already exists";
        exit();
    }
    if(mysqli_num_rows($emailcheck) > 0) {
        echo "3.1: email already exists";
        exit();
    }
    //adding user to the table
    $salt = "\$5\$rounds=5000\$" . "steamedhams" . $username . "\$";
    $hash = crypt($password, $salt);
    $insertuserquery = "INSERT INTO users (username, hash, salt, fname, lname, email) VALUES ($username, $hash, $salt, $fname, $lname, $email);";
    

?>

Hello, What's wrong with $insertuserquery... I'm totally new to php

 

Kind regardo

Link to comment
Share on other sites

Hello,

Thank you for your reply

 

<?php

    $con = mysqli_connect('localhost','root','root','users');
    
    if(mysqli_connect_errno()) {
        echo "1";
        exit();
    }
    $username = $_POST["name"];
    $fname = $_POST["fname"];
    $lname = $_POST["lname"];
    $email = $_POST["email"];

    $password = $_POST["password"];
    
    $namecheckquery = "SELECT username from users WHERE username'" . $username . "';";
    $emailcheckquery = "SELECT email from users WHERE email'" . $email . "';";

    $namecheck = mysqli_query($con, $namecheckquery) or die("2: Name check query failed");
    $emailcheck = mysqli_query($con, $emailcheckquery) or die("2.1: Email check query failed");
    
    if(mysqli_num_rows($namecheck) > 0) {
        echo "3: Name already exists";
        exit();
    }
    if(mysqli_num_rows($emailcheck) > 0) {
        echo "3.1: email already exists";
        exit();
    }
    //adding user to the table
    $salt = "\$5\$rounds=5000\$" . "steamedhams" . $username . "\$";
    $hash = crypt($password, $salt);
    $insertuserquery = "INSERT INTO users (username, hash, salt, fname, lname, email) VALUES ('".$username"' , '".$hash"' , '".$salt"' , '".$fname"' , '".$lname"' , '".$email"');";
    mysqli_query($con, $insertuserquery) or die ("4: Insert player query failed");
    
    echo("0");
    

?>

still getting an error on $insertuserquery syntax error T_CONSTANT_ENCAPES_STRING

can anyone please fix it

 

Edited by Pikatucy
Link to comment
Share on other sites

$insertuserquery = "INSERT INTO users (username, hash, salt, fname, lname, email) VALUES ('$username', '$hash', '$salt', '$fname', '$lname', '$email')";

You still need to get the synatax correct in your name and email check queries.

I f you can't see what's wrong, try

echo  $namecheckquery;

 

Link to comment
Share on other sites

Thank you for your time and your replies the first error has been resolved :)

Here's my last code

<?php

    $con = mysqli_connect('localhost','root','root','stpclima_vexie');
    
    if(mysqli_connect_errno()) {
        echo "1";
        exit();
    }
    $username = $_POST["name"];
    $fname = $_POST["fname"];
    $lname = $_POST["lname"];
    $email = $_POST["email"];

    $password = $_POST["password"];
    
    $namecheckquery = "SELECT username from users WHERE username '$username' ;";
    $emailcheckquery = "SELECT email from users WHERE email '$email' ;";

    $namecheck = mysqli_query($con, $namecheckquery) or die("2: Name check query failed");
    $emailcheck = mysqli_query($con, $emailcheckquery) or die("2.1: Email check query failed");
    
    if(mysqli_num_rows($namecheck) > 0) {
        echo "3: Name already exists";
        exit();
    }
    if(mysqli_num_rows($emailcheck) > 0) {
        echo "3.1: email already exists";
        exit();
    }
    //adding user to the table
    $salt = "\$5\$rounds=5000\$" . "steamedhams" . $username . "\$";
    $hash = crypt($password, $salt);
    $insertuserquery = "INSERT INTO users (username, hash, salt, fname, lname, email) VALUES ('$username', '$hash', '$salt', '$fname', '$lname', '$email')";

    mysqli_query($con, $insertuserquery) or die ("4: Insert player query failed");
    
    echo("0");
    

?>

I'm getting an error on this page "2: Name check query failed"
https://stp-climatechange.net/vexie/registerer.php

@Barand

Link to comment
Share on other sites

your code is filled with unnecessary logic (copying variables to other variables, cryptic error handling), that doesn't help you, and you are missing needed logic, such as trimming and validate input data before using it.

the current error is because you have a syntax error in the sql query statement, but the current error handling would only tell a hacker when they managed to trigger a query error. it doesn't help you when learning, developing, and debugging.

when you are learning, developing, and debugging code/query(ies), you want to display all php errors and display the actual raw database statement errors. when you put your application onto a live/public server, you want to log this same information. the simple way of doing this, without adding or editing code at each database statement that can fail - connection, query, prepare, and execute, is to use exceptions for database statements and in most cases simply let php catch and handle the exception, where php will use its error related settings to control what happens with the actual error information (database statement errors will 'automatically' get displayed/logged the same as php errors.) you would then remove all the existing database statement error handling since it will no longer get executed upon an error, simplifying the code.

to enable exceptions for errors for the mysqli extension, add the following line of code before the point where you make the database connection -

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

 

Edited by mac_gyver
Link to comment
Share on other sites

Thank you @Barand, @mac_gyver for your replies and your time :)

The problem has been resolved, there was a logic error in queries.

anyway I'm facing a new error and I don't know how to solve it

    $insertuserquery = "INSERT INTO users (username, hash, salt, fname, lname, email) VALUES ('$username', '$hash', '$salt', '$fname', '$lname', '$email')";

    mysqli_query($con, $insertuserquery) or die ("4: Insert player query failed");

Error statement: "4: Insert player query failed"

I have other columns inserted into users such as balance, score, etc... but I set the default value for them as 0, should they be defined in the quoted statement above?

 

Edited by Pikatucy
Link to comment
Share on other sites

5 minutes ago, Pikatucy said:

Error statement: "4: Insert player query failed"

if you add the line of code that i gave to use exceptions for errors for the mysqli extension, you will get an sql error telling you why the query is failing, assuming that you have php's error_reporting set to E_ALL and display_errors set to ON.

having error handling like this is a fundamental troubleshooting step, i.e. trying to teach you how to fish, rather than giving you a fish to eat every time you are hungry. please take the time to learn and use the fundamentals for this task.

  • Thanks 1
Link to comment
Share on other sites

1 minute ago, Pikatucy said:

As I'm using PHP via my hosting panel "CPanel"

you should be learning and developing on a localhost development system. it is a waste of time and a security risk trying to learn and develop code/query(ies) on a live/public server.

2 minutes ago, Pikatucy said:

I'm unable to use that extension

your posted code IS using the mysqli database extension. the line of code i posted IS a mysqli statement. all you have to do is add that line in your code before the point where you make the database connection. if your statement means that the web host has disabled that particular function/statement, this is all the more reason to be doing this on a localhost development system.

Link to comment
Share on other sites

[19-Jun-2022 13:18:58 UTC] PHP Fatal error: Uncaught mysqli_sql_exception: Duplicate entry '0' for key 'PRIMARY' in /home/stpclima/public_html/vexie/registerer.php:35 Stack trace: #0 /home/stpclima/public_html/vexie/registerer.php(35): mysqli_query(Object(mysqli), 'INSERT INTO use...') #1 {main} thrown in /home/stpclima/public_html/vexie/registerer.php on line 35

Link to comment
Share on other sites

I'm trying to pass id parameter into this query

    $insertuserquery = ("INSERT INTO users (id, username, hash, salt, fname, lname, email) VALUES ('".$id."','".$username."', '".$hash."', '".$salt."', '".$fname."', '".$lname."', '".$email."');");

but the problem is i have to increment the id by 1 every time i submit the query and i don't really know how to do it!

$id = "SELECT id FROM users";
$id+1;

 

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.