Jump to content

Passing variable-data from one script to the other....

abch624

By abch624
in PHP Coding Help

 Share

Recommended Posts

abch624 Member

abch624

Posted
Posted

Hi guys I have a login page, the user provides with his username, and password... The table used for this verification is:

venueuserID(primaryKey)
username
password
venuid

I then use these two fields provided by the user to get the venuuserid. I will use this later on in an update query...

The first login page has code:

<?php
/* Program: Login.php
* Desc:    Login program for the Members Only section of
*          the pet store. It provides two options:
*          (1) login using an existing Login Name and
*          (2) enter a new login name. Login Names and
*          passwords are stored in a MySQL database.
*/
  session_start();;                                  
  switch (@$_POST['do'])                                
  {
   case "login": 
   
    $user="root";
$host="localhost";
$password="";
$database="venudatabase";                                       
    $cxn = mysqli_connect($host,$user,$password,$database)
             or die ("Couldn't connect to server.");    

   $sql = "SELECT username FROM venueuser
           WHERE username='$_POST[fusername]'";        
	   
   $result = mysqli_query($cxn,$sql)
             or die("Couldn't execute query.");         
   $num = mysqli_num_rows($result); #21
   if ($num > 0) // login name was found                
   {

      $sql1 = "SELECT username FROM venueuser
              WHERE username='$_POST[fusername]'
              AND password=('$_POST[fpassword]')";

      $result2 = mysqli_query($cxn,$sql1)
                 or die("Couldn't execute query 2.");
      $num2 = mysqli_num_rows($result2);
      if ($num2 > 0) // password is correct            
      {
  	
	$sql2 = "SELECT venuid FROM venueuser
			WHERE username='$_POST[fusername]'
			AND password=('$_POST[fpassword]')";

	$result3 = mysqli_query($cxn,$sql2)
				or die("Couldn't execute query 3.");
	$_POST['$result3'];		

         $_SESSION['auth']="yes";                       
         $logname=$_POST['fusername'];
         $_SESSION['logname'] = $logname;               
         $today = date("Y-m-d h:i:s");
         header("Location: sign_up.php");           
} 
     else    // password is not correct                  
     {
        $message="The Login Name, '$_POST[fusername]'
            exists, but you have not entered the
            correct password! Please try again.<br />";
        include("login.php");                    
     }
    }                                                      
    elseif ($num == 0)  // login name not found      
    {
     $message = "The Login Name you entered does not
                 exist! Please try again.<br>";
     include("login.php");
    }
break;

default:                                           
         include("login.php");
}
?>

Now if you can see the method I have adopted to post venuid to the next page is $_POST['$result3']... I wonder if this correct....

Then I use this venuid on an update query:

$sql = "UPDATE venu SET name='".$_POST['venu_name']."',
   							address1='".$_POST['address']."',
						city='".$_POST['city']."',
						postcode='".$_POST['postcode']."',
						telephone='".$_POST['telephone']."',
						fax='".$_POST['fax']."',
						email='".$_POST['email']."',
						contactname='".$_POST['contactname']."'
						WHERE venuid='".$_POST['$result3']."'";

I wonder if this is correct...

When I run this in phpMyAdmin it is fine (i.e. I replace the $_POST['$result3'] with an actual value)...

But in the php code this just does not work...

 

ANY advise or do you need more information...

Link to comment
Share on other sites
abch624 Member

abch624

Posted
  • Author
Posted

first you shouldn't use direct post input every in a query as it can compromise your tables security, and secondly odds are you have an error in the query that isn't showing

 

Thanks for that... But you say "odds are you have an error in the query that isn't showing" I did not get that at all, a bit more explanation please.

Link to comment
Share on other sites
abch624 Member

abch624

Posted
  • Author
Posted

well when you right

$query = "select this that ....";

it isn't a query

this is

$query = "select this tat...";

$r = mysql_query($query) or die(mysql_error());

 

on the $r line you need to check 4 an error using that or die part

This is not the problem, what you are saying/pointing out is actually working...

My question is related to this part of the code:

if ($num2 > 0) // password is correct            
      {
  	
	$sql2 = "SELECT venuid FROM venueuser
			WHERE username='$_POST[fusername]'
			AND password=('$_POST[fpassword]')";

	$result3 = mysqli_query($cxn,$sql2)
				or die("Couldn't execute query 3.");
	$_POST['$result3'];		

         $_SESSION['auth']="yes";                       
         $logname=$_POST['fusername'];
         $_SESSION['logname'] = $logname;               
         $today = date("Y-m-d h:i:s");
         header("Location: sign_up.php");

i.e. $_POST['$result3'];

I want to know how I can pass that on to the next script and use it. Thanks

Link to comment
Share on other sites
abch624 Member

abch624

Posted
  • Author
Posted

do you mean pass it on to the next page, e.g., sign_up.php? use sessions or pass it in the URL:

 

header("Location: sign_up.php?info={$_POST['$result3']}");
exit;

 

then, in sign_up.php you can get info from $_GET:

 

$info = $_GET['info']
echo "info: $info<BR>";

This is the sign_up.php code:

<?php
/* Program: sign_up.php
*/
$info = $_GET['info'];
echo $info;
$_POST['$info'];
?>
<p><font size="4" face="Verdana, Arial, Helvetica, sans-serif"><strong>Become
  a Member!</strong></font></p>
<p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Join our website
  and enjoy the benefits of becoming a member!</font></p>
<?php
if($errors){
echo "<p align=\"center\"><font size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\" color=\"#FF0000\">$errors</font></p>\n";
}
?>
<form method="post" action="/join.php">
  <table width="50%" border="1" align="" cellpadding="4" cellspacing="0">
    <tr>
      <td width="200" align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Venu Name</font></td>
      <td width="179" align="left" valign="top"><input name="venu_name" type="text" id="venu_name" value="<?=$_POST['venu_name'];?>"></td>
    </tr>
    <tr>
      <td width="200" align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Address</font></td>
      <td align="left" valign="top"><input name="address" type="text" id="address" value="<?=$_POST['address'];?>"></td>
    </tr>
    <tr>
      <td width="200" align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica, sans-serif">City</font></td>
      <td align="left" valign="top"><input name="city" type="text" id="city" value="<?=$_POST['city'];?>"></td>
    </tr>
    <tr>
      <td align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Post Code</font></td>
      <td align="left" valign="top"><input name="postcode" type="text" id="postcode" value="<?=$_POST['postcode'];?>"></td>
    </tr>
    <tr>
      <td width="200" align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Telephone</font></td>
      <td align="left" valign="top"><input name="telephone" type="text" id="telephone" value="<?=$_POST['telephone'];?>"></td>
    </tr>
    <tr>
      <td width="200" align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Fax</font></td>
      <td align="left" valign="top"><input name="fax" type="text" id="fax" value="<?=$_POST['fax'];?>"></td>
    </tr>
    <tr>
      <td width="200" align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Email</font></td>
      <td align="left" valign="top"><input name="email" type="text" id="email" value="<?=$_POST['email'];?>"></td>
    </tr>
    <tr>
      <td width="200" align="left" valign="top" nowrap><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Contact Name</font></td>
      <td align="left" valign="top"><input name="contactname" type="text" id="contactname" value="<?=$_POST['contactname'];?>"></td>
    </tr>
    <tr>
      <td align="left" valign="top"> </td>
      <td align="left" valign="top"><input name="req" type="hidden" id="req" value="process">
        <input type="submit" name="Submit" value="Submit Information!"></td>
    </tr>
  </table>
</form>

 

I have added the bit you told...

 

The next bit of the code is :

<?php
include $_SERVER['DOCUMENT_ROOT'].'/mini.php';
include $_SERVER['DOCUMENT_ROOT'].'/layout.php';

switch($_REQUEST['req']){
case "process":

   // Validate all required fields were posted
   if(!$_POST['venu_name'] ||
      !$_POST['address'] ||
      !$_POST['city'] ||
      !$_POST['postcode'] ||
      !$_POST['telephone'] ||
      !$_POST['fax'] ||
      !$_POST['email'] ||
      !$_POST['contactname']){
        
         $error = true;
         $errors .= "<strong>Form Input Errors:".
                    "</strong>\n\n";
        
         if(!$_POST['venu_name']){
            $errors .= "Missing Venu Name\n";
         }
        
         if(!$_POST['address']){
            $errors .= "Missing Address\n";
         }
       
         if(!$_POST['city']){
            $errors .= "Missing City Name\n";
            $email_error = true;
         }
        
         if(!$_POST['postcode']){
            $errors .= "Missing Post Code".
                       "Verification\n";
            $email_error = true;
         }
        
         if(!$_POST['telephone']){
            $errors .= "Missing Telephone Number\n";
         }
        
         if(!$_POST['fax']){
            $errors .= "Missing Fax Number\n";
            $password_error = true;
         }
        
         if(!$_POST['email']){
            $errors .= "Missing Email\n";
            $password_error = true;
         }
        
         if(!$_POST['contactname']){
            $errors .= "Missing Contact Name\n";
         }
   }
  
   // If both emails were posted, validate they match.
   if($email_error == false){
         if($_POST['email_address'] !=
                  $_POST['email_address2']){
            $error = true;
            $errors .= "Email addresses do not match!\n\n";
            $email_error = true;
         }
   }
  
  /*
   // If both passwords were posted, validate they match.
   if($password_error == false){
         if($_POST['password'] != $_POST['password2']){
            $error = true;
            $errors .= "Passwords do not match!\n\n";
            $password_error = true;
         }
   }
   
   if($email_error == false){
      // Verify if email address has been used already.
      $ecount = mysql_result(mysql_query("SELECT COUNT(*)
                     AS ecount FROM members
                     WHERE email_address =
                     '{$_POST['email_address']}'"),0);
    
      // If email exists, generate error and message.  
      if($ecount > 0){
         $error = true;
         $errors .= "This email address has already ".
                    "been used ".
                    "please choose another.\n\n";
      }
   }

   // Verify if username already exists.
   $ucount = mysql_result(mysql_query("SELECT COUNT(*)
                  AS ucount FROM members
                  WHERE username =
                  '{$_POST['username']}'"),0);

   // If username exists, generate error and message.  
   if($ucount > 0){
      $error = true;
      $errors .= "Username already exists, ".
                 "please choose another.\n\n";
   }
  
   // If $error is TRUE, then include the signup form
   // and display the errors we found.
  */
  
   if($error == true){
      $errors = nl2br($errors);
      include $_SERVER['DOCUMENT_ROOT'].
              '/sign_up.html';
      footer();
      exit();
   }
  
   
   $user="root";
$host="localhost";
$password="";
$database="venudatabase";
   
   $cxn = mysqli_connect($host,$user,$password,$database)
       or die ("couldn't connect to the database");

   // All checks have passed, insert user in database
   $sql = "UPDATE venu SET name='".$_POST['venu_name']."',
   							address1='".$_POST['address']."',
						city='".$_POST['city']."',
						postcode='".$_POST['postcode']."',
						telephone='".$_POST['telephone']."',
						fax='".$_POST['fax']."',
						email='".$_POST['email']."',
						contactname='".$_POST['contactname']."'
						WHERE venuid='".$_POST['$result3']."'";

echo $sql;

$result = mysqli_query($cxn,$sql) or die ("NO");


if($result == true) {
myheader("Thanks");
include $_SERVER['DOCUMENT_ROOT'].
              '/thanks.html';
footer();
}



   // All checks have passed, insert user in database
  
   // Email user
  
   // Email Admin
  
   // That's it! Done!
break;   

      default:
  $myheader("Welcome");
      include $_SERVER['DOCUMENT_ROOT'].
              '/sign_up.html';
  $footer();
   break;
}
?>

 

The code executes but when I go into the database I see that the UPDATE querry didnt do anything!!!!!

Please have a look at the codes and advise will be grate...

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.