PHP - Insertion In Database Problem

This topic has been moved to MySQL Help.

http://www.phpfreaks.com/forums/index.php?topic=320009.0

I am a newbie to php.. Used to do work in Cold Fusion and I cannot figure out what I am doing with a registration page I have created. I am looking to have the page insert into two databases, which it is doing, and then redirect to the main member's page. I have been looking for something and have not found anything here or online that works for me.

I understand that you cannot use header() after any type of html or echo, but I have tried .js and other methods. I am not throwing errors, just no redirect... Also I am interested in hearing how bad my code is... any positive criticism is appreciated, as I am still learning 

Here is my code:

Code: [Select]
<?php include("dbc.php");


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Registration Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link rel="stylesheet" href="style.css" type="text/css" charset="utf-8">
<link rel="stylesheet" href="styles.css" type="text/css" charset="utf-8">

//Some Javascript...



</script>
</head>
<body>
//Some Styling...
    <!-- content goes here -->
 


<h1>Register</h1>
<?php
ob_start();
error_reporting(0);
$_POST = array_map('secure', $_POST);
 if($_POST['submit'])
{
$user_name = mysql_real_escape_string($_POST['user_name']);
$query = mysql_query("SELECT * FROM xxxxusers WHERE user_name='$user_name'");
$query = mysql_query("SELECT * FROM xxxusers WHERE user_name='$user_name'");
if(mysql_num_rows($query) != 0)
{
echo "<div style="font-size: 9pt; font-weight: bold;color: red;">Username already exists</div>";
}
else
{

$user_password = mysql_real_escape_string($_POST['user_password']);
$user_pass = mysql_real_escape_string($_POST['user_pass']);
$user_email = $_POST['user_email'];
$query = mysql_query("SELECT * FROM xxxxusers WHERE user_email='$user_email'");
$query = mysql_query("SELECT * FROM xxxusers WHERE user_email='$user_email'");
if(mysql_num_rows($query) != 0)
{
echo "<div style="font-size: 9pt; font-weight: bold;color: red;">Email already exists</div>";
}
else
{

$enc_password = md5($user_password);
$enc_password = md5($user_pass);

if($user_name && $user_password && $user_pass && $user_email)
{ 

if (strlen($user_name)>20)
{
echo  "<div style="font-size: 9pt; font-weight: bold;color: red;">Your Name is Too Long</div>";
}

$email = htmlspecialchars($_POST['user_email']);
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))
{
    echo  "<div style="font-size: 9pt; font-weight: bold;color: red;">E-mail address not valid</div>";
}
{
require "dbc.php";

mysql_query("INSERT INTO xxxxusers
stuff....) VALUES(stuff....) ") 
or die(mysql_error());  

mysql_query("INSERT INTO xxxusers
stuff....) VALUES(stuff....) ") 
or die(mysql_error()); 
}

}
 else echo "<div style="font-size: 9pt; font-weight: bold;color: red;">All Fields Are Required</div>";

}
}
}
ob_end_flush();
 
?>
<form action="register.php" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Username:</td>
<td><input type="text" name="user_name" maxlength="30" value="<?php echo "$user_name"; ?>"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="user_password" maxlength="30" value=""></td>
</tr>
<tr>
<td>Confirm password:</td>
<td><input type="password" name="user_pass" maxlength="30" value=""></td>
</tr>
<tr>
<td>Email address:</td>
<td><input type="text" name="user_email" maxlength="50" value=""<?php echo "$user_email"; ?>""></td
</tr>

<tr><td colspan="2" align="right">
<input type="submit" value="Register!" id="submit" name="submit"></td></tr>
<tr><td colspan="2" align="left"><a href="index.php">Back to Home Page</a></td></tr>
</table>
</form>

Guys,
I'm not at all able to insert characters like " ' ` and all sorts into my database or it will always return an error. I just created a textarea field in my site of which I just want to istore all those collected datas into my database for later retrieval  and all sorts. Please help!

Hi everyone,

I'm trying to create a site where teachers can upload educational animations (swfs) and source files (.fla's) to a site as a shared resource for others to use in their classrooms.

I've concatinated a random number to both the source file and animation file to circumvent the problem of files with same names being uploaded.

However,  I have one small problem. The source file is not a mandatory upload, so sometimes the $source_file is null. However, with the random number concatinated, $source_fileX is not null.

I tried to write some code saying that if $source_file is null, then $source_fileX should be null, else $source_fileX should be random_number concatinated with $source_file , but it doesn't seem to be working.

The animation files are uploading fine. It's just the source files that are not. Nor is $source_fileX being inserted into the source_file field in the database.

Code below. Thanks in advance.

Code: [Select]

<?php

$keywords = $_POST["keywords"];
$subject = $_POST["subject"];
$description = $_POST["description"];
$website = $_POST["website"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$school = $_POST["school"];
$animation_file = $_POST["animation_file"];
$source_file = $_POST["source_file"];
$random_digit=rand(00000, 9999);

$animation_fileX=$random_digit . $_FILES['animation_file']['name'];
if($animation_fileX!="")
{
if (!copy($_FILES['animation_file']['tmp_name'], "uploads/$animation_fileX"))
{
echo "failed to copy \n";
}
}

if   ($source_file!="")
{ 
$source_fileX=$random_digit . $_FILES['source_file']['name'];
}
else
{
$source_fileX="";
}

if($source_fileX!="")
{
if (!copy($_FILES['source_file']['tmp_name'], "source_file_uploads/$source_fileX"))
{
echo "failed to copy \n";
}
}


//**********************SEND TO DATABASE****************************

 include 'mysql_connect.php'; 

$query = "INSERT INTO animation_uploads (date, animation_file, source_file, keywords, subject, description, firstname, lastname, school, website)" . "VALUES (NOW(), '$animation_fileX', '$source_fileX',  '$keywords', '$subject' , '$description', '$firstname', '$lastname', '$school' , '$website')";
//if($query){echo 'data has been placed'}
mysql_query($query) or die(mysql_error());

//***********************END OF DATABASE CODE***********************

Hi, I have a lovely wordpress theme on my website. Unfortunately I can not get text or the home page itself into the landing page, is there any way to do this at all?  I want to the home page text to sit under the    I have contacted the theme author with no help. I want the text to sit underneath the four image buttons (below banner slider)   This is the website  http://www.cloudchasing.co.uk/   Hope this makes sense, many thanks for help in advance.   Karl

Hi,
This escape function will only block quotes

How would you stop java script insertion?
 

function escape($string) {
    return htmlentities($string, ENT_QUOTES, 'UTF-8');
}

Thanks  

i am facing a problem regarding the insertion of of link in a text area is not detected but the output is a normal text "unlike facebook comments"
is there any php functions ???
thanks in advance

Hi guys.I am making a Query Analyzer in php which takes the query string inside a form and out puts the result table in that particular page.How do i output the notification by MySQL when you do a successful insertion of data into mysql.i want to know if there are any methods in php which gives you that such as "1 row affected","Query took 0.00sec".Thanks

Hi, if someone could assist me, it would be much appreciated. I have a database website. I generated it using AppGini. Unfortunatly, they haven't answered my emails. What I'm trying to do is change my database to not dynamically load the selected record, but to instead load the direct URL to the record.

(Here is the website address: http://2g2egkxd3.site.aplus.net/updates/bad_view.php)

If you hover above the record, you will see the full URL for that record.

Example: http://2g2egkxd3.site.aplus.net/updates/bad_view.php?SelectedID=Buck%20Allen

But when you click it, it doesn't load that URL into the browser. I'm guessing it dynamically loads it into the page.
The reason I'm trying to do this is because I want to have a social/comment system for each record/prospect and it won't work if the record is dynamically loaded.

Hi all

Good morning / night / afternoon

I have a duplication problem when I need to print my records in PHP
First of all let's see the database table



As you can see the duplication happened duo to the approvers that mean if there is only one approver there will be no duplication
For example when I want to pint request number 1 it will print

1 - Cris - Hadi
1 - Cris - Jack

but I want it to be like this

1 - Cris - Hadi,Jack

and thank you for your time

Hey,

i have a script in my game that picks up the output rate of a unit which if there is more than one unit it devides, i have 3 teams and the script picks up team 1 and 2, but any units in team 3 the rate shows 0? 

IE

HEAVY SOLDIER 100%

but with the 3rd team its always showing 0%

Code: [Select]
<font face="Verdana" color="#000000" size="2"><b>Output Rate</b></font></td></tr>';
      $sql = "SELECT id,name FROM units WHERE class={$row[0]} AND visible=1";
      $r2 = mysql_query($sql);
      while ($row2 = mysql_fetch_row($r2))
      {
         echo '<tr><td align="center">'.$row2[1].'</td><td align="center"><input text="text" size="5" style="'.$boxStyle.'" name="a'.$row2[0].'" value='.getRate($userid,$row2[0]).'>%</td></tr>';
      }
      echo '<tr><td colspan="2" align="center"><input type="submit" value="Set Rates for '.$row[1].'"></td></tr>';
      echo '</table></form>';
   }
   echo '</center>';

DB's

Code: [Select]

FOR UNITS.

id name toground toair hp class evolvesto style cost visible
6 Mulanix 10 10 200 3 0 1 20 1
5 Numani 5 5 100 3 6 1 10 1


any help would be great it's annoying me and i can't solve it.

hi,
i was having difficulty and i'm quite confused how to insert these values to the database before it will become as it is, based on this article:
http://roshanbh.com.np/2008/01/populate-triple-drop-down-list-change-options-value-from-database-using-ajax-and-php.html

what i did was putting/saving the values directly in the database (mysql). but now i want those values to be coming from the user's input:the country,state and city so the system will just get those values, store it to the database with the fields of each table having the same content like that from article above..i really need some help here..

I got some help from this forum previously and am having some more issues.  I created a database class that works and returns a PDO object.  I am having trouble figuring out how to use the object in another class I want to use to access some CRUD functions.  I get to the point where I  start using the pdo object I create in the database class and my code fails.  I am obviously calling the pdo object property incorrectly.  I guess I don't understand the proper syntax.  I've included the code for the database class and the CRUD class.  The problem starts at the point where I try to run a prepared statement.  I have include a comment "Problem stars here" to indicate that point.  There is a lot of debug stuff still in the code.

Thanks,

--Kenoli

<?php
	
	class Db {
	
	public $pdo = '';
	public $message = 'A message from db!<br><br>';

function __construct() {
	
	$servername = "localhost";
	$username = "root";
	$password = "";
	$dbname = "tio-local";
	
	$db_options = array(
	PDO::ATTR_EMULATE_PREPARES => false, 
	PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, 
	PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
	);
	
	try {
		
	  $this->pdo = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password, $db_options);
	  // set the PDO error mode to exception
	  $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

	}  // End Try
	
	catch(PDOException $e) {
		  echo "Error: " . $e->getMessage();
		}
		
	} // End __construct
	
} // End class definition DB.php

$db = new Db;

$pdo = $db->pdo;

print_r ($pdo);

?>

<?php // Db_functions.php

include_once ('Db.php'); // $db instantiated in class file

$pdo = $db->pdo;

class Db_functions {
	
	public $pdo = '';
	
	function __construct($pdo) { 
		
		$this->pdo = $pdo;
		
	} // Close __construct
  
  public function insert($table_name, $white_list, $insert_array) {
		
			if ($white_list == '' && $table_name == 'Sites') {
		
			$white_list = array('gone'=>'','site_name' =>'', 'site_address' =>'', 'grommets' =>'', 'tape' =>'', 'site_image' =>'',  'description' =>'', 'surface' =>'', 'tio_contact' =>'', 'site_contact' =>'','owner' =>'', 'lessee' =>'',  'contact_phone' =>'', 'contact_email' =>'', 'contact_date' =>'', 'comments' =>'');
			} elseif  ($white_list == '' && $table_name == 'Persons') {
				
				$white_list = array('gone'=>'', 'fname'=>'', 'lname'=>'', 'tio'=>'', 'volunteer'=>'', 'general'=>'', 'artist_pic'=>'', 'email'=>'', 'website'=>'', 'telephone'=>'', 'address'=>'', 'city'=>'', 'state'=>'', 'zip'=>'', 'statement'=>'');
			}
			
			echo '<strong>***The following is the PDO object: </strong>';
		print_r ($this->pdo);
			
			echo '<p>The following is the $white_list:<br>';
			
			echo '<pre>';
			print_r ($white_list);
			echo '</pre>';
			
			echo '<strong>***The following is the PDO object: </strong>';
		print_r ($this->pdo);
			
			/** Test and remove any unpermitted columns **/
			
			$insert_array = array_intersect_key($insert_array, $white_list);
			
			echo '<strong>***The following is the PDO object: </strong>';
		print_r ($this->pdo);
		
		/** Generate variables to create prepared statements **/
		
			foreach($insert_array as $key => $value) {  
				$col .= $key . ', ';  
				$val .= ':' .$key . ', ';
			}
			
			echo '$col = ' . $col . '<p>';
			echo '$val = ' . $val . '<p>';
			
			echo '<strong>***The following is the PDO object: </strong>';
		print_r ($this->pdo);
		
		/** Remove ', ' at end of arrays and create prepared statement */
		
			$col = substr_replace($col ,"",-2);
			$val = substr_replace($val ,"",-2);
			$sql = "INSERT INTO Sites ($col) VALUES ($val)";
			
			echo "<p>SQL = $sql<br><br>"; /** Debug **/
		
		echo '<h3>More</h3<br>';	
			
		/** Register prepared statement */
		
		/****** PROBLEM STARTS HERE *****/
		
			$stmt = $this->pdo->prepare($sql);
			
		echo '<h3>More2</h3>';	
		
		/** Create [:field, $value] pairs. */
		
			foreach($insert_array as $key => $value) {
				$param = ':' . $key;
				$stmt->bindParam($param, $$value);
				
			//}
		
		/** Create [field => value] array */
		
			foreach($insert_array as $key => $value) {
				$insert[$key] =  $value;
			}
			
		
		/** Execute statement using $insert array. **/
		
			$stmt->execute($insert);
	
	} // End insert function
	
	
} // Close class definition

$db_functions = new Db_functions($pdo);

$insert_array = array('fname' => 'John', 'lname' => 'Hancock');

$db_functions->insert('Persons', '', $insert_array);

echo '<pre>';
print_r ($db_functions);
echo '</pre>';

?>

 

Edited February 6 by kenoli

Hi,

For school, I need to build a site and this site has to have a few applications. One of the applications, I have to make is to make a script that makes it possible to upload a file and it has to put this file in a online database. Now, I'm just trying to put it in a local database. My code doesn't give an error, but it doesn't work either. The file doesn't get into the database. I can't figure out why. I hope you can help me?

Thanks in advance!

Lize