|
PHP - Php Mysqli Register Script Error
Hi, I have taken the step of writing my site in MySQLi instead of MYSQL as advised. However, I had a script that I got off the internet, the original file works great and registers the user to the database. However the edited version of the script, where I have added more information such as the users address etc, no longer works. I have compared the two files and can't seem to find the problem. When the script is run, it skips all the registration part and jumps to the last error in the script saying 'You Could Not Be Registered Because Of Missing Data.'. All the variables match the column names in the database.
Here is the original working script
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
// some error checking
/*
if($_POST['reg']){
echo "form submitted";
}else{ echo "form not submitted"; }
*/
if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['email'] ) ){
// echo $_POST['user']." - ".$_POST['pass']." - ".$_POST['email'];
if( strlen( $_POST['user'] ) < 5 )
{
include('header.inc');
echo "Username Must Be 5 or More Characters.";
include('footer.inc');
}
elseif( strlen( $_POST['pass'] ) < 5 )
{
include('header.inc');
echo "Password Must Be 5 or More Characters.";
include('footer.inc');
}
elseif( $_POST['pass'] == $_POST['user'] )
{
include('header.inc');
echo "Username And Password Can Not Be The Same.";
include('footer.inc');
}
elseif( $_POST['email'] == "" )
{
//More secure to use a regular expression to check that the user is entering a valid email
// versus just checking to see if the field is empty
include('header.inc');
echo "Email must be valid.";
include('footer.inc');
}
else
{
require( 'database.php' );
$username = mysqli_real_escape_string($con, $_POST['user']);
//Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
$password = mysqli_real_escape_string($con, md5( $_POST['pass']));
$email = mysqli_real_escape_string($con, $_POST['email'] );
$sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
//echo "$sqlCheckForDuplicate<br/>";
$result = mysqli_query($con, $sqlCheckForDuplicate);
if(mysqli_num_rows($result) == 0){
//echo "No Duplicates<br/>";
$sqlRegUser = "INSERT INTO user( username, password, email ) VALUES (
'". $username ."',
'". $password ."',
'". $email."'
)";
//echo "$sqlRegUser<br/>";
if( !mysqli_query($con, $sqlRegUser ) )
{
include('header.inc');
echo "You Could Not Register Because Of An Unexpected Error.";
include('footer.inc');
}
else
{
/* Note: When using the header function, you cannot send output to the browser
* before the header function is called. IF you want to echo a message to the
* user before going back to your login page then you should use the HTML
* Meta Refresh tag. */
//echo "You Are Registered And Can Now Login";
//echo " $username"; //this is for error checking
header ('location: login.php');
// if using echo then use meta refresh
/*
*?>
*<meta http-equiv="refresh" content="2;url= login.php/">
*<?
*/
}
mysqli_free_result($result);
}
else
{
include('header.inc');
echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
//echo " $username;" //this is for error checking
include('footer.inc');
}
/* close connection */
mysqli_close($con);
}
}
else
{
include('header.inc');
echo "You Could Not Be Registered Because Of Missing Data.";
include('footer.inc');
}
?>
and here is my version
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['pass_again'] ) && isset( $_POST['firstname'] ) && isset( $_POST['lastname'] ) && isset( $_POST['email'] ) && isset( $_POST['email_again'] ) && isset( $_POST['address1'] ) && isset( $_POST['address2'] ) && isset( $_POST['town'] ) && isset( $_POST['county'] ) && isset( $_POST['postcode'] ) && isset( $_POST['business'] ) && isset( $_POST['vat_registered'] ) && isset( $_POST['vat_number'] )) {
if( strlen( $_POST['user'] ) < 5 )
{
include('includes/overall/header.php');
echo "Username Must Be 5 or More Characters.";
include('includes/overall/footer.php');
}
elseif( strlen( $_POST['pass'] ) < 5 )
{
include('includes/overall/header.php');
echo "Password Must Be 5 or More Characters.";
include('includes/overall/footer.php');
}
elseif( $_POST['pass'] == $_POST['user'] )
{
include('includes/overall/header.php');
echo "Username And Password Can Not Be The Same.";
include('includes/overall/footer.php');
}
elseif( $_POST['pass_again'] == "" )
{
include('includes/overall/header.php');
echo "Passwords must match";
include('includes/overall/footer.php');
}
// CREATE BETTER EMAIL CHECK
elseif( $_POST['email'] == "" )
{
include('includes/overall/header.php');
echo "Email must be valid.";
include('includes/overall/footer.php');
}
elseif( $_POST['email_again'] == "" )
{
include('includes/overall/header.php');
echo "Emails must match.";
include('includes/overall/footer.php');
}
elseif( $_POST['address_1'] == "" )
{
include('includes/overall/header.php');
echo "Address cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['address_2'] == "" )
{
include('includes/overall/header.php');
echo "Address cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['town'] == "" )
{
include('includes/overall/header.php');
echo "Town cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['county'] == "" )
{
include('includes/overall/header.php');
echo "County cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['postcode'] == "" )
{
include('includes/overall/header.php');
echo "Postcode cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['business'] == "" )
{
include('includes/overall/header.php');
echo "Business cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['vat_registered'] == "" )
{
include('includes/overall/header.php');
echo "VAT Registered cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['vat_number'] == "" )
{
include('includes/overall/header.php');
echo "VAT number cannot be empty, please enter N/A if not VAT registered.";
include('includes/overall/footer.php');
}
else
{
require( 'database.php' );
$username = mysqli_real_escape_string($con, $_POST['user']);
//Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
$password = mysqli_real_escape_string($con, md5( $_POST['pass']));
$password_again = mysqli_real_escape_string($con, md5( $_POST['pass_again']));
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$email = mysqli_real_escape_string($con, $_POST['email'] );
$email_again = mysqli_real_escape_string($con, $_POST['email_again']);
$address_1 = mysqli_real_escape_string($con, $_POST['address_1']);
$address_2 = mysqli_real_escape_string($con, $_POST['address_2']);
$town = mysqli_real_escape_string($con, $_POST['town']);
$county = mysqli_real_escape_string($con, $_POST['county']);
$postcode = mysqli_real_escape_string($con, $_POST['postcode']);
$business = mysqli_real_escape_string($con, $_POST['business']);
$vat_registered = mysqli_real_escape_string($con, $_POST['vat_registered']);
$vat_number = mysqli_real_escape_string($con, $_POST['vat_number']);
$sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
//echo "$sqlCheckForDuplicate<br/>";
$result = mysqli_query($con, $sqlCheckForDuplicate);
if(mysqli_num_rows($result) == 0){
//echo "No Duplicates<br/>";
$sqlRegUser = "INSERT INTO user( username, password, password_again, firstname, lastname, email, email_again, address_1, address_2, town, county, postcode, business, vat_registered, vat_number ) VALUES (
'". $username ."',
'". $password ."',
'". $password_again ."',
'". $firstname ."',
'". $lastname ."',
'". $email ."',
'". $email_again ."',
'". $address_1 ."',
'". $address_2 ."',
'". $town ."',
'". $county ."',
'". $postcode ."',
'". $business ."',
'". $vat_registered ."',
'". $vat_number."'
)";
//echo "$sqlRegUser<br/>";
if( !mysqli_query($con, $sqlRegUser ) )
{
include('includes/overall/header.php');
echo "You Could Not Register Because Of An Unexpected Error.";
include('includes/overall/footer.php');
}
else
{
header ('location: login.php');
}
mysqli_free_result($result);
}
else
{
include('includes/overall/header.php');
echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
//echo " $username;" //this is for error checking
include('includes/overall/footer.php');
}
/* close connection */
mysqli_close($con);
}
}
else
{
include('includes/overall/header.php');
echo "You Could Not Be Registered Because Of Missing Data.";
include('includes/overall/footer.php');
}
?>
Error reporting is switched on, I just cant see the problem. Any help is much appreciated :)
Similar TutorialsThe error is on line 101. Help please. Code: [Select] <?php //begin register script $submit = $_POST['submit']; //form data $username= strip_tags ($_POST['username']); $email= strip_tags($_POST['email']); $pwd= strip_tags($_POST['pwd']); $confirmpwd= strip_tags($_POST['confirmpwd']); $date = date("Y-m-d"); if ($submit) { //check for required form data if($username&&$pwd&&$confirmpwd&&$email) { //encrypt password $pwd = md5($pwd); $confirmpwd =md5($pwd); //check if passwords match if ($pwd==$confirmpwd) { //check length of username if (strlen($username)>25||strlen($username)>25) { echo "length of username is too long"; } else { //check password length if(strlen($pwd)>25||strlen($pwd)<6) { echo"password must be between 6 and 25 characters"; } else { //register the user } else echo "your passwords do not match"; } else echo "please fill in all fields"; } ?> Sets up a mysqli connection script which I retrieve with included. If a user enters the wrong password or username then the connection to the database will be interrupted, and a message will be given about this. I want to do this in a different way. I want the .php connection script to work so that the script lets me or the ser know if it is the password that is incorrect or the username that is not authenticated. This way the user can find out if he / she has entered the wrong password or username. If both are incorrect, notice of this will be given. connection file is a fairly standard script. I have no clue about how to solve this problem. Is it posible at all? Do you know how to do it?
<? I closed everything down last night and it was all fine, website was working as normal etc, but I've turned on the Xxamp server today and I am getting this error. Seems very random as nothing has changed since it was last on? Does anyone know how to sort this out and why I'm now getting this error? Thanks! I'm sorry this code is a mess, this is my attempt at a online youtube tutorial http://www.youtube.com/user/phpacademy#p/c/9CC58D1B2A2D83D6/9/cBJZZlLrXGo The script runs with no parse errors but it does not the following: - present error messages when input is incorrect - enter correct input into the database - retain the user input in the form so the user does not need to re enter the information. I would just use another script but this is the 2nd part of a tutorial that will really help me learn so I need this to work . Any help appreciated. 1. 2. <?php 3. include("design/header.php"); 4. require("connect.php"); 5. 6. //register code 7. 8. 9. if(isset($POST['submit'])) 10. { 11. //grab submitted data 12. $firstname = $_POST['firstname']; 13. $lastname = $_POST['lastname']; 14. $username = $_POST['username']; 15. $password = $_POST['password']; 16. $password_repeat = $_POST['password_repeat']; 17. 18. $dob_year = $_POST['dob_year']; 19. $dob_month = $_POST['dob_month']; 20. $dob_day = $_POST['dob_day']; 21. 22. $gender = $_POST['gender']; 23. 24. if ( 25. $firstname&& 26. $lastname&& 27. $username&& 28. $password&& 29. $password_repeat&& 30. $dob_year&& 31. $dob_month&& 32. $dob_day&& 33. $gender 34. ) 35. { 36. 37. //validation 38. if(strlen($firstname)>25 || strlen($lastname)>25 || strlen($username)>25) 39. echo "Firstname, lastname and username must be no more than 25 characters."; 40. 41. 42. else 43. { 44. if (strlen($password)>25 || strlen($password)<6) 45. echo "Password must be between 6 and 25 characters."; 46. 47. else 48. { 49. if (is_numberic($dob_year)&&is_numberic($dob_month)&&is_numberic($dob_day)) 50. { 51. 52. if (strlen($dob_year)>4||strlen($dob_year)>2||strlen($dob_year)>2) 53. echo "Date of birth must be 4 characters, month and must be 2."; 54. else 55. { 56. if ($gender=="Male"||$gender=="Female") 57. { 58. //compare pass 59. if ($password==$password_repeat) 60. { 61. //check dob limits for month and day 62. if ($dob_month>12||$dob_day>31) 63. echo "Date of birth month or day is bigger than expected!"; 64. else{ 65. //check for existing user 66. $query =mysql_query("SELECT * FROM users WHERE username='$username'"); 67. if (mysql_num_rows($query)>=1) 68. echo "That username is already taken."; 69. else { 70. //success!! 71. $dob_db = "$dob_year-$dob_month-$dob_day"; 72. $password_db = md5($password); 73. 74. switch ($gender) 75. { 76. case "Male": 77. $gender_db = "M"; 78. break; 79. case "Female": 80. $gender_db = "F"; 81. break; 82. $register = mysql_query("INSERT INTO user VALUES ('','$firstname','$lastname','$username','$password_db','$dob_db','$gender_db')"); 83. echo "success!"; 84. } 85. } 86. } 87. } 88. else 89. {echo "Passwords must match"; 90. } 91. } 92. else 93. echo "Gender must be Male or Female."; 94. } 95. } 96. else 97. echo "Date of birth must be in number form. For example 1993/05/30"; 98. } 99. } 100. }else{ 101. echo "Please enter your details and click Register!"; 102. } 103. } 104. 105. ?> 106. 107. <p> 108. <form action='register.php' method='POST'> 109. 110. <table width='60%'> 111. <tr> 112. <td width='40%' align='right'> 113. <font size='2' face='arial'>Firstname: 114. </td> 115. <td> 116. <input type='text' value='<?php echo $firstname; ?>' name='firstname' maxlength='25'> 117. </td> 118. </tr> 119. <tr> 120. <td width='40%' align='right'> 121. <font size='2' face='arial'>Lastname: 122. </td> 123. <td> 124. <input type='text' value='<?php echo $lastname; ?>' name='lastname' maxlength='25'> 125. </td> 126. </tr> 127. <tr> 128. <td width='40%' align='right'> 129. <font size='2' face='arial'>Username: 130. </td> 131. <td> 132. <input type='text' value='<?php echo $username; ?>' name='username' maxlength='25'> 133. </td> 134. </tr> 135. <tr> 136. <td width='40%' align='right'> 137. <font size='2' face='arial'>Password: 138. </td> 139. <td> 140. <input type='password' name='password' maxlength='25'> 141. </td> 142. </tr> 143. <tr> 144. <td width='40%' align='right'> 145. <font size='2' face='arial'>Repeat Password: 146. </td> 147. <td> 148. <input type='password' name='password_repeat' maxlength='25'> 149. </td> 150. </tr> 151. <tr> 152. <td width='40%' align='right'> 153. <font size='2' face='arial'>Date of birth: 154. </td> 155. <td> 156. <input type='text' name='dob_year' maxlength='4' size='3' value='<?php if ($dob_year) echo $dob_year; else echo "YYYY";?>'> /<input type='text' name='dob_month' maxlength='2' size='1' value='<?php if ($dob_month) echo $dob_month; else echo "MM";?>'> / <input type='text' name='dob_day' maxlength='2' size='1' value='<?php if ($dob_day) echo $dob_day; else echo "DD";?>'> 157. </td> 158. </tr> 159. <tr> 160. <td width='40%' align='right'> 161. <font size='2' face='arial'>Gender: 162. </td> 163. <td> 164. <select name='gender'> 165. <option>Female</option> 166. <option>Male</option> 167. </select> 168. </td> 169. </tr> 170. 171. </table> 172. <div align='right'><input type='submit' name='submit' value='Register'> 173. </form> 174. 175. 176. <?php 177. include("design/footer.php"); 178. 179. ?> 180. Hey, so this is my register script
<?php
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', 1);
require 'connect.php';
echo "<title> Register </title>";
if(isset($_POST['register'])) {
$username = trim($_POST['username']);
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$password = hash('sha512', $_POST['password']);
if(!$_POST['username'] OR !$_POST['password']) {
die("You must enter a username and password!");
}
$stmt = $con->prepare("INSERT INTO usrs_usr (username, password) VALUES (?, ?)");
$stmt->bind_param("ss", $username, $password);
$stmt->get_result();
var_dump($stmt);
$stmt->execute();
echo "New user has been created successfully";
$stmt->close();
$conn->close();
}
?>
Now the problem is i have done a variable dump which outputs nothing, and the only error i am getting is
Fatal error: Call to a member function bind_param() on a non-object Hello, I have a registration page requesting simple information (first name, last name, email and password). When I click my 'register' button I receive the following errors:
Below is most of the code where I experience issues. The lines called out a
mysqli_stmt_bind_param($q, 'ssss', $first_name, $last_name, $email, $hashed_passcode);
// execute query
mysqli_stmt_execute($q);
if (mysqli_stmt_affected_rows($q) == 1) { // One record inserted
if (empty($errors)) { // If everything's OK.
// Register the user in the database...
// Hash password current 60 characters but can increase
$hashed_passcode = password_hash($password1, PASSWORD_DEFAULT);
require ('msqli_connect.php'); // Connect to the db.
// Make the query:
$query = "INSERT INTO users (userid, first_name, last_name, ";
$query .= "email, password, registration_date) ";
$query .="VALUES(' ', ?, ?, ?, ?, NOW() )";
$q = mysqli_stmt_init($dbcon);
mysqli_stmt_prepare($q, $query);
// use prepared statement to ensure that only text is inserted
// bind fields to SQL Statement
mysqli_stmt_bind_param($q, 'ssss', $first_name, $last_name, $email, $hashed_passcode);
// execute query
mysqli_stmt_execute($q);
if (mysqli_stmt_affected_rows($q) == 1) { // One record inserted
header ("location: register-thanks.php");
exit();
} else { // If it did not run OK.
// Public message:
$errorstring =
"<p class='text-center col-sm-8' style='color:red'>";
$errorstring .=
"System Error<br />You could not be registered due ";
$errorstring .=
"to a system error. We apologize for any inconvenience.</p>";
echo "<p class=' text-center col-sm-2'
style='color:red'>$errorstring</p>";
// Debugging message below do not use in production
//echo '<p>' . mysqli_error($dbcon) . '<br><br>Query: ' .
$query . '</p>';
mysqli_close($dbcon); // Close the database connection.
// include footer then close program to stop execution
echo '<footer class="jumbotron text-center col-sm-12"
style="padding-bottom:1px; padding-top:8px;">
include("footer.php");
</footer>';
exit();
}
} else { // Report the errors.
$errorstring =
"Error! <br /> The following error(s) occurred:<br>";
foreach ($errors as $msg) { // Print each error.
$errorstring .= " - $msg<br>\n";
}
$errorstring .= "Please try again.<br>";
echo "<p class=' text-center col-sm-2'
style='color:red'>$errorstring</p>";
}// End of if (empty($errors)) IF.
}
catch(Exception $e) // We finally handle any problems here
{
// print "An Exception occurred. Message: " . $e->getMessage();
print "The system is busy please try later";
}
catch(Error $e)
{
//print "An Error occurred. Message: " . $e->getMessage();
print "The system is busy please try again later.";
}
?>
I have done some searching around to try and figure out the issue; but I can't seem to put my finger on it. This is a new database, and I haven't been able to get test registered as of yet. Any help would be appreciated. Thank you Hey I would just like to release a simple login/register script that will work just fine and has some nice systems in it. The Login. (I will post the code then below tell you what you need to do to get it to work with MYSQL DATABASE) Create a file and call it login with the suffix .php so if you have file extensions showing on your computer it will look like "login.php" then put this code inside of it. Code: [Select] <?php session_start(); ?> <?php function mysql_prep($value) { $magic_quotes_active = get_magic_quotes_gpc(); $new_enough_php = function_exists("mysql_real_escape_string"); // i.e PHP >= v4.3.0 if($new_enough_php){ // PHP v4.3.0 or higher if ($magic_quotes_active){ $value = stripslashes($value); } $value = mysql_real_escape_string($value); }else{ //Before PHP v4.3.0 //if magic quotes aren't already on then add slahes manually if(!$magic_quotes_active){ $value = addslashes($value); } // if magic quotes are active then the slashes already exist } return $value; } function redirect_to($location = NULL){ if($location != NULL){ header("Location: {$location}"); exit; } } define("DB_SERVER","localhost"); define("DB_USER","root"); define("DB_PASS","yourpassword"); define("DB_NAME","yourdatabasename"); $connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS); if(!$connection){ die("Database Connection Failed: " . mysql_error()); } $db_select = mysql_select_db("bcooperz", $connection); if(!$db_select){ die("Connection to database failed: " . mysql_error()); } ?> <?php if(isset($_SESSION['user_id'])){ redirect_to("staff.php"); } ?> <?php if (isset($_POST['submit'])){ $errors = array(); // Perform validations on the form $required_fields = array('username', 'password'); foreach($required_fields as $fieldname){ if(!isset($_POST[$fieldname]) || empty($_POST[$fieldname])){ $errors[] = $fieldname; } } $field_with_lengths = array('username' => 30, 'password' => 30); foreach($field_with_lengths as $fieldname => $maxlength) { if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) { $errors[] = $fieldname; } } $username = trim(mysql_prep($_POST['username'])); $password = trim(mysql_prep($_POST['password'])); $hashed_password = sha1($password); if (empty($errors)){ // Checks database to see if username and password exist their $query = "SELECT id, username FROM users WHERE username='$username' AND hashed_password='$hashed_password' LIMIT 1"; $result_set = mysql_query($query, $connection); if(!$result_set){ die("Database Query Failed: " . mysql_error()); } if (mysql_num_rows($result_set) == 1) { // The Username and Password have been found in the database and the user is verified // Only 1 Match $found_user = mysql_fetch_array($result_set); $_SESSION['user_id'] = $found_user['id']; $_SESSION['username'] = $found_user['username']; redirect_to("staff.php"); }else{ // Username and Password was not found in the database. $message = "Username/Password Combination Incorrect.<br/>Please make sure your caps lock key is off and try again."; echo $message; } }else{ $count = count($errors); if($count == 1){ echo "Their Was {$count} Error In The Form" . "<br />"; print_r(implode(", ", $errors)); }else{ echo "Their Was {$count} Error's In The Form" . "<br />"; echo "<b>"; print_r(implode(", ", $errors)); echo "</b>"; } } }else{ // The Form Has Not Been Submitted if(isset($_GET['logout']) && $_GET['logout'] == 1){ echo "You Are Now Logged Out"; } if(isset($_GET['nowlogged']) && $_GET['nowlogged'] == 1){ echo "You Need to Login to reach this page."; } $username = ""; $password = ""; } ?> <html> <head> <title>Register</title> </head> <body> <form action="login.php" method="post"> Username : <input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /><br /> Password : <input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /><br /><br /> <input type="submit" name="submit" value="Login" /><br /> </form> <p>Haven't got an account? register <a href="register.php">here!</a></p> </body> </html> Now once you have a file called "login.php" with the above code inside of it you will need to goto your mysql database and create a database with a table that has 3 fields in the following format. - id - int(11) - Auto increment - username - varchar(50) - hashed_password - varchar(40) Now search for this in the login.php code Code: [Select] define("DB_SERVER","localhost"); define("DB_USER","root"); define("DB_PASS","yourpassword"); define("DB_NAME","yourdatabasename"); And This: Code: [Select] $db_select = mysql_select_db("bcooperz", $connection); And change these to your settings. Once you have done all this create a new file called register with the suffix .php as well so if you have file extensions turned on it will look like "register.php" And add this code inside it: Code: [Select] <?php function mysql_prep($value) { $magic_quotes_active = get_magic_quotes_gpc(); $new_enough_php = function_exists("mysql_real_escape_string"); // i.e PHP >= v4.3.0 if($new_enough_php){ // PHP v4.3.0 or higher if ($magic_quotes_active){ $value = stripslashes($value); } $value = mysql_real_escape_string($value); }else{ //Before PHP v4.3.0 //if magic quotes aren't already on then add slahes manually if(!$magic_quotes_active){ $value = addslashes($value); } // if magic quotes are active then the slashes already exist } return $value; } function redirect_to($location = NULL){ if($location != NULL){ header("Location: {$location}"); exit; } } ?> <?php define("DB_SERVER","localhost"); define("DB_USER","root"); define("DB_PASS","maxcooper"); define("DB_NAME","bcooperz"); $connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS); if(!$connection){ die("Database Connection Failed: " . mysql_error()); } $db_select = mysql_select_db("bcooperz", $connection); if(!$db_select){ die("Connection to database failed: " . mysql_error()); } ?> <?php if(isset($_POST['submit'])){ $username = trim(mysql_prep($_POST['username'])); $password = trim(mysql_prep($_POST['password'])); $hashed_password = sha1($password); $confirmpass=$_POST['confirmpass']; $query2 = "SELECT * FROM users WHERE username='$username'"; $result2 = mysql_query($query2); $counted=mysql_num_rows($result2); $errors = array(); // Perform validations on the form $required_fields = array('username', 'password', 'confirmpass'); foreach($required_fields as $fieldname){ if(!isset($_POST[$fieldname]) || empty($_POST[$fieldname])){ $errors[] = $fieldname; } } if($confirmpass!=$_POST['password']){ $errors[] = "passdifference"; } if($counted > 0){ $errors[] = "User Already Created"; } $field_with_lengths = array('username' => 30, 'password' => 30); foreach($field_with_lengths as $fieldname => $maxlength) { if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) { $errors[] = $fieldname; } } /* The Form Has Been Submitted */ if (empty($errors)){ $query = "INSERT INTO users (username,hashed_password) VALUES ('{$username}', '{$hashed_password}')"; $result = mysql_query($query, $connection); if($result){ echo "User Successfully Created"; }else{ echo "The User Could Not Be Created" . "<br />"; echo mysql_error(); } }else{ $count = count($errors); if($count == 1){ echo "Their Was {$count} Error In The Form" . "<br />"; print_r(implode(", ", $errors)); }else{ echo "Their Was {$count} Error's In The Form" . "<br />"; echo "<b>"; print_r(implode(", ", $errors)); echo "</b>"; } } }else{ /* The Form Has Not Yet Been Submitted */ $username = ""; $password = ""; } ?> <html> <head> <title>Register</title> </head> <body> <form action="register.php" method="post"> Username : <input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /><br /> Password : <input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /><br /> Confirm Password: <input type="password" name="confirmpass" maxlength="30" value="" /><br /><br /> <input type="submit" name="submit" value="Register" /><br /> </form> <p>Already have a account? login here <a href="login.php">here!</a></p> </body> </html> Once you have done that and you have a file called "register.php" you will need to perform the final step which will be changing the database details once again on the second file ("register.php"). Thanks, Bcooperz. Please tell me if this works here is my code: Code: [Select] function registerUser() { mysql_connect('localhost', 'user', 'password', 'table'); $rsPostCode = $_POST['rsPostCode']; $rsGender = $_POST['rsGender']; $rsUser = $_POST['rsUser']; $rsPass = $_POST['rsPass']; $rsEmail = $_POST['rsEmail']; $rsMobile = $_POST['rsMobile']; $rsAge = $_POST['rsAge']; $sql = "INSERT INTO members_copy (rsPostCode, rsGender, rsUser, rsPass, rsEmail, rsMobile, rsAge) VALUES ($rsPostCode, $rsGender, $rsUser, $rsPass, $rsEmail, $rsMobile, $rsAge);"; //echo $sql; mysql_query($sql); } When I write out my SQL this is the output: INSERT INTO members_copy (rsPostCode, rsGender, rsUser, rsPass, rsEmail, rsMobile, rsAge) VALUES (BN11, Male, jarv, mypassword, john@email.com, 07998989999, 08/11/1978); here is my register page: http://www.retroandvintage.co.uk/register.php Hi guys I am working on adding a third party php members register and login into a clients web site but every time I try the regidter page is shows me this error message. Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'username'@'localhost' (using password: YES) in /home/cpassoc2/public_html/register-exec.php on line 15 Failed to connect to server: Access denied for user 'username'@'localhost' (using password: YES) This is what i have in the config.php page. <?php define('DB_HOST', 'localhost'); define('DB_USER', 'cpassoc2-memark'); define('DB_PASSWORD', '?????????'); password replaced define('DB_DATABASE', 'cpassoc2-me'); ?> I have set up the my SQL within the control panel of the site, So do i need to do any thing else???, what am i missing???. Mark..... Deprecated: Function session_register() is deprecated in /home/james/public_html/funshizzle.com/install/session.php on line 0 That is my error, I have no idea, What is it? I am trying to use the new way of validating the entered email in a register form. Code: [Select] /* REGISTER FORM */ // check if submit button has been clicked if (isset($_POST['submit_signup'])) { // process and assign variables after post submit button has been clicked $user_email = strip_tags(trim($_POST['email'])); $user_email = filter_var($user_email, FILTER_VALIDATE_EMAIL); $nickname = strip_tags(trim($_POST['nickname'])); $password = $_POST['password']; $repassword = $_POST['repassword']; $month = $_REQUEST['month']; $day = $_REQUEST['day']; $year = $_REQUEST['year']; $dob = $year . "-" . $month . "-" . $day; $find_us_question = strip_tags(trim($_POST['find_us_question'])); // connect to database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $check_query = "SELECT * FROM user WHERE nickname = '$nickname'"; $check_connect = mysqli_query($dbc, $check_query) or die(mysqli_error($dbc)); $check_count = mysqli_num_rows($check_connect); // Check if the email exists twice $query_get = "SELECT email FROM user WHERE email = '$user_email'"; $query_run = mysqli_query($dbc, $query_get); $num_rows = mysqli_num_rows($query_run); // check if username is already taken if ($check_count != 0) { echo "Username already exists!"; } elseif ($num_rows != 0) { echo "This email address is already registered in the database, you can not register it twice."; // check if fields are empty } elseif (empty($user_email) || empty($nickname) || empty($password) || empty($day) || empty($month) || empty($year)) { echo "Please fill out all the fields!"; // check char length of input data } elseif (strlen($nickname) > 30 || strlen($user_email) > 50) { echo "Maximum allowed character length for nickname/firstname/lastname are 30 characters!"; // check password char length } elseif (strlen($password) > 25 || strlen($password) < 6) { echo "Your password must be between 6 and 25 characters!"; // check if passwords match with each other } elseif ($password != $repassword) { echo "Please make sure your passwords are matching!"; } else { // encrypt password $password = sha1($password); I would like to implement now an error message stating something along the lines that the entered email address is not valid, how would I have to do the if statement to check the condition? I have some code I used to have in mysql and now im trying to convert to mysqli and I cant seem to find out what the problem is.
<?php
$username = $_SESSION['username'];
// Connect to server and select databse.
include "db_connect.php";
include "db_config.php";
// items tables selection
$sql = mysqli_query($my_database,"SELECT * FROM items_tbl WHERE level = '$account_info[player_level]' ORDER BY rand()");
//$result = mysqli_query($my_database,$sql);
// Put info into array (This Works)
while($item = mysqli_fetch_assoc($sql)){
//stats
$items_id['itemid'] = $item['itemid'];
$items_id['Level'] = $item['Level'];
$items_id['name'] = $item['name'];
$items_id['min_str'] = $item['min_str'];
$items_id['min_int'] = $item['min_int'];
$items_id['min_dex'] = $item['min_dex'];
$items_id['type'] = $item['type'];
$items_id['min_dmg'] = $item['min_dmg'];
$items_id['max_dmg'] = $item['max_dmg'];
$items_id['phys_defense'] = $item['phys_defense'];
$items_id['mag_defense'] = $item['mag_defense'];
}
?>
here is the error im getting:
Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given
hi guys i get an error in this code (comment in the code): I Code: [Select] if (checkBd ($sql, $db, $valor, $codePass)){ ($sql = $db->prepare("UPDATE users SET activation = ? WHERE activationLink=?")); $valor="1"; $sql->bind_param('is', $valor, $codePass); $sql->execute(); $sql->bind_result($valor, $codePass); //Warning: mysqli_stmt::bind_result() [mysqli-stmt.bind-result]: Number of bind variables doesn't match number of fields in prepared statement if ($sql->fetch()) { header("location: index.php"); return true; } else { echo "no"; return false; } $sql->close(); $db->close(); } what is the possible problem in the script? an another question, is this way correct to update a boolean? thanks This is my registering script: <?php include('connectvars.php'); $user_email = strip_tags(trim($_POST['email'])); $firstname = strip_tags(trim($_POST['firstname'])); $lastname = strip_tags(trim($_POST['lastname'])); $nickname = strip_tags(trim($_POST['nickname'])); $password = strip_tags($_POST['password']); $repassword = strip_tags($_POST['repassword']); $dob = $_POST['dob']; $find_us_question = strip_tags(trim($_POST['find_us_question'])); if (isset($_POST['submit_signup'])) { if ((empty($user_email)) || (empty($firstname)) || (empty($lastname)) || (empty($nickname)) || (empty($password)) || (empty($dob))) { echo "Please fill out all the fields!"; } else { // check char length of input data if (($nickname > 30) || ($firstname > 30) || ($lastname > 30) || ($user_email > 50)) { echo "Your nickname, first- and/or lastname seem to be too long, please make sure you have them below the maximum allowed length of 30 characters!"; } else { // check password char length if (($password > 25) || ($password < 6)) { echo "Your password must be between 6 and 25 characters!"; } else { // encrypt password $password = sha1($password); $repassword = sha1($repassword); if ($password != $repassword) { echo "Please make sure your passwords are matching!"; } else { $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $query = sprintf("INSERT INTO user (firstname, lastname, nickname, password, email, dob, doj) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', now())", mysqli_real_escape_string($dbc, $firstname), mysqli_real_escape_string($dbc, $lastname), mysqli_real_escape_string($dbc, $nickname), mysqli_real_escape_string($dbc, $password), mysqli_real_escape_string($dbc, $user_email), $dob); mysqli_query($dbc, $query); mysqli_close($dbc); echo "You have been successfully registered!"; } } } } } ?> A bunch of nested if statements, the read-ability gets worse after a while, I'm new to programming so I don't know if there's a better more read-able solution. Anyway, every time I try to sign up it's printing out the echo message: "Your password must be between 6 and 25 characters!" Which derives from: // check password char length if (($password > 25) || ($password < 6)) { echo "Your password must be between 6 and 25 characters!"; } else { EVEN if I stay between 6 and 25 characters it's still printing out this error message, let's say I have a password of 8 characters, and I've entered everything else correctly, it's still giving me all the time this error message, and I can not figure out why. hello i tried to switch from mysqli to pdo but somehow i made a mistake
MYSQLI
$qry = "SELECT * FROM con where id= '$user'";
$result = mysqli_query($conn, $qry);
while ($row = mysqli_fetch_assoc($result)) {
print_r($row["convoy_cars"], true);
if($row["convoy_cars"] == 1){
echo '<div class="dashtext-3">Autos für Spieler erlaubt: <a class="btn btn-sm primary rounded"><i class="fa fa-check-square"></div></i> </a>';
}
elseif($row["convoy_cars"] == 2){
echo '<div class="dashtext-3">Autos für Spieler erlaubt: <a class="btn btn-sm danger rounded"><i class="fa fa-times"></i></div> </a>';
}
print_r($row["convoy_hct"], true);
if($row["convoy_hct"] == 1){
echo '<div class="dashtext-3">HCT-Trailer erlaubt: <a class="btn btn-sm primary rounded"><i class="fa fa-check-square"></i> </div></a>';
}
elseif($row["convoy_hct"] == 2){
echo '<div class="dashtext-3">HCT-Trailer erlaubt: <a class="btn btn-sm danger rounded"><i class="fa fa-times"></i></div> </a>';
print_r($row["convoy_absicherung"], true);
}
if($row["convoy_absicherung"] == 1){
echo '<div class="dashtext-3">Absicherung: <a class="btn btn-sm primary rounded"><i class="fa fa-check-square"></i> </div></a>';
}
elseif($row["convoy_absicherung"] == 2){
echo '<div class="dashtext-3">Absicherung: <a class="btn btn-sm danger rounded"><i class="fa fa-times"></i></div> </a>';
}
}
my try in pdo
$qry = "SELECT * FROM con where id= '$user'";
$result = $pdo->prepare($qry);
while ($row = $qry->fetch(PDO::FETCH_ASSOC)){
print_r($row["convoy_cars"], true);
if($row["convoy_cars"] == 1){
echo '<div class="dashtext-3">Autos für Spieler erlaubt: <a class="btn btn-sm primary rounded"><i class="fa fa-check-square"></div></i> </a>';
}
elseif($row["convoy_cars"] == 2){
echo '<div class="dashtext-3">Autos für Spieler erlaubt: <a class="btn btn-sm danger rounded"><i class="fa fa-times"></i></div> </a>';
}
print_r($row["convoy_hct"], true);
if($row["convoy_hct"] == 1){
echo '<div class="dashtext-3">HCT-Trailer erlaubt: <a class="btn btn-sm primary rounded"><i class="fa fa-check-square"></i> </div></a>';
}
elseif($row["convoy_hct"] == 2){
echo '<div class="dashtext-3">HCT-Trailer erlaubt: <a class="btn btn-sm danger rounded"><i class="fa fa-times"></i></div> </a>';
print_r($row["convoy_absicherung"], true);
}
if($row["convoy_absicherung"] == 1){
echo '<div class="dashtext-3">Absicherung: <a class="btn btn-sm primary rounded"><i class="fa fa-check-square"></i> </div></a>';
}
elseif($row["convoy_absicherung"] == 2){
echo '<div class="dashtext-3">Absicherung: <a class="btn btn-sm danger rounded"><i class="fa fa-times"></i></div> </a>';
}
}
Hi, I am trying to convert the register & login script from mysql to mysqli. I have converted the easy parts and have the connection to the database, but the following functions all need changing and I can't work out the correct solution mainly due to the deprecation of mysql_result() The code that needs updating is
<?php
function user_count() {
return mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `active` = 1"), 0);
}
function users_online() {
return mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `logged_in` = 1"), 0);
}
function change_profile_image($user_id, $file_temp, $file_extn) {
$file_path = 'images/profile/' . substr(md5(time()), 0, 10) . '.' . $file_extn;
move_uploaded_file($file_temp, $file_path);
mysql_query("UPDATE `users` SET `profile` = '" . mysql_real_escape_string($file_path) . "' WHERE `user_id` = " . (int)$user_id);
}
function has_access($user_id, $type) {
$user_id = (int)$user_id;
$type = (int)$type;
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_id` = $user_id AND `type` = $type"), 0) == 1) ? true : false;
}
function activate($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
}
function user_exists($username) {
$username = sanitize($username);
$query = mysql_query("SELECT COUNT('user_id') FROM `users` WHERE `username` = '$username'");
return (mysql_result($query, 0) == 1) ? true : false;
}
function email_exists($email) {
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}
function user_id_from_email($email) {
$email = sanitize($email);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `email` = '$email'"), 0, 'user_id');
}
function login($username, $password) {
$user_id = user_id_from_username($username);
mysql_query("UPDATE `users` SET `logged_in` = 1 WHERE `user_id` = $user_id");
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false;
}
?>
And here is what the converter gave me:
function user_count() {
return mysql_result(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT COUNT(`user_id`) FROM `users` WHERE `active` = 1"), 0);
}
function users_online() {
return mysql_result(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT COUNT(`user_id`) FROM `users` WHERE `logged_in` = 1"), 0);
}
function change_profile_image($user_id, $file_temp, $file_extn) {
$file_path = 'images/profile/' . substr(md5(time()), 0, 10) . '.' . $file_extn;
move_uploaded_file($file_temp, $file_path);
mysql_query("UPDATE `users` SET `profile` = '" . mysql_real_escape_string($file_path) . "' WHERE `user_id` = " . (int)$user_id);
}
function has_access($user_id, $type) {
$user_id = (int)$user_id;
$type = (int)$type;
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_id` = $user_id AND `type` = $type"), 0) == 1) ? true : false;
}
function activate($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
}
function user_exists($username) {
$username = sanitize($username);
$query = mysql_query("SELECT COUNT('user_id') FROM `users` WHERE `username` = '$username'");
return (mysql_result($query, 0) == 1) ? true : false;
}
function email_exists($email) {
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}
function user_id_from_email($email) {
$email = sanitize($email);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `email` = '$email'"), 0, 'user_id');
}
function login($username, $password) {
$user_id = user_id_from_username($username);
mysql_query("UPDATE `users` SET `logged_in` = 1 WHERE `user_id` = $user_id");
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false;
}
?>
Please could someone point me in the right direction here?
Also my site works perfectly well with MySQL, do I have to convert it to MySQLi?
Many Thanks
Paul
If anyone knows how to solve this, it would be much appreciated. I already have a website template and would prefer to continue with mysqli instead of PDO.Many Thanks Paul Hey all, I'm having some trouble running some mysql statements through mysqli. I've tried to debug them various ways, but to no avail. This is the offending code: class DBOPS { protected $config, $mysqli; public function __construct () { $this->config = array (...snip...); $this->mysqli = new mysqli ($this->config['server'], $this->config['username'], $this->config['password'], $this->config['database']); session_start(); } public function Login ($username, $password) { $toreturn = NULL; //Problem area is from here... $encryptedpassword = hash(...snip...); print_r(array( $this->config['usertable']['username'], $username, $this->config['usertable']['password'], $encryptedpassword)); $statement = $this->mysqli->stmt_init(); $statement->prepare('SELECT * FROM users WHERE ? = ? AND ? = ?'); $statement->bind_param( 'ssss', $this->config['usertable']['username'], $username, $this->config['usertable']['password'], $encryptedpassword); $statement->execute(); print_r($statement->affected_rows); //To here. if ($statement->affected_rows == 1) { $_SESSION[$this->config['sessiondata']['username']] = $username; $_SESSION[$this->config['sessiondata']['lastactivity']] = time(); $toreturn = TRUE; } else { $toreturn = FALSE; } $statement->close(); return $toreturn; } The print_r($statement->affected_rows); statement always returns -1, which means a query error. Is there a problem with the syntax of the predefined query in $statement->prepare('SELECT * FROM users WHERE ? = ? AND ? = ?') ? I really can't seem to find the problem in this code. There are no errors returned. The output from the print_r() statements are Code: [Select] Array ( [0] => Name [1] => Trey [2] => Password [3] => ...snip... )from the first print_r and Code: [Select] -1from the second. And lastly, I know that DIY login systems are generally discouraged, but this is more of a research project. I would greatly appreciate any help with this. Thanks. Hi, 3 different tutorials teach 3 different ways on how to get php mysqli echo connection errors.
Which one should I memorise out of these 3 you advise ?
1.
$link = mysqli_connect("127.0.0.1", "my_user", "my_password", "my_db");
if (!$link) {
echo "Error: Unable to connect to MySQL." . PHP_EOL;
echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
exit;
}
mysqli_close($link);
2.
$link = mysqli_connect("localhost", "root", "");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
// Print host information
echo "Connect Successfully. Host info: " . mysqli_get_host_info($link);
// Close connection
mysqli_close($link);
3.
mysqli_connect("localhost", "root", "", "GFG");
if(mysqli_connect_error())
echo "Connection Error.";
else
echo "Database Connection Successfully.";
Q2. On the connection point check, you give your rankings on these following 3 based on your preference.
A. if(mysqli_connect_error())
B.
if($link === false){
C.
if (!$link) {
A.
die("ERROR: Could not connect. " . mysqli_connect_error());
B. echo "Connection Error.";
C. echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL; echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
Briefly, let me know: A). Which connection error checking point to use and which error message echoing point to use. B). If you got your own that is better and more helpful then explain why it is better over these 3 and any others.
<?php
if (isset($_POST['reset-submit'])) {
$selector = $_POST['selector'];
$validator = $_POST['validator'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
// probably better to check this earlier
if (empty($password) || empty($password2)) {
header("Location: ../create-new-password.php?newpassword=empty&selector=$selector&validator=$validator");
} elseif ($password !== $password2) {
header("Location: ../create-new-password.php?newpassword=passwordsnotmatch");
}
$currentDate = date("U");
require "dbh.inc.php";
$sql = "SELECT * FROM reset_password WHERE selector=? AND expires >= $currentDate";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error 1";
exit();
} else {
mysqli_stmt_bind_param($stmt, 'ss', $selector, $currentDate);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (!$row = mysqli_fetch_assoc($result)) {
echo 'You need to re-submit your reset request.';
exit();
} else {
$tokenBin = hex2bin($validator);
$tokenCheck = password_verify($tokenBin, $row['token']);
if (!$tokenCheck) {
echo 'You need to re-submit your reset request.';
exit();
} else {
$email = $row['email'];
$sql = "SELECT * FROM users WHERE email = $email";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error 2";
exit();
} else {
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (!$row = mysqli_fetch_assoc($result)) {
echo "SQL error 3";
exit();
} else {
$sql = "UPDATE users SET password=? WHERE email=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error4 ";
exit();
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, 'ss', $hashed_password, $email);
mysqli_stmt_execute($stmt);
$sql = 'DELETE FROM reset_password WHERE email=?';
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo 'SQL error5';
exit();
} else {
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?newpassword=updated");
}
}
}
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
header('Location: ../reset-password.php?reset=success');
} else {
header('Location: ../index.php');
}
I always get this errors:
Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 26
But i dont find the mistake in the Code. Can someone help me please |
|||||||