Jazzy 1012
asked on
Adding through query php
<?php
require "connection.php";
if ($_POST['username'] != "" && $_POST['email'] != "" && $_POST['password'] !="")
{
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO users-info (username,,email,password) VALUES ('$firstname','$email','$password')";
$data = mysqli_query($conn,$query)or die(mysqli_error($conn));
}
?>
It won't add, it there any problem? I cant see any errors
This is my form before:
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $emailErr ="";
$username = $email = $password = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$username = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$username)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["password"])) {
$password = "";
} else {
$password = test_input($_POST["password"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?> signup.php">
Name: <input type="text" name="username" value="<?php echo $username;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Password: <input type="password" name= "password" value="<?php echo $password;?>">
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
ASKER
Nothing it says error in my previous code because the preg_match won't come out, also because the form has more than one action
Why have you got two actions? Forms can only have one action.
ASKER
Because I want the preg_match to show if what they write anything invalid
Because I want the preg_match to show if what they write anything invalid
You have to do that by designing your code differently - you can't have two destinations for the form.There were many problems with your code - variable names that did not tie up, double comma in the field list of the insert multiple actions to name a few.
Here is a rework of the code
HTML.
This takes the logic for error checking and inserting into the database and combines them into a second script. This script will set the state for the form for both situations where a POST is done and first time access.
Conditionals are used in the form to show messages - which are stored in an array indexed on field name.
<?php
require_once('t1928_signup.php');
?>
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<p style="display: <?php echo empty($error) ? 'none' : 'block';?>"><span class="error">* required field.</span></p>
<form method="post">
Name: <input type="text" name="username" value="<?php echo $username;?>">
<span class="error">* <?php echo isset($error['username']) ? $error['username'] : ''?></span>
<br><br>
E-mail: <input type="text" name="email" value="<?php echo $email;?>">
<span class="error">* <?php echo isset($error['email']) ? $error['email'] : ''?></span>
<br><br>
<!-- We don't repopulate the password field -->
Password: <input type="password" name= "password" value="">
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
Signup code
<?php
// Initialise form variables and error array
$username = '';
$email = '';
$error = array ();
// Check if we were sent anything
if ($_POST) {
// Extract post variables such that we have a truthy / falsy value for each
$username = isset($_POST['username']) ? trim($_POST['username']) : false;
$email = isset($_POST['email']) ? trim($_POST['email']) : false;
$password = isset($_POST['password']) ? trim($_POST['password']) : false;
// Check for valid username and set error if not there
if (!preg_match('/^[A-Za-z ]+$/', $username)) {
$error['username'] = 'Only letters and white space allowed';
}
// Check for valid email and set error if not present
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error['email'] = 'Invalid email format';
}
// only insert if there are no errors
if (empty($error)) {
$query = "INSERT INTO `users-info` (`username`,`email`,`password`) VALUES ('{$username}','{$email}','{$password}')";
$data = mysqli_query($conn,$query);
// If we were successful then load our confirmation page
if ($data) {
header('signupsuccess.php');
}
else {
// handle database error here
}
}
}
Signupsuccess can be any page where you display the welcome message after a successful signup.
The INSERT query string has too many comas.
ASKER
Okay can the signup code I name it : t1928_signup.php?
Sorry, "comas" == "commas" and you can name a script anything you want, subject to certain common-sense rules of HTML.
Also, you may want to rethink this statement:
if (!preg_match("/^[a-zA-Z ]*$/",$username)) {
Your regular expression will reject hyphenated names and names like O'Rourke, as well as any accented characters, which leaves out lots of European names. And any UTF-8 characters outside the scope of ASCII, including all Chinese names. In other words, there are going to be a plethora of false errors caused by the regex. I would just omit it entirely. It's not the programmers' job to tell people what letters their name may or may not contain.
When you run a query, the MySQL engine will know whether the query worked or not. You can find the ways to discern success or failure, and display the error messages in this article.
https://www.experts-exchange.com/articles/11177/PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
The code samples in the article show how to test for success or failure and visualize the error messages, if any failures occur.
Also, you may want to rethink this statement:
if (!preg_match("/^[a-zA-Z ]*$/",$username)) {
Your regular expression will reject hyphenated names and names like O'Rourke, as well as any accented characters, which leaves out lots of European names. And any UTF-8 characters outside the scope of ASCII, including all Chinese names. In other words, there are going to be a plethora of false errors caused by the regex. I would just omit it entirely. It's not the programmers' job to tell people what letters their name may or may not contain.
When you run a query, the MySQL engine will know whether the query worked or not. You can find the ways to discern success or failure, and display the error messages in this article.
https://www.experts-exchange.com/articles/11177/PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
The code samples in the article show how to test for success or failure and visualize the error messages, if any failures occur.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Open in new window