Well For Start I Want To Tank You All For The Help
The Script now it create a table but send empty info
so i have try to do like this:
http://mediaads.eu/villageop/back/savepoints.php?user_id=abcdefghijklm
Now The script wen i call it give me this error:
So I Have Edit The Script code to clean it
so now my code is:
<?php
header('Access-Control-Allow-Origin: *');
error_reporting(E_ALL);
ini_set('display_errors',1);
$servername = "localhost";
$username = "publiadd_publix";
$password = "1a3g7893fsh";
try {
$conn = new PDO("mysql:host=$servername;dbname=publiadd_registervillageop", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "Connected successfully";
}
catch(PDOException $e){
echo "Connection failed: " . $e->getMessage();
}
if(isset($_GET['user_id'])){
//$user_id = intval($_GET['user_id']);
//Lightly sanitize the GET's to prevent SQL injections and possible XSS attacks
try {
$dbh = new PDO("mysql:host=$servername;dbname=publiadd_registervillageop", $username, $password);
$user_id = #$_GET['user_id'];
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line
$sql = "INSERT INTO users (user_id) VALUES ('".$_POST["user_id"]."')";
if ($dbh->query($sql)) {
echo "<script type= 'text/javascript'>alert('New Record Inserted Successfully');</script>";
}
else{
echo "<script type= 'text/javascript'>alert('Data not successfully Inserted.');</script>";
}
$dbh = null;
}
catch(PDOException $e){
echo $e->getMessage();
}
}
?>
$sql->execute(array($user_Id));
if($sql){
//The query returned true - now do whatever you like here.
echo 'Your ID was saved. Congrats!';
}else{
//The query returned false - you might want to put some sort of error reporting here. Even logging the error to a text file is fine.
echo 'There was a problem saving your points. Please try again later.';
}
}else{
echo 'Your id wasnt passed in the request.';
}
// close MySQL connection
$conn = null;
?>
<html>
<head>
</head>
<body>
<body bgcolor="#ffffff">
</body>
</html>
The method you are using in your forms is GET so use $_GET not $_POST as it goes in your if condition. So replace $_POST with $_GET and second error is your table name it is users table not publiadd_registervillageop so your sql query looks like,
$sql = "INSERT INTO users (user_id) VALUES ('".$_GET["user_id"]."')";
Related
i was coding a delete function called deleteProgram() inside a class and everything is working fine but i want to add some javascript code.
<?php
include_once 'db.inc.php';
class DeleteProgram extends Dbh{
public function deleteProgram(){
if(isset($_GET['deleteid'])){
$id = $_GET['deleteid'];
$sql = "DELETE FROM tblprogram WHERE id='$id';";
$result = $this->connect()->query($sql);
header("Location: ../php/program.php");
exit();
}
}
}
$delete = new DeleteProgram;
$delete->deleteProgram();
?>
So, this is what i did. I created a try/catch inside my deleteProgram() function inside the if statement and there i use an echo to run the javascript code. But it didn't display anything so that is where got stuck.
<?php
echo '<script src="https://unpkg.com/sweetalert/dist/sweetalert.min.js"></script>';
include_once 'db.inc.php';
class DeleteProgram extends Dbh{
public function deleteProgram(){
if(isset($_GET['deleteid'])){
$id = $_GET['deleteid'];
$sql = "DELETE FROM tblprogram WHERE id='$id';";
try{
$result = $this->connect()->query($sql);
echo '<style>.swal-text{
text-align: center;
}</style>';
echo '<script>swal("Deleted Successfully!", "Program has been deleted", "success");</script>';
header("Location: ../php/program.php");
exit();
}catch(PDOException $e){
echo '<style>.swal-text{
text-align: center;
}</style>';
echo '<script>swal ( "Delete failed!" , "'.$e->getMessage().'" , "error" );</script>';
exit();
}
}
}
}
$delete = new DeleteProgram;
$delete->deleteProgram();
?>
As suggested in comments, your code is open to SQL injections, try using parameterized prepared statements instead.
The header() function is redirecting the user before the page is loaded, so the script is written but never shown as the new page is now loaded right after.
One solution is to use the $_SESSION. It can go like this:
On your DeleteProgram class PHP file:
# [...]
session_start();
# [...]
if(isset($_GET['deleteid'])){
$id = $_GET['deleteid'];
$sql = "DELETE FROM tblprogram WHERE id='$id';";
try{
$result = $this->connect()->query($sql);
echo '<style>.swal-text{
text-align: center;
}</style>';
$_SESSION['swal'] = [
'title' => "Deleted Successfully!",
'message' => "Program has been deleted",
'status' => "success"
];
header("Location: ../php/program.php");
exit();
}catch(PDOException $e){
# [...]
}
}
# [...]
In the ../php/program.php file (somewhere in the <body>):
# [...]
session_start();
# [...]
<?php if(isset($_SESSION['swal'])) {
$title = $_SESSION['swal']['title'];
$message = $_SESSION['swal']['message'];
$status = $_SESSION['swal']['status'];
echo "<script>swal($title, $message, $status);</script>";
} ?>
May I also suggest you to not put CSS style in your code like that. It's not very reliable on where its gonna be written. As your swal() function requires you to place a <script> tag to be used, consider placing you <style> tag next to it or so.
I am quite new to JavaScript and PHP.
I have started lately on my free time to develop a chrme extension to grab some data from db on a hosting server.
I have created a php file and upload it to the server, this file will be called from my extension js file and will connect to the DB to execute a query and return the result back.
everything goes fine except I dnt see the data, it keeps sending me null info.
Connection is ok, credentials are good but somiething is missing.
PHP code:
<?php
header("Access-Control-Allow-Origin: *");
$name = $_POST['name'];
$servername = "139.162.132.71";
$username = "evhoodco_EVhdAdm";
$password = "******";
$dbname = "evhoodco_EVhd623Vehicles";
// Create connection
$dbhandle = new mysqli($servername, $username, $password, $dbname);
if (!$dbhandle)
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else{
echo "Success to connect to MySQL";
}
$result = $dbhandle->query("SELECT 1");
if ( false===$result ) {
printf("error: %s\n", mysqli_error($con));
}
else {
echo ' ... done...';
}
echo json_encode($result);
mysqli_close($dbhandle);
?>
JavaScript code:
$(document).ready(function(){
$.post('http://evhood.com/connDB.php','name=bob').done(function(data){
chrome.bookmarks.create({'parentId': "1",'title': '','url': "http://www.sapo.pt"});
console.log(data);
});
});
And this is the debug window result:
I am using PHP 5.6 to use a database.
$connect = new mysqli($serverName, $username, $password);
if ($connect->connect_error){
$connectError = mysqli_connect_error();
echo('<script> alert("Connection Failed :/'.$connectError.'")</script>');
}else{
echo(('<script> alert("Connection success :)")</script>'));
}
the issue is that $connectError stops the code outputing the javaScript alert how can i inclued the error message and output the alert?
You need to escape your $connectError:
$connect = new mysqli($serverName, $username, $password);
if ($connect->connect_error){
$connectError = addslashes(mysqli_connect_error());
echo('<script> alert("Connection Failed :/'.$connectError.'")</script>');
}else{
echo(('<script> alert("Connection success :)")</script>'));
}
I think the issue is in escaping quote marks. In my PHP code this works perfectly:
$message = "Connection Failed :/" .$connectError;
echo "<script>";
echo "alert(\"" .$message. "\");";
echo "</script>";
mysql_fetch_array() expects parameter 1 to be resource, boolean given in
<?php
mysql_connect ("localhost", "cab","a321") or die (mysql_error());
mysql_select_db ("ppwxpjey_mcidb");
$termOrd = $_POST['termOrd'];
$sql = mysql_query("select * from booking where order_no like '%$termOrd%'");
while ($row = mysql_fetch_array($sql)){
echo "<table width='1000' border='2' align='center' style='background-color:#FFFFFF;border-collapse:collapse;border:2px solid #6699FF;color:#000000'><tr><th>ORDER NO</th><th>NAME</th><th>MOBILE</th><th>FROM PLACE</th><th>TO PLACE</th><th>JOURNEY DATE</th><th>JOURNEY TIME</th><th>PERSON</th><th>BOOKING TIME</th></tr>";
echo "<tr><td>".$row["ORDER_NO"]."</td><td>".$row["NAME"]."</td><td>".$row["MOBILE"]."</td><td>".$row["FROM_PLACE"]."</td><td>".$row["TO_PLACE"]."</td><td>".$row["JOURNEY_DATE"]."</td><td>".$row["JOURNEY_TIME"]."</td><td>".$row["PERSON"]."</td><td>".$row["UPDATE_TIME"]."</td></tr>";
echo '<br/>';
}
?>
You've to run the query before passing it in mysql_fetch_array which expects resource as a parameter. So change your code like this,
$sql = mysql_query("select * from booking where order_no like '%$termOrd%'");
$result = mysql_query($query) or die(mysql_error());
// This is where you're getting resource or throwing SQL error.
while ($row = mysql_fetch_array($result)){
// YOUR LOGIC.
}
Warning mysql_query, mysql_fetch_array,mysql_connect etc.. extensions were deprecated in PHP 5.5.0, and it was removed
in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be
used. Source : http://php.net/manual/en/function.mysql-query.php
So update your code as soon as you can.
Use mysqli_* or PDO . mysql_* is deprecated.
The original MySQL extension is now deprecated, and will generate E_DEPRECATED errors when connecting to a database. Instead, use the MYSQLi or PDO_MySQL extensions. use prepared statement
//db connection
global $conn;
$servername = "localhost"; //host name
$username = "cab"; //username
$password = "a321"; //password
$mysql_database = "ppwxpjey_mcidb"; //database name
//mysqli prepared statement
$conn = mysqli_connect($servername, $username, $password) or die("Connection failed: " . mysqli_connect_error());
mysqli_select_db($conn,$mysql_database) or die("Opps some thing went wrong");
$termOrd = "%{$_POST['termOrd']}%";
$stmt = $conn->prepare("select * from booking where order_no like ? ");
$stmt->bind_param('s',$termOrd);
$stmt->execute();
$get_result= $stmt->get_result();
$row_count= $stmt->affected_rows;
if($row_count>0)
{
while($row=$get_result->fetch_assoc())
{
echo "<table width='1000' border='2' align='center' style='background-color:#FFFFFF;border-collapse:collapse;border:2px solid #6699FF;color:#000000'><tr><th>ORDER NO</th><th>NAME</th><th>MOBILE</th><th>FROM PLACE</th><th>TO PLACE</th><th>JOURNEY DATE</th><th>JOURNEY TIME</th><th>PERSON</th><th>BOOKING TIME</th></tr>";
echo "<tr><td>".$row["ORDER_NO"]."</td><td>".$row["NAME"]."</td><td>".$row["MOBILE"]."</td><td>".$row["FROM_PLACE"]."</td><td>".$row["TO_PLACE"]."</td><td>".$row["JOURNEY_DATE"]."</td><td>".$row["JOURNEY_TIME"]."</td><td>".$row["PERSON"]."</td><td>".$row["UPDATE_TIME"]."</td></tr>";
echo '<br/>';
}
}
$stmt->close();
$conn->close();
I can't figure out why jquery ajax post call not working if I used connection on include php file though I'm getting right response from php. Kindly tell me what's the explanation behind this
This is on my DB file
<?php
$host = "mysql2.000webhost.com";
$username = "a212_mt5199";
$password = "secret";
$db = "a211_mydb";
$con = new mysqli ($host, $username, $password, $db);
GLOBAL $con;
if ($con->connect_error) {
die ("Error:" . $con->connect_error);
}
?>
This including the above is not working
<?php
include("db.php");
// set parameters and execute
$myusername=$_POST['name'];
$mypassword=$_POST['pwd'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$stmt = $con->prepare("SELECT username, password FROM members WHERE username=? and password=?");
$stmt->bind_param("ss", $myusername, $mypassword);
$stmt->execute();
$stmt->bind_result($username, $password);
$stmt->store_result();
// Mysql_num_row is counting table row
$count=$stmt->num_rows;
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
echo 'true';
$_SESSION['user_name']= $username;
} else {
echo "Wrong Username or Password";
}
$stmt->close();
$con->close();
?>
This is working
<?php
$host = "mysql2.000webhost.com";
$username = "a212_mt5199";
$password = "secret";
$db = "a211_mydb";
$con = new mysqli ($host, $username, $password, $db);
if ($con->connect_error) {
die ("Error:" . $con->connect_error);
}
// set parameters and execute
$myusername=$_POST['name'];
$mypassword=$_POST['pwd'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$stmt = $con->prepare("SELECT username, password FROM members WHERE username=? and password=?");
$stmt->bind_param("ss", $myusername, $mypassword);
$stmt->execute();
$stmt->bind_result($username, $password);
$stmt->store_result();
// Mysql_num_row is counting table row
$count=$stmt->num_rows;
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
echo 'true';
$_SESSION['user_name']= $username;
} else {
echo "Wrong Username or Password";
}
$stmt->close();
$con->close();
?>
Able to solve issue by using DEFINE variable.