A little help please!

[Zenax]

Right, heres a small problem, that you smart PHP dudes, should know the answer too!

I am wanting to develop a dynamic website so that it runs from a database, using PHP.

So far, I have learnt how to do the connection, and have a rough idea of how to create the form. What I want is to be able to insert the data to the relevant database table, and then that should effect the page that reads the database, if I am right?!??

Code so far:

PHP Code:

$username = "root";
$password = "*****";
$hostname = "localhost";
$dbname = "dyndb";

$conn = mysql_connection($hostname, $username, $password)
              or die ("Sorry Cannot connect to the database server!");

$select = myql_select_db($dbname, $conn)
            or die ("Sorry cannot connect to database!"); 


Form:

PHP Code:

<form method="post" action="">
Header Information:<br>
<textarea name="headerinfo" cols="60" rows="20"></textarea>

<input type="submit" name="Submit" value="Submit">
</form> 


So I got connection script, I got form script i think :S, but what I need is how to get it from form to database using code above!!

Would you be so kind as to help me out?!?

Regards,
Zenax

[Brandon]

Sounds like MySQL, and is this for a login or whatever, if it is I will write something up later!

[lambada]

INSERT INTO [table_name] (Column_names, more_columns) VALUES (VALUE_1, VALUE_2)

Thats the SQL syntax I think. Might be a couple of errors - it's off the top of my head.

[t2t2t]

Some quick steps:

1. Go to phpMyAdmin
2. Make a query that does what you want script to do, with obvious values so you can sort them out.
3. Click on "Make PHP Code" in query window that appears on top of page after doing the query.
4. Copy php code.
5. Open up the php file
6. Paste the output of step 4 in it.
7. Change the values to variables you wanna put in DB
8. Add following code:
   PHP Code:

   $result = mysql_query($sql);
if (!$result) {
    die('Invalid query: ' . mysql_error());
} 

   (change $sql if the query is in a different variable.
9. Save the file.

Also, this is good to also read:
Preventing SQL Injections with PHP by Woolie

[Zenax]

The idea is so that I can get to grips with PHP and MYSQL etc. The idea was you would visit edit.php and insert info to go into db, then it would in theory change whats on main.php

So according to t2t2 it should look like this:

Code for edit.php

PHP Code:

<?php
$username = "root";
$password = "*****";
$hostname = "localhost";
$dbname = "dyndb";

$conn = mysql_connection($hostname, $username, $password)
              or die ("Sorry Cannot connect to the database server!");

$select = myql_select_db($dbname, $conn)
            or die ("Sorry cannot connect to database!");  

// Posting info goes here


?>

<!-- The form -->
<form method="post" action="<?php $_POST['PHP SELF'] ?>">
Input Header Information:
<textarea></textarea>
<input type="button" value="Submit!" name="$headerinfo" />
</form>

That bit is supposed to send the information to the header table in the header database.

main.php

PHP Code:


include("dbconn.php");

$header = mysql_query("SELECT header FROM header")
while($headerrow = mysql_fetch_array($header, MYSQL_ASSOC))

print $headerrow{'header'}; 


This bit in theory should print the info from the database table!

Its a basic script but I cannot get to grips with it!

[Brandon]

The idea is so that I can get to grips with PHP and MYSQL etc. The idea was you would visit edit.php and insert info to go into db, then it would in theory change whats on main.php

So according to t2t2 it should look like this:

Code for edit.php

PHP Code:

<?php
$username = "root";
$password = "*****";
$hostname = "localhost";
$dbname = "dyndb";

$conn = mysql_connection($hostname, $username, $password)
              or die ("Sorry Cannot connect to the database server!");

$select = myql_select_db($dbname, $conn)
            or die ("Sorry cannot connect to database!");  

// Posting info goes here


?>

<!-- The form -->
<form method="post" action="<?php $_POST['PHP SELF'] ?>">
Input Header Information:
<textarea></textarea>
<input type="button" value="Submit!" name="$headerinfo" />
</form>

That bit is supposed to send the information to the header table in the header database.

main.php

PHP Code:


include("dbconn.php");

$header = mysql_query("SELECT header FROM header")
while($headerrow = mysql_fetch_array($header, MYSQL_ASSOC))

print $headerrow{'header'}; 


This bit in theory should print the info from the database table!

Its a basic script but I cannot get to grips with it!

try

Code:

print $headerrow['header'];

[Zenax]

they both work!

Ok now im turning this to a points winning thing!

youll get 100pts per script!! if u can build me the following scripts, for me to study and get the hang of!

- Login Script
- Contact Form
- Basic Dynamic website (should include a page to insert the data to the db so it modifies the db to make changes to another page. Bit like a cms style thing!!, BUT VERY BASIC!!) (You get 300pts for this!!)

so in total its 500pts up for grabs if u can help me out!!

[t2t2t]

A login script:

SQL:

Code:

CREATE TABLE `users` (
  `ID` int(10) NOT NULL auto_increment,
  `username` varchar(10) collate latin1_general_ci NOT NULL,
  `password` varchar(40) collate latin1_general_ci NOT NULL,
  PRIMARY KEY  (`ID`)
)

login.php:

PHP Code:

<?
include sql.php;
$secretpage = 'index.php'; // Where you wanna redirect to.
if ($_POST[do_login]) {
    if (!$_POST[username] OR !$_POST[password])
        die('One or more fields empty! Please go back and fix that problem.');
    if (strlen($_POST[username]) > 10 OR strlen($_POST[password]) > 10)
        die('Possible hacking apptempt!');
    $username = $_POST[username];
    $password = sha1($_POST[password]);
    $sql = "SELECT * FROM `users` WHERE `username` = '$username'";
    $userlogin = mysql_query($sql);
    if(mysql_num_rows($userlogin) == 0 OR mysql_num_rows($userlogin) > 1)
        die('User cannot be found');
    $userlogin = mysql_fetch_array($userlogin, MYSQL_ASSOC);
    if($userlogin[password] != $password) {
        die('Incorrect password'); } else {
    // All checks passed, i supouse its the chosen one, i mean user.
    $_SESSION['loginflag'] = $userlogin[ID]; // Mark user into sessions
    header('Refresh: 3; url='. $secretpage); // Sends user after 3 seconds
    die('You have been logged in, redirecting in 3 seconds');
    }
}
?>
<form action="login.php" method="post">
  <table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td>Username:</td>
    <td><input name="username" type="text" size="10" maxlength="10" /></td>
  </tr>
  <tr>
    <td>Password: </td>
    <td><input name="password" type="password" size="10" maxlength="10" /></td>
  </tr>
  <tr>
    <td></td>
    <td><input name="do_login" type="submit" id="do_login" value="Log in!"/></td>
  </tr>
</table>
</form>

signup.php (Register)

PHP Code:

<?
include sql.php
if($_POST[do_signup]) {
    if (!$_POST[username] OR !$_POST[password])
        die( 'One or more fields empty! Please go back and fix that problem.');
    if (strlen($_POST[username]) > 10 OR strlen($_POST[password]) > 10)
        die('Possible hacking apptempt!');
    if (strlen($_POST[username]) < 4 OR strlen($_POST[password]) < 4)
        die('Username & Password must be atleast 4 characters long!');
    $username = $_POST[username];
    $password = sha1($_POST[password]);
    $usercheck = mysql_query('SELECT * FROM `users` WHERE `username` = \''. $username .'\'');
    if(mysql_num_rows($usercheck) > 0)
        die('Username already in use!');
    // Let's do a handshake with new user.
    mysql_query('INSERT INTO `users` (`ID`, `username`, `password`) VALUES (NULL, \''. $username .'\', \''. $password .'\');');
    print 'Welcome '. $username .'! Feel free to log in!';
}
?>
<form method="post" action="index.php?a=signup">
  <table border="0" cellspacing="0" cellpadding="0">
    <tr>
      <th colspan="2">Here you can sign up for Habombers Scripts account! </td>    </tr>
    <tr>
      <td>Username:</td>
      <td><input name="username" type="text" size="10" maxlength="10" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input name="password" type="password" size="10" maxlength="10" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="do_signup" value="Sign Up!" /></td>
    </tr>
    <tr>
      <td colspan="2">Please press sign up button only once! </td>
    </tr>
  </table>
</form>

sql.php

PHP Code:

<?
$mysql[host] = "MYSQLHOST";
$mysql[user] = "MYSQLUSER";
$mysql[pass] = "MYSQLPASS";
$mysql[table] = "MYSQLTABLE";
@mysql_connect($mysql[host], $mysql[user], $mysql[pass]) or die('Mysql error: '. mysql_error());
@mysql_select_db($mysql[table]) or die('Mysql error: '. mysql_error());
?>

Current user ID is stored in $_SESSION['loginflag']

[Zenax]

ur points have been sent t2t2

amendments made:

PHP Code:


include ("sql.php"); 


I get the idea!

Problem: its not inserting the users into the db

[t2t2t]

then the index.php?a=signup should be a case style thing in the index page, that states you have been registered!

I get the idea!

:o looks like i forgot to remove index.php part (that code is under use in one of my own script).

PHP Code:

<?
include sql.php
if($_POST[do_signup]) {
    if (!$_POST[username] OR !$_POST[password])
        die( 'One or more fields empty! Please go back and fix that problem.');
    if (strlen($_POST[username]) > 10 OR strlen($_POST[password]) > 10)
        die('Possible hacking apptempt!');
    if (strlen($_POST[username]) < 4 OR strlen($_POST[password]) < 4)
        die('Username & Password must be atleast 4 characters long!');
    $username = $_POST[username];
    $password = sha1($_POST[password]);
    $usercheck = mysql_query('SELECT * FROM `users` WHERE `username` = \''. $username .'\'');
    if(mysql_num_rows($usercheck) > 0)
        die('Username already in use!');
    // Let's do a handshake with new user.
    mysql_query('INSERT INTO `users` (`ID`, `username`, `password`) VALUES (NULL, \''. $username .'\', \''. $password .'\');');
    print 'Welcome '. $username .'! Feel free to log in!';
}
?>
<form method="post" action="signup.php">
  <table border="0" cellspacing="0" cellpadding="0">
    <tr>
      <th colspan="2">Sign up! </td>    </tr>
    <tr>
      <td>Username:</td>
      <td><input name="username" type="text" size="10" maxlength="10" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input name="password" type="password" size="10" maxlength="10" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="do_signup" value="Sign Up!" /></td>
    </tr>
    <tr>
      <td colspan="2">Please press sign up button only once! </td>
    </tr>
  </table>
</form>

Looks like there was more things i forgot to change :o, above should work.