Please help -myphpadmin

Discussion in 'Scripts, 3rd Party Apps, and Programming' started by tigra123, Jul 26, 2009.

  1. tigra123

    tigra123 New Member

    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    0
    a reload of
    no login leads to 'login_error.php' page that says 'email and password not correct. ' Decided to try and get registration side working first.

    Quote:
    Originally Posted by tigra123 [​IMG]
    My latest problem is now:
    Quote:
    Column count doesn't match value count at row 1


    I took these two out but still didnt work. I read up on error and decided to add more fields in my table but still didnt work.


    working on the above!

    I am not familiar with the SQL injection stuff thanks anyway.


    dont know how to do this.

    At last I post live page link - bear in mind this site is out dated and I am only interested in the registration and login aspects
    http://highfive.x10hosting.com/register.php

    p.s I will be donating --many thanks;)
     
  2. misson

    misson Community Paragon Community Support

    Messages:
    2,572
    Likes Received:
    72
    Trophy Points:
    48
    Good focus. Best to not do too many things at once.


    Altering the table doesn't directly address the problem, which is that there are a different number of columns and number of fields used in the statement . Make sure you explicitly list the column names in the INSERT statement. After doing this, please post the statement.

    It's an easy fix. Print the error list as:
    PHP:
      echo '<ul>';
      foreach (
    $checkform->getErrorList() as $error) {
        echo 
    "<li>$error[msg]</li>";
      }
      echo 
    '</ul>';
    Using lists rather than breaks is more semantic. A more usable design would print the error messages inline with the form, with each error next to the field it described.

    By the way, are you using the "quote" button at the bottom of posts, or are you copying & pasting?
     
  3. tigra123

    tigra123 New Member

    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    0
    Altering the table doesn't directly address the problem, which is that there are a different number of columns and number of fields used in the statement . Make sure you explicitly list the column names in the INSERT statement. After doing this, please post the statement.


    ok Ive changed the table back to original, below is the current INSERT statement: I have simply taken out the 2 extra fields you suggested.

    PHP:
    //open a connection to the database
       
    $conn mysql_connect("localhost","$username","$password") or die(mysql_error());
      
      
    //Select database
      
    mysql_select_db("$database",$conn) or die(mysql_error());
      
      
    //Prepare the insert statement
       
    $b_date $_POST[year]."-".$_POST[month]."-".$_POST[day];
      
    $add_member "insert into members values(id,'','$_POST[f_name]','$_POST[s_name]','$b_date','$_POST[email]',password('$_POST[password1]'),'10',CURRENT_DATE(),'$_POST[edtype]','0')";
     
      
    //Insert the job into the table
       
    mysql_query($add_member$conn) or die(mysql_error());
      
      
    //Get variables for activation
      
    $sql "SELECT * FROM members WHERE id = LAST_INSERT_ID()";
      
    $result mysql_query($sql$conn) or die(mysql_error());
      
    $password mysql_result($result0'password');
      
      
    //Close connection
    Below is a list of fields in the members table:

    I import the above as a 'text file' into phpmyadmin but i get the sql error here too which says;



    By the way, are you using the "quote" button at the bottom of posts, or are you copying & pasting?[/quote]

    Iam now using 'quote' button.


    did you get the live link?

    Many Thanks
    Edit:
    a bit of good news - I can log in !!! (had the wrong email address added in table value):biggrin:
     
    Last edited: Aug 3, 2009
  4. misson

    misson Community Paragon Community Support

    Messages:
    2,572
    Likes Received:
    72
    Trophy Points:
    48
    You still need to explicitly list the column names in the INSERT statement. Take a look at the SQL statement in post #20.

    Make sure you leave in the "
     
  5. tigra123

    tigra123 New Member

    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    0
    Thanks for guidance - Iam still hanging in here!


     
  6. misson

    misson Community Paragon Community Support

    Messages:
    2,572
    Likes Received:
    72
    Trophy Points:
    48
    PDO::prepare, PDOStatement::bindValue and PDOStatement::execute take the place of mysql_query. A PDO tutorial will explain the usage. The part I was referring to was the INSERT statement (which is why I said "Take a look at the SQL statement"):
    Code:
    INSERT INTO members (f_name, l_name, d_dob, email, password, c_count, a_date, edtype, status) VALUES (...)
    which explicitly lists the column names.

    Remember, tags (whether BBCode or HTML) need to be closed. Every [tag] or <tag> needs a [/tag] or </tag>.
     
    Last edited: Aug 3, 2009
  7. tigra123

    tigra123 New Member

    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    0
    ;)
     
  8. misson

    misson Community Paragon Community Support

    Messages:
    2,572
    Likes Received:
    72
    Trophy Points:
    48
    You still need to leave in the close quote tag ("[/quote]"), otherwise the open quote tag does nothing but clutter up your post. Edit your old message(s) before posting a new one.

    C'mon, you don't really need my help on this one, do you? Where you you think the username "$username" is coming from?

    By the way, this problems illustrates one reason you shouldn't scatter the DB connection code across multiple scripts: by doing so, you increase the chance of typos and other errors. You should reduce code repetition. The other reason is security; each script containing your DB username needs to be readable only by you (permissions mode 0600). If you don't do this, anyone who's on the same server can read the script contents and get your DB username & password.

    To address both these issues, create a script called (e.g.) "localDB.php" and in it place a single function that creates a connection to the local DB server. Change the permissions for localDB.php using cPanel or your FTP client to give your account read access with all other access disabled. The script can be as simple as:
    PHP:
    function local_db_connect($dbName='tigra_crush') {
      return new 
    mysqli('localhost''user''password'$dbName);
    }
    which lets other scripts pick the database, or it can be as complex as:
    PHP:
    function local_db_connect($type='mysqli'$options=array()) {
        
    $user='****';
        
    $pw='****';
        
    $dbName = isset($options['db']) ? $options['db'] : 'tigra_crush';
        
    //extract($options);
        
    switch (strtolower($type)) {
        case 
    'mysql':
            
    $new_link = isset($options['new_link']) ? $options['new_link'] : false;
            
    $client_flags = isset($options['client_flags']) ? $options['client_flags']
                            : isset(
    $options['flags']) ? $options['flags'] : 0;
            
    $db mysql_connect('localhost'$user$pw$new_link$client_flags);
            
    mysql_select_db($dbName$db);
            break;
        case 
    'pgsql':
        case 
    'postgresql':
            
    $pw preg_replace("/(['\\\\])/"'\\\\$1'$pw);
            
    $dsn "host=localhost user=$user password='$pw'";
            if (
    is_string($options)) {
                
    $dsn .= ' ' $options;
            } else {
                foreach (
    $options as $key=>$val) {
                    
    $dsn .= ' ' $key '=\'' preg_replace("/(['\\\\])/"'\\\\$1'$pw) . '\'';
                }
            }
            if (
    strpos($dsn' dbname=') === FALSE) {
                
    $dsn .= " dbname=$dbName";
            }
            
    $db pg_connect($dsn);
            break;
        case 
    'pdo':
            if (isset(
    $options['dsn'])) {
                
    $dsn $options['dsn'];
            } elseif (isset(
    $options['prefix'])) {
                
    $dsn "$options[prefix]:localhost";
            } else {
                
    $dsn 'mysql:host=localhost';
            }
            if (
    strpos($dsn';dbname=') === FALSE) {
                
    $dsn .= ";dbname=$dbName";
            }
            
    $db = new PDO($dsn$user$pw$options);
            break;
        default:
            if (isset(
    $options['dsn'])) {
                
    $dsn $options['dsn'];
            } else {
                
    $dsn 'localhost';
            }
            
    $db = new $type($dsn$user$pw$dbName);
            break;
        }
        return 
    $db;
    }
    which lets other scripts pick the DB driver and set driver options.
     
  9. god2234

    god2234 New Member

    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    Can anyone help me out with php login scritp for visitors.

    Thanks
     
  10. misson

    misson Community Paragon Community Support

    Messages:
    2,572
    Likes Received:
    72
    Trophy Points:
    48
    Don't threadjack. Start your own, but not until you've searched the forums and the web for an answer.

    If and when you start a thread, follow the guidelines in "How To Ask Questions The Smart Way". Use a descriptive subject line. Describe the software environment you're using. Describe the requirements. Be specific. You can't solve a problem until you understand it, and neither can we.
     
  11. tigra123

    tigra123 New Member

    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    0
    ok I take your point, of course i dont, got it thanks!

    Excellent point and i am addressing this and realising how vulnerable code can be!

    iam working on the above. Many many thanks . Your sensible and accurate guidance has been inspirational:biggrin:
    I believe I can donate credits to you - going to do this now.
     
  12. laxmans789

    laxmans789 New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    go to php.com for help
     

Share This Page