A little help please!

Zenax · Apr 12, 2007

Right, heres a small problem, that you smart PHP dudes, should know the answer too!

I am wanting to develop a dynamic website so that it runs from a database, using PHP.

So far, I have learnt how to do the connection, and have a rough idea of how to create the form. What I want is to be able to insert the data to the relevant database table, and then that should effect the page that reads the database, if I am right?!??

Code so far:

PHP:

$username = "root";
$password = "*****";
$hostname = "localhost";
$dbname = "dyndb";

$conn = mysql_connection($hostname, $username, $password)
              or die ("Sorry Cannot connect to the database server!");

$select = myql_select_db($dbname, $conn)
            or die ("Sorry cannot connect to database!");

Form:

PHP:

<form method="post" action="">
Header Information:<br>
<textarea name="headerinfo" cols="60" rows="20"></textarea>

<input type="submit" name="Submit" value="Submit">
</form>

So I got connection script, I got form script i think :S, but what I need is how to get it from form to database using code above!!

Would you be so kind as to help me out?!?

Regards,
Zenax

Brandon · Apr 12, 2007

Sounds like MySQL, and is this for a login or whatever, if it is I will write something up later!

lambada · Apr 12, 2007

INSERT INTO [table_name] (Column_names, more_columns) VALUES (VALUE_1, VALUE_2)

Thats the SQL syntax I think. Might be a couple of errors - it's off the top of my head.

t2t2t · Apr 13, 2007

Some quick steps:

Go to phpMyAdmin
Make a query that does what you want script to do, with obvious values so you can sort them out.
Click on "Make PHP Code" in query window that appears on top of page after doing the query.
Copy php code.
Open up the php file
Paste the output of step 4 in it.
Change the values to variables you wanna put in DB

Add following code:

PHP:

$result = mysql_query($sql);
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

(change $sql if the query is in a different variable.

Save the file.

Also, this is good to also read:
Preventing SQL Injections with PHP by Woolie

Zenax · Apr 13, 2007

The idea is so that I can get to grips with PHP and MYSQL etc. The idea was you would visit edit.php and insert info to go into db, then it would in theory change whats on main.php

So according to t2t2 it should look like this:

Code for edit.php

PHP:

<?php
$username = "root";
$password = "*****";
$hostname = "localhost";
$dbname = "dyndb";

$conn = mysql_connection($hostname, $username, $password)
              or die ("Sorry Cannot connect to the database server!");

$select = myql_select_db($dbname, $conn)
            or die ("Sorry cannot connect to database!");  

// Posting info goes here


?>

<!-- The form -->
<form method="post" action="<?php $_POST['PHP SELF'] ?>">
Input Header Information:
<textarea></textarea>
<input type="button" value="Submit!" name="$headerinfo" />
</form>

That bit is supposed to send the information to the header table in the header database.

main.php

PHP:

include("dbconn.php");

$header = mysql_query("SELECT header FROM header")
while($headerrow = mysql_fetch_array($header, MYSQL_ASSOC))

print $headerrow{'header'};

This bit in theory should print the info from the database table!

Its a basic script but I cannot get to grips with it!

Brandon · Apr 13, 2007

Zenax said:
The idea is so that I can get to grips with PHP and MYSQL etc. The idea was you would visit edit.php and insert info to go into db, then it would in theory change whats on main.php

So according to t2t2 it should look like this:

Code for edit.php

PHP:

<?php $username = "root"; $password = "*****"; $hostname = "localhost"; $dbname = "dyndb"; $conn = mysql_connection($hostname, $username, $password) or die ("Sorry Cannot connect to the database server!"); $select = myql_select_db($dbname, $conn) or die ("Sorry cannot connect to database!"); // Posting info goes here ?>  <form method="post" action="<?php $_POST['PHP SELF'] ?>"> Input Header Information: <textarea></textarea> <input type="button" value="Submit!" name="$headerinfo" /> </form>

That bit is supposed to send the information to the header table in the header database.

main.php

PHP:

include("dbconn.php"); $header = mysql_query("SELECT header FROM header") while($headerrow = mysql_fetch_array($header, MYSQL_ASSOC)) print $headerrow{'header'};

This bit in theory should print the info from the database table!

Its a basic script but I cannot get to grips with it!

try

Code:

[COLOR=#000000][COLOR=#007700]
print [/COLOR][COLOR=#0000BB]$headerrow[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'header'[/COLOR][COLOR=#007700]];

[/COLOR][/COLOR]

Zenax · Apr 13, 2007

they both work!

Ok now im turning this to a points winning thing!

youll get 100pts per script!! if u can build me the following scripts, for me to study and get the hang of!

- Login Script
- Contact Form
- Basic Dynamic website (should include a page to insert the data to the db so it modifies the db to make changes to another page. Bit like a cms style thing!!, BUT VERY BASIC!!) (You get 300pts for this!!)

so in total its 500pts up for grabs if u can help me out!!

t2t2t · Apr 15, 2007

A login script:

SQL:

Code:

CREATE TABLE `users` (
  `ID` int(10) NOT NULL auto_increment,
  `username` varchar(10) collate latin1_general_ci NOT NULL,
  `password` varchar(40) collate latin1_general_ci NOT NULL,
  PRIMARY KEY  (`ID`)
)

login.php:

PHP:

<?
include sql.php;
$secretpage = 'index.php'; // Where you wanna redirect to.
if ($_POST[do_login]) {
    if (!$_POST[username] OR !$_POST[password])
        die('One or more fields empty! Please go back and fix that problem.');
    if (strlen($_POST[username]) > 10 OR strlen($_POST[password]) > 10)
        die('Possible hacking apptempt!');
    $username = $_POST[username];
    $password = sha1($_POST[password]);
    $sql = "SELECT * FROM `users` WHERE `username` = '$username'";
    $userlogin = mysql_query($sql);
    if(mysql_num_rows($userlogin) == 0 OR mysql_num_rows($userlogin) > 1)
        die('User cannot be found');
    $userlogin = mysql_fetch_array($userlogin, MYSQL_ASSOC);
    if($userlogin[password] != $password) {
        die('Incorrect password'); } else {
    // All checks passed, i supouse its the chosen one, i mean user.
    $_SESSION['loginflag'] = $userlogin[ID]; // Mark user into sessions
    header('Refresh: 3; url='. $secretpage); // Sends user after 3 seconds
    die('You have been logged in, redirecting in 3 seconds');
    }
}
?>
<form action="login.php" method="post">
  <table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td>Username:</td>
    <td><input name="username" type="text" size="10" maxlength="10" /></td>
  </tr>
  <tr>
    <td>Password: </td>
    <td><input name="password" type="password" size="10" maxlength="10" /></td>
  </tr>
  <tr>
    <td></td>
    <td><input name="do_login" type="submit" id="do_login" value="Log in!"/></td>
  </tr>
</table>
</form>

signup.php (Register)

PHP:

<?
include sql.php
if($_POST[do_signup]) {
    if (!$_POST[username] OR !$_POST[password])
        die( 'One or more fields empty! Please go back and fix that problem.');
    if (strlen($_POST[username]) > 10 OR strlen($_POST[password]) > 10)
        die('Possible hacking apptempt!');
    if (strlen($_POST[username]) < 4 OR strlen($_POST[password]) < 4)
        die('Username & Password must be atleast 4 characters long!');
    $username = $_POST[username];
    $password = sha1($_POST[password]);
    $usercheck = mysql_query('SELECT * FROM `users` WHERE `username` = \''. $username .'\'');
    if(mysql_num_rows($usercheck) > 0)
        die('Username already in use!');
    // Let's do a handshake with new user.
    mysql_query('INSERT INTO `users` (`ID`, `username`, `password`) VALUES (NULL, \''. $username .'\', \''. $password .'\');');
    print 'Welcome '. $username .'! Feel free to log in!';
}
?>
<form method="post" action="index.php?a=signup">
  <table border="0" cellspacing="0" cellpadding="0">
    <tr>
      <th colspan="2">Here you can sign up for Habombers Scripts account! </td>    </tr>
    <tr>
      <td>Username:</td>
      <td><input name="username" type="text" size="10" maxlength="10" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input name="password" type="password" size="10" maxlength="10" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="do_signup" value="Sign Up!" /></td>
    </tr>
    <tr>
      <td colspan="2">Please press sign up button only once! </td>
    </tr>
  </table>
</form>

sql.php

PHP:

<?
$mysql[host] = "MYSQLHOST";
$mysql[user] = "MYSQLUSER";
$mysql[pass] = "MYSQLPASS";
$mysql[table] = "MYSQLTABLE";
@mysql_connect($mysql[host], $mysql[user], $mysql[pass]) or die('Mysql error: '. mysql_error());
@mysql_select_db($mysql[table]) or die('Mysql error: '. mysql_error());
?>

Current user ID is stored in $_SESSION['loginflag']

Zenax · Apr 15, 2007

ur points have been sent t2t2

amendments made:

PHP:

include ("sql.php");

I get the idea!

Problem: its not inserting the users into the db

t2t2t · Apr 15, 2007

Zenax said:
then the index.php?a=signup should be a case style thing in the index page, that states you have been registered!

I get the idea!

looks like i forgot to remove index.php part (that code is under use in one of my own script).

PHP:

<?
include sql.php
if($_POST[do_signup]) {
    if (!$_POST[username] OR !$_POST[password])
        die( 'One or more fields empty! Please go back and fix that problem.');
    if (strlen($_POST[username]) > 10 OR strlen($_POST[password]) > 10)
        die('Possible hacking apptempt!');
    if (strlen($_POST[username]) < 4 OR strlen($_POST[password]) < 4)
        die('Username & Password must be atleast 4 characters long!');
    $username = $_POST[username];
    $password = sha1($_POST[password]);
    $usercheck = mysql_query('SELECT * FROM `users` WHERE `username` = \''. $username .'\'');
    if(mysql_num_rows($usercheck) > 0)
        die('Username already in use!');
    // Let's do a handshake with new user.
    mysql_query('INSERT INTO `users` (`ID`, `username`, `password`) VALUES (NULL, \''. $username .'\', \''. $password .'\');');
    print 'Welcome '. $username .'! Feel free to log in!';
}
?>
<form method="post" action="signup.php">
  <table border="0" cellspacing="0" cellpadding="0">
    <tr>
      <th colspan="2">Sign up! </td>    </tr>
    <tr>
      <td>Username:</td>
      <td><input name="username" type="text" size="10" maxlength="10" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input name="password" type="password" size="10" maxlength="10" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="do_signup" value="Sign Up!" /></td>
    </tr>
    <tr>
      <td colspan="2">Please press sign up button only once! </td>
    </tr>
  </table>
</form>

Looks like there was more things i forgot to change

, above should work.

Zenax · Apr 16, 2007

Thanks t2t2

it works pretty much now!

Just a few little probs!
It doesn't redirect to the index.php page after 3 seconds, and also there is a header once it has successfully logged in

PHP:

Warning: Cannot modify header information - headers already sent by (output started at /home/freeze/public_html/dynamic/login_script/sql.php:8) in /home/freeze/public_html/dynamic/login_script/login.php on line 20

Also, I now that I understand the script, I would like to understand sessions. For example, remembering someone is logged in, when they visit the login page etc.

The reason i ask all this, is eventually im going to incorperate it into a website, and I want to understand as much of it as possible before I actually start!

The other scripts still need to be done!

Scripts done:
Login Script - points sent to t2t2

Chris Z · Apr 16, 2007

about your error, you need to put that header information in the html tags, like this:

PHP:

<?php
?>
<head>
<META http-equiv="refresh" content="3";URL=http://wwwfreezebox.x10hosting.com/yourpage.php">
</head>
<?php
echo 'other stuff here...';

that should give you the 3 second redirect or w/e

t2t2t · Apr 16, 2007

Chris Z beat me at one thing, but i think you have something wrong with sql.php file, because that file will not output anything (And headers get sent at first thing that outputs something on page (print, die, etc)

I hope attached file works, make sure to execute sql.sql in phpmyadmin, and edit all needed things in sql.php.

EDIT: I also added there a logout script.

To get information about user status (Logged in or not), if will do the job.

PHP:

<?
if($_SESSION[loginflag]) {
 // User is logged in
 print 'Hello user ID '. $_SESSION[loginflag] .'!';
} else {
 // User is not logged in
 print 'Sorry, you must log in.';
}
?>

Zenax · Apr 16, 2007

I would like to thank you all very much for your help with this login script. It has been very useful to me, to help me to study PHP and I am now starting to get to grips with the idea of it!

I need on contact script for me to study as well --- 100pts!

Basic dynamic website:
This should include the way of connecting to the different tables etc, with a database structure etc. So when index.php displays there should be a header,content,footer, this is so I can get to grips with building dynamic websites! ----- 300pts!

Once again, i would like to thank Chris Z, Brandon, t2t2 and other people for helping me with this!

Login script all works now. it shows the user id, not username but that can be sorted out later! more scripts still needed!

Many kind regards,
Zenax

A little help please!

Zenax

Active Member

Brandon

Former Senior Account Rep

lambada

New Member

t2t2t

New Member

Zenax

Active Member

Brandon

Former Senior Account Rep

Zenax

Active Member

t2t2t

New Member

Zenax

Active Member

t2t2t

New Member

Zenax

Active Member

Chris Z

Active Member

t2t2t

New Member

Attachments

Zenax

Active Member

Free Web Hosting

Our Community

Legal