Please help -myphpadmin

[tigra123]

So login.php leads to register.php?

a reload of
no login leads to 'login_error.php' page that says 'email and password not correct. ' Decided to try and get registration side working first.

Quote:
Originally Posted by tigra123
My latest problem is now:
Quote:
Column count doesn't match value count at row 1

You have two extra values in your INSERT statement: $_POST['inform'] and $_POST['us'].

I took these two out but still didnt work. I read up on error and decided to add more fields in my table but still didnt work.

You also have the SQL PASSWORD and CURRENT_DATE functions escaped by PHP's complex syntax (the curly brackets). This is wrong for two reasons: first, complex syntax only works if the first character after the open bracket ("{") is a "$". Second, these are SQL functions, not PHP functions, so you don't want PHP to attempt to process them.

working on the above!

I am not familiar with the SQL injection stuff thanks anyway.

Edit2: The most recently posted register.php worked for me on my development server, once the insert statement was corrected. When you print the error list, use an HTML list (<ul> or <ol>) rather than "*" and <br>.

dont know how to do this.

Still waiting on links to live pages.

At last I post live page link - bear in mind this site is out dated and I am only interested in the registration and login aspects
http://highfive.x10hosting.com/register.php

p.s I will be donating --many thanks

 

[misson]

Decided to try and get registration side working first.

Good focus. Best to not do too many things at once.

You have two extra values in your INSERT statement: $_POST['inform'] and $_POST['us'].

I took these two out but still didnt work. I read up on error and decided to add more fields in my table but still didnt work.

Altering the table doesn't directly address the problem, which is that there are a different number of columns and number of fields used in the statement . Make sure you explicitly list the column names in the INSERT statement. After doing this, please post the statement.

Edit2: The most recently posted register.php worked for me on my development server, once the insert statement was corrected. When you print the error list, use an HTML list (<ul> or <ol>) rather than "*" and <br>.

dont know how to do this.

It's an easy fix. Print the error list as:

  echo '<ul>';
  foreach ($checkform->getErrorList() as $error) {
    echo "<li>$error[msg]</li>";
  }
  echo '</ul>';

Using lists rather than breaks is more semantic. A more usable design would print the error messages inline with the form, with each error next to the field it described.

By the way, are you using the "quote" button at the bottom of posts, or are you copying & pasting?

 

[tigra123]

Altering the table doesn't directly address the problem, which is that there are a different number of columns and number of fields used in the statement . Make sure you explicitly list the column names in the INSERT statement. After doing this, please post the statement.


ok Ive changed the table back to original, below is the current INSERT statement: I have simply taken out the 2 extra fields you suggested.

//open a connection to the database
   $conn = mysql_connect("localhost","$username","$password") or die(mysql_error());
  
  //Select database
  mysql_select_db("$database",$conn) or die(mysql_error());
  
  //Prepare the insert statement
   $b_date = $_POST[year]."-".$_POST[month]."-".$_POST[day];
  $add_member = "insert into members values(id,'','$_POST[f_name]','$_POST[s_name]','$b_date','$_POST[email]',password('$_POST[password1]'),'10',CURRENT_DATE(),'$_POST[edtype]','0')";
 
  //Insert the job into the table
   mysql_query($add_member, $conn) or die(mysql_error());
  
  //Get variables for activation
  $sql = "SELECT * FROM members WHERE id = LAST_INSERT_ID()";
  $result = mysql_query($sql, $conn) or die(mysql_error());
  $password = mysql_result($result, 0, 'password');
  
  //Close connection

Below is a list of fields in the members table:

create table members
(
id int not null primary key auto_increment,
f_name varchar(50),
l_name varchar(50),
d_dob date,
email varchar(50),
password varchar(50),
c_count int,
a_date date,
edtype enum ('other','university','college','school'),
status enum ('1','0')
);
insert into members values('','jane','smith','1973-03-22','sarahmatuk@googlemail.com',password('beermat'),'10','2009-07-20','other','1');

I import the above as a 'text file' into phpmyadmin but i get the sql error here too which says;

Column count doesn't match value count at row 1

By the way, are you using the "quote" button at the bottom of posts, or are you copying & pasting?[/quote]

Iam now using 'quote' button.


did you get the live link?

Many Thanks
Edit:
a bit of good news - I can log in !!! (had the wrong email address added in table value):biggrin:

 

[misson]

Make sure you explicitly list the column names in the INSERT statement. After doing this, please post the statement.

ok Ive changed the table back to original, below is the current INSERT statement: I have simply taken out the 2 extra fields you suggested.

You still need to explicitly list the column names in the INSERT statement. Take a look at the SQL statement in post #20.

Iam now using 'quote' button.

Make sure you leave in the "

" tags. If you want to interleave your response, you'll need to add them in spots. The "quote" button you're now using makes this easier.

did you get the live link?

I'm using it to check the current status.

 

[tigra123]

Thanks for guidance - Iam still hanging in here!

You still need to explicitly list the column names in the INSERT statement. Take a look at the SQL statement in post #20.

I took a look at your helpful suggestion below, and you got me baffled as I dont know where exactly I would inserting this into register.php ?--your style of code while i acknowledge is modern is alien to me. Also would this solve the current error: "Column count doesn't match value count at row 1" ?

$db = new PDO("mysql:host=localhost;dbname=$dbName", $dbUser, $dbPassword);
...
$fields = array(
'f_name' => PDO::PARAM_STR,
's_name' => PDO::PARAM_STR,
'd_dob' => PDO::PARAM_STR,
'email' => PDO::PARAM_STR,
'password1' => PDO::PARAM_STR,
'edtype' => PDO::PARAM_STR
);
...
$_POST['d_dob'] = "$_POST[year]-$_POST[month]-$_POST[day]";
$add_member = $db->prepare("insert into members (f_name, l_name, d_dob, email, password, c_count, a_date,edtype,status) valuesf_name,:s_name, :d_dob,:email,passwordpassword1),10,CURRENT_DATE(),:edtype,0)");
foreach ($fields as $field => $type) {
$add_member->bindValue(":$field", $_POST[$field], $type);
}
$add_member->execute();

 

[misson]

PDO:repare, PDOStatement::bindValue and PDOStatement::execute take the place of mysql_query. A PDO tutorial will explain the usage. The part I was referring to was the INSERT statement (which is why I said "Take a look at the SQL statement"):

INSERT INTO members (f_name, l_name, d_dob, email, password, c_count, a_date, edtype, status) VALUES (...)

which explicitly lists the column names.

Remember, tags (whether BBCode or HTML) need to be closed. Every [tag] or <tag> needs a [/tag] or </tag>.

 

[tigra123]

PDO:repare, PDOStatement::bindValue and PDOStatement::execute take the place of mysql_query. A PDO tutorial will explain the usage. The part I was referring to was the INSERT statement (which is why I said "Take a look at the SQL statement"):

INSERT INTO members (f_name, l_name, d_dob, email, password, c_count, a_date, edtype, status) VALUES (...)

which explicitly lists the column names.

You were right to lead me to the insert statment -as soon as I took out a value in my code next to 'id' which was'" "' it worked. Now i can register users so thanks!

My next problem is

Warning: mysql_connect() [function.mysql-connect]: Access denied for user '$username'@'localhost' (using password: YES) in /home/tigra/public_html/bin/crush_count.php on line 5
Access denied for user '$username'@'localhost' (using password: YES

so login works! registration works! now its just the 'crush' elements which by the way are able to be sent in the back end but my website is showing this annoying error when it should be going to "crush-thankyou.php" as database 'is' working.

 

[misson]

You still need to leave in the close quote tag ("[/quote]"), otherwise the open quote tag does nothing but clutter up your post. Edit your old message(s) before posting a new one.

My next problem is

Warning: mysql_connect() [function.mysql-connect]: Access denied for user '$username'@'localhost' (using password: YES) in /home/tigra/public_html/bin/crush_count.php on line 5
Access denied for user '$username'@'localhost' (using password: YES

C'mon, you don't really need my help on this one, do you? Where you you think the username "$username" is coming from?

By the way, this problems illustrates one reason you shouldn't scatter the DB connection code across multiple scripts: by doing so, you increase the chance of typos and other errors. You should reduce code repetition. The other reason is security; each script containing your DB username needs to be readable only by you (permissions mode 0600). If you don't do this, anyone who's on the same server can read the script contents and get your DB username & password.

To address both these issues, create a script called (e.g.) "localDB.php" and in it place a single function that creates a connection to the local DB server. Change the permissions for localDB.php using cPanel or your FTP client to give your account read access with all other access disabled. The script can be as simple as:

function local_db_connect($dbName='tigra_crush') {
  return new mysqli('localhost', 'user', 'password', $dbName);
}

which lets other scripts pick the database, or it can be as complex as:

function local_db_connect($type='mysqli', $options=array()) {
    $user='****';
    $pw='****';
    $dbName = isset($options['db']) ? $options['db'] : 'tigra_crush';
    //extract($options);
    switch (strtolower($type)) {
    case 'mysql':
        $new_link = isset($options['new_link']) ? $options['new_link'] : false;
        $client_flags = isset($options['client_flags']) ? $options['client_flags']
                        : isset($options['flags']) ? $options['flags'] : 0;
        $db = mysql_connect('localhost', $user, $pw, $new_link, $client_flags);
        mysql_select_db($dbName, $db);
        break;
    case 'pgsql':
    case 'postgresql':
        $pw = preg_replace("/(['\\\\])/", '\\\\$1', $pw);
        $dsn = "host=localhost user=$user password='$pw'";
        if (is_string($options)) {
            $dsn .= ' ' . $options;
        } else {
            foreach ($options as $key=>$val) {
                $dsn .= ' ' . $key . '=\'' . preg_replace("/(['\\\\])/", '\\\\$1', $pw) . '\'';
            }
        }
        if (strpos($dsn, ' dbname=') === FALSE) {
            $dsn .= " dbname=$dbName";
        }
        $db = pg_connect($dsn);
        break;
    case 'pdo':
        if (isset($options['dsn'])) {
            $dsn = $options['dsn'];
        } elseif (isset($options['prefix'])) {
            $dsn = "$options[prefix]:localhost";
        } else {
            $dsn = 'mysql:host=localhost';
        }
        if (strpos($dsn, ';dbname=') === FALSE) {
            $dsn .= ";dbname=$dbName";
        }
        $db = new PDO($dsn, $user, $pw, $options);
        break;
    default:
        if (isset($options['dsn'])) {
            $dsn = $options['dsn'];
        } else {
            $dsn = 'localhost';
        }
        $db = new $type($dsn, $user, $pw, $dbName);
        break;
    }
    return $db;
}

which lets other scripts pick the DB driver and set driver options.

 

[god2234]

Can anyone help me out with php login scritp for visitors.

Thanks

 

[misson]

Can anyone help me out with php login scritp for visitors.

Don't threadjack. Start your own, but not until you've searched the forums and the web for an answer.

If and when you start a thread, follow the guidelines in "How To Ask Questions The Smart Way". Use a descriptive subject line. Describe the software environment you're using. Describe the requirements. Be specific. You can't solve a problem until you understand it, and neither can we.

 

[tigra123]

C'mon, you don't really need my help on this one, do you? Where you you think the username "$username" is coming from?

ok I take your point, of course i dont, got it thanks!

By the way, this problems illustrates one reason you shouldn't scatter the DB connection code across multiple scripts: by doing so, you increase the chance of typos and other errors. You should reduce code repetition. The other reason is security; each script containing your DB username needs to be readable only by you (permissions mode 0600). If you don't do this, anyone who's on the same server can read the script contents and get your DB username & password.

Excellent point and i am addressing this and realising how vulnerable code can be!

To address both these issues, create a script called (e.g.) "localDB.php" and in it place a single function that creates a connection to the local DB server. Change the permissions for localDB.php using cPanel or your FTP client to give your account read access with all other access disabled. The script can be as simple as:

iam working on the above. Many many thanks . Your sensible and accurate guidance has been inspirational:biggrin:
I believe I can donate credits to you - going to do this now.

 

[laxmans789]

go to php.com for help