[Make Me A Website]

Hi Guys,

I'm trying to create a page where i can add new users to a database

my code is

<?php
$connection = mysql_connect("***","***","***"); // Mysql Connection

if (!$connection)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("***", $connection);
	

$sql="INSERT INTO 'users' (id, username, hashed_password, full_name)
VALUES ( NULL, '$_POST[username]','$_POST[hashed_password]', '$_POST[fullname]')";
	
if (!mysql_query($sql,$connection))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($connection)
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Add New User</title>
</head>

<body>
<form action="add_user.php" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="hashed_password" /><br />
Fullname: <input type="text" name="fullname"	 /><br />
<input type="submit" />
</form>
</body>
</html>

I have ***'s out my login details and database name, but can anyone see why i get an error when i load the page

I look forward to hearing your response

Kind Regards

Shane

[Jay Gilford]

can you echo out your SQL query before running it? chances are that you're not passing the right values (or the POST values aren't being converted inside the string)

[Jay Gilford]

Also what is the error that mysql is giving?

[Make Me A Website]

i'm getting an internal server error

500 - Internal server error.

i cannot even load the page

any ideas?

[notbanksy]

It might be that you're trying to enter a NULL value into the id field. If it's the primary key and set to auto_increment, it won't like this. Try changing your code to:

$sql="INSERT INTO 'users' (username, hashed_password, full_name)
VALUES ( '$_POST[username]','$_POST[hashed_password]', '$_POST[fullname]')";

[Jay Gilford]

If you're getting an internal server area it's nothing to do with your php, have you edit a htaccess file? If not, contact your host since its a problem with your apache server

Also, the NULL value should be fine if the field is set to auto increment

[Make Me A Website]

Quote

It might be that you're trying to enter a NULL value into the id field. Try changing your code to this:

$sql="INSERT INTO 'users' (username, hashed_password, full_name)
VALUES ( '$_POST[username]','$_POST[hashed_password]', '$_POST[fullname]')";

Have changed the code, still cant view the page, still getting the 500 error,

its very strange, i can manually enter the values in the above code and it works fine, but as soon as i change the code to pick up information from the form it doesnt work.

an ideas?

P.s The ID is autoincrement so i can use NULL

[pat24]

Hi

there is no need for single quotes around your table, users

$sql="INSERT INTO 'users' (id, username, hashed_password, full_name)
VALUES ( NULL, '$_POST[username]','$_POST[hashed_password]', '$_POST[fullname]')";

Remove the single quotes from users and see what you get

[Make Me A Website]

Quote

Hi

there is no need for single quotes around your table, users

$sql="INSERT INTO 'users' (id, username, hashed_password, full_name)
VALUES ( NULL, '$_POST[username]','$_POST[hashed_password]', '$_POST[fullname]')";

Remove the single quotes from users and see what you get

Have done this, still getting error

[Make Me A Website]

ok, it looks like its my host

however, i have uploaded to another server, each time the page loads it adds a record to the table? any idea why? and how to stop it?

[pat24]

Make Me A Website, on 08 March 2010 - 08:14 PM, said:

ok, it looks like its my host

however, i have uploaded to another server, each time the page loads it adds a record to the table? any idea why? and how to stop it?

easiest way its to split the file, save all the php code as checkform.php or something then change the form action on your html to checkform.php

[andyl]

Make Me A Website, on 08 March 2010 - 08:14 PM, said:

ok, it looks like its my host

however, i have uploaded to another server, each time the page loads it adds a record to the table? any idea why? and how to stop it?

Because you've not added a condition which checks for any posted data...so the PHP executes every page load.
Use this code:

<?php
if (isset($_POST['submit'])){
$connection = mysql_connect("***","***","***"); // Mysql Connection

if (!$connection)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("***", $connection);
        

$sql="INSERT INTO 'users' (id, username, hashed_password, full_name)
VALUES ( NULL, '$_POST[username]','$_POST[hashed_password]', '$_POST[fullname]')";
        
if (!mysql_query($sql,$connection))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($connection)
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Add New User</title>
</head>

<body>
<form action="add_user.php" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="hashed_password" /><br />
Fullname: <input type="text" name="fullname"     /><br />
<input type="submit" name="submit" />
</form>
</body>
</html>

pat24, on 08 March 2010 - 09:04 PM, said:

easiest way its to split the file, save all the php code as checkform.php or something then change the form action on your html to checkform.php

Good advice, I second this. Even better would be to include checkform.php and set action="" in the form.

[rallport]

pat24, on 08 March 2010 - 08:06 PM, said:

Hi

there is no need for single quotes around your table, users

$sql="INSERT INTO 'users' (id, username, hashed_password, full_name)
VALUES ( NULL, '$_POST[username]','$_POST[hashed_password]', '$_POST[fullname]')";

Remove the single quotes from users and see what you get

You're troubleshooting the wrong area. His script isn't even getting to the stage of execting a mysql query. The problem most likely lies at a higher level - e.g. his host.

Could even the fact you haven't added an if statement to catch your form submit(assuming your script isn't called 'add_user.php' og curse)

[pat24]

rallport, on 08 March 2010 - 10:07 PM, said:

You're troubleshooting the wrong area. His script isn't even getting to the stage of execting a mysql query. The problem most likely lies at a higher level - e.g. his host.

Could even the fact you haven't added an if statement to catch your form submit(assuming your script isn't called 'add_user.php' og curse)

those comments have already been covered throughout the whole thread

[Jay Gilford]

Yes they have been covered so I don't understand why you continued to try and debug PHP even after he said it was the hosting

[pat24]

Jay Gilford, on 08 March 2010 - 11:43 PM, said:

Yes they have been covered so I don't understand why you continued to try and debug PHP even after he said it was the hosting

where exactly have i carried on debugging after the hosting was found to be the problem

[Jay Gilford]

pat24, on 08 March 2010 - 09:04 PM, said:

easiest way its to split the file, save all the php code as checkform.php or something then change the form action on your html to checkform.php

Here when you even quoted his post of saying it was the host

[pat24]

Make Me A Website, on 08 March 2010 - 08:14 PM, said:

ok, it looks like its my host

however, i have uploaded to another server, each time the page loads it adds a record to the table? any idea why? and how to stop it?

I think he is asking a totally different question/s here.

[andyl]

pat24, on 08 March 2010 - 11:52 PM, said:

I think he is asking a totally different question/s here.

This is true, I answered the new questions in my previous post. He was wondering why the PHP was being executed on every page load, not just when the forum was submitted. I posted a solution above.

The new question(s) he asked were:

Quote

each time the page loads it adds a record to the table? any idea why? and how to stop it?

[craigpettit]

This is a problem i have seen when my host is on a windows server... try switching it to linux if it is on windows and this may resolve your issue.

[andyl]

He has already resolved the original problem regarding a hosting issue.
The new problem is that of PHP code

[Jay Gilford]

andyl, on 09 March 2010 - 01:50 PM, said:

He has already resolved the original problem regarding a hosting issue.
The new problem is that of PHP code

Yup, and Andy has posted the right solution for that too so this should be completely done

[Make Me A Website]

Hi Guys,



My inital question was answered and i've been able to load the page.

I have asked a second question which was how to i prevent the query from submitting when the page loads.

i hope this clears up any confusion

Kind Regards

Shane

[andyl]

Make Me A Website, on 09 March 2010 - 02:30 PM, said:

Hi Guys,



My inital question was answered and i've been able to load the page.

I have asked a second question which was how to i prevent the query from submitting when the page loads.

i hope this clears up any confusion

Kind Regards

Shane

I've answered your second question above...

Because you've not added a condition which checks for any posted data...so the PHP executes every page load.
Use this code:

<?php
if (isset($_POST['submit'])){
$connection = mysql_connect("***","***","***"); // Mysql Connection

if (!$connection)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("***", $connection);
        

$sql="INSERT INTO 'users' (id, username, hashed_password, full_name)
VALUES ( NULL, '$_POST[username]','$_POST[hashed_password]', '$_POST[fullname]')";
        
if (!mysql_query($sql,$connection))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($connection)
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Add New User</title>
</head>

<body>
<form action="add_user.php" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="hashed_password" /><br />
Fullname: <input type="text" name="fullname"     /><br />
<input type="submit" name="submit" />
</form>
</body>
</html>

[Make Me A Website]

Quote

I've answered your second question above...

Because you've not added a condition which checks for any posted data...so the PHP executes every page load.
Use this code:

<?php
if (isset($_POST['submit'])){
$connection = mysql_connect("***","***","***"); // Mysql Connection

if (!$connection)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("***", $connection);
        

$sql="INSERT INTO 'users' (id, username, hashed_password, full_name)
VALUES ( NULL, '$_POST[username]','$_POST[hashed_password]', '$_POST[fullname]')";
        
if (!mysql_query($sql,$connection))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($connection)
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Add New User</title>
</head>

<body>
<form action="add_user.php" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="hashed_password" /><br />
Fullname: <input type="text" name="fullname"     /><br />
<input type="submit" name="submit" />
</form>
</body>
</html>

I have tried this code, it send back the following error
"Parse error: syntax error, unexpected '}' in /.../add_user.php on line 29"

please see below my revised code, only has a couple of tweeks

<?php
if (isset($_POST['submit'])){
$connection = mysql_connect("***","****","***"); // Mysql Connection


if (!$connection)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("***", $connection);
	
	$username = $_POST[username];
	$password = $_POST[password];
	$fullname = $_POST[fullname];
	$hashed_password = sha1($password);

$sql="INSERT INTO users (id username, hashed_password, full_name)
VALUES ( NULL, '$username','$hashed_password', '$fullname')";
	
if (!mysql_query($sql,$connection))
  {
  die('Error: ' . mysql_error());
  }

echo "1 record added";

mysql_close($connection)
} //this is line 29
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Add New User</title>
</head>

<body>
<form action="add_user.php" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
Fullname: <input type="text" name="fullname"	 /><br />
<input type="submit" name="submit" />
</form>
</body>
</html>

[andyl]

You were missing a semi-colon after mysql_close($connection)

Here is the working code:

<?php
if (isset($_POST['submit'])){
$connection = mysql_connect("***","****","***"); // Mysql Connection


if (!$connection)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("***", $connection);
        
        $username = $_POST[username];
        $password = $_POST[password];
        $fullname = $_POST[fullname];
        $hashed_password = sha1($password);

$sql="INSERT INTO users (id username, hashed_password, full_name)
VALUES ( NULL, '$username','$hashed_password', '$fullname')";
        
if (!mysql_query($sql,$connection))
  {
  die('Error: ' . mysql_error());
  }

echo "1 record added";

mysql_close($connection);
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Add New User</title>
</head>

<body>
<form action="add_user.php" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
Fullname: <input type="text" name="fullname"     /><br />
<input type="submit" name="submit" />
</form>
</body>
</html>

[Make Me A Website]

that doesn't work, it says cannot connect to database ??any ideas?

[Jay Gilford]

Did you change the *** back to your original details?

[Make Me A Website]

yeah

[Jay Gilford]

There are a few possible reasons for not connecting then. Either the credentials are incorrect, the mysql server is not running you are trying to use a domain rather than localhost and the domain is refusing the connection

[Make Me A Website]

could it be that the mysql server is on a windows host and the page is on a linux host?

[Jay Gilford]

As I said above, if the two are on separate servers you need to make sure that the mysql server allows the remote connections to the database. You should really have both on the same server for optimal performance. With your mysql server, check with your host that you can use remote connections to access it. If you can't you'll need to move it to a server that will allow it or to the linux one as I stated above

[Geeks]

This is kind of a question and tip at the same time, as I am self taught.

as a side note, I believe you should be checked for SQL Injection

$username = mysql_real_escape_string($_POST[username]);
$fullname = mysql_real_escape_string($_POST[fullname])

;