[mawwty]

hi,

i have succesfully set up mysql & php so that when a user enters their name and sport preference it stores it in my mysql database.

What i want to do now is enter all their names into a the mysql databse and assign each person a unique number.

on the website when the person enters this unique number it would like it to auto fill their name in and all they need to do is select their sport.

Any help would be appreciated

<?php
$con = mysql_connect("DBHOST","DBUSER","PASS")
  or die(mysql_error('Cannot connect'));


mysql_select_db("DBUSER", $con); //Replace with your MySQL DB Name
$firstname=mysql_real_escape_string($_POST['firstname']); //This value has to be the same as in the HTML form file
$lastname=mysql_real_escape_string($_POST['lastname']); //This value has to be the same as in the HTML form file
$sport=mysql_real_escape_string($_POST['sport']); //This value has to be the same as in the HTML form file


$sql="INSERT INTO weddingtable (firstname,lastname,sport) VALUES ('$firstname','$lastname','$aport')"; /*form_data is the name of the MySQL table where the form data will be saved.name and email are the respective table fields*/
 
if (!mysql_query($sql,$con)) {
 die('Error: ' . mysql_error());
 
}
   header ('Location: **');


mysql_close($con);
?>

[FizixRichard]

Sorry, explain this again a bit more clearly. What exactly do you want to do? Explain how it will look and flow and what its for. Give it some context.


You are storing a forename, surname and a sport preference???

You then want the user to be able to enter their unique ID (userid?) and it shows their forename, surname and sport preference?


If so, well you should have a unique id in the table you are storing the form details in, so you'd use that as the unique id and fetch the record?

Or do you mean you have a separate user table and want to link them?

[mawwty]

FizixRichard, on 26 January 2012 - 03:57 PM, said:

Sorry, explain this again a bit more clearly. What exactly do you want to do? Explain how it will look and flow and what its for. Give it some context.


You are storing a forename, surname and a sport preference???

You then want the user to be able to enter their unique ID (userid?) and it shows their forename, surname and sport preference?


If so, well you should have a unique id in the table you are storing the form details in, so you'd use that as the unique id and fetch the record?

Or do you mean you have a separate user table and want to link them?

thanks for your prompt reply.

In the database i want to have 4 fields: unique ID, first name, surname, sport preference.

I am going to enter the unique ID, first name & surnames into the mysql database.

On the form on the website I have
unique id ____
first name _____
Surname ______
Sport prefernce _____


I will be giving the user their ID so when they fill in the ID it will display their name and surname automatically (as its stored in the database so yes I want the unique ID to fetch the name.

They then need to select their sports preference. Once thats done and click submit the sports preference is added to the field beside their name in the mysql database.

[FizixRichard]

As I see.


Well thats quite easy, you'll need to use jQuery and fetch the data from the database once the ID field is completed.

So, your form will be a normal form.


First:
You'll want the jQuery plugin: http://jquery.com/

Include that in your HTML head.


Then on the form:
In the ID input you want some javascript, that will call a function when the user looses focus.
This javascript will take the entered ID, query the database and return the forename and surname, populating the forename and surname fields.



So, some code, a kind of example...

The form itself, that ID input field will have something like this in it:

<input type="text" name="userid" value="" id="userid" onblur="fetch_account();" />

You'll want an id/name on the form (in this example we will call it "signupForm", you'll want to name it something more relevant to you.


Then you'll have a JS file which has a function in it called fetch_account()

This is untested, quick example I've just ripped apart and adapted (simplified) from a check username (form side) function I have in an application.

// This fetches a users account.
// You have two options, return the account as a delimited string (i.e. forename:surname) and split it out OR make two calls, one for forename, one for surname.
// I'm doing one call for forename.

// Also, the ajax.php script wants to simply accept the do (action) and userid (in practice you'd use POST and probably some kind of security on it)
// Then that method in the php script will query the DB and echo out the result, returning 0 for no account found.
function fetch_account() 
{
	// Get the ID the user entered in the form
	var userid = document.signupForm.userid.value.toLowerCase();

	// Trim any white space from the beginning and end
	userid = jQuery.trim(userid);


	// Get the users details from the DB (you'll want to do this by POST in a live environment)
	var url = "http://example.com/api/ajax.php?do=fetch_forename&userid=" + userid;


	// For non IE Browsers (process the request)
	if (window.XMLHttpRequest) 
	{ 
		req = new XMLHttpRequest(); 
		
		// The function to call on state change
		req.onreadystatechange = processForename; 
		
		// Perform the request on the script (url)
		try 
		{
	       	req.open("GET", url, true);
		}
		catch (e) 
		{
			// Show the error (as an alert popup, you'll want to probably update the form with a message in red)
    	   	alert(e);
    	}
		
		req.send(null); 	  
	} 	
	
	
	// For IE
	else if (window.ActiveXObject)
	{
		req = new ActiveXObject("Microsoft.XMLHTTP");
      
	  	// Perform the request
	  	if (req) 
		{
        	req.onreadystatechange = processForename;
   	     	req.open("GET", url, true);
   	     	req.send();
		} 
	}
}




// This function processes the response from that call we made in the previous function (for forename, you'll want a seperate one for surname)
function processForename() 
{
    if(req.readyState == 4) 
	{ 
		// Complete
        if(req.status == 200) 
		{ 
			// OK response (we have the response)
			
			// If the response responseText is 0, means the ID didnt exist
			if(req.responseText == "0")
			{
				// We do something to tell the user that this userid doesnt exist, such as set a DIV with the id "feedback-userid" to an error
			 	document.getElementById("feedback-userid").innerHTML="<p style=\"width: 400px;\" id=\"feedback\">This userid does not exist.</p>";
			}
			else
			{
				// All is well, set the form var (the response from that script will either be the forename or 0, we caught a 0 above, so this is the forename.
				// Assume the forms forename field is called "forename" (as in id="forename")
				document.signupForm.elements["forename"].value = req.responseText;
				
			}
		} 
		else 
		{
			// Something went wrong, i.e. the API failed
			document.getElementById("feedback-userid").innerHTML="<p style=\"width: 400px;\" id=\"feedback\">" +  req.statusText + "</p>";
        }
    }
} 

As I've ripped a load of code out, I'm not sure whether this will just work, but it reveals the kind of process. This particular code originally checked an entered username and recoloured the username label in a signup form as green or red (and changed and image to either a tick or red cross).

The method however is the same, call a JS function, call a PHP script, passing the userid to it and handling the scripts response.

There are other ways, this will work fine though. You'll want to add some security and tidy it up as the above is a bit of a hack job. lol

This post has been edited by FizixRichard: 26 January 2012 - 05:01 PM

[ReformedGeek]

Can I ask how complex the user id is going to be? If I'm assigned a number like 113, all I need to do is start entering numbers and start getting at your user information. I realise that this is a straight forward application, but I'm for building a secure system no matter what it is.

[mawwty]

I have created a form when user enters username and password it compares it against the mysql databse. The code for the php is written below.

I have entered a username and password into the form and when i click login I am getting 'Invalid username or password' even though it is correct.

Can some have a look at the code and tell me what I am doing wrong. All databse field names etc are all correct.

thank you

<?php 
$host = '***'; // Host name Normally 'LocalHost'
$user = '***'; // MySQL login username
$pass = '****'; // MySQL login password
$database = '***'; // Database name
$table = '****'; // Members name
 
mysql_connect($host, $user, $pass);
mysql_select_db($database);





$username = mysql_real_escape_string($_POST['username']);
$password = hash('sha512', $_POST['password']);
 
$result = mysql_query("SELECT * FROM $table WHERE username = '$username' AND password = '$password'
");


if(mysql_num_rows($result))
{
  // Login
  session_start();
  $_SESSION['username'] = htmlspecialchars($username); // htmlspecialchars() sanitises XSS
}
else
{
  // Invalid username/password
  echo '<p><strong>Error:</strong> Invalid username or password.</p>';
}
 
// Redirect
header('Location: http://www.****.com/loggedin.php');
exit;

?>

[mawwty]

nevermind got it working