Jump to content
Killersites Forums

$Name data not making into database


webguync
 Share

Recommended Posts

Hello,

 

In a MySQL database I have a users table set up with name, username and password fields.

 

I have a simple login form with username and password fields. The action for the form is set to run the following code which retrieves the name,username and password via SQL and echoes a welcome $name. Code below.

<?php
ini_set("display_errors","1");
ERROR_REPORTING(E_ALL);
session_start();
$con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error());

mysql_select_db("DBName") or die(mysql_error());


// Same checking stuff all over again.
if(isset($_POST['submit'])) {
  if(empty($_POST['username']) || empty($_POST['password']) ) {
   echo "Please fill in both your username and password to access your exam results.";
     echo "";
               exit;
  }
  // Create the variables again.

  $username = mysql_real_escape_string($_POST['username']);
  $password = $_POST['password'];

  // Encrypt the password again with the md5 hash. 
  // This way the password is now the same as the password inside the database.
  //$pwid = md5($pwid);

  // Store the SQL query inside a variable. 
  // ONLY the username you have filled in is retrieved from the database.
  $query = "SELECT username,password,name
          FROM   Editor_Candidates
          WHERE
          password = '$password'
          AND
          username='$username'";

  $result = mysql_query($query) or die(mysql_error());
  if(mysql_num_rows($result) == 0) { 
     // Gives an error if the username/pw given does not exist.
     // or if something else is wrong.
    echo "You have entered a username or password that does not match our database records. please try again. You will be redirected back to the login screen in 5 seconds. " . mysql_error();
echo "";
exit();
/*
this would benefit from a redirect to a page giving better information to
the user and maybe logging some errors.
*/
  } else {
     // Now create an object from the data you've retrieved.
     $row = mysql_fetch_object($result);
     // You've now created an object containing the data.
     // You can call data by using -> after $row.
     // For example now the password is checked if they're equal.

     // By storing data inside the $_SESSION superglobal,
     // you stay logged in until you close your browser.

  $_SESSION['name'] = $row->name;
    $_SESSION['username'] = $username;
     $_SESSION['sid'] = session_id(); 
     // Make it more secure by storing the user's IP address.
     $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
     // Now give the success message.
     // $_SESSION['username'] should print out your username.

//move this to after your redirect further below..
//Update record with current time IF the account has never logged in before
echo "
$query = "UPDATE `Editor_Candidates`
         SET `login_timestamp` = NOW()
         WHERE `username` = '$username'
           AND `password` = '$password'
           AND login_timestamp = '';"; 
";
$result = mysql_query($query) or die(mysql_error()); 

//Check if query ran succesfully

  }
}

// Start a session. If not logged in will be redirected back to login screen.

if(!isset($_SESSION['username'])){
header("Location:EditorLogin.php");
exit;
}
echo "Welcome! You are now logged in " . $_SESSION['name'] . "";


?>

 

this works well enough, and also on this page (test.php), I have another form where the user submits information into a MySQL database. Their is a field set up for $name, but this info isn't carrying over into the database. The submit code is:

 



<?php
session_start();
$_SESSION['name'] = $row->name;
$con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error());
mysql_select_db("ETSI_Internal") or die(mysql_error());
$name = $_SESSION['name'];
$name=mysql_real_escape_string($_POST['name']); //This value has to be the same as in the HTML form file
$A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file
$A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file
$A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file
$A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file
$A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file
$A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file
$A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file
$A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file
$A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file
$sql="INSERT INTO Responses (name,Answer1,Answer2,Answer3,Answer4,Answer5,Answer6,Answer7,Answer8,Answer9) VALUES ('$name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved.
name and email are the respective table fields*/
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "The answer was submitted successfully";
mysql_close($con);
?>


 

anyone know why the name variable info isn't sticking in the database?

Link to comment
Share on other sites

Hi I given this another try and changed the field from 'name' to 'editor_name'. I can get the info to echo out correctly after the form is submitted, but the info for the field editor_name still doesn't make it into the database. Here is my updated code.

 

<?php
session_start();
$_SESSION['editor_name'] = $row->editor_name;
$con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error());
mysql_select_db("ETSI_Internal") or die(mysql_error());
$editor_name = $_SESSION['editor_name'];
$editor_name=mysql_real_escape_string($_POST['editor_name']); //This value has to be the same as in the HTML form file
$A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file
$A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file
$A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file
$A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file
$A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file
$A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file
$A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file
$A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file
$A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file
$sql="INSERT INTO Responses (`editor_name`,`Answer1`,`Answer2`,`Answer3`,`Answer4`,`Answer5`,`Answer6`,`Answer7`,`Answer8`,`Answer9`) VALUES ('$editor_name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved.
name and email are the respective table fields*/
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "The answer was submitted successfullynbsp;nbsp;" . $_SESSION['editor_name'] . "";
mysql_close($con);
?>

 

any more ideas?

Edited by webguync
Link to comment
Share on other sites

are you getting the "The answer was submitted successfully" message?

 

add echo $sql and post the command here

 

yes, the success msg is coming through. The SQL echoed out is:

 

INSERT INTO Responses (`editor_name`,`Answer1`,`Answer2`,`Answer3`,`Answer4`,`Answer5`,`Answer6`,`Answer7`,`Answer8`,`Answer9`) VALUES ('','ANSWER 1','ANSWER 2','ANSWER 3','ANSWER 4','ANSWER 5','ANSWER 6','ANSWER 7','ANSWER 8','ANSWER 9')

 

all the answer values come through fine, but not the editor_name.

Link to comment
Share on other sites

Let's see your HTML form source code. I'm guessing you forgot to change the original form to name='editor_name'.

 

ps: and you don't need those session lines about editor_name

 

 

the editor_name value is never entered in the login form, but is retrived via SQL from the database.

 

$query = "SELECT username,password,editor_name
          FROM   Editor_Candidates
          WHERE
          password = '$password'
          AND
          username='$username'";

 

and then stored using the session code, or so I thought.

Link to comment
Share on other sites

To repeat my earlier question... have you checked that this line is actually returning the correct information?

 

 $_SESSION['editor_name'] = $row->editor_name;

 

If it's returning blank, that's the source of your problem, not the form or the rest of the script.

 

 

Well, when I added error reporting and echoed out the variable I get this:

 

Notice: Undefined variable: row in path/to/file on line 7

Notice: Undefined index: editor_name in path/to/file on line 10
Success! Your answers were submitted [variable name should have echoed here]

 

not sure what I am doing wrong though with defining the variable

Link to comment
Share on other sites

To be honest, I'm a little confused by this line (and apparently the editor is too):

 

 $_SESSION['editor_name'] = $row->editor_name;

 

According to the code, you are setting the 'editor_name' variable to the value the "editor name" variable within the $row object. But I'm not seeing the $row object initiated anywhere...?

 

Usually you'd need something like:

 

$row = new Row();

Link to comment
Share on other sites

To be honest, I'm a little confused by this line (and apparently the editor is too):

 

 $_SESSION['editor_name'] = $row->editor_name;

 

According to the code, you are setting the 'editor_name' variable to the value the "editor name" variable within the $row object. But I'm not seeing the $row object initiated anywhere...?

 

Usually you'd need something like:

 

$row = new Row();

 

 

so, would I need to add

 

$row = new row();

 

before

 

$_SESSION['editor_name'] = $row->editor_name;

 

?

Link to comment
Share on other sites

Possibly...? I don't know what code the object contains, and exactly how you initialize it depends on that code.

 

 

guess not, as that produces this error.

 

Fatal error: Cannot instantiate non-existent class: row in path/to/file on line 7

 

the session variable is working on the previous page to the submit page, as it is echoing out correctly. It's only wen the info is submitted is when it is not coming though. I can post all the code I have again if need be.

Link to comment
Share on other sites

I looked at the code you posted in the first post, and it appears like you are simply copying/pasting this line from your login form:

 

$_SESSION['editor_name'] = $row->editor_name;

 

Assuming that you sent the $_SESSION['editor_name'] variable within the login page, you shouldn't need to re-set that information -- it should already exist.

 

Try this:

 

Assuming this is your existing file:

 

?php
session_start();
$_SESSION['editor_name'] = $row->editor_name;
$con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error());
mysql_select_db("ETSI_Internal") or die(mysql_error());
$editor_name = $_SESSION['editor_name'];
$editor_name=mysql_real_escape_string($_POST['editor_name']); //This value has to be the same as in the HTML form file
$A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file
$A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file
$A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file
$A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file
$A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file
$A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file
$A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file
$A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file
$A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file
$sql="INSERT INTO Responses (`editor_name`,`Answer1`,`Answer2`,`Answer3`,`Answer4`,`Answer5`,`Answer6`,`Answer7`,`Answer8`,`Answer9`) VALUES ('$editor_name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved.
name and email are the respective table fields*/
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "The answer was submitted successfullynbsp;nbsp;" . $_SESSION['editor_name'] . "";
mysql_close($con);
?>

 

change it to:

 

?php

session_start();
echo $_SESSION['name'];

?>

 

Log in to your web application (this should set the SESSION variables) and then access that page. The page should have the SESSION variable printed on it.

 

If it does, then change your code to:

 

?php
session_start();
$con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error());
mysql_select_db("ETSI_Internal") or die(mysql_error());
$editor_name =  $_SESSION['name'];
$A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file
$A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file
$A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file
$A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file
$A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file
$A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file
$A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file
$A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file
$A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file
$sql="INSERT INTO Responses (`editor_name`,`Answer1`,`Answer2`,`Answer3`,`Answer4`,`Answer5`,`Answer6`,`Answer7`,`Answer8`,`Answer9`) VALUES ('$editor_name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved.
name and email are the respective table fields*/
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "The answer was submitted successfullynbsp;nbsp;" . $_SESSION['editor_name'] . "";
mysql_close($con);
?>

 

Try that and get back to me.

Link to comment
Share on other sites

$editor_name = $_SESSION['name'];

 

 

ok, thanks. I did the echo $editor_name; and it works as expected.

 

When I add $editor_name = $_SESSION['editor_name'];

 

I get this error: Notice: Undefined index: editor_name in path/to/file on line 8

 

Is adding a hidden input field to my form the answer? I tried this and don't get the error, but it doesn't insert the variable into MySQL just the name 'editor_name'.

 

Link to comment
Share on other sites

When I add $editor_name = $_SESSION['editor_name'];

 

I get this error: Notice: Undefined index: editor_name in path/to/file on line 8

 

Are the $_SESSION['editor_name']; and $_SESSION['name']; supposed to hold different values? My impression was that you changed the name of the variable to "editor_name" trying to get it to work -- not because there was any real reason to change it.

 

Assuming you don't set $_SESSION['editor_name']; on the login page (within this snippet of code:)

 

$_SESSION['name'] = $row->name;
    $_SESSION['username'] = $username;
     $_SESSION['sid'] = session_id(); 
     // Make it more secure by storing the user's IP address.
     $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
     // Now give the success message.
     // $_SESSION['username'] should print out your username.

 

Yes, it will generate an error. You just need to use $_SESSION['name']; rather than $_SESSION['editor_name'];

 

I'd avoid using a hidden field if you don't have to. You should be able to get this to work with a session variable.

Link to comment
Share on other sites

When I add $editor_name = $_SESSION['editor_name'];

 

I get this error: Notice: Undefined index: editor_name in path/to/file on line 8

 

Are the $_SESSION['editor_name']; and $_SESSION['name']; supposed to hold different values? My impression was that you changed the name of the variable to "editor_name" trying to get it to work -- not because there was any real reason to change it.

 

Assuming you don't set $_SESSION['editor_name']; on the login page (within this snippet of code:)

 

$_SESSION['name'] = $row->name;
    $_SESSION['username'] = $username;
     $_SESSION['sid'] = session_id(); 
     // Make it more secure by storing the user's IP address.
     $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
     // Now give the success message.
     // $_SESSION['username'] should print out your username.

 

Yes' date=' it will generate an error. You just need to use $_SESSION['name'']; rather than $_SESSION['editor_name'];

 

I'd avoid using a hidden field if you don't have to. You should be able to get this to work with a session variable.

 

 

oh yea, I did change everything to editor_name trying to get it to work, and that includes on the login page where I now have:

 

$_SESSION['editor_name'] = $row->editor_name;

     $_SESSION['sid'] = session_id(); 

 

so since I changed everything to $editor_name, what I posted should work, no?

Link to comment
Share on other sites

so since I changed everything to $editor_name, what I posted should work, no?

 

I believe so...?

 

To recap, this works for you (the editor name gets printed to the page):

 

?php

session_start();
echo $_SESSION['editor_name'];

?>

 

But this will generate an error?

 

?php

session_start();
$editor_name = $_SESSION['editor_name'];

?>

 

If so, that doesn't really make sense to me...

Link to comment
Share on other sites

Well, if this isn't working:

 

?php

session_start();
echo $_SESSION['editor_name'];

?>

 

The error indicates that the $_SESSION['editor_name'] variable doesn't exist. You are logging in to your web application before you test this page, correct? You have to access the login page and set the session variable before you can use it.

Link to comment
Share on other sites

Well, if this isn't working:

 

?php

session_start();
echo $_SESSION['editor_name'];

?>

 

The error indicates that the $_SESSION['editor_name'] variable doesn't exist. You are logging in to your web application before you test this page, correct? You have to access the login page and set the session variable before you can use it.

 

 

yes and it does work on the previous page as I have this code which correctly echoes out the login info.

 


<?php
echo "Welcome! You are now logged in " . $_SESSION['editor_name'] . "";
?>

Link to comment
Share on other sites

I'm not sure why that isn't working for you... As far as I know, if you have it working on the previous page, the $_SESSION['editor_name'] should be available for use. Probably the only way I can help you more on this is if you send me the code and a dump of the database to my email. (I can PM you my email if you are interested).

 

Otherwise... you may be able to use s hidden field instead. Rather than

 

 

try this:

 

 

This of course assumes that the $_SESSION['editor_name'] variable is set.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...