Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => General

code check please

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

code check please

Postby wckf » Wed Mar 27, 2013 8:01 am

what is wrong with this code !!!
if(isset($_POST["name"])&&isset($_POST["email"])&&isset($_POST["pnumber"])&&($_POST["address"])){

$name = $_POST["name"];
$email = $_POST["email"];
$pnumber= $_POST["pnumber"];
$address = $_POST["address"];

if (!empty($name)&& !empty($email)&& !empty($pnumber)&& !empty($address)) {
$query= "SELECT 'Name' FROM 'customer' WHERE 'Name'='$name'";
$query_run = mysql_query($query);

if (mysql_num_rows($query_run)==1){
echo $name.'already exists.';
} else {
$query = "INSERT INTO customer values()" ;
}
}

else{
echo " all fields are required";

}

}
wckf
New php-forum User
New php-forum User
 
Posts: 15
Joined: Wed Mar 27, 2013 7:59 am

Re: code check please

Postby Strider64 » Wed Mar 27, 2013 9:22 am

First you need to do something like the following....

Code: Select all
<?php
   if (isset($_POST['action']))
   {
      if ($_POST['action'] == 'login')
      {
         echo $username = $_POST['username'] . "<br />";   // I just added the . "<br />" for better clarity.
      }
      
   }





?>






<form class="login-form" action="" method="post">
                                     
       <input type="hidden" name="action" value="login" >
     
       <label class="input-style" for="username">User Name</label>
       <input type="text" onfocus="if (this.value == 'User Name') this.value = '';" value="User Name" name="username" id="username" >
       <br>
       <label class="input-style" for="password">Password</label>
       <input type="password" name="password" id="password" value="" >
       <br>                 
     
       <input type="submit" id="login" value="Login" >
       <a class="link-style" href="captcha.php" target="_self">Register?</a>
 </form>


I would suggest get where you can get user input and then worry about database, when you do I the database portion I would suggest using mysqli or PDO (Most People recommend PDO).
User avatar
Strider64
New php-forum User
New php-forum User
 
Posts: 57
Joined: Sat Mar 23, 2013 8:24 am

Re: code check please

Postby wckf » Wed Mar 27, 2013 9:28 am

Thnk your for your help
actually my problem now is with this line of code :

$query= "SELECT 'Name' FROM 'customer' WHERE 'Name'='$name'";
$query_run = mysql_query($query);

if (mysql_num_rows($query_run)==1){
echo $name.'already exists.';
}


thanks:)
wckf
New php-forum User
New php-forum User
 
Posts: 15
Joined: Wed Mar 27, 2013 7:59 am

Re: code check please

Postby seandisanti » Wed Mar 27, 2013 10:14 am

1) The column name should not be quoted. Single quotes in sql indicate a literal string, column names are basically constants, and as such do not require quotes.
2) Variable names within single quotes are not substituted with their value, they're left as they appear, so in this case you're literally looking for someone named '$name' which is not super likely to hit a match. the line should read:
Code: Select all

$query
="SELECT Name FROM customer WHERE Name='" $name "'"
 

3) mysql_ functions are deprecated and will probably not be around much longer. please look into PDO, or at the very least mysqli. both are faster and more secure, but PDO is the way to go for your database interactions.
http://jream.com/learning/videos/php-oo ... o-examples there's a 12 minute crash course in PDO that will get you up and running.

4) ESCAPE YOUR STRINGS if you use mysql_ or mysqli_ functions, you should be using _real_escape_string() for your string values, or with pdo you can do PDO->quote() to protect yourself from sql injection.
seandisanti
php-forum Fan User
php-forum Fan User
 
Posts: 838
Joined: Mon Oct 01, 2012 12:32 pm


Return to PHP coding => General

Who is online

Users browsing this forum: Google [Bot] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron