what is wrong with this code !!!
if(isset($_POST["name"])&&isset($_POST["email"])&&isset($_POST["pnumber"])&&($_POST["address"])){
$name = $_POST["name"];
$email = $_POST["email"];
$pnumber= $_POST["pnumber"];
$address = $_POST["address"];
if (!empty($name)&& !empty($email)&& !empty($pnumber)&& !empty($address)) {
$query= "SELECT 'Name' FROM 'customer' WHERE 'Name'='$name'";
$query_run = mysql_query($query);
if (mysql_num_rows($query_run)==1){
echo $name.'already exists.';
} else {
$query = "INSERT INTO customer values()" ;
}
}
else{
echo " all fields are required";
}
}
code check please
Moderators: egami, macek, gesf
- Strider64
- php-forum Active User
- Posts: 315
- Joined: Sat Mar 23, 2013 8:24 am
- Location: Livonia, MI
- Contact:
First you need to do something like the following....
I would suggest get where you can get user input and then worry about database, when you do I the database portion I would suggest using mysqli or PDO (Most People recommend PDO).
Code: Select all
<?php
if (isset($_POST['action']))
{
if ($_POST['action'] == 'login')
{
echo $username = $_POST['username'] . "<br />"; // I just added the . "<br />" for better clarity.
}
}
?>
<form class="login-form" action="" method="post">
<input type="hidden" name="action" value="login" >
<label class="input-style" for="username">User Name</label>
<input type="text" onfocus="if (this.value == 'User Name') this.value = '';" value="User Name" name="username" id="username" >
<br>
<label class="input-style" for="password">Password</label>
<input type="password" name="password" id="password" value="" >
<br>
<input type="submit" id="login" value="Login" >
<a class="link-style" href="captcha.php" target="_self">Register?</a>
</form>
Thnk your for your help
actually my problem now is with this line of code :
$query= "SELECT 'Name' FROM 'customer' WHERE 'Name'='$name'";
$query_run = mysql_query($query);
if (mysql_num_rows($query_run)==1){
echo $name.'already exists.';
}
thanks:)
actually my problem now is with this line of code :
$query= "SELECT 'Name' FROM 'customer' WHERE 'Name'='$name'";
$query_run = mysql_query($query);
if (mysql_num_rows($query_run)==1){
echo $name.'already exists.';
}
thanks:)
-
- php-forum Fan User
- Posts: 973
- Joined: Mon Oct 01, 2012 12:32 pm
1) The column name should not be quoted. Single quotes in sql indicate a literal string, column names are basically constants, and as such do not require quotes.
2) Variable names within single quotes are not substituted with their value, they're left as they appear, so in this case you're literally looking for someone named '$name' which is not super likely to hit a match. the line should read:
3) mysql_ functions are deprecated and will probably not be around much longer. please look into PDO, or at the very least mysqli. both are faster and more secure, but PDO is the way to go for your database interactions.
http://jream.com/learning/videos/php-oo ... o-examples there's a 12 minute crash course in PDO that will get you up and running.
4) ESCAPE YOUR STRINGS if you use mysql_ or mysqli_ functions, you should be using _real_escape_string() for your string values, or with pdo you can do PDO->quote() to protect yourself from sql injection.
2) Variable names within single quotes are not substituted with their value, they're left as they appear, so in this case you're literally looking for someone named '$name' which is not super likely to hit a match. the line should read:
Code: Select all
$query="SELECT Name FROM customer WHERE Name='" . $name . "'";
http://jream.com/learning/videos/php-oo ... o-examples there's a 12 minute crash course in PDO that will get you up and running.
4) ESCAPE YOUR STRINGS if you use mysql_ or mysqli_ functions, you should be using _real_escape_string() for your string values, or with pdo you can do PDO->quote() to protect yourself from sql injection.