Improvements To Member Registration Site Reg.php

Only a single var_dump(…) is required to confirm the value is of the correct type and is valid.

Please also check the online manual to find out how to use var_dump(…) because your usage is incorrect.

1 Like

I added the var_dump() on every one of my $vars so that after updating the code if I encounter a new problem with another variable then I don’t have to add the var_dump on that one too. Thought best to add the var_dump() at the beginning on all $vars. You never know which var’s var_dump() I will need checking and when.
Anyway, I reckon the errors are false positives. Unless, someone can prove otherwise. This is now a big mystery.

The script is using var_dump(…) incorrectly.

Please consult the manual as mentioned in my previous post.

1 Like

The first value which produces an error is the one to check, preferably followed by die();

Because php is interpreted meaning once an error is encountered most likely only garbage will follow.

Lookup GIGO :slight_smile:

Edit:
Because of your reluctance to follow advice on searching for recommended links, I took the trouble…

2 Likes

Guys,

Looking at #post 239, don’t you guys agree the errors are false positives ?
I wonder what are the opinions of SpaceShipTrooper, droopsnoot, SamA74, Mittineague and Gandalf. Interested to see how many opinions differ.
Oops! Nearly forgot TechnoBear!

1 Like

No they are not false positives.

As mentioned in umpteen previous posts your var_dump(…) usage is incorrect and will not change regardless of how many times it is used incorrectly.

2 Likes

Ok. Checking the var_dump() on manual now.
Was busy checking my email and reading the support’s reply (PacktPub) and downloading their ebook that TechnoBear recommended. :slight_smile:
As for GIGO, I did not know it was a terminology. I thought you were being sarcastic and calling my work garbage. :wink:

What are you hinting at ? When I placed the var_dump() after the concerned variables you said to place them before them. The manual shows samples where the var_dump() has been placed after the variables.
Do you want me to place them after the 3 concerned variables now or before them ?
And, I believe you want me to place the 3 variables like this:

var_dump($email, $account_activation_code, $stmt_one)

Correct ?
You know what, I’m placing it just after the opening bracket of the “Else” like so:

<?php

include 'config.php';

if (!isset($_GET["email"], $_GET["account_activation_code"]) === true){
    $_SESSION['error'] = "Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account if you do not already have one! <a href=\"register.php\">Register here!</a>";
    exit();
} 
else 
{
	var_dump($email, $account_activation_code, $stmt_one, $userActivationState, $stmt_two);
	$email = htmlspecialchars($_GET['email']);	
	
	
	$account_activation_code = htmlspecialchars($_GET['account_activation_code']);
	
	
	$stmt_one = mysqli_prepare($conn, "SELECT usernames, accounts_activations FROM users WHERE emails = ? AND accounts_activations_codes = ?");
	
	
	mysqli_stmt_bind_param($stmt_one, 'si', $email,  $account_activation_code);
	
	
	mysqli_stmt_bind_result($stmt_one, $username, $userActivationState);
	
	if (mysqli_stmt_execute($stmt_one) && mysqli_stmt_fetch($stmt_one))
	{
		
		if ($userActivationState != 0)
		{			
			echo "Since your account is already activated, why are you trying to activate it again ? Do not do that again and just login from <a href=\"login.php\">this webpage</a> next time! Make a note of that webpage, ok ?";
			exit;
		}

		
		$userActivationState = 1;		
		
		
		$stmt_two = mysqli_prepare($conn, "UPDATE users SET accounts_activations = ? WHERE usernames = ?");
		mysqli_stmt_bind_param($stmt_two, 'is', $userActivationState, $username);	
		
		if (mysqli_stmt_execute($stmt_two))
		{
			echo "<h3 style='text-align:center'>Thank you for your confirming your email and activating your account.<br /> Redirecting you to the login page ...</h3>";
			$_SESSION["user"] = $username;
			header("location:home.php");
			exit;
		}
	} 
	else 
	{
		echo "FAILURE to UPDATE db";
		exit;
	}
}

EDIT

Hell! I now get these errors with the above-mentioned code:

Notice: Undefined variable: email in /home/user/public_html/e-id/activate_account.php on line 11

Notice: Undefined variable: account_activation_code in /home/user/public_html/e-id/activate_account.php on line 11

Notice: Undefined variable: stmt_one in /home/user/public_html/e-id/activate_account.php on line 11

Notice: Undefined variable: userActivationState in /home/user/public_html/e-id/activate_account.php on line 11

Notice: Undefined variable: stmt_two in /home/user/public_html/e-id/activate_account.php on line 11
**NULL NULL NULL NULL NULL **
Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given in /home/user/public_html/e-id/activate_account.php on line 40

Warning: mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt, boolean given in /home/user/public_html/e-id/activate_account.php on line 42

EDIT
Goodnight John! I’ll work on this after I wakeup and wide awake. No good dragging nodding off. Thanks for trying to help through your cell fone, though! I really find it difficult to communicate online via the fone and you’re voluntarily providing support through it!!!

1 Like

SamA74, since you’re online right now. What do you think about my code in post #250 ? Do you reckon I got the var_dump() in the correct place ? I believe I got the var_dump() done all wrong on #post 239. Right ?

1 Like

Do you not see why?

// In the line below, you try to access these variables
var_dump($email, $account_activation_code, $stmt_one, $userActivationState, $stmt_two);
// And here, you actually create them.
$email = htmlspecialchars($_GET['email']);	
$account_activation_code = htmlspecialchars($_GET['account_activation_code']);
$stmt_one = mysqli_prepare($conn, "SELECT usernames, accounts_activations FROM users WHERE emails = ? AND accounts_activations_codes = ?");

How are you not surprised that if you try to access them (using var_dump) before you have created them, you get an error telling you that they are not defined? Obviously you have to var_dump the variables after you create them, not before.

This has been explained many, many times, but here goes one more time. If you call mysqli_prepare() and something goes wrong, it returns false rather than a valid object. You must check to see whether it worked before you try to execute the query.

And, what’s on line 40? Your last code doesn’t have anything db-related on line 40, presuming that the var_dump is line 11.

I’m surprised this doesn’t give you an error, too.

	mysqli_stmt_bind_result($stmt_one, $username, $userActivationState);
	if (mysqli_stmt_execute($stmt_one) && mysqli_stmt_fetch($stmt_one))

http://php.net/manual/en/mysqli-stmt.bind-result.php

4 Likes

Oops! I now see why I started getting the undefined variable errors as soon as I added the var_dump() before defining the variables. Thanks for being clear!
Yeah. You are right. I could not see it because I was working late (like I’m doing now) and I was 75% nodding off by sleep. But don’t worry, I won’t make that an excuse anymore. But saying all this, it’s way past my bedtime now and I’m 50% nodding off. But even so your hints cut through my confusions like an ice cold knife. :slight_smile:

One other question though. The other day, on some function tutorial (php manual or somewhere), I saw the variables getting called before they were defined. I remember thinking how come that is not going to spit errors ? Maybe on php 7, if it doesn’t find the variable defined before it is being called then it moves down the script flow until it finds it and then grabs the definition from there ? That was what I was pondering.
Anyway. Someone told me to put the var_dump() before the concerned variables for some reason. And so, I started placing the var_dump() before the concerned variables, even though I can see clearly from the php manual that this should not be the case.

Q1a. I have a question here. How can I check whether it worked before trying to execute it ? I thought, if after executing it there are errors then you know the prep stmt did not work.
Do you mind showing a link with a simple code example on how to do this checking before the execution ? :slight_smile:

Q1b. Or, you want the var_dump() to take action before the execution ? Is that how I do the checking (with var_dump) whether the execution would work or fail ?

That is line 17 and used to show error. But, for some reason now it is not.

Anyway, these last few days (about a wk), I could not figure-out where on earth these 2 lines contained any boolean that the error keeps stating.

$stmt_one = mysqli_prepare($conn, "SELECT usernames, accounts_activations FROM users WHERE emails = ? AND accounts_activations_codes = ?");	
		$stmt_two = mysqli_prepare($conn, "UPDATE users SET accounts_activations = ? WHERE usernames = ?");

Q2. So, if the prep stmt does not get carried-out for any reason then it’s result gets counted as false boolean ?
Mmm. I will have to remember this so we don’t go in circles.

My update looks like this:

<?php

include 'config.php';

if (!isset($_GET["email"], $_GET["account_activation_code"]) === true){
    $_SESSION['error'] = "Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account if you do not already have one! <a href=\"register.php\">Register here!</a>";
    exit();
} 
else 
{	
	$email = htmlspecialchars($_GET['email']);	
	$account_activation_code = htmlspecialchars($_GET['account_activation_code']);	
	$stmt_one = mysqli_prepare($conn, "SELECT usernames, accounts_activations FROM users WHERE emails = ? AND accounts_activations_codes = ?");	
	mysqli_stmt_bind_param($stmt_one, 'si', $email,  $account_activation_code);	
	mysqli_stmt_bind_result($stmt_one, $username, $userActivationState);	
	var_dump($email, $account_activation_code, $stmt_one, $userActivationState);	
	if (mysqli_stmt_execute($stmt_one) && mysqli_stmt_fetch($stmt_one))
	{		
		if ($userActivationState != 0)
		{			
			echo "Since your account is already activated, why are you trying to activate it again ? Do not do that again and just login from <a href=\"login.php\">this webpage</a> next time! Make a note of that webpage, ok ?";
			exit;
		}
		
		$userActivationState = 1;		
		$stmt_two = mysqli_prepare($conn, "UPDATE users SET accounts_activations = ? WHERE usernames = ?");
		mysqli_stmt_bind_param($stmt_two, 'is', $userActivationState, $username);		
		var_dump($stmt_two, $userActivationState, $username);		
		if (mysqli_stmt_execute($stmt_two))
		{
			echo "<h3 style='text-align:center'>Thank you for your confirming your email and activating your account.<br /> Redirecting you to the login page ...</h3>";
			$_SESSION["user"] = $username;
			header("location:home.php");
			exit;
		}
	} 
	else 
	{
		echo "FAILURE to UPDATE db";
		exit;
	}
}

And this time round, I am shown this:

string(23) “EDITED@EDITED.com” string(40) “472b07b9fcf2c2451e8781e944bf5f77cd8457c8” object(mysqli_stmt)#2 (10) { [“affected_rows”]=> int(0) [“insert_id”]=> int(0) [“num_rows”]=> int(0) [“param_count”]=> int(2) [“field_count”]=> int(2) [“errno”]=> int(0) [“error”]=> string(0) “” [“error_list”]=> array(0) { } [“sqlstate”]=> string(5) “00000” [“id”]=> int(1) } NULL
Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given in /home/EDITED (User)/public_html/e-id/activate_account.php on line 27
bool(false) int(1) string(8) “EDITED (User)”
Warning: mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt, boolean given in /home/EDITED (User)/public_html/e-id/activate_account.php on line 29

Note the bool(false) in the first warning. Regarding line 27.
Line 27:


mysqli_stmt_bind_param($stmt_two, 'is', $userActivationState, $username);

$stmt_two (line 26) looks like this:


$stmt_two = mysqli_prepare($conn, "UPDATE users SET accounts_activations = ? WHERE usernames = ?");

Q3. Am I right that this line ($stmt_two) is getting found as FALSE ?
If so, then I don’t understand why. Don’t understand what is wrong with that line:


$stmt_two = mysqli_prepare($conn, "UPDATE users SET accounts_activations = ? WHERE usernames = ?");

There does exist a “users” tbl with columns “accounts_activations” and “usernames”. And so, I don’t understand why $stmt_two is coming out as FALSE boolean. I have not got the sql query syntax wrong in any way. Right ?

Q4. One other question. Is the following part of the code is correct or not:


if (!isset($_GET["email"], $_GET["account_activation_code"]) **=== true**)

That part was added by another programmer in another forum. He’s not available in the forum anymore. And so, can’t ask him to explain it.

Can it be changed to any of these:


if (!isset($_GET["email"], $_GET["account_activation_code"]))

if (isset($_GET["email"], $_GET["account_activation_code"]) **=== false**)
1 Like

If you are referring to the following:

// In the line below, you try to access these variables
var_dump($email, $account_activation_code, $stmt_one, $userActivationState, $stmt_two);
// And here, you actually create them.
$email = htmlspecialchars($_GET[‘email’]);

var_dump(…) should be called on the parameter to htmlspecialchars(…) to determine the type and data is valid not on the $email function result.

The function fails because the parameter is incorrect.

Fix that error before proceeding to prevent GIGO.

1 Like

Check to see whether the return from mysqli_prepare() is false - if it is, don’t try to execute() because you’ll get that message. Obvious error-checking, potentially incurring the wrath of some:

if ($stmt_one = mysqli_prepare($conn, "SELECT usernames, accounts_activations FROM users WHERE emails = ? AND accounts_activations_codes = ?")) { 
  // all went well because $stmt_one is not FALSE
 // so do the execute and everything else here
  }
else {
  // something went wrong
  }

By the time your code gets to production, you shouldn’t be getting failures in the prepare(), but for now you are, so you should trap them so you can debug.

Many functions return false instead of an object if they fail to execute. Documentation covers these.

Immediately after this line:

$userActivationState = 1;

please add

var_dump($stmt_one);

and post the results.

1 Like

Thanks guys for your replies. I will do as you suggested another night and send you the results as I am not working tonight. Been working 7 nights per wk for 1.5 yrs now by only taking breaks once every 3mnths or when I’m ill. Health breaking. Just replying this so you don’t waste your time waiting for the results tonight. Just logged onto check my emails. So, don’t mind. Take care!
Over and out.

1 Like

I get error 500 after doing as you suggested.
Anyway, before that experiment (as you suggested), I did as another experiment as suggested elsewhere. He suggested I add this after the mysqli prepare line:
echo mysqli_error($conn);

And so, I added that in 2 places.
This was the update …

I get this shown:

string(23) “EDITED@EDITED.com” string(40) “c1dfd96eea8cc2b62785275bca38ac261256e278” object(mysqli_stmt)#2 (10) { [“affected_rows”]=> int(0) [“insert_id”]=> int(0) [“num_rows”]=> int(0) [“param_count”]=> int(2) [“field_count”]=> int(2) [“errno”]=> int(0) [“error”]=> string(0) “” [“error_list”]=> array(0) { } [“sqlstate”]=> string(5) “00000” [“id”]=> int(1) } NULL FAILURE to UPDATE db

Here’s the script:

activate_account.php

<?php

include 'config.php';

if (!isset($_GET["email"], $_GET["account_activation_code"]) === true){
    $_SESSION['error'] = "Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account if you do not already have one! <a href=\"register.php\">Register here!</a>";
    exit();
} 
else 
{	
	$email = htmlspecialchars($_GET['email']);	
	$account_activation_code = htmlspecialchars($_GET['account_activation_code']);	
	$stmt_one = mysqli_prepare($conn, "SELECT usernames, accounts_activations FROM users WHERE emails = ? AND accounts_activations_codes = ?");	
	echo mysqli_error($conn);
	mysqli_stmt_bind_param($stmt_one, 'si', $email,  $account_activation_code);	
	mysqli_stmt_bind_result($stmt_one, $username, $userActivationState);	
	var_dump($email, $account_activation_code, $stmt_one, $userActivationState);	
	if (mysqli_stmt_execute($stmt_one) && mysqli_stmt_fetch($stmt_one))
	{		
		if ($userActivationState != 0)
		{			
			echo "Since your account is already activated, why are you trying to activate it again ? Do not do that again and just login from <a href=\"login.php\">this webpage</a> next time! Make a note of that webpage, ok ?";
			exit;
		}
		
		$userActivationState = 1;		
		$stmt_two = mysqli_prepare($conn, "UPDATE users SET accounts_activations = ? WHERE usernames = ?");
		echo mysqli_error($conn);
		mysqli_stmt_bind_param($stmt_two, 'is', $userActivationState, $username);		
		var_dump($stmt_two, $userActivationState, $username);		
		if (mysqli_stmt_execute($stmt_two))
		{
			echo "<h3 style='text-align:center'>Thank you for your confirming your email and activating your account.<br /> Redirecting you to the login page ...</h3>";
			$_SESSION["user"] = $username;
			header("location:home.php");
			exit;
		}
	} 
	else 
	{
		echo "FAILURE to UPDATE db";
		exit;
	}
}

config.php

<?php

/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

// session start
if(!session_start()) {
	session_start();
}

// include files
include 'conn.php';
include 'site_details.php';

// include functions
include 'functions.php';

?>

conn.php

<?php

$conn = mysqli_connect("localhost", "EDITED", "EDITED", "EDITED");

if (!$conn) {
	// message to use in development to see errors
	die("Database error : " . mysqli_error($conn));

	// user friendly message
	// die("Database error.");
	exit();
}

?>

Remember, droopsnoot that, I did as you suggested and I got error 500.
Therefore, sending you the result of a different test, incase that helps in anyway atall.

1 Like

droopsnoot,

Here’s another test I did suggested by 2 more persons on 2 other new forums. They suggesed I separate the mysqli stmt & fetch. And so I did that. But yet again, I get http error 500.
Now, altogether 3 forums are involved. And everyone states there is trouble with my mysqli prepare. But my problems are not going away no matter what suggestion i try of everybod’s.
Just one more suggestion to try. And that is John_Betong’s that he suggested on his latest post.
I was asked if mysqli extension is installed or not. And which php version I use. My answer is, I use php 7. And, all this time mysqli worked with my webhost.

activate_account.php

<?php

include 'config.php';

if (!isset($_GET["email"], $_GET["account_activation_code"]) === true){
    $_SESSION['error'] = "Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account if you do not already have one! <a href=\"register.php\">Register here!</a>";
    exit();
} 
else 
{	
	$email = htmlspecialchars($_GET['email']);	
	$account_activation_code = htmlspecialchars($_GET['account_activation_code']);	
	if ($stmt_one = mysqli_prepare($conn, "SELECT usernames, accounts_activations FROM users WHERE emails = ? AND accounts_activations_codes = ?");	
		echo mysqli_error($conn);
		mysqli_stmt_bind_param($stmt_one, 'si', $email,  $account_activation_code);	
		mysqli_stmt_bind_result($stmt_one, $username, $userActivationState);	
		var_dump($email, $account_activation_code, $stmt_one, $userActivationState);
	}
	else
	{
		echo "Mysqli prepare Failed!";
		exit;
	}
	if (mysqli_stmt_execute($stmt_one)) 
	{
		echo success: mysqli_stmt_execute($stmt_one);
	}
	else
	{
		echo failure: mysqli_stmt_execute($stmt_one);
	}
    
    if( mysqli_stmt_fetch($stmt_one)) 
	{
		echo success: mysqli_stmt_fetch($stmt_one);
	}
	else
	{
		echo failure: mysqli_stmt_fetch($stmt_one);	
	}
		if ($userActivationState != 0)
		{	
			echo "Since your account is already activated, why are you trying to activate it again ? Do not do that again and just login from <a href=\"login.php\">this webpage</a> next time! Make a note of that webpage, ok ?";
			exit;
		}
		
		$userActivationState = 1;
		
		$stmt_two = mysqli_prepare($conn, "UPDATE users SET accounts_activations = ? WHERE usernames = ?");
		echo mysqli_error($conn);
		mysqli_stmt_bind_param($stmt_two, 'is', $userActivationState, $username);		
		var_dump($stmt_two, $userActivationState, $username);		
		if (mysqli_stmt_execute($stmt_two))
		{
			echo "<h3 style='text-align:center'>Thank you for your confirming your email and activating your account.<br /> Redirecting you to the login page ...</h3>";
			$_SESSION["user"] = $username;
			header("location:home.php");
			exit;
		}
	} 
	else 
	{
		echo "FAILURE to UPDATE db";
		exit;
	}
}

This is really really puzzling and tiresome.

Anyway, thanks droopsnoot for trying.
I will try John’s suggestion next time. Let’s see if any result come out of it or not.
Going to sleep now very puzzled. No good trying John’s suggestion now with a sleepy head. I hope he doesn’t mind leaving his suggestion for the next night.
Next time, I will see if I can come-up with an idea myself on how to crack this mess if John’s suggestion fails too.

@anybody - Anymore suggestions anybody ?

Cheers!

1 Like

https://stackoverflow.com/questions/2687730/how-can-i-make-php-display-the-error-instead-of-giving-me-500-internal-server-er

1 Like

@droopsnoot
Please do not suggest anything of that kind.
The OP [allegedly] set the proper error reporting mode for mysqli, and therefore prepare will report any error automatically.
Whereas all these manual verifications will bloat the code and confuse the poor OP even more.

@uniqueideaman FOR THE LAST BITS OF SANITY LEFT IN THIS TOPIC SAKE, quit all these muddled verifications.
The more lines you write, the more errors you introduce. Write your mysqli interactions straight, without any single if or pointless echo. JUST MYSQLI FUNCTIONS AND NOTHING ELSE. prepare, bind param, execute, bind result, fetch - each on its own line.

To overcome the 500 error caused by the syntax error you will need to change either php.ini or .htaccess, but I believe it’s mission impossible, given your ability to introduce an error out of the blue sky, so you will likely ruin your PHP environment completely, which will result in a bunch of people wasting even more of their precious lives.

1 Like

Do you not think that a large part of your problem stems from having too many people offering advice, without knowing what has been said elsewhere (and often without knowing that you have asked the question elsewhere), and then you trying to take all of it at once, without understanding how the various pieces of code work with, or conflict with, others?

As I’ve suggested before, you would do much better to ask each question in just one forum, and only ask in a second forum if the first is unable to help. Not only would you be less confused, but it is a more courteous approach with regard to those who are replying. Members on forums are giving up their own time to offer help, free of charge; nobody wants to spend that time answering a question which has already been answered elsewhere, when they could be helping somebody who really needs it.

1 Like

Yes, I figured you’d say that. I really wanted to try to show where the Boolean was coming from, as it didn’t seem clear to the OP.

To clarify why I asked for the var_dump: I asked what seems like weeks ago whether there was a possibility that the first query might return more than one row. I never got an answer to that, and I was hoping that the var_dump might show that information, as it does for the second query.

Perhaps someone who knows something about mysqli could answer - would that make a difference and cause an error? The way I read the mysqli documentation (which admittedly was quite briefly as I use PDO) suggested that before you can call execute, you must have fetched the results from the previous query.

What I can’t see is whether there is a requirement to fetch all the rows from the previous query, or whether fetching the first one will do. It also doesn’t say what happens if you don’t fetch the data, and it doesn’t mention the issue when calling prepare().

Of course, if the first query only returns a single row, then it’s irrelevant.

1 Like