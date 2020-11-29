Uncaught mysqli_sql_exception

I am made a signup system, I have made a lot of changes for google signup and other stuff, and not it is not working (my error is: Uncaught mysqli_sql_exception: Column 'full' cannot be null in C:\xampp\htdocs\learn coding website\realsignup.php:51).

And here is signup.inc.php(in this example I am choosing the Basic Alien Coder so it dose not take me to the payment page):

<?php

    if (!isset($_POST['signup-submit'])) {

        if (isset($_POST['g-recaptcha-response'])) {

            $captcha = $_POST['g-recaptcha-response'];

        } else {

            $captcha = false;

        }

        

        if (!$captcha) {

            header('Location: signup?error=rec');

        } else {

            $secret = 'key';

            $response = file_get_contents(

                "https://www.google.com/recaptcha/api/siteverify?secret=" . $secret . "&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR']

            );

            $url = "https://www.google.com/recaptcha/api/siteverify?secret=" . $secret . "&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR'];

            // use json_decode to extract json response

            $response = json_decode($response);

        

            if ($response->success === false) {

                //header('Location: signup?error=rec');

                echo $response;

            }

        }

        

        //... The Captcha is valid you can continue with the rest of your code

        //... Add code to filter access using $response . score

        if ($response->success==true && $response->score <= 0.5) {

            header('Location: signup?error=hv');

        } elseif ($response->success==true && $response->score > 0.5) {

            session_start();

            

            include "db.php";

            $fulln = mysqli_escape_string($user_conn, $_POST['full']);

            $email = mysqli_escape_string($user_conn, $_POST['email']);

            $uid = mysqli_escape_string($user_conn, $_POST['uid']);

            $pwd = mysqli_escape_string($user_conn, $_POST['pwd']);

            $cpwd = mysqli_escape_string($user_conn, $_POST['cpwd']);

            $plan = mysqli_escape_string($user_conn, $_POST['plan']);

            $long = mysqli_escape_string($user_conn, $_POST['long']);

                

            $seeifalreg = "SELECT * FROM users_and_info WHERE email=? OR uid=? LIMIT 1";

            $stmt = $user_conn->prepare($seeifalreg);

            $stmt->bind_param('ss', $email, $uid);

            $stmt->execute();

            $result = $stmt->get_result();

            $userCount = $result->num_rows;

            if ($userCount > 0) {

                header('Location: signup.php?error=uidoremail-taken');

            } elseif ($pwd !== $cpwd) { 

                header('Location: signup.php?error=pwd-not-macth');

            } elseif (empty($fulln) || empty($email) || empty($uid) || empty($pwd) || empty($cpwd) || empty($plan)) {

                header('Location: signup.php?error=notallfilled');

            } else {

                $_SESSION['full'] = $fulln;

                $_SESSION['email'] = $email;

                $_SESSION['uid'] = $uid;

                $_SESSION['pwd'] = $pwd;

                $_SESSION['plan'] = $plan;

                $_SESSION['long'] = $long;

                $_SESSION['letin'] = true;

                if ($plan == "basic") {

                    $yeshashed = null;

                    setcookie("in", "yes", time() + (86400 * 30), "/");

                    header('Location: realsignup.php?in=yes');

                } else {

                    header("Location: checkout.php");

                }

            }

            mysqli_close($user_conn);

        } else {

            header('Location: index.php');

        }

    }

    /*elseif (!preg_match("/^[a-zA-Z0-9]*$/", $uid)) {

        header('Location: signup.php?error=uidchar');

    } elseif (!preg_match("/^[a-zA-Z]*$/", $fulln)) {

        header('Location: signup.php?error=nchar');

    }*/

And my realsignup.php:

<?php

    if (!isset($_POST['signup-submit'])) {

        if (isset($_POST['g-recaptcha-response'])) {

            $captcha = $_POST['g-recaptcha-response'];

        } else {

            $captcha = false;

        }

        

        if (!$captcha) {

            header('Location: signup?error=rec');

        } else {

            $secret = 'TH1$ISMY$ECR37C0DE';

            $response = file_get_contents(

                "https://www.google.com/recaptcha/api/siteverify?secret=" . $secret . "&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR']

            );

            $url = "https://www.google.com/recaptcha/api/siteverify?secret=" . $secret . "&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR'];

            // use json_decode to extract json response

            $response = json_decode($response);

        

            if ($response->success === false) {

                //header('Location: signup?error=rec');

                echo $response;

            }

        }

        

        //... The Captcha is valid you can continue with the rest of your code

        //... Add code to filter access using $response . score

        if ($response->success==true && $response->score <= 0.5) {

            header('Location: signup?error=hv');

        } elseif ($response->success==true && $response->score > 0.5) {

            session_start();

            

            include "db.php";

            $fulln = mysqli_escape_string($user_conn, $_POST['full']);

            $email = mysqli_escape_string($user_conn, $_POST['email']);

            $uid = mysqli_escape_string($user_conn, $_POST['uid']);

            $pwd = mysqli_escape_string($user_conn, $_POST['pwd']);

            $cpwd = mysqli_escape_string($user_conn, $_POST['cpwd']);

            $plan = mysqli_escape_string($user_conn, $_POST['plan']);

            $long = mysqli_escape_string($user_conn, $_POST['long']);

                

            $seeifalreg = "SELECT * FROM users_and_info WHERE email=? OR uid=? LIMIT 1";

            $stmt = $user_conn->prepare($seeifalreg);

            $stmt->bind_param('ss', $email, $uid);

            $stmt->execute();

            $result = $stmt->get_result();

            $userCount = $result->num_rows;

            if ($userCount > 0) {

                header('Location: signup.php?error=uidoremail-taken');

            } elseif ($pwd !== $cpwd) { 

                header('Location: signup.php?error=pwd-not-macth');

            } elseif (empty($fulln) || empty($email) || empty($uid) || empty($pwd) || empty($cpwd) || empty($plan)) {

                header('Location: signup.php?error=notallfilled');

            } else {

                $_SESSION['full'] = $fulln;

                $_SESSION['email'] = $email;

                $_SESSION['uid'] = $uid;

                $_SESSION['pwd'] = $pwd;

                $_SESSION['plan'] = $plan;

                $_SESSION['long'] = $long;

                $_SESSION['letin'] = true;

                if ($plan == "basic") {

                    $yeshashed = null;

                    setcookie("in", "yes", time() + (86400 * 30), "/");

                    header('Location: realsignup.php?in=yes');

                } else {

                    header("Location: checkout.php");

                }

            }

            mysqli_close($user_conn);

        } else {

            header('Location: index.php');

        }

    }

    /*elseif (!preg_match("/^[a-zA-Z0-9]*$/", $uid)) {

        header('Location: signup.php?error=uidchar');

    } elseif (!preg_match("/^[a-zA-Z]*$/", $fulln)) {

        header('Location: signup.php?error=nchar');

    }*/

What is the error with the SQL statement?

#2

For sake of my sanity in trying to read your entire website, which one is line 51 in your realsignup.php page? (PHP errors always point you to the specific file and line that generated the error…)

#3

The code you posted for realsignup.php is a repost of signup.inc.php, and it contains your recpatcha api key. Since this thread has 16 views at the time I am writing this, it’s too late to remove your key. It has been seen/indexed/scraped by people, search engines, and bot scripts. You will need to get a new key.

Since you didn’t post the realsingup.php code, no one can help you with the actual problem, but the error means what it says, you supplied a null value for the full column and probably other columns (the first fatal error stops execution of the query.) You need to validate all input data (right) before using it.

Based on the code you did post, there’s a bunch of ‘don’t do this’ and missed points in the code. Some of the issues -

  1. Don’t write out conditional logic for every possible value when all you are doing is matching an input value to an output value. Use a look-up array instead.
  2. Don’t use elseif tests for things that are independent/exclusive tests.
  3. Put the form and the form processing code on the same page so that you are not writing out extra logic on multiple pages and can then re-populate the form fields with submitted values so that the user doesn’t need to keep re-entering the same data over and over.
  4. The only header() redirect you should have in your post method form processing code is a redirect to the exact same url of the page upon successful completion of the form processing code. Any navigation to other pages should be via navigation links so that the user can choose where he wants to go to.
  5. Any redirect you do have needs an exit/die statement after it to stop program execution.
  6. Don’t copy variables to other variables without any reason. Just keep the submitted form data as an array and use the elements in the array throughout the rest of the code.
  7. One of the main points of using prepared queries is they separate the data values from the sql syntax. With a prepared query, you DON’T use any of the _escape_string() functions on the data.
  8. For a signup process, don’t try to SELECT data in order to determine if it already exists. Define the column(s) in your database table as a unique index, then just attempt to INSERT the data and test if the query produced a duplicate index error number.
  9. Don’t store all the submitted data in session variables and then redirect to yet another page to process the data again.
#4

Just a heads up, it looks like you leaked your google recaptcha secret.

#5

I am changing the keys now. I thought I removed the keys

#6

By the way, I just realised that i said the realsignup.php is the same as signup.inc.php, so here is the code for the realsignup.php:

<?PHP
               
     session_start();

      include "db.php";

      if (isset($_SESSION['frist'])) {

          $fulln = mysqli_escape_string($user_conn, $_SESSION['full']);

           $email = mysqli_escape_string($user_conn, $_SESSION['email']);

           $uid = mysqli_escape_string($user_conn, $_SESSION['uid']);

           $pwd = mysqli_escape_string($user_conn, $_SESSION['pwd']);

            $plan = mysqli_escape_string($user_conn, $_SESSION['plan']); 

            $day_of_m = date("d-m-Y");

            $hashedpwd = password_hash($pwd, PASSWORD_DEFAULT);

             if (isset($_SESSION['img'])) {

                 $img = $_SESSION['img'];

              } else {

                  $img = "";

              }

                    

             $sql = "INSERT INTO users_and_info (`full`, `email`, `uid`, `pwd`, `plan`, `day_of_m`, `admin`, `img`) 
VALUES (?, ?, ?, ?, ?, ?, ?, ?)";

             $stmt = $user_conn->prepare($sql);

             $admin = "no";

             $stmt>bind_param('ssssssss', $fulln, $email, $uid, $hashedpwd, $plan, $day_of_m, $admin, $img);

             if ($stmt->execute()) {
                        $sql = "SELECT * FROM users_and_info WHERE email='$email' LIMIT 1";

                        $result = mysqli_query($user_conn, $sql);

                        $id = "";

                        $rowf = "";

                        while ($row = mysqli_fetch_assoc($result)) {

                            $rowf .= "userid".$row['id'];

                            $id .= $row['id'];

                        }

                        $sql = "create table ".$rowf." (

                            cid int(255) not null,

                            com TEXT not null,

                            page int(255) not null,

                            title TEXT not null

                        );";

                        $result = mysqli_query($user_conn, $sql);

                        $_SESSION['userid'] = $id;

                        $_SESSION['letin'] = true;

                        unset($_SESSION['full']);

                        unset($_SESSION['email']);

                        unset($_SESSION['uid']);

                        unset($_SESSION['pwd']);

                        unset($_SESSION['plan']);

                        unset($_SESSION['long']);

                        header('Location: home.php');

                        exit();

                    } else {

                        echo $stmt->error;

                    }

                    

                    mysqli_close($user_conn);
