Why I am not receivng the information that I filled in the form in my table

PHP
1

File name: join.php
Table name:
1.tree
2.user
This is my code:

<?php
include('php-includes/connect.php');
include('php-includes/check-login.php');
$userid = $_SESSION['userid'];
?>
<?php
//User cliced on join
if(isset($_GET['join_user'])){
	$side='';
	$pin = mysqli_real_escape_string($con,$_GET['pin']);
	$email = mysqli_real_escape_string($con,$_GET['email']);
	$mobile = mysqli_real_escape_string($con,$_GET['mobile']);
	$address = mysqli_real_escape_string($con,$_GET['address']);
	$account = mysqli_real_escape_string($con,$_GET['account']);
	$under_userid = mysqli_real_escape_string($con,$_GET['under_userid']);
	$side = mysqli_real_escape_string($con,$_GET['side']);
	$password = "123456";
	
	$flag = 0;
	
	if($pin!='' && $email!='' && $mobile!='' && $address!='' && $account!='' && $under_userid!='' && $side!=''){
		//User filled all the fields.
		if(pin_check($pin)){
			//Pin is ok
			if(email_check($email)){
				//Email is ok
				if(!email_check($under_userid)){
					//Under userid is ok
					if(side_check($under_userid,$side)){
						//Side check
						$flag=1;
					}
					else{
						echo '<script>alert("The side you selected is not availble.");</script>';

					}
				}
				else{
					//check under userid
					echo '<script>alert("Invalid Under userid.");</script>';

				}
			}
			else{
				//check email
				echo '<script>alert("This user id already availble.");</script>';
			}
		}
		else{
			//check pin
			echo '<script>alert("Invalid pin");</script>';
		}
	}
	else{
		//check all fields are fill
		echo '<script>alert("Please fill all the fields");</script>';
	}
	
	//Now we are heree
	//It means all the information is correct
	//Now we will save all the information
	if($flag==1){
		$query = mysqli_query($con,"insert into user('email','password','mobile','address','account') values('$email','$password','$mobile','$address','$account')");
		echo '<script>alert("Testing Success.");</script>';
	}
	
}
?><!--/join user-->
<?php
//functions
function pin_check($pin){
	global $con,$userid;
	
	$query =mysqli_query($con,"select * from pin_list where pin='$pin' and userid='$userid'");
	if(mysqli_num_rows($query)>0){
		return true;
	}
	else{
		return false;
	}
}
function email_check($email){
	global $con;
	
	$query =mysqli_query($con,"select * from user where email='$email'");
	if(mysqli_num_rows($query)>0){
		return false;
	}
	else{
		return true;
	}
}
function side_check($email,$side){
	global $con;
	
	$query =mysqli_query($con,"select * from tree where userid='$email'");
	$result = mysqli_fetch_array($query);
	$side_value = $result[$side];
	if($side_value==''){
		return true;
	}
	else{
		return false;
	}
}
?>
<!DOCTYPE html>
<html lang="en">

	<head>

		<meta charset="utf-8">
		<meta http-equiv="X-UA-Compatible" content="IE=edge">
		<meta name="viewport" content="width=device-width, initial-scale=1">
		<meta name="description" content="">
		<meta name="author" content="">

		<title>Mlml Website - Join</title>

		<!-- Bootstrap Core CSS -->
		<link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">

		<!-- MetisMenu CSS -->
		<link href="vendor/metisMenu/metisMenu.min.css" rel="stylesheet">

		<!-- Custom CSS -->
		<link href="dist/css/sb-admin-2.css" rel="stylesheet">

		<!-- Custom Fonts -->
		<link href="vendor/font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css">

		

	</head>

	<body>

		<div id="wrapper">

			<!-- Navigation -->
			<?php include('php-includes/menu.php'); ?>

			<!-- Page Content -->
			<div id="page-wrapper">
				<div class="container-fluid">
					<div class="row">
						<div class="col-lg-12">
							<h1 class="page-header">Join</h1>
						</div>
						<!-- /.col-lg-12 -->
					</div>
					<!-- /.row -->
					<div class="row">
						<div class="col-lg-4">
							<form method="get">
								<div class="form-group">
									<label>Pin</label>
									<input type="text" name="pin" class="form-control" required>
								</div>
								<div class="form-group">
									<label>Email</label>
									<input type="email" name="email" class="form-control" required>
								</div>
								<div class="form-group">
									<label>Mobile</label>
									<input type="text" name="mobile" class="form-control" required>
								</div>
								<div class="form-group">
									<label>Address</label>
									<input type="text" name="address" class="form-control" required>
								</div>
								<div class="form-group">
									<label>Account</label>
									<input type="text" name="account" class="form-control" required>
								</div>
								<div class="form-group">
									<label>Under Userid</label>
									<input type="text" name="under_userid" class="form-control" required>
								</div>
								<div class="form-group">
									<label>Side</label><br>
									<input type="radio" name="side" value="left"> Left
									<input type="radio" name="side" value="right"> Right
								</div>
								
								<div class="form-group">
								<input type="submit" name="join_user" class="btn btn-primary" value="Join">
						</div>
							</form>
						</div>
					</div><!--/.row-->
				</div>
				<!-- /.container-fluid -->
			</div>
			<!-- /#page-wrapper -->

		</div>
		<!-- /#wrapper -->

		<!-- jQuery -->
		<script src="vendor/jquery/jquery.min.js"></script>

		<!-- Bootstrap Core JavaScript -->
		<script src="vendor/bootstrap/js/bootstrap.min.js"></script>

		<!-- Metis Menu Plugin JavaScript -->
		<script src="vendor/metisMenu/metisMenu.min.js"></script>

		<!-- Custom Theme JavaScript -->
		<script src="dist/js/sb-admin-2.js"></script>

	</body>

</html>
2

you’re not checking if your query was successfull, use mysqli_error()

3

Yes, I think you’d see a syntax error. In my quick test just now in phpmyadmin, I got errors when surrounding the column names with single-quote characters in an insert query.

4

Unless the column names are “keywords” or “reserved words” you shouldn’t need to enclose them.

https://dev.mysql.com/doc/refman/5.7/en/keywords.html

5

I found plenty of notes saying that they didn’t need to be enclosed except in those conditions, but found it difficult to find anything that confirmed whether or not an error would occur if I chose to put ’ around them.

1 Like
6

If you need to enclose column names, you need to use backticks, not single quotes

1 Like
7

Table name: tree
File name: join.php
This is my code:

<?php
include('php-includes/connect.php');
include('php-includes/check-login.php');
$userid = $_SESSION['userid'];
?>
<?php
//User cliced on join
if(isset($_GET['join_user'])){
	$side='';
	$pin = mysqli_real_escape_string($con,$_GET['pin']);
	$email = mysqli_real_escape_string($con,$_GET['email']);
	$mobile = mysqli_real_escape_string($con,$_GET['mobile']);
	$address = mysqli_real_escape_string($con,$_GET['address']);
	$account = mysqli_real_escape_string($con,$_GET['account']);
	$under_userid = mysqli_real_escape_string($con,$_GET['under_userid']);
	$side = mysqli_real_escape_string($con,$_GET['side']);
	$password = "123456";
	
	$flag = 0;
	
	if($pin!='' && $email!='' && $mobile!='' && $address!='' && $account!='' && $under_userid!='' && $side!=''){
		//User filled all the fields.
		if(pin_check($pin)){
			//Pin is ok
			if(email_check($email)){
				//Email is ok
				if(!email_check($under_userid)){
					//Under userid is ok
					if(side_check($under_userid,$side)){
						//Side check
						$flag=1;
					}
					else{
						echo '<script>alert("The side you selected is not availble.");</script>';

					}
				}
				else{
					//check under userid
					echo '<script>alert("Invalid Under userid.");</script>';

				}
			}
			else{
				//check email
				echo '<script>alert("This user id already availble.");</script>';
			}
		}
		else{
			//check pin
			echo '<script>alert("Invalid pin");</script>';
		}
	}
	else{
		//check all fields are fill
		echo '<script>alert("Please fill all the fields");</script>';
	}
	
	//Now we are heree
	//It means all the information is correct
	//Now we will save all the information
	if($flag==1){
		
		//Insert into User profile
		$query = mysqli_query($con,"insert into user(`email`,`password`,`mobile`,`address`,`account`) values('$email','$password','$mobile','$address','$account')");
		
		//Insert into Tree
		//So that later on we can view tree.
		$query = mysqli_query($con,"insert into tree(`userid`) values('$email')");
		
		//Insert to side
		$query = mysqli_query($con,"update tree set `$side`='$email' where userid='$under_userid'");
		
		//Update pin status to close
		$query = mysqli_query($con,"update pin_list set status='close' where pin='$pin'");
		
		//Insert into Icome
		$query = mysqli_query($con,"insert into income (`userid`) values('$email')");
		
		//This is the main part to join a user\
		//If you will do any mistake here. Then the site will not work.
		
		//Update count and Income.
		
		echo mysqli_error($con);
		
		echo '<script>alert("Testing Success.");</script>';
	}
	
}
?><!--/join user-->
<?php
//functions
function pin_check($pin){
	global $con,$userid;
	
	$query =mysqli_query($con,"select * from pin_list where pin='$pin' and userid='$userid' and status='open'");
	if(mysqli_num_rows($query)>0){
		return true;
	}
	else{
		return false;
	}
}
function email_check($email){
	global $con;
	
	$query =mysqli_query($con,"select * from user where email='$email'");
	if(mysqli_num_rows($query)>0){
		return false;
	}
	else{
		return true;
	}
}
function side_check($email,$side){
	global $con;
	
	$query =mysqli_query($con,"select * from tree where userid='$email'");
	$result = mysqli_fetch_array($query);
	$side_value = $result[$side];
	if($side_value==''){
		return true;
	}
	else{
		return false;
	}
}
?>

Why it is not showing in the column as before(it is showing the email before but now it is not showing )
Please answer me. Please help me.

8

As per your video, you don’t have a user1@gmail.com as under_userid in the tree table. That’s the reason, no data is being inserted to the row.

9

Thanks it show me now.

11

You might be better off using POST instead of GET for sending the form data. You should have a read up about the use of prepared statements with mysqli as the use of prepared statements offers much better protection from SQL Injection attacks then what any “escape_string” function can.

You can probably add some validation before it gets as far as the database. The use of http://php.net/manual/en/function.filter-var.php can be used to validate some fields.

For all 3 of the SELECT queries, you’re grabbing all the fields of the table when you only need to return one field, for each query you should choose a suitable field and just return that

2 Likes
12

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.