...

View Full Version : Check from mysql / then add?



Garrey
02-17-2010, 06:59 PM
Hei, i have a problem. I have code like this(only the start, because im new on this and just learning).


<form action="" method="post">
<tr><td align="left">Nickname: </td> <td><input size="40" style="width:124px" type="text" name="nickname"></td></tr>

<tr><td align="left">Server:</td> <td>
<select name='server_id'>
<option value='16' name='16'>Server 1</option>

</select></td></tr>
<tr><td align="left">Password:</td> <td><input size="40" style="width:124px" type="text" name="password"></td></tr>

<tr><td align="left">Repeat password:</td> <td><input size="40" style="width:124px" type="text" name="pw_coniform"></td></tr>

<tr><td align="left">SMS code:</td> <td><input size="40" style="width:124px" type="text" name="slr"></td></tr>
<tr><td align="left"><input type="submit" name="submit" value="Save to database"></td></tr>
</form>


Problem is: I want to make this so, that it will check "SMS code" before adding this data to database. I thought that i should check first from database that is the "SMS code" exist what the user adds and then if it is then it will save data. If not - then promt/says ERROR: Wrong SMS CODE

Fumigator
02-17-2010, 07:34 PM
This type of thing falls under data validation which you always want to do on the server side of things. You don't say anything about your server environment so I can only generally tell you-- Yeah, sounds great-- you should always validate your data before you insert it into your database.

Garrey
02-17-2010, 07:55 PM
My english is poor. But I will try.

1. User send's SMS, he will get randomly generated password(what will inserted to database to table named "password".
2. User will go to my website, there is this form what i copied(see my 1.st post) Nickname table is "username", Password table is "passwordnew", Server table is "server" and it's default is "1".
3. User adds his nickname, new password and that code what he got from sms.
4. php & mysql check somehow is this field "password" with this password what he inserted exist - if so, then it will add data - if there are'nt any password what he inserted, says error.

Or smth..?
:(

Old Pedant
02-17-2010, 11:18 PM
I don't understand the need for the table named "server".

But, actually, I think you should do this all with *ONE* table.



Table Users:
password varchar(50) primary key,
whenadded datetime,
nickname varchar(50) null,
server int,
other ...
user ...
information ...

So when the user sends the SMS message to your site, you add a new record to the USERS table, putting in *ONLY* the password and the whenadded field.

When the user fills in the form, you look in the database for that password.
*IF* the whenadded field is not too old and *IF* the username field is NULL, *THEN* you accept his new username/nickname and any other fields in the form.

Every few days, you run a query where you go remove all passwords where the whenadded field is too old and there is no username.

Keep it simple, all in one table.

Old Pedant
02-17-2010, 11:32 PM
One mistake there: You don't want the password, alone, to be the primary key.

It should be the combination of password and username that is the primary key, perhaps.

Garrey
02-18-2010, 10:16 AM
When the user fills in the form, you look in the database for that password.
This is right, but how is possible to check that this password what user add to form - exist and is in database(how to check that?)? I'm stuck on this :(

Fumigator
02-18-2010, 03:33 PM
There are tons of online tutorials on this type of subject. Please feel free to use your Google! Or your Bing!

http://www.bing.com/search?q=php+mysql+password+validation+tutorial&go=&form=QBLH&qs=n&adlt=strict

Garrey
02-18-2010, 06:45 PM
There are tons of online tutorials on this type of subject. Please feel free to use your Google! Or your Bing!

http://www.bing.com/search?q=php+mysql+password+validation+tutorial&go=&form=QBLH&qs=n&adlt=strict

I thought that i could ask help from here. I'm so noob on this. But here's my code:

<?php
// connection to MySQL server
mysql_connect('localhost','username','password');
mysql_select_db('database');

// User input
$username = mysql_real_escape_string($_POST['username']); // sanitised input
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$activation = mysql_real_escape_string($_POST['activation']);

if (isset ($_POST['submit'])) {
$sql = 'SELECT amx_amxadmins WHERE activation="'.$activation.'" AND active=1';

$sql="UPDATE amx_amxadmins WHERE activation="'.$activation.'" AND active=1 (username, password, email, active)
VALUES('$_POST[username]','$_POST[password]','$_POST[email]',0)";

}else {
?>
<form action="" method="post">
<tr><td align="left">Nickname: </td> <td><input size="40" style="width:124px" type="text" name="username"></td></tr>
<tr><td align="left">Server:</td><td><select name='server_id'><option value='1' name='1'>Server 1</option></select></td></tr>
<tr><td align="left">Password:</td> <td><input size="40" style="width:124px" type="text" name="password"></td></tr>
<tr><td align="left">E-mail:</td> <td><input size="40" style="width:124px" type="text" name="email"></td></tr>
<tr><td align="left">SMS CODE:</td> <td><input size="40" style="width:124px" type="text" name="activation"></td></tr>
<tr><td align="left"><input type="submit" name="submit" value="Save to database"></td></tr>
</form><?php
}
?>
</body></html>

Fumigator
02-18-2010, 07:07 PM
Sure, you can ask, but why would you need someone to write out a tutorial for you here in a forum post when it's been done many times already? Now, if you've tried to make it work and you are stuck, then that's where we can help. You've finally given us some code to look at. That's a good start.

You need to go back to the tutorials and follow one through and make sure you understand each and every step involved in executing a MySQL query in PHP.

Old Pedant
02-18-2010, 07:42 PM
I would say, too, that you need to work a bit more on the SQL.

For example, suppose somebody comes to the site and gives you a good password but that password is already in use by another person??

So I think the first query has to be more like:


$sql = "SELECT * FROM amx_amxadmins "
. " WHERE activation='$activation' "
. " AND `username` IS NULL "
. " AND `password` = '$password' "
. " AND active=1";

Though you haven't described what "activation" supposed to be/mean or what active=1 means. So that's just a guess.

Garrey
02-23-2010, 11:43 AM
Oh, thanks. Now it works - but how is possible to add them in single page? I tried if(!isset($_POST)) { or smth.. but it displayed me blank page. :S

And how is possible to echo "Successfully added to database" and if error then "Check your sms code!"

My code's:


<?php
$db_host="localhost"; // Host name
$db_username=""; // Mysql username
$db_password=""; // Mysql password
$db_name=""; // Database name

$nickname = $_POST['nickname'];
$activation = $_POST['activation'];
$password = $_POST['password'];
$msn = $_POST['msn'];

// Connect to server and select database.
mysql_connect("$db_host", "$db_username", "$db_password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");


$query5 = mysql_query("SELECT * FROM TESTABLE WHERE username LIKE '%$nickname%'") or die(mysql_error());
if(mysql_num_rows($query5)) {
echo " ERROR! $nickname exist!";exit;
}

mysql_query("UPDATE `TESTABLE` SET `username` = '$nickname', `nickname` = '$nickname', `password` = '$password', `email` = '$msn', `active` = 1 WHERE activation='$activation' AND active=0")
or die(mysql_error())
// update data in mysql database
?>

And form code


<table class="form" align="center" width="396">
<form action="update_ac.php" method="post">
<tr>
<td align="left">Nimi: </td> <td><input size="40" style="width:124px" type="text" name="nickname"></td></tr>
<tr>
<td align="left">Parool:</td>
<td><input size="40" style="width:124px" type="text" name="password" /></td>
</tr>
<tr>
<td align="left">MSN:</td>
<td><input size="40" style="width:124px" type="text" name="msn" /></td>
</tr>

<tr>
<td align="left">SMS KOOD:</td> <td><input size="40" style="width:124px" type="text" name="activation"></td></tr>
<tr><td align="left"><input type="submit" name="submit" value="Sisesta"></td></tr>
</form>
</table>

Garrey
03-21-2010, 11:14 PM
Please delete. Thanks:)

_Aerospace_Eng_
03-21-2010, 11:49 PM
I don't think you know how things work around here. We don't delete threads just because you say to. This forum is for EVERYONE not just you. Your problem and solution could help someone else therefore we leave the threads in hopes of someone else gaining something from them. Don't ask again please.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum