Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    Registered User
    Join Date
    Feb 2010
    Posts
    11
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Check from mysql / then add?

    Hei, i have a problem. I have code like this(only the start, because im new on this and just learning).
    Code:
    <form action="" method="post">
     <tr><td align="left">Nickname: </td> <td><input size="40" style="width:124px" type="text" name="nickname"></td></tr>
    
    <tr><td align="left">Server:</td> <td>
    <select name='server_id'>
    <option value='16' name='16'>Server 1</option>
    
    	</select></td></tr>
     <tr><td align="left">Password:</td> <td><input size="40" style="width:124px" type="text" name="password"></td></tr>
    
     <tr><td align="left">Repeat password:</td> <td><input size="40" style="width:124px" type="text" name="pw_coniform"></td></tr>
    
     <tr><td align="left">SMS code:</td> <td><input size="40" style="width:124px" type="text" name="slr"></td></tr>
     <tr><td align="left"><input type="submit" name="submit" value="Save to database"></td></tr>
    </form>
    Problem is: I want to make this so, that it will check "SMS code" before adding this data to database. I thought that i should check first from database that is the "SMS code" exist what the user adds and then if it is then it will save data. If not - then promt/says ERROR: Wrong SMS CODE
    Last edited by Garrey; 02-18-2010 at 10:18 AM.

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    This type of thing falls under data validation which you always want to do on the server side of things. You don't say anything about your server environment so I can only generally tell you-- Yeah, sounds great-- you should always validate your data before you insert it into your database.

  • #3
    Registered User
    Join Date
    Feb 2010
    Posts
    11
    Thanks
    1
    Thanked 0 Times in 0 Posts
    My english is poor. But I will try.

    1. User send's SMS, he will get randomly generated password(what will inserted to database to table named "password".
    2. User will go to my website, there is this form what i copied(see my 1.st post) Nickname table is "username", Password table is "passwordnew", Server table is "server" and it's default is "1".
    3. User adds his nickname, new password and that code what he got from sms.
    4. php & mysql check somehow is this field "password" with this password what he inserted exist - if so, then it will add data - if there are'nt any password what he inserted, says error.

    Or smth..?

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,171
    Thanks
    75
    Thanked 4,338 Times in 4,304 Posts
    I don't understand the need for the table named "server".

    But, actually, I think you should do this all with *ONE* table.

    Code:
    Table Users:
       password varchar(50) primary key,
       whenadded datetime, 
       nickname varchar(50) null,
       server int, 
       other ...
       user ...
       information ...
    So when the user sends the SMS message to your site, you add a new record to the USERS table, putting in *ONLY* the password and the whenadded field.

    When the user fills in the form, you look in the database for that password.
    *IF* the whenadded field is not too old and *IF* the username field is NULL, *THEN* you accept his new username/nickname and any other fields in the form.

    Every few days, you run a query where you go remove all passwords where the whenadded field is too old and there is no username.

    Keep it simple, all in one table.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    Garrey (02-18-2010)

  • #5
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,171
    Thanks
    75
    Thanked 4,338 Times in 4,304 Posts
    One mistake there: You don't want the password, alone, to be the primary key.

    It should be the combination of password and username that is the primary key, perhaps.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #6
    Registered User
    Join Date
    Feb 2010
    Posts
    11
    Thanks
    1
    Thanked 0 Times in 0 Posts
    When the user fills in the form, you look in the database for that password.
    This is right, but how is possible to check that this password what user add to form - exist and is in database(how to check that?)? I'm stuck on this

  • #7
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    There are tons of online tutorials on this type of subject. Please feel free to use your Google! Or your Bing!

    http://www.bing.com/search?q=php+mys...=n&adlt=strict

  • #8
    Registered User
    Join Date
    Feb 2010
    Posts
    11
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fumigator View Post
    There are tons of online tutorials on this type of subject. Please feel free to use your Google! Or your Bing!

    http://www.bing.com/search?q=php+mys...=n&adlt=strict
    I thought that i could ask help from here. I'm so noob on this. But here's my code:
    Code:
    <?php
    // connection to MySQL server
    mysql_connect('localhost','username','password');
    mysql_select_db('database');
     
    // User input
    $username = mysql_real_escape_string($_POST['username']); // sanitised input
    $password = mysql_real_escape_string($_POST['password']);
    $email = mysql_real_escape_string($_POST['email']);
    $activation = mysql_real_escape_string($_POST['activation']);  
    
    if (isset ($_POST['submit'])) {
    $sql = 'SELECT amx_amxadmins WHERE activation="'.$activation.'" AND active=1';
    
    $sql="UPDATE amx_amxadmins WHERE activation="'.$activation.'" AND active=1 (username, password, email, active)
    VALUES('$_POST[username]','$_POST[password]','$_POST[email]',0)";
    
    }else {
    ?>
    <form action="" method="post">
    	<tr><td align="left">Nickname: </td> <td><input size="40" style="width:124px" type="text" name="username"></td></tr>
    	<tr><td align="left">Server:</td><td><select name='server_id'><option value='1' name='1'>Server 1</option></select></td></tr>
    	<tr><td align="left">Password:</td> <td><input size="40" style="width:124px" type="text" name="password"></td></tr>
    	<tr><td align="left">E-mail:</td> <td><input size="40" style="width:124px" type="text" name="email"></td></tr>
    	<tr><td align="left">SMS CODE:</td> <td><input size="40" style="width:124px" type="text" name="activation"></td></tr>
    	<tr><td align="left"><input type="submit" name="submit" value="Save to database"></td></tr>
    </form><?php
    }
    ?>
    </body></html>

  • #9
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Sure, you can ask, but why would you need someone to write out a tutorial for you here in a forum post when it's been done many times already? Now, if you've tried to make it work and you are stuck, then that's where we can help. You've finally given us some code to look at. That's a good start.

    You need to go back to the tutorials and follow one through and make sure you understand each and every step involved in executing a MySQL query in PHP.

  • #10
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,171
    Thanks
    75
    Thanked 4,338 Times in 4,304 Posts
    I would say, too, that you need to work a bit more on the SQL.

    For example, suppose somebody comes to the site and gives you a good password but that password is already in use by another person??

    So I think the first query has to be more like:
    Code:
    $sql = "SELECT * FROM amx_amxadmins "
         . " WHERE activation='$activation' "  
         . " AND `username` IS NULL " 
         . " AND `password` = '$password' "
         . " AND active=1";
    Though you haven't described what "activation" supposed to be/mean or what active=1 means. So that's just a guess.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #11
    Registered User
    Join Date
    Feb 2010
    Posts
    11
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Oh, thanks. Now it works - but how is possible to add them in single page? I tried if(!isset($_POST)) { or smth.. but it displayed me blank page. :S

    And how is possible to echo "Successfully added to database" and if error then "Check your sms code!"

    My code's:
    Code:
    <?php
    $db_host="localhost"; // Host name
    $db_username=""; // Mysql username
    $db_password=""; // Mysql password
    $db_name=""; // Database name
    
    $nickname = $_POST['nickname'];
    $activation = $_POST['activation'];
    $password = $_POST['password'];
    $msn = $_POST['msn'];
    
    // Connect to server and select database.
    mysql_connect("$db_host", "$db_username", "$db_password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");
    
    
    $query5 = mysql_query("SELECT * FROM TESTABLE WHERE username LIKE '%$nickname%'") or die(mysql_error());
    if(mysql_num_rows($query5)) {
       echo " ERROR! $nickname exist!";exit;
    }
    
    mysql_query("UPDATE `TESTABLE` SET `username` = '$nickname', `nickname` = '$nickname', `password` = '$password', `email` = '$msn', `active` = 1 WHERE activation='$activation' AND active=0")
    or die(mysql_error())
    // update data in mysql database
    ?>
    And form code
    Code:
    <table class="form" align="center" width="396">
     <form action="update_ac.php" method="post">
     <tr>
       <td align="left">Nimi: </td> <td><input size="40" style="width:124px" type="text" name="nickname"></td></tr>
     <tr>
       <td align="left">Parool:</td>
       <td><input size="40" style="width:124px" type="text" name="password" /></td>
     </tr>
     <tr>
       <td align="left">MSN:</td>
       <td><input size="40" style="width:124px" type="text" name="msn" /></td>
     </tr>
    
     <tr>
       <td align="left">SMS KOOD:</td> <td><input size="40" style="width:124px" type="text" name="activation"></td></tr>
     <tr><td align="left"><input type="submit" name="submit" value="Sisesta"></td></tr>
    </form>
    </table>

  • #12
    Registered User
    Join Date
    Feb 2010
    Posts
    11
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Please delete. Thanks

  • #13
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    I don't think you know how things work around here. We don't delete threads just because you say to. This forum is for EVERYONE not just you. Your problem and solution could help someone else therefore we leave the threads in hopes of someone else gaining something from them. Don't ask again please.
    ||||If you are getting paid to do a job, don't ask for help on it!||||


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •