Help with PHP , MySQL and WAMP

Lazarus1191 · September 27, 2016, 1:53pm

Ok , so i have this code . When i press submit , with , lets say , Bob , written in the Username box , it says "ErrorUnknown column ‘Bob’ in ‘field list’ " . I dont know what is wrong , and could use some help .Here is my PhPMyAdmin info :Apache/2.2.21 (Win64) PHP/5.3.8
MySQL client version: mysqlnd 5.0.8-dev - 20102224 - $Revision: 310735 $
PHP extension: mysqli
Server: localhost (localhost via TCP/IP)
Server version: 5.5.16-log
Protocol version: 10
User: root@localhost
MySQL charset: UTF-8 Unicode (utf8)
phpMyAdmin
Version information: 3.4.5
As you can see , i have a basic login page , and an mysql page , to introduce the data .
Yes , i am a noob … I dont really know what to do . Anyway , thank you for your time .

[code]

registrationt

Login

Username

Password

Submit <?php

if (isset($_GET['msg'])
{
   $message=$_GET['msg'] ;
   if ($message == "1")
    echo  Entry succesfully inserted! ;
}

 ?>
</td>
</tr>
</body>

<?php $con = mysqli_connect ("localhost", "root", "","users") or die("Failed to connect" .mysqli_connect_error()) ; $username = mysqli_real_escape_string($con, $_POST [ 'username' ]) ; $password = mysqli_real_escape_string($con, $_POST [ 'password' ]) ; $query = "INSERT INTO login (username, password) values ($username, $password) " ; if(!mysqli_query($con, $query)) { echo "Error" .mysqli_error($con) ; } else { header("Location: registration.html?msg=1") ; } ?>

[/code]

Lazarus1191 · September 27, 2016, 2:00pm

AND , if i dont write anything , it says “ErrorYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ’ )’ at line 1”

astonecipher · September 27, 2016, 6:48pm

Don’t use this
mysqli_real_escape_string

use real prepared statements.

I think that is the root of the issue.

If you hard code either values of empty strings “” does it still give the syntax error?

Lazarus1191 · September 28, 2016, 1:13pm

I hit a new error …
“Warning: mysqli_connect() [function.mysqli-connect]: (28000/1045): Access denied for user ‘root’@‘localhost’ (using password: YES) in C:\wamp\www\mysql_register.php on line 2”
Well , how do i give myself permissions ?

astonecipher · September 28, 2016, 1:59pm

It is telling you that your password is incorrect.

Root, by definition, has access to everything. Which is why that shouldn’t be the user used in an actual web application.

Lazarus1191 · September 28, 2016, 3:34pm

Ok , so i have this .
The error is “ErrorYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘as, )’ at line 1”
I am a dumb fuck , so unfortunately , i will need guidance .

[code]<?php
$con = mysqli_connect( ‘localhost’, ‘al’, ‘al1’,‘users’ ) or die(“Failed to connect” .mysqli_connect_error()) ;
$username = mysqli_real_escape_string($con, $_POST [ ‘username’ ]) ;
$password = mysqli_real_escape_string($con, $_POST [ ‘password’ ]) ;
$query = "INSERT INTO login (username, password) values ($username, $password) " ;
if(!mysqli_query($con, $query))
{
echo “Error” .mysqli_error($con) ;
} else {
header(“Location: registration.html?msg=1”) ;
}

registration

Login

Username

Password

Submit ?>[/code]

astonecipher · September 28, 2016, 3:45pm

refer to my first response. It is still valid.

Lazarus1191 · September 28, 2016, 6:11pm

What do you mean by use "real prepared statements. " ?

Lazarus1191 · September 28, 2016, 6:12pm

Could you give an example on how it should be done ?

benanamen · September 28, 2016, 6:33pm

https://phpdelusions.net/pdo

Cluster_One · October 1, 2016, 4:13pm

Instead of:
[php]$username = mysqli_real_escape_string($con, $_POST [ ‘username’ ]) ;
$password = mysqli_real_escape_string($con, $_POST [ ‘password’ ]) ;[/php]
have you tried (as suggested by astonicipher unless i misunderstood it ):
[php]
$username = $_POST [ ‘username’ ] ;
$password =$_POST [ ‘password’ ] ;
[/php]
(Since by using ,mysqli_real_escape_string, you adding an escape character to the string hence username & password can not be recognised. Explained here: http://stackoverflow.com/questions/6327679/what-does-mysql-real-escape-string-really-do)

before these values are used any further, it would be good idea to read this bit:
http://www.w3schools.com/php/php_form_validation.asp

Prepared statements - I personally have no idea, only read about that from Kevin’s link & come across on w3schools, my tutor wasn’t arsed to teach us that -hence why I want to study on this

benanamen · October 1, 2016, 5:39pm

have you tried (as suggested by astonicipher unless i misunderstood it ):

You mis-understood. Do not create variables for nothing.

astonecipher · October 1, 2016, 9:18pm

Yes, you misunderstood.

What I meant was:
[php]$conn = new mysqli(‘localhost’, ‘al’, ‘al1’,‘users’);

$query = "INSERT INTO login (username, password) values (?, ?) ";
$stmt = $conn->prepare($query);
$stmt->bind_param(“ss”, $_POST [ ‘username’ ], $_POST [‘password’]);[/php]

Cluster_One · October 2, 2016, 12:05am

:-X
If I just read that code properly before posting…
Not that i understand PDO one bit - I thought the user meant to log in into db upon clicking submit when in reality it meant to do something else…

Sorry about posting misleading stuff.