Help with PHP and SQL

Hello, I am wondering if you will be able to give me some help with some issues im currently experiencing.

I had a mock website where I need users to register for the information, an admin (hairdresser) then can make a booking for them and that information will then display on their own profile.

However, I’ve been reading over this code for about 3 days now hoping to see where to get each problem fixed however, the more i seem to change, the worse it gets.

Problem #1 : registration information is not going to the database.
Problem #2: when the admin inputs information, all users see the information, not just for that specific user.

The Login and register form

<div class="login2">
			<form action="LoginCustomers.php" method="POST">
			<h3>LOGIN</h3>
			Email:<br>
			<input type="text" placeholder="Login details" id="email" name="email"><br>
			Password:<br>
			<input type="password" placeholder="Your password" id="password" name="password"><br><br>
			<input type="submit" value="login">
			</form>
		</div>	
		<div class="createaccount">
			<form action="register.php" method="POST">
			<h3>SIGN UP</h3>
			Name:<br>
			<input type="text" placeholder="Your Name" id="name" name="name"><br>
			Email:<br>
			<input type="email" placeholder="Login details" id="email" name="email"><br>
			Password:<br>
			<input type="password" placeholder="Your password" id="password" name="password"><br>
			Confirm Password:<br>
			<input type="password" placeholder="Your password" id="password2" name="password2"><br><br>
			<input type="submit" value="login">
			</form>
		</div>	

The register page

<!doctype html>
<html xml:lang="en" lang="en"> 

<?php
//Starting session
	session_start();
	
	$hostname = "localhost";
	$username = "root";
	$password = "root";
	
	
//connecting to the database
	$conn = mysqli_connect($hostname, $username, $password);
	mysqli_select_db($conn, "sammsproject") or die (mysqli_error($conn));
	
	$name = $_POST["name"];
	$email = $_POST["email"];
	$password = $_POST["password"];
	$password2 = $_POST["password2"];
	
	
	$query ="SELECT * FROM customers WHERE email = '$email'";
	
	$results=mysqli_query($conn, $query) or die (mysqli_error($conn));
	
	$count = mysqli_num_rows($results);
	
	if ($name == "");
	echo "$name";
	{	
	
?>
	
<?php	
	die();}
	
	if ($email == "");
	{	
?>
	<script type="text/javascript"> 
		alert("Please enter your email!"); 
		 history.back(); 
	</script>
	
<?php
	die();}
	
	if ($password == "");
	{
?>
	<script type="text/javascript"> 
		alert("Password box was left empty!"); 
		 history.back(); 
	</script> 
	
<?php	
	die();}
	
	
	if($count > 0)
	{
		{	
?>
	<script type="text/javascript"> 
		alert("Username has already been taken!"); 
		 history.back(); 
	</script> 
<?php	
		die();
		}
	}
	
	if($password == $password2){
	}
	else	
	{
		echo "Passwords do not match!";
		exit;
	}
	
	
	$query ="INSERT INTO customers (name, email, Password) 
	VALUES (\"$name\",\"$email\",\"$password\")";
	$results = mysqli_query($conn, $query) or die(mysqli_error($conn));
	
?>
	<script type="text/javascript"> 
		alert("You left a field blank!"); 
		 history.back(); 
			
	</script>
	<?php header("Location: home.php");
?>

the customer login page

<?php

//starting the session
	session_start();
	
	$hostname = "localhost";
	$username = "root";
	$password = "root";
	// Check to see if we're logged in
	if (!isset($_SESSION['email']))
	{
		header("location: login.php");
	}
	
//connecting to the database	
	$conn = mysqli_connect($hostname, $username, $password);
	mysqli_select_db($conn, "sammsproject") or die (mysqli_error($conn));
	
	$email = $_POST['email'];
	$password = $_POST['password'];
	
//get the data from the database
	$sql = "SELECT * FROM customers WHERE email =\"$email\" and password=\"$password\"";
	
	$results=mysqli_query($conn, $sql) or die (mysqli_error($conn));
	
	
	$results = mysqli_fetch_array($results);
	


//if the results comes back higher than 0. It will only be 1 as each username is unique
	if($results > 0)
		{
			//if the username and password is correct, this will be shown.
			$_SESSION["loggedin"] = true;
			header( 'location:home.php') ;
		}
		else
		{
			//if the usernameand password is incorrect, this will be shown.
			echo "Wrong password";
		}
	if($results['usertype'] == 1)
		{
			//if the username and password is correct, this will be shown.
			$_POST["loggedin"] = true;
			$_SESSION['email'] = $email;
			header( 'location:adminpage.php') ;
		}
		else if ($results['usertype'] ==2)
			
			{
				$_SESSION["email"] = true;
			header( 'location:Customer.php') ;
			}
		else
		{
		
			//if the username and password is incorrect, this will be shown.
			echo "Wrong password";
		}
		

?>
	
	<!--This will display a pop up if the username or password was incorrect-->
	<script type="text/javascript"> 
		alert("Username or password are invalid!"); 
		 history.back(); 
			
	</script>

Lastly, the page where the admin can add their information.

<!doctype html>
<html xml:lang="en" lang="en"> 

<?php
//Starting session
	session_start();
	
	$hostname = "localhost";
	$username = "root";
	$password = "root";
	
	
//connecting to the database
	$conn = mysqli_connect($hostname, $username, $password);
	mysqli_select_db($conn, "sammsproject") or die (mysqli_error($conn));
	
	$name = $_POST["name"];
	$date = $_POST['date'];
	$number = $_POST["number"];
	$email = $_POST["email"];
	$cut = $_POST['cut'];
	$colour = $_POST["colour"];
	$cost = $_POST["cost"];
	
	
	$query ="SELECT * FROM customers WHERE email = '$email'";
	
	$results=mysqli_query($conn, $query) or die (mysqli_error($conn));
	
	$count = mysqli_num_rows($results);
	if ($name == "")
	{	
echo $name;
?>
	<script type="text/javascript"> 
		alert("Please enter the clients name!"); 
		 history.back();
	</script>
<?php
	die();
	}
	if ($number == "")
	{	
?>
	<script type="text/javascript"> 
		alert("Please enter the clients number!"); 
		 history.back(); 
	</script>
	
<?php	

	die();}
	if ($email == "")
	{	
?>
	<script type="text/javascript"> 
		alert("Please enter the clients email!"); 
		 history.back(); 
	</script>

<?php
	$_SESSION['cut'] = $cut;
	die();}
	if ($cost == "")
	{
?>

	<script type="text/javascript"> 
		alert("Please enter the cost of the treatment!"); 
		 history.back(); 
	</script> 
	}
<?php	

	die();}
	if ($date == "")
	{	
?>
	<script type="text/javascript"> 
		alert("Please enter a date"); 
		 history.back(); 
	</script>

<?php	
		die();}
	

	
	
	$query ="UPDATE customers SET email='$email' WHERE '$email'= (date, number, cut, colour, cost)";
	

	$results = mysqli_query($conn, $query) or die(mysqli_error($conn));
	
?>
	<script type="text/javascript"> 
		alert("Booking successful!"); 
		 history.back(); 
	</script>
	<?php header("Location: Addbooking.php");
?>

any help would be greatly appreciated, thanks.

Your insert query looks strange try this:

[php]
$query =“UPDATE customers SET date=’$date’, number=’$number’, cut=’$cut’, colour=’$colour’, cost=’$cost’ WHERE email = ‘$email’”;
[/php]

where is problem 2 happening?

This is an extremely poorly written “script” with numerous flaws and security issues. Lets just start with a couple things.

1. Do not ever put variables in a query. You need to use prepared statements. (I recommend you use PDO. (https://phpdelusions.net/pdo))

2. Do not create variables for nothing.

3. Do not escape out of Php only to go right back into it.

4. Do not select *. Specify the column names you want.

5. DO NOT output internal system errors to the user. That information is only good to hackers. Use proper error reporting and logging

6. Your if checks will fail if a user enters a space. Trim the incoming fields and then check for empty.

7. Your random, improperly used die’s will break the page validation at the least.

8. This “if($results > 0)” can simply be this “if ($results)”

9. DO NOT EVER store plain text passwords. You need to use password_hash and password_verify

10. Java script alerts went out in the 90’s and are useless if the user turns off javascript.

11. Your update query is all kinds of wrong.

There are more problems but this is a start.