0

hello i am creating log in history. it can successfully log in but the problem is that i can't insert data into my "login history" table.. this is my code so far. it can successfully log in but it can't insert the username to my log in history table.

<?php
    //Start session
    session_start();

    //Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;

    //Connect to mysql server
    $link = mysql_connect('localhost','root',"");
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }

    //Select database
    $db = mysql_select_db(inventory, $link);
    if(!$db) {
        die("Unable to select database");
    }

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //Sanitize the POST values


    // Generate Guid 
    $login = clean($_POST['username']);
    $password = clean($_POST['password']);


    //Create query
    $qry="SELECT * FROM admins WHERE username='$login' AND password='$password'";
    $result=mysql_query($qry);

    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) > 0) {

        $sql="INSERT INTO log_history (emp_name)
        VALUES ('$login')";


            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_MEMBER_ID'] = $member['username'];
            session_write_close();

            header("location: auto.php?id=0");
            exit();
        }



        else {
    header("location: alert.php");


        }

    }



?>
user2656724
  • 79
  • 10

2 Answers2

0

You don't appear to actually insert the record you want into the historry table:

    $sql="INSERT INTO log_history (emp_name)
    VALUES ('$username')";

    // Should you run this insert query?
    mysql_query($sql);

        //Login Successful
        session_regenerate_id();
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_MEMBER_ID'] = $member['username'];
        session_write_close();

I think you are missing an execute statement somewhere in there.

Also, if you are just starting out, you really should consider starting using PDO and prepared statements. Although you are doing some basic cleaning, your code still isn't really bullet-proof. Take a read of this and please consider moving to PDO and prepared statements.

Community
  • 1
  • 1
Fluffeh
  • 33,228
  • 16
  • 67
  • 80
  • "This should be a comment", would other super SO users have told me ;) – djot Sep 23 '13 at 01:22
  • yeah that's my problem.im just new to php. is my code correct? – user2656724 Sep 23 '13 at 01:25
  • @djot How is that a comment? I showed the error (not executing his insert statement) and added the line that will do it, then also pointed out that he is using old functions that need updating and gave him a link to another answer that covers it off quite well - between mine and other answers. – Fluffeh Sep 23 '13 at 01:29
  • @user2656724 Your code isn't great, but it should work in a pretty rudimentary manner. If you are just learning though, please stop what you are doing and start learning using PDO. It is just as easy and so much safer and all round better :) – Fluffeh Sep 23 '13 at 01:30
  • It's because of those clever-dick SO nerds, not you. – djot Sep 23 '13 at 01:31
0

Where is the code to insert to the table log_history? I don't see it. Perhaps you need to call

$sql="INSERT INTO log_history (emp_name) VALUES ('$username')";
$result2=mysql_query($sql);
rcs
  • 6,713
  • 12
  • 53
  • 75