0

I am trying to get the following page to work properly. I have gotten similar pages to work correctly in the past but they only contained one sql query. Please have a look at the following code and tell me what you think. I have tried to keep the code as simple as possible and am hoping this could just be a basic syntax error. Thank You 

<?php
session_start();

$servername = "localhost";
$username = "digita86_Hyperius";
$password = "5xtc55xtc!";
$dbname = "digita86_2_cent_rally_db";

$connection = new mysqli($servername, $username, $password, $dbname);

if ($connection->connect_error) {
    die("Connection failed: " . $connection->connect_error);
}

$passcodeInput = $_POST['passcode'];

$query = "SELECT * FROM 2_cent_rally_db_table WHERE email='$passcodeInput'";

$result = mysqli_query($connection, $query) or die(mysqli_error($connection));

$count = mysqli_num_rows($result);

if ($count == 1){

$_SESSION['passcode'] = $passcodeInput;

}else{

echo "I'm sorry but the credentials you have submitted do not match our records. Please try again.";
}
?>
<?
$servername = "localhost";
$username = "digita86_Hyperius";
$password = "5xtc55xtc!";
$dbname = "digita86_2_cent_rally_db";

$connectionA = new mysqli($servername, $username, $password, $dbname);

$queryA = "SELECT * FROM 2_cent_rally_db_table WHERE email='$passcodeInput'";

$resultA = mysqli_query($connectionA, $queryA);

$rowA = mysqli_fetch_array($resultA);

$rowA['balance'];

$dicecoinBalance = $rowA['balance'];

echo $dicecoinBalance;

$_SESSION['balance'] = $dicecoinBalance;

if ($connectionA->connect_error) {
    die("Connection failed: " . $connectionA->connect_error);
?>
<?
$servername = "localhost";
$username = "digita86_Hyperius";
$password = "5xtc55xtc!";
$dbname = "digita86_2_cent_rally_db";

$connectionB = new mysqli($servername, $username, $password, $dbname);

$queryB = "SELECT * FROM 2_cent_rally_db_table WHERE email='$passcodeInput'";

$resultB = mysqli_query($connectionB, $queryB);

$rowB = mysqli_fetch_array($resultB);

$rowB['stock_value'];

$stockValue = $rowB['stock_value'];

echo $stockValue

$_SESSION['stock_value'] = $stockValue;

if ($connectionB->connect_error) {
    die("Connection failed: " . $connectionB->connect_error);

header("Location: 2_cent_rally.php");


$connection->close();
?>
John Conde
  • 217,595
  • 99
  • 455
  • 496
Hyperius
  • 3
  • 2
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Oct 03 '17 at 01:42
  • *How* is this code not working? What error do you get? – John Conde Oct 03 '17 at 01:42
  • @John Conde: I get error 500 from the server: "Failed to load resource." – Hyperius Oct 03 '17 at 01:45
  • Yup. I can get to your database in about 5 minutes with this script. At the very least, use the function addslashes(). – Jed Lynch Oct 03 '17 at 01:46
  • @Jed Lynch: Thank you. I will try that. This is just a personal project at the moment and I just want to get it working first. Maybe people should just live in jail lol – Hyperius Oct 03 '17 at 01:48
  • @JedLynch No, advise the correct functionality. Parameterize. – chris85 Oct 03 '17 at 01:48
  • @Hyperius Check your servers error logs, that is where you will find an explanation for what is failing. A 500 is very broad and could mean a number of different things. – chris85 Oct 03 '17 at 01:49
  • @chris85: do you have a brief explanation of how to check server logs? Thanks, I'm still learning about all this stuff.. – Hyperius Oct 03 '17 at 01:59
  • It varies by server, see https://stackoverflow.com/questions/5127838/where-does-php-store-the-error-log-php5-apache-fastcgi-cpanel to identify your location. – chris85 Oct 03 '17 at 02:10

1 Answers1

0

You don't need to create a new mysqli connection every time you make a query, you can use $connection->query($query), this returns a map with your data.

Alvaro Jesús Estrada Jaime
  • 1
  • Would that fix my problem do you think, or just make it so the page will have less code? Thanks – Hyperius Oct 03 '17 at 01:54
  • It will help making the code shorter, but by looking at your other comments, I suggest that you check that the header you are calling is loading correctly. Also, be more careful posting login data in your example codes. – Alvaro Jesús Estrada Jaime Oct 03 '17 at 03:17