two table in a single database but only one is working

Question

I have made two table in a database one for sign in and signup of customer and another for sign-in and sign up of dealer.only the table of customer is working. But the data is not getting saved to the table in case of dealers. Here is the database code

   <?php
session_start();

// variable declaration
$username = "";
$email    = "";
$errors = array(); 
$_SESSION['success'] = "";


$db = mysqli_connect('localhost', 'root', '', 'registration');

// SIGNUP CUSTOMER
if (isset($_POST['reg_user'])) {

    $username = mysqli_real_escape_string($db, $_POST['username']);
    $email = mysqli_real_escape_string($db, $_POST['email']);
    $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
    $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
    $telephone = mysqli_real_escape_string($db,$_POST['telephone']);
    $country = mysqli_real_escape_string($db,$_POST['country']);
    $state= mysqli_real_escape_string($db,$_POST['state']);


    if (empty($username)) { array_push($errors, "Username is required"); }
    if (empty($email)) { array_push($errors, "Email is required"); }
    if (empty($password_1)) { array_push($errors, "Password is required"); }
    if (empty($telephone)) { array_push($errors, "Telephone no. is required"); }
    if (empty($country)) { array_push($errors, "country is required"); }
    if (empty($state)) { array_push($errors, "state is required"); }

    if ($password_1 != $password_2) {
        array_push($errors, "The two passwords do not match");
    }


    if (count($errors) == 0) {
        $password = md5($password_1);
        $query = "INSERT INTO users (username, email, password, telephone,country,state) 
                  VALUES('$username', '$email', '$password','$telephone','$country','$state')";
        mysqli_query($db, $query);

        $_SESSION['username'] = $username;
        $_SESSION['success'] = "You are now logged in";
        header('location: index1.php');
    }

}
// ... 

// SIGNIN CUSTOMER
if (isset($_POST['login_user'])) {
    $username = mysqli_real_escape_string($db, $_POST['username']);
    $password = mysqli_real_escape_string($db, $_POST['password']);

    if (empty($username)) {
        array_push($errors, "Username is required");
    }
    if (empty($password)) {
        array_push($errors, "Password is required");
    }

    if (count($errors) == 0) {
        $password = md5($password);
        $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
        $results = mysqli_query($db, $query);

        if (mysqli_num_rows($results) == 1) {
            $_SESSION['username'] = $username;
            $_SESSION['success'] = "You are now logged in";
            header('location: index1.php');
        }else {
            array_push($errors, "Wrong username/password combination");
        }
    }
}
//SIGN UP DEALER
if (isset($_POST['reg_dealer'])) {

    $username = mysqli_real_escape_string($db, $_POST['username']);
    $email = mysqli_real_escape_string($db, $_POST['email']);
    $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
    $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
    $account = mysqli_real_escape_string($db, $_POST['account']);
    $IFSC = mysqli_real_escape_string($db,$_POST['IFSC']);
    $target = mysqli_real_escape_string($db,$_POST['target']);
    $sales= mysqli_real_escape_string($db,$_POST['sales']);
    $date= mysqli_real_escape_string($db,$_POST['date']);
    $address= mysqli_real_escape_string($db,$_POST['address']);
    $telephone = mysqli_real_escape_string($db,$_POST['telephone']);
    $country = mysqli_real_escape_string($db,$_POST['country']);
    $state= mysqli_real_escape_string($db,$_POST['state']);



    if (empty($username)) { array_push($errors, "Username is required"); }
    if (empty($email)) { array_push($errors, "Email is required"); }
    if (empty($password_1)) { array_push($errors, "Password is required"); }
    if (empty($telephone)) { array_push($errors, "Telephone no. is required"); }
    if (empty($country)) { array_push($errors, "country is required"); }
    if (empty($state)) { array_push($errors, "state is required"); }
    if (empty($account)) { array_push($errors, "account is required"); }

if (empty($IFSC)) { array_push($errors, "IFSC is required"); }

if (empty($sales)) { array_push($errors, "sales is required"); }

if (empty($date)) { array_push($errors, "date is required"); }

if (empty($target)) { array_push($errors, "target is required"); }

if (empty($address)) { array_push($errors, "address is required"); }


    if ($password_1 != $password_2) {
        array_push($errors, "The two passwords do not match");
    }


    if (count($errors) == 0) {
        $password = md5($password_1);
        $query = "INSERT INTO dealers (username, email, password, account,IFSC,target,sales, date,address,telephone,country,state) 
                  VALUES('$username', '$email', '$password','$account','$IFSC','$target','$sales','$date','$address',$telephone','$country','$state')";
        mysqli_query($db, $query);

        $_SESSION['username'] = $username;
        $_SESSION['success'] = "You are now logged in";
        header('location: index1.php');
    }

}
//SIGNIN DEALER
if (isset($_POST['login_dealer'])) {
    $username = mysqli_real_escape_string($db, $_POST['username']);
    $password = mysqli_real_escape_string($db, $_POST['password']);

    if (empty($username)) {
        array_push($errors, "Username is required");
    }
    if (empty($password)) {
        array_push($errors, "Password is required");
    }

    if (count($errors) == 0) {
        $password = md5($password);
        $query = "SELECT * FROM dealers WHERE username='$username' AND password='$password'";
        $results = mysqli_query($db, $query);

        if (mysqli_num_rows($results) == 1) {
            $_SESSION['username'] = $username;
            $_SESSION['success'] = "You are now logged in";
            header('location: index1.php');
        }else {
            array_push($errors, "Wrong username/password combination");
        }
    }
}


?>

reg_user is the name of button used to signup a customer login_user is the name of button used for sign in a customer reg_dealer is the name of the button used to sign up a dealer login_dealer is the name of the button used to sign in a dealer

Should convert to prepared statements and bind variables - it would stop problems like missing a quote in `',$telephone'` — Nigel Ren, Oct 28 '17 at 11:07
You stand at getting hacked if you intend on going live with this. MD5 should not be used to store passwords with.. — Funk Forty Niner, Oct 28 '17 at 13:06
Thanks sir for pointing this out.So how do you prefer if i use bcrypt in place of MD5. — DEVASHIS KHANDELWAL, Oct 29 '17 at 12:13

Sunil Rajput · Answer 1 · 2017-10-28T13:07:13.843

0

You are doing small mistakes

forgot to use single quote before $telephone .

try this it will work for you.

I also suggests you to use prepare statement while you insert data in your table.

INSERT INTO dealers (username, email, password, account,IFSC,target,sales, date,address,telephone,country,state) 
                  VALUES('$username', '$email', '$password','$account','$IFSC','$target','$sales','$date','$address','$telephone','$country','$state')";

edited Oct 28 '17 at 13:07

answered Oct 28 '17 at 12:49

Sunil Rajput

960
9
19

Mistake was that you mention i forgot the quote but if i change the date as you asked it is again producing error unless working fine. – DEVASHIS KHANDELWAL Oct 28 '17 at 12:58
`DATE` is a keyword, true. Yet, it is not reserved https://dev.mysql.com/doc/refman/5.5/en/keywords.html therefore it does not need to be ticked. Notice there is no `(R)` next to it. Please remember this and update the answer to reflect this; as what you wrote suggests a false statement. – Funk Forty Niner Oct 28 '17 at 13:05

two table in a single database but only one is working

1 Answers1