0

I'm new to PHP, so I don't know how to do this. I'm trying to insert an entry ( I think, I don't know how it's called yet ) to my database from another database through a "submit" button.

In my databse I have 2 tables. First table called "users"

id name         server  
1  Alexander      1 
2  Robert         2
3  Jack           1

Second one called "server" where I have these:

id   name
1    USA
2    EUROPE
3    GLOBAL

This is a part of my page where is the button:

<?php
define('TITLE', "Login");
include '../header.php';
check_verified();
?>

.
. some html code
.



<form class="form-auth" action="includes/europe.inc.php" method="post">
                            <?php insert_csrf_token(); ?>
                            <div class="text-center mb-3">
                    <small class="text-success font-weight-bold">
                        <?php
                            if (isset($_SESSION['STATUS']['joinstatus']))
                                echo $_SESSION['STATUS']['joinstatus'];

                        ?>
                    </small>
                </div>

. 
. some html code
.
<button class="btn btn-primary btn-lg" type="submit" value="joineurope" name='joineurope'>Join NOW!</button>
</form>

and here is the 'europe.inc.php':

<?php
session_start();

require '../../assets/includes/security_functions.php';
require '../../assets/includes/datacheck.php';
require '../../assets/includes/auth_functions.php';
check_logged_in();

if (isset($_POST['joineurope'])) {

      /*
    * -------------------------------------------------------------------------------
    *   Securing against Header Injection
    * -------------------------------------------------------------------------------
    */

    foreach($_POST as $key => $value){

        $_POST[$key] = _cleaninjections(trim($value));
    }

    require '../../assets/setup/db.inc.php';

     /*
        * -------------------------------------------------------------------------------
        *   User Joins
        * -------------------------------------------------------------------------------
        */

        $sql = "INSERT into users (server)
        values (select name from server where name='EUROPE')";
        $stmt = mysqli_stmt_init($conn);
        if (!mysqli_stmt_prepare($stmt, $sql)) {

            $_SESSION['ERRORS']['scripterror'] = 'SQL ERROR';
            header("Location: ../");
            exit();
            }   
                else {

    mysqli_stmt_bind_param($stmt, "s", $server); 
    mysqli_stmt_execute($stmt);
    mysqli_stmt_store_result($stmt);

    $_SESSION['STATUS']['joinstatus'] = 'Joined to EUROPE';
            header("Location: ../../");
            exit();
    }

    mysqli_stmt_close($stmt);
    mysqli_close($conn);
}
    
    else {

    header("Location: ../");
    exit();
}

I have 3 pages with "europe"/"usa" and "global". In each page I have a button called "join". I don't know how to insert data from each page. I mean when I'm at "europe" page and press the button "join", I want to insert in my table called "users" that specific name (or ID if you know how to do this) from table called "server". Now if I press the button join, it just refresh the page, but it doesn't insert anything in my database. Thank you and I'm sorry for my bad english. I hope you understand what I want.

  • You never set the variable `$server`. – Barmar Dec 10 '20 at 19:11
  • The prepared statement doesn't have any `?` placeholders that will be filled in with `mysqli_stmt_bind_param()`. – Barmar Dec 10 '20 at 19:12
  • Do you have a different script for joining each country? `europe.inc.php` and `usa.inc.php`? Then you don't need the `$server` variable, and you don't need to use `prepare` and `bind_param`. – Barmar Dec 10 '20 at 19:27
  • `You never set the variable $server.` Ok. So how to set this variable? I mean, for this page called "europe", I need "$server" to insert the id(or name) from table "server" to table "users" where I have the column called "server". Thank you! EDIT: Yes, I have a different script for each country. –  Dec 10 '20 at 19:27
  • Ok! So my question is: how the europe.inc.php know what to insert in my database? I'm going to delete the `$server` variable `prepare` and `bind_param`. I forgot to specify, I have 3 folders for each country(Server). 1 for europe with `index.php` and sub-folder called `includes`, 1 for usa and 1 for global. in case it matters –  Dec 10 '20 at 19:35
  • 1
    Or `INSERT INTO users (server) SELECT id FROM server WHERE name = 'EUROPE'` – Barmar Dec 10 '20 at 19:42
  • No need for any variables or prepare/bind – Barmar Dec 10 '20 at 19:42
  • It works kind of. Now I have a new user without anything but "server" collumn. It was not added to my user. and if I delete the variable `prepare` and `bind_param` nothing happens. –  Dec 10 '20 at 19:55
  • There's nothing in the code you posted that mentions anything about putting the user into the table. It looks like you just want to add the country ID. – Barmar Dec 10 '20 at 20:01
  • Because I don't know how to do this. This was my question, inserting 'europe' to my user (Alexander) which is in table `users`, from table `server` where is collumn called `europe` via button submit. I'm sorry I didn't explain it properly. –  Dec 10 '20 at 20:14
  • Where does the user ID come from? Is it in a session variable? – Barmar Dec 10 '20 at 20:23
  • All I have about user ID is this: `$_SESSION['auth'] = 'loggedin'; $_SESSION['id'] = $row['id'];` and is in `auth_functions.php` . –  Dec 10 '20 at 20:39

1 Answers1

0

You need to put the user ID into your query. And you should be using UPDATE to update the server column in the users table, you're not inserting a new row.

You can use a cross join to get the server ID from the servers table.

$stmt = $conn->prepare("
    UPDATE users AS u
    CROSS JOIN servers AS s
    SET u.server = s.id
    WHERE u.id = ? AND s.name = 'EUROPE'";
$stmt->bind_param("i", $_SESSION['id']);
$stmt->execute();

I've used the OO style of the API because it's more compact and readable IMHO. You can convert to the functional style if you really prefer, they're equivalent.

Barmar
  • 741,623
  • 53
  • 500
  • 612
  • `HTTP ERROR 500`. This is what I got. I don't know what I'm doing wrong. –  Dec 10 '20 at 21:11
  • https://stackoverflow.com/questions/2687730/how-can-i-make-php-display-the-error-instead-of-giving-me-500-internal-server-er – Barmar Dec 10 '20 at 21:11
  • `PHP Parse error: syntax error, unexpected 'if' (T_IF) in /home/websitename/public_html/europe/includes/europe.inc.php on line 9` -->this is line 9 `if (isset($_POST['joineurope'])) {` –  Dec 10 '20 at 21:22
  • You're probably missing the `;` at the end of the previous line. – Barmar Dec 10 '20 at 21:23