0

new to php and database stuff . I am required to make a system to record and save user data inside a database table that I called USER_INFO . the system works fine except when I make it inter User_ID (which is the only PRIMARY KEY data type) . whats more wierd to me is that when putting an id from inside the php code it takes it fine nd creates the new element , but when I make it take the data intered by a user in a form , it doesnt work .

Here is my PHP code to insert new data :

<?php

try {

    /*** connect to SQLite database ***/

    $dbh = new PDO("sqlite:ses.sdb");
    
    $sql = "SELECT * FROM USER_INFO";
    
    $Id_ok =$_GET['user_id'];  
    
        if($Id_ok != 0){
            foreach ($dbh->query($sql) as $row) {
                $name =$_GET['user_name'];
                $ID= $_GET['user_id'];
                $phone = $_GET['phone'];
                $address = $_GET['address'];
                $Email = $_GET['email'];
                
                // Just simple thing so I check the new elements
                print 'USER NAME='.$row['name']. ' ,  '.
                        'USER ID="'.$row['id']. '" ,  '.
                        'PHONE="'.$row['telephone']. '<br>';
            
                $sql2 = "INSERT INTO USER_INFO 
                            VALUES ('.$name.', '.$ID.', '.$phone.', 
                                    'work2', 'perhaps')"; // problrm here in $ID .
            
            
                $dbh->exec($sql2);
            }
        }
        echo "New record created";
      // Close the connetion 
        $dbh = null;
    } catch(PDOException $e) {
        echo $e->getMessage();
    }
?>

--the function I use to submit the form :

function Register(){
    
    if(userID_Ok_Register() == false){return;}
    
    users= new Array();
    
    for(var i=0;i<index;i++){
        users=user[i].split('#');
        if(users[2]==document.user_info.user_id.value){
            alert("ID alreadys exists");
            return;
        }   
        document.realForm.user_name.value = document.user_info.user_name.value;
        document.realForm.user_id.value = document.user_info.user_id.value; 
        document.realForm.phone.value = document.user_info.phone.value;
        document.realForm.address.value = document.user_info.address.value; 
        document.realForm.email.value = document.user_info.email.value;
    
        document.realForm.submit();
    }
}

I am also using WampServer , don't know if it matters or not , any help and tips helps alot :>

Tried to take user_id data and put it into a PRIMARY KEY slot in a database table .

I expected it to work as good as it did when I entered data from within the php code , as in I put 889 or such thing in the ID slot and it worked .

what actully happened is that it wouldn't take the user_ID that is taken from the form , and I have tested , The user_iD is fine , it just wouldn't be inserted into the database .

j08691
  • 204,283
  • 31
  • 260
  • 272
حسين الجوهر
  • 1
  • 1
  • Is there a reason why you need to allow manual entry of a User ID instead of letting the system generate one for you? Not wrong, just depends on what you are doing. Further, do you have PHP and MySQL error reporting enabled, and have you received an error message? – Chris Haas Dec 30 '22 at 19:45
  • 1
    Your script is open to [SQL Injection Attack](http://stackoverflow.com/questions/60174). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187) You should always use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's instead of concatenating user provided values into the query. Never trust ANY user input! This will also remove the unescaped character issue like a `'` in a text string. – RiggsFolly Dec 30 '22 at 20:17
  • 2
    Good code indentation would help us read the code and more importantly it will help **you debug your code** [Take a quick look at a coding standard](https://www.php-fig.org/psr/psr-12/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. – RiggsFolly Dec 30 '22 at 20:19
  • the maunal entry of a user ID is recomended by my Prof for the project , but if its easier to make it add by the system then how I do it ? – حسين الجوهر Dec 31 '22 at 12:05
  • Also no I dont have the php/MySQL error reporting system on , I am new and soo far I have been using Notepad++ to write the codes , not the best choice I know but it did me good so far @chris-haas – حسين الجوهر Dec 31 '22 at 12:07
  • There’s absolutely nothing wrong with Notepad++, some hardcore developers still use it these days, however there’s also several free or inexpensive IDEs out there, too. Turn error reporting on. This will give you error messages that are hopefully more obvious, but if not, you can post on SO and people will hopefully guide you to a solution – Chris Haas Dec 31 '22 at 15:33
  • If you are new to writing code, mixing multiple languages, specifically PHP and JS, but also HTML and SQL, can be very confusing. I can’t argue with your prof unfortunately. – Chris Haas Dec 31 '22 at 15:40
  • How can I turn error reporting on ? couldn't find it – حسين الجوهر Dec 31 '22 at 16:07
  • https://www.php.net/manual/en/function.error-reporting.php and https://stackoverflow.com/a/22662582/231316 – Chris Haas Jan 01 '23 at 00:00

0 Answers0