mintak bantuan tuk check coding

[nikfathi]

salam kwn...nak mntk bantuan tuk check coding ni..x tau la ape x kena..jenuh pikor...huhu.....

ni code nye:

<html>
<body bgcolor = "PINK">

<?php

$Name = $_POST ['name'];
$Address = $_POST ['address'];
$TelNo = $_POST ['telno'];
$Email = $_POST ['email'];

echo "$Name <br>";
echo "$Address <br>";
echo "$TelNo <br>";
echo "$Email <br>";

$connect = mysql_connect ("localhost","root","");
mysql_select_db ("cake",$connect);

$query = "insert into form values ('".$Name."','".$Address."','".$TelNo."','".$Email."')";

//echo "$query";

mysql_query ($query);

echo "<br><a href=order.html>Next</a>";

?>

</body></html>

 

[apis17]

nak cek pekebenda?

form tarak. memang tak kena. pastikan ada input & output.

input adalah form (takde) dan output adalah yang echo echo itu..

 

[chip555]

Ni aku jumpa.... boleh tiru

* Buat table. nama: users.sql

CREATE TABLE `users` (
`id` INT( 50 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` VARCHAR( 15 ) NOT NULL ,
`password` VARCHAR( 15 ) NOT NULL ,
`email` VARCHAR( 50 ) NOT NULL
)

* Buat file index.php

<?php

//This will start a session
session_start();

$username = $_SESSION['username'];
$password = $_SESSION['password'];

//Check do we have username and password
if(!$username && !$password){
echo "Welcome Guest! <br> <a href=login.php>Login</a> | <a href=register.php>Register</a>";
}else{
echo "Welcome ".$username." (<a href=logout.php>Logout</a>)";
}


?>

* Buat file register.php

<?php

//This function will display the registration form
function register_form(){

$date = date('D, M, Y');
echo "<form action='?act=register' method='post'>"
."Username: <input type='text' name='username' size='30'><br>"
."Password: <input type='password' name='password' size='30'><br>"
."Confirm your password: <input type='password' name='password_conf' size='30'><br>"
."Email: <input type='text' name='email' size='30'><br>"
."<input type='hidden' name='date' value='$date'>"
."<input type='submit' value='Register'>"
."</form>";

}

//This function will register users data
function register(){

//Connecting to database
$connect = mysql_connect("host", "username", "password");
if(!$connect){
die(mysql_error());
}

//Selecting database
$select_db = mysql_select_db("database", $connect);
if(!$select_db){
die(mysql_error());
}

//Collecting info
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$pass_conf = $_REQUEST['password_conf'];
$email = $_REQUEST['email'];
$date = $_REQUEST['date'];

//Here we will check do we have all inputs filled

if(empty($username)){
die("Please enter your username!<br>");
}

if(empty($password)){
die("Please enter your password!<br>");
}

if(empty($pass_conf)){
die("Please confirm your password!<br>");
}

if(empty($email)){
die("Please enter your email!");
}

//Let's check if this username is already in use

$user_check = mysql_query("SELECT username FROM users WHERE username='$username'");
$do_user_check = mysql_num_rows($user_check);

//Now if email is already in use

$email_check = mysql_query("SELECT email FROM users WHERE email='$email'");
$do_email_check = mysql_num_rows($email_check);

//Now display errors

if($do_user_check > 0){
die("Username is already in use!<br>");
}

if($do_email_check > 0){
die("Email is already in use!");
}

//Now let's check does passwords match

if($password != $pass_conf){
die("Passwords don't match!");
}


//If everything is okay let's register this user

$insert = mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')");
if(!$insert){
die("There's little problem: ".mysql_error());
}

echo $username.", you are now registered. Thank you!<br><a href=login.php>Login</a> | <a href=index.php>Index</a>";

}

switch($act){

default;
register_form();
break;

case "register";
register();
break;

}

?>

* Buat file login.php

<?php
session_start();

//This displays your login form
function index(){

echo "<form action='?act=login' method='post'>" 
."Username: <input type='text' name='username' size='30'><br>"
."Password: <input type='password' name='password' size='30'><br>"
."<input type='submit' value='Login'>"
."</form>"; 

}

//This function will find and checks if your data is correct
function login(){

//Collect your info from login form
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];


//Connecting to database
$connect = mysql_connect("host", "username", "password");
if(!$connect){
die(mysql_error());
}

//Selecting database
$select_db = mysql_select_db("database", $connect);
if(!$select_db){
die(mysql_error());
}

//Find if entered data is correct

$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$row = mysql_fetch_array($result);
$id = $row['id'];

$select_user = mysql_query("SELECT * FROM users WHERE id='$id'");
$row2 = mysql_fetch_array($select_user);
$user = $row2['username'];

if($username != $user){
die("Username is wrong!");
}


$pass_check = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id'");
$row3 = mysql_fetch_array($pass_check);
$email = $row3['email'];
$select_pass = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id' AND email='$email'");
$row4 = mysql_fetch_array($select_pass);
$real_password = $row4['password'];

if($password != $real_password){
die("Your password is wrong!");
}



//Now if everything is correct let's finish his/her/its login

session_register("username", $username);
session_register("password", $password);

echo "Welcome, ".$username." please continue on our <a href=index.php>Index</a>";




}

switch($act){

default;
index();
break;

case "login";
login();
break;

}
?>

* Akhir sekali logout.php

<?php
session_start();

//This function will destroy your session
session_destroy();
echo "You are now logged out! <a href=index.php>Index</a> or <a href=login.php>Login</a>";

?>

Selamat Ber-coding )))

 

[akukurt]

its time to move on to ruby on rails..

rails g scaffold User name:string address:string

 

[apis17]

file login.php

$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

jadikan

$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='".mysql_real_escape_string($password)."'");

utk elakkan mysql injection
http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/

 

[erro_sennin]

$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='".mysql_real_escape_string($password)."'");

TAMBAH LIMIT 1, sebab kita nak return result satu row je,
jadi tak payah scan whole table atau index nak cari data

$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='".mysql_real_escape_string($password)."' LIMIT 1");