0

I have table of users which have following columns: user_id,username,first_name,last_name, email,token,password,location, phone.

I have 2 forms on two different pages. 1. registration.php 2. user_info.php.

In registration.php I'm getting user's email, username, and password. In user_info.php I'm getting user's first, lastname, country, phone.

I want to insert both form data in 1 row. so Is there any way?

right now with my code. it inserts info from both forms into database but it's inserting in each form data in 2 different rows.

here is my registration.php

<?php if (isset($_POST['signup-submit'])) { $url = "https://www.google.com/recaptcha/api/siteverify"; $data = ['secret' => "[xxxx]", 'response' => $_POST['token'], 'remoteip' => $_SERVER['REMOTE_ADDR']]; $options = array('http' => array('header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data))); $context = stream_context_create($options); $response = file_get_contents($url, false, $context); $res = json_decode($response, true); if ($res['success'] == true) { require("dbh.inc.php"); require("functions.php"); $username = escape($_POST['username']); $email = escape($_POST['email']); $token = bin2hex(random_bytes(50)); $password = escape($_POST['password']); $passwordRepeat = escape($_POST['confirm_password']); if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) { header("Location: ../registration.php?error=emptyfields"); exit(); } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) || !preg_match("/^[a-zA-Z0-9]*$/", $username)) { header("Location: ../registration.php?error=invalidmailuid"); exit(); } elseif (strlen($username) <= '6') { header("Location: ../registration.php?error=usernamecheck"); exit(); } elseif (strlen($password) <= '8') { header("Location: ../registration.php?error=passwordcheck"); exit(); } elseif ($password !== $passwordRepeat) { header("Location: ../registration.php?error=passwordverify"); exit(); } else { $sql = "SELECT username, email FROM users WHERE username = ? AND email = ?"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { header("Location: ../registration.php?error=sqlerror"); exit(); } else { mysqli_stmt_bind_param($stmt, "ss", $username, $email); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $resultCheck = mysqli_stmt_num_rows($stmt); if ($resultCheck > 0) { header("Location: ../registration.php?error=usermailtaken"); exit(); } else { $sql = "INSERT INTO users(username, email, password, token, joined) VALUES(?, ?, ?, ?, now())"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { header("Location: ../registration.php?error=sqlerror2"); exit(); } else { $hashed_password = password_hash($password, PASSWORD_DEFAULT); mysqli_stmt_bind_param($stmt, "ssss", $username, $email, $hashed_password, $token); mysqli_stmt_execute($stmt); header("Location: ../user_info.php"); exit(); } } } } mysqli_stmt_close($stmt); mysqli_close($connection); } else { header("Location: ../registration.php?error=captcha"); exit(); } } else { header("Location: ../registration.php?error=emptyfields"); exit(); }

here is my user_info.php

<?php if (isset($_POST['profile-submit'])) { require("dbh.inc.php"); require("functions.php"); $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $location = $_POST['location']; $phone = $_POST['phone_number']; if (empty($first_name) || empty($last_name) || empty($location) || empty($phone)) { header("Location: ../user_info.php?error=emptyfields"); exit(); } else { $sql = "INSERT INTO users(first_name, last_name, location, phone) VALUES(?, ?, ?, ?)"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { header("Location: ../user_info.php?error=sqlerror"); exit(); } else { mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone); mysqli_stmt_execute($stmt); header("Location: ../index.php?signup=success"); exit(); } } mysqli_stmt_close($stmt); mysqli_close($connection); } else { header("Location: ../user_info.php?error"); exit(); }
Improve this question
2
  • Short answer, yes. Use update instead of insert in user_info.php and use a where clause to limit which row gets updated. You need to send the username or some other value unique to the user to user_info.php so it will know which row to update with the additional information. Commented Nov 19, 2019 at 18:52
  • Please be aware that you may have exposed a secret in the code attached to this question. You should change/revoke it immediately. Commented Nov 19, 2019 at 23:44

2 Answers 2

Reset to default
0

You need to use an UPDATE instead of an INSERT on user_info.php

INSERT adds new rows. https://dev.mysql.com/doc/refman/8.0/en/insert.html

INSERT inserts new rows into an existing table.

UPDATE modifies data in a row. https://dev.mysql.com/doc/refman/8.0/en/update.html

UPDATE is a DML statement that modifies rows in a table.

When you do an UPDATE you need to add a WHERE clause to update only the row you want. You usually do this with the primary key which I assume in this case is user_id.

You can use mysqli_insert_id($connection) to get the last id inserted after your INSERT query runs. I suggest then storing that in a $_SESSION variable and then accessing that on user_info.php rather than passing is via POST or GET. That way, another user can't just type in an ID in the GET or POST request and update another user's info. Here is some code to guide you.

registration.php

//start the session session_start(); ... ... } else { mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone); mysqli_stmt_execute($stmt); $_SESSION['user_id'] = mysqli_insert_id($connection); header("Location: ../index.php?signup=success"); exit(); } } .... ....

user_info.php

.... .... if (empty($first_name) || empty($last_name) || empty($location) || empty($phone) || !isset($_SESSION['user_id')) { header("Location: ../user_info.php?error=emptyfields"); exit(); } else { $sql = "UPDATE users SET first_name = ?, last_name = ?, location = ?, phone =? WHERE user_id = ?"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { header("Location: ../user_info.php?error=sqlerror"); exit(); } else { mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone, $_SESSION['user_id']); mysqli_stmt_execute($stmt); header("Location: ../index.php?signup=success"); exit(); } .... ....
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I fixed a typo in the UPDATE statement. Had a parenthesis that snuck in there. It should not have been there.
0

in registration.php you need to get the last inserted Id before going to user_info.php

mysqli_stmt_bind_param($stmt, "ssss", $username, $email, $hashed_password, $token); mysqli_stmt_execute($stmt); //get last inserted id $last_id = mysqli_insert_id($connection); header("Location: ../user_info.php?id='.$last_id.'"); exit();

in user_info.php use update in your query with where id = $_GET['id']

if (isset($_POST['profile-submit'])) { require("dbh.inc.php"); require("functions.php"); $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $location = $_POST['location']; $phone = $_POST['phone_number']; if (empty($first_name) || empty($last_name) || empty($location) || empty($phone)) { header("Location: ../user_info.php?error=emptyfields"); exit(); } else { $sql = "UPDATE users SET first_name = ?, last_name = ?, location = ?, phone =? WHERE id = ?"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { header("Location: ../user_info.php?error=sqlerror"); exit(); } else { mysqli_stmt_bind_param($stmt, "sssii", $first_name, $last_name, $location, $phone, $_GET['id']); mysqli_stmt_execute($stmt); header("Location: ../index.php?signup=success"); exit(); } } mysqli_stmt_close($stmt); mysqli_close($connection); }else { header("Location: ../user_info.php?error"); exit();}
Improve this answer

1 Comment

Thank you for your code. I really appreciate it. but I'm not getting the right id in the get request. I'm getting this: user_info.php?id=%27.2.%27. and the id should be 1