Issues gathering SMS messages into MySQL - mysql

I am currently learning web development and trying to put together a simple application in PHP that stores SMS messages from phones of all mobile types, both smart and the non, into a MySQL database hosted on a webserver. I will do some other things later with these strings once stored, but struggling right now to get this whole thing working.
I have been trying to use this here platform:
http://www.txtweb.com/
which allows delivery to web apps of a message, a "location key" in the form of an # keyword, and the number of the texter. It then returns information to user with an html request, where all thats in the body tags gets returned. They don't have any direct examples of MySQL interfacing, nor any discussion in the forums. Here I have followed one of their code samples, can get the return text to work, but fail to get any action in the database. Does anyone out there perchance have advice of either a better method for gathering SMS messages into a MySQL database or perhaps some obvious flaws in my code? I will put what I am trying below, and much appreciate the help.
<?php
define("DB_SERVER", "...");
define("DB_USER", "...");
define("DB_PASS", "...");
define("DB_NAME", "...");
=$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection) {
die("Database connection failed: " . mysql_error()); }
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
} ?>
<html>
<head>
<meta name=\"txtweb-appkey\" content=\"VALUE ASSIGNED BY PLATFORM\">
</head>
<?php if(isset($_GET['txtweb-message'])) $message = $_GET['txtweb-message'];
if(isset($_GET['txtweb-mobile'])) $number = mysql_prep($_GET['txtweb-mobile']);
if(isset($_GET['txtweb-location'])) $location = mysql_prep($_GET['txtweb- location']);
$query = "INSERT INTO ... (
`Number`, 'Message', 'Location' )
VALUES (
'{$message}', '{$number}', '{$location}' )";
mysql_query($query, $connection); ?>
<body>
"message to user, yet to be determined"
</body>
</html>
<?php mysql_close($connection); ?>

You are using single quotes (') to encase your column names. MySQL won't like that. You should be using backticks (`) to encase column names.
Notice that Number uses backticks and Message and Location use single quotes.
`Number`, 'Message', 'Location'
try:
`Number`, `Message`, `Location`

Might be worth making a call to mysql_error ?
print mysql_error();
Call that after
mysql_query($query, $connection);
When you do this, any errors from the query are shown on the page.

Related

SQL insert is not working

Please can someone help? The code below seems to work and gives no errors, but when I check the database, it hasn't added anything. Tearing my hair out!
<?php
$bcode = $_GET['barcode'];
$businessid = $_GET['businessid'];
$servername = "---------";
$username = "-------";
$password = "-------";
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO 'db741921215'.'Scans' (Barcode, Success, Business) VALUES ('".$barcode."', 'Y', '".$businessid."')";
$con->close();
} ?>
The columns in table 'Scans' is as below:
Help is very, very much appreciated!!!
I see a couple things - use backticks "`" around your table name definitions, not single quotes. Also, save yourself some eye strain and use the fact that PHP interpolates variables just fine within doublequoted strings.
$sql = "INSERT INTO `db741921215`.`Scans`
(Barcode, Success, Business)
VALUES
('$barcode', 'Y', '$businessid')";
Also - you never actual execute the query, do you?
$conn->query($sql);
You seem to be missing the step where you execute the sql statement
I can see where you define it but I don't see where it's executed. i.e.
$conn->query($sql);
Also, you seem to be missing a letter when closing the connection: $con->close() should be $conn->close();

Execute mySQL UPDATE command

I have the following code, but it doesn't work. I think it might be because the method was removed? Not sure what the new way to do it is though. I'm on wordpress.
<php?
mysql_query ("UPDATE $wpdb->users
SET access_key = $newAccessKey
WHERE ID = $currentUserID");
?>
That don't work.
users is the table nome.
Advice??
This script is to be run on a page on php.
First you start with wrong syntax to start PHP script '
Now you should check the type of access_key if it is integer than you wrote right and if it is varchar or text then you should write with ''. For this your query is below.
mysql_query ("UPDATE $wpdb->users
SET access_key = '$newAccessKey'
WHERE ID = $currentUserID");
I hope you will get solution.
use single quote for string vars and be sure for sanitize $wpdb->users use concat
mysql_query ("UPDATE " . $wpdb->users .
" SET access_key = '$newAccessKey'
WHERE ID = $currentUserID");
The reason why it doesn't work for you can be a number of things. You can find it out by enabling error reporting (ini_set('display_errors', true); error_level(E_ALL);) and checking for mysql errors (echo mysql_error();).
Second, if it wasn't a typo when you were writing the question:
<php? doesn't start PHP code. It should be <?php, the way you wrote it it is ignored both by the server and the browser because it is an illegal tag and the code inbetween isn't executed at all.
Apart from that, $wpdb brings its own update() function that you can use:
$wpdb->update(
$wpdb->users,
array( 'access_key' => $newAccessKey ),
array( 'ID' => $currentUserID ),
array(
'%s' // if $newAccessKey is a string
// '%d' // if $newAccessKey is an integer
),
array( '%d' )
);
That way you don't have to worry about the database connection or deprecated functions.

PHP&MySQL signin form-error with accessing database table

I want my users to be able to sign in using their accounts, so I created an html form and a php file that will communicate with mySQL database.
The php code is supposed to check whether the username and password are correct and exist in the database. If so the user is granted access. I am thinking such algorithm:
<?php
//connection_start
$mysqli = new mysqli('mysql3.000webhost.com','a4305565_os','******','a4305565_users');
//check_connection
if($mysqli->connect_error){
die("Connection error (check_connection): " . $mysqli->connect_errno . " : " . $mysqli->connect_error );
exit();
}
//check_if_account_exists
$query = mysql_query("SELECT * FROM `users` where `username` = '$_POST[form_username]' AND `password` = '$_POST[form_password]'") or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
//verification
if(!empty($row['username']) AND !empty($row['password'])){
echo "SUCCESSFULLY SIGNED IN.";
}else{
die("Your are not registered yet.");
}
//Connection_end
$mysqli->close();
?>
But when I test the code on my web host, it is giving me an error on line 14 saying that I
do not have access to the database "a4305565_users" with password=NO
or something like that.
Any help please?
Your user don't have any rights on a4305565_users schema.
Edit your user privileges to give him the rights to use this schema.
Also it's kind of weird that you are creating a schema named "users", this sounds more like a table name.
And, as a word of advice, you should hash your users password, it's a very bad practice to store them in plain text.
Also, you can salt your hashes.
Look at this : https://en.wikipedia.org/wiki/Salt_(cryptography)

INSERT INTO MYSQL - Can´t insert data

After a couple of week´s trying to insert data in variables from form in MYSQL database, i´m asking here. I found a lot of example codes of INSERT INTO and also my provider checked my skript. He said I have a problem in my $sql=.
I tryed a lot of, but i can´t see any data in phpMyAdmin after click submit, but i receive the mail, that works fine.
Maybe anybody can see an issue in my script.
<?php
if(isset($_POST["sendcopy"])){
mail($mailToCC, $subject, $textCC, $from);
}
if(isset($_POST["submit"])){
$host_name = "database.myprovider";
$database = "db_name";
$user_name = "user_name";
$password = "*****************";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
if (mysqli_connect_errno())
{
echo "KEINE VERBINDUNG MÖGLICH! " . mysqli_connect_error();
}
else
{
echo "ERFOLGREICHE VERBINDUNG ZUR DATENBANK!";}
$sql= 'INSERT INTO "offen"("id", "vorname", "nachname", "email", "telefon", "geburtsjahr", "postleitzahl", "datum", "stunde", "minute", "personen", "bereich", "nachricht")
VALUES ($id, $vorname, $nachname, $email, $tel, $geburtsjahr, $plz, $datum, $stunde, $minute, $personen, $bereich, $nachricht)';
mysql_close($connect);
}
include ("reservtrue.php");
exit;
?>
The "submit" comes from a <form> below.
<form method="post" action="mailer.php" onsubmit="return chkFormular()" name="Formular" id="formTemplate">
<table id="reservtable">
.
.
.
.
<input type="submit" name="submit" value="Reservieren" id="submit">
</td>
</tr>
</table>
</form>
I hope it´s no problem to use german words as variables, here in stackoverflow.
Thank´s for help.
EDIT
Thank you for you´r suggestions. I still can´t insert data from form to MYSQL. I changed my Code a bit. And if I paste the code into phpMyAdmin - SQL, it work´s! But not if I load my script to server and test my form in web.
This is my new Code:
<?php
error_reporting(E_ALL ^ E_NOTICE);
if(isset($_POST["submit"])){
$vorname = $_POST["Vorname"];
$nachname = $_POST["Nachname"];
$email = $_POST["Mailadresse"];
$tel = $_POST["Telefonnummer"];
$geburtsjahr = $_POST["Geburtsjahr"];
$plz = $_POST["PLZ"];
$datum = $_POST["Datum"];
$stunde = $_POST["Stunde"];
$minute = $_POST["Minute"];
$personen = $_POST["Personen"];
$bereich = $_POST["Bereich"];
$nachricht = $_POST["Nachricht"];
$host_name = "database.myprovider";
$database = "db_name";
$user_name = "user_name";
$password = "*****************";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
if (mysqli_connect_errno())
{
echo "KEINE VERBINDUNG MÖGLICH! " . mysqli_connect_error();
}
else
{
echo "ERFOLGREICHE VERBINDUNG ZUR DATENBANK!";}
$insert = ("INSERT INTO offen(vorname, nachname, email, telefon, geburtsjahr, postleitzahl, datum, stunde, minute, personen, bereich, nachricht)
VALUES ('".$id."', '".$vorname."', '".$nachname."', '".$email."', '".$tel."', '".$geburtsjahr."', '".$plz."', '".$datum."', '".$stunde."', '".$minute."', '".$personen."', '".$bereich2."', '".$nachricht."')");
mysqli_query($insert, $sql);
}
include ("reservtrue.php");
exit;
?>
Problem solved
Problem is solved with following code:
$insert = "INSERT INTO `offene`
(
`id`, `vorname`, `nachname`, `email`, `telefon`, `geburtsjahr`, `postleitzahl`, `datum`, `stunde`, `minute`, `personen`, `bereich`, `nachricht`
)
VALUES
(
NULL, '$vorname', '$nachname', '$email', '$tel', '$geburtsjahr', '$plz', '$datum', '$stunde', '$minute', '$personen', '$bereich', '$nachricht');";
mysqli_query($connect, $insert);
Thank you guy´s for information, inspriation and tips! I learnd a lot in the last 2 days.
Where is your mysql_query($sql); ? Add this after your $sql. Your $sql query require mysql_query to run it. If you added that and it still doesn't work, I suggest your go to phpmyadmin's sql tab. Paste your query in with some random VALUES. That's how I check if my query is working or not.
echo "ERFOLGREICHE VERBINDUNG ZUR DATENBANK!";}
$sql= 'INSERT INTO offen (id, vorname, nachname, email, telefon, geburtsjahr, postleitzahl, datum, stunde, minute, personen, bereich, nachricht)
VALUES ('$id', '$vorname', '$nachname', '$email', '$tel', '$geburtsjahr', '$plz', '$datum', '$stunde', '$minute', '$personen', '$bereich', '$nachricht')';
mysqli_query($connect,$sql); //this line was missing from your code.
mysqli_close($connect); //updated to make it MySQLi
The mysqli_query($connect,$sql) actually does the work of applying the SQL you define in the $sql query.
NOTE
You have both MySQLi and MySQL functions in your script, you must stick with just one function, ALL your SQL functions must be MySQL i .
I would recommend that you change your SQL query to use single quotes and backticks. The table name offen and the column names do not need to be in quotes. The variables you insert do need to be in quotes, as I have illustrated.
You do not (usually) need to have mysqli_close because the SQL connection automatically closes once the PHP reaches the end of the page.
The variable names don't need quotes but the parametes do. Also you are missing the code to execute the SQL statement.
echo "ERFOLGREICHE VERBINDUNG ZUR DATENBANK!";}
$sql= "INSERT INTO offen(id, vorname, nachname, email, telefon, geburtsjahr, postleitzahl, datum, stunde, minute, personen, bereich, nachricht)
VALUES ($id, '$vorname', '$nachname', '$email', '$tel', '$geburtsjahr', '$plz', '$datum', '$stunde', '$minute', '$personen', '$bereich', '$nachricht')";
if ($connect->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $connect->error;
}
mysql_close($connect);
}
It appears you have some understandable confusion about quoting of the variables in $insert. You likely have a problem with how you are handling your datatypes.
Here are a few things to look out for
You have too many quotes around your variables. Wrap the query in "" but save the '' for individual variables (where necessary, seen below). For instance, just wrap the variable once like so: .'$vorname'.' if the variable you are inputting is a string. If it is an integer (INT variable type), leave the quotes off, e.g.$number`. In other words, input strings as strings, and INT as int.
If the variable you wish to input is set as auto-increment in your database (i.e. it is the primary key), you probably don't want to be inputting it at all. For example, in your case $id appears to be one. If this is true, you have the syntax backward. Just input it as NULL or leave it off the insert, like so: insert into tablename (id, vorname) values (NULL, '$vorname')
You need to also sanitize your ALL of your variables if you to prevent SQL Injection (very possible with your code). You can do this with mysqli_real_escape_string()
OR instead of going through all of that, you could use prepared statements, which would both handle that information in a cleaner way, but also would protect your code against SQL injection.
Here's how to do this using mysqli:
Connect as an object:
$connect = new mysqli($host_name, $user_name, $password, $database);
And then feed your query into the object and bind the parameters. In this section, "s" is a string, "i" is an integer.
$insert = $connect->prepare("INSERT INTO offen(id, vorname, nachname, email)
VALUES (NULL, ?,?,?");
$insert->bind_param("sss", $vorname, $nachname, $email);
$insert->execute();
$insert->close();
If you name your variables correctly, this should work.

Admin panel - Creating an edit users button

I've created an admin panel on my website so when the admin logs in he can edit users. I'm trying to get it to create a table that displays a list of all the users on the database, however, when I run it I get the error:
No database selected
Here is the code in my editusers.php:
<?php
include 'adminpage.php';
include 'connection.php';
$sql = "SELECT * FROM Users";
$result = mysql_query($sql)or die(mysql_error());
echo "<table>";
echo "<tr><th>UserID</th><th>First Name</th><th>Last Name</th><th>Email</th><th>D-O-B</th></tr>Username</th><th>Password</th><th>";
while($row = mysql_fetch_array($result)){
$userid = $row['UserID'];
$firstname = $row['FirstName'];
$lastname = $row['LastName'];
$email = $row['Email'];
$dob = $row['DateofBirth'];
$username = $row['Username'];
$password = $row['Password'];
// Now for each looped row
echo "<tr><td style='width: 200px;'>".$userid."</td><td style='width: 200px;'>".$firstname."</td><td>".$scale."</td><td>".$lastname."</td><td>".$email."</td></tr>".$dob."</td></tr>".$username."</td></tr>".$password."</td></tr>";
} // End our while loop
echo "</table>"
?>
First of all it looks like you are using mysql which isn't a wise move. This is because Mysql is actually deprecated and was improved to mysqli. Your problem may be to do with your database connection. You also haven't set a database. Like I said you can set an active database in your connection script. It should or could look something like this.
<?php
$conn = mysqli_connect("localhost", "root", "password", "database");
// Evaluate the connection
if (mysqli_connect_errno()) {
echo mysqli_connect_error();
exit();
}
?>
After that, your sql query is correct by selecting all from you table 'users' but in order to proceed I recommend creating a query where you use mysqli_query an select the $sql and $conn as parameters. In all honesty it is much advised to stop and continue once you have adapted to mysqli. Alternatively you can use PDO which in some cases can be seen as better to use rather than mysqli but the choice is yours. I personally would get to grips with mysqli and then look at some answers on Stack Overflow to decide whether you should use PDO or not. Visit the PHP manual here. Enter all the mysql functions you know and it will show you how to use the new mysqli version of the functions. Don't think that it is as simple as just adding and 'i' to the end of a mysql function. That's what I initially thought but there is alot to do with extra parameters etc. Hope this helps :-)