I'm trying to solve this with quite a lot of code found on the Internet to update/insert MariaDB with PDO. Some of it executes perfectly.
However, I don't know what's going wrong with a few pages; it just won't execute (INSERT, UPDATE) and refresh data to the database.
Here is my raw code for UPDATE: (After I run the reset password page. The $result returns TRUE, but the database won't update.)
<?php
session_start();
include('connect.php');
error_reporting(0);
$usertype=$_SESSION['usertype'];
$useremail=$_REQUEST['useremail'];
$password=$_REQUEST['password'];
$password1=$_REQUEST['password1'];
$password2=$_REQUEST['password2'];
$returnurl='request.php';
if ($usertype == 1 or $usertype == 2){
$password1=password_hash($password1,null);
$stmt = $pdo->prepare("UPDATE POEUSER SET UserPassword = :password1 WHERE UserEmail = :useremail");
$stmt->bindValue(":password1",$password1,PDO::PARAM_STR);
$stmt->bindValue(":useremail",$useremail,PDO::PARAM_STR);
try {
$result = $stmt->execute();
} catch(PDOException $e) {
echo $e->getCode() . " - " . $e->getMessage();
}
$stmt = null;
?>
<script language='javascript'>
window.location.href = '<?php echo $returnurl ?>';
alert(
'<?php echo $result . $e . $useremail . $password1 ?> password have been reset'
);
</script>;
<?php
};
if ($usertype == 3 or $usertype == 4){
if($password1==$password2) {
$password1=password_hash($password1,null);
$stmt = $pdo->prepare("UPDATE WILUSER SET UserPassword=:password1 WHERE UserEmail=:useremail");
$stmt->bindValue(":password1",$password1,PDO::PARAM_STR);
$stmt->bindValue(":useremail",$useremail,PDO::PARAM_STR);
try {
$result = $stmt->execute();
} catch(PDOException $e) {
echo $e->getCode() . " - " . $e->getMessage();
}
$stmt = null;
?>
<script language='javascript'>
window.location.href = 'index.php';
alert(
'<?php echo $result . $e . $useremail . $password1 ?> password have been reset'
);
</script>;
<?php
;}
else { ?>
<script language='javascript'>
window.location.href = 'reset.php';
alert(
'<?php echo $result . $e . $useremail . $password . $password1 . $password2 ?>Password not match!'
);
</script>}
<?php } ; };
?>Here is my raw code for INSERT: (The same problem persists; the user supposes to create the database's new user data. However, it is missing.)
<?php
session_start();
include('connect.php');
error_reporting(0);
if($_SESSION['usertype']!=1 AND $_SESSION['usertype']!=2 AND $_SESSION['usertype']!=3 AND $_SESSION['usertype']!=4 ){
$createdby=5;
}
else {
$createdby=$_SESSION['userid'];}
$usertype2=$_SESSION['usertype'];
$usertype=$_REQUEST['usertype'];
$userstatus=0;
$useremail=$_REQUEST['useremail'];
$userpassword=$_REQUEST['userpassword'];
$username=$_REQUEST['username'];
$id=$_REQUEST['id'];
$userprofile="Introduce yourself to public";
$userphoto="user.png";
$stmt = $pdo->prepare("INSERT INTO POEUSER (UserType,UserStatus,UserEmail,UserPassword,UserName,UserProfile,UserPhoto,CreatedBy) VALUES (:usertype,:userstatus,:useremail,:userpassword,:username,:userprofile,:userphoto,:createdby )");
$stmt->execute([':usertype'=>$usertype,':userstatus'=>0,':useremail'=>$useremail,':userpassword'=>$userpassword,':username'=>$username,':userprofile'=>$userprofile,':userphoto'=>$userphoto,':createdby'=>$createdby]);
$newid = $pdo->lastInsertId();
$stmt = null;
if ($usertype==3){
$stmt = $pdo->prepare("INSERT INTO EMPLOYER (CompanyID,UserID) VALUES (:id,:userid )");
$stmt->execute([':id'=>$id,':userid'=>$newid]);
$stmt = null;
}
if ($usertype==4){
$stmt = $pdo->prepare("INSERT INTO STUDENT (StudentID,UserID) VALUES (:id,:userid )");
$stmt->execute([':id'=>$id,':userid'=>$newid]);
$stmt = null;
}
if ($usertype!=1 AND $usertype!=2 ){
$_SESSION['userid']=$newid;
$_SESSION['username']=$username;
$_SESSION['usertype']=$usertype;
$_SESSION['userphoto']=$userphoto;
$_SESSION['useremail']=$useremail;
}
;?>
<script language='javascript'>
window.location.href = 'updateprofile.php';
alert('<?php echo $newid?> Thank you for sign-up! Please update more details on next page');
</script>I will add more coding to prevent SQL Injection after the page works.
