Is there a way to INSERT data from 2 DIFFERENT forms and INSERT into 1 row in column?

0
votes

I have table of users which have following columns: user_id,username,first_name,last_name, email,token,password,location, phone.

I have 2 forms on two different pages. 1. registration.php 2. user_info.php.

In registration.php I'm getting user's email, username, and password. In user_info.php I'm getting user's first, lastname, country, phone.

I want to insert both form data in 1 row. so Is there any way?

right now with my code. it inserts info from both forms into database but it's inserting in each form data in 2 different rows.

here is my registration.php

<?php

if (isset($_POST['signup-submit'])) {

$url = "https://www.google.com/recaptcha/api/siteverify";
$data = ['secret' => "[xxxx]", 'response' => $_POST['token'], 'remoteip' => $_SERVER['REMOTE_ADDR']];
$options = array('http' => array('header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data)));
$context = stream_context_create($options);
$response = file_get_contents($url, false, $context);
$res = json_decode($response, true);

    if ($res['success'] == true) {

        require("dbh.inc.php");
        require("functions.php");

        $username = escape($_POST['username']);
        $email = escape($_POST['email']);
        $token = bin2hex(random_bytes(50));
        $password = escape($_POST['password']);
        $passwordRepeat = escape($_POST['confirm_password']);

        if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {

        header("Location: ../registration.php?error=emptyfields");
        exit(); 

        } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) || !preg_match("/^[a-zA-Z0-9]*$/", $username)) {

        header("Location: ../registration.php?error=invalidmailuid");
        exit();

        } elseif (strlen($username) <= '6') {

        header("Location: ../registration.php?error=usernamecheck");
        exit();

        } elseif (strlen($password) <= '8') {

        header("Location: ../registration.php?error=passwordcheck");
        exit();

        } elseif ($password !== $passwordRepeat) {

        header("Location: ../registration.php?error=passwordverify");
        exit();

        } else {

        $sql = "SELECT username, email FROM users WHERE username = ? AND email = ?";
        $stmt = mysqli_stmt_init($connection);
        if (!mysqli_stmt_prepare($stmt, $sql)) {            
        header("Location: ../registration.php?error=sqlerror");
        exit(); 

        } else {

        mysqli_stmt_bind_param($stmt, "ss", $username, $email);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_store_result($stmt);
        $resultCheck = mysqli_stmt_num_rows($stmt);

        if ($resultCheck > 0) {
            header("Location: ../registration.php?error=usermailtaken");
            exit(); 

        } else {

            $sql = "INSERT INTO users(username, email, password, token, joined) VALUES(?, ?, ?, ?, now())";
            $stmt = mysqli_stmt_init($connection);
            if (!mysqli_stmt_prepare($stmt, $sql)) {            
            header("Location: ../registration.php?error=sqlerror2");
            exit();

          } else {

            $hashed_password = password_hash($password, PASSWORD_DEFAULT);

            mysqli_stmt_bind_param($stmt, "ssss", $username, $email, $hashed_password, $token);
            mysqli_stmt_execute($stmt);
            header("Location: ../user_info.php");
            exit(); 

                }   
            }
        }   
    }
mysqli_stmt_close($stmt);
mysqli_close($connection);  

} else {
    header("Location: ../registration.php?error=captcha");
    exit();         
}

} else {
    header("Location: ../registration.php?error=emptyfields");
    exit();         
}

here is my user_info.php

<?php 

if (isset($_POST['profile-submit'])) {

    require("dbh.inc.php");
    require("functions.php");

    $first_name = $_POST['first_name']; 
    $last_name = $_POST['last_name'];
    $location = $_POST['location'];
    $phone = $_POST['phone_number'];

    if (empty($first_name) || empty($last_name) || empty($location) || empty($phone)) {

        header("Location: ../user_info.php?error=emptyfields");
        exit();

    } else {

        $sql = "INSERT INTO users(first_name, last_name, location, phone) VALUES(?, ?, ?, ?)";
        $stmt = mysqli_stmt_init($connection);
        if (!mysqli_stmt_prepare($stmt, $sql)) {            
        header("Location: ../user_info.php?error=sqlerror");
        exit(); 

    } else {

        mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone);
        mysqli_stmt_execute($stmt);
        header("Location: ../index.php?signup=success");
        exit();     

        }
    }
    mysqli_stmt_close($stmt);
    mysqli_close($connection);

} else {
    header("Location: ../user_info.php?error");
    exit();         
}
2
phpmysqlsqldatabaseforms
Short answer, yes. Use update instead of insert in user_info.php and use a where clause to limit which row gets updated. You need to send the username or some other value unique to the user to user_info.php so it will know which row to update with the additional information. - Dave
Please be aware that you may have exposed a secret in the code attached to this question. You should change/revoke it immediately. - robsiemb

2 Answers

0
votes

You need to use an UPDATE instead of an INSERT on user_info.php

INSERT adds new rows. https://dev.mysql.com/doc/refman/8.0/en/insert.html

INSERT inserts new rows into an existing table.

UPDATE modifies data in a row. https://dev.mysql.com/doc/refman/8.0/en/update.html

UPDATE is a DML statement that modifies rows in a table.

When you do an UPDATE you need to add a WHERE clause to update only the row you want. You usually do this with the primary key which I assume in this case is user_id.

You can use mysqli_insert_id($connection) to get the last id inserted after your INSERT query runs. I suggest then storing that in a $_SESSION variable and then accessing that on user_info.php rather than passing is via POST or GET. That way, another user can't just type in an ID in the GET or POST request and update another user's info. Here is some code to guide you.

registration.php

//start the session
session_start();
...
...
} else {

    mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone);
    mysqli_stmt_execute($stmt);
    $_SESSION['user_id'] = mysqli_insert_id($connection);
    header("Location: ../index.php?signup=success");
    exit();     

    }
}
....
....

user_info.php

....
....
  if (empty($first_name) || empty($last_name) || empty($location) || empty($phone) || !isset($_SESSION['user_id')) {

    header("Location: ../user_info.php?error=emptyfields");
    exit();

} else {

    $sql = "UPDATE users SET first_name = ?, last_name = ?, location = ?, phone =? WHERE user_id = ?";
    $stmt = mysqli_stmt_init($connection);
    if (!mysqli_stmt_prepare($stmt, $sql)) {            
    header("Location: ../user_info.php?error=sqlerror");
    exit(); 

} else {

    mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone, $_SESSION['user_id']);
    mysqli_stmt_execute($stmt);
    header("Location: ../index.php?signup=success");
    exit();     

    }
....
....
0
votes

in registration.php you need to get the last inserted Id before going to user_info.php

mysqli_stmt_bind_param($stmt, "ssss", $username, $email, $hashed_password, $token);
        mysqli_stmt_execute($stmt);
        //get last inserted id 
        $last_id = mysqli_insert_id($connection);
        header("Location: ../user_info.php?id='.$last_id.'");
        exit();

in user_info.php use update in your query with where id = $_GET['id']

if (isset($_POST['profile-submit'])) {

require("dbh.inc.php");
require("functions.php");

$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$location = $_POST['location'];
$phone = $_POST['phone_number'];

if (empty($first_name) || empty($last_name) || empty($location) || empty($phone)) {

    header("Location: ../user_info.php?error=emptyfields");
    exit();

} else {

    $sql = "UPDATE users SET first_name = ?, last_name = ?, location = ?, phone =? WHERE id = ?";
    $stmt = mysqli_stmt_init($connection);
    if (!mysqli_stmt_prepare($stmt, $sql)) {
        header("Location: ../user_info.php?error=sqlerror");
        exit();

    } else {

        mysqli_stmt_bind_param($stmt, "sssii", $first_name, $last_name, $location, $phone, $_GET['id']);
        mysqli_stmt_execute($stmt);
        header("Location: ../index.php?signup=success");
        exit();

    }
}
mysqli_stmt_close($stmt);
mysqli_close($connection);
}else {
header("Location: ../user_info.php?error");
exit();}