|
PHP - How To Add Post Variables To An Array For Use With Sql
All of my form POST data (from multiple forms) is managed through a file called formdata.php.
Formdata.php and check_input() performs trim/stripslashes/htmlspecialchars etc on the posted variables. (it also indirectly calls relevant database functions such as insert or select). What is the correct way to add all of the variables to an array so that I can so that I can pass the array(ofvariables) to a function. ie the checked variables (only a few of them): Code: [Select] $subject = check_input($_POST['subject']); $repphone = check_input($_POST['repphone']); $repfirstname = check_input($_POST['repfirstname']); $replastname = check_input($_POST['replastname']); $streetnum = check_input($_POST['streetnum']); $streetname = check_input($_POST['streetname']); $suburb = check_input($_POST['suburb']); $postcode = check_input($_POST['postcode']); there will be many subjects and many more variables so instead of listing the variables such as: Code: [Select] function post_to_table(){ // variables global $subject;, $streetnum, $streetname, $suburb, $postcode; global $repphone, $repfirstname, $replastname; if ($subject === "specifiedsubject"){ post_to_appropriate_table($streetnum, $streetname, $suburb, $postcode, $repphone, $repfirstname, $replastname); } I would rather use an array instead of passing each variable individually: Code: [Select] function post_to_appropriate_table ($streetnum, $streetname, $suburb, $postcode $repphone, $repfirstname, $replastname) { global $database; $sql = "INSERT INTO incident ("; $sql .= "streetnum, "; $sql .= "streetname, "; $sql .= "suburb, "; $sql .= "postcode, "; $sql .= "repphone, "; $sql .= "repfirstname, "; $sql .= "replastname"; $sql .= ") "; $sql .= "VALUES ("; $sql .= "'{$streetnum}', "; $sql .= "'{$streetname}', "; $sql .= "'{$suburb}', "; $sql .= "'{$postcode}', "; $sql .= "'{$repfirstname}', "; $sql .= "'{$replastname}'"; $sql .= ") "; // echo $sql; //for debugging if required; return $database->query($sql); } how can I ditch the ever growing list of variables and use an array? Thanks. Similar TutorialsI have a form that is producing the following : Array ( [formID] => 3154008308 [q1_applicationDate] => Array ( [month] => 11 [day] => 15 [year] => 2010 ) [q4_fullName4] => Array ( [first] => TOM [last] => STONE ) [q5_email] => TSTONE@YAHOO.COM [q6_address6] => Array ( [addr_line1] => 325 E LINCOLN [addr_line2] => [city] => GENESEE [state] => NY [postal] => 33256 [country] => United States ) [q38_selectProvider38] => Sprint [q39_selectPlan] => Individual [website] => [simple_spc] => 3154008308-3154008308 ) HOW do I automatically get each item above into it's own PHP variable? The page that receives this Array is the second page of a 3 or 4 page form. I need to send the above information on through the remainder of the form?? Would appreciate any help! Thanks!
$post='{"cart_items":[{"configuration":{"price":100,"recharge_number":"9999999999"},"product_id":"999","qty":1}]}';
i try this n reslut was :There are no valid items in cart: help me plz
Edited by ShivaGupta, 30 November 2014 - 01:11 AM. Hello dear friends, say i've form with 2 variables which i want to post to another file file 1 Code: [Select] <script type="text/javascript"> // <![CDATA[ $(document).ready(function(){ $('#loader').hide(); $('#inner').children().click(function(){ var a = $(this).attr("name"); $.post("rating.php?value="+a,{}, function(response){ $('#inner').fadeOut(); $('#inner').html(unescape(response)); $('#inner').fadeIn(); setTimeout("hideMesg();", 2000); }); }); }); function hideMesg(){ $('.rating_message').fadeOut(); $.post("rating.php?show=1", {}, function(response){ $('#inner').html(unescape(response)); $('#inner').fadeIn('slow'); }); } // ]]> </script> this will post the following ( the value of name ) Code: [Select] <div class="rating_dis" name="<?php echo $k?>" id="<?=$id?>"> </div> but i want it also to post the value of the (id) here is the second file which should get the name Code: [Select] if($_REQUEST['value']){ $name = $_REQUEST['value']; $query = "insert into rating (rated, channelid) values ('$name', '$idz')"; mysql_query( $query); } so the problem is how to send from file 1 to file 2 both the (name) and (id) how to double this ? Code: [Select] var a = $(this).attr("name"); $.post("rating.php?value="+a,{}, to be also Code: [Select] var a = $(this).attr("id"); $.post("rating.php?any="+a,{}, then i can get it from file 2 easily get both. thank you I have sort of an odd request. I wish make a POST to roblox.com with the Xsrf token, let me give you what code might help then ill explain more.
So, I need to parse the page http://www.roblox.co...spx?gid=1039951 to get
the token, which is between the (' ') below (this is taken from the site, as an example and the token changes each time the page refreshes/changes.
<script type="text/javascript">Roblox.XsrfToken.setToken('IVzHt8XOUJpy');</script>
After you get the token, I need to make a post with that token to http://www.roblox.co...nge-member-rank with the variables:
groupId=
newRoleSetId= ,
targetUserId= ,
X-CSRF-TOKEN: IVzHt8XOUJpy,
X-Requested-With: XMLHttpRequest
I also might need to log in?
which I think is done like so:
POST https://m.roblox.com/Login HTTP/1.1
Host: m.roblox.com
Content-Length: 29
Content-Type: application/json
{"username":"","password":""}
but I am not sure, that is just something I found during my research. I know this is possible, I have seen it done multiple times in the past, and I think I have something going... Just not sure how to put it all together...
This works: $result = mysql_query("SELECT * FROM mydatabase WHERE username = 'billybob'"); This does not: $user = "billybob" $result = mysql_query("SELECT * FROM mydatabase WHERE username = $user"); Shouldn't these be identical? If I echo $user, I get, of course, "billybob", so does anyone know why the variable isn't working in the query itself? Code: [Select] <?php if(isset($_POST['submit'])) { $drop = mysql_real_escape_string($_POST['drop_1']); $tier_two = mysql_real_escape_string($_POST['Subtype']); $Name = mysql_real_escape_string($_POST["Name"]); $Phone = mysql_real_escape_string($_POST["Phone"]); $Email = mysql_real_escape_string($_POST["Email"]); $Postcode = mysql_real_escape_string($_POST["Postcode"]); $Website = mysql_real_escape_string($_POST["Website"]); if($Name == '') { ....... ?> Could I remove this code and use the below code and still have the same effect? Code: [Select] <?php if(isset($_POST['submit'])) { foreach ($_POST as $key => $value) { $_POST[$key] = mysql_real_escape_string($value); } ?> I'm stuck at trying to figure out out to complete the 3 Step scripts to accomplish passing $variables between 2 different servers. Since there will actually be 12 Non-POST $variables involved in the SERVER #1 to SERVER #2 transfer , it doesn't appear that trying to put these all in a URL string and going the 'GET' route is practical.
I'm just using 3 short test variables in the examples. My eyeballs started rolling within I ran across something about 'CURL' that might be a necessary part of the solution?
The code I have been able to hammer out so far is below as STEP 1, STEP 2 and STEP 3.
STEP 1
<?php // submit.php // STEP 1 // On (LOCAL) SERVER #1 TO relay $variables to 'process.php' on (REMOTE) SERVER #2 // To submit $variables to directly another destination server script // NOTE: The $variable are NOT the result of Form Input !!! // For login Authenticaion ALL 3 must match db entries on SERVER #2 // NOTE: (Again) The $variables are NOT the result of Form Input !!! $userid = "adam"; $passwd = "eve"; $pscode = "peterpan"; // NOTE: (Again) The $variable are NOT the result of Form Input !!! // These $variables are needed for MySQL db INSERT on the destination URL server // For testing simplicity (actual data will be 12 $variables) $a = "apple"; $b = "banana"; $u = "1234567; // // Not sure if something called 'CURL' is needed here ??? // $submit_to_url = http://www.blahblah.com/process.php"; ?>STEP 2
<?php
// processor.php
// STEP 2
// ON SERVER #2 TO RECEIVE DATA DIRECTLY FROM SERVER #1 'submit.php'
// To receive and process the $variables into a MySQL db on SERVER #2
// NOTE: The $variables are NOT the result of Form Input !!!
// First validate $userid, $passwd & $pscode against `verify` table MySQL records
require '/SERVER_2_securelocation_for_database_connection/secret_mysqli.php';
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//
// Not sure if something called 'CURL' is needed here ???
//
// These login $variables are from submit.php on SERVER #1
$userid
$passwd
$pscode
$sql="SELECT `userid`, `passwd`, `pscode` FROM `verify`
WHERE `userid` = '$userid'" AND `passwd` = '$passwd` AND `pscode` = '$pscode';
$result = mysqli_query($con,$sql);
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
//
// Then some Authentication code if ALL 3 components match
//
// If Authentication = true then $passed = "YES" must sent
// be sent back to the 'finalstep.php' script on SERVER #1
// If Authentication (or connection) = false ... $passed = "NO"
$return_to_url = http://www.blahblah.com/finalstep.php";
// These $variables are from submit.php on SERVER #1
$a = "apple";
$b = "banana";
$u = "1234567";
$sql="INSERT INTO `data` (`a`, `b`, `u`)
VALUES ('$a', '$b', '$u')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
// If $SQL INSERT into `data` on SERVER #2 works ...
// $status = "Pending" must be sent back to the 'finalstep.php'
// script on SERVER #1 for MySQL db Table insertion
// If $SQL INSERT into `data` = false, then $status = "Error"
// NOTE: The '$u' $variable also needs send back to finalstep.php !!!
$return_to_url = http://www.blahblah.com/finalstep.php";
mysqli_close($con);
?>
STEP 3
<?php
// finalstep.php
// STEP 3
// ON SERVER #1 TO RECEIVE DATA DIRECTLY BACK FROM SERVER #2 process.php
// To receive the $passed, $status and $u $variables for final step action
// NOTE: The $variable are NOT the result of Form Input !!!
require '/SERVER_1_securelocation_for_database_connection/secret_mysqli.php';
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// These $variables are from process.php on SERVER #2
$passed
$status
$u
$sql="UPDATE `tracking`
SET `passed` = '$passed',
`status` = '$status'
WHERE `uniqueid` = '$u' ";
$result = mysqli_query($con,$sql);
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
?>
Thanks very much for any assistance and guidance.
-freakingOUT
what I am trying to accomplish is for the user to select the state they wish, hit submit. At this point another form should show asking which county based on the state they picked, then hit search. At this point, I'm having an issue having the state variable being passed to the 2nd form also having the state they selected stay selected. <?php $default = "Step 1. Pick Your State"; $select = "<option name='statebox'>$default</option>"; echo "<br/><form method='POST' action=".$_SERVER['PHP_SELF']." >"; echo "<select name='search'>"; echo "$select"; /////////////////////////////////////////////////////////////// //Connect to the database include_once 'phpforms/connect.php'; $sql = mysql_query("SELECT * FROM states"); while($row = mysql_fetch_array($sql)){ $state = $row['states']; echo "<option name='statebox'>$state</option>"; }//End While /////////////////////////////////////////////////////////////// echo "</select>"; echo "<input align='left' type='submit' name='stateboxbutton' value='Ok'> "; echo "</form>"; echo "</td>"; echo "<td>"; if(isset($_POST['stateboxbutton'])){ $statesearch = $_POST['statebox']; $selected = $_POST['statebox']; $select = "<option name='statebox'>$selected</option>"; echo "<br/><form action='../search-results.php' method='POST'>"; echo "<select name='search'>"; echo "<option name='default'>Step 2. Pick Your County</option>"; /////////////////////////////////////////////////////////////// //Connect to the database include_once 'phpforms/connect.php'; $sql = mysql_query("SELECT * FROM counties WHERE state LIKE '$statesearch'"); while($row = mysql_fetch_array($sql)){ $co = $row['counties']; echo "<option name='county'>$co</option>"; }//End While /////////////////////////////////////////////////////////////// echo "</select>"; echo "<input align='left' type='submit' name='button' value='Search'> "; echo "</form>"; }else{ }//End Else ?> Hello, I need to do the following: I have 2 forms on two different pages: Form 1: Name, Email, Phone Form 2: Name, Email, Phone, Address, etc. 1. User fills out Form 1, presses submit 2. Form 1 gets processed and I receive an email with the visitors Name, Email, Phone 3. After the Form has been processed I need to redirect the visitor to a new page (Form 2) 4. When Form 2 loads, fill in the form with the posted variables (Name, Email, Phone) from the previous process Here is my code: Form 1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> </head> <body> <form method="post" action="process_form.php"> <input type="text" name="name" /> <input type="text" name="email" /> <input type="text" name="phone" /> <input type="submit" name="submit" value="submit" /> </form> </div> </body> </html> process_form.php <?php $name = $_POST['name']; $email = $_POST['email']; $phone = $_POST['phone']; $to = 'email@provider.com'; $subject = "Contact Form"; $message = "Contact Information\r\n" ."$name\r\n" ."$email\r\n" ."$phone\r\n\"; $headers = "From: $email\r\n"; mail($to, $subject, $message, $headers); // Redirect header("Location: http://www.domain.com/form2/"); ?> Form 2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> </head> <body> <form method="post" action="process_form_2.php"> <input type="text" name="name" /> <input type="text" name="email" /> <input type="text" name="phone" /> <input type="text" name="address" /> <input type="text" name="city" /> <input type="text" name="state" /> . . . <input type="submit" name="submit" value="submit" /> </form> </div> </body> </html> The form does get processed and I do get an email with the visitor's info. But I'm not able to pass on the variables from From1 to Form2. Thank you in advance. Hi all, Thanks for reading. I'm developing my first website with user registration, login, and account settings, and I was wondering what the best way would be to prevent the site from security flaws, SQL injection, etc. I've read up on it, but, as an example, would the following be suitable? Code: [Select] $username = trim(stripslashes(mysql_real_escape_string($_POST['username']))); I guess what I'm asking is, is the above normal? Is there a simpler way to make input from the user secure? Thank you. This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=315683.0 I have a dynamic form that I am writing a script for to allow people to modify the fields of the form. I am taking all of the information that they have entered into the post array. Where I am having a problem is that it is not showing all of the fields in the post array. One of the fields is an image field and the name of the image does not show up in the array when I do print_r or anything. One other thing that I would like to know is how to get rid of the submit key and value from the array. I have tried using the unset method but it still shows up in the array. Code: [Select] <?php session_start(); include ('includes/connection.php'); connect(); $table = $_GET['table']; $id = $_GET['id']; $errors = array(); $mod_sql = "SELECT * FROM $table WHERE id = '$id'"; $mod_sql_result = mysql_query($mod_sql); $info = mysql_fetch_assoc($mod_sql_result); $mod_form = "<form name='insert_table' id='insert_table' action='" . $_SERVER['PHP_SELF'] . "?id=$id&table=$table' method='post' enctype='multipart/form-data'> <fieldset> <legend>table information</legend> <input TYPE='hidden' VALUE='" . $table . "' />"; foreach ($info as $key => $val) { $header = str_replace("_", " ", $key); if ($key == 'id') { $mod_form .= "<p>" . $header . ": <input name='" . $key . "' id='" . $key . "' type='text' value='" . $val . "' readonly='readonly' /></p>"; } else if ($key == 'image') { $mod_form .= "<p>Current image: <img style='vertical-align: text-top;' src='../db_images/ad_images/" . $val . "' /><input type='checkbox' name='delete_image' id='delete_image' value='" . $val . "' />Delete this image?</p> <p>" . $header . ": <input name='" . $key . "' id='" . $key . "' type='file' /></p>"; } else { $mod_form .= "<p>" . $header . ": <input name='" . $key . "' id='" . $key . "' type='text' value='" . $val . "' /></p>"; } } $mod_form .= " <p> <input type='submit' name='submit_mod' id='submit_mod' /> </p> </fieldset> </form> "; echo $mod_form; if (isset($_POST['submit_mod'])) { $table = $_POST['table']; $allowed_ext = array('jpg', 'jpeg', 'png', 'gif'); $file_name = $_FILES['image']['name']; $file_ext = (explode(".", $file_name)); $file_ext = strtolower(end($file_ext)); $file_size = $_FILES['image']['size']; $file_tmp = $_FILES['image']['tmp_name']; if (isset($_POST['delete_image'])) { $delete_image_name = $_POST['delete_image']; unlink('../db_images/ad_images/' . $delete_image_name); } if ($file_name != " ") { $new_image = $file_name; move_uploaded_file($file_tmp, '../db_images/ad_images/' . $file_name); } // This is the section of code that I am having trouble with foreach ($_POST as $key => $value) { if ($key == 'image') { $value = $new_image; } $insert_query = "UPDATE $table SET `$key` = '$value' WHERE id = $id"; $insert_action = mysql_query($insert_query); } echo $insert_query; } if (mysql_error()) { $error = "<strong>MySQL error</strong>:<br />" . mysql_errno() . ": " . mysql_error() . "\n<br>When executing:<br>\n$insert_query\n<br>"; $page = $_SERVER["REQUEST_URI"]; $log = "INSERT INTO db_error (`error_id`, `error_page`,`error_text`,`query`) VALUES ('','$page','" . mysql_real_escape_string($error) . "','" . mysql_real_escape_string($mod_sql) . "')"; $insert_log = mysql_query($log); echo $error; if ($insert_log) { echo "<p>Error has been added to the error log</p><p>The error id number is " . mysql_insert_id() . ""; } else { echo "Error adding to error log<br />" . mysql_errno() . ": " . mysql_error(); } } ?> I seem to be having a problem with this code. It's supposed to parse the file info.txt and explode comma separated values into an array and then add each value from that file to the end of a URL and POST that url. What I'm getting now is just the first number in the array. Anyway, here's the code: Code: [Select] <?php $FileName = "info.txt"; $FileHandle = fopen($FileName,"r"); $FileContent = fread ($FileHandle,filesize ($FileName)); fclose($FileHandle); // You can replace the \t with whichever delimiting character you are using $SplitContent = explode("\t", $FileContent); foreach($SplitContent as $CurrValue) { header('Location: http://website.com/file.php?value=' . $CurrValue); } ?> Hi all, Can anyone tell me why the declaration below won't work??? Thnx Ryflex $amount = array(0 => $_POST['$n[0]'], 1 => $_POST['$n[1]'], 2 => $_POST['$n[2]'], 3 => $_POST['$n[3]']); $space = array('3x3', '3x3_6x6', '3x3_6x6', '6x6_10x10', '10x10_20x20', '20x20_40x40', 'above_40x40'); Hi all This is probably the easiest question ever , but I am not familiar with arrays , so hope somebody can help me User post this checkbox form (array): <input type="checkbox" name="type[0][]" value="1" > <input type="checkbox" name="type[0][]" value="2" > <input type="checkbox" name="type[0][]" value="3" > I need to get all checked values and print them ... How can I do this? I tried the code below, but it only returns me one value Code: [Select] $values = array($_POST["type"]); foreach ($values as $item){ echo $item; } Any help??? Thanks!! Hello! Hi - I am uploading Post variables off a form relating to products and customer orders. If a product has a quantity attached to it then all the POST variables relating to that product need to INSERTED into the DB. If a product has just an empty string in it's quantity variable, then that product does not get INSERTED. So I thought of 2 different approaches: A) I could filter the Quantity Post variable for a positive values then create a new array only containing products with positive quantities. B) I could loop through the product Id (ProdID) POST and using a condition pull out the products with a positive quantity for Insertion. I have been experimenting with B and have failed miserably. However I have succeeded excellently in building some code which INSERTS all the products regardless of their quantities ( see below ) - not ideal as it enters products with empty quantities. I would prefer to adapt what I have rather than throw it away. Can someone kind person give this student a hand with some advice in adapting what I have got ? MANY MANY THANKS ! Code: [Select] <?php function insert_tel_order(){ $lastname = $_POST['lastname']; $orderid = strtoupper(substr($lastname,0,3)).(substr(time(),-4)); //Creates a unique order number $customerid = $_POST['customerid']; $pickupdate = $_POST['pickupdate']; $deliverylocationid = $_POST['deliverylocationid']; $orderdate = $_POST['orderdate']; foreach ($_POST['prodid'] as $arrkey => $prodid){ $quantity = $_POST['quantity'][$arrkey]; $prodid = $_POST['prodid'][$arrkey]; $price = $_POST['price'][$arrkey]; $ordervalue = $quantity * $price; $sql =" INSERT INTO `order` (id, orderid,orderdate,customerid, deliverylocationid,pickupdate,prodid,price, quantity, ordervalue, status) VALUES ('', '$orderid',$orderdate,$customerid,$deliverylocationid,$pickupdate,$prodid,$price,$quantity,$ordervalue,'')"; $this->db->query($sql); } } ?> Hi - I have an HTML form which is dynamically produced using CodeIgniter / PHP and presents products a customer has ordered. When the customer has finished changing his quantities they must now submit the form. My problem is that my form will contain many of the same named fields for example, 'Product ID', or 'Product Name' or 'quantity'. So now when it gets processed a typical post array like product id could look like this: Code: [Select] Array ( [0] => 28 [1] => 24 [2] => 101 [3] => 23 [4] => 17 ) Of course I get an error: Quote Severity: Notice Message: Array to string conversion Filename: mysql/mysql_driver.php I really need some advice on how I should pre-process the various POST arrays so I can get them into my DB. A very grateful student of PHP ! Thanks Hey guys i am currently building a very complex form for one of my clients. The for has ALOT of imputs and can also generate new one automaticly using javascript. My problem is that come of them returns empty arrays while other works. Is there a maximum or some kind that a form can submit at the time? i made a print_r on the $_POST var and this is what i got (I tooke out all the other arrays but theres a lot more then what i am posting) [...] print ('<tr> <td> <input type="text" size="9" name="styleenc[]" value=""> </td> <td> <input type="text" size="9" name="couleurenc[]" value=""> </td> <td> <input type="text" size="2" name="c_y[]" value=""> </td> <td> <input type="text" size="2" name="c_a_s[]" value=""> </td> <td> <input type="text" size="2" name="c_a_l[]" value=""> </td> <td> <input type="text" size="2" name="c_a_o_s[]" value=""> </td> <td> <input type="text" size="9" name="descenc[]" value=""> <input type="hidden" size="9" name="invisible3[]" value="3"> </td> </tr>'); [...] Code: [Select] Array ( [styleenc] => Array ( [0] => [1] => [2] => [3] => [4] => ) [couleurenc] => Array ( [0] => [1] => [2] => [3] => [4] => ) [c_y] => Array ( [0] => [1] => [2] => [3] => [4] => ) [c_a_s] => Array ( [0] => [1] => [2] => [3] => [4] => ) [c_a_l] => Array ( [0] => [1] => [2] => [3] => [4] => ) [c_a_o_s] => Array ( [0] => [1] => [2] => [3] => [4] => ) [descenc] => Array ( [0] => [1] => [2] => [3] => [4] => ) [invisible3] => Array ( [0] => 3 [1] => 3 [2] => 3 [3] => 3 [4] => 3 ) [emplacement] => sdcwedf ) They should all have values i don't get it ... the only one that has values is invisible3 that has been manualy specified with value="3" |
|||||||