PHP - How Can I Enter Form Data Into Database?
The company I work for is a not-for-profit organization, we provide medical services for people who can not afford to go to the regular doctor. We need a way to keep track of our patients and their visits and a way to search the data.
I found an html form, with name, address, phone number, zip code,,,,,, and made a few changes to fit our needs. But I do not know how to get that information into the database. I also need a way to make sure the information is not a duplicate. Since we are a not-for-profit organization, funds are kinda tight. That is why I want to go with php instead of buying medical software. Most of the medical software on the market cost more then we can afford. I'am a computer tech here at the office, but my field is hardware, networking, and malware removal. PHP programming is new to me. So where do I start? Similar TutorialsHow can I build a form with a drop down menu with the year, day, month? And then send that information to a database. If there is another/better option besides a drop down menu? If so, please tell me. The rest of the form is working fine, and all the inforamtion is going to the database - last name, first name, address, phone number, zip code, race,,,,,,,,,. I work for a not-for-profit medical office - we provide medical services to the local people who can not afford to go to a regular doctor. We need a simple way to keep track of patient information. One of the things we need to enter is the birthdate. Searching the forums provided a lot of results, but the words date and form are used so much, I can not find anything that helped me. I also looked through php.net, but can not find anything there. I have a form on our website that a user can fill out for custom product. I want the form data to be 1) stored into a mysql database AND after storing said data, 2) email the same data to our sales department. 1) The form data DOES get stored into mysql database (except for the first two fields, for some weird reason) 2) I added a "mail" section to the php file that stores the data into the database, but it is not working correctly. I have stripped the email portion down to sending just one of the fields in the "message" to make it easier for troubleshooting I have included here, both the form section of the html file, and the formdata.php file that processes the data for your analysis. I am relatively new to php so there are going to be some issues with security, but I can work on those after I get the store & email process to work correctly. Please review my code and see if anyone can be of assistance. I looked through the forums and couldn't find another issue that was the same as mine. If I just overlooked, please tell me the thread post #. Thanks THE FORM WHICH COLLECTS THE DATA ******************************* <form method=POST action=formdata.php> <table width="640" border=0 align="center"> <tr> <td align=right><b>First Name</b></td> <td><input type=text name=FName size=25></td> <td><div align="right"><b>Telephone</b></div></td> <td><input type=text name=Tel size=25></td> </tr> <tr> <td align=right><b>Last Name</b></td> <td><input type=text name=LName size=25></td> <td><div align="right"><b>Fax</b></div></td> <td><input type=text name=Fax size=25></td> </tr> <tr> <td align=right><b>Title</b></td> <td><input type=text name=Title size=25></td> <td><div align="right"><b>Email</b></div></td> <td><input type=text name=Email size=50></td> </tr> <tr> <td align=right><b>Company</b></td> <td><input type=text name=Comp size=25></td> <td> </td> <td> </td> </tr> <tr> <td align=right><b>Address</b></td> <td><input type=text name=Addr size=25></td> <td><div align="right"><b>Estimated Annual Volume</b></div></td> <td><input type=text name=EAV size=25></td> </tr> <tr> <td align=right><b>City</b></td> <td><input type=text name=City size=25></td> <td> </td> <td> </td> </tr> <tr> <td align=right><b>State/Province</b></td> <td><input type=text name=SProv size=25></td> <td><div align="right"><b>Application</b></div></td> <td><input type=text name=Appl size=25></td> </tr> <tr> <td align=right><b>Country</b></td> <td><input type=text name=Ctry size=25></td> <td><div align="right"><b>Type of System</b></div></td> <td><input type=text name=Syst size=25></td> </tr> <tr> <td align=right><b>Zip/Postal Code</b></td> <td><input type=text name=ZPC size=25></td> <td> </td> <td> </td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right> </td> <td><div align="right"><strong><font color="#FFFF00" face="Arial, Helvetica, sans-serif">COIL DESIGN</font></strong></div></td> <td><font color="#FFFF00" face="Arial, Helvetica, sans-serif"><strong>PARAMETERS</strong></font></td> <td> </td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right><b>Primary Resistance (ohms)</b></td> <td><input type=text name=Pres size=25></td> <td><div align="right"><b>Primary Inductance (mH)</b></div></td> <td><input type=text name=Pind size=25></td> </tr> <tr> <td align=right><b>Secondary Resistance (ohms)</b></td> <td><input type=text name=Sres size=25></td> <td><div align="right"><b>Secondary Inductance (H)</b></div></td> <td><input type=text name=Sind size=25></td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right><b>Peak Operating Current (Amps)</b></td> <td><input type=text name=POC size=25></td> <td> </td> <td> </td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right><b>Output Energy (mJ)</b></td> <td><input type=text name=Egy size=25></td> <td><div align="right"><b>Output Voltage (kV)</b></div></td> <td><input type=text name=Volt size=25></td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right><b># HV Towers per Coil</b></td> <td><input type=text name=TPC size=25></td> <td><div align="right"><b># of Coils per Package</b></div></td> <td><input type=text name=CPP size=25></td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <th colspan=4><b>Please enter any additional information he </b></th> </tr> <tr> <th colspan=4><textarea name=Mess cols=50 rows=10 id="Message"></textarea></th> </tr> </table> </dl> <div align="center"> <p> <input type=hidden name=BodyTag value="<body bgcolor="#484589" text="#FFFFFF" link="#FFFF00" alink="#FFFFFF" vlink="#FF7F00">"> <input type=hidden name=FA value=SendMail> </p> <p><font color="#FFFF00" face="Arial, Helvetica, sans-serif"><strong>PLEASE MAKE SURE ALL INFORMATION<br> IS CORRECT BEFORE SUBMITTING</strong></font></p> <p> <input type=submit value="Submit Form"> </p> </div> </form> THE FILE THAT PROCESSES THE FORM DATA (formdata.php) *********************************************** <?php $con = mysql_connect("localhost","XXX","XXX"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("customform", $con); $sql="INSERT INTO formdata (Fname, Lname, Title, Comp, Addr, City, SProv, Ctry, ZPC, Tel, Fax, Email, EAV, Appl, Syst, Pres, Pind, Sres, Sind, POC, Egy, Volt, TPC, CPP, Mess) VALUES ('$_POST[Fname]','$_POST[Lname]','$_POST[Title]','$_POST[Comp]','$_POST[Addr]','$_POST[City]','$_POST[SProv]','$_POST[Ctry]','$_POST[ZPC]','$_POST[Tel]','$_POST[Fax]','$_POST[Email]','$_POST[EAV]','$_POST[Appl]','$_POST[Syst]','$_POST[Pres]','$_POST[Pind]','$_POST[Sres]','$_POST[Sind]','$_POST[POC]','$_POST[Egy]','$_POST[Volt]','$_POST[TPC]','$_POST[CPP]','$_POST[Mess]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "Your Information Was Successfully Posted"; mysql_close($con); $to = "recipient email address here"; $subject = "Custom Form"; $email = $_POST['Email'] ; $message = $_POST['Comp'] ; $headers = "From: $Email"; $sent = mail($to, $subject, $message, $headers) ; if($sent) {print "Your mail was sent successfully"; } else {print "We encountered an error sending your mail"; } ?> Hi All I have a contact form whcih works great - its has a little validation on it and sends me all the information I need via email. I now want to store all data submitted via the form to be stored in a MySQL database. What is the best way to do this?? Attached is my form as it is, just being emailed to the relevent accounts. Look forward to your replies. Adi helo does anyone know how to display data from db in checkbox form? i have been searching for days and still cannot find answer that i can understand. i hope someone can help me. i really am lost. any help is much appreciated I almost have it but I am missing something. The form is being sent and the row is being created but there is not data. It is blank. I know it is something simple I am missing but I cannot figure it out
If anyone can look at my code below and tell me what I am missing to make the inputed info be seen, I would sure appreciate it.
<?php include_once('class/class_email.php'); // contact to database $connect = mysql_connect("localhost", "admin", "password") or die ("Error , check your server connection."); mysql_select_db("database"); $fname = $_POST['fname']; $lname = $_POST['lname']; $email = $_POST['email']; $company = $_POST['company']; $telephone = $_POST['telephone']; $comments = $_POST['comments']; $EID = $_POST['eid']; extract ($_POST); // Pick up the form data and assign it to variables // $id = intval($id); $fname = strip_tags($fname); $lname = strip_tags($lname); $email = strip_tags($email); $company = strip_tags($company); $telephone = intval($telephone); $query="INSERT INTO users(`id`, `fname`, `lname`, `email`,`company`,`telephone`) VALUES('$id','$fname','$lname','$email','$company','$telephone')"; echo $query; mysql_query($query) or die(mysql_error()); echo mysql_error(); $SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `id`='$EID' LIMIT 1;"; $result = mysqli_query($connect,$SQL_GetEquipment); $row = mysqli_fetch_assoc($result); $EmailBody = "$fname $lname has requested a quote from NAPE on Item $EID\n Information on quote request: \n Name: $fname $lname \n Email: $email \n Company: $company \n Number: $telephone \n Comments: $comments \n \n Information Requested for: {$row['itemname']}\n The URL to {$row['itemname']} is: http://www.mydomain.com.com/new-product.php?Item=$EID \n Click to send a quote now:\n http://www.mydomain.com.com/Admin/send-quote.php?id=$EID "; $e = new email(); //First value is the URL of your server, the second the port number $e->set_server( 'mail.mydomain.com.com', 26); //First value is your username, then your password $e->set_auth('noreply@mydomain.com', '112233'); //Set the "From" setting for your e-mail. The Name will be base64 encoded $e->set_sender( 'Quote Requested', 'noreply@mydomain.com' ); //for one recipient //$send_to = array('myemail@mydomain.com','myemail2@mydomain.com'); $send_to = ('myemail@gmail.com'); //you may also specify multiple recipients by creating an array like this: //$send_to = array('foo1@localhost.local', 'foo2@localhost.local', 'foo3@localhost.local'); $subject = 'Quote Request from NAPE'; $body = "$EmailBody"; if( $e->mail($send_to, $subject, $body, $headers) == true ) { //message was received by the smtp server //['last'] tends to contain the queue id so I like to save that string in the database echo 'last: '.htmlspecialchars($e->srv_ret['last']).''; }else{ //something went wrong echo 'all: '.nl2br(htmlspecialchars($e->srv_ret['all'])).''; echo 'full:'.nl2br(htmlspecialchars($e->srv_ret['full'])).''; } ?> Not sure how to even search for what I'm looking for, which is to say I'm really in need of guidance. I have a pre-populated database that I set up with about 260 names in it. It also has information like, height (basketball players) and high school. It's a list of kids I mean to invite to play in a league. From there, they will actually come to the league's site and register. I'd like for my form to check to see if they are already in the database, and if they are just add personal information, like email and phone number. If they are not, I'd like for the form to enter all of the information (name, school, etc). I have a simple database table that has the names of countries listed with just 2 fields ID & country.
I want to use this in a form to choose the country and provide statistics regarding that country.
I know how to get the data from MySQL, but I don't know how I can use this in the form as a selection?
How do I get the options to iterate all of the countries so that when the form is displayed a combo type box is displayed with a dropdown list?
I have not shown any code as I am not sure if this is possible.
Please can anyone advise if this is possible and if so some example code?
Hi everyone, First off thank you very kindly to anyone who can provide some enlightenment to this total php/mysql newb. I am creating my first database and while I have been able to connect to the database within my php script (or so I believe), the form data does not appear to be actually getting sent. I have development experience in other languages but this is completely new to me so if I've missed something that appears painfully obvious like a parse error of some sort, I do apologize. I am creating a website using Godaddy as the hosting account, and attempting to connect to the mysql database at the following URL (maybe this is where I'm going wrong): "pnmailinglist.db.4662743.hostedresource.com" Below is my very simple code: <?php //Verify successful connection to database. $connect = mysql_connect("pnmailinglist.db.4662743.hostedresource.com", "*********", "*********"); if(!$connect) {die("Could not connect!"); } //Initialize variables with form data. $firstname = $_POST['FirstName']; $lastname = $_POST['LastName']; $email = $_POST['Email']; $howfound = $_POST['HowFound']; //Post data to database, or return error. mysql_select_db("pnmailinglist", $connect); mysql_query("INSERT INTO mailinglist (First, Last, Email, How_Found) VALUES ($firstname,$lastname,$email,$howfound)"); mysql_close($connect); echo "Thank you for joining our mailing list! We will contact you soon with the dates and times of our upcoming events."; ?> Thank you again very much for any pointers or hints as to where I'm screwing up. I get no runtime errors, no syntax errors, and the echo message does display fine at the end -- just no data when I go to check my database! Best Regards, CL Lets say I have this database: table brand [brandID] [brandName] where brandID -> auto increment and one brand always has the same brandID table product [brandID] [productID] [price] where productID -> auto increment I want to insert new product into the database using only values [brandName] and [price] and want brandID and productID to be created automatically I use this form: <form id="insertingDataToBrand" action="administratorCode.php" method="post"> <div>Brand Name: <input type="text" name="brandName"/></div> <div>Price: <input type="text" name="price"/></div> </form> And here is the php code: <?php //connection to database include 'connectToDatabase.php'; //data retrieveing $brand = $_POST['brandName']; $price = $_POST['price']; //As I am inserting to two different tables I use two INSERT statements $sql = "INSERT INTO brand (brandName) values ('$brand')"; mysql_query($sql) or die (mysql_error()); //as brandID is created automatically I am going to insert the same value to another table $last_id = mysql_insert_id (); $sql = "INSERT INTO product (price, brandID) values ('$price', '$last_id')"; ?> This should work just fine (it doesnt tho) BUT my question is: I have 3 different brands (brand A with brandID 1, brand B with brandID 2, brand C with brandID 3). When want to insert brand D, automatically created brandID should be automatically set to 4. BUT when I want to insert product of the same brand, lets say brand A (with different productID) brandID is automatically set to 4(or higher) as well. What do I have to do(use) so it would be able to realise what brandID should be added? Thanks a lot. I am having difficulty inserting the following codes values into my database. I know that the variables contain a value as I am displaying them on the output screen. Code: [Select] $link = mysql_connect($db_host,$db_user,$db_pass) or die('Unable to establish a DB connection'); mysql_select_db($db_database,$link); mysql_query("SET names UTF8"); $usr = $userid; $golfer = $_REQUEST['golfer']; $tourney = $_REQUEST['tournament']; $backup = $_REQUEST['backup']; date_default_timezone_set('US/Eastern'); $time = date("Y-m-d H:i:s"); $t_id=1; mysql_query("INSERT INTO weekly_picks (t_id, tournament, user, player, backup, timestamp) VALUES ('$t_id', '$tournament', '$usr', '$golfer', '$backup', '$time') or die('Error, insert query failed')"); echo $t_id; echo "<br />"; echo $tourney; echo "<br />"; echo $usr; echo "<br />"; echo $golfer; echo "<br />"; echo $backup; echo "<br />"; echo $time; echo "<br />"; echo $userdetail['email']; echo "<br />"; $to = $userdetail['email']; $subject = "Weekly Tournament Pick for: $tourney"; $message = "This email is to confirm your pick for $tourney has been received. Your pick is: $golfer. Your backup pick is: $backup The time it was submitted was $time Do not reply to this email, the mailbox does not exist. Contact me with any issues at xxxxxxx@xxxxxxx.com"; $from = "noreply@chubstersgcc.com"; $headers = "From:" . $from; mail($to,$subject,$message,$headers); ?> <div> <p>This is to confirm that your pick has been submitted for the following tournament: <?php echo $tourney; ?>. A confirmation of your pick as also been emailed to you.</p> <p>Your golfer: <?php echo $golfer; ?></p> <p>Your backup: <?php echo $backup; ?></p> <p>Your pick was submitted at: <?php echo $time; ?></p> </div> I have deleted mysql info for safety reasons. Here are the two webpage's codes i'm using right now menu.php <? session_start(); if(!session_is_registered(myusername)){ header("location:login.php"); } ?> <html><title>ChronoServe - Saving Time</title> <link href="style.css" rel="stylesheet" type="text/css"> <body> <table width="100%" border="0" cellpadding="0" cellspacing="0" class="container"> <tr> <td> <table width="335px" height="50%" border="1" align="center" cellpadding="0" cellspacing="0" class="centered"> <tr> <td> <form method="post" action="insertvalues.php"> <table width="100%" border="0" align="center" cellpadding="3" cellspacing="10"> <tr> <td colspan="2"><div align="center" class="font2">Activation Information</div></td> </tr> <tr> <td colspan="2"></td> </tr> <tr> <td width="40%" class="font3">First Name :</td> <td width="60%"> <div align="center"> <input name="firstname" type="text" class="font3" id="firstname" maxlength="25" /> </div></td> </tr> <tr> <td class="font3">Last Name :</td> <td> <div align="center"> <input name="lastname" type="text" class="font3" id="lastname" maxlength="25" /> </div></td> </tr> <tr> <td height="28" class="font3">Phone Number :</td> <td> <div align="center"> <input name="pnumber" type="text" class="font3" id="pnumber" maxlength="10" /> </div></td> </tr> <tr> <td class="font3">Personnel Activated :</td> <td> <div align="center"> <input name="numberactivated" type="text" class="font3" id="numberactivated" maxlength="3" /> </div></td> </tr> <tr> <td height="37" colspan="2"></td> </tr> <tr> <td colspan="2"><div align="center"> <input name="submit" type="Submit" class="font3" value="Submit" /> </div> </td> </tr> </table> </form></td> </tr> </table> </td> </tr> </table> </body> </html> insertvalues.php <?php if(isset($_POST['Submit'])) { $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $pnumber = $_POST['pnumber']; $numberactivated = $_POST['numberactivated']; mysql_connect ("deleted", "deleted", "deleted") or die ('Error: ' . mysql_error()); mysql_select_db ("deleted"); $query = "INSERT INTO disney_database (id, firstname, lastname, pnumber, numberactivated, date) VALUES ('NULL', '".$firstname."', '".$lastname."', '".$pnumber."', '".$numberactivated."', 'NULL')"; mysql_query($query) or die('Error updating database'); header("location:menu.php"); echo "Database Updated With: ".$firstname."" - "".$lastname."" - "".$pnumber."" - "".$numberactivated.""; } else { echo "Database Error" { ?> Here is my problem. I set a one <form> on every form field I have including the submit button. Now whenever I press the submit button it redirects to insertvalues.php which it should be doing. In insertvalues i told it to query the form data and post it into my database's table. Its not doing that and tells me that it has a database error which i set it to tell me if something goes wrong. Anyone can help me? BTW I can manually query in the information using sql with phpmyadmin. so can someone please review my code for me? thanks big help! You can see what is happening. Visit www.chronoserve.com The username and password are "admin" how i want to display data from database to look like this : <table width="633" height="224" border="1"> <tr bgcolor="#999900"> <td width="45">Bil</td> <td width="121">Course_name</td> <td width="83">session</td> <td width="83">start_date</td> <td width="83">end_date</td> <td width="83">notes</td> <td width="89">pre-req</td> </tr> <tr bgcolor="#6A7AEA"> <td rowspan="2">1.</td> <td rowspan="2" bgcolor="#6A7AEA">Math</td> <td>1st session </td> <td>1 jan 11 </td> <td>6 jan 11 </td> <td rowspan="2"> </td> <td rowspan="2"><image icon that will link to the oter site> </td> </tr> <tr> <td bgcolor="#6A7AEA">2nd session </td> <td bgcolor="#6A7AEA">8 jan 11 </td> <td bgcolor="#6A7AEA">15 jan 11 </td> </tr> <tr> <td bgcolor="#0066CC">2.</td> <td bgcolor="#0066CC">English</td> <td bgcolor="#0066CC">1st session </td> <td bgcolor="#0066CC">1 feb 11 </td> <td bgcolor="#0066CC">6 feb 11 </td> <td bgcolor="#0066CC"> </td> <td bgcolor="#0066CC"><image icon that will link to the oter site></td> </tr> <tr> <td rowspan="2" bgcolor="#6A7AEA">3.</td> <td rowspan="2" bgcolor="#6A7AEA">Science</td> <td height="29" bgcolor="#6A7AEA">1st session </td> <td bgcolor="#6A7AEA">8 march 11 </td> <td bgcolor="#6A7AEA">15 march 11 </td> <td rowspan="2" bgcolor="#6A7AEA"> </td> <td rowspan="2" bgcolor="#6A7AEA"><image icon that will link to the oter site></td> </tr> <tr> <td bgcolor="#6A7AEA">2nd session</td> <td bgcolor="#6A7AEA">16 march 11 </td> <td bgcolor="#6A7AEA">21 march 11 </td> </tr> </table> ** all the view data is called from database including the icon image thanks... Hi I making some forms that write to mysql database, Im now in the process of making the update form so the user can update there details on the form, I want it to populate the form with existing data but its not doing it at all. Thanks in advance
Attached Files
delete.php 210bytes
2 downloads
modify.php 4.03KB
4 downloads
index.php 473bytes
3 downloads Sorry for the caps, but this is relatively time sensitive. I am trying to make a register form, but when I click the submit button, nothing happens. It doesn't add to the table, it doesn't bring me home, doesn't even display the errors if the PWD's don't match or the fields are blank. Here's my code, thanks guys ! PS: The DB name is phptest, and the table is called users. Code: [Select] <?php error_reporting(0); require_once('connector.php'); $errors = array(); if ($_POST["submit"]) { if (empty($_POST['username'])) { array_push($errors, 'You did not submit a username.');} if (empty($_POST['email'])) { array_push($errors, 'You did not submit a email.');} if (empty($_POST['password1'])) { array_push($errors, 'You did not submit a password.');} $old_usn = mysql_query("SELECT id FROM users WHERE name = '".$_POST['username']."' LIMIT 1") or die (mysql_error()); if (mysql_num_rows($old_usn) > 0) { array_push($errors, 'This username is already registered.');} $old_email = mysql_query("SELECT id FROM users WHERE email = '".$_POST['email']."' LIMIT 1") or die (mysql_error()); if (mysql_num_rows($old_email) > 0) { array_push($errors, 'This email is already registered.');} if ($_POST['password1'] != $_POST['password2']) { array_push($errors,'You entered two different passwords');} if(sizeof($errors) == 0) { $username = $_POST['username']; $email = $_POST['email']; $password = sha1 ($_POST['password1']); mysql_query("INSERT INTO users (name, hashed_psw, email, joined) VALUES ('{$username}', '{$password1}', '{$email}', NOW());") or die (mysql_error()); header ('Location: index.php?msg=1'); } } ?> <html> <head> <title>register</title> </head> <body> <?php foreach($errors as $e) { echo $e; echo "<br/>\n"; } ?> <form action="register.php" method="post"> <h4> Username: <br /> <input name="username" type="text" value="" size="10" maxlength="16" /> <br /> <br /> Email: <br /> <input name="email" type="text" value="" size="10" maxlength="100" /> <br /> <br /> Password: <br /> <input name="password1" type="password" value="" size="10" maxlength="16" /> <br /> <br /> Confirm Password: <br /> <input name="password2" type="password" value="" size="10" maxlength="16" /> <br /> <br /> <input name="submit" type="button" value="Register" /> </h4> </form> </body> </html> And heres the connector.php script: Code: [Select] <?php mysql_connect("localhost", "***", "***") or die (mysql_error()); mysql_select_db("phptest") or die (mysql_error()); ?>(yes, the asterisks have the name and pw, just put them just in caseys! less than 6 characters. I think it's the way my code is ordered. I've tried switching the commands around, no luck. Help please. Code: [Select] <?php //begin register script $submit = $_POST['submit']; //form data $username= strip_tags ($_POST['username']); $email= strip_tags($_POST['email']); $pwd= strip_tags($_POST['pwd']); $confirmpwd= strip_tags($_POST['confirmpwd']); $date = date("Y-m-d"); if ($submit) { //check for required form data if($username&&$pwd&&$confirmpwd&&$email) { //check length of username if (strlen($username)>25||strlen($username)<6) { echo "<p class='warning'>username must be bewteen 6 and 25 characters</p>"; } else { //check password length if (strlen($pwd)>25||strlen($pwd)<6) { echo "<p class='warning'>password must be between 6 and 25 characters</p>"; } else { //register the user echo "<p class='success'>Thanks for signing up!</p>"; } } //check if passwords match if ($pwd==$confirmpwd) { } else { echo "<p class='warning'>your passwords do not match</p>"; } //encrypt password $pwd = md5($pwd); $confirmpwd = md5($confirmpwd); //open database $connect = mysql_connect("xxxxxxxx", "xxxxxxxx", "xxxxxxxx"); mysql_select_db("digital"); //select database //register the user $queryreg = mysql_query(" INSERT INTO users VALUES ('','$username', '$email', '$pwd') "); die("<p class='success'>Thank you for signing up you have been registered"); } else { echo "<p class='warning'>please fill in all fields</p>"; } } ?> Hello Im quite confused at what filtering I should use on my data when pulling it from a MySQL database. I don't sanitize my data on input because I am using prepared statements with PHP's PDO Driver which means I don't need to use mysql_real_escape_string() at all. When I pull the data to be displayed i.e. in a HTML Table I use the below function to make it safe for HTML output. public static function htmlSafe($data) { return nl2br(htmlentities($data, ENT_QUOTES)); } However the rules change when Im using a HTML Form to edit the data, and I am unsure what I need to strip out. I.e. What would I need to do to make all data safe to insert into the following form input. <input id = "someInput" type = "text" value = "<?php echo $someVarThatNeedsFiltering ?>" /> Also, one more question, in my html attributes (Valid ones like class, name, id, style, _target) I use a mixture of double quotes(") and single quotes ('), for quoting my values. Which one should I use or which one is more valid, doubles, or singles? So i have an event page where it will show the next 3 events, then i need logged in users to click either of two buttons to say there attending or not attending. i have the below code showing events, and the <form> and the submit and both buttons, but if i submit 1 button on event ID: 1 it inserts data into the database but for event ID: 2, and if i click the button on event ID :2 it also puts it into database with eventid:2 so no matter which event i click it seems to submit data with the latest event ID shown on page, and not for "each" event seperatly. i have moved the submit query everywhere around and still same results or duplicate results if its in the loop. i assume its looping the submit and only submitting the latests event ID.
<?php if ($result = $con->query("SELECT * FROM events ORDER BY id ASC LIMIT 3")) { if ($result->num_rows > 0) { while ($row = $result->fetch_object()) { $event_id = $row->id; // set up table and echo data! echo "<table border='1' cellpadding='2' width='50%'>"; echo "<tr><td>"; echo "<p><img src='images/raid_banners/" . $row->bannerimg . "'>" . $row->name . " (iLvl: " . $row->itemlevel . ")</p>"; echo "<p>Event Starts: " . $row->datestart . " - " . $row->timestart . "</p>"; echo "<p>Event Ends: " . $row->dateend . " - " . $row->timeend . "</p>"; echo "<p>Raid Lead: " . $row->raidlead . "</p>"; echo "<form action='' name='$event_id' method='post'>"; // Process and populate SELECT form element echo "<select name=\"charname\">"; $sql = mysqli_query($con, "SELECT * FROM characters WHERE userid = $userid"); while ($row = $sql->fetch_assoc()){ echo "<option value=\"{$row['id']}\">{$row['charname']}</option>"; } echo "</select>"; echo "<input type='hidden' name='raidid' value ='$event_id'>"; echo "<input type='hidden' name='action' value='submit' />"; echo "<input type=\"submit\" name=\"submit\" value=\"going\">"; echo "<input type=\"submit\" name=\"submit\" value=\"notgoing\">"; echo "</form></td></tr></table><br><br>"; } if(isset($_POST['action'])){ $charid = $_POST['charname']; $submit = $_POST['submit']; // Submit the data from dropdown in the form mysqli_query($con,"INSERT INTO eventsignup (eventid, charid, userid, status) VALUES ('$event_id', '$charid', '$userid', '$submit')"); } } else { echo "No results to display!"; } } else { echo "Error: " . $con->error; } $con->close(); ?> any help would be awesome. im tearing my hair out here. Hi. Can someone show me the proper way to do a feedback form (like a "Contact US" form). I have read about SQL injections and would like to know I am protecting against it. And the proper way to store the submitted data in a database for a client's records. I have a basic form I use, but I am unable to store the data properly. Any help or a code idea would be appreciated. Thanks much. |