|
PHP - Html Won't Insert And Not Giving An Error
Hi,
I have a text area field on one of my forms in order for people to post articles, however, it doesn't work when I try and post HTML through it. It works if I post normal text. Also, PHP won't give me an error, it just doesn't insert it?
<?php
if ($_POST['add']) {
$title = addslashes($_POST['title']);
$image = htmlspecialchars($_POST['image']);
$source = mysql_real_escape_string($_POST['source']);
$active = $_POST['active'];
$feature = $_POST['feature'];
$cat_id = $_POST['cat_id'];
$content = htmlspecialchars($_POST['content']);
$months = array(
"",
"January",
"February",
"March",
"April",
"May",
"June",
"July",
"August",
"September",
"October",
"November",
"December"
);
$date = date('d', time()) . ' ' . $months[date('n', time())] . ' ' . date('Y', time());
if ($title == NULL || $image == NULL || $content == NULL) {
echo '<br /><br /><center>Please, fill all inputs</center><br /><br />';
} else {
$add = "INSERT INTO `news` cat_id='$cat_id', title='$title', image='$image', content='$content', date='$date', author='".$user['admin']."', authorid='".$user['id']."', source='$source', active='$active', twitter='".$user['twitter']."', featured='$feature'" or die(mysql_error());
$sql = mysql_query($add);
$addgrowl = "INSERT INTO `growl` (toid, message) VALUES ('$id', 'Your article is now online!')";
$sql = mysql_query($addgrowl);
echo '<script type="text/javascript">
window.location = "articles.php"
</script>
';
}
}
?>
Help :-(
Similar TutorialsMy code looks as follows: include('connectvars.php'); /* REGISTER FORM */ // check if submit button has been clicked if (isset($_POST['submit_signup'])) { // process and assign variables after post submit button has been clicked $user_email = strip_tags(trim($_POST['email'])); $firstname = strip_tags(trim($_POST['firstname'])); $lastname = strip_tags(trim($_POST['lastname'])); $nickname = strip_tags(trim($_POST['nickname'])); $password = $_POST['password']; $repassword = $_POST['repassword']; $dob = $_POST['dob']; $find_us_question = strip_tags(trim($_POST['find_us_question'])); // connect to database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $check_query = "SELECT * FROM users WHERE nickname = '$nickname'"; $check_connect = mysqli_query($dbc, $check_query); $check_count = mysqli_num_rows($check_connect); echo $check_count; die(); It's a register (sign up) page, and it's the beginning of the script, the rest of the script is just checking if all fields are a empty and if the input is in the allowed character length etc. I could it off at die(); because the rest doesn't matter. I want the script to check if the username already exists in the database, so I want mysqli_num_rows to tell me how many rows are already there with the same username, and then I want to continue doing an if statement saying if ($check_count != 0) { echo "Username already exists!" } But the mysqli_num_rows doesn't even print out how many rows there are availible, it gives me an error saying: Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in... The num_rows function worked in the login script the same way, but for some reason it's not working in the register script. Any ideas, what I'm doing wrong? For testing purposes I just want it to print me "1" when I'm entering a username that's already in the database. All, I'm getting the following error when I work with a class: Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in /webspace/httpdocs/offers/form_key.php on line 5 The complete code for this is class is: <?php class Form_Key { protected $oldKey; public function __construct() { // Ensure we have an available session if ( NULL == session_id() ) { session_start(); } // Grab our former key for validation if ( isset( $_SESSION['form_key'] ) ) { $this->oldKey = $_SESSION['form_key']; } // Assign the new key $_SESSION['form_key'] = md5( uniqid( mt_rand(), TRUE ) ); } public function isValid() { return 'POST' == $_SERVER['REQUEST_METHOD'] && isset( $_POST['form_key'] ) && '' != trim( $_POST['form_key'] ) && '' != trim( $this->oldKey ) && $_POST['form_key'] === $this->oldKey; } public function getKey() { return $_SESSION['form_key']; } public function getOldKey() { return $this->oldKey; } public function render() { return '<input type="hidden" name="form_key" value="' . $_SESSION['form_key'] . '" />'; } public function __toString() { return $this->render(); } } ?> The line that is giving the issue is this line: protected $oldKey; Is it ok just to remove this line?? If I comment it out it gives me the same message but for line 7, which is this one: public function __construct() Anyone have any ideas? Thanks in advance. hey guys. Right now upon form submission, I do an error check that puts all the errors into an array, then will display them at the top of the form. What I want to do though is break up the array, and be able to give each error msg in its indivdual table row in the html. Right now, my coding is if($lname == '') { $errmsg_arr[] = 'You must enter your last name'; $errflag = true; } if($email == '') { $errmsg_arr[] = 'You must enter your email address'; $errflag = true; } if($city == '') { $errmsg_arr[] = 'You must enter your city'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: signup_artist.php"); exit(); } thats in form2.php form 1.php has the following snipet of code <?php if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) { echo '<ul class="err">'; foreach($_SESSION['ERRMSG_ARR'] as $msg) { echo '<li>',$msg,'</li>'; } echo '</ul>'; unset($_SESSION['ERRMSG_ARR']); } ?> so basically would I would like to be able to do is identify each error as for instane $fname_error $lname_error etc and then load them into my html appropriately, as opposed to just an array listing them got this function in php.net i guess function mywordwrap($string) { $length = strlen($string); for ($i=0; $i<=$length; $i=$i+1) { $char = substr($string, $i, 1); if ($char == "<") $skip=1; elseif ($char == ">") $skip=0; elseif ($char == " ") $wrap=0; if ($skip==0) $wrap=$wrap+1; $returnvar = $returnvar . $char; if ($wrap>8) // alter this number to set the maximum word length { $returnvar = $returnvar . "<wbr>"; $wrap=0; } } return $returnvar; } after using this when i try to validate my page in http://validator.w3.org i get this error Line 124, Column 38: end tag for "wbr" omitted, but OMITTAG NO was specified <td width="15%">sdfasdfsdfadfddfdfsafasd<wbr>a</td> ✉ You may have neglected to close an element, or perhaps you meant to "self-close" an element, that is, ending it with "/>" instead of ">". what is the fix for this? (php is a weakness)
Here is the HTML portion for the form:
<form action="send_form_email.php" id="contacts-form" method="post"> I have a form that users input user name, password, and email... all writes to csv fine. My problem is I need to concatenate a a string with a variable and some html code will preserving the html when written to the csv.. I need the csv to be this username,password,email,user,category,text with http://sub.domain..com/splash/,something,something here's what i have Code: [Select] <?php if($_POST['formSubmit'] == "Submit") $varUserName = $_POST['username']; $varPW = $_POST['PW']; $varEmail = $_POST['email']; { $fs = fopen("testcsv.csv","a"); fputcsv($fs, array($varUserName,$varPW,$varEmail,"user","title",",category","some text '<a href="http://$varUserName.url.com/splash/>site.com</a>',)); fclose($fs); exit; } ?> and of course I'm getting Parse error: syntax error, unexpected T_STRING, expecting ')' on line 9 Can anyone see something wrong with this? It's driving me crazy and throwing up an error Quote You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''user_name', 'user_email', 'user_credit', 'fname', 'lname', 'hous' at line 3 Code: [Select] $sql_insert = ("INSERT INTO users ( 'user_name', 'user_email', 'user_credit', 'fname', 'lname', 'house_num', 'addr', 'addr2', 'county', 'postcode', 'pwd', 'dobDay', 'dobMonth', 'dobYear', 'tel', 'date', 'users_ip', 'avatar' ) VALUES ( '".$user_name."', '".$usr_email."', '0.00', '".$fname."', '".$lname."', '".$house_num."', '".$addr."', '".$addr2."', '".$county."', '".$postcode."', '".$sha1pass."', '".$dobDay."', '".$dobMonth."', '".$dobYear."', '".$tel."', '".$date."', '".$user_ip."', '/images/default/avatar.png' )"); echo $sql_insert; mysql_query($sql_insert,$link) or die(mysql_error()); I can't see what i wrong with it, i removed all the blank entries (ones with the value 'null',) but it didn't make any difference i am currently in the process of creating a registration page for my website, i have managed to make it work and it adds the user to my main table user_info, however i also have other tables that i want the system to insert the user into when they join, such as a log for their ip address, the problem is i thought it would be a simple cas of selecting the user info and then inserting the fields into the ip_address table, but i keep getting the error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'terminated')' at line 1" Anyway here is the code that i just added that created the error Code: [Select] $sql_id = ("SELECT * FROM user_info WHERE username = '$username'"); $result = mysql_query($sql_id); $sql_result = mysql_fetch_array($result); $sql = mysql_query("INSERT INTO ip_log (id, ip_log) VALUES ('$id', '$ipaddress'") or die (mysql_error()); And the code below is the code for the whole registration page. Thanks Code: [Select] <?php if (isset ($_POST['firstname'])){ $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers $email = $_POST['email']; $password = $_POST['password']; $cpassword = $_POST['cpassword']; $paypal_email = $_POST['paypal_email']; $country = $_POST['country']; $kingdom_name = $_POST['kingdom_name']; $kingdom_motto = $_POST['kingdom_motto']; $referal = $_POST['referal']; $email = stripslashes($email); $password = stripslashes($password); $cpassword = stripslashes($cpassword); $email = strip_tags($email); $password = strip_tags($password); $cpassword = strip_tags($cpassword); // Connect to database include_once "connect_to_mysql.php"; $emailCHecker = mysql_real_escape_string($email); $emailCHecker = str_replace("`", "", $emailCHecker); // Database duplicate username check setup for use below in the error handling if else conditionals $sql_uname_check = mysql_query("SELECT username FROM user_info WHERE username='$username'"); $uname_check = mysql_num_rows($sql_uname_check); // Database duplicate e-mail check setup for use below in the error handling if else conditionals $sql_email_check = mysql_query("SELECT email FROM user_info WHERE email='$emailCHecker'"); $email_check = mysql_num_rows($sql_email_check); // Error handling for missing data if ((!$firstname) || (!$lastname) || (!$username) || (!$email) || (!$password) || (!$cpassword) || (!$paypal_email) || (!$kingdom_name) || (!$kingdom_motto)) { $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />'; if(!$firstname){ $errorMsg .= ' * Firstname<br />'; } if(!$lastname){ $errorMsg .= ' * Lastname<br />'; } if(!$username){ $errorMsg .= ' * Username<br />'; } if(!$email){ $errorMsg .= ' * Email<br />'; } if(!$password){ $errorMsg .= ' * Password<br />'; } if(!$cpassword){ $errorMsg .= ' * Password Check<br />'; } if(!$paypal_email){ $errorMsg .= ' * Paypal Email<br />'; } if(!$kingdom_name){ $errorMsg .= ' * Kingdom Name<br />'; } if(!$kingdom_motto){ $errorMsg .= ' * Kingdom Motto<br />'; } } else if ($password != $cpassword) { $errorMsg = 'ERROR: Your Password fields below do not match<br />'; } else if (strlen($username) < 4) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />"; } else if (strlen($username) > 20) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />"; } else if ($uname_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />"; } else if ($email_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />"; } else { // Error handling is ended, process the data and add member to database //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $email = mysql_real_escape_string($email); $password = mysql_real_escape_string($password); // Add MD5 Hash to the password variable $db_password = md5($password); // GET USER IP ADDRESS $ipaddress = getenv('REMOTE_ADDR'); // Add user info into the database table for the main site table $sql = mysql_query("INSERT INTO user_info (firstname, lastname, username, email, password, country, sign_up_date) VALUES('$firstname','$lastname','$username','$email','$password', '$country', now())") or die (mysql_error()); $id = mysql_insert_id(); // Create directory(folder) to hold each user's files(pics, MP3s, etc.) mkdir("members/$id", 0755); //////////////////////////////////////////////////////////////////////// ///////////////BUILDING THE USER PROFILES/////////////////////////////// $sql_id = ("SELECT * FROM user_info WHERE username = '$username'"); $result = mysql_query($sql_id); $sql_result = mysql_fetch_array($result); $sql = mysql_query("INSERT INTO ip_log (id, ip_log) VALUES ('$id', '$ipaddress'") or die (mysql_error()); include_once 'registration_success.php'; exit(); } // Close else after duplication checks } else { // if the form is not posted with variables, place default empty variables so no warnings or errors show $errorMsg = ""; $firstname = ""; $lastname = ""; $username = ""; $email = ""; $password= ""; $cpassword = ""; $paypal_email = ""; $kingdom_name = ""; $kingdom_motto = ""; $referal = ""; } ?> Hi. I think you all know me by now so I'll cut to the chase. Code: [Select] <?php $host="edited"; $username="edited"; $password="edited"; $db_name="edited"; $tbl_name="topic"; // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $name=$_POST['name']; $detail=$_POST['details']; $sql="INSERT INTO $tbl_name(topic, detail, datetime)VALUES('$name', '$detail', NOW())"; $result=mysql_query($sql); if($result){ header("location:site.html");} else{ echo("I have failed you master.");} ?> Displayed error: "I have failed you master." Anyone know a possible cause? Thanks. Bye. Hey guys, this is my first post here(not going to be the last one, Im sure), im trying to insert in mysql from session array, i don't know where is my error, I leave the code below, if someone can help me please .
<?php
<!DOCTYPE html>
I am having an error with this code You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''name','email','password','profile') SET ('Sasural','kill@1234.com','kill','ANDK' at line 1 I am stuck with this for last 5hrs Having a problem with that "insert ignore into". If it is a new record, it works, when it is a excisting record that needs to be updated, it is giving me this error: Cannot execute query: INSERT IGNORE INTO (gedcom,kennel) VALUES ("World","Avongara") What or where is it going wrong? This message is for me not enough to find the problem. $kennels = array(); if( !in_array( $kennel, $kennels ) ) array_push( $kennels, $kennel ); foreach( $kennels as $kennel ) { $query = "INSERT IGNORE INTO $kennels_table (gedcom,kennel) VALUES (\"$tree\",\"$kennel\")"; $result = @mysql_query( $query ) or die ("$admtext[cannotexecutequery]: $query"); } Thanks for helping Hi, I am working on a script that will add 3 sets of information to a MySQL table. I had a script that had the fields of username password and password2. It worked just fine when password2 was used for verification to make sure you typed it right. But now I want to take password and turn it into a new data field that is submitted into the new row with the other information. The problem is it wont add the row. The script says it worked just fine but i check the db and no new row. here it is: <?php // Connects to your Database mysql_connect("//", "//", "//") or die(mysql_error()); mysql_select_db("//") or die(mysql_error()); //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass']) { die('Your passwords did not match. '); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); $_POST['pass2'] = addslashes($_POST['pass2']); } // now we insert it into the database $insert = "INSERT INTO users (username, password, Human-Readable) VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['pass2']."')"; $add_member = mysql_query($insert); ?> <h1>Registered</h1> <p>Thank you, you have registered - you may now login</a>.</p> <?php } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0"> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="60"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="10"> </td></tr> <tr><td>HR:</td><td> <input type="password" name="pass2" maxlength="10"> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table> </form> <?php } ?> And incase you want to see it here is the original: <?php // Connects to your Database mysql_connect("//", "//", "//") or die(mysql_error()); mysql_select_db("//") or die(mysql_error()); //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match. '); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } // now we insert it into the database $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); ?> <h1>Registered</h1> <p>Thank you, you have registered - you may now login</a>.</p> <?php } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0"> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="60"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="10"> </td></tr> <tr><td>Confirm Password:</td><td> <input type="password" name="pass2" maxlength="10"> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table> </form> <?php } ?> Many Thanks in advanced Can you guys tell me where is the error please...
$sql2= ('CREATE TABLE `'.$pub_unik.'` (ID SERIAL,ID_Use CHAR(30),Comment TEXT,Like INT,Score CHAR(30))');
I can't find...
Thank you guys
I have a Form on registration.html through which i trying to get data in mysql through the below php script but there is and mysql syntax error please help me with the below code. Code: [Select] <?php $conn = mysql_connect("localhost", "onlinewe_meghraj", "password123") or die(mysql_error()); $db = mysql_select_db("onlinewe_college") or die(mysql_error()); $name1 = $_POST['name1']; $name2 = $_POST['name2']; $year = $_POST['year']; $department = $_POST['deparment']; $group = $_POST['group']; $in_name = $_POST['in_name']; $in_address = $_POST['in_address']; $phone = $_POST['phone']; $email = $_POST['email']; $mobile1 = $_POST['mobile1']; $mobile12 = $_POST['mobile2']; $comment = $_POST['comment']; $result=mysql_query("INSERT INTO register (name1, name2, year, department, group, in_name, in_address, phone, email, mobile1, mobile2, date, comment) VALUES ('$name1', '$name2', '$year', '$department', '$group', '$in_name', '$in_address', '$phone', '$email', '$mobile1', '$mobile2', '".date("Y-m-d h:i:s")."', '$comment')") or die("Insert Error: ".mysql_error()); echo "REGISTRATION DONE"; ?> Please reply. Thank you. This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=354933.0 I can't find the error, someone help me please.
$conn = mysql_connect("localhost","root","Pass"); $err_db = mysql_select_db('bd_amics'); $sql = ("INSERT INTO `'".$_SESSION["use"][14]."'` (ID,Amic,PubID) VALUES ('".$_SESSION["person"][14]."', "1", '".$_SESSION["person"][15]."')"); mysql_query("SET NAMES utf8"); mysql_query($sql, $conn); mysql_close(); $conn3 = mysql_connect("localhost","root","Pass"); $err_db3 = mysql_select_db('bd_amics'); $sql3 = ("UPDATE `'".$_SESSION["person"][14]."'` SET Amic="2" WHERE ID='".$_SESSION["use"][14]); mysql_query("SET NAMES utf8"); mysql_query($sql3, $conn3); mysql_close(); i am trying to insert data into a database with the following code <?php $first_name=$_POST['first_name']; $middle_name=$_POST['middle_name']; $last_name=$_POST['last_name']; $gender=$_POST['gender']; $file_number=$_POST['file_number']; $character=$_POST['character']; $diagnosis=$_POST['diagnosis']; $description=$_POST['description']; $day = $_POST['day']; $month = $_POST['month']; $year = $_POST['year']; $date = date("Y-m-d", mktime(0,0,0,$month, $day, $year)); $con = mysql_connect("localhost","fathersh_search","f33321rh"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("fathersh_childsearch", $con); $sql="INSERT INTO child_info (first_name,middle_name,last_name,gender,birthdate,character,diagnosis,description,file_number) VALUES ('$_POST[first_name]','$_POST[middle_name]','$_POST[last_name]','$_POST[file_number]','$_POST[gender]','$date','$_POST[character]','$_POST[diagnosis]','$_POST[description]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> the error i get is Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'character,diagnosis,description,file_number) VALUES ('James','Anthony','Peters',' at line 1 |
|||||||