PHP - Adding Input Fields

can someone tell me why this won't work?  I just want to key in the amtpaid and have fields inserted.  I get no errors but the only field inserted is the datepaid .
<html><head>
<script>
function $_(IDS) { return document.getElementById(IDS); }
function calculate_paid() {
  var amtpaid = parseInt($_("amtpaid").value);
  var rentdue = parseInt($_("rentdue").value);
  var prevbal = parseInt($_("prevbal").value);
  var secdep = parseInt($_("secdep").value);
  var latechg = parseInt($_("latechg").value);
  var damage = parseInt($_("damage").value);
  var courtcost = parseInt($_("courtcost").value);
  var nsf = parseInt($_("nsf").value);
  var hudpay = parseInt($_("hudpay").value);
  var late = ($_("late").value);
  var paidsum = parseInt($_("paidsum").value);
  var dateNow = new Date();
  var dayNow = dateNow.getDate();
  var datePaid = (dateNow.getMonth()+1)+"/"+dateNow.getDate()+"/"+dateNow.getFullYear();
  $_('datePaid').value = datePaid;
      if(dayNow > 5) { late = "L"; prevbal = prevbal + 10; }
paidsum = paidsum + amtpaid
  var tentpay = amtpaid - hudpay;
  var totOwed = rentdue + prevbal - hudpay;
  var left = totOwed - amtpaid;
    if (amtpaid <= totOwed) { prevbal = left; }
left = amtpaid - totOwed;
  if (left <= secdep) { secdep = secdep - left; }
left = left - secdep;
  if (left <= damage) { damage = damage - left; }
left = left - damage;
  if (left <= latechg) { latechg = latechg - left; }
left = left - latechg;
  if (left <= courtcost) { courtcost = courtcost - left; }
left = left - courtcost;
  if (left <= nsf) { nsf = nsf - left; }
prevbal = left - nsf;
}
</script>
</head><body>
<?php
mysql_connect(localhost,root,"");
mysql_select_db(test) or die( "Unable to select database");
if(!empty($_POST["submit"]))
{
$apt = $_POST['apt'];
$query="SELECT * FROM testdata Where apt='$apt'";
$result=mysql_query($query);
if(mysql_num_rows($result))
{
echo "<form action='#' method='post'><b>Rent Payment :<br /><br />
<table cellspacing=0 cellpadding=0 border=1>
<tr>
  <th>Name</th>
  <th>Apt</th>
  <th>Paid</th>
  <th>Due</th>
  <th>Prev Bal</th>
   <th>Sec Dep</th>
   <th>Late Chg</th>
   <th>Dmg</th>
   <th>Court Cost</th>
   <th>NSF</th>
  <th>Tent Pay</th>
  <th>Hud Pay</th>
    <th>Date Paid</th>
  <th>Late</th>
  <th>Comments</th>
 <th>Paidsum</th>
 </tr>";
while($row = mysql_fetch_assoc($result))
{
 echo "<tr>
<td><input type='text' size=25 name='name' value='" . $row['name'] . "'></td>
<td><input type='text' size=2 name='apt' value='" . $row['apt'] . "' ></td>
<td><input type='text' size=4 id='amtpaid' name='amtpaid' value='" . $row['amtpaid'] ."' onBlur='calculate_paid(this)'></td>
<td><input type='text' size=4 id='rentdue' name='rentdue' value='" . $row['rentdue'] . "'></td>
<td><input type='text' size=4 id='prevbal' name='prevbal' value='" . $row['prevbal'] ."'></td>
<td><input type='text' size=4 id='secdep' name='secdep' value='" . $row['secdep'] ."'></td>
<td><input type='text' size=4 id='latechg' name='latechg' value='" . $row['latechg'] ."'></td>
<td><input type='text' size=4 id='damage' name='damage' value='" . $row['damage'] ."'></td>
<td><input type='text' size=4 id='courtcost' name='courtcost' value='" . $row['courtcost'] ."'></td>
<td><input type='text' size=4 id='nsf' name='nsf' value='" . $row['nsf'] ."'></td>
<td><input type='text' size=4 id='tentpay' name='tentpay' value='" . $row['tentpay'] . "'></td>
<td><input type='text' size=4 id='hudpay' name='hudpay' value='" . $row['hudpay'] ."'></td>
<td><input type='text' size=10 id='datepaid' name='datepaid' value='" . $row['datepaid'] . "'></td>
<td><input type='text' size=1 id='late' name='late' value='" . $row['late'] . "'></td>
<td><input type='text' size=25 name='comments' value='" . $row['comments'] . "'></td>
<td><input type='text' size=4 id='paidsum' name='paidsum' value='" . $row['paidsum'] . "'></td>
</tr>";
}
echo "</table>
<input type='submit' name='update' value='Make Payment' />
</form>";
}
else{echo "No listing for apartment $apt.<br />Please select another.<br />";}
}
if(!empty($_POST["update"]))
{
$sql = "UPDATE testdata SET
name = '" . mysql_real_escape_string($_POST['name']) . "',
amtpaid = '" . mysql_real_escape_string($_POST['amtpaid']) . "',
rentdue = '" . mysql_real_escape_string($_POST['rentdue']) . "',
prevbal = '" . mysql_real_escape_string($_POST['prevbal']) . "',
secdep = '" . mysql_real_escape_string($_POST['secdep']) . "',
latechg = '" . mysql_real_escape_string($_POST['latechg']) . "',
nsf = '" . mysql_real_escape_string($_POST['nsf']) . "',
damage = '" . mysql_real_escape_string($_POST['damage']) . "',
courtcost = '" . mysql_real_escape_string($_POST['costcost']) . "',
tentpay = '" . mysql_real_escape_string($_POST['tentpay']) . "',
hudpay = '" . mysql_real_escape_string($_POST['hudpay']) . "',
datepaid = '" . mysql_real_escape_string($_POST['datepaid']) . "',
late = '" . mysql_real_escape_string($_POST['late']) . "',
comments = '" . mysql_real_escape_string($_POST['comments']) . "',
paidsum = '" . mysql_real_escape_string($_POST['paidsum']) . "'
WHERE apt='".$_POST["apt"]."'";
mysql_query($sql) or die("Update query failed.");
echo "Record for apartment ".$_POST["apt"]." has been updated";
}
?><form method="post" action="#">
<br />
<input type="text" name="apt"/> <p>
<input type="submit" name="submit" value="select apartment"/>
</form>
</body></html>

Hello people, thank you to everyone that has helped me on this forum.  You have been terrific.

I am submitting a form to a database and am having a small problem with the validation scripts.

Basically if the user doesn't put something into one of the fields they get an error message.  However, I am keeping the information already submitted in the input box with the following code
Code: [Select]
<input type='text' name='username' size = '40' maxlength='30' value = '<?php echo $username; ?>'>
This is so that the user doesn't have to input the same data again if he forgot one box.

How do I do the same for "drop down" boxes? 

Here is the code from the form for the "ppr" (aviation terms 'Prior Permission Required')
Code: [Select]
<select name = "ppr">
      <option value = "Yes">Yes
      </option>
      <option value="No">No
      </option>
    </select>
The problem I have is that there are quite a number of these drop down boxes on the form I have created.  And it always goes back to the first "option value" when there is an error.

I do have a variable for $ppr, please could someone tell me how to incorporate it so that the user doesn't have to select the correct option value all over again.

Hope my explanation is clear.

Thanks in advance.

I have an email form that is sending to an email address. There are five fields where the person sending can input their Name, Address, City, State, and Zip. Everything is working, except I want the input from these fields to be the the headers in the PHP email.

For instance it submits and send the letter, but I want the senders Name, Address, City, State, and Zip to be posted after the "Sincerely" in the letter sent. Here is what the input boxes of the form looks like:

Code: [Select]
<p>Sincerely,<br />
<label for="from">Name:</label>
<input type="text" name="from" id="name" value="<?php echo $_POST['from'];?>"/><br />
<label for="street">Street:</label>
<input type="text" name="street" id="street" value="<?php echo $_POST['street'];?>"/><br />
<label for="city">City:</label>
<input type="text" name="city" id="city" value="<?php echo $_POST['city'];?>"/><br />
<label for="zip">Zip:</label>
<input type="text" name="zip" id="zip" value="<?php echo $_POST['zip'];?>"/><br />
<label for="email">E-mail:</label>
<input type="text" name="email" id="email" value="<?php echo $_POST['email'];?>"/></p>
<input type="submit" class="button" value="Submit" />
How do I go about posting the PHP headers in the email upon submission?

Hey Guys. I have a quick question. Should i "prep" input values coming from a radio or checkbox input field? Can an SQL injection occur through those 2 input fields, or is it only text fields?

Hi all,

I'm working on this site which I'll soon ask the guys in the testing forum to have a peek at.  It's essentially an online community that was a uni project that has spiraled and grown exponetially.

I've spent many many hours in front of books and tutorals etc to put it together and as far as scripting goes, it seems to be fine.  The problem i'm having...The tut's that I read / watched were using eregi_replace to protect text fields and this is now unsuported.

I want my site to be as secure as it can be, within reason.

I've tried using preg_replace instead and have searched for the syntax but i keep getting strang results.
I'm working on the "bio" field at the moment and then when that works I can move on and a-ply the same idea to the other fields.

This si what I have and what I've changed.
if ($_POST['parse_var'] == "bio"){
   
    $bio_body = $_POST['bio_body'];
    //$bio_body = str_replace("'", "&#39;", $bio_body);  (WAS TESTING THIS BUT NO JOY)
    //$bio_body = str_replace("`", "&#39;", $bio_body);
         $bio_body = mysql_real_escape_string($bio_body);
         $bio_body = nl2br(htmlspecialchars($bio_body));

        $bio = $_POST['bio'];
   $bio = eregi_replace("'", "&#39;", $bio);           (This works but is not as secure)
   $bio = eregi_replace("`", "&#39;", $bio);
        $bio = mysql_real_escape_string($bio);
        $bio = nl2br(htmlspecialchars($_POST['bio']));

        $sqlUpdate = mysql_query("UPDATE members SET bio='$bio' WHERE id='$id'");
       and so on....}


When I change it to str_replace if I type in don't the whole word is deleted.  when I type in preg I get an error.
Can someone please give me the correct code / syntax for getting the result I want.

I just want to make sure that every single field that has a user input is protected against any malicious attacks.
Thanks.

Hi

I have a form that is to input data from input fields to a table.
The form is as follows:

                            $query = $DB->query("SELECT country_code, country_id, IF(country_code = '".$country_code."', '', '') AS sel FROM exp_sme_countries WHERE site_id='".$this->settings['site_id']."' ORDER BY country_name ASC");
                            foreach ($query->result as $row)
                            {
                               $options .= '<label>' . 'Phrase for ' . $this->settings['countries'][$row['country_code']] . '</label>' . '<br />';
                               $options .= '<input style="width: 100%; height: 5%;" id="country_data" type="text"  name="country_id[]"  />' . '<br /><br />';
                               $options .= '<input type="hidden"  name="country_data[' . $row['country_id'] . ']" value="'.$row['country_id'].'"  />';
                            }


This outputs:
Code: [Select]
<input style="width: 100%; height: 5%;" id="country_data" type="text"  name="country_id[]"  />
<input type="hidden"  name="country_data[68]" value="68"  />

<input style="width: 100%; height: 5%;" id="country_data" type="text"  name="country_id[]"  />
<input type="hidden"  name="country_data[28]" value="28"  />

What I need to do, is get the values from the input fields and then match them with the correct hidden field value

So if in the first input field, I typed in 'Test data' and the second input, i typed 'This is great'

On the POST, I need to find the the value ('Test data') and also the value from the hidden field.

So something like:
Quote

The text you entered is: Test data with hidden value of 68
The text you entered is: This is great with hidden value of 28


I'd rather not use $_GET as this is a form that inserts data into a database.

Could someone point my in the right direction or provide an example?

I would like to split the field specific location on a page into two fields.   

( This is how it looks now: http://qwikad.com/?view=post&cityid=269&lang=en&catid=3&subcatid=27&shortcutregion= )

I want keep the same MySQL table for that field but make it possible for visitors to enter 2 separate texts.  This is how the code looks right now:

<input name="area" type="text" size="40" class="input" maxlength="50" value="<?php echo $data['area']; ?>">

I am not strong in PHP programming at all, so I tried to copy and paste that field twice, but it only posts one entry out of the two.

Can this be done?

I built a basic form with certain fields required. When a required field isn't filled, the errors are echoed but not in the best area. I'd like for each error message to be displayed underneath their respected input fields. What do I need to look into?

<?php 
if(!empty($_POST['submit']))
{
// set variables
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$email2 = mysql_real_escape_string($_POST['email2']);
$age = mysql_real_escape_string($_POST['age']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);


// 1A. REQUIRED FIELDS VERIFICATION
if(!empty($name) && !empty($email) && !empty($email2) &&  !empty($city) &&  !empty($state))
{

// 1B. END REQUIRED FIELDS VERIFICATION
} else {
echo '<img src="images/icon_error.png" alt="" title="" /> Please fill out the required fields.<br />';

if (empty($name))
{
echo 'Whats your name?!<br />';
} if (empty($email))
{
echo 'No email given.<br />';
} if (empty($email2))
{
echo 'Please verify your email<br />';
} if (empty($city))
{
echo 'What city are you from?<br />';
} if (empty($state))
{
echo 'What State!<br />';
}

echo '<br /><br />';
}
// 1B. END REQUIRED FIELDS ERROR CODES

}
?>

<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">

<div class="formSec"><label for="name" class="required">Full Name:</label>
<input type="text" name="name" id="name" value="" /></div>

<div class="formSec"><label for="email" class="required">Email:</label>
<input type="text" name="email" id="email" value="" /></div>

<div class="formSec"><label for="email2" class="required">Confirm Email:</label>
<input type="text" name="email2" id="email2" value="" /></div>

<div class="formSec"><label for="age" class="required">Age:</label>
<input type="text" name="age" id="age" value="" /></div>

<div class="formSec"><label for="city" class="required">City:</label>
<input type="text" name="city" id="city" value="" /></div>

<input class="submit" type="submit" name="submit" value="Submit" />
</form>

I have a problem w/ a widely used password protect php code. I use a business directory program that allows custom input fields. I'm using this code to password protect a business listing page in my directory code. I created custom fields for the username & password so a listing can enter their own user/pass but when I test it it won't work when I'm calling/echoing the fields. When I hardcode it w/ a user/pass it works. Any ideas on how I should recode this?:
Quote

<?php
// Define your username and password
$username = "<?php echo $custom_74; ?>";
$password = "<?php echo $custom_16; ?>";
if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) {
?>
<h1>Login</h1>
<form name="form" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
    <p><label for="txtUsername">Username:</label>
    <br /><input type="text" title="Enter your Username" name="txtUsername" /></p>
    <p><label for="txtpassword">Password:</label>
    <br /><input type="password" title="Enter your password" name="txtPassword" /></p>
    <p><input type="submit" name="Submit" value="Login" /></p>
</form>
<?php
}
else {
?>


I close the code correctly.
<?php echo $custom_74; ?> & <?php echo $custom_16; ?> are just incidently my custom field echo codes. I have over 150 custom fields working fine for user/listee options. The password protect code won't accept echos it seems as coded above.

Thanks, Gene

On all my forms, after I send an empty string to one field, it will stop accepting values when I resubmit.  My code passes through the W3C validator

Any ideas??

need to add

Code: [Select]
$ibforums->input['[u'] != "")
something like that
i need to add

$_GET[''];

but it's not working when i use &=

do ineed to use html entities?

Hello All:

Trying to work with PHP on a contact form with a jQuery Validation to make certain that the visitors fill out the required information. I'll try to show everything that I have, and then the error I am getting when the visitor hits "submit."

I don't know PHP all that well, and trying to learn my way through it. I used a couple of tutorials to add the features I needed and did my own styling on the live site.  Here is the PHP that is currently in the header of my markup:


<?php
//If the form is submitted
if(isset($_POST['submit'])) {

//Check to make sure that the First name field is not empty
if(trim($_POST['firstname']) == '') {
$hasError = true;
} else {
$firstname = trim($_POST['firstname']);
}
    
    //Check to make sure that the Last name field is not empty
if(trim($_POST['lastname']) == '') {
$hasError = true;
} else {
$lastname = trim($_POST['lastname']);
}
    
    //Check to make sure that the Street Address 01 field is not empty
if(trim($_POST['street01']) == '') {
$hasError = true;
} else {
$street01 = trim($_POST['street01']);
}
    
    //If Street02 is filled out, give it a value
    
    $street02  = $_POST['street02'];
    
    //Check to make sure that the City field is not empty
if(trim($_POST['city']) == '') {
$hasError = true;
} else {
$city = trim($_POST['city']);
}
    
    //Check to make sure that the State field is not empty
if(trim($_POST['state']) == '') {
$hasError = true;
} else {
$state = trim($_POST['state']);
}
    
    //Check to make sure that the Zip field is not empty
if(trim($_POST['zip']) == '') {
$hasError = true;
} else {
$zip = trim($_POST['zip']);
}
    
    //If Email is filled out, give it a value 
    
    $email  = $_POST['email'];
    
    //If Telephone is filled out, give it a value 
    
    $telephone  = $_POST['telephone'];
    
    //Default Subject Value 
    
    $subject  = "VMC Inquiry";
    
    //Check checkboxes 
    foreach($_POST['check']  as  $value)  {

$check_msg = "Checked: $value\n";

} 

    //If Message is filled out, give it a value 
    
    $comment  = $_POST['comment'];


//If there is no error, send the email
if(!isset($hasError)) {
$emailTo = 'xxxx.xxxx@gmail.com'; //Put your own email address here
$body = "Name: $firstname $lastname \n\nStreet Address: $street01 \n\nStreet Address*: $street02 \n\nCity: $city \n\nState: $state \n\nZip: $zip \n\nEmail*: $email \n\nTelephone*: $telephone \n\nCheck Box: $check_msg \n\nMessage:\n $comment";
$headers = 'From: XXXXX <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email;

mail($emailTo, $subject, $body, $headers);
$emailSent = true;
}
}
?>

So basically I am using classes to say whether or not something is required, which ties into the jQuery validation. If it isn't required, whatever the visitor types into the box is put into something like "$telephone" which is then printed in the e-mail.

The markup for the forms in the body is the following:

Code: [Select]
<p class="contact-text-right">For more information, or to have a list of our properties mailed to you, please fill out the form below.</p>
    <div id="contact-wrapper">
            <?php if(isset($hasError)) { //If errors are found ?>
        <p class="error">Please check if you've filled all the fields with valid information. Thank you.</p>
            <?php } ?>
            <?php if(isset($emailSent) && $emailSent == true) { //If email is sent ?>
            <p class="accept"><strong><?php echo $firstname;?>,Your Email Successfully Sent!</strong></p> <?php } ?>
    <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform">
        <div id="names">
            <label for="firstname"><strong>First Name:</strong></label>
            <input type="text" name="firstname" id="firstname" value="" class="required" />
            <label for="lastname"><strong>Last Name:</strong></label>
            <input type="text" name="lastname" id="lastname" value="" class="required" />
        </div>
        <div id="address01">
            <label for="street01"><strong>Street Address:</strong></label>
            <input type="text" name="street01" id="street01" value="" class="required" />
        </div>
        <div id="address02">
            <label for="street02"><strong>Street Address*:</strong></label>
            <input type="text" name="street02" id="street02" value="" />
        </div>
        <div id="city">
            <label for="city"><strong>City:</strong></label>
            <input type="text" name="city" id="city" value="" class="required city" />
            <label for="state"><strong>State:</strong></label>
            <input type="text" name="state" id="state" value="" class="required state" />
            <label for="zip"><strong>Zip Code:</strong></label>
            <input type="text" name="zip" id="zip" value="" class="required zip" />
        </div>
        <div id="email">
            <label for="email"><strong>E-mail*:</strong></label>
            <input type="text" name="email" id="email" value="" class="email"/>
            <label for="telephone"><strong>Telephone*:</strong></label>
            <input type="text" name="telephone" id="telephone" value="" class="telephone" />
            <p class="bottom">*Optional fields.</p>
        </div>
        <div class="checkbox">
            <p><input  type="checkbox"  name="check[]"  value="properties">XXX</p> 
            <p><input  type="checkbox"  name="check[]"  value="contact-regarding">XXXX</p>
            <p class="indent">(Please list properties or ask specific questions in the space below.)</p>       
        </div>
        <div id="comment">
            <label for="comment"></label>
            <textarea name="comment" id="comment" ></textarea>
        </div>
        <div id="button">
        <input type="submit" value="Send Message" name="submit" />
        </div>
    </form>

All seems well until I hit submit on the live site. I think get this error returned to me:

Warning: Invalid argument supplied for foreach() in ......./html/development/contact.php on line 64

The e-mail goes through, with all the information, no problems! I just can't get this error message to go away.
Line 64 of contact.php is where the checkbox coding is:


    //Check checkboxes 
    foreach($_POST['check']  as  $value)  {

$check_msg = "Checked: $value\n";

} 


I know I've submitted a lot of code here, and tried to narrow you down to the exact spot I think the problem is, but hopefully some of you PHP gurus can pick out the flaw in a heartbeat.

I really appreciate all the help.

B

This topic has been moved to JavaScript Help.

http://www.phpfreaks.com/forums/index.php?topic=330084.0

Hiya pplz.

I am trying to add: class="keyboardInput" to activate a javascript script to an input box.

This is the line im trying to add it to:

<td><?php echo form_input(array('name'=>'quantity','value'=>$item['quantity'],'size'=>'2'));?></td>

I have tried:

<td><?php echo form_input(array('name'=>'quantity','value'=>$item['quantity'],'size'=>'2'));? class="keyboardInput"></td>

didn't work.

Any help would be great.

Ian