|
PHP - Mysqli Insert From Form
Having issue insertinginto database. The code are below followed by result. thanks for any advice Form code:
<html> <script type="text/javascript">document.write(mmddyy);</script> <form action="crud-insert.php" method="post">
<p><label for="id">id:</label>
<?php
$sql = "INSERT INTO infotbl (id, target, purpose, user, password, email, visits, lastused)
if ($conn->query($sql) === TRUE) {
$conn->close(); Similar TutorialsHi guys, I've been around here for a few years, but for some reason my other account doesn't seem to 'exist' anymore which was real annoying. I also noticed the captcha here was kind of buggy has anyone else been getting that? I'd enter it in case sensative 9-10 times before it would finally work.
Anyways, I've been looking through a lot of research in upgrading my server from Mysql to Mysqli funtions. What I am curious about though is other peoples opinions and thoughts on how to make user input safer. For the time being I've just been using mysql_real_escape_string and htmlspecialchars. I've done quite a bit of research on this and there really isn't much for any guides on how to keep your data clean and safe. I've seen a lot of posts that anymore these two functions are not enough to secure your data. So I'm curious what people in this community are doing (annonomysly) to keep your user input safe. I'm also looking into prepared statements as well with Mysqli. Anyways any responses are much appreciated, would love to chat with you guys about this!
Does anyone know if there was some deal with why I can't access my origional account? I entered in all of the only 5 email addresses I use. It said it sent an email to the one, but it never appeared in junk/inbox.
I am trying to make a login which works perfectly until I try and add remember me functionality into the User class.
Hi, I have an app that access a MySQL database via a php script. For some reason when it is an SQL INSERT it returns -11 but as I said the INSERTS executes successfully. The app requesting the service sends in sequence:
char* txtSQL[]={"INSERT INTO activity (mac,jd,date,time,area,type,value) VALUES ('a9c4952de6b4',2458454,'2018-12-01','10:22','Area0002','h',130)",
"INSERT INTO activity (mac,jd,date,time,area,type,value) VALUES ('a9c4952de6b4',2458454,'2018-12-01','10:22','Area0002','h',130)",
"INSERT INTO activity (mac,jd,date,time,area,type,value) VALUES ('a9c4952de6b4',2458454,'2018-12-01','10:22','Area0002','h',130)",
"INSERT INTO activity (mac,jd,date,time,area,type,value) VALUES ('a9c4952de6b4',2458454,'2018-12-01','10:22','Area0002','h',130)",
"UPDATE activity set value=333 where value=130",
"SELECT sum(value) from activity where mac='a9c4952de6b4'",
"DELETE from activity WHERE value=333"};
I set a monitor to check what was being returned and got:
query=INSERT INTO activity (mac,jd,date,time,area,type,value) VALUES ('a9c4952de6b4',2458454,'2018-12-01','10:22','Area0002','h',130)
HttpResponse: - httpResponseCode: -11
query=INSERT INTO activity (mac,jd,date,time,area,type,value) VALUES ('a9c4952de6b4',2458454,'2018-12-01','10:22','Area0002','h',130)
HttpResponse: - httpResponseCode: -11
query=INSERT INTO activity (mac,jd,date,time,area,type,value) VALUES ('a9c4952de6b4',2458454,'2018-12-01','10:22','Area0002','h',130)
HttpResponse: - httpResponseCode: -11
query=INSERT INTO activity (mac,jd,date,time,area,type,value) VALUES ('a9c4952de6b4',2458454,'2018-12-01','10:22','Area0002','h',130)
HttpResponse: - httpResponseCode: -11
query=UPDATE activity set value=333 where value=130
HttpResponse: 4 * httpResponseCode: 201 -------------------------------------->As can be seem the INSERTS above returned error but worked OK
query=SELECT sum(value) from activity where mac='a9c4952de6b4'
HttpResponse: 1379 * httpResponseCode: 200
query=DELETE from activity WHERE value=333
HttpResponse: 4 * httpResponseCode: 201
The PHP script do ing the job i s as be low :
<?php
include('connection.php');
//these are just in case setting headers forcing it to always expire
header('Cache-Control: no-cache, must-revalidate');
error_log(print_r($_POST,TRUE));
if( isset($_POST['query']) && isset($_POST['key']) ){ //checks if the tag post is there and if its been a proper form post
header('Content-type: application/x-www-form-urlencoded');
if($_POST['key']==$SQLKEY){ //validates the SQL key
$query=urldecode($_POST['query']);
if(get_magic_quotes_gpc()){ //check if the worthless pile of crap magic quotes is enabled and if it is, strip the slashes from the query
$query=stripslashes($query);
}
$conn = new mysqli($DB_ADDRESS,$DB_USER,$DB_PASS,$DB_NAME); //connect
if($conn->connect_error){ //checks connection
header("HTTP/1.0 400 Bad Request");
echo "ERROR Database Connection Failed: " . $conn->connect_error, E_USER_ERROR; //reports a DB connection failure
} else {
$result=$conn->query($query); //runs the posted query
if($result === false){
header("HTTP/1.0 400 Bad Request"); //sends back a bad request error
echo "Wrong SQL: " . $query . " Error: " . $conn->error, E_USER_ERROR; //errors if the query is bad and spits the error back to the client
} else {
if (strlen(stristr($query,"SELECT"))>0) { //tests if it's a SELECT statement
$csv = ''; // bug fix Undefined variable: csv
while ($fieldinfo = $result->fetch_field()) {
$csv .= $fieldinfo->name.",";
}
$csv = rtrim($csv, ",")."\n";
//******************************** echo $csv; //prints header row
$csv = '';
$result->data_seek(0);
while($row = $result->fetch_assoc()){
foreach ($row as $key => $value) {
$csv .= $value.",";
}
$csv = rtrim($csv, ","); //."\n";
}
echo $csv; //prints all data rows
} else {
header("HTTP/1.0 201 Rows");
echo $conn->affected_rows; //if the query is anything but a SELECT, it will return the number of affected rows (INSERT IS RETURNING -11)
}
}
$conn->close(); //closes the DB
}
} else {
header("HTTP/1.0 400 Bad Request");
echo "-Bad Request"; //reports if the secret key was bad
}
} else {
header("HTTP/1.0 400 Bad Request");
echo "*Bad Request";
}
?>
Any help will be much appreciated. Paulo Borges how i can make a insert using this fuctions I m learning php, as using this functions (mysqli abstract) but after update wont work any more.
/** insert data array */
public function insert(array $arr)
{
if ($arr)
{
$q = $this->make_insert_query($arr);
$return = $this->modifying_query($q);
$this->autoreset();
return $return;
}
else
{
$this->autoreset();
return false;
}
}
complement
/** insert query constructor */
protected function make_insert_query($data)
{
$this->get_table_info();
$this->set_field_types();
if (!is_array(reset($data)))
{
$data = array($data);
}
$keys = array();
$values = array();
$keys_set = false;
foreach ($data as $data_key => $data_item)
{
$values[$data_key] = array();
$fdata = $this->parse_field_names($data);
foreach ($fdata as $key => $val)
{
if (!$keys_set)
{
if (isset($this->field_type[$key]))
{
$keys[] = '`' . $val['table'] . '`.`' . $val['field'] . '`';
}
else
{
$keys[] = '`' . $val['field'] . '`';
}
}
$values[$data_key][] = $this->escape($val['value'], $this->is_noquotes($key), $this->field_type($key), $this->is_null($key),
$this->is_bit($key));
}
$keys_set = true;
$values[$data_key] = '(' . implode(',', $values[$data_key]) . ')';
}
$ignore = $this->ignore ? ' IGNORE' : '';
$delayed = $this->delayed ? ' DELAYED' : '';
$query = 'INSERT' . $ignore . $delayed . ' INTO `' . $this->table . '` (' . implode(',', $keys) . ') VALUES ' . implode(',',
$values);
return $query;
}
before update this class i used to insert data like this
$db = Sdba::table('users');
$data = array('name'=>'adam');
$db->insert($data);
this method of insert dont works on new class. if i try like this i got empty columns and empty values.
thanks for any help complete class download http://goo.gl/GK3s4E
Hi again all, I have made an update form where the user selects an ID from a dropdown, and then enters the new infomation into fields and saves it. Unfortunately I just cant quite seem to get it to actually pass the data into the database and save it, please see below. This is studentfunc.php <?php require("db_config.php"); class dbstudent { /* DB connection handle */ private $conn; function insert_student($sid, $name, $address, $postcode, $photo) { $esc_name = mysql_real_escape_string($name, $this->conn); $esc_address = mysql_real_escape_string($address, $this->conn); $esc_postcode = mysql_real_escape_string($postcode, $this->conn); $esc_photo = mysql_real_escape_string($photo, $this->conn); $sql = "insert into student (sid , name, address, postcode, photo) values ('{$sid}', '{$esc_name}', '{$esc_address}', '{$esc_postcode}', '{$esc_photo}')"; $result = mysql_query($sql, $this->conn); if (!$result) { die("SQL Insertion error: " . mysql_error()); } else { $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } function student_update($sid, $name, $address, $postcode, $photo) { $esc_sid = mysql_real_escape_string($sid , $this->conn); $esc_name = mysql_real_escape_string($name, $this->conn); $esc_address = mysql_real_escape_string($address, $this->conn); $esc_postcode = mysql_real_escape_string($postcode, $this->conn); $esc_photo = mysql_real_escape_string($photo, $this->conn); $sql = " UPDATE student SET name='" . $esc_name . "' where sid='" . $esc_sid . "'"; $result = mysql_query($sql, $this->conn); if(!$result) die("SQL Error: " . mysql_error()); else { $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } function openDB() { $this->conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if (!$this->conn) { die("SQL Connection error: " . mysql_error()); } $db_selected = mysql_select_db(DB_NAME, $this->conn); if (!$db_selected) { die("SQL Selection error: " . mysql_error()); } this is updatestudent.php <?php include 'studentfunc.php'; //import the class in this web page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Update Student</title> </head> <body> <?php $db1 = new dbstudent(); $db1->openDB(); $sql="select sid from student"; $result=$db1->getResult($sql); if (!$_POST) //page loads for the first time { ?> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> Select Student ID to update: <select name="sid"> <?php while($row = mysql_fetch_assoc($result)) echo "<option value='{$row['sid']}'>{$row['sid']} </option>"; ?> </select> </form> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> Update new student name:<input type="text" name="name" /><br /> Update new student address:<input type="text" name="address" /><br /> Update new student postcode:<input type="text" name="postcode" /><br /> Update new student pictu <input type="text" name="photo" /><br /> <br /> <input type="submit" value="Save" /> </form> <?php } //end if else { $sid = $_POST['sid']; $name = $_POST['name']; $address = $_POST['address']; $postcode = $_POST['postcode']; $photo = $_POST['photo']; $db1 = new dbstudent(); $db1->openDB(); $numofrows = $db1->student_update($name, $address, $postcode, $photo, $sid); echo "Success. Number of rows affected: <strong>{$numofrows}<strong>"; $db1->closeDB(); } ?> </body> </html> <html> <body> <form action="url.php" method="post"> Website: <input type="text" name="web" value="phpfreak.com"><br> Category: <input type="text" name="cat" value="coding" ><br> <input type="submit"> </form> </body> </html> How can I take the value from a form and insert it in a URL that can be accessed by the user: http://{web}/{cat} A little complicate, how can I take the value without click it on submit action and open in a new page with the URL Values. Hi,
I created a form that inserts first - last name, address, and email address into a mysql databse table.
The record inserts correctly - No problems here.
The problem is I only want to insert the data if the email and address doesn't exist.
I set it up for just the email right now to try to get this to work but have failed.
When the form is submitted and the record exists it inserts the record anyway and sends the email which it's not suppose to do.
The form is suppose to after submitting -
1. validate
2. insert only if the record doesn't exist
3. send the email.
Here's the code
<?php
$to = "email@email.com";
if(isset($_POST['submit']))
{
// VALIDATION
if(empty($_POST['firstName']))
{
$errorfirstName .= "First Name Required";
}
if(empty($_POST['lastName']))
{
$errorfirstName .= "Last Name Required";
}
if(empty($error)) # No error go ahead and email it.
{
$to = "$to";
$subject = 'the form';
$msg .="<html><head>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<title>The Form</title>
</head>
<body>
<table>
<tr>
<td>Email sent for confirmation</td>
</tr>
</table>
</body>
</html>";
$mail($to, $subject, $headers, $msg);
if(!$result)
{
$error = "<div id='errors'>There was an unknown error </div>";
}
else
{
include('connection.php');
$firstName = mysqli_real_escape_string($con, $_POST['firstName']);
$lastName = mysqli_real_escape_string($con, $_POST['lastName']);
$address = mysqli_real_escape_string($con, $_POST['address']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$email = $_POST['email'];
$sql = "SELECT * FROM table WHERE `email` = '{$email}'";
$result = mysql_query($sql);
if ( mysql_num_rows ( $result ) > 0 )
{
$error = "Email Exists.";
}
else
{
$error = "Email does not exist. Insert it!!!";
$sql="INSERT INTO table (firstName, lastName, address, email) VALUES ('$_POST[firstName]','$_POST[lastName]','$_POST[address]', '$_POST[email]')";
}
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con)
{
}
}
}
}
?>
<!-- Form -->
<html>
<head></head>
<body>
<section>
<form method="POST" action="theform" name="for" onsubmit="return validateForm(this)">
<?php
if(!empty($error))
{
echo "$error";
}
?>
This where the inputs would go not going to include them because not having an issue with the form
</form>
</section>
</body>
</html>
Edited by barkly, 26 October 2014 - 06:54 PM. Hi... Got a slight problem with my code, it keeps telling me that there is an error in my syntax, yet I have used the same code before perfectly, and for the life of me cannot see the problem? ....any ideas? <?php if (!isset($_SESSION)) { session_start(); } // Connects to your Database mysql_connect("localhost", "justair1_mick", "guru1969") or die(mysql_error()) ; mysql_select_db("justair1_justair") or die(mysql_error()) ; $filename = ($_FILES['image']['name']); $group = $_POST['group']; $make_model = $_POST['make_model']; $seats = $_POST['seats']; $transmission = $_POST['transmission']; $doors = $_POST['doors']; $lg_bags = $_POST['lg_bags']; $sm_bags = $_POST['sm_bags']; $aircon = $_POST['aircon']; $day1 = $_POST['1_day']; $days2 = $_POST['2_days']; $days3_6 = $_POST['3_6days']; $week = $_POST['week']; $days8_13 = $_POST['8_13days']; $days14 = $_POST['14_days']; if(isset($filename)){ //This is the directory where images will be saved $target = "images/"; $target2 = $target . basename( $_FILES['image']['name']); //This gets all the other information from the form $fileA=($_FILES['image']['name']); } $updateSQL = "INSERT INTO car_groups (group, make_model, transmission, seats, doors, lg_bags, sm_bags, aircon, image) VALUES ('$group', '$make_model', '$transmission', '$seats', '$doors', '$lg_bags', '$sm_bags', '$aircon', '$filename')"; mysql_query($updateSQL) or die(mysql_error()); //Writes the photo to the server move_uploaded_file($_FILES['image']['tmp_name'], $target2); header ("Location: carhireInsert.php"); ?> It keeps telling me... "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group, make_model, transmission, seats, doors, lg_bags, sm_bags, aircon, image) ' at line 1" ..? Really stuck on this one... Any help would be apreciated.. thanks.. Mick. Hey all, I'm very new to php and am having an issue writing to my database with a passed value and info taking from a form and am lost as to what to do. The $comm_id is the value I am getting from another php page that I am passing in the link from the other page. I need to insert that value, the session variable, and the $cmt value, which is taken from the user input from the form. As it stands now, when I run this, the $comm_id and $u_id insert and the $cmt is blank, BUT $cmt is echoing on the screen with the proper value. Any tips or direction would be great as i've been trying to sort this out for days now and i'm stumped. <?php $host='localhost'; $user='username'; $password='password'; $dbname='db_a'; session_start(); $id_link=mysql_connect($host,$user,$password); mysql_select_db($dbname, $id_link); $comm_id = $_GET['commId']; $u_id = $_SESSION['userId']; echo $comm_id; echo $u_id; $cmt = $_POST["comm"]; mysql_query("insert into Comments values($u_id, $comm_id,'$cmt');"); echo $cmt; ?> <FORM ACTION="test.php" METHOD="POST"> <input type="text" name="comm"> <input type="SUBMIT"> </FORM> HI first timer here so please forgive me if this is in the wrong section. Anyway, here goes. I have 2 tables Table 1 Levels LevelID LevelName Table 2 Members MemberID FirstName LastName Birthdate LevelID I have a form that has the LevelID populated from table 1 with a query. When I enter all my data and hit submit the data gets written to the members table. However, the LevelID is written as 0 for each and everyone record that I have entered. So the question is what am I missing? As mentioned I am very new at this so any help would be greatly appreciated. Please see below for my code. Thanks in advance <?php require_once 'dblogin1.php'; $db_server = mysql_connect($db_hostname, $db_username, $db_password); if (!$db_server) die("Unable to connect to MySQL: " . mysql_error()); mysql_select_db($db_database) or die("Unable to select database: " . mysql_error()); $sql = "SELECT\n" . "levels.LevelID,\n" . "levels.LevelName\n" . "FROM\n" . "levels\n"; $result = mysql_query($sql) or die(mysql_error()); $options=""; while($row = mysql_fetch_array($result)){ $LevelId=$row["LevelID"]; $LevelName=$row["LevelName"]; $options.="<OPTION VALUE=\"$LevelID\">".$LevelName.'</option>'; } ?> <style type="text/css"> <!-- body p { color: #F00; } --> </style> <table width="500" border="1" align="center" cellpadding="0" cellspacing="1" > <tr> <td> <form name="form1" method="post" action="insert_ac.php"> <table width="100%" border="1" cellspacing="1" cellpadding="3"> <tr> <td colspan="3"><div align="center"> <p><strong>Myers Player Registration Form</strong></p> </div></td> </tr> <tr> <td>First Name</td> <td><div align="center">:</div></td> <td><input name="firstname" type="text" id="firstname"></td> </tr> <tr> <td>Last Name</td> <td><div align="center">:</div></td> <td><input name="lastname" type="text" id="lastname"></td> </tr> <tr> <td>Birthdate (yyyy-mm-dd)</td> <td><div align="center">:</div></td> <td><input name="birthdate" type="text" id="birthdate"> </td> </tr> <tr> <td>Level</td> <td><div align="center">:</div></td> <td><select name="LevelID"> <OPTION VALUE="0">Choose <?php echo $options?> </select></td> </tr> </form> </td> </tr> </table> Ok .I tried to look for the problem for about 1 hour but I can't see what's wrong whit the following code: In firebug the post values appear correctly like so:id=116&usern=asdawe&com=qweqw&page=116&submit=submit and the inserc() function works correctly because i tried it whit a array of data created by my; Code: [Select] <?php if(isset($_POST['submit'])) { $comment = new comment; $comment->storeform($_POST); $comment->insertc(); } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> <input type="hidden" name="id" value="<?php echo $result['article']->id ?>"/> <ul> <li> <input type="text" name="usern" id="usern" /> </li> <li> <textarea name="com" id="com" COLS=40 ROWS=6></textarea> </li> <input type="hidden" name="page" value="<?php echo $result['article']->id ?>" /> <input type="submit" name="submit" value="submit" /> </ul> </form> Code: [Select] <?php class comment{ public $id = null; public $usern = null; public $com = null; public $page = null; public function __construct($data=array() ) { if( isset($data['id']) ) $this->id= (int)$data['id']; if( isset($data['usern']) ) $this->usern= preg_replace ( "/[^\.\,\-\_\'\"\@\?\!\:\$ a-zA-Z0-9()]/", "", $data['usern'] ); if( isset($data['com']) ) $this->com= preg_replace ( "/[^\.\,\-\_\'\"\@\?\!\:\$ a-zA-Z0-9()]/", "", $data['com'] ); if( isset($data['page']) ) $this->page= (int)$data['page']; } public function storeform ( $params ) { // Store all the parameters $this->__construct( $params ); } public function insertc() { $con = new PDO(DBN,DB_USER,DB_PASS); $sql = "INSERT INTO comments (usern,com,page) VALUES (:usern,:com,:page)"; $st =$con->prepare($sql); $st->bindValue( ":usern", $this->usern, PDO::PARAM_STR ); $st->bindValue( ":com", $this->com, PDO::PARAM_STR ); $st->bindValue( ":page", $this->page, PDO::PARAM_INT ); $st->execute(); $this->id = $con->lastInsertId(); $con = null; } } ?> The information is drawn in from a table into a form that the user will click submit and all the rows will be inputted into the table with their username association. With this form, its only inputting the last row and not all of them. You're help is much appreciated! Here is the form in the PHP area: while($row=mysql_fetch_array($get_items_sql)){ $name =$row['item']; $date = ($row['expiration_date']); $exp_date = date('M d Y', strtotime($row['expiration_date'])); $content .= ""; $content .="<table width=\"450\" border=\"0\"><tr><td width=\"200\"><span class=\"anotherfont\"><input name=\"item[]\" type=\"hidden\" value=\"$name\" id=\"item[]\">$name</span></td><td width=\"200\"><span class=\"greenfont\"><input name=\"expiration_date[]\" type=\"hidden\" value=\"$date\" id=\"expiration_date[]\">$exp_date</span><input name=\"username[]\" type=\"hidden\" value=\"$username\" id=\"username[]\"/> </td></tr><br /></table>"; $content .= "\n"; } $content .= "</ul>\n"; Then below is part of the HTML Form with $content referenced: <form action="add_select.php?source_id=<?php echo $coupon_source ?>" method="post" enctype="multipart/form-data" name="add_new" id="add_new"> <?php echo $content ?> <input name="SUBMIT" type="submit" value="submit" /></form><br /> Then here is the section from the "add_select.php" file from the form: include('connect.php'); foreach($_POST['item'] as $row=>$item) { $Item_name=$item; $expiration_date=$_POST['expiration_date'][$row]; $username=$_POST['username'][$row]; } foreach($_POST['item'] as $row=>$item) { $Item_name=mysql_real_escape_string($item); $expiration_date=mysql_real_escape_string($_POST['expiration_date'][$row]); $username=mysql_real_escape_string($_POST['username'][$row]); } $sql2="INSERT INTO place (item, expiration_date, username) VALUES ('$Item_name', '$expiration_date', '$username')"; if (!mysql_query($sql2)) { die('Error: ' . mysql_error()); }else { header("location:insert_complete.php"); } Hi. I'm making a private webpage for my self where i can post news, games, music titles and movies. I'm made it so that i can post and delete them from my page. Also i wanted to have the option to edit them. So i made a action that shows me a list og the posts in each category. And then i want the option to hit UPDATE, and then it should open the form with the info's from MySQL. I've made those two options as the following: Code: [Select] elseif ( $action == "EditNews" ) { // EDIT NEWS START if ( !$_GET['id'] ) { ?> <div id="content"> <?php $sql = mysql_query("SELECT * FROM news") or die(mysql_error()); while ( $row = mysql_fetch_assoc($sql) ) { echo "<a href=\"?page=Admin&action=UpdateNews&id=" . $row['news_id'] . "\">Update</a> | " . $row['subject'] . "<br>"; } echo "</div>"; } else { $type = $_GET['type']; $id = $_GET['id']; } // EDIT NEWS END } elseif ( $action == "UpdateNews" ) { // UPDATE NEWS START if ( !$_POST['submit'] ) { $id = $_GET['id']; $sql = mysql_query("SELECT * FROM news WHERE news_id='$id'") or die(mysql_error()); $user_id = $_SESSION['uid']; $subject = $_row['subject']; $body = nl2br($_row['body']); ?> <div id="content"> <form action="?page=Admin&action=EditNews" method="post"> <div id="">Subject</div> <div id=""><input id="input" type="text" name="subject"></div> <div id="">Message</div> <div id=""><textarea id="input" name='body' cols='15' rows='4'></textarea></div> <div id=""><input id="submit" class="input" type="submit" name="submit" value="Post News"></div> </form> </div> <?php } else { ?> <div id="content">Not Working!</div> <?php } // UPDATE NEWS END } - I know i miss something, but i've tried to get to the point, where i only have the form as blank, and need some help from there. I hope someone can help me with my problem. MOD EDIT: [code] . . . [/code] tags added. Alright so I am trying to code a very simple form that adds a user to my SQL database with certain information filled in and certain information kept hidden with default values in a form. My index.php file is as follows (not all of the code but just the form part): <?PHP $submitMessage = $_GET['value']; if ($submitMessage == success) { echo '<div class="congratulations"><font color="#84d20c"><strong>Congratulations:</strong></font> The user has been added.</div>'; }else if($submitMessage == NULL){ }else if($submitMessage == fail){ echo '<div class="error"><font color="#d3430c"><strong>Error:</strong></font> An error occurred please check the error details below:</div>'; echo 'ERROR DETAILS:'; echo mysql_error(); } ?> <h1><i>Add User</i></h1> <p>This page is where you would manually add a user to the donations databases (for example you or a member of the community with elevated status that does not need to pay).</p> <br/> <form enctype="multipart/form-data" action="scripts/admin_save_sm_db.php" method="post"> <input name="authtype" value="steam"/><br /><br /> <h3><i>STEAM ID:</i></h3> <input name="identity" value="STEAM_0:X:XXXXXXXX"/><br /> <div class="form_help">Steam ID of the player you wish to add. Must be in the format STEAM_0:X:XXXXXXXX</div><br /> <input name="flags" value="o"/><br /><br /> <input name="name" value="Donator"/><br /><br /> <input name="immunity" value="0"/><br /><br /> <h3><i>Your Email Address</i></h3> <input name="user_email"/><br /> <div class="form_help">Your Email Address for security purposes.</div><br /> <input name="Submit" type="submit" value="Submit" class="form_submit" /> </form> My admin_save_sm_db.php file is as follows: <?php session_start(); if(!isset($_SESSION["username"])) { header('Location: login.php'); exit; } @require("../sm_admin_db.php"); $authtype = $_POST['authtype']; $identity = $_POST['identity']; $flags = $_POST['flags']; $name = $_POST['name']; $immunity = $_POST['immunity']; $user_email = $_POST['user_email']; $link = @mysql_connect(_HOST,_USER,_PASS); @mysql_select_db(_DB); $sql = @mysql_db_query(_DB,"INSERT INTO "._TBL." (`authtype`, `identity`, `flags`, `name`, `immunity`, `user_email`) VALUES (NULL, '$authtype', '$identity', '$flags', '$name', '$immunity', '$user_email')"); $okay = @mysql_affected_rows(); if($okay > 0) { header( "Location: ../index.php?value=success" ); } else { header( "Location: ../index.php?value=fail" ); } @mysql_close($link); ?> And finally my sm_admin_db.php file is as follows: <?PHP //host loaction define("_HOST", "localhost", TRUE); //database username define("_USER", "thatsact_admin", TRUE); //database username`s password define("_PASS", "*********", TRUE); //database name define("_DB", "thatsact_sadadmins", TRUE); //database table name change this to install multiple version on same database define("_TBL", "sm_admins", TRUE); //This is the email that you will recieve emails when someone signs up. define("_EMAIL", "admin@tag-clan.com", TRUE); ?> All of this together does not work and gives the echo error code, however the mysql_error() string does not return anything. Nothing is inserted into the database. Can I get some help on where I went wrong and please keep in mind I am VERY new to php and didn't write most of this script so just tell me what to edit and exactly how to do it please. Thanks in advance. I almost have it but I am missing something. The form is being sent and the row is being created but there is not data. It is blank. I know it is something simple I am missing but I cannot figure it out
If anyone can look at my code below and tell me what I am missing to make the inputed info be seen, I would sure appreciate it.
<?php
include_once('class/class_email.php');
// contact to database
$connect = mysql_connect("localhost", "admin", "password") or die ("Error , check your server connection.");
mysql_select_db("database");
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$company = $_POST['company'];
$telephone = $_POST['telephone'];
$comments = $_POST['comments'];
$EID = $_POST['eid'];
extract ($_POST);
// Pick up the form data and assign it to variables
//
$id = intval($id);
$fname = strip_tags($fname);
$lname = strip_tags($lname);
$email = strip_tags($email);
$company = strip_tags($company);
$telephone = intval($telephone);
$query="INSERT INTO users(`id`, `fname`, `lname`, `email`,`company`,`telephone`) VALUES('$id','$fname','$lname','$email','$company','$telephone')";
echo $query;
mysql_query($query) or die(mysql_error());
echo mysql_error();
$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `id`='$EID' LIMIT 1;";
$result = mysqli_query($connect,$SQL_GetEquipment);
$row = mysqli_fetch_assoc($result);
$EmailBody = "$fname $lname has requested a quote from NAPE on Item $EID\n
Information on quote request: \n
Name: $fname $lname \n
Email: $email \n
Company: $company \n
Number: $telephone \n
Comments: $comments \n
\n
Information Requested for: {$row['itemname']}\n
The URL to {$row['itemname']} is: http://www.mydomain.com.com/new-product.php?Item=$EID
\n
Click to send a quote now:\n
http://www.mydomain.com.com/Admin/send-quote.php?id=$EID ";
$e = new email();
//First value is the URL of your server, the second the port number
$e->set_server( 'mail.mydomain.com.com', 26);
//First value is your username, then your password
$e->set_auth('noreply@mydomain.com', '112233');
//Set the "From" setting for your e-mail. The Name will be base64 encoded
$e->set_sender( 'Quote Requested', 'noreply@mydomain.com' );
//for one recipient
//$send_to = array('myemail@mydomain.com','myemail2@mydomain.com');
$send_to = ('myemail@gmail.com');
//you may also specify multiple recipients by creating an array like this:
//$send_to = array('foo1@localhost.local', 'foo2@localhost.local', 'foo3@localhost.local');
$subject = 'Quote Request from NAPE';
$body = "$EmailBody";
if( $e->mail($send_to, $subject, $body, $headers) == true )
{
//message was received by the smtp server
//['last'] tends to contain the queue id so I like to save that string in the database
echo 'last: '.htmlspecialchars($e->srv_ret['last']).'';
}else{
//something went wrong
echo 'all: '.nl2br(htmlspecialchars($e->srv_ret['all'])).'';
echo 'full:'.nl2br(htmlspecialchars($e->srv_ret['full'])).'';
}
?>
Hi i have a form that logins at a mail. I have installed an SSL at this domain and i would like to add an option at the form for the user to login using https or not the form is above. How can i add an option with check-box from user to login using https ???? IF this is checked when the user clicks "login" he will redirected to https and will login. If i have not describe well please ask for details. Thanks <form class="login-form" action="<?php echo $this->moduleBaseUrl; ?>/XXX/XXXXXX" name="loginPage" id="loginPage" method="post"> <input type='hidden' name='emailName' value=''/> <input type='hidden' name='emailDomain' value=''/> <input type='hidden' name='cssStyle' value='<?php echo $this->cssStyle ?>'/> <table class="login"> <tbody> <tr> <td> <label class="user"><?php print $this->translate('Email') ?>:</label> <input id="email" class="input-email" type="text" name="email" tabindex="1" /> </td> </tr> <tr> <td> <label class="pass"><?php print $this->translate('Password') ?>:</label> <input id="password" class="input-pass" type="password" name="password" tabindex="2" /> </td> </tr> <tr id="LoginBtn" style="display: none;"> <td> <input class="loginbtn <?php echo $this->cssStyle ?>" type="submit" value="<?php print $this->translate('Login') ?>" /> <span class="remember"><?php print $this->translate('Remember Me') ?></span> <input class="check" type="checkbox" value="1" name="RememberMe" /> </td> </tr> </tbody> </table> </form> Amazingly, PHP Coding Help != JavaScript Help. This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=333336.0 Need a little help with this code. I'm running Apache 2.21 / PHP 5.3.5 on Windows. This is a V6 application. I am running Windows 7. I am new, and trying to learn. What am I doing wrong in line 8 with the 'if' statement? The idea is to create a table in mySQL using a form interface. Thank you in advance. Parse error: syntax error, unexpected '{' in C:\website\do_createtable.php on line 8 <? $db_name="booster"; $connection=mysql("localhost", "user", "password") or die (mysql_error()); $db=mysql_select_db($db_name, $connection) or die (mysql_error()); $sql="CREATE TABLE $_POST[table_name] ("; for ($i=0; $i < count($_POST[field_name]); $i++) { $sql .= $_POST[field_name][$i]." ".$_POST[field_type][$i]; if ($_POST[field_length][$i] != "" { $sql .= " (".$_POST[field_length][$i]."),"; } else { $sql .= ","; } } $sql=substr($sql,0,-1); $sql .= ")"; Hi there im having trouble with my code and was hoping someone may be able to help me? I think the trouble i am having is because i am echoing the form elements (form, hidden) and the value in those elements. This part is fine i think: Code: [Select] $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")){ $insertSQL = sprintf("INSERT INTO ships (ShipName, FleetID, PlayerName, Image1, Image2, Credits, HealthA, HealthB, MaxHealthA, MaxHealthB, Class, Hyperspace, PlanetID, Building, Maintenance) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", GetSQLValueString($_POST['shipname1'], "text"), GetSQLValueString($_POST['fleetid1'], "int"), GetSQLValueString($_POST['playername1'], "text"), GetSQLValueString($_POST['image11'], "text"), GetSQLValueString($_POST['image21'], "text"), GetSQLValueString($_POST['credits1'], "int"), GetSQLValueString($_POST['healtha1'], "int"), GetSQLValueString($_POST['healthb1'], "int"), GetSQLValueString($_POST['maxhealtha1'], "int"), GetSQLValueString($_POST['maxhealthb1'], "int"), GetSQLValueString($_POST['class1'], "int"), GetSQLValueString($_POST['hyperspace1'], "int"), GetSQLValueString($_POST['planetid1'], "int"), GetSQLValueString($_POST['building1'], "int"), GetSQLValueString($_POST['maintenance1'], "int")); mysql_select_db($database_swb, $swb); $Result1 = mysql_query($insertSQL, $swb) or die(mysql_error()); $insertGoTo = "planet.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } The problem may lay he Code: [Select] <?php echo'<form id="form1" name="form1" method="post" action="">';echo'<table width="400" border="0" align="top">'; do { echo '<tr> <td width="200" align="center">'; echo '<span class="arial12">'; echo "<img src=".$row_Ships["Image1"]." height =\"250\" width=\"400\">"; echo'| Maintenance: '; echo $row_Ships['Maintenance'];echo ' | '; echo'<input type="submit" name="Submit" value="Build" />'; echo' | Construction Time: '; echo $row_Ships['Building']; echo' | ';echo '</td></tr>'; echo" <input name='fleetid1' type='hidden' id='fleetid1' value='".$totalRows_Fleet." + '1''/>"; echo" <input name='fleetname1' type='hidden' id='fleetname1' value='Fleet ".$totalRows_Fleet." + '1''/>"; echo" <input name='shipname1' type='hidden' id='shipname1' value='".$row_Ships['ShipName']."'/>"; echo" <input name='playername1' type='hidden' id='playername1' value='".$_SESSION['MM_Username']."'/>"; echo" <input name='credits1' type='hidden' id='credits1' value='".$row_Ships['Credits']."'/>"; echo" <input name='image11' type='hidden' id='image11' value='".$row_Ships['Image1']."'/>"; echo" <input name='image21' type='hidden' id='image21' value='".$row_Ships['Image2']."'/>"; echo" <input name='healtha1' type='hidden' id='healtha1' value='".$row_Ships['HealthA']."'/>"; echo" <input name='healthb1' type='hidden' id='healthb1' value='".$row_Ships['HealthB']."'/>"; echo" <input name='maxhealtha1' type='hidden' id='maxhealtha1' value='".$row_Ships['MaxHealthA']."'/>"; echo" <input name='maxhealthb1' type='hidden' id='maxhealthb1' value='".$row_Ships['MaxHealthB']."'/>"; echo" <input name='class1' type='hidden' id='class1' value='".$row_Ships['Class']."'/>"; echo" <input name='hyperspace1' type='hidden' id='hyperspace1' value='".$row_Ships['Hyperspace']."'/>"; echo" <input name='maintenance1' type='hidden' id='maintenance1' value='".$row_Ships['Maintenance']."'/>"; echo" <input name='Planetid1' type='hidden' id='planetid1' value='".$row_Credits['PlanetID']."'/>"; echo" <input name='building1' type='hidden' id='building1' value='".$row_Ships['Building']."'/>"; } while ($row_Ships = mysql_fetch_assoc($Ships)); echo '</table></form>';?> No records are insterted at all?? The page redirection after insert is not happening either. If anybody coould help that would be brilliant... Thank You hello i have a db with name which populates a form dropdown list there are various variables like this in the form. the user selects their choices and then submits the form to a new db table at the moment it does not capture the dropdown data to the insert sql help please here is the code: =============================== <?php include ('connect.php'); // Insert any new image into database if(isset($_POST['xsubmit']) && $_FILES['imagefile']['name'] != "") { $fileName = $_FILES['imagefile']['name']; $fileSize = $_FILES['imagefile']['size']; $fileType = $_FILES['imagefile']['type']; $content = addslashes (file_get_contents($_FILES['imagefile']['tmp_name'])); $jeweltype = $_POST['jeweltype']; $jewelsize = $_POST['jewelsize_in']; $jewelcolour = $_POST['jewelcolour_in']; $jewelmaterial = $_POST['jewelmaterial_in']; $jewelgender = $_POST['jewelgender_in']; if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); } // Checking file size if ($fileSize < 150000) { mysql_query ("INSERT into jewel_images (name,size,type,content,jeweltype,jewelsize,jewelcolour,jewelmaterial,jewelgender) " . "values ('$fileName','$fileSize','$fileType','$content','$jeweltype','$jewelsize','$jewelcolour','$jewelmaterial','$jewelgender')"); } else { $err = "The Image file to too large!"; } } // Find out about latest image $gotten = mysql_query("select * from jewel_images order by row_id desc"); $row = mysql_fetch_assoc($gotten); $bytes = $row['content']; // If this is the image request, send out the image if ($_REQUEST['pic'] == 1) { header("Content-type: $row[type];"); print $bytes; } ?> <html> <head> <title>Upload an image to a database</title> </head> <body> <font color="#FF3333"><?php echo $err ?></font> <table> <form name="Upload" enctype="multipart/form-data" method="post"> <tr> <td>Upload <input type="file" name="imagefile"><br /> Jewelery Type: <select> <?php $sql="SELECT jeweltype FROM jeweltypes"; $result =mysql_query($sql); while ($data=mysql_fetch_assoc($result)){ ?> <option value ="jeweltype" ><?php echo $data['jeweltype'] ?></option> <?php } ?> </select> <br /> Jewelery Size: <select> <?php $sql="SELECT jewelsize FROM jewelsizes"; $result =mysql_query($sql); while ($data=mysql_fetch_assoc($result)){ ?> <option value ="jewelsize" ><?php echo $data['jewelsize'] ?></option> <?php } ?> </select> <br /> Jewelery Colour: <select> <?php $sql="SELECT jewelcolour FROM jewelcolours"; $result =mysql_query($sql); while ($data=mysql_fetch_assoc($result)){ ?> <option value ="jewelcolour_in" ><?php echo $data['jewelcolour'] ?></option> <?php } ?> </select> <br /> Jewelery Material: <select> <?php $sql="SELECT jewelmaterial FROM jewelmaterials"; $result =mysql_query($sql); while ($data=mysql_fetch_assoc($result)){ ?> <option value ="jewelmaterial_in" ><?php echo $data['jewelmaterial'] ?></option> <?php } ?> </select> <br /> Jewelery Gender: <select> <?php $sql="SELECT jewelgender FROM jewelgenders"; $result =mysql_query($sql); while ($data=mysql_fetch_assoc($result)){ ?> <option value ="jewelgender_in" ><?php echo $data['jewelgender'] ?></option> <?php } ?> </select> <br /> <input type="submit" name="xsubmit" value="Upload"> </td> </tr> <tr> <td>Latest Image</td> </tr> <tr> <td><img src="?pic=1"></td> </tr> </form> </table> </body> </html> |
|||||||