I'm creacting an admin zone for a blog I'm building. For some reason, the database is inserted with the last information I've submitted each time I refresh the page, instead of whenever I click "submit".
This is the page itself:
<?php
//send uploaded files to mysql
include_once 'conn.php';
include_once 'submit.php';
?>
<!DOCTYPE html>
<html>
<head>
<title>Your admin page</title>
</head>
<body>
<h1>Admin page</h1>
<h2>upload text</h2>
<form action="" method="POST">
<label>Header</label>
<input type="header" name="header" required><br>
<label>Text</label>
<input type="text" name="text" required><br>
<label>Image</label>
<input type="file" name="image">
<input type="submit" value="submit">
</form>
This is the submit.php file:
<?php
include_once 'conn.php';
$header = $_POST['header'];
$text = $_POST['text'];
$file_get = $_FILES['image']['name'];
$temp = $_FILES['image']['tmp_name'];
$file_to_saved = "uploads/".$file_get;
move_uploaded_file($temp, $file_to_saved);
if (isset($_POST['submit'])) {
$insert = ("INSERT INTO posts (postHeader,postText,picture) VALUES ('$header','$text','$file_to_saved')");
if ($link->query($insert) === TRUE) {
echo "record created succesfully";
} else{
echo "something went wrong with the file";
}
}
Related
I'm following a tutorial by mmtuts on youtube to show how to post comments to a myphpadmin database. All of my code is exactly the same as his, but I'm working from a different starting point becuase I already had a website I was working on and I just wanted to add the new code.
Basically, the video showed the code working flawlessly and my posts do not show up in the database like his did.
https://www.youtube.com/watch?v=4pPGOF5MI4U
".setComments($conn)." on the second document of code is blue instead of white like in the video.
<?php
require 'includes/dbh.inc.php';
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="description" content="This is an example of a meta description. This will often show up in search results.">
<meta name=viewport content="width=device-width, initial-scale=1">
<title>TAG</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<div id="headerContainer">
<?php
if (isset($_SESSION['userID'])) {
$id = $_SESSION['userID'];
$sqlImg = "SELECT * FROM profileimg WHERE userid='$id'";
$resultImg = mysqli_query($conn, $sqlImg);
while ($rowImg = mysqli_fetch_assoc($resultImg)) {
if ($rowImg['status'] == 0) {
$filename = "profilepics/profile".$id."*";
$fileinfo = glob($filename);
$fileext = explode(".", $fileinfo[0]);
$fileactualext = $fileext[1];
echo "<div class=userPicture><img src='profilepics/profile".$id.".".$fileactualext."?".mt_rand()."'></div>";
}
else {
echo "<div class='userPicture'><img src='profilepics/noUser.png'></div>";
}
}
echo '
<div class="userName">'. $_SESSION['userUserName'] .'</div>
<div id="logoutForm">
<form action="includes/logout.inc.php" method="post">
<button type="Submit" name="logout-submit">Logout</button>
</form>
</div>
<div class="upload">
<form action="upload.php" method="POST" enctype="multipart/form-data">
<input type="file" name="file">
<button type="submit" name="submit">Profile Image</button>
</form>
</div>
';
}
else {
echo '
<div class="userPicture"><img src="profilepics/noUser.png"></div>
<div class="userName">You are not logged in!</div>
<div id="loginForm">
<form action="includes/login.inc.php" method="post">
<input type="text" name="mailuid" placeholder="Username/E-mail">
<input type="password" name="password" placeholder="Password">
<button type="Submit" name="login-submit">Login</button>
</form>
</div>
<div id="signupForm">
or Signup
</div>
';
}
?>
</div>
<?php
require "header.php";
date_default_timezone_set('America/Chicago');
include 'includes/comments.inc.php';
?>
<div class="homeBody">
<p>Starting Filler</p>
<p>-</p>
<p>-</p>
<p>-</p>
<video width="320" height="240" controls>
<source src="videos/sample.mp4" type="video/mp4">
Your browser does not support the video tag.
</video>
<?php
echo "<form method='POST' action='".setComments($conn)."'>
<input type='hidden' name='uid' value='Anonymous'>
<input type='hidden' name='date' value='".date('Y-m-d H:i:s')."'>
<textarea name='message'></textarea><br>
<button type='submit' name='commentSubmit'>Comment</button>
</form>";
?>
<?php
function setComments($conn) {
if (isset($POST['commentSubmit'])) {
$uid = $_POST['uid'];
$date = $_POST['date'];
$message = $_POST['message'];
$sql = "INSERT INTO comments (uid, date, message) VALUES ('$uid', '$date', '$message')";
$result = $conn->query($sql);
}
}
<?php
$servername = "localhost";
$dBUsername = "root";
$dBPassword = "thisisnotmyactualpassword";
$dBName = "tagloginsystem";
$conn = mysqli_connect($servername, $dBUsername, $dBPassword, $dBName);
if (!$conn) {
die("Connection failed: ".mysqli_connect_error());
}
All I want is for the posts to make it into the database.
Try making a separate PHP-file and have your action attribute inside the form tag point to it. Right now it looks like you are running the function in the action attribute. In the PHP-file you can run your PHP function and write the PHP you need.
EX:
<form method='POST' action="includes/comments.php">
I was missing the "_" in $_POST on the 3rd page of code
Hi for some reason my update statement is not working, most probably because of the id=%d, its not getting the id for the statement i think but its finding the id because it is listed in the url (shown Below). What is the problem please ?
This works when i Insert a number for the id, example : id=77, so most probably the problem is the %d how can i get it to find the id with the %d ?
http://localhost/test/edit.php?id=77
<?php
ob_start();
session_start();
include_once 'logindb.php';
$conn = new mysqli($hn, $un, $pw, $db);
if ($conn->connect_error) die($conn->connect_error);
if((isset($_POST['submit']))){
if((!isset($_POST['title'])) || (!isset($_POST['times'])) ){
echo "All values must be set";
}
else{
$title = $_POST['title'];
$times = $_POST['times'];
$film_id = $_GET['id'];
$upfile = 'Uploads/posters/'.$_FILES['userfile']['name'];
if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upfile)){
echo "File moved into folder";
header( "Location: index.php" ) ;
}
else{
echo "Problem: could not move image file to destination directory";
}
$upfile2 = 'Uploads/trailers/'.$_FILES['userfile2']['name'];
$format1 = "UPDATE films SET titles = '$title', ftimes = '$times', poster = '$upfile', trailer = '$upfile2' WHERE id = %d";
$query = sprintf($format1, $film_id );
$result = mysqli_query($conn, $query)
or die("Error in query: ". mysqli_error($conn));
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="Empire.css"/>
<script type="text/javascript" src="script.js"> </script>
<title>Movie Form</title>
</head>
<body class="formola">
<div class="form-style-5">
<p class="top"> List Movies </p>
<form method = "post" action="edit.php" enctype="multipart/form-data">
<fieldset>
<legend><span class="number">1</span> Details </legend>
<input type="text" name="title" placeholder="Movie Title">
<input type="text" name="times" placeholder="Times">
</fieldset>
<fieldset>
<legend><span class="number">2</span> Attachments </legend>
<div class="form-group ">
<label> Film Poster <br> </label>
<input type="hidden" class="form-control" name="MAX_FILE_SIZE" value="100000000">
Upload this Film Poster: <br> <input name="userfile" id="userfile" type="file"> <br>
<input type="hidden" class="form-control" name="MAX_FILE_SIZE" value="10000000">
Upload this Trailer: <br> <input name="userfile2" id="userfile2" value="10000000" type="file"> <br>
</div>
</fieldset>
<input type="submit" name = "submit" value="Upload" />
</form>
</div>
</body>
</html>
Actually i'm trying to create a table by name that user suggests and insert data into that table, also by user's suggestion.
I've two php files: CreateTable.php and EnterData.php
Here is my code of CreateTable.php:
<?php
$conn = new mysqli("localhost","root","","mywebsite");
if (isset($_POST['tbButton'])) {
$qry = "Create Table ".$_POST['tableName']."(firstname varchar(25),lastname varchar(25));";
$res = mysqli_query($conn,$qry);
if ($res) {
echo "Table Created!";
}
else{
die("query failed!");
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Create Table</title>
</head>
<body>
<form action="EnterData.php" method="post">
<p><input type="text" name="tableName" placeholder="Enter Table Name..."></p>
<p><input type="submit" name="tbButton"></p>
</form>
</body>
</html>
Here is my code of EnterData.php:
<?php
$tbname = $_POST['tableName'];
$conn = new mysqli("localhost","root","","mywebsite");
if (isset($_POST['dataButton'])) {
$qry = "Insert into ".$tbname."(firstname,lastname) values('".$_POST['firstname']."','".$_POST['lastname']."');";
$res = mysqli_query($conn,$qry);
if ($res) {
echo "Data Inserted!";
}
else{
die("query failed!");
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Create Table</title>
</head>
<body>
<form action="" method="post">
<p><input type="text" name="firstname" placeholder="Enter First Name..."></p>
<p><input type="text" name="lastname" placeholder="Enter Last Name..."></p>
<p><input type="submit" name="dataButton"></p>
</form>
</body>
</html>
Problem is that when I write action="EnterData.php" Table doesn't create in database but form values passes to 'EnterData' file.
and when I write action="CreateTable.php" table is created in database but values doesn't pass to 'EnterData' file.
I want to pass values to EnterData file and database too.
this my first attempt on stackoverflow, hope i explained my question very nicely
You can pass your tablename through get method
CreateTable.php
<?php
$conn = new mysqli("localhost","root","","mywebsite");
$tableName = $_POST['tableName'];
if (isset($_POST['tbButton'])) {
$qry = "Create Table ".$tableName ."(firstname varchar(25),lastname varchar(25));";
$res = mysqli_query($conn,$qry);
if ($res) {
header("Location: EnterData.php?tableName=".$tableName);
}
else{
die("query failed!");
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Create Table</title>
</head>
<body>
<form action="CreateTable.php" method="post">
<p><input type="text" name="tableName" placeholder="Enter Table Name..."></p>
<p><input type="submit" name="tbButton"></p>
</form>
</body>
</html>
EnterData.php
<?php
$tbname = $_GET['tableName'];
$conn = new mysqli("localhost","root","","mywebsite");
if (isset($_POST['dataButton'])) {
$qry = "Insert into ".$tbname."(firstname,lastname) values('".$_POST['firstname']."','".$_POST['lastname']."');";
$res = mysqli_query($conn,$qry);
if ($res) {
echo "Data Inserted!";
}
else{
die("query failed!");
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Create Table</title>
</head>
<body>
<form action="EnterData.php?tableName=<?php echo $tbname;?>" method="post">
<p><input type="text" name="firstname" placeholder="Enter First Name..."></p>
<p><input type="text" name="lastname" placeholder="Enter Last Name..."></p>
<p><input type="submit" name="dataButton"></p>
</form>
</body>
</html>
Why would you let the user create tables in your database in the first place (with root privileges!)?
As for your question... Both php files submit to EnterData.php (that is if EnterData.php's blank action attribute is properly interpreted by the browser), so your CreateTable.php has no idea of what $_POST['tableName'] is.
I don't know what it is you are trying to do, but php files don't magically get to know each other's variables - you actually have to include a file in another one to let them share a set of variables, pass the variables through $_REQUEST or use AJAX to take care of things.
I would personally recommend using uppercase for GET and POST whenever possible.
Im trying to get the taskid variable from the url:
Long story short the database never updated trying to echo $tasked is blank and im not sure why.
I have looked over all of the suggestions and many different websites I do not see what i'm missing
http://domain.com/ubxtask/addnote.php?taskid=163994
<!DOCTYPE html>
<html lang="en">
<head>
<title>Add Note to Task</title>
</head>
<body>
<form action="" method="post">
<p>
<textarea name="notetoadd" rows="4" cols="50"></textarea>
</p>
<input type="submit" value="Submit" name="submit">
</form>
</body>
</html>
<?php
if ( isset( $_POST['submit'] ) ) {
$servername = "localhost";
$username = "dbusr";
$password = "dbpass";
$dbname = "db";
$notetoadd = $_POST['notetoadd'];
if (isset($_GET["taskid"])) {
//$taskid = $_GET['taskid'];
echo $_GET["taskid"];
//echo $taskid;
}
$sql = "INSERT INTO tasknotestbl (tasknum, tasknote)
VALUES ('$taskid', '$notetoadd')";
if ($conn->query($sql) === TRUE) {
header('Location: http://domain.com/task/tasklist.php');
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
You should add the task id to your forms action, or it would be lost, if you submit the form
<form action="addnote.php?taskid=<?php echo $_GET['taskid']; ?>" method="post">
You can add hidden field to form with taskid and use post method:
<?php
if (empty($_GET['taskid'])) {
$taskid = '1';
}else{
$taskid = (int)$_GET['taskid'];
}
// your code submit code and
if (isset($_POST["taskid"])) {
echo $_POST["taskid"];
}
echo '<form action="" method="post">
<p><textarea name="notetoadd" rows="4" cols="50"></textarea></p>
<input type="hidden" name="taskid" value="'.$taskid.'" placeholder="taskID">
<input type="submit" value="Submit" name="submit">
</form>';
?>
I really don't understand what I am doing here. I have this page profesor.php in which I want to insert some data into the database. After I submit the data from the form I want to be redirected to another page insert.php and display a message.
So I have profesor.php:
<?php
session_start();
if (isset($_SESSION['id'])) {
$fullname = $_SESSION['name'];
echo "<h1> Welcome " . $fullname . "</h1>";
} else {
$result = "You are not logged in yet";
}
if (isset($_POST['studname'])) {
include_once("dbConnect.php");
$studname = strip_tags($_POST['studname']);
$course = strip_tags($_POST['course']);
$grade = strip_tags($_POST['grade']);
$getStudidStm = "SELECT userid FROM users WHERE name = '$studname'";
$getStudidQuery = mysqli_query($dbCon, $getStudidStm);
$row = mysqli_fetch_row($getStudidQuery);
$studid = $row[0];
$_SESSION['studid'] = $studid;
$_SESSION['course'] = $course;
$_SESSION['grade'] = $grade;
header("Location: insert.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title><?php echo $fullname ;?></title>
</head>
<body>
<div id="wrapper">
<h2>Insert new grade</h2>
<form id="insertForm" action="insert.php" method="post" enctype="multipart/form-data">
Student: <input type="text" name="studname" /> <br />
Course : <input type="text" name="course" /> <br />
Grade : <input type="text" name="grade" /> <br />
<input type="submit" value="Insert" name="Submit" />
</form></div>
</form>
</body>
</html>
and insert.php
<?php
session_start();
if (isset($_SESSION['studid'])) {
include_once("dbConnect.php");
$studid = $_SESSION['studid'];
$course = $_SESSION['course'];
$grade = $_SESSION['grade'];
echo $studid;
echo $course;
echo $grade;
}
My problem is that insert.php doesn't display anything. I really don't understand what I'm doing wrong. Need some help.
your problem is in your form:
<form id="insertForm" action="insert.php" [...]
you send data to insert.php but all the 'magic' with
$_SESSION['studid'] = $studid;
$_SESSION['course'] = $course;
$_SESSION['grade'] = $grade;
you keep in profesor.php
Just change action="insert.php" to action="profesor.php" and it should work fine.