I am posting a values from a HTML form to a php file. In my current code I am submitting several post values and have to do a check for each post variable if they are set.
I'd like to know if there is a more effective way of doing this. One requirement is that the values will be inserted in order.
HTML form:
<form>
<input type=text name=exercise1> <input type=text name=sets1>
<input type=text name=exercise2> <input type=text name=sets2>
<input type=text name=exercise3> <input type=text name=sets3>
<input type=text name=exercise4> <input type=text name=sets4>
...
</form>
SQL table:
id autoincrement
exercise varchar(200)
sets varchar(10)
I tried the next code:
$exercise1 = $_POST['exercise1'];
$sets1 = $_POST['sets1'];
$exercise2 = $_POST['exercise2'];
if(isset($exercise1)){
$sql = "insert into exercises (exercise, sets) values ($exercise1, $sets1)";
execute_sql($sql);
}
if(isset($exercise2)){
$sql = "insert into exercises (exercise, sets) values ($exercise2, $sets2)";
execute_sql($sql);
}
Default form method is GET, so you are probably not getting anything while trying to read $_POST. To fix it, you need to change this:
<form>
to this:
<form method="post">
To make it easier, you should redefine your form, so it would be an array:
<input type="text" name="exercise[]"> <input type="text" name="sets[]">
<input type="text" name="exercise[]"> <input type="text" name="sets[]">
<input type="text" name="exercise[]"> <input type="text" name="sets[]">
<input type="text" name="exercise[]"> <input type="text" name="sets[]">
That will keep an order as in code. Some browsers are not sending empty values, so it would be better to manually order them (so you would know, if there was no answer or whatever):
<input type="text" name="exercise[1]"> <input type="text" name="sets[1]">
<input type="text" name="exercise[2]"> <input type="text" name="sets[2]">
<input type="text" name="exercise[3]"> <input type="text" name="sets[3]">
<input type="text" name="exercise[4]"> <input type="text" name="sets[4]">
Now you can iterate through it in PHP like this:
<?php
foreach($_POST["exercise"] as $id => $exercise){
echo "EXERCISE $id: " . $exercise . ", SETS $id: " . $_POST["sets"][$id] . "<br />";
}
?>
Please note, that your SQL query is probably vulnerable to injection attacks!
Instead of raw query, you should use something like mysqli_real_escape_string() (or similar; depends what lib are you using to connect to database):
<?php
$sql = "insert into exercises (exercise, sets) values (" . mysqli_real_escape_string($exercise) . "," . mysqli_real_escape_string($_POST["sets"][$id]) .")";
?>
Related
I need to insert the value of form into the data table.
here is my form for taking a test.
<form method="post" action="">
1<input type="text" name="answer">
3<input type="text" name="answer">
5<input type="text" name="answer">
7<input type="text" name="answer">
<input type="submit" name="submit">
</form>
how to store this all answer in one field of the data table
i have tried this code but its not storing all value
if(isset($_POST['submit']))
{
$answer = json_encode($_POST['answer']);
$query = "INSERT INTO `test` (`answer`) VALUES ('$answer')";
mysqli_query($con, $query);
if (mysqli_query($con, $query)) {
echo "inserted ";
} else {
echo "Error updating record: " . mysqli_error($con);
}
}
Try changing your HTML code to this.
<form method="post" action="">
1<input type="text" name="answer[]">
3<input type="text" name="answer[]">
5<input type="text" name="answer[]">
7<input type="text" name="answer[]">
<input type="submit" name="submit">
</form>
When you submit the form the $_POST['answer'] would look something like this
Array
(
[answer] => Array
(
[0] => first answer
[1] => second answer
[2] => third answer
[3] => fourth answer
)
)
Above is a printout of $_POST variable like so print_r($_POST)
Now you can easily get all the answer inputs inside PHP and have it converted to json like so
$answer = json_encode($_POST['answer']);
However since you are saving this inside mysql I would suggest using serialize() instead of json_encode(). Please read about serialize() https://www.php.net/manual/en/function.serialize.php
I can not update my database with sent variable "$id_zaznamu". I do not know why. If I use number, for example 5 or 4, it works. With variable "$id_zaznamu" doesn´t. But in the different examples with variabable $id_zaznamu everythning works correctly. In other words exactly the same variable "$id_zaznamu" works correctly in different situations, in this case not. It seems to me as if it is not integer, and it is. For any help I will be very thankful.
PHP:
$id_zaznamu=$_GET['id_zaznamu']; //get from different page
$error="";
if(isset($_GET['modify']))
{
$zadavatel=mysqli_real_escape_string($link,$_GET['zadavatel']);
$kontakt=mysqli_real_escape_string($link,$_GET['kontakt']); $somevalue=$_GET['someid'];
if(mysqli_query($link, "UPDATE zaznamy SET zadavatel='$zadavatel', kontakt='$kontakt' WHERE id_zaznam='$somevalue'"))
{
header("location:vypis.php");
}else
{
echo "Error: " . $sql . "<br>" . mysqli_error($link);
}
}
HTML:
<form method="GET" action="upravbyt.php"><br>
<label>Name:
<input type="text" name="zadavatel" class="field col-12" placeholder="Meno zadávateľa"/></label><br><br>
<label>Contact:
<input type="text" name="kontakt" class="field col-12" placeholder="Email"/></label><br><br>
<input type="hidden" name="someid" value="<?php $id_zaznamu=$_GET['id_zaznamu'];?>">
<input type="submit" name="modify" id="submit" class="btn" value="Upraviť"/><br><br>
</form>
You should add
<input name="id_zaznamu" value="...">
I've been tearing my hair out trying to figure out why the isset($_POST['Submit']) is not executing with my form. The data from the form is just not passing into the php code. Basically the code does not seem to be recognizing something like $ffname = $_POST["ffname"];
<?php
$ffname = $flname = $femail = $fcemail = $fpass = $fcpass = "";
if(isset($_POST['ffname'])){
$ffname = $_POST["ffname"];
$flname = $_POST["flname"];
$femail = $_POST["femail"];
$fcemail = $_POST["fcemail"];
$fpass = $_POST["fpass"];
$fcpass = $_POST["fcpass"];
echo "<p>Hello World<p>";
$con = mysqli_connect("localhost", "root", "") or die(mysqli_error());
mysqli_select_db($con, "userdata") or die(mysqli_error($con));
mysqli_query($con,"INSERT INTO tbluser (fname, lname, email, pass) VALUES('$ffname', '$flname', '$femail', '$fpass')")
or die (mysqli_error($con));
}
?>
<form method="post">
First Name: <input type="text" name="ffname" id="ffname" value="<?php echo $ffname;?>"><br>
Last Name: <input type="text" name="flname" value="<?php echo $flname;?>"><br>
E-mail: <input type="email" name="femail" value="<?php echo $femail;?>"><br>
Confirm E-mail: <input type="email" name="fcemail" value="<?php echo $fcemail;?>"><br>
Password: <input type="password" name="fpass" value="<?php echo $fpass;?>"><br>
Confirm Password: <input type="password" name="fcpass" value="<?php echo $fcpass;?>"><br>
<input type="submit" name="Submit" value="submit">
</form>
The other answer by #DerVO is correct. But there seems to be something else at play, since you say it still doesn't work.
A comment became too long, so I've built a full answer here.
Step 1:
Add a name to your input:
<input type="submit" name="Submit" value="submit">
However, relying on the submit in your $_POST is not the best plan. So I suggest watching a different form field - for example, ffname:
Step 2:
Improve your watch, using a different field:
if ( isset( $_POST['ffname'] ) ) {
// do your work
}
Lastly, you may be munging your form action attribute.
Step 3:
In order to keep things simple, if the form is supposed to submit to the same page, you can simply omit the form action.
<form method="post">
Betweeen these three items, the form will work, unless you have some problem with your server.
Step 4:
Clean up your form formatting. You've got odd spacing which is problematic. In an html element, the property="value" code needs to be without spaces, but spaces between properties. Example:
<!-- Your version -->
<input type = "text"name = "ffname"id = "ffname"value="<?php echo $ffname;?>"><br>
<!-- Clean / correct version -->
<input type="text" name="ffname" id="ffname" value="<?php echo $ffname;?>"><br>
Here's a "clean" version of your whole form:
<form method="post">
First Name: <input type="text" name="ffname" id="ffname" value="<?php echo $ffname;?>"><br>
Last Name: <input type="text" name="flname" value="<?php echo $flname;?>"><br>
E-mail: <input type="email" name="femail" value="<?php echo $femail;?>"><br>
Confirm E-mail: <input type="email" name="fcemail" value="<?php echo $fcemail;?>"><br>
Password: <input type="password" name="fpass" value="<?php echo $fpass;?>"><br>
Confirm Password: <input type="password" name="fcpass" value="<?php echo $fcpass;?>"><br>
<input type="submit" name="Submit" value="submit">
</form>
You need to give your input submit a name:
<input type="submit" name="Submit" value="Submit">
You have pass name of element in $_POST
try put name attribute in input submit
<input type = "submit" name="Submit" value = "1">
The form below is not adding points to the fourth field in the MySQL table "contest."
I can't find anything wrong with the code. Am I missing something obvious?
echo '<form action="http://www.website.com/folder/file.php" method="post">
<input type="hidden" value="'.$u.'" name="u">
<input type="hidden" value="'.$profile.'" name="profile">
<input type="hidden" value="'.$profileid.'" name="profileid">
<div class="friend2title"><label for="url">Add points:</label></div>
<div class="friend2field"><input name="state" type="text" id="state" maxlength="150"></div>
<div class="addresssubmit"><input name="submit" type="submit" value="Add"></div>
</form>
';
Then, on http://www.website.com/folder/file.php:
$u = $_POST['u'];
$profile = $_POST['profile'];
$profileid = $_POST['profileid'];
$state = $_POST['state'];
$state = mysql_real_escape_string($state);
mysql_query("INSERT INTO contest VALUES (NULL, 'critic', '$profileid', '$state', NULL')");
You have to declare the value attribute with the default value in your state input
<input name="state" type="text" id="state" value="' . $state . '" maxlength="150">
Additionaly, your code is vulnerable to SQL Injection, never trust in fields that came from users, it is very dangerous for your database.
I have done my research but have found nothing specific enough to my problem
I have an HTML form, asking for data, then a php script that is suppose to put the data in a mysql database
When i try it on my localhost, i dont get any errors
but when i check on phpmyadmin, there is no new data
the html:
<html>
<head>
<form action="insert.php" method="post">
ID: <input type="text" name="ID"><br>
Family ID: <input type="text" name="Family_ID"><br>
First Name: <input type="text" name="First_Name"><br>
Last Name: <input type="text" name="Last_Name"><br>
Gender: <input type="text" name="Gender"><br>
Birthday: <input type="text" name="Birthday"><br>
Birthplace: <input type="text" name="Birthplace"><br>
Father ID: <input type="text" name="Father_ID"><br>
Mother ID: <input type="text" name="Mother_ID"><br>
Maiden Name: <input type="text" name="Maiden_Name"><br>
Mariage ID: <input type="text" name="Mariage_ID"><br>
Deathdate: <input type="text" name="Deathdate"><br>
Deathplace: <input type="text" name="Deathplace"><br>
Grave Location: <input type="text" name="Grave_Location"><br>
Email: <input type="text" name="Email"><br>
Phone: <input type="text" name="Phone"><br>
Address: <input type="text" name="Adress"><br>
Bio: <input type="text" name="Bio"><br>
Studies: <input type="text" name="Travail"><br>
Travail: <input type="text" name="Travail"><br>
Photo: <input type="text" name="Photo"><br>
Fete: <input type="text" name="Fete"><br>
<input type="Submit">
</form>
</head>
<body>
</body>
</html>
the php:
$username='root';
$password='121395';
$database='genealogy';
mysql_connect("localhost",$username,$password);
#mysql_select_db($database) or die( 'Unable to select database');
echo "Connected to MySQL";
$ID=mysql_real_escape_string($_POST['ID']);
$Family_ID=mysql_real_escape_string($_POST['Family_ID']);
$First_Name=mysql_real_escape_string($_POST['First_Name']);
$Last_Name=mysql_real_escape_string($_POST['Last_Name']);
$Gender=mysql_real_escape_string($_POST['Gender']);
$Birthday=mysql_real_escape_string($_POST['Birthday']);
$Birthplace=mysql_real_escape_string($_POST['Birthplace']);
$Father_ID=mysql_real_escape_string($_POST['Father_ID']);
$Mother_ID=mysql_real_escape_string($_POST['Mother_ID']);
$Maiden_Name=mysql_real_escape_string($_POST['Maiden_Name']);
$Mariage_ID=mysql_real_escape_string($_POST['Mariage_ID']);
$Deathdate=mysql_real_escape_string($_POST['Deathdate']);
$Deathplace=mysql_real_escape_string($_POST['Deathplace']);
$Grave_Location=mysql_real_escape_string($_POST['Grave_Location']);
$Email=mysql_real_escape_string($_POST['Email']);
$Phone=mysql_real_escape_string($_POST['Phone']);
$Address=mysql_real_escape_string($_POST['Adress']);
$Bio=mysql_real_escape_string($_POST['Bio']);
$Travail=mysql_real_escape_string($_POST['Travail']);
$Photo=mysql_real_escape_string($_POST['Photo']);
$Fete=mysql_real_escape_string($_POST['Fete']);
$query = "INSERT INTO bouan (ID, Family_ID, First_Name, Last_Name, Gender, Birthday,
Birthplace, Father_ID, Mother_ID, Maiden_Name, Mariage_ID,Deathdate, Deatchplace,
Grave_Location, Email, Phone, Adress, Bio, Travail, Photo, Fete) VALUES
('$ID','$Family_ID','$First_Name','$Last_Name','$Gender','$Birthday','$Birthplace',
'$Father_ID','$Mother_ID','$Maiden_Name','$Mariage_ID','$Deathdate','$Deathplace',
'$Grave_Location','$Email','$Phone','$Address','$Bio','$Travail','$Photo','$Fete')";
mysql_query($query) or die ("Error updating database");
mysql_error();
mysql_close();
All i get in return is:
Connected to MySQLError updating database
whats wrong? (i HAVE done my research, over 2 days fyi)
im sorry that im new to this, cant help it
You should probably
provide mysql_query with the real query
sanitize data before feeding it to sql
use {$_POST['whatever']} when you want to embed it into a string
check the return value of mysql_query
learn a thing or two.
Your first approach looks fine, but for security reasons fetch the posted variables like below $ID=mysql_real_escape_string($_POST['ID']);
mysql_real_escape_string() method will remove the unwanted characters and makes it secure.
At the end try to print the query which you are executing using echo or print statement.
echo $query;
Execute the result on your phpmyadmin. Phpmyadmin will let you know what are the errors in your mysql query and following those instructions you can change your query.
Debugging can be done by printing the results after each line execution wherever you feel something is going wrong.
Use mysql_error() to receive last error. Also I see potential bug in your query:
'`$ID`','`$Family_ID`','`$First_Name`' -- you may try to remove ` sign
try to do these 2 things, first add value attribute to your all input elements
e.g)
<input type="text" name="Family_ID" value="">
because it will not get into $_POST variable if you send blank value in the text box with no value attribute
try to add filed names so that you can track map with values and remove
`
from your field and value.