Cant input data to database with PDO - php

im trying to input data to database with PDO,i make a form for users to input,so forminput -> inputprocess.
But i cant input coz when i press submit its going to proses_input.php and show blank page.
I try to write the code in 1 file but when i press submit it show the input form again.
Here is my form_input.php
<form method="POST" action="proses_input.php">
<table>
<tr>
<td>Nama</td>
<td> : </td>
<td>
<input type="text" name="nama" required>
</td>
</tr>
<tr>
<td>No. Pegawai</td>
<td> : </td>
<td>
<input type="text" name="no_pegawai" required>
</td>
</tr>
<tr>
<td>Bagian</td>
<td> : </td>
<td>
<input type="text" name="bagian">
</td>
</tr>
<tr>
<td>Jabatan</td>
<td> : </td>
<td>
<input type="text" name="jabatan">
</td>
</tr>
<tr>
<td></td>
<td></td>
<td>
<button type="submit" value="submit">Input</button>
</td>
</tr>
</table>
</form>
and here is my proses_input.php
<?php
include_once "connect.php";
if (isset($_POST["submit"])) {
$no_pegawai = $_POST['no_pegawai'];
$nama = $_POST['nama'];
$bagian = $_POST['bagian'];
$jabatan = $_POST['jabatan'];
try { //KONDISI
$sql = "INSERT INTO phonebook (no_pegawai, nama, bagian, jabatan)
VALUES (:no_pegawai, :nama, :bagian, :jabatan)";
$input = $conn->prepare($sql);
$input->bindparam(':no_pegawai', $no_pegawai);
$input->bindparam(':nama', $nama);
$input->bindparam(':bagian', $bagian);
$input->bindparam(':jabatan', $jabatan);
$input->execute();
header('location: admin.php');
} catch (PDOException $e) {
echo $e->getMessage();
}
}
?>
IDK why but everytime i input data to my form,its always stuck on proses_input.php with blank page.i already try to put it in one php file but still not works. Pls help me,thanks


As mentioned above you haven't named your button, therefore it won't match the condition isset($_POST["submit"]) because there is no field named "submit" in your $_POST array. Also worth noting that you should not rely on users input. I saw that you are using parameterized query which is nice but don't forget to escape these values when displaying them on the UI to avoid XSS vulnerabilities.

Related

how to display data from mysql, on tables that have been created in the .html file

I am confused how to display data that has been entered into mysql by
via file.php to be displayed into the existing table in file.html
here is the code .html :
<form class="formnya" action="../php/newcustomer.php" method="POST" enctype="multipart/form-data">
<table class="form_new_customer">
<tr>
<th colspan="2"><h3 align="center"><u>Customer Baru</u></h3></th>
</tr>
<tr>
<td>Nama Lengkap:</td>
<td><input type="text" name="nama_lengkap"></td>
</tr>
<tr>
<td>Jenis Kelamin:</td>
<td>
<input type="radio" name="gender" value="Pria">Pria
<input type="radio" name="gender" value="Wanita">Wanita
</td>
</tr>
<tr>
<td>Nama Toko:</td>
<td><input type="text" name="nama_toko"></td>
</tr>
<tr>
<td class="alamat">Alamat:</td>
<td><textarea rows="5" cols="21" name="alamat"></textarea></td>
</tr>
<tr>
<td>No.Hp/Telp :</td>
<td><input type="text" name="no_hp"></td>
</tr>
<!-- <tr>
<td>Foto KTP: </td>
<td><input type="file" name="files"></td>
</tr> -->
<tr>
<td></td>
<td><input type="submit" name="submit" class="btn1"></td>
</tr>
</table>
</form>
and below is my .php file
<?php
if(isset($_POST['submit'])){
include_once 'connect.php';
$nama_lengkap = $_POST['nama_lengkap'];
$gender = $_POST['gender'];
$nama_toko = $_POST['nama_toko'];
$alamat = $_POST['alamat'];
$no_hp = $_POST['no_hp'];
// $files = $_FILES['files'];
$sql = "INSERT INTO user ('nama_lengkap','jenis_kelamin','nama_toko','alamat','no_handphone')
VALUES ('$nama_lengkap','$gender','$nama_toko','$alamat','$no_hp')";
$result = $conn->query($sql);
header("Location: ../pages/newcustomer.html?=success");
}
?>
so my question is, may i used the file .html to show the data from .php?

You can use Ajax (use another PHP file) to load data from database and then display in your HTML file.
But, you can also convert your .html file to .php file in order to get data from MySQL directly.
For Ajax based data, please refer to this example:
https://www.w3schools.com/pHP/php_ajax_php.asp
From the ajax URL (a PHP file), you can return data in JSON format or a complete HTML based table. Better is to return JSON based data, then parse the data in your JavaScript code and insert the data in your HTML table in code.html
PS: You can call Ajax function on document/body onload event like:
<head>
<script>
function getData() {
// Your ajax code here (URL given above for example code)
}
</script>
</head>
<body onload="getData()">
...
</body>

How to pass a variable to another page in php using GET or POST method?

I am making an editing form.
There are 2 forms, one form called edit1.php and another form called edit.php. This second one should get the id generated from the edit1.php and use it to generate further queries. The following is the code for the 2 files:
edit1.php:
<table>
<tr>
<td align="center"><h4><b>EDIT DATA</b></h4></td>
</tr>
<tr>
<td>
<table border="3">
<form action="edit.php" method="get">
<?php
$vendors = "SELECT `vendor`.`v_id`,`vendor`.`v_name` FROM `stfood`.`vendor`";
$result = mysqli_query($con, $vendors);
while ($row = mysqli_fetch_array($result)){
echo ("<tr><td>'".$row["v_id"]."'</td>");
echo ("<td>'".$row["v_name"]."'</td>");
echo ("<td>Edit</td></tr>");
}
?>
</form>
</table>
edit.php:
<?php
require 'init.php';
require 'functions.php';
?>
<html>
<head>
<title>Form Edit Data</title>
</head>
<body>
<table border=1>
<tr>
<td align=center>Form Edit vendor Data</td>
</tr>
<tr>
<td>
<table>
<?php
echo $_REQUEST['v_id'];
$vendor = "SELECT `vendor`.`v_name`, `vendor`.`v_email`,`vendor`.`v_desc`,`vendor`.`cont_id` FROM `stfood`.`vendor` WHERE `vendor`.`v_id` = '".$v_id."'";
$vendor_result = mysqli_query($con, $vendor);
$row = mysqli_fetch_array($vendor_result);
?>
<form method="post" action="edit_data.php">
<input type="hidden" name="id" value="<?php echo $row["v_id"];?>">
<tr>
<td>Name</td>
<td>
<input type="text" name="name" size="20" value="<?php echo $row["v_name"]; ?>">
</td>
</tr>
<tr>
<td>Email</td>
<td>
<input type="text" name="email" size="50" value="<?php echo $row["v_email"];?>">
</td>
</tr>
<tr>
<td>Vendor Description</td>
<td>
<input type="text" name="description" size="100" value="<?php echo $row["v_desc"];?>">
</td>
</tr>
<tr>
<td align="right">
<input type="submit"
name="submit value" value="Edit">
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
When I run the code, the first form displays all the relevant data, and when I click on the edit link the page gets redirected and I can see the v_id passed in the URL, but nothing comes into the edit.php file. When I do a var_dump($row['v_id']); I get NULL.
Why is v_id not set in edit.php?

Since your hyperlink looks like this:
Edit
Your edit.php should use
echo $_GET['id'];
// or something like this
$received_id = $_GET['id'];
// do validation whether you received a good id or not and then move on
...
...
<input type="hidden" name="id" value="<?php echo $received_id;?>">

on your edit.php page you have:
Edit
now on your edit1.php you should first have a isset() and then as follow:
if(isset($_GET['id']){
$id = $_GET['id'];
//carry on blah3 ...

In the edit1.php you have not used form elements. The value $row['v_Id'] should be the value of form element input like this inside form
<input type='hidden' name='v_I'd value ='<?php echo $row['v_id'] ?>'>

Try using $_GET['id'] instead of $_REQUEST['v_id'] on edit.php
See example #1 here
Also, have you defined the $v_id before using it in the query?
Like this.

How do I insert data from a form into multiple tables?

How do I insert data from a form into multiple tables? This is what I have so far :
<?php
require 'db/connect.php';
$Apple = trim($_POST['Apple']);
$Orange = trim($_POST['Orange']);
$Banana = trim($_POST['Banana']);
if (empty($Apple) && empty($Orange) && empty($Banana)){
$error = "Please pick your fruits";
} else {
$insert = $db->prepare("INSERT INTO fruits (Apple, Orange, Banana) Values (?,?,?)");
$insert->bind_param("sss", $Apple, $Orange, $Banana);
?>
//HTML SECTION
<form action="" method="post">
<table>
<tr>
<td><label for="Apple">Apples :</label></td>
<td><input type="text" id="Apple" name="Apple"></td>
</tr>
<tr>
<td><label for="Orange">Oranges:</label></td>
<td><input type="text" id="Orange" name="Orange"></td>
</tr>
<tr>
<td><label for="Banana">Bananas:</label></td>
<td><input type="text" id="Banana" name="Banana"></td>
</tr>
<td>
<button type="submit" class="create" name="create">CREATE</button>
<a class="btn" href="index.php">BACK</a>
</td>
</tr>
</table>
What I would like to do is this - within the form, have another field (say tomatoes), that when the user clicks "submit", apple / orange / banana goes to the fruits table, and "tomato" goes to the "vegetables" table.
Does anyone know how to achieve this?

Here is what I finally came up with, I made the mistake of misplacing the binding code for "Tomato". One thing that I am still confused about, and am unsure about how to approach, is how I can make it to where when I click on a form field for the below example, it will populate a popup that shows current contents of the database, and allow you to copy contents of that popup(item) to the form field if needed. Another example would be a customers and products table, you make a form field to take a customer and a product, when you click on "product" form field, it populates with all products, and allows you to click on one of the populated products to assign to that customer.
<?php
require 'db/connect.php';
$Apple = trim($_POST['Apple']);
$Orange = trim($_POST['Orange']);
$Banana = trim($_POST['Banana']);
$Tomato= trim($_POST['Tomato']);
if (empty($Apple) && empty($Orange) && empty($Banana) && empty($Tomato)){
$error = "Please pick your fruits";
} else {
$insert = $db->prepare("INSERT INTO fruits (Apple, Orange, Banana) Values (?,?,?)");
$insert->bind_param("sss", $Apple, $Orange, $Banana);
$insert = $db->prepare("INSERT INTO veggies(Tomato) Values (?)");
$insert->bind_param("s", $Tomato);
?>
//HTML SECTION
<form action="" method="post">
<table>
<tr>
<td><label for="Apple">Apples :</label></td>
<td><input type="text" id="Apple" name="Apple"></td>
</tr>
<tr>
<td><label for="Orange">Oranges:</label></td>
<td><input type="text" id="Orange" name="Orange"></td>
</tr>
<tr>
<td><label for="Banana">Bananas:</label></td>
<td><input type="text" id="Banana" name="Banana"></td>
</tr>
<td>
<button type="submit" class="create" name="create">CREATE</button>
<a class="btn" href="index.php">BACK</a>
</td>
</tr>
</table>

Change textbox based on select

I'm trying to develop a little project and I got a little problem
I'm making a PHP page connected to a MySQL Server. I have a page where only the administrator have access and that page allows him to change users information.
So, I have a select that show all usernames on website and 3 textbox where can be inserted the First Name, Last Name and e-mail.
My database update successfully, but what i'm trying to do is when is select a username on select the 3 textbook auto fill with that username information.
Here is an image that explains better what I would like to do.
Sorry for my english and thanks to all
http://s3.postimg.org/da9srvh5f/table_copy.jpg

<script type="text/javascript">
function reload() {
var val=document.getElementById("c-name").value;
self.location="your_url.php?name=" + val ;
//alert(val);
}
</script>
<form name="data" action="your_url.php" method="post">
<table id="tbl">
<tr>
<td>Name </td>
<td>
<select id="c-name" name="name" onChange="reload()" style="width:340px;">
<option value="">Select Name</option>
<option value="abc">ABC</option>
<option value="xyz">XYZ</option>
<option value="mno">MNO</option>
</select>
</td>
</tr>
<?php
if(isset($_GET['name'])){
$name = $_GET['name'];
$SQL_Data = "select * from client_data where cname = '".$name."'";
$result = mysqli_query($SQL_Data);
while($details = mysqli_fetch_array($result)) {
?>
<tr>
<td>First Name</td>
<td><input type="text" name="fname" class="c1" value="<?=$details['fname']?>" /></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" class="c7" name="lname" value="<?=$details['lname']?>" /></td>
</tr>
<tr>
<td>User Name</td>
<td><input type="text" class="c7" name="uname" value="<?=$details['uname']?>" /></td>
</tr>
<?php
} }
?>
<tr><td align="center" colspan="2"><input type="submit" name="submit" value="Submit" /></tr>
</table>
</form>

You could have your PHP backend return JSON data to your frontend. Then, with javascript, do something like:
document.getElementsById('ID').Value = VALUE;
Where ID is the Id of your select and VALUE is the value found in your JSON data.
Alternatively, you could do this purely in PHP/MySQL.

Form submitting/inserting data to mySQL database on page load

I am having an issue with one of my .php pages.
adddata.php has a form which allows a user to submit certain data to the database however each time the page loads or is refreshed, the empty form is submitted (creating a row of blank values in the DB).
I have little experience with PHP so apologies in advance for any novice mistakes - here is the code:
<html>
<head>
<title>Project IPAM - Add Data</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="container" class="container" style="width:980px">
<?php
include('./templates/header.php');
include('./templates/dbconnect.php');
?>
<?php
if(isset($_POST['submit']))
{
$name = $_POST['address_v4'];
echo "Successful submitted";
}
?>
<div id="content" style="background-color:#ABCDEF;height:500px;width:980px">
<!-- This is a example submit form to add data to the database !-->
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><form method="post" action="adddata.php">
<table width="" border="0" cellspacing="1" cellpadding="3">
<tr>
<td colspan="3"><strong>Insert Data Into mySQL Database </strong></td>
</tr>
<tr>
<td>IP(v4)</td>
<td>:</td>
<td><input name="address_v4" type="text" id="address_v4" maxlength="15"></td>
</tr>
<tr>
<td>Hostname</td>
<td>:</td>
<td><input name="hostname" type="text" id="hostname" maxlength="32"></td>
</tr>
<tr>
<td>Type</td>
<td>:</td>
<td><select name="type">
<option value="static">Static</option>
<option value="dhcp">DHCP</option>
<option value="reserved">Reserved</option>
</td>
</tr>
<tr>
<td>Updated By</td>
<td>:</td>
<td><input name="updated_by" type="text" id="updated_by" maxlength="16"></td>
</tr>
<tr>
<td>Notes</td>
<td>:</td>
<td><input name="notes" type="text" id="notes" maxlength="128"></td>
</tr>
<tr>
<td>Location</td>
<td>:</td>
<td><textarea cols="17" rows="7" name="location" type="text" id="location" maxlength="64"></textarea></td>
</tr>
<tr>
<td>Default Gateway</td>
<td>:</td>
<td><input name="default_gateway" type="text" id="default_gateway" maxlength="15"></td>
</tr>
<tr>
<td>Subnet Mask</td>
<td>:</td>
<td><input name="subnet_mask" type="text" id="subnet_mask" maxlength="15"></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<?php
// Connect to the DB
include_once('./templates/dbconnect.php');
// Get values from form and checks whether values have been initilized using the isset() function.
$address=isset($_POST['address_v4']);
$hostname=isset($_POST['hostname']);
$type=isset($_POST['type']);
$updated_by=isset($_POST['updated_by']);
$notes=isset($_POST['notes']);
$location=isset($_POST['location']);
$default_gateway=isset($_POST['default_gateway']);
$subnet_mask=isset($_POST['subnet_mask']);
// Insert data into mysql
$sql="INSERT INTO $tbl_name(address_v4, hostname, type, updated_by, notes, location, default_gateway, subnet_mask)
VALUES('$address','$hostname','$type','$updated_by','$notes','$location','$default_gateway','$subnet_mask')";
if (!mysql_query($sql,$con))//
{
die('Error: ' . mysql_error());
}
mysql_close($con)
?>
</div>
<div id="footer" style="background-color:#FFA500;clear:both;text-align:center;">
Copyright © 2011 Richard Day
</div>
</div>
</body>
</html>

isset() checks if a value is set or not and returns true or false. Change that to something like:
if (isset($_POST['address_v4']))
{
// if the value does indeed exist, then prepare it to be used in an SQL query
// and assign it to the $address variable
$address = mysql_real_escape_string($_POST['address_v4']);
}
else
{
// if the value does not exist, then make the $address variable an
// empty string
$address = '';
}
Same for the rest of the variables you need to add in the query.

The problem is where you're checking is your $_POST variables are set, eg.:
$address=isset($_POST['address_v4']);
isset returns a boolean (true or false) value, not the data that's in the variable you're checking against. Change you're lines to something like this:
$address=isset($_POST['address_v4']) ? mysql_real_escape_string($_POST['address_v4']) : '';
mysql_real_escape_string will help prevent SQL injection attacks being carried out against your website.
EDIT
If I understand you right you also need to check to see if a form has actually been submitted before running your database statement, at the moment you're running it regardless of whether or not the form has been submitted. Move all of your PHP code from the bottom of the document inside the if(isset($_POST['submit'])) statement at the top, that should sort it out.
if(isset($_POST['submit'])) {
$name = $_POST['address_v4'];
echo "Successful submitted";
// Now the code from the bottom, minus the database file include as you've already got that further up in the code
$address=isset($_POST['address_v4']) ? mysql_real_escape_string($_POST['address_v4']) : '';
// ...

First of you need to verify your input.
Use isset(); to verify if they're set, use empty(); to check whether the variables are empty. Use the && operator to perform multiple checks at once.
Cast the variables to their appropriate data types. Escape your input with mysql_real_escape_string(); before storing into your database.
Use the post-redirect-get method to prevent form submission on refresh or reload.

Categories