I have created a drop down menu where, if user opens link 1 it directs it into form containing 3 text boxes.
In the same way with link 2 will contain 5 text boxes.
It's totally depend's upon user request. Each may contain different no of text boxes. So now I need to save input from form automatically in database,
when ever user press submit!!!!.
Form input must be saved in database.
Can be any language and any type of database I will learn.
Any help will be highly appreciated!!.
Thank you
In PHP, form "submission" leads to another web page, carrying the values in the form either in $_GET or $_POST. Clue it in thus: <form action=next.php method=POST> (or method=GET).
That other web page should do several steps.
Connect to the database. (The previous page's connection is gone.)
Parse the args.
Build INSERT statements (or whatever). Recommend studying the "mysqli" and/or "PDO" set of routines.
Perform them.
You did not say anything that indicated the necessity of AJAX.
Related
Problem
I am developing an application (in PHP) in which, I will show the user a report of some derived values based on previous entries he had done and the user will check for correctness - if correct, then the user can press Save button to submit it to database. Otherwise, the user should be able to edit previous entries, but he should not be able to change derived values in that report.
For that purpose, I have enclosed these values in a hidden input field, so a normal user can not alter these values, but if web developers could inspect the element in their browser and change these values.
Can we prevent these type of attack? If so, how?
My thoughts
I can make a string of all hidden fields, encrypt it and save in another hidden field - after postback I can cross-verify actual value and encrypted value.
Is this the correct way to achieve this? and how to do this
What do you think?
It's very hard to get a good idea of what you are trying to do but perhaps a solution could be to display a form with input fields disabled (http://www.w3schools.com/tags/att_input_disabled.asp) then have at the bottom of your page e.g. Is this information correct? .. Then 1 option to Save, and one option for No/Edit. Then do an if(isset($_POST['edit'])) { .. run form again but with input fields not disabled }
Only have your SQL update code in the 'edit' section of the code, and have a seperate SQL update code for the save section which just moves the values from wherever you are grabbing them from, to wherever they need to be.
Hope that helps.
If there are derived values that you need to fill out your form, but don't want to use hidden fields - I suggest using session variables that would contain those derived values as needed. Depending on how many of these forms there are, and how many users will be using them - the overhead is usually negligible with this number of fields (in the 30s)... if you discard them when not needed of course.
I have a database app written in PHP (jQuery/JS on the front end) that has bilingual labels/text. Currently one can only change one's language on a maintenance page (form submission, then PHP updates a session variable with their new language choice), but the users would like me to add a language pulldown that would appear in the corner of all pages. When the page contains a form, I don't want users to lose their partially entered data if they happen to change the language, so I need to save/restore the form data somehow. Is there an easy way to do that? I know I can use jQuery to serialize the form, but then what? Send that added onto the URL and pick it up in PHP? Then what? Write some routine to loop through the form fields and handle them properly (inputs, selects, radio boxes, etc. are all different)? It seems like there should be an easier way. I don't mind restricting myself to HTML5-supported solutions or adding jQuery plugins.
How about localStorage?
If user has filled any input fields, save them to localStorage and delete the data after user submits the form.
My suggestion is to:
Submit the Language and any wanted user data when changing language to the server using $.ajax or $.post
I would like to offer the ability for users to open a form built using PHP/HTML and then on that form have a box which allows them to search for employees then want to send the form to without having to submit the form at this stage.
They will get a search box which allows them to enter the name or part name, the query then finds all employees which match the input string and they then choose the correct employee and that respondent is added to a list and they then search for the next employee and so on until they have added as few or many as they like.
Once they have selected the names, they then fill in some other standard fields on the form and then a separate entry is created in the "forms" table for each request sent.
Happy how to do the last part in terms of entering it into the database etc and how to do a "normal" search in PHP/MySQL but what should I do for the search within a form and add to the list pre submitting?
the technique you are looking for is AJAX which uses javascript to examine the form field as they type, talk to the php, get data, then show it back to the user without having to reload the page or sumbit the form. The exact thing you describe is called auto complete which there are many prebuilt tools for (or you can build your own custom one with some js knowledge). I am not going to try to post all the code here since it would be rather long and involved but if you search around these terms you will surely find what you need.
This can all be achieved with Javascript.
If you have a small number of employees, you could send an array of employees with the page. Use an 'onchange' event in the form field so that with each keypress you run a lookup matching the employees against the typed text.
It's likely that you don't have a small enough number of employees, and also I'm not sure best practice advocates sending your entire company address book inside a web page! In that case you will need to do the same using Javascript ajax calls within the page. On each keypress, fire a request back to the server asking for employees matching the text string.
You will need to dynamically display the matching employees in another form widget that allows for selection, or maybe as text with checkboxes etc.
There are plugins that manage all the client side part of this but you will still have to put together your own web service to do the employee lookup.
There are two most notable ways of inserting a row into a MySQL database using PHP:
Create a single PHP file which uses a loop to detect whether isset($_POST['submit_button'] has been submitted, and if the form has not been submitted then display the HTML form. If the form has been submitted, during the loop insert the data into the MySQL table.
Create the HTML form on page1.html and when the form is submitted parse the data and insert into the MySQL table on page2.php.
Both methods work perfectly fine - however, based on your own opinion, is one better than the other (such as security, maintainability etc...)?
Given the choice, I would choose neither. Instead I would opt for the Post-Redirect-Get (PRG) pattern, by which the form posts to a secondary page which only processes the input, but produces no output itself. Upon successful or unsuccessful completion of processing, the script redirects to a final page, which may be the original form page to display messages, errors, or request resubmission.
Typically, session variables would be used to pass information back to the final redirection point, whether that means values from $_POST to repopulate a form, or success/error codes.
This goes a long way toward solving issues with accidental form resubmission via the browser back button.
Your second method of posting to a different page is like an incomplete form of PRG.
I can say that from a usability standpoint, I prefer the first method, because it allows you to create sticky forms, i.e.
<input id="foo" name="foo" value="<?php echo $_POST['foo']; ?>" />
For cases where it is practical, I'd try to get away from having a second user pageload at all. page1.html submits via AJAX to a web service provided via page2.php. And yes, there are many cases where this isn't appropriate, but the most common patterns I can think of where the form handler is simply inserting rows into a database are well suited to an AJAX submit.
I have a website and I want to make it easier for someone to change certain information being shown without them having to edit the HTML/PHP and using FTP.
At the moment I have this information in a php file which is included in the MYSQL query.
It would be a lot easier if this was done using a form, say a text field where a person can type the table name and it updates on the main page and starts displaying that table instead.
Sorry if I haven't explained this well. :(
I have a good news for you.
Every php/mysql-driven site in the world is made this exact way - to edit site contents using HTML form.
Even first PHP version name was PHP/FI, stands for Form Interpreter.
Even better, a site user doesn't have to deal with mysql - it's all being done in PHP. No need to type table names into form field - all table names already written in PHP code.
Usual PHP application being connected to just one mysql database - so, no need to choose.
As for the tables, it's being done this way: a user selects some human-readable matter, like "Latest news" and being redirected to the PHP script called, say, news.php. this script runs a query for the news table in the database and outputs some HTML formatted news highlights!
Even more, you don't even need to program! There are plenty of ready-made programs, such as Wordpress
store what you want to be editable in a mysql text field.
remove tags you dont want him to see
in the form echo the editable information in a textarea
have him edit
add tags
update the mysql
note depending on the users knowledge depends on how many tags you would like to remove/add. the less per a field the easier.
on more complicated things i like to have the person log in. if he has permission then all the editable fields have an edit button. if he clicks it it goes to a page with a form that he can use to edit that 1 field