I've tried creating a basic registration form (I'm pretty new to PHP).
The form works sometimes, but most of the times it's just sending blank entries into the MySQL database. Below is the code:
I have the following form:
<form action="#" method="post">
<h2 class="sub-heading-agileits">Participant 1</h2>
<div class="main-flex-w3ls-sectns">
<div class="field-agileinfo-spc form-w3-agile-text1">
<input type="text" name="name1" placeholder="Full Name" required="">
</div>
<div class="field-agileinfo-spc form-w3-agile-text1">
<select class="form-control" name="year1">
<option>Year</option>
<option value="1st Year">1st Year</option>
<option value="2nd Year">2nd Year</option>
<option value="3rd Year">3rd Year</option>
</select>
</div>
</div>
<div class="main-flex-w3ls-sectns">
<div class="field-agileinfo-spc form-w3-agile-text2">
<input type="text" name="phone1" placeholder="Phone Number" required="">
</div>
<div class="field-agileinfo-spc form-w3-agile-text2">
<input type="text" name="college1" placeholder="College" required="">
</div>
</div>
<div class="field-agileinfo-spc form-w3-agile-text">
<input type="email" name="email1" placeholder="Email" required="">
</div>
<h2 class="sub-heading-agileits">Participant 2</h2>
<div class="main-flex-w3ls-sectns">
<div class="field-agileinfo-spc form-w3-agile-text1">
<input type="text" name="name2" placeholder="Full Name">
</div>
<div class="field-agileinfo-spc form-w3-agile-text1">
<select class="form-control" name="year2">
<option>Year</option>
<option value="1st Year">1st Year</option>
<option value="2nd Year">2nd Year</option>
<option value="3rd Year">3rd Year</option>
</select>
</div>
</div>
<div class="main-flex-w3ls-sectns">
<div class="field-agileinfo-spc form-w3-agile-text2">
<input type="text" name="phone2" placeholder="Phone Number">
</div>
<div class="field-agileinfo-spc form-w3-agile-text2">
<input type="text" name="college2" placeholder="College">
</div>
</div>
<div class="field-agileinfo-spc form-w3-agile-text">
<input type="email" name="email2" placeholder="Email">
</div>
<div class="clear"></div>
<input type="submit" value="Submit">
<input type="reset" value="Clear Form">
<div class="clear"></div>
</form>
I'm sorry for the long form code.
This is the PHP code to post the data to the database:
$servername = "localhost";
$username = "fic";
$password = "fic201718";
$dbname = "fic201718";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$name1 = $_POST['name1'];
$year1 = $_POST['year1'];
$phone1 = $_POST['phone1'];
$college1 = $_POST['college1'];
$email1 = $_POST['email1'];
$name2 = $_POST['name2'];
$year2 = $_POST['year2'];
$phone2 = $_POST['phone2'];
$college2 = $_POST['college2'];
$email2 = $_POST['email2'];
$sql = "INSERT INTO identitytheft (Participant1Name,Participant1Year,Participant1Phone,Participant1College,Participant1eMail,Participant2Name,Participant2Year,Participant2Phone,Participant2College,Participant2eMail) VALUES ('$name1','$year1','$phone1','$college1','$email1','$name2','$year2','$phone2','$college2','$email2')";
$conn->query($sql);
if (!empty($_POST['name1'])) {
echo ("<script type=\"text/javascript\"> alert('Successfully Registered'); </script>");
}
However, the form sometimes inserts absolutely blank data into the database. It sometimes works though.
One thing that I have noticed is, I do not get blank rows if there are no special characters in the responses. My columns are set to utf8_unicode_ci (all of the columns). Could there be something wrong here?
Please help?
If your POST variables aren't empty and the data you see is what you expect then it isn't your form and most like your query. Use var_dump to check your post variables after the form submission.
var_dump($_POST);
The first thing I will note is that you current approach is susceptible to SQL injection, so you'll want to clean up your code. Look up prepared statments http://php.net/manual/en/mysqli.quickstart.prepared-statements.php.
I'll clean up your current query, which should work for you. I obviously don't have your database setup, so I can test it. You don't have to format it like I did and I don't usually format it this way unless I'm debugging -- it helps align the column names with the values.
<?php
$servername = "localhost";
$username = "fic";
$password = "fic201718";
$dbname = "fic201718";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$name1 = $_POST['name1'];
$year1 = $_POST['year1'];
$phone1 = $_POST['phone1'];
$college1 = $_POST['college1'];
$email1 = $_POST['email1'];
$name2 = $_POST['name2'];
$year2 = $_POST['year2'];
$phone2 = $_POST['phone2'];
$college2 = $_POST['college2'];
$email2 = $_POST['email2'];
$sql = "INSERT INTO identitytheft (
Participant1Name,
Participant1Year,
Participant1Phone,
Participant1College,
Participant1eMail,
Participant2Name,
Participant2Year,
Participant2Phone,
Participant2College,
Participant2eMail)
VALUES (
'".$name1."',
'".$year1."',
'".$phone1."',
'".$college1."',
'".$email1."',
'".$name2."',
'".$year2."',
'".$phone2."',
'".$college2."',
'".$email2."'
)";
$conn->query($sql);
if (!empty($_POST['name1'])) {
echo ("<script type=\"text/javascript\"> alert('Successfully Registered'); </script>");
}
?>
if(!empty($varname) && !empty($varname)){
sql statements over here within php code
}
you can add this similar type of code,as it works only when the input fields are not empty and does not post non empty data into your database
Related
There is no change and no response in the form or in the database. I believe
the code is okay as no error appears and I included the connect database pdo. The connection is okay, and I changed the position of code to be above the form and under form but still no response. I connected correctly.
I separated the php page but it did not help.
Where is the problem in this code ?
Summary of the problem:
1-no response or error message
2- data not inserted into database
connection database:
<?php
$dsn ='mysql:host=localhost;dbname=person';
$user ='root';
$pass = "";
$option = array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES UTF8",);
try{
$pdo = new PDO($dsn, $user , $pass, $option);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);}
catch(PDOException $e){
die("ERROR: Could not connect. " . $e->getMessage()); }
and form of html:
<div class="container">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method=" POST">
<label for="fname"> الاسم </label><br>
<input type=" text" id="fname" name="username" placeholder=" الاسم"><br>
<label for="email"> البريد الالكتروني </label><br>
<input type="email" id="email" name="email" placeholder="البريد الالكتروني "><br>
<label for="valley"> اسم الحي </label><br>
<input type="text" id="valley" name="valley" placeholder="اسم الحي "><br>
<label for="phone"> رقم الجوال</label><br>
<input type="text" id="phone" name="mobile" placeholder="رقم الجوال "><br>
<label for="subject">الطلب</label><br>
<textarea id="subject" name="subj" placeholder="اكتب الطلب " style="height:200px">
</textarea><br>
<input type="submit" name="submit" value="ارسل">
</form>
</div>
<br>
php and query insertion to database
<?php
include('connect_pdo.php');
if (isset($_post['submit'])) {
$name = $_POST['username'];
$email = $_POST['email'];
$valley = $_POST['valley'];
$phone = $_POST['mobile'];
$subject = $_POST['subj'];
$stmt = $pdo->prepare("INSERT INTO emails (username,email,valley,mobile,subj)
VALUES('$name','$email','$valley','$phone' ,'$subject')");
if ($stmt->execute()) {
echo "تم الارسال بنجاح";}
else {
echo "تم الارسال" } }
//I created an HTML form and created PHP code that should send the contents of the form to my database table, but while the page returns to its original state, which is fine, the data never makes it to the database -- and there is no error.
I originally tried to create a separate PHP form, but after doing some research found this to be more efficient, and cleaner. I just need it to work and to learn if it's possible of not for it to work.
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$zipcode = $_POST["zipcode"];
$email = $_POST["email"];
$subject = $_POST["subject"];
$comment = $_POST["comment"];
//connect to server
$dbhost = "localhost";
$username = "root";
$password = "";
$dbname = "point12_guestform";
$mysql = mysqli_connect($dbhost, $username, $password, $dbname);
$query = "INSERT INTO aboutpage
(firstname,lastname,zipcode,email,subject,comment) VALUES
$firstname, $lastname, $zipcode, $email, $subject, $comment";
mysqli_query($mysql, $query);
}
?>
//HTML Form code
<form method="POST" />
<br>
<fieldset>
<div class="col-50">
<input type="text" name="firstname" placeholder="First Name"
required />
</div>
<div class="col-50">
<input type="text" name="lastname" placeholder="Last Name"
required />
</div>
<div class="col-50">
<input type="number" name="zipcode" minlength="5"
maxlength="5" placeholder="Zip Code (where you live)"
required />
</div>
<div class="col-50">
<input type="email" name="email" placeholder="Email"
required />
</div>
<div class="col-50">
<select name="subject" required>
<option selected hidden value="">Please select the option
that best fits your request.
</option>
<option value = "guest">I want to be a guest on the
podcast.
</option>
<option value = "question">I have a question.</option>
<option value = "suggestion">I have a suggestion.</option>
</select>
</div>
<div class="col-50">
<textarea name="comment"
placeholder="Questions/Suggestions/Comments"></textarea>
</div>
<p>
<input class="submit" type="submit" value="Submit" />
</p>
</div>
</fieldset>
</form>
//There have been absolutely NO results and NO error messages.//HTML Form code
<form method="POST" />
<br>
<fieldset>
<div class="col-50">
<input type="text" name="firstname" placeholder="First Name"
required />
</div>
<div class="col-50">
<input type="text" name="lastname" placeholder="Last Name"
required />
</div>
<div class="col-50">
<input type="number" name="zipcode" minlength="5"
maxlength="5" placeholder="Zip Code (where you live)"
required />
</div>
<div class="col-50">
<input type="email" name="email" placeholder="Email"
required />
</div>
<div class="col-50">
<select name="subject" required>
<option selected hidden value="">Please select the option
that best fits your request.
</option>
<option value = "guest">I want to be a guest on the
podcast.
</option>
<option value = "question">I have a question.</option>
<option value = "suggestion">I have a suggestion.</option>
</select>
</div>
<div class="col-50">
<textarea name="comment"
placeholder="Questions/Suggestions/Comments"></textarea>
</div>
<p>
<input class="submit" type="submit" value="Submit" />
</p>
</div>
</fieldset>
</form>
//There have been absolutely NO results and NO error messages.
Taking all the comments into consideration, the following code would be a good start. I cannot guarantee that this will work out of the box, but it should at least show you some errors/warnings. Once you've corrected those, you can also rest assured that the data going into your DB is not vulnerable to SQL injection. You will still have to escape your output if you choose to display the user entered info.
Please notice:
Error reporting is on (How do I get PHP errors to display?)
MySQL errors will be turned into PHP exceptions (PDO::ERRMODE_EXCEPTION)
Using PDO + parameterized queries (https://phpdelusions.net)
Redirecting to self after query is executed so that a browser refresh doesn't post the data again.
HTML is cleaned up a bit
<?php
// Turn on error reporting
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Define your connection properties
$host = 'localhost';
$db = 'point12_guestform';
$user = 'root';
$pass = '';
$charset = 'utf8mb4';
// Build up your connection string and set options
// See this for more info: https://phpdelusions.net/pdo#dsn
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
// Finally, make a connection using PDO.
// This will throw an exception if something goes awry.
$pdo = new PDO($dsn, $user, $pass, $options);
// Build up your query
// Notice the query is using placeholders `?` instead of directly
// injecting user-entered (dangerous) data.
$sql = 'INSERT INTO aboutpage (firstname,lastname,zipcode,email,subject,comment) VALUES (?,?,?,?,?,?)';
$stmt = $pdo->prepare($sql);
// Finally, execute your query by passing in your data.
// This is known as a parameterized query and prevents SQL injection attacks
$stmt->execute([
$_POST["firstname"],
$_POST["lastname"],
$_POST["zipcode"],
$_POST["email"],
$_POST["subject"],
$_POST["comment"]
]);
// Redirect to self, so that a browser refresh doesn't post data again.
header('Location: '.$_SERVER['PHP_SELF']);
exit;
}
?>
<!-- I clean up some of you HTML too. -->
<form method="post">
<div class="col-50">
<label>
<input type="text" name="firstname" placeholder="First Name" required>
</label>
</div>
<div class="col-50">
<label>
<input type="text" name="lastname" placeholder="Last Name" required>
</label>
</div>
<div class="col-50">
<label>
<input type="number"
name="zipcode"
minlength="5"
maxlength="5"
placeholder="Zip Code (where you live)"
required/>
</label>
</div>
<div class="col-50">
<label>
<input type="email" name="email" placeholder="Email" required>
</label>
</div>
<div class="col-50">
<label>
<select name="subject" required>
<option selected hidden value="">Please select the option
that best fits your request.
</option>
<option value="guest">I want to be a guest on the
podcast.
</option>
<option value="question">I have a question.</option>
<option value="suggestion">I have a suggestion.</option>
</select>
</label>
</div>
<div class="col-50">
<label>
<textarea name="comment" placeholder="Questions/Suggestions/Comments"></textarea>
</label>
</div>
<p>
<input class="submit" type="submit" value="Submit"/>
</p>
</form>
So I want to fetch my data from Database and be able to display and update it. Im on the part where I have to display a value from the db on a Dropdown but only the first option of the dropdown is being displayed.
Below is complete code.
<?php
mysqli_connect('localhost', 'root', '');
mysqli_select_db('storm');
$_GET['id'];
$ssh = $_GET['ssh'];
$_GET['provi'];
$_GET['impact'];
$_GET['advice'];
$_GET['date'];
$_GET['typhoon'];
$_GET['warning'];
?>
<html>
<body>
<div class="container">
<form action="edit.php" method="post">
<div class="form-group">
<label for="prov">Provinces</label><br>
<select id="prov" class="form-control" type="text" name="provi1">
<option value="Isabela"><?php echo $_GET['provi'];?></option>
<option value="La Union"><?php echo $_GET['provi'];?></option>
<option value="Pangasinan"><?php echo $_GET['provi'];?></option>
<option value="Ilocos Sur"><?php echo $_GET['provi'];?></option>
<option value="Ilocos Norte"><?php echo $_GET['provi'];?></option>
</select>
</div>
<div class="form-group">
<label>Date</label><br>
<input class="w3-input w3-border form-control" type="date" name="date" value="">
</div>
<div class="col-md-6">
<div class="form-group">
<label>Typhoon Name</label><br>
<input type="text" name="typhoon" value="<?php echo $_GET['typhoon']; ?>" class="form-control">
<input type="hidden" name="id" value="">
</div>
<div class="form-group">
<label>Warning #</label><br>
<input type="text" name="warning" value="<?php echo $_GET['warning']; ?>" class="form-control">
</div>
</div>
<div class="col">
<div class="form-group">
<input class="btnSubmit" type="submit" value="Update" name="submit" style="background-color: #408cff;">
<input class="btnSubmit" type="reset" value="Cancel" style="background-color: #de5959;">
</div>
</div>
</form>
<?php
if(isset($_GET['submit'])){
$id = $_GET['id'];
$ssh = $_GET['ssh'];
$muni = $_GET['muni'];
$impact = $_GET['impact'];
$advice = $_GET['advice'];
$date = $_GET['date'];
$typhoon = $_GET['typhoon'];
$warning = $_GET['warning'];
$query = "UPDATE twothree SET ssh='$ssh', muni='$muni', impact='$impact', advice='$advice', date='$date', typhoon='$typhoon', warning='$warning' WHERE id='$id'";
$data = mysqli_query($conn, $query);
if($data){
echo "Record Updated Successfully!";
}else{
echo "Record Not Updated.";
}
}
?>
I'm pretty sure that I am doing something wrong. Hope you guys figure it out for me. I'm new to this and I hope that I can learn from you guys. Thanks.
You can use something like this at basic level. this will retrieve all data from table and add a dropdown option to it.
<select class="" name="" required>
<option value="" selected disabled>Select a option</option>
<?php
$select_1 = $db->query("SELECT * FROM table");
while ($row_1 = $select_1->fetch_assoc()) {
?>
<option value="<?php echo $row_1['value']; ?>">
<?php echo $row_1['name']; ?>
</option>
<?php } ?>
</select>
where $db is your database connection and it must be mysqli connection.
You should do like this, to display the list of provinces.
<?php
$host = "localhost";
$user = "root";
$pwd = "";
$db = "storm";
$db_connection = new mysqli($host, $user, $pwd, $db);
if ($db_connection->connect_errno) {
printf("Connect failed: %s\n", $db_connection->connect_error);
exit();
}
//select provinces here
$provinces = $db_connection->query("Select * from provinces"); //change provinces according to your table name that you want to query.
?>
<div class="form-group">
<label for="prov">Provinces</label><br>
<select id="prov" class="form-control" type="text" name="provi1">
<?php
while ($row = $provinces->fetch_object()){
echo '<option value="'.$row->province_name.'">'.$row->province_name.'</option>'; //change province_name according to your fieldname.
}
?>
</select>
</div>
<?php
$db_connection->close();
?>
bro you need to loop data form your database to get continuous data out of your database you could use this.
<?php
$host = "localhost";
$user = "root";
$pwd = "";
$db = "storm";
$db_connection = new mysqli($host, $user, $pwd, $db);
if ($db_connection->connect_errno) {
printf("Connect failed: %s\n", $db_connection->connect_error);
exit();
}
//select provinces here
$query = mysqli_query($db_connection,"Select * from provinces");
?>
<div class="form-group">
<label for="prov">Provinces</label><br>
<select id="prov" class="form-control" type="text" name="provi1">
<?php
while ($row = mysqli_fetch_assoc($query)){
echo '<option value="'.$row["province_name"].'">'.$row["province_name"].'</option>'; //change province_name according to your fieldname.
}
?>
</select>
</div>
<?php
$db_connection->close();
?>
you code should look like this
<?php
session_start();
$host = "localhost";
$user = "root";
$password = "";
$database = "tuition";
$conn = mysqli_connect($host, $user, $password, $database);
?>
<div role="tabpanel" class="tab-pane fade in" id="sign_up">
<form action="" method="post">
<input type="text" class="form-control" name="register_name" placeholder="Name" required />
<input type="text" class="form-control" name="register_ic" placeholder="IC" required />
<input type="telephone" class="form-control" name="register_phone" placeholder="Telephone" required />
<input type="email" class="form-control" name="register_email" placeholder="Email" required />
<input type="password" class="form-control" name="register_password" placeholder="Password" required />
<input type="submit" class="form-control" name="register_btn" value="Sign up" />
</form>
</div>
<?php
if(isset($_POST['register_btn'])){
$name = $_POST['register_name'];
$ic = $_POST['register_ic'];
$phone = $_POST['register_phone'];
$email = $_POST['register_email'];
$password = md5($_POST['register_password']);
$result = mysqli_query($conn,"select parent.parent_ic from parent where parent_ic ='$ic'");
if(mysqli_num_rows($result)!=1){
mysqli_query($conn,"insert into parent(parent_name,parent_ic,parent_email,parent_contact_num,parent_password) values ('$name','$ic','$email','$phone','$password')");
?>
<script type="text/javascript">
alert("success");
</script>
<?php
}
else{
?>
<script type="text/javascript">
alert("fail");
</script>
<?php
}
}
?>
It coming out with alert success, but it do not insert the data into the database.But when I hard code insert the data into the database it work! Why?
Here is the result after I click submit button:
You should see by printing error after insert data query
echo("Error description: " . mysqli_error($conn));
I think your MySQL error will be there.
Hi I created an rsvp form using bootstrap and PHP. I am new to PHP and database connections so I just wanted to confirm that I am doing it correctly. Am I using the correct syntax, is it safe from hacks (SQL injections), etc. Thanks.
Here is my PHP:
<?php
$servername = "rsvp.db";
$username = "******";
$password = "******";
$dbname = "rsvp";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if(isset($_POST["submit"])){
$serverrsvp = test_input($_POST["formrsvp"]);
$serverattend = test_input($_POST["formattend"]);
$serverfullname = test_input($_POST["formfullname"]);
$serveremail = test_input($_POST["formemail"]);
$serverguests = test_input($_POST["formguests"]);
$serverguestnames = test_input($_POST["formguestnames"]);
$serverextras = test_input($_POST["formextras"]);
$serverrsvp = mysqli_real_escape_string($conn, $serverrsvp);
$serverattend = mysqli_real_escape_string($conn, $serverattend);
$serverfullname = mysqli_real_escape_string($conn, $serverfullname);
$serveremail = mysqli_real_escape_string($conn, $serveremail);
$serverguests = mysqli_real_escape_string($conn, $serverguests);
$serverguestnames = mysqli_real_escape_string($conn, $serverguestnames);
$serverextras = mysqli_real_escape_string($conn, $serverextras);
$sql = "INSERT INTO rsvp (dbrsvp, dbattend, dbfullname, dbemail, dbguests, dbguestnames, dbextras)
VALUES ('$serverrsvp', '$serverattend', '$serverfullname', '$serveremail', '$serverguests', '$serverguestnames', '$serverextras')";
if ($conn->query($sql) === TRUE) {
echo "<script type= 'text/javascript'>alert('Thank you for your RSVP');</script>";
} else {
echo "<script type= 'text/javascript'>alert('Error: " . $sql . "<br>" . $conn->error."');</script>";
}
$conn->close();
}
?>
Here is my HTML:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div class="radio">
<label>Attending Wedding:<br>
<input type="radio" name="formrsvp" value="Yes" aria-label="..." checked>Yes, because I'm awesome! <br>
<input type="radio" name="formrsvp" value="No" aria-label="...">No, because I wish I was cooler... <br>
</label>
</div>
<div class="checkbox">
<label>Attending Friday Also?<br>
<input type="checkbox" value="Friday" name="formattend">Friday: Rehersal Dinner & Beach Party <br>
</label>
</div>
<div class="form-group">
<label for="formfullname">Full Name:</label>
<input required type="name" name="formfullname" class="form-control" placeholder="Please enter your full name">
</div>
<div class="form-group">
<label for="formemail">Email Address:</label>
<input required type="email" name="formemail" class="form-control" placeholder="Please enter your email address">
</div>
<div class="select">
<label>Any Extra Guests:</label>
<select name="formguests" class="form-control">
<option value="0">0</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
</div>
<div class="textarea">
<label>Guest Names:</label>
<textarea name="formguestnames" class="form-control" rows="6" placeholder="Please enter the full name of any extra guests joining you..."></textarea>
</div>
<div class="textarea">
<label>Anything of Note:</label>
<textarea name="formextras" class="form-control" rows="10" placeholder="Please enter any specific information for the bride and groom, such as vegetarian guests, allergies, etc. If info is specific to a guest, please enter their name as well as info..."></textarea>
</div>
<br>
<button type="submit" value="Submit" name="submit" class="btn btn-default">Submit</button>
</form>