This is for an assignment, so the code is based on how the learning resources are presented. I have a plant database that I have to make changes to, and then update plantID no.2. I have created the form which is then populated with plantID 2 info, but when I click the Update button after making changes, it wipes all the info for that entry in the database. I'm not sure where I have gone wrong. Any help would be awesome.
<?php
// MySQL Database Connect
require_once("connect.php");
// read the values from the form and store in variables
$botanicName = $_POST['bot_name'];
$commonName = $_POST['comm_name'];
$plantDescription = $_POST['pl_desc'];
$commonUse = $_POST['comm_use'];
$maxHeight = $_POST['m_height'];
$maxWidth = $_POST['m_width'];
$popular = $_POST['pop'];
// escape variables for security
$botanicName = mysqli_real_escape_string($conn, $bot_name);
$commonName = mysqli_real_escape_string($conn, $comm_name);
$plantDescription = mysqli_real_escape_string($conn, $pl_desc);
$commonUse = mysqli_real_escape_string($conn, $comm_use);
$maxHeight = mysqli_real_escape_string($conn, $m_height);
$maxWidth = mysqli_real_escape_string($conn, $m_width);
$popular = mysqli_real_escape_string($conn, $pop);
// create the UPDATE query
$query="UPDATE plant SET botanicName='$botanicName', commonName='$commonName', plantDescription='$plantDescription', commonUse='$commonUse', maxHeight='$maxHeight', maxWidth='$maxWidth', popular='$popular' WHERE plantID='2'";
//execute the query
$results = mysqli_query($conn, $query );
// check for errors
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
exit;
}
else {
// Redirect the browser window back to the make_changes page if there are no errors
header("location: ../make_changes.html");
}
?>
<h2>Edit a Plant</h2>
<?php
// run a select query to return the existing data for the record
$query = "SELECT * FROM plant WHERE plantID='2'";
$results = mysqli_query($conn, $query );
// capture any errors
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
}
else {
// fetch and store the results for later use if no errors
while ($row = mysqli_fetch_array($results)) {
$bot_name = $row['botanicName'];
$comm_name = $row['commonName'];
$pl_desc = $row['plantDescription'];
$comm_use = $row['commonUse'];
$m_height = $row['maxHeight'];
$m_width = $row['maxWidth'];
$pop = $row['popular'];
}
}
?>
<form method="post" action="code/update_plant.php">
<p>Botanic Name: <input type="text" name="botanicName" value="<?=$bot_name?>" required></p>
<p>Common Name: <input type="text" name="commonName" value="<?=$comm_name?>"required></p>
<p>Plant Description: <input type="text" name="plantDescription" value="<?=$pl_desc?>" required></p>
<p>Common Use: <input type="text" name="commonUse" value="<?=$m_height?>" required></p>
<p>Max. Height (m): <input type="text" name="maxHeight" value="<?=$m_height?>" required></p>
<p>Max. Width (m): <input type="text" name="maxWidth" value="<?=$m_width?>" required></p>
<p>Popular? (Y/N): <input type="text" name="popular" value="<?=$pop?>"required></p>
<input type="submit" name="submit" value= "Update">
</form>
The parameters sent to $_POST have the name key in your input so your $_POST['bot_name'] for example is empty, the correct way to get that name is $_POST['botanicName'].
This will be your post parameters:
$botanicName = $_POST['botanicName'];
$commonName = $_POST['commonName'];
$plantDescription = $_POST['plantDescription'];
$commonUse = $_POST['commonUse'];
$maxHeight = $_POST['maxHeight'];
$maxWidth = $_POST['maxWidth'];
$popular = $_POST['popular'];
The names you use in the form have to exactly match the indexes you use in $_POST. You are using variables that are not defined.
// read the values from the form and store in variables
$botanicName = $_POST['botanicName'];
$commonName = $_POST['commonName'];
$plantDescription = $_POST['plantDescription'];
$commonUse = $_POST['commonUse'];
$maxHeight = $_POST['maxHeight'];
$maxWidth = $_POST['maxWidth'];
$popular = $_POST['popular'];
Fix the mysqli escape function calls:
// variable $bot_name does not exist therefore it results in a null value
$botanicName = mysqli_real_escape_string($conn, $bot_name); // bad
// Fixed
$botanicName = mysqli_real_escape_string($conn, $botanicName); // good
Make the form input names the same as $_POST
<form method="post" action="code/update_plant.php">
<p>Botanic Name: <input type="text" name="botanicName" value="<?=$botanicName?>" required></p>
<p>Common Name: <input type="text" name="commonName" value="<?=$botanicName?>"required></p>
<p>Plant Description: <input type="text" name="plantDescription" value="<?=$plantDescription?>" required></p>
<p>Common Use: <input type="text" name="commonUse" value="<?=$maxHeight?>" required></p>
<p>Max. Height (m): <input type="text" name="maxHeight" value="<?=$m_height?>" required></p>
<p>Max. Width (m): <input type="text" name="maxWidth" value="<?=$maxWidth?>" required></p>
<p>Popular? (Y/N): <input type="text" name="popular" value="<?=$popular?>"required></p>
<input type="submit" name="submit" value= "Update">
</form>
I needed to change the indexes in the $_POST (I was using undefined variables) and change them also in the mysqli escape functions.
Related
I have The following form inputs I am trying to send these input data to "placebet.php" then retrieve the data and add a confirm or cancel button, then It can add to the database
<form action="placebet.php" method="post">
<div id="box" class="boxlit">
<div class="box" data-id="0">Myanmar - Vietnam<br>Home [1]<div class="crtTotal">4.30</div>
<input type="hidden" name="kickoff[]" value="7/17/2022 10:00">
<input type="hidden" name="match[]" value="Myanmar - Vietnam">
<input type="hidden" name="result[]" value="Home [1]" readonly="">
<input type="hidden" name="value[]" value="4.30"></div>
<div class="box" data-id="4">Thailand - Philippines<br>Draw [2]<div class="crtTotal">3.20</div>
<input type="hidden" name="kickoff[]" value="7/17/2022 13:30">
<input type="hidden" name="match[]" value="Thailand - Philippines">
<input type="hidden" name="result[]" value="Draw [2]" readonly="">
<input type="hidden" name="value[]" value="3.20"></div>
<div class="box" data-id="11">Botswana - Cameroon<br>Away [3]<div class="crtTotal">1.35</div>
<input type="hidden" name="kickoff[]" value="7/17/2022 22:00">
<input type="hidden" name="match[]" value="Botswana - Cameroon">
<input type="hidden" name="result[]" value="Away [3]" readonly="">
<input type="hidden" name="value[]" value="1.35"></div></div><br>
<input type="hidden" name="account[]" value="0818054386" readonly="">
<input type="hidden" name="balance[]" value="20" readonly="">
<input type="hidden" id="todds" name="todds[]" value="18.58" readonly="">
<input type="hidden" id="inp" name="payout[]" value="92.90" readonly="">
<div>Total Odds: <b id="ct1">18.58</b></div><br>
<div>(N$)Stake: <input id="stake" type="number" name="stake[]" value="5"> NAD</div><br>
<div>Payout: N$ <b id="payout">92.90</b></div>
<input class="bet1" type="submit" name="submit" value="Bet">
</form>
Php code in "placebet.php"
I'm not sure if the code below is correct but I need it to show the input data from the form and give me a option to confirm the data(button) and then it can finally add to the database
<?php
/* Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
$link = mysqli_connect("localhost", "root", "", "forms");
$dba = mysqli_connect("localhost","root","","login");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$error = false; //set the error status value
$error_msg = "";
$back = mysqli_real_escape_string($link, $_REQUEST['kickoff'][0]);
$total = count($back); // get the length of the match
for($i=0;$i<$total;$i++){
// Escape user inputs for security
$kickoff = mysqli_real_escape_string($link, $_REQUEST['kickoff'][$i]);
$match = mysqli_real_escape_string($link, $_REQUEST['match'][$i]);
$selection = mysqli_real_escape_string($link, $_REQUEST['result'][$i]);
$odd = mysqli_real_escape_string($link, $_REQUEST['value'][$i]);
$account = mysqli_real_escape_string($link, $_REQUEST['account'][0]);
$stake = mysqli_real_escape_string($link, $_REQUEST['stake'][0]);
$payout = mysqli_real_escape_string($link, $_REQUEST['payout'][0]);
$todds = mysqli_real_escape_string($link, $_REQUEST['todds'][0]);
$accabal = mysqli_real_escape_string($link, $_REQUEST['balance'][0]);
//run sql query for every iteration
$charge = mysqli_query($dba, "UPDATE users SET balance = $accabal- $stake WHERE username='".$_SESSION['username']."'") ;
$_SESSION["balance"] = $accabal- $stake ;
$date = date ('Ymd');
$create = mysqli_query($link,"CREATE TABLE R$date LIKE receipts") ;
$insert = mysqli_query($link,"INSERT INTO `R$date`(`Match`, `Selection`, `Odd`,`Account`,`Stake Amount`,`Payout`,`Total Odds`) VALUES ('$match','$selection','$odd','$account','$stake','$payout','$todds')");
if(!$insert)
{
$error = true;
$error_msg = $error_msg.mysqli_error($link);
}
//check your error status variable and show your output msg accordingly.
if($error){
echo "Error :".$error_msg;
}else{
header("location: index.php");
exit;
}
}
mysqli_close($db);
?>
What you want to do isn't redirect to index.php, cause with this you start a new request and cant point on the request data of placebet.php anymore.
You want either to send your form via javascript ajax request and then react to the response of placebet.php (https://www.w3schools.com/js/js_ajax_intro.asp) or generating your own new output at placebet.php which then can be a confirm page or something similar.
e.g.
if($error){
echo "Error :".$error_msg;
}else{
echo "Data has been stored!";
}
You also could put your html at the end of the php file after closing the php part with ?> like mentioned here https://www.thoughtco.com/php-with-html-2693952#:~:text=As%20you%20can%20see%2C%20you,re%20inside%20the%20PHP%20tags).
I am having a trouble to saving data into the database. My connection details and sql insert query everything is correct and image is also uploading to folder but I do not know why data along with image is not saving into an database when i hit upload button.Can anyone help me please?
My php code
<?php
include('server.php');
$userID = 1;
if(isset($_SESSION['username']))
{
$userName = $_SESSION['username'];
$queryID = "SELECT id from users WHERE username = '$userName'";
$resultID = $db->query($queryID);
$row=$resultID->fetch_assoc();
$userID = $row['id'];
}
if(isset($_POST['submit']))
{
$image = $_FILES['image']['name'];
$target = "images/".basename($image);
$eventName = $_POST['eventName'];
$eventDetail = $_POST['eventDetail'];
$eventDate = $_POST['eventDate'];
$eventTime = $_POST['eventTime'];
$queryImage = "INSERT INTO event_detail(eventName,eventDetails,eventDate,eventTime,imagePath,userID) VALUES('$eventName','$eventDetail','$eventDate','$eventTime','$image','$userID')";
mysqli_query($db,$queryImage);
if(move_uploaded_file($_FILES['image']['tmp_name'],$target))
{
$msg = "Image uploaded successfully";
}
else
{
$msg = "There is problem";
}
}
?>
html
<form method="post" enctype="multipart/form-data">
<label for="eventName">Event Name:<label>
<input type="text" id="eventName" name="eventName" ><br><br>
<label for="eventDetail">Event Detail:<label>
<textarea id="eventDetail" name="eventDetail" ></textarea><br><br>
<label for="eventDate">Event Date:<label>
<input type="text" id="eventDate" name="eventDate" ><br><br>
<label for="eventTime">Event Time:<label>
<input type="text" id="eventTime" name="eventTime" ><br><br>
<input type="file" id="image" name="image"><br><br>
<button type="submit" id="submit" name="submit" >Submit</button>
</form>
Change this
$queryImage = "INSERT INTO event_detail(eventName,eventDetails,eventDate,eventTime,imagePath,userID) VALUES ('$eventName','$eventDetail','$eventDate','$eventTime','$image','$userID')";
to
$queryImage = "INSERT INTO event_detail(eventName,eventDetails,eventDate,eventTime,imagePath,userID) VALUES ($eventName,$eventDetail,$eventDate,$eventTime,$image,$userID)";
So I am trying to update data into my database by using a form and populating it.
The problem is that it is coming up with this error:
Query error: Unknown column 'customer_id' in 'where clause'
And I am not sure why. Nothing in my database is called customer id
This is my code for the form
<form method="post" action="code/update_cust.php">
<h2 id="input_form_heading">Client Update Form:</h2>
<h3>Enter your details into the form and when you are ready click the submit button </h3>
<?php
// Read the values passed in the URL and store in the variable C_num
$C_num = $_GET['id'];
$query = "SELECT * FROM client WHERE C_num='$C_num'"; // run a select query to return the existing data for the record
$results = mysqli_query($conn, $query );
if(!$results) { // capture any errors
echo ("Query error: " . mysqli_error($conn));
}
else {
// fetch and store the results for later use if no errors
while ($row = mysqli_fetch_array($results)) {
$C_num =$row['C_num'];
$C_Firstname = $row['C_Firstname'];
$C_Lastname = $row['C_Lastname'];
$Unitnum = $row['Unitnum'];
$Housenum = $row['Housenum'];
$C_Street = $row['C_Street'];
$C_Suburb = $row['C_Suburb'];
$C_City = $row['C_City'];
$C_Postcode = $row['C_Postcode'];
$C_State = $row['C_State'];
$C_Phone = $row['C_Phone'];
$C_Email = $row['C_Email'];
}
?>
<p>Client Number:</p><input type="text" name="cnum" value="<?=$C_num?>"><br>
<p>First Name:</p><input type="text" name="cfirstname" value="<?=$C_Firstname?>" required><br>
<p>Last Name:</p><input type="text" name="clastname" value="<?=$C_Lastname?>" required><br>
<p>Unit Number: </p><input type="text" name="unitnumber" value="<?=$Unitnum?>" ><br>
<p>House Number: </p><input type="text" name="housenumber" value="<?=$Housenum?>" ><br>
<p>Street:</p><input type="text" name="street" value="<?=$C_Street?>" required><br>
<p>Suburb:</p><input type="text" name="suburb" value="<?=$C_Suburb?>" required><br>
<p>City:</p><input type="text" name="city" value="<?=$C_City?>" required><br>
<p>Post Code:</p><input type="text" name="postcode" value="<?=$C_Postcode?>" required><br>
<p>State:</p> <select class="form-control" type="text" name="state" value="<?=$C_State?>" ><br> <!-- "form control" and "required" changes the input fields color (see css)-->
<option value="">Please choose a state</option>
<option value="ACT">ACT</option>
<option value="NSW">NSW</option>
<option value="NT">NT</option>
<option value="QLD">QLD</option>
<option value="SA">SA</option>
<option value="TAS">TAS</option>
<option value="VIC">VIC</option>
<option value="WA">WA</option>
</select><br>
<p>Phone:</p><input type="tel" name="phone" value="<?=$C_Phone?>" ><br>
<p>Email:</p><input type="email" name="email" value="<?=$C_Email?>" required><br>
<br><br>
<input type="submit" name="submit" value= "Update">
<input type ="reset" name="reset" value ="Reset">
<?php
// Redirect the browser window back to the select query page if there are no errors
header("location: display_cust.php");
}
?>
</form>
And this is the code to action the form
<?php
// MySQL Database Connect
require_once("connection.php");
// Read the values passed in the URL and store in the variable C_num
$C_num = $_GET['id'];
// read the values from the form and store in variables
$C_num = $_POST['cnum'];
$C_Firstname = $_POST['cfirstname'];
$C_Lastname = $_POST['clastname'];
$Unitnum = $_POST['unitnumber'];
$Housenum = $_POST['housenumber'];
$C_Street = $_POST['street'];
$C_Suburb = $_POST['suburb'];
$C_City = $_POST['city'];
$C_Postcode = $_POST['postcode'];
$C_State = $_POST['state'];
$C_Phone = $_POST['phone'];
$C_Email = $_POST['email'];
// escape variables for security
$C_num = mysqli_real_escape_string($conn, $C_num);
$C_Firstname = mysqli_real_escape_string($conn, $C_Firstname);
$C_Lastname = mysqli_real_escape_string($conn, $C_Lastname);
$Unitnum = mysqli_real_escape_string($conn, $Unitnum);
$Housenum = mysqli_real_escape_string($conn, $Housenum );
$C_Street = mysqli_real_escape_string($conn, $C_Street);
$C_Suburb = mysqli_real_escape_string($conn, $C_Suburb);
$C_City = mysqli_real_escape_string($conn, $C_City);
$C_Postcode = mysqli_real_escape_string($conn, $C_Postcode);
$C_State = mysqli_real_escape_string($conn, $C_State);
$C_Phone = mysqli_real_escape_string($conn, $C_Phone);
$C_Email = mysqli_real_escape_string($conn, $C_Email);
// update the record from the database corresponding to the primary key value passed in the variable id
$query = "UPDATE FROM client WHERE C_num='$C_num'";
$results = mysqli_query($conn, $query );
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
exit;
}
else {
header("location: ../update_cust1.php");
}
?>
Any ideas? I am a little confused
Ok i have updated my Code, not getting any Errors but nothing is being updated on the mysql side nor on the PHP Front end.
I have even tried a Hard Coded Statment.
This section is at the Very top of my Php Viewer page..
<?php
/
/ IF RESQUEST IS EQUAL TO SUBMUIT
if (isset($_REQUEST['submit']))
{
$my_date = date("Y-m-d H:i:s");
$order = uniqid();
$FullName= $_REQUEST['fullname'];
//Take in full Name and Split it into first and last name.
list($fname, $lname ) = explode( ' ', $customerName, 2 );
$address = $_REQUEST['address'];
$emailAddress = $_REQUEST['emailAddress'];
$phoneNo = $_REQUEST['phoneNo'];
Below is my Sticky Forum which is getting the Information from the Database and putting it into the Text Fields
// STICKY FORM TO ALLOW USER TO UPDATE INFORMATION
if (isset($_REQUEST['up']))
{
$query_sticky = mysqli_query($connection,'SELECT * FROM orders WHERE id = "' . $_GET['id'] . '"');
if(! $query_sticky )
{
die('Could not get data: ' . mysqli_error($connection)); // Could not find Order_id show Error
}//end die error
else
(isset($_REQUEST['update']));
{
while($row = mysqli_fetch_array($query_sticky, MYSQLI_ASSOC))
{
$row['id'];
echo '<form action="" method="post">'
Name:';
echo'<input name="customerName" id="cname" type="text" required value="'.$row['firstname']. " " .$row['lastname']. '" />';
echo' <br/>
<br/>
Address:
<textarea name="address" id = "caddress" type="text" rows="5" cols="30" required value="'.$row['address'].'" ></textarea>
<br/>
<br/>
Email Address:
<input name="emailAddress" type="email" required value="'.$row['email']. '" />
<br/>
<br/>
<br/>
Phone Number:
<input name="phoneNo" id="phoneNumber" type="text" required value="'.$row['phone']. '" />
<br/>
<br/>
<button type="submit" name="update" value="update" >update</button
<div id="Submit">
</form>
<form action="order.php" method="delete">
</form>';
}//close if
}
} // Close While
here is my Update Section
if (isset($_REQUEST['update']))
{
$updateDB = "UPDATE orders SET student ='$_POST[student]',
firstname='John', lastname='wallace',
email = '$_POST[emailAddress]', address = '$_POST[address]',
phone = '$_POST[phoneNo]'
WHERE
order_id ='$_GET[order_id]'";
mysqli_query($connection, $updateDB);
}//end update..
}//end PHP
?>
You were mixing up single and double quotes in your UPDATE query string. Try this instead:
$updateDB = "UPDATE test
SET email = '".#$_POST[$emailAddress]."',
address = '".#$_POST[$address]."',
phone = '".#$_POST[$phoneNo]."'
WHERE id = '".$_GET['id']."'";
LAST EDIT : Everything works now will post below the working code , after clearing up like idealcastle said and fixed some syntax errors everything works as it should together with the javascript validation thank you everyone
HTML Code here :
<form name = "contact " id="contact_form" action="postcontact.php" method="post" onsubmit="return validateForm();">
<div id ="boxc">
<h3>Porosia juaj ?</h3>
<input name="orders" type="checkbox" value="veshje">Veshje
<input name="orders" type="checkbox" value="mbathje">Mbathje
<input name="orders" type="checkbox" value="stoli">Stoli
</div>
<div class="row">
<label class="required" for="name" >Emri:</label><br />
<input id="name" name="name" type="text" value="" size="30" placeholder = "Emri"/><br />
<span id="name_validation" class="error"></span>
</div>
<label class="required" >Country/State:</label><br />
<div class = "row"id="statecmb"><select name = "state">
<option value="chose" selected>[choose yours]</option>
<option value="albania">Albania</option>
<option value="kosovo">Kosovo</option>
<option value="germany">Germany</option>
<option value="bangladesh">Bangladesh</option>
</select>
<span id="state_validation" class="error"></span></div>
<div class="row">
<label class="required" for="email" >Email:</label><br />
<input id="email" name="email" type="text" value="" size="30"placeholder = "Email" /><br />
<span id="email_validation" class="error"></span>
</div>
<div class="row">
<label class="required" for="message" >Mesazhi:</label><br />
<textarea id="message" name="message" rows="7" cols="30" placeholder = "Mesazhi"></textarea><br />
<span id="message_validation" class="error"></span>
</div>
<input name="submit" id = "sub"type="submit" value="Submit" />
<div class="rating">
<h3>Vlerso Sherbimin :</h3>
<input type="radio" name="rate" value="1">1
<input type="radio" name="rate"value="2">2
<input type="radio" name="rate" value="3">3
<input type="radio"name="rate" value="4">4
<input type="radio" name="rate" value="5">5
</div>
</form>
Javascript file :
function validateForm() {
var valid = 1;
var email = document.getElementById('email');
var email_validation = document.getElementById("email_validation");
var name = document.getElementById('name');
var name_validation = document.getElementById("name_validation");
var message_validation = document.getElementById("message_validation");
var filter = /^([a-zA-Z0-9_\.\-])+\#(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
if (name.value === "") {
valid = 0;
name_validation.innerHTML = "Ju lutem shenoni emrin tuaj";
name_validation.style.display = "block";
name_validation.parentNode.style.backgroundColor = "#FFDFDF";
} else {
name_validation.style.display = "none";
name_validation.parentNode.style.backgroundColor = "transparent";
}
if (message.value === "") {
valid = 0;
message_validation.innerHTML = "Ju lutem plotesoni fushen e mesazhit";
message_validation.style.display = "block";
message_validation.parentNode.style.backgroundColor = "#FFDFDF";
} else {
message_validation.style.display = "none";
message_validation.parentNode.style.backgroundColor = "transparent";
}
if (email.value === "") {
valid = 0;
email_validation.innerHTML = "Ju lutem shenoni email tuaj";
email_validation.style.display = "block";
email_validation.parentNode.style.backgroundColor = "#FFDFDF";
} else {
email_validation.style.display = "none";
email_validation.parentNode.style.backgroundColor = "transparent";
}
if (!filter.test(email.value)) {
valid = 0;
email_validation.innerHTML = "Email juaj nuk eshte valid";
email_validation.style.display = "block";
email_validation.parentNode.style.backgroundColor = "#FFDFDF";
} else {
email_validation.style.display = "none";
email_validation.parentNode.style.backgroundColor = "transparent";
}
if (!valid)
alert("KENI ERROR : Fushat duhen te plotesohen ");
}
PHP FIle :
<?php
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'herdesigns';
$con = mysqli_connect($host, $user, $pass,$db) or die(mysqli_error());
/* mysqli_select_db($con , $db); */
?>
<?php
if (isset($_POST['submit']))
{
$name = mysqli_real_escape_string($con, $_POST['name']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$message = mysqli_real_escape_string($con, $_POST['message']);
$rate = mysqli_real_escape_string($con, $_POST['rate']);
$orders = mysqli_real_escape_string($con, $_POST['orders']);
$state = mysqli_real_escape_string($con, $_POST['state']);
/*$con = mysqli_connect($host, $user, $pass,$db) or die(mysqli_error());*/
/*mysqli_select_db($con , $db);*/
$sql = "INSERT INTO contacts (
orders,
name,
state,
email,
message,
rate
)
VALUES (
'$orders',
'$name',
'$state',
'$email',
'$message',
'$rate'
)";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "Mesazhi juaj eshte postuar me sukses";
header('Location:contact.php');
mysqli_query($con, $sql);
mysqli_close($con);
}
?>
EDIT:
What field is NOW() going too?
I would remove that if there is no actual field to send that datetime. Or add a field for that. Try submitting Mysql without NOW() It would look like
$sql = "INSERT INTO contacts (
name,
email,
message,
rate,
orders,
state
)
VALUES (
'$name',
'$email',
'$message',
'$rate',
'$orders',
'$state'
)";
First thing I notice is the PHP code is being shown in the browser. If you are being sent to file:// that is not good, you should be using
http//localhost/
(if you are testing locally) or of course using the server url if live.
found here
Browser is showing PHP code instead of processing it
Second,
you should sanitize your mysql data being entered. If anyone of those values submits content with a single/double quote, mysql query will fail.
Since you are using an old mysql function, here is the escape function that should work
mysql_real_escape_string()
I would do this,
$sql = "INSERT INTO contacts (
name,
email,
message,
rate,
orders,
state
)
VALUES (
'".mysql_real_escape_string($name)."',
'".mysql_real_escape_string($email)."',
'".mysql_real_escape_string($message)."',
'".mysql_real_escape_string($rate)."',
'".mysql_real_escape_string($orders)."',
'".mysql_real_escape_string($state)."',
NOW()
)";
I am not sure if anyone of these are the cause, but they are red flags from what you have posted. You should always sanitize (escape) any inputs from crashing mysql queries.
It could be an error code 500 on validform.php.
please install firefug on firefox, it will save you lots of time. type [F12] reload the page and the network tab will show you the code of error.
also, you need to get this page by the web server: http://localhost/dir/file instead c://shittyos_amp/dir/thing.php
Plus, You should use the PDO's API for conection and every request with DB as pdo->prepare will secure the request easily for you.
Don't worry it's easy!
see PHP: Is mysql_real_escape_string sufficient for cleaning user input?
Don't say you don't need security: this input form could erase your database if an user type a sql command in it!
Anymore, If the file is client-side executed, it will never protect anythings as JS can be disabled by user.
note: I still consider myself as a noob (it's my first answer here!), never forget that web's moving everday, as security. back-end and and front-end are server-side it's an application point of view: front end= friendly-interface(code) back end=api(hard/or low level code)
PS: flash is ugly and obsolete, Adobe product's aren't free as freedom and their cloud sucks^^ (troll off)
Is it yours? http://www.her-design.com/