I'm making a website where people can see their personal stats. I'm doing this by retrieving SQL data with a php system. Here are my 2 files :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css"/>
</head>
<body>
<form action="search.php" method="GET">
<input type="text" name="query" />
<input type="submit" value="Search" />
</form>
</body>
</html>
And this is the file that is loaded when a user clicks on search :
<?php
mysql_connect("localhost", "root", "Medionakoya0102") or die("Error
connecting to database: ".mysql_error());
mysql_select_db("isolate") or die(mysql_error());
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search results</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<?php
$query = $_GET['query'];
$min_length = 3;
if(strlen($query) >= $min_length){
$query = htmlspecialchars($query);
$query = mysql_real_escape_string($query);
$raw_results = mysql_query("SELECT * FROM Player
WHERE (`name` LIKE '%".$query."%') OR (`uuid` LIKE '%".$query."%')")
or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){
while($results = mysql_fetch_array($raw_results)){
echo "<p><h3>".$results['join_date']."</h3>".$results['gems']."
</p>";
}
}
else{
echo "No results";
}
}
else{
echo "Minimum length is ".$min_length;
}
?>
</body>
</html>
Now the problem is, the index loads, but when I click on search, sometimes the page is just blank, or it gives me an error : HTTP ERROR 500
Hope someone can help
A 500 HTTP error is a response from the webserver, so your form is submitting correctly but there is most likely an error from PHP. Check your web server logs for an error message correlating to the form submissions. If you're not sure what the error is telling you please edit your question to include the error and I'm sure we can get it solved.
Also, some information about your environment would be useful: which webserver are you using, what's your PHP version, etc.
Related
I have a MySQL table called room which contains an id and room name. I dynamically generate all those buttons. The idea is to get a list of all the rooms, tab-2-room.php shows all the rooms (that much works). The user clicks on a room, the next page shows you the list of all the items that can be found in that room. At this point I just need the variable to pass and that is not working. I have done this 1000 thousand times and this time the form does not want to pass any values.
If you require any additional info please ask so I can provide with it.Can someone spot the mistake here?
The controller.php file contains the new_room function which is below.
The following file is called tab-2-room.php
<?php
session_start ();
include_once 'controller.php';
if(isset($_POST['room'])) {
header('location: tab-2-items.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<title>Tab 2 Room - Selection</title>
</head>
<body>
<div class="container">
<form enctype="multipart/form-data" method="post" action="">
<h1>ROOMS</h1>
<?php room_new(); ?>
<h2></h2>
</form>
</div>
</body>
</html>
The following file is called tab-2-item.php
<?php
session_start ();
include_once 'controller.php';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<title>Tab 2 items - Data Entry</title>
</head>
<body>
<div class="container">
<form enctype="multipart/form-data" method="post" action="">
<h1>ROOM ITEMS </h1>
<?php
global $query;
var_dump($_POST);
$roomId = $_POST['room-id'];
echo 'this is room id:'.$roomId.'</br>';
//query to get all items that belong to the room-id
?>
</form>
</div>
</body>
</html>
PHP
function room_new(){
global $query;
//Dinamically displays values of size_standard table
$moveType = $_SESSION['move-type'];
$queryRoom = "SELECT * FROM room WHERE room_type = $moveType OR room_type = 3";
$resultRoom = $query->query($queryRoom) or die ('Could not execute Room query'. mysqli_error($query));
for ($i = 1; $i <= $resultRoom->num_rows; $i++) {
$rowRoom = $resultRoom->fetch_assoc();
extract($rowRoom);
echo 'id: '.$id;
echo ' counter: '.$i;
echo "<input type='submit' class='' name='room' value='$room_name'><br />";
echo "<input type='hidden' name='room-id' value='$id'>";
}
}
The global var query is set like this:
$GLOBALS['query'] = new mysqli($host, $username, $password, $db_name) or die("cannot connect");
global $query;
if ($query->connect_errno) {
printf("Connect failed: %s\n", $query->connect_error);
exit();
}
I am trying to edit a row in my SQLite table with a button which will execute a SQLite query. But it doesn't change anything
Any help is appreciated.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>FORM</title>
<meta http-equiv="content-type" content="text/html; charset="utf-8">
<Link rel="stylesheet" href="ac.css" type="text/css" media="print"/>
<link rel="stylesheet" type="text/css" href="css/ma.css" />
</head>
<body>
<?php
date_default_timezone_set("America/New_York");
$handle = new SQLite3("./d/idb.db");
if(isset($_GET["index"])) {
$sel = $_GET["index"]+1;
} else {
Header('Location: la.php');
exit;
}
if (isset($_POST['submit'])) {
$handle->query("UPDATE tri SET c = 'NM' WHERE mj = 4");
}
?>
<form>
<input type="submit" value="submit" name="submit" id="button">
</table>
</form>
</body>
</html>
I made a pop-up window that has a submit form and upon submission it must close but i first want to process the information from the pop-up window in a different page without displaying that other page. How can I do it?
my popupwindow contains this code
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript">
function closeSelf(){
self.close();
return true;
}
</script>
<title>Add Activity</title>
</head>
<body>
<form action="./addact.php" method="post" onsubmit ="return closeSelf()">
<table width="500" border="1"><br/>
<tr>
<td>Activity Name</td>
<td>Assigned Person</td>
<td>Deadline</td>
</tr>
<tr>
<td> <input name="activities" type="text" size="40%"/></td>
<td><input name="name" type="text" size="40%"/></td>
<td><input type="date" name="deadline" size="20%"/></td>
</tr>
</table>
<input type="submit" name = "saved" id="saved"/>
</form>
</body>
</html>
and my other page contains this
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<?php
include('config.php');
$actname= $_POST['activities'];
$assigned = $_POST['name'];
$deadline = $_POST ['deadline'];
$sql = "INSERT INTO ".$_SESSION['pname']."_activities
(actname, assigned, deadline)
VALUES
('$actname', '$assigned', '$deadline')
";
$query = mysql_query($sql);
echo $_SESSION['pname'];
?>
<body>
</body>
</html>
You should close the window when the response is returned, not when you submit the page. And as #Marc B pointed out, you have major security problem!
Let's say I have a form with two input fields, title and comment. After the user fills the two fields and submits the data, a page is automatically created that contains the title and comment that the user typed, in a folder located in root directory, for example, www.root.com/page/ will contain the automatically generated page.
Update:
I'd like the form data to be sent to an SQL table row with the url of the auto-generated page to be in the same SQL row as the title and comment.
How do I do this via PHP?
<?php
//Template for basic page
$template = <<<EOD
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><!--TITLE--></title>
</head>
<body>
<!--COMMENT-->
</body>
</html>
EOD;
//handle the posted form
if(isset($_POST['title'])&&isset($_POST['comment'])){
//replace the areas of the template with the posted values
$page = str_replace('<!--TITLE-->',htmlentities($_POST['title']),$template);
$page = str_replace('<!--COMMENT-->',htmlentities($_POST['comment']),$page);
//create a name for the new page
$pagename = md5($_POST['title']).'.html';
//db connect & select
$db=mysql_connect('localhost','user','pass');
mysql_select_db('yourdb');
//check if page already exists
$result = mysql_query('SELECT pagename from yourtable WHERE url="'.mysql_real_escape_string($pagename).'"');
if(mysql_num_rows($result)>=1){
$notice = '<p>Page already created <b>./pages/'.$pagename.'</b></p>';
}else{
//inset new page into db
mysql_query('INSERT into yourtable (`id`,`title`,`comment`,`url`)VALUES("",
"'.mysql_real_escape_string(htmlentities($_POST['title'])).'",
"'.mysql_real_escape_string(htmlentities($_POST['comment'])).'",
"'.$pagename.'")');
//put the created content to file
file_put_contents('./pages/'.$pagename,$page);
//make a notice to show the user
$notice = '<p>New Page created <b>./pages/'.$pagename.'</b></p>';
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Language" content="en-gb">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Make page example</title>
</head>
<body>
<?php
//if the notice is set then display it
if(isset($notice)){echo $notice;} ?>
<form method="POST" action="">
<p>Title:<input type="text" name="title" size="31"></p>
<p>Comment:</p>
<p><textarea rows="5" name="comment" cols="21"></textarea></p>
<p><input type="submit" value="Submit"></p>
</form>
</body>
</html>
This was my last attempt that I tried as a last effort:
index.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Customer Login</title>
<link href="stylesheet.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="wrapper">
<div class="login">
<form name="loginForm" action="loginCheck.php" method="post">
<?php require("protect/serverInfo.php"); ?>
Email: <input type="text" name="Email" maxlength="35" /><br />
Password: <input type="text" name="Password" maxlength="4" /><br />
<input type="submit" name ="submit"/>
</form>
</div>
</div>
</body>
</html>
loginCheck.php
<?php
session_start();
$_SESSION['email'] = $_POST['Email'];
$_SESSION['password'] = $_POST['Password'];
require("protect/serverInfo.php");
$myusername=$_POST[Email];
$mypassword=$_POST[Password];
$result = mysql_query("SELECT * FROM Customers WHERE Email='$myusername' AND Password=$mypassword");
$count=mysql_num_rows($result);
if($count==1){
header('Location: customer.php');
exit();
}
else{
header('Location: index.php');
exit();
}
?>
customer.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
<link href="stylesheet.css" rel="stylesheet" type="text/css" />
<?php
session_start();
$myusername = $_SESSION['email'];
$mypassword = $_SESSION['password'];
?>
</head>
<body>
<?php
echo"success";
?>
</body>
</html>
I just need a very simple way to have a form post, the post info to be checked if correct then redirect if correct and pass the post data with it. I have been trying to use sessions and redirects but it doesn't to work quite right. What is the easiest way to accomplish this. At the moment I have been using PHP to check the login info from a MySQL database.
You need to use "session_start()" before you do anything else on the page.
Other few things, I avoid storing passwords on a page.. it just seems like a security issue.
Your login form should generate $_SESSION data based on the mysql information returned from the queury, not the form information that the user submited. You need to check against your customers database, to make sure they are an actual customer.
Also, avoid using the "header()" function, especially when working with sessions. I typically have a "redirect" function in php that does something like this...
function redirect($url) {
echo "<script type='text'/javascript'>window.location='" . $url . "';</script>";
}