Proper way to check if URL parameter is empty? - php

The code works perfectly when I delete this right here:
if (empty($_GET['tag'])){
header("Location: http://www.home.com");
}
I'm trying to say if the url (tag=) is empty then head back to homepage.
This is what the search button looks like:
if (isset($_POST['submit-search'])){
$conn = mysqli_connect("localhost", "root", "", "testdb");
$search = mysqli_real_escape_string($conn, $_POST['search']);
header("Location: tags?tag=".$_POST['search']."");
}
When I do reinsert that code above (if(empty)) it keeps redirecting to the home page.
Here is the HTML:
<form action="tag" autocomplete="on" method="POST">
<input id="search" name="search" type="text" placeholder="Search for tags...">
<input id="search_submit" name="submit-search" type="submit">
</form>

Related

PHP MySQL not submitting or working

I have some PHP and HTML code which should send data from the form to my MySQL database. However, on clicking Submit in the form, the page reloads and nothing happens. No echo or anything. The HTML is in the same file as the PHP file.
PHP
<?php
if(isset($_POST['submit'])){
$usernamep = $_POST['usernameinput'];
$passwordp = $_POST['passwordinput'];
$servername = "localhost";
$username = "USERNAMECENSOR";
$password = "PASSWORDCENSOR";
$dbname = "database";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO accounts (username, password)
VALUES ('$usernamep', '$passwordp')";
// use exec() because no results are returned
$conn->exec($sql);
echo "Success";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
}
?>
HTML
<form method="POST" action="">
<input type="text" name="usernameinput"><br>
<input type="password" name="passwordinput"><br>
<input type="submit" class="button" value="Sign in">
</form>
Note: I know this code is currently subject to SQL injection, and the password is not encrypted. It is temporary starting code in an attempt to get it working first.

You lack the name attribute in the submit button, add name="submit".
<form method="POST" action="">
<input type="text" name="usernameinput"><br>
<input type="password" name="passwordinput"><br>
<input type="submit" name="submit" class="button" value="Sign in">
</form>

Your test is wrong. You have no input named "submit" (with attribute name = submit). It should be:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
...
}
A broad test like this will not even need a named submit. The HTML form may even be posted on another event using jQuery or JavaScript.

In your PHP file, you use isset($_POST['submit']). You don't have any form input with name="submit". You could make your submit button be
<input type="submit" name="submit" class="button" value="Sign in">

You have to include your php file into the action of the form tag.
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']?>">
<input type="text" name="usernameinput"><br>
<input type="password" name="passwordinput"><br>
<input type="submit" class="button" value="Sign in">
</form>

Inserting input field value to database and displaying result on same page

I am starting to learn the basics of SQL and PHP codes.
I am trying to create a simple newsletter subscription page. this would require the user to enter their email and submit. That will then get added to my database.
Now, this works well when the HTML and PHP code are separate and the submission occurs but redirects to the PHP page with the echo.
I want to get the message on the same page and I tried merging the PHP code in the page as below
<?php
if($_SERVER['REQUEST_METHOD'] === 'POST'){
mysql_connect("hostname", "username", "password");
mysql_select_db("db name");
$user = $_POST['email'];
$query = "INSERT INTO tablename(columname)VALUES('$email')";
echo "inserted";
}
?>
<html>
<form method="POST" action="" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
</html>
Hoever with this code it just doesnt do anything.
What have am I doing wrong here? Appreciate your expert advice.

There are few mistakes in the code, you can fix them by doing the following:
Save the file as a php file first. For example name it "email.php".
Make the form action="email.php"
Don't write two complete separate codes in the same file, one for php file and the other for html file like you did. You can include the html code inside the php code using heredoc syntax which allows you to include a long html code like the following:
echo<<<_HTMLCODE
<form method="POST" action="" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
_HTMLCODE;
In the query syntax, add $user instead $email because the variable $user contains the value submitted by the form.
Add a code to excute the inserted query. for example:
mysql_query($query);
So your final code will be like this:
<?php
if($_SERVER['REQUEST_METHOD'] === 'POST'){
mysql_connect("hostname", "username", "password");
mysql_select_db("db name");
$user = $_POST['email'];
$query = "INSERT INTO tablename VALUES('$user')";
mysql_query($query);
echo "inserted";
}
echo<<<_HTMLCODE
<form method="POST" action="email.php" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
_HTMLCODE;
?>
I have tried the code above after I added the data of my database on the localhost and after I created a table for the emails and it worked. Here is the edited code with my database access info and the table name in my code editor:
When i opened the table emails in my database, I found the email that I had submitted using the form (your modified code):
(advice: use mysqli instead of mysql)

Please use prepare statements to prevent Sql Injections.
Here is sample code try this.
ini_set('display_errors', 1);
ini_set('log_errors', 1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$connect = new mysqli ("localhost", "root", "usbw", "test");
if (mysqli_connect_errno()) {
echo 'Failed to connect to MySQL:' . mysqli_connect_error();
}
if (isset($_POST['submit'])) {
$email = filter_input(FILTER_VALIDATE_EMAIL, $_POST['email']);
$sql = "INSERT INTO table (email) VALUES (?)";
$stmt = $connect->prepare($sql);
$stmt->bind_param('s', $email);
$result = $stmt->execute();
if ($result) {
$msg = 'Succesfully added';
} else {
$msg = 'OOPS Error Occured';
}
}
?>
<html>
<form method="POST" action="" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
</html>

Conflict On Two Post on Single Page Form(HTML) and PHP

I need to keep two forms for login and Logout in one single page including PHP and HTML like
<html>
<body>
<form action="" method="post">
<input type="text" name="username">
<input type="submit" name="SubmitButton" value="Get in"/>
</form>
<form action="" method="post">
<input type="submit" name="logoutButton" value="Logout"/>
</form>
</body>
</html>
on PHP part I have
<?php
if(isset($_POST['SubmitButton'])){
$inputuser = $_POST['username'];
$_SESSION['user'] = 'A';
}
if(isset($_POST['logoutButton'])){
unset($_SESSION['user']);
header('Location: http://somewhere.com/');
}
As I said I have to keep everything on one single page but this looks like causing conflict between the POST(s) can you please let me know how to stop this and target each Post properly?

Unable to connect php and html file

i have added action value
Registration file
<body>
<div id="registration">
<h2><b><i>Electronic Montessori Learning</i><b></h2>
<form id="RegisterUserForm" action="connect.php" method="post">
<fieldset>
<p>
<label for="name">Name</label>
<input id="name" name="name" type="text" class="text" value="" />
</p>
<p>
<label for="password">Password</label>
<input id="password" name="password" class="text" type="password" />
</p>
<p>
<button id="registerNew" name="registerNew" type="submit">Register</button>
</p>
</fieldset>
</form>
</div>
<body>
I have not posted all code of registration.html as it is working fine
connect.php
<?php
$db=mysql_connect("localhost", "root", "") or die(mysql_error());
echo "Connected to MySQL<br />";
mysql_select_db("users") or die(mysql_error());
echo "Connected to Database";
$name ='';
$password ='';
if(isset($_POST['registerNew'])){
// Storing form values into PHP variables
$name = $_POST['name']; // Since method=”post” in the form
$password = $_POST['password'];
}
mysql_query("INSERT INTO user_eml(Name, Password) VALUES('$name', '$password' ) ")
or die(mysql_error());
echo "Data Inserted!";
echo 'Thank you for submitting your details!';
?>
but still its not working and when i press register button it shows php code of connect.php

Your form doesn't know where to send its data to:
<form id="RegisterUserForm" action="" method="post">
should be
<form id="RegisterUserForm" action="connect.php" method="post">

If on clicking the Register button , php code appears on the page , then most probably it has nothing to do with your code. Please check if you are directly double-clicking the html file for your testing .
Please execute it by entering the localhost page address in the browser instead.
Eg : http://localhost/registration.html
Now the HTML should be able to execute the PHP code.
-ShazzDecoder

You have to add connect.php as your action attribute value in your form :
<form id="RegisterUserForm" action="connect.php" method="post">

With action="" in your form, nothing gets submitted. You need to tell it to call the connect.php

if you use the same page as action , you should copy the code in action.php on the page that contains form , or replace action="" with action="connect.php"

If on clicking the Register button , php code appears on the page , then most probably it has nothing to do with your code. Please check if you are directly double-clicking the html file for your testing . Please execute it by entering the localhost page address in the browser instead.
Eg : http://localhost/registration.html
Now the HTML should be able to execute the PHP code.
And your folder containing html and php file should be in XAMPP->htdocs.

database query redirecting to home directory

I have the simplest database entry that when I hit "submit", it takes me to my home directory and nothing is added to the database. How do I fix it so it inputs the data? I haven't had any problems like this in the past using the same code...
<?php
if(isset($_POST['submit'])) {
$text = $_POST['text'];
$link = mysql_connect("localhost", "******", "********") or die("Couldn't make connection.");
#mysql_select_db("*****") or die("Couldn't select database");
mysql_query("INSERT INTO wall (message) VALUES ('$text')");
}
?>
<html>
<form action="post" name="post" id="post">
<input type="text" id="text" name="text"/>
<input type="submit" name="submit" id="submit" value="submit"/>
</form>
</html>
I know my password and database name are correct, because when I take away the "form" and "isset", it uploads no problem every time I reload the page:
<?php
$link = mysql_connect("localhost", "******", "*******") or die("Couldn't make connection.");
#mysql_select_db("********") or die("Couldn't select database");
mysql_query("INSERT INTO wall (message) VALUES ('test')");
?>

change
<form action="post" name="post" id="post">
to
<form method="post" name="post" id="post">
Action is the page you want the form to submit to
Method is the type (which defaults to get)

Your form<> has no method, try this:
<form method="post" name="post" id="post">
</form>

Categories