I already connected my sql to database, but my isset post does not work
<div class="container" style="margin-top:60px;margin-bottom:60px;">
<div class="form-group pull-right">
</div>
<div class="row">
<p> Set Start DateTime<p>
<input type="datetime-local" name="start"><br><br>
<button type="submit" class="btn btn-primary" name="submit1">SUBMIT</button>
<br><br>
<p> Set Deadline<p>
<input type="datetime-local" name="end"><br><br>
<button type="submit" class="btn btn-primary" name="submit2">SUBMIT</button>
<br><br>
</div>
</div>
<?php
if(isset($_POST['submit1'])){
$name = $_POST['start'];
$sql = "UPDATE tbdeadline SET
start = '$name'
WHERE id = '1'
";
if ($this->con->query($sql) === TRUE){
echo '<script>window.location.href="deadline.php"</script>';
}
else{
echo 'error';
}
}
?>
I want to update datetime in my "user" database whose table name is "start" and id = "1"
But my html is getting nowhere. It is not showing any error or anything else.
What am I doing wrong, how can I fix this?
I think value from is not send via $_POST. If I want to check if form is send I use
<input type="hidden" name="submit1" value="1" />
And check via
if (isset($_POST['submit1'])
Try it.
The sql code is vulnerable to SQL injection - or it would be if it were not within single quotes rather than double. Using single quotes means that any PHP variable within must be escaped - easier to use double quotes and the values of the variables will be OK.
<p> Set Start DateTime<p>
<input type='datetime-local' name='start'><br><br>
<button type='submit' class='btn btn-primary'>SUBMIT</button>
<br><br>
<p> Set Deadline<p>
<input type='datetime-local' name='end'><br><br>
<button type='submit' class='btn btn-primary'>SUBMIT</button>
<br><br>
</div>
</div>
<?php
if( isset( $_POST['start'],$_POST['end'] )){
$name = $_POST['start'];
$end = $_POST['end'];
/* This is vulnerable to SQL injection !! */
/* use double quotes around sql or better mysqli/PDO and `prepared statements` */
$sql = "UPDATE tbdeadline SET start = '$name' WHERE id = '1'";
if( $this->con->query($sql) === TRUE ){
echo '<script>window.location.href='deadline.php'</script>';
} else{
echo 'error';
}
}
?>
You forgot to add the values for your Submit buttons.
You need to update your Submit buttons like below:
<button type="submit" class="btn btn-primary" name="submit1" value="start">SUBMIT</button>
<button type="submit" class="btn btn-primary" name="submit2" value="end">SUBMIT</button>
Also make sure your form method must be POST like below:
<form method="post">
If you still get isset error then you need to debug your $_POST to check whether form data is coming via form or not. Add below code before if condition to test:
print_r($_POST); die;
And use MySqli Prepared Statements for updating your query to make it more Secure.
Follow below link to learn more:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
Related
How to convert Array to String?
I insert data into the database in the
form of an array. Mysql database show me Array keyword instead of String. I have multiple text boxes with the same name. Interface
<?php
$conn = mysqli_connect('localhost', 'root', '','registeruserdb');
if(!$conn){
die("Failed to Connect. Contact Network Administrator");
}
// insert Category into category table
if (isset($_POST['submitbtn']))
{
$name = $_POST['Name'];
$relationship = $_POST['Relationship'];
$cnic = $_POST['Cnic'];
$contact = $_POST['Contact'];
$query="INSERT INTO registeruser(name,relationship,cnic,contactnumber) VALUES('$name','$relationship','$cnic','$contact')";
if(mysqli_query($conn, $query))
{
echo '<script>
alert("Added successfully.");
window.location="index.php";
</script>';
}
else
{
echo '<script>alert("ERROR: Could not able to execute $sql. ") </script>';
}
}
?>
Register Form:
<form class="form-horizontal" method="post">
<div class="control-group">
<div class="inc">
<div class="controls">
<input type="text" required name="Name[]" placeholder="Name"/>
<input type="text" required name="Relationship[]" placeholder="Relationship"/>
<input type="text" required name="Cnic[]" placeholder="Cnic#"/>
<input type="text" required name="Contact[]" placeholder="Contact#"/>
<button style="margin-left: 50px" class="btn btn-info" type="submit" id="append" name="append">
Add Textbox</button>
<br>
<br>
</div>
</div>
<button type="submit" class="btn btn-info" name="submitbtn"/>Submit</button>
</div>
</form>
You have two options to convert an array to string:
The simplest one is the implode function. This however can create problems when the delimiter you use is featured in any of the array-elements.
The second common method is serialize. It's a common practice to store a serialized array as string in a database, but know that it can lead to some headaches if you want to commit extended searches in the future based on that field. However for simply reading the data, you can just unseralize it.
But the best solution for this sort of problem is usually to create a table for your values with some foreign keys. It really depends on your intentions for the future: if you're expecting lots of records and you intend to query them a lot, I would really advise that method. If not, you can use the above methods to save some time.
I am having a problem with a website I have to create. When I call the POST with the right key I dont get the value back. I think the error is that my POST does not get filled.
$id = isset($_GET['id']) && is_numeric($_GET['id']) ? (int) $_GET['id'] : 0;
This line is on top of the coding and gives the right id back, I checked that via an echo.
<form method="POST" action="Index.php">
<input type="hidden" name="Entryid" value="<?php echo $id; ?>">
<a type="submit" name="delete" class="btn btn-success" href="Index.php" data-toggle="modal" data-target="#myModal" style="cursor: pointer;">Löschen</a>
</form>
Here I put the value of id into the key "Entryid" and switch to "Index.php" when I click on a button.
Inside of "Index.php" I try to get the value like that.
$id = isset($_POST['Entryid']) && is_numeric($_POST['Entryid']) ? (int) $_PST['Entryid'] : 0;
Here the value of id is probably not set and if I check it via echo the output is the 0.
Where do you think my error is?
I think it's because you're using an <a>-tag as the button, and not an input.
So change this line:
<a type="submit" name="delete" class="btn btn-success" data-toggle="modal" data-target="#myModal" style="cursor: pointer;">Löschen</a>
to this:
<input type="submit" name="delete" class="btn btn-success" style="cursor: pointer;" value="Löschen" />
The error occurs, because you've made an <a> with a href, - which means that you're not submitting a form to the destination, - but instead just linking it (with a regular get-request without any additional parameters). This page explains a bit about it (the section about 'The Method Attribute').
But as Ali said. Try on your index.php-page, to write:
<?php
echo '<pre>';
print_r($_POST);
echo '</pre>';
?>
And see what you get, to see if your variable is defined.
Don't use an a to submit. That doesn't process the form. It just links to the page. Use:
<input type="submit" ...
and style it as needed.
The type of an a is not for how it processes a form, https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a.
Specifies the media type in the form of a MIME type for the linked URL. It is purely advisory, with no built-in functionality.
I am inserting values checked from a form into a db, but the inserted value has a slash (/) at the end.
I am inserting into sql database from an array in a form with check boxes, I want to insert only the checked values.
The insert is okay for all the values but they appear with a slash at the end and I can't tell why it is like that.
Here is the form
<form role="form" method="POST" action="add_payroll.php">
<label>Employees</label><br>
<?php
// include "../includes/connect.php";
$cs = mysql_query("SELECT user_Idnum, salary, user_fname, user_lname,user_mname from tbl_user_details");
if($cs==true){
$count=mysql_num_rows($cs);
while($row=mysql_fetch_assoc($cs)){
extract($row);
echo '<input type="checkbox" name="detail_Id[]" value='.$user_Idnum.'/>'.$user_fname." ".$user_mname." ".$user_lname.'<br>';
}
}
?>
<label>Description</label>
<textarea class="form-control" name="description"></textarea>
<label>Transaction Date</label>
<input size="16" type="text" readonly name="transaction_date"class="form_datetime form-control">
</div>
<div class="modal-footer">
<button type="button" data-dismiss="modal" class="btn dark btn-outline">Cancel</button>
<button type="submit" class="btn btn-primary">Submit</button>
</div>
</div>
</form>
And here is the php script
<?php
include "../functions/connect.php";
$ids = $_POST['detail_Id'];
$desc = $_POST['description'];
$time = $_POST['transaction_date'];
foreach ($ids as $va) {
$run1= mysql_query("insert into tbl_payroll(detail_Id, description, transaction_date) values('$va', '$desc', '$time' )");
if($run1==true)
{
echo '<script language="javascript">';
echo 'alert("Successfully Added")';
echo '</script>';
echo '<meta http-equiv="refresh" content="0;url=report.php" />';
}
}
?>
Change
echo '<input type="checkbox" name="detail_Id[]" value='.$user_Idnum.'/>'.$user_fname." ".$user_mname." ".$user_lname.'<br>';
To
echo '<input type="checkbox" name="detail_Id[]" value="'.$user_Idnum.'"/>'.$user_fname." ".$user_mname." ".$user_lname.'<br>';
By having no quotes around the value attribute whatever is within that value will have a trailing slash concatenated to it's value.
You should probably not be writing out the javascript and meta-refresh in a loop either - the refresh will be triggered on the first iteration through the loop and subsequent statements will not be executed.
Also worth noting is the use of the now deprecated mysql functions - upgrade to either mysqli or PDO and use prepared statements to prevent SQL injection, something to which this code is vulnerable.
<?php
include "../functions/connect.php";
$ids = $_POST['detail_Id'];
try
if(substr($ids, -1) == '/') {
$ids = substr($ids, 0, -1);
}
or
$ids = rtrim($ids,"/");
..
$desc = $_POST['description'];
$time = $_POST['transaction_date'];
.......
I have form page calling a function that pulls 2 random names from a mysql database (called by php function pairsim()). I want to create a group of checkboxes that will create conditions that I can use to limit to mysql pulls. These conditions then need to live on until the user changes the configurations (update button below).
I am hoping to create an array of checked values to use as a condition until the user updates his configurations again. Unfortunately, I can't get the array to persist while going page to page. I am also having trouble creating an array to pass back into the pairsim(). Forgive my ignorance, is there anyway to accomplish what I am trying to do?
select_checkbox.php:
<?php
session_start();
$_SESSION['G'] = isset($_POST['pG']) ? 1 : 0 ;
$_SESSION['D'] = isset($_POST['pD']) ? 1 : 0 ;
$_SESSION['W'] = isset($_POST['pW']) ? 1 : 0 ;
$_SESSION['C'] = isset($_POST['pC']) ? 1 : 0 ;
?>
<button class="btn btn-success" type="button" data-toggle="collapse" data- target="#collapselimit" aria-expanded="false" aria-controls="collapselimit">
Limit Names
</button>
<div class="collapse container-fluid" id="collapselimit">
<form role="form" method="post" action=<?php pairsim() ; ?>>
<div class="panel panel-default">
<div class="panel-body">
<p><b>Position Limited:</b><br></p>
<!--create array with checked values to include to mysql function-->
<label class='checkbox-inline'><input type='checkbox' name='positionsel[]' value='pG' checked>Goalies</label>
<label class='checkbox-inline'><input type='checkbox' name='positionsel[]' value='pD' checked>Defensemen</label>
<label class='checkbox-inline'><input type='checkbox' name='positionsel[]' value='pW' checked>Wingers</label>
<label class='checkbox-inline'><input type='checkbox' name='positionsel[]' value='pC' checked>Centers</label>
<div>
<!--locks in checkbox configuratons-->
<input type="submit" class="btn btn-success btn-lg" value="Update"/>
<!--script below to check/uncheck all-->
<input type="button" class="btn btn-default btn-lg" id="CheckAll" value="Check All" />
<input type="button" class="btn btn-default btn-lg" id="UncheckAll" value="Clear All" />
</div>
</form>
</div>
</div>
I see a few errors here, I'll try to go in procedural order.
Your checkboxes all use the same name, so the resulting post var would be $_POST['positionsel'];. So your existing session check is always going to be false.
BTW the output var_dump($_POST['positionsel']); with everything checked would look like:
array(4) {
[0]=>
string(2) "pG"
[1]=>
string(2) "pD"
[2]=>
string(2) "pW"
[3]=>
string(2) "pC"
}
Fix:
session_start();
$checkBoxValues = array('pG', 'pD', 'pW', 'pC');
foreach($checkBoxValues as $check)
{
if(in_array($check, $_POST['positionsel']))
{
$_SESSION[$check] = true;
} else {
$_SESSION[$check] = false;
}
}
This will check the $_POST variable for the checkbox values, if it exists that means it was checked.
What this will then cause is a situation where if you do not submit a form, then no post value will process, causing the $_SESSION variables to be wiped. TO prevent this, we need to check if the form was in fact submitted. A cheap way to do that is to name the submit field:
<input name="submitted" type="submit" class="btn btn-success btn-lg" value="Update"/>
And before the foreach, do check for it:
if(isset($_POST['submitted']))
{
$checkBoxValues = array('pG', 'pD', 'pW', 'pC');
foreach($checkBoxValues as $check)
{
if(in_array($check, $_POST['positionsel']))
{
$_SESSION[$check] = true;
} else {
$_SESSION[$check] = false;
}
}
}
Now the session vars will only be overwritten if the form is actually submitted.
Next, you need to change your check boxes to only be "checked" if they were in fact checked:
<label class='checkbox-inline'><input type='checkbox' name='positionsel[]' value='pG' <?PHP if($_SESSION['pG']) { echo "checked"; }?> >Goalies</label>
<label class='checkbox-inline'><input type='checkbox' name='positionsel[]' value='pD' <?PHP if($_SESSION['pD']) { echo "checked"; }?> >Defensemen</label>
<label class='checkbox-inline'><input type='checkbox' name='positionsel[]' value='pW' <?PHP if($_SESSION['pW']) { echo "checked"; }?> >Wingers</label>
<label class='checkbox-inline'><input type='checkbox' name='positionsel[]' value='pC' <?PHP if($_SESSION['pC']) { echo "checked"; }?> >Centers</label>
That should then allow the form to reload with the already configured checkboxes, preserving your preferences across resubmits & new page loads as long as the session stays alive.
In this example I changed your session variable names to the check box values, so keep that in mind if you paste it over as you'll need to adjust it anywhere else you use the session (or adjust my code to use your original varnames).
I'm going to make edit menu in my web. so I direct the page from product into edit page. What I'm confused is how to get the productID from product's page to use in edit page?
Here is my code in product
<?php $query= "SELECT * FROM game";
$rs = mysql_query($query);
while($data = mysql_fetch_array($rs)) { ?>
<div class="gameBox">
<div style="margin:5px;">
<?php echo "<image src=\"images/".$data['gameId'].".png\" alt=\"gameImage\" </image>"?>
<div class="cleaner"></div>
<div class="myLabel">Name</div><div>: <?php echo $data['gameName'];?></div>
<div class="myLabel">Developer</div><div>: <?php echo $data['gameDeveloper']; ?></div>
<div class="myLabel">Price</div><div>: $ <?php echo $data['gamePrice']; ?></div>
<br />
<a href="edit.php" <?php $id=$data['gameId'];?>><input type="button" value="Edit"/></a>
<input type="button" value="Delete"/>
</div>
</div>
<?php } ?>
and it's my code in edit page
<?php include("connect.php");
$id[0] = $_REQUEST['id'];
$query = "SELECT * FROM game WHERE gameId=".$id."";
$rs = mysql_query($query);
while($data = mysql_fetch_array($rs)) { ?>
<form action="doUpdate.php" method="post">
<?php echo "<image src=\"images/".$id.".png\" alt=\"gameImage\" </image>"?>
<div class="cleaner"></div>
<div class="myLabel">Name</div><div>: <input type="text" value="<?php echo $data['gameName'];?>" id="gameName" name="gameName"/></div>
<div class="myLabel">Developer</div><div>: <input type="text" value="<?php echo $data['gameDeveloper'];?>" id="gameDeveloper" name="gameDeveloper"/></div>
<div class="myLabel">Price</div><div>: <input type="text" value="<?php echo $data['gamePrice'];?>" id="gamePrice" name="gamePrice"/></div>
<br/>
<div id="txtError">
<!--error message here-->
</div>
<input type="submit" value="Submit"/>
<input type="button" value="Cancel"/></span>
<?php } ?>
When I try to access edit page, there's an error it said
"Undefined index:$id[0] = $_REQUEST['id'];"
in edit page.
Could anyone help me?
It looks like you're confusing two methods of passing data between pages, forms and query strings in <a href...>s.
Forms:
Data is in <input>-type elements (or friends) and inside a <form...> tag.
For example
<form action="handler.php">
<input type="text" name="var1" />
<input type="text" name="var2" />
<input type="submit">
</form>
Usually passed via POST and accessed in PHP via $_POST.
For example, the values in the text boxes referenced above would be accessed with something like:
<?php
echo $_POST['var1']; // First text box
echo $_POST['var2']; // Second text box
Links:
Passed as query strings in <a href...>, for example:
Click Me
Usually passed via GET and accessed in PHP via $_GET.
For example, the values in the query string provided above would be accessed with something like
<?php
echo $_GET['var1']; // "foo"
echo $_GET['var2']; // "bar"
So in this case it looks like you're hyperlinking an input button -- which is not the usual way to do things, but you would fix it by changing this:
<a href="edit.php" <?php $id=$data['gameId'];?>><input type="button" value="Edit"/></a>
To, this
<input type="button" value="Edit"/>
And then reference the variable in edit.php as $_GET['id'].
But since you know it's going to be an integer and nothing else, something like:
$id = (int)$_GET['id'];
Is good enough sanitation (at least for that variable).
Lastly, I notice you assign a variable to $id[0] but then reference $id. Assigning a variable to $id[0] is not the same as assigning it to $id, as $id is an array in the former and an integer in the latter. It seems to me that you can just drop the [0] w.r.t. $id in your edit.php
You can pass through the query string
<a href="edit.php?<?php $id=$data['gameId'];?>>
In this case your PHP code will get change to
$id[0] = $_SERVER['QUERY_STRING'];
Add the id as a parameter to your edit url:
<input type="button" value="Edit"/>
also at the top of your edit.php:
$id = $_REQUEST['id'];