I try to create a function to filter the input field after submit
database connection
include("includes/connect.php");
this function is like that
<?php
function filter($x){
global $conn;
$y=strip_tags(htmlspecialchars(htmlentities(mysqli_real_escape_string($conn,$x))));
}
?>
Form
<form method="post">
<input type="text" name="txt_name">
<input type="submit" name="add" value="Add">
</form>
Code
<?php
if(isset($_POST['add'])){
$name= filtration($_POST['txt_name']);
echo $name;
}
?>
When i try to print the $name after filtration i don't have any result
i try to do that
strip_tags(htmlspecialchars(htmlentities($x)))
and i have an output
but for me i want to use mysqli_real_escape_string
how can i solve this problem??!
You'll need to return the value from your function. :)
function filter($x) {
// do the cleaning of your string
return $y;
}
Replace
$name= filtration($_POST['txt_name']);
with
$name= htmlspecialchars(filter_var(trim($_POST['txt_name']), FILTER_SANITIZE_STRING), ENT_QUOTES );
Related
Part of 'index.php'
<body>
<?php include('form.php') ?>
<form action="index.php" method="post">
<select name="id"><?php playerID($tournament); ?></select>
<input type="text" name="name" value="<?php playerName($tournament); ?>">
<input type="submit" value="Save Player">
</form>
</body>
Part of 'form.php'
function playerName($tournament) {
$player = getPlayer($tournament);
echo isset($player) ? $player->Name : '';
}
This code works for me, but when I press on 'Save Player' to submit I can't send the $tournament to call function 'updatePlayer($tournament)'
Another part of 'form.php'
updatePlayer($tournament);
function updatePlayer($tournament) {
if (isset($_POST['id'])) {
$id = $_POST['id'];
$player = $tournament->getPlayer($id);
$player->Name = $_POST['name'];
$player->Phone = $_POST['phone'];
$player->Active = $_POST['active'];
}
}
I need something like this:
<input type="submit" value="Save Player" <?php [SEND $tournament FROM HERE?] ?>>
Your form on index.php needs to instantiate the function you have defined. To do this a simple $_POST detection at the top of the page will do. From there you can validate and run the function as intended.
if(isset($_POST['name')){
//validation here???
updatePlayer($_POST['name']);
}
Here is my first.php and second.php
Where i am just submitting the form itself, but i am including the second.php file which has the function get() which wil return 'ok'.
So I am calling the get() function after the form is posted.
Now how can I get the values and display it in the text fetchedvalue ?
first.php
<?php
include 'second.php';
?>
<form method="post" action="">
<input type="text" name="fetchedvalue">
<input type="submit" name="login" value="Submit">
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
get();
}
?>
second.php
<?php
function get()
{
echo 'ok';
}
Note :
I have many data like that, How can I do it in a single form submit and fill all such textbox ?
try using this method:
<?php
include 'second.php';
$fvalue = '';
if(isset($_POST['fetchedvalue']))
$fvalue = $_POST['fetchedvalue'];
?>
<form method="post" action="">
<input type="text" name="fetchedvalue" value="<?=$fvalue;?>">
<input type="submit" name="login" value="Submit">
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
get();
}
?>
notice that $fvalue is the variable responsible for creating value in the "fetchedvalue" input tag.. if the post is still not done, then the value would be "".
$_POST['fetchedvalue'] will contain it.
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login']))
{
echo "<pre>";
print_r($_POST); // Here you will get all posted values & then you can call get method
echo "</pre>";
get();
}
?>
You can access the variables by using $_POST like an array, so:
$fetchedValue = $_POST['fetchedvalue'];
Though, a safer approach would be the following:
<?php
include 'second.php';
$fetchedValue = filter_input(INPUT_POST, 'fetchedvalue', FILTER_SANITIZE_STRING);
?>
<form method="post" action="">
<input type="text" name="fetchedvalue" value="<?php echo $fetchedValue; ?>">
<input type="submit" name="login" value="Submit">
</form>
filter_input() will return null if no POST variable with the given name is defined, and if it is, it will apply some sanitation or validation on it. Have a look at the manual for more detailed information:
http://php.net/filter_input
My function is
function getReg($id) {
return file_get_contents('http://arcbots.com/userinfo.php?id='.$id);
}
My php for the echo is
<?php
function display()
{
echo getReg('$_POST["search"]');
}
if(isset($_POST["search"]))
{
display();
}
?>
and my form code is
<center><form method="post" />
<input type="text" name="search">
<input type="submit" value="search" name="submit">
</form></center>
I know I'm doing something very wrong. If the code was to work when I search "1111211137" it should return "LeJordannn" Its returning "Danjr4149000099" meaning I'm doing something wrong.
Single quotes in PHP tell PHP not to parse for those variables, so it assumes everything passed to getReg is a literal. Redo your function like this:
<?php
function display()
{
echo getReg($_POST['search']);
}
if(isset($_POST["search"]))
{
display();
}
?>
try
<?php
function display($term)
{
echo getReg($term);
}
if(isset($_POST["search"]))
{
display($_POST["search"]);
}
?>
do it this way and your function can be reused with different values
my filename is contacts.php that have two submit buttons;i want that if insert button is pressed insert function is called and if select is pressed select is called.i have written following code:
//contacts.php
<?php
if(isset($_REQUEST['select']))
{
select();
}
else
{
insert();
}
?>
<html>
<body>
<form action="contacts.php">
<input type="text" name="txt"/>
<input type="submit" name="insert" value="insert" />
<input type="submit" name="select" value="select"/>
</form>
<?php
function select()
{
//do something
}
function insert()
{
//do something
}
?>
but it is not working .please help
<?php
if (isset($_REQUEST['insert'])) {
insert();
} elseif (isset($_REQUEST['select'])) {
select();
}
Your code is calling insert() even if no button is clicked, which will happen when the page is first displayed.
use post method because it is secure
//contacts.php
<?php
if(isset($_POST['select']))
{
select();
}
else
{
insert();
}
?>
<html>
<body>
<form action="contacts.php" method="post">
<input type="text" name="txt"/>
<input type="submit" name="insert" value="insert" />
<input type="submit" name="select" value="select"/>
</form>
<?php
function select()
{
//do something
}
function insert()
{
//do something
}
?>
If you are using return inside function to return the result , you have to use echo to print the result while calling function.
if(isset($_REQUEST['select']))
{
echo select();
}
elseif(isset($_REQUEST['insert']))
{
echo insert();
}
As has been described by several people (summarizing the previous comments), you have two options.
The first is to send the data via POST or GET to the server directly and reserve (refresh) the page based on whatever you do inside select() and insert().
While this is not the right place for a POST v GET discussion, convention is to use POST when sending data to the server. POST is slightly more secure because the information is not stored in the browser. Read more about the two here: http://www.w3schools.com/tags/ref_httpmethods.asp
The second option is to use AJAX to accomplish your task without refreshing the web page. In short, AJAX uses Javascript methods that you place on your page to communicate with your server, thus avoiding the need for the PHP on the server to actually change anything on the page (which would require a refresh). A code example of AJAX can be found here: http://www.w3schools.com/ajax/tryit.asp?filename=tryajax_first
<?php
$insert = $_POST['insert'];
$select = $_POST['select'];
if ($insert) {
insert();
}
if ($select) {
select();
}
else {
echo 'press any button...';
}
?>
<html>
<body>
<form action="contacts.php" method="post">
<input type="text" name="txt"/>
<input type="submit" name="insert" value="insert" />
<input type="submit" name="select" value="select"/>
</form>
<?php
function select() {
echo 'you pressed the [select] button';
exit;
}
function insert() {
echo 'you pressed the [insert] button';
exit;
}
?>
This is a little part of a college website project I have and I've ran into this issue. I hope you can help me with it.
I've made a small representation of this issue so it's easier to read.
What I'm trying to do here is:
doubt1.php = shows a form.
doubt2.php = shows form with the values from doubt1.php for confirmation.
doubt3.php = saves values to database.
class.php = library of clases(only name).
The problem is that it saves empty values at doubt3.php.
If I skip doubt2.php and redirect the form from doubt1.php to doubt3.php I have no problem at all, it saves successfully.
These are the codes:
doubt1.php
<html>
<body>
<form name=f action=doubt2.php method=post>
<input name=name value="Hello";>
<input type=submit>
</form>
</body>
</html>
doubt2.php
<html>
<head>
<?php
$y=$_REQUEST['name'];
?>
</head>
<body>
<form name=f action=doubt3.php method=post>
<input name=name value="<?php echo $y; ?>" disabled>
<input type=submit>
</form>
</body>
</html>
doubt3.php
<?php
$c=mysql_connect("localhost","root","root");
mysql_select_db("doubtdb");
if(!mysql_select_db("doubtdb")){
$q1="create database doubtdb";
$q2="use doubtdb";
$q3="create table data(name varchar(10))";
mysql_query($q1,$c);
mysql_query($q2,$c);
mysql_query($q3,$c);
mysql_select_db('doubtdb');
}
include "class.php";
$obj=new data($_REQUEST['name']);
$obj->save($c);
echo "Saved";
?>
class.php
<?php
class data{
private $name;
function __construct($name){
$this->name=$name;
}
function set_name($name){
$this->name=$name;
}
function get_name(){
return $this->name;
}
function save($c){
$q="insert into data values('$this->name')";
mysql_query($q,$c);
mysql_close($c);
}
}
?>
disabled input is not submited with the form.
try "readonly"
http://www.w3.org/TR/html401/interact/forms.html#h-17.12.1