I have a form with some textbox that loads the data from the database. I have created also a button where I can update the data but currently it's not working and I don't have any clue why.
Here's my query:
<?php
include('connect.php');
if (isset($_POST['btnUpdate'])){
$query = "UPDATE users SET fname = '".$_POST['fname']."', lname = '".$_POST['lname']."' WHERE user_id = '".$_POST['id']."'";
$result = mysql_query($query);
if ($result) {
die("<strong>Updated</strong>");
} else {
die("<strong>Error ".mysql_error()."</strong>");
}
}
?>
Here's my form:
<form class="form-horizontal" role="form" action="" method="post">
<input type="hidden" name="id" value="<?php echo $row['user_id']; ?>"/>
<div class="form-group">
<label class="col-lg-3 control-label">First name:</label>
<div class="col-lg-8">
<input class="form-control" name="fname" type="text" value="<?php echo $row['fname'];?>">
</div>
<label class="col-lg-3 control-label">Last name:</label>
<div class="col-lg-8">
<input class="form-control" name="lname" type="text" value="<?php echo $row['lname'];?>">
</div>
<label class="col-md-3 control-label"></label>
<div class="col-md-8" >
<input type="button" name="btnUpdate" class="btn btn-primary" value="Save Changes">
<span></span>
<input type="reset" class="btn btn-default" value="Cancel">
</div>
</div>
</form>
I've tried everything but it won't update my database. It doesn't have any error whatsoever when I checked it on the browser. I'm running out of ideas. Anyone know what part of my code is wrong? I'm still a beginner to php and I cannot seem to understand what's wrong here. Any ideas how to solve this problem would be greatly appreciated. Thanks
Posting as a community wiki; I feel no rep should come of it.
<input type="button"> does not by default propagate POST. Therefore you either need to use a "submit" type:
Either <input type="submit"> or <button type="submit">.
References:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/button
type
The type of the button. Possible values are:
submit: The button submits the form data to the server. This is the default if the attribute is not specified, or if the attribute is dynamically changed to an empty or invalid value.
reset: The button resets all the controls to their initial values.
button: The button has no default behavior. It can have client-side scripts associated with the element's events, which are triggered when the events occur.
You're also open to a serious SQL injection if your site is live or intended to go live.
You should start looking into switching over to either the mysqli_ or PDO api and with a prepared statement.
References:
http://php.net/manual/en/mysqli.prepare.php
http://php.net/manual/en/pdo.prepared-statements.php
https://en.wikipedia.org/wiki/SQL_injection
Related
here is my html
<form name="station" method="post" action="/stations/new" role="form">
<div class="form-group">
<label class="control-label required" for="station_name">Name</label>
<input type="text" id="station_name" name="station[name]" required="required" maxlength="255" class="form-control" >
</div>
<div class="form-group">
<div class="checkbox">
<label for="station_active">
<input type="checkbox" id="station_active" name="station[active]" value="1" />Active</label>
</div>
</div>
<div class="form-group">
<button type="submit" id="station_submit" name="station[submit]" class="btn btn-primary">Ajouter</button>
</div>
<input type="hidden" id="station__token" name="station[_token]" class="form-control" value="aze123aze" >
</form>
i want to get my form using the crawler. I tried the selectButton method like this
$form = $crawler->selectButton('station[submit]')->form(array());
but i get the error : InvalidArgumentException: The current node list is empty.
what is the problem ?
Unfortunately I have no enough rating to just write a comment instead of put it in the answer.
So, could you please show how are you getting $crawler? Problem might be:
$crawler not point to DOM which contains this form
this form appears on page after some java script actions(Ajax for example), but not sure that this is your case.
The selectButton method accept the value The button text. So Try with:
$form = $crawler->selectButton('Ajouter')->form(array());
Hope this help
Good day all,
I have a question I looked it up everywhere and I still seem stuck
If I submit a form via post -> variable -> database and then redirect to another
page using header(location:page.php); in the time it takes to redirect and I
click on the submit button it still inserts duplicate data into the database
how do I prevent that from happening? as I read on tokens but I can't see how it
will work without processing my form data on another page and I don't want to
do that any help please ??
please see below html :
<form name="frmall"class="col s12" action="" method="post">
<!--basic info------------------------------------------------------------------------------------------------------------->
<div class="divider"></div>
<div class="section">
<h5>Basic Member Information</h5>
<div class="row">
<div class="input-field col s6">
<input id="first_name" name="txt_name" type="text" class="validate" value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_name']; } ?>">
<label for="first_name">First Name</label>
</div>
<div class="input-field col s6">
<input id="last_name" type="text" name="txt_surname" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_surname']; } ?>">
<label for="last_name">Last Name</label>
</div>
<div class="input-field col s6">
<input id="icon_telephone" type="tel" name="txt_number" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_number']; } ?>">
<label>Telephone</label>
</div>
<div class="input-field col s6">
<input id="email" type="email" name="txt_email" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_email']; } ?>">
<label for="email" data-error="wrong" data-success="right">Email</label>
</div>
<div class="input-field col s6">
<input id="idnumber" type="text" name ="txt_idnumber" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_idnumber']; } ?>">
<label>ID Number</label>
</div>
</div>
<button class="btn waves-effect waves-light" type="submit" name="btnCancel">Cancel</button>
<button class="btn waves-effect waves-light" type="submit" name="btnContinue">Continue</button>
</div>
</Form>
PHP (please not its just for en example):
if (isset($_POST['btnContinue'])) {
$Conn->insert_main_member($name, $surname, $number, $idnumber, $email);
header(location:page.php);
}
So how do I prevent double submit without disabling the button ? please assist
Clear the post variable and place the header(...) in the right place (right after the db query execution).
The question is not very clear...
If you have problems with submitting the form multiple times and inserting the same values, you can do a check - either in your script (connect to database and check) or create a UNIQUE index in your database table - then the record will not be inserted, if it already exists.
If you have problems with too many people on the site and some data is inserted while it shouldn't and it should wait until something else is completed, then you can use LOCK TABLES command to send to your database.
If you have problems with uniquely identifying transactions, you can also use a token (e.g. a random hash generated before your form is submitted), for example as a hidden form field to send along with the data.
1st quick solution :
You could disable your submit button with javascript after 1st form submit to prevent any other submit before redirection...
2nd solution :
Add a token (generated server side) to your HTML form in a hidden input.
On form submit your token will be sent with other POST data.
Check your token server side before insert data into your database
Edit: Perhaps a sample of your code (server side + html form) could help us to give you a more appropriate answer.
Whenever I entered value first time and add record its added perfectly but whenever I refresh my browser by pressing F5 it shows message
"the page that you're looking for used information that you entered..." and insert duplicate record.
HTML code define below:
<?php include("Connection.php"); ?>
<form role="form" method="post">
<div class="col-md-6">
<div class="form-group">
<label>Type Name</label>
<input name="emptype" class="form-control" placeholder="Employee ID">
</div>
<div class="form-group">
<label>Type Description</label>
<input name="typedecs" class="form-control" placeholder="First Name">
</div>
</div>
<div class="col-md-12 text-right">
<button type="submit" name="addtype" class="btn btn-primary">Add Type</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</form>
below is my PHP Code
<?php
$emptype=$_POST['emptype'];
$typedesc=$_POST['typedecs'];
if(isset($_POST['addtype']))
{
$query=mysql_query("insert into emptype(typename,typedesc)values('$emptype','$typedesc')")or die("<script>alert('Error');</script>");
echo '<script>showAlert();window.setTimeout(function () {HideAlert();},3000);</script>';
Does something i missing? Please Help.
suggestion: use mysqli_* or PDO instead of mysql_* functions, but you have written code in it so i gave the code also in it.
Just run a select query to check if the record already exists in database if exists then do not insert it again.
$query=mysql_query("SELECT * FROM emptype WHERE typename = '$emptype' AND typedesc='$typedesc') or die(mysql_error());
if (mysql_num_rows($query)<=0)
{
$query=mysql_query("insert into emptype(typename,typedesc)values('$emptype','$typedesc')")or die("<script>alert('Error');</script>");
}
One option could be to Test if the value is already in your database.
Source : example from PHP.net - mysql_query
// Formulate Query
// This is the best way to perform an SQL query
// For more examples, see mysql_real_escape_string()
$query = sprintf("SELECT * FROM emptype
WHERE typename='%s' AND typedesc='%s'",
mysql_real_escape_string($emptype),
mysql_real_escape_string($typdesc));
// Perform Query
$result = mysql_query($query) or die(mysql_error());
// Get num rows
$num_rows = mysql_num_rows($result);
// If $num_rows is False - It's not a duplicate
if(!$num_rows)
...
Consider using PDO PHP.net - PDO - mysql functions are depreciated.
i think it is because the php script (insert query) is at the same page of the HTML form, so when you refresh the page you tell the browser to call the php script again with previous data. so to prevent that separate the HTML form from the php so you code should be like:
1- HTML.php
<?php include("Connection.php"); ?>
<form role="form" method="post" action="Action.php">
<div class="col-md-6">
<div class="form-group">
<label>Type Name</label>
<input name="emptype" class="form-control" placeholder="Employee ID">
</div>
<div class="form-group">
<label>Type Description</label>
<input name="typedecs" class="form-control" placeholder="First Name">
</div>
</div>
<div class="col-md-12 text-right">
<input type="submit" value="submit">
</div> </form>
2- Action.php
<?php include("Connection.php");
$emptype=$_POST['emptype'];
$typedesc=$_POST['typedecs'];
if(isset($_POST['addtype']))
{
$query=mysql_query("insert into emptype(typename,typedesc)values('$emptype','$typedesc')")or die("<script>alert('Error');</script>");
echo '<script>showAlert();window.setTimeout(function () {HideAlert();},3000);</script>'; echo "<meta http-equiv='refresh' content='0;url=html.php'>";
?>
this will make html.php page call Action.php page when the submit button is pressed then the php script will be executed then it will redirect you to the html.php page again
I've made a html form using Bootstrap. I've used "required" to ensure data is populated in certain fields for the form to be submitted. This form goes to a php script that opens a database connection, inputs the values as per form submitted, directs to a thank you page and closes the connection.
Its my first hand coded form and my concern is security. How do I keep hackers/spammers at bay?
Can you point out, please, issues with my code so I can address them before I put this live. Please be gentle, Im a newbie with about 3 months of coding experience.
Please note the original form actually has 9 fields but I've omitted it presuming those details wont be necessary for this discussion.
HTML Code
<form class="form-horizontal" method="post" action="vacancy.php">
<div class="form-group">
<label for="company" class="col-sm-3 control-label">Company Name *</label>
<div class="col-sm-6">
<input type="text" name="company" class="form-control" placeholder="Enter Company Name" required />
</div>
</div>
<div class="form-group">
<label for="contactperson" class="col-sm-3 control-label">Contact Person *</label>
<div class="col-sm-6">
<input type="text" name="contactperson" class="form-control" placeholder="Enter Full Name" required />
</div>
</div>
<div class="form-group">
<label for="designation" class="col-sm-3 control-label">Designation *</label>
<div class="col-sm-6">
<input type="text" name="designation" class="form-control" placeholder="Enter Designation" required />
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-6">
<button type="submit" class="btn btn-primary">Submit</button>
<button type="reset" class="btn btn-default">Clear</button>
</div>
</div>
</form>
PHP Code
<?php
$con=mysqli_connect("localhost","db2u","password","db2");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO vacancy (Company, ContactPerson, Designation)
VALUES
('$_POST[company]','$_POST[contactperson]','$_POST[designation]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
header("Location: thankyou.html");
mysqli_close($con);
?>
EDIT : So it seems I need validation. Im looking at jqBootstrapValidation. Even considering htmlspecialchars (which ever is easier). I believe both would do an equally good job right? PDO is a bit too much for me at the moment.
Your code could be compromised by SQL injection http://en.wikipedia.org/wiki/SQL_injection.
Try use htmlspecialchars or better use PDO instead of OLD and DANGEROUS mysql_* functions.
You have not validated any field in your php code,
you should put validation in php file too, any user can remove "required" from input and can post the data.
Never trust the user input. You should escape the strings with mysqli_real_escape_string() function.
http://www.php.net/manual/en/mysqli.real-escape-string.php
$company = mysqli_real_escape_string($_POST[company]);
$contactperson = mysqli_real_escape_string($_POST[contactperson]);
$designation = mysqli_real_escape_string($_POST[designation]);
$sql="INSERT INTO vacancy (Company, ContactPerson, Designation) VALUES ('$company','$contactperson','$designation')";
I'm a newbie programmer trying to utilize Twitter Bootstrap to build out a concept. I'm using PHP and assigning actions within HTML tags to POST data and essentially take a user through the navigation. This has been pretty straightforward when using forms: i.e. here is a snippet that does work. For example, for this snippet of HTML:
<form action="?viewnotes" method="post">
<input type="hidden" name="id" value="<?php htmlout($note['id']); ?>">
</form>
It successfully triggers the following if statement in my index.php:
if (isset($_GET['viewnotes']))
However, I'm trying to do the same thing in my registration page, using a Twitter Bootstrap class for buttons. Here is the HTML:
<a class="btn btn-primary btn-large" action="?register">Sign Up Free!ยป</a></p>
The PHP code is:
if (isset($_GET['register']))
{
include 'register.html.php';
}
Clicking on the Sign Up button is not invoking the PHP code. If I hard code the URL it works, but then I have a similar issue on the register.html.php page. HTML on the register page has:
<form class="form-horizontal" action="?storeuser" method="post">
<fieldset>
<legend>It's quick and easy...</legend>
<div class="control-group">
<label class="control-label">First Name</label>
<div class="controls">
<input type="text" name="fname" class="input-xlarge" id="fname">
</div>
</div>
<div class="control-group">
<label class="control-label" name="lname">Last Name</label>
<div class="controls">
<input type="text" name="lname" class="input-xlarge" id="lname">
</div>
</div>
<div class="control-group">
<label class="control-label" name="email">Email Address</label>
<div class="controls">
<input type="text" name="email" class="input-xlarge" id="email">
</div>
</div>
<div class="control-group">
<label class="control-label" name="password">Password</label>
<div class="controls">
<input type="password" name="password" class="input-xlarge" id="password">
</div>
</div>
</fieldset>
<button type="submit" name="action" class="btn btn-primary btn-large">Complete Registration</button>
</form>
However, when clicking on the button, the index file does not trigger the following, which would store the fields into the DB.
if (isset($_GET['storeuser']))
If I hardcode the URL to register.html.php, then the resulting URL looks like localhost/register.html.php?storeuser instead of localhost/?storeuser. I'm not sure if that's affecting the behavior here.
Thank you for the help!
I think you're approaching this the wrong way, and it's not Twitter Bootstrap's fault.
Usually, you'd use POST, not GET, to handle user registrations. Your form would look like this:
<form action="register.php" method="post">
<!-- your form -->
<fieldset>
<input type="submit" name="register" value="Register" class="btn btn-primary" />
</fieldset>
</form>
You can then build register.php as follows:
<?php
if (isset($_POST['register'])) {
// handle user registration
}
// display form
?>
This will display the form when the user visits register.php, but will try and process the user registration first if the form's been POSTed.
try passing a value with your GET variable
<form action="?viewnotes=1" method="post">