I have problem in this code.
In this code when i press save data button , the data insert into database but when i refresh page then it's automatically insert into database, what should i do in my code then stop automatically insert data into database, thanks in advance
<?php
require './database/databaseConnection.php';
if(isset($_POST['save_button']))
{
if(($_POST['fname']&&($_POST['lname'])))
{
$first_name=$_POST['fname'];
$last_name=$_POST['lname'];
$qry="INSERT INTO user_master(first_name,last_name) values('$first_name','$last_name')";
$result= mysql_query($qry)or die(mysql_error());
if($result){
echo 'SuccessFully saved data';
}
else{
echo 'Data Not Inserted!';
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
<link rel="stylesheet" href="bootStrap/css/bootstrap.min.css">
<link rel="stylesheet" href="bootStrap/css/bootstrap.css">
</head>
<body>
<div class="container jumbotron ">
<form action="" method="post">
<table class="table-responsive">
<div class="form-group form-inline">
<tbody>
<tr>
<td> <label for="fname" class="label-info">First Name</label></td>
<td><input class="form-control" type="text" name="fname"></td>
<td><label for="lname" class="label-info">Last Name</label></td>
<td><input class="form-control" type="text" name="lname"></td>
</tr>
</tbody>
</div>
</table>
<button type="submit" name="save_button" class="btn-success" >Save Data</button>
</form>
</div>
</body>
</html>
This is happening because your action is empty
Update your action to this
action="<?php echo $_SERVER['PHP_SELF']; ?>"
Make a separate php file that will insert data to database. Give this in the form action attribute.
<form action="insert.php" method="post">
......
......
</form>
insert.php file
<?php
require './database/databaseConnection.php';
if(isset($_POST['save_button']))
{
if(($_POST['fname']&&($_POST['lname'])))
{
$first_name=$_POST['fname'];
$last_name=$_POST['lname'];
$qry="INSERT INTO user_master(first_name,last_name) values('$first_name','$last_name')";
$result= mysqli_query($qry)or die(mysql_error());
if($result){
echo 'SuccessFully saved data';
}
else{
echo 'Data Not Inserted!';
}
}
}
?>
You can use header() to redirect to your previous page if you want. Thus not allowing the refreshing of insert.php
header("location: your_page.php");
it will be safe if you use Prepared Statements
Take a look
Related
Hello I have problem with my php code it won't insert value to the database and when it does the value is duplicate.
Here is the php code:
if (isset($_GET['addform']))
{
include '../includes/db.inc.php';
try
{
$sql = 'INSERT INTO author SET Author_name = :Author_name, Author_email =:Author_email';
$s = $pdo->prepare($sql);
$s->bindvalue(':Author_name', $_POST['Author_name']);
$s->bindvalue(':Author_email', $_POST['Author_email']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error adding submitted author.';
include 'error.html.php';
exit();
}
header ('Location COMP1321/recipes/admin/authors/authors.html.php');
exit();
}
And here is the html form
<? php include 'index.php' ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title><?php html($pageTitle); ?></title>
</head>
<body>
<h1><?php html($pageTitle); ?></h1>
<form action="?addform" method="GET">
<label for="name"> Name: <input type="text" name="Author_name" id="Author_name"></label>
<br/>
<label for="email"> Email: <input type="text" name="Author_email" id="Author_email" ></label>
<br/>
<input type="hidden" name="id" value="<?php html($id); ?>">
<input type="submit" value="<?php html($button); ?>">
</form>
</body>
</html>
Any idea what went wrong here?
In your HTML code:
<form action="?addform" method="GET">
You are using GET as form method
And in your PHP code:
$s->bindvalue(':Author_name', $_POST['Author_name']);
$s->bindvalue(':Author_email', $_POST['Author_email']);
you are using POST
Try using same method to submit form from html code and get value in PHP code
I am a complete php beginner. My trainer dived into it without much explanation.
Other php questions in stackoverflow seems to follow some other syntax, so I'm confused.
Below are config.php and index.php files. Database name is practice in this code.
Table name is fbsign. Trainer said values should be inserted into database but when I tried with table, it worked last time.
This is driving me crazy for half a day. I don't know what I am doing wrong.
Also, does field name in the database and php code should be the same?
Q update: Yes, I did run the code. It says,'connected but not saved'?
PS: I thought SOF is to help people. I wouldn't ask the question if I knew the answer.
<?php
$con=new mysqli('localhost','root','','practice') or die(mysqli_error());
if(!$con)
{
echo "not connected";
}
else
{
echo "connected";
}
?>
**index.php**
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>sign up form</title>
</head>
<body>
<div id="content">
<h2>Create an account</h2>
<p>It's free and always will be.</p>
<form name="signup" method="post" action=" ">
<table>
<tr>
<td><input type="text" name="fname" placeholder="first
name" /></td>
</tr>
<tr>
<td><input type="text" name="sname"
placeholder="surname" /></td>
</tr>
<tr>
<td><input type="numbers" name="mob" placeholder="mobile
number or email address" /></td>
</tr>
<tr>
<td><input type="password" name="pass" placeholder="new
password" /></td>
</tr>
<tr>
<td> <input type="submit" name="submit" value="Create
Account"/> </td>
</tr>
</table>
</form>
</div> <!-- end of content -->
</body>
</html>
<!-- start of php -->
<?php
include('config.php');
extract($_POST);
if(isset($submit))
{
$query="insert into fbsign values('$fname','$sname','$mob,'$pass')";
if($con->query($query))
{
echo "data saved";
}
else
{
echo "not saved";
}
}
?>
Syntax in the sense that it's the most common practice for formatting, layout and methods?
Possibly.
Is it secure and properly done?
Not at all.
For starters, try using PDO with prepared statements. You also pass raw, untreated user inputs to your data by using extract($_POST), extract() should never be used on user inputs either from a $_GET or $_POST request. Check out this post here for a details on sanatizing user inputs.
<?php
include('config.php');
if(isset($_POST['submit']))
{
$fname=$_POST['fname'];
$sname=$_POST['sname'];
$mob=$_POST['mob'];
$pass=$_POST['pass'];
$ins="insert into fbsign (fname,sname,mob,pass)values('$fname','$sname','$mob','$pass')";
$ex=$con->query($ins);
if($ex)
{
echo "successfully inserted::";
}
else
{
echo "ERROR::";
}
}
?>
i have a problem with deleting the articles. I want it to delete after click on submit button but i dont know how. I do not want use javascript to autosubmit form in select tag. Can u help me ? I would appriciate that. Thanks.
<?php
session_start();
include_once('../includes/conn.php');
include_once('../includes/article.php');
$article= new Article;
if(isset($_SESSION['logged_in'])){
if(isset($_POST['id'])){
$id=$_POST['id'];
$query=$pdo->prepare('DELETE FROM articles WHERE article_id=?');
$query->bindValue(1, $id);
$query->execute();
header('Location: delete.php');
}
$articles=$article->fetch_all();
?>
<html>
<head>
<title>CMS Tutorial</title>
<link rel="stylesheet" href="assets/style.css" />
</head>
<body>
<div class="container">
CMS
<br/>
<h4>Delete article:</h4>
<form action="delete.php" method="post" name="id">
<select>
<?php foreach($articles as $article){?>
<option value="<?php echo $article['article_id']; ?>"><?php echo $article['article_title']; ?></option>
<?php } ?>
</select>
<input type="submit" value="Delete article">
</form>
</div>
</body>
?>
According to your code, shift name="id" from form to select.
You are trying to get selected id of drop down, so the name should be given to select.
<form action="delete.php" method="post" name="id">
<select>
to
<form action="delete.php" method="post">
<select name="id">
Another issue noticed in your code is, you should terminate execution
immediately after header('Location: delete.php'); with die(); or
exit(); to ensure remaining lines should not be executed. In PHP,
header() is just a function which helps in setting header, and here
you are settling Location header, which further handled by browser
for taking necessary action (here redirection). So, header() does
not ensure stopping execution of remaining code.
add <?php echo $_SERVER['PHP_SELF']; ?> to the form instead of delete.php to execute the php code above and i assume the file looks as your post .
and add name="id" to select element to grap the post value to manipulate instead of form.
i hope this works according to what you provide in your post.
session_start();
include_once('../includes/conn.php');
include_once('../includes/article.php');
$article= new Article;
if(isset($_SESSION['logged_in'])){
if(isset($_POST['id'])){
$id=$_POST['id'];
$query=$pdo->prepare('DELETE FROM articles WHERE article_id=?');
$query->bindValue(1, $id);
$query->execute();
header('Location: delete.php');
}
$articles=$article->fetch_all();
?>
<html>
<head>
<title>CMS Tutorial</title>
<link rel="stylesheet" href="assets/style.css" />
</head>
<body>
<div class="container">
CMS
<br/>
<h4>Delete article:</h4>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<select name="id">
<?php foreach($articles as $article){?>
<option value="<?php echo $article['article_id']; ?>"><?php echo $article['article_title']; ?></option>
<?php } ?>
</select>
<input type="submit" value="Delete article">
</form>
</div>
</body>
I am learning PHP and in the process of making a search engine. The following code will not echo the users input, in the search field, on the results page.
The search page:
<!DOCTYPE html>
<html>
<head>
<title>Search Engine</title>
<style type="text/css">
body {
background:#F0FFFF;
margin:-80px;
}
form {
margin:25%;
}
</style>
</head>
<body>
<form action="result.php" method="post">
<input type="text" name="user_query" size="80" placeholder="Enter Search Here" />
<input type="submit" name="search" value="Search Now" />
</body>
</html>
The results page:
<!DOCTYPE html>
<html>
<head>
<title>Results</title>
<style type="text/css">
.results {
margin:5%;
}
</style>
</head>
<body bgcolor="#F0FFFF">
<form action="result.php" method="get">
<span><b>Enter Query Here:</b></span>
<input type="text" name="user_keyword" size="80" />
<input type="submit" name="result" value="Search Now" />
</form>
<?php
if(isset($_GET['search'])) {
$get_value = $_GET['user_query'];
echo "<div class='results'>
$get_value;
</div>";
}
?>
</body>
</html>
Can someone tell me why the user's input is not being echoed when the search is run?
If you using method=post
In form tag you must receive you data as $_POST
Also method=get use $_GET
Edit this lines in result page to this
<?php
if(isset($_POST['search'])){
$get_value = $_POST['user_query'];
echo "<div class='results'>{$get_value}</div>";
}
?>
well the problem lies in your form tag you should have used method="get" if you want to get some data from database and if you are using method="post" you should have to use $_POST['search'] so your form tag shuld have to be like this
<form action="result.php" method="get">
and if you are going to use method="post" anyway than your $_GET['search'] should have to be $_POST['search']
but i will suggest you to use method="get" for searching query from database
I have a billing page which fetches data from the cart.
I am having a problem submitting these values to the database. How do i correct my php to get it to submit to the database correctly?
For example, i have a transactions table in my database, and i want all payment details to go there, which can later be fetched and outputted in the admin section as a receipt of order.
I cannot get the name, address, email, phone to submit correctly. It comes up with 0 in the database, how do i fix this?
How can i specifically use AJAX when the button is clicked to show a loading bar/page and then the success message?
I also get the error:
Notice: Undefined index: command in F:\xamppnew\htdocs\web\billing.php on line 5
Code:
<?php
include "storescripts/connect_to_mysql.php";
session_start();
if($_REQUEST['command']=='update'){
$name=$_REQUEST['name'];
$email=$_REQUEST['email'];
$address=$_REQUEST['address'];
$phone=$_REQUEST['phone'];
$item_id = $_SESSION['item_id'];
$quantityorder = $each_item['quantity'] = $_SESSION['quantity1'];
$cartTotal = $_SESSION['cartTotal'];
// Add this product into the database now
$sql = mysqli_query($link,"insert into transactions values('','$item_id','$quantityorder','$cartTotal','$name','$address','$email','$phone')");
die('Thank You! your order has been placed!');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="style/style.css" type="text/css" media="screen" />
<title>Billing Info</title>
<script language="javascript">
function validate(){
var f=document.form1;
if(f.name.value==''){
alert('Your name is required');
f.name.focus();
return false;
}
f.command.value='update';
f.submit();
}
</script>
</head>
<body>
<div align="center" id="mainWrapper">
<?php include_once("template_header.php");?>
<div id="pageContent">
<div style="margin:24px; text-align:left;">
<br />
<form name="form1" onsubmit="return validate()">
<input type="hidden" name="command" />
<div align="center">
<h1 align="center">Billing Info</h1>
<table border="0" cellpadding="2px">
<tr><td>Product ID:</td><td><?php echo $item_id = $_SESSION['item_id'];?></td></tr>
<tr><td>Total Quantity:</td><td><?php echo $each_item['quantity'] = $_SESSION['quantity1']; ?></td></tr>
<tr><td>Order Total:</td><td>£<?php echo $cartTotal = $_SESSION['cartTotal'];?></td></tr>
<tr><td>Your Name:</td><td><input type="text" name="name" /></td></tr>
<tr><td>Address:</td><td><input type="text" name="address" /></td></tr>
<tr><td>Email:</td><td><input type="text" name="email" /></td></tr>
<tr><td>Phone:</td><td><input type="text" name="phone" /></td></tr>
<tr><td> </td><td><input type="submit" value="Place Order" /></td></tr>
</table>
</div>
</div>
<?php include_once("template_footer.php");?>
</form>
</body>
</html>
did you use Mysqli to connect ?
if yes, change mysql_query to mysqli_query
and you need to add 'name' attribute to the submit button
and do this
if(isset($_POST['submit'])){....
It is a good practice to use addslashes over your values before concat them in an sql query
$name = addslashes($_REQUEST['name']);
$email = addslashes($_REQUEST['email']);
$address = addslashes($_REQUEST['address']);
$phone = addslashes($_REQUEST['phone']);