i am able to enter text in html and am able to submit. but then i get a blank page. whats wrong? is it the code?
here it is
<html>
<body>
<form action ="students.php" method="post">
USN : <input type="text" name="id">
NAME : <input type="text" name="n">
age : <input type="text" name="a">
<input type="submit">
</form>
</body>
</html>
and php code is
<html>
<body>
<?php
$connect=mysqli_connect("localhost","root","1234") or die("cant connect");
mysqli_select_db($connect,"student") or die("cant connect to database");
$usn=$_POST["id"];
$name=$_POST["n"];
$age=$_POST["a"];
$query="insert into student_info (usn,name,age) values('$usn','$name','$age')";
if(mysqli_query($connect,$query))
{
echo "inserted";
}
else
{
echo "could not insert";
}
mysqli_close($connect);
?>
</body>
</html>
as stated in this answer :
https://stackoverflow.com/a/21429652/7091942.
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
However, this doesn't make PHP to show parse errors - the only way to show those errors is to modify your php.ini with this line:
display_errors = on
You are validating incorrectly... You can use mysqli_affected_rows to check if there was a change in the database, instead of putting the query in an if statement, since that shouldn't work.
Also, consider using error_reporting(E_ALL); and look up sanitation, to secure your queries for sql-injection.
Related
I am starting to learn the basics of SQL and PHP codes.
I am trying to create a simple newsletter subscription page. this would require the user to enter their email and submit. That will then get added to my database.
Now, this works well when the HTML and PHP code are separate and the submission occurs but redirects to the PHP page with the echo.
I want to get the message on the same page and I tried merging the PHP code in the page as below
<?php
if($_SERVER['REQUEST_METHOD'] === 'POST'){
mysql_connect("hostname", "username", "password");
mysql_select_db("db name");
$user = $_POST['email'];
$query = "INSERT INTO tablename(columname)VALUES('$email')";
echo "inserted";
}
?>
<html>
<form method="POST" action="" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
</html>
Hoever with this code it just doesnt do anything.
What have am I doing wrong here? Appreciate your expert advice.
There are few mistakes in the code, you can fix them by doing the following:
Save the file as a php file first. For example name it "email.php".
Make the form action="email.php"
Don't write two complete separate codes in the same file, one for php file and the other for html file like you did. You can include the html code inside the php code using heredoc syntax which allows you to include a long html code like the following:
echo<<<_HTMLCODE
<form method="POST" action="" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
_HTMLCODE;
In the query syntax, add $user instead $email because the variable $user contains the value submitted by the form.
Add a code to excute the inserted query. for example:
mysql_query($query);
So your final code will be like this:
<?php
if($_SERVER['REQUEST_METHOD'] === 'POST'){
mysql_connect("hostname", "username", "password");
mysql_select_db("db name");
$user = $_POST['email'];
$query = "INSERT INTO tablename VALUES('$user')";
mysql_query($query);
echo "inserted";
}
echo<<<_HTMLCODE
<form method="POST" action="email.php" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
_HTMLCODE;
?>
I have tried the code above after I added the data of my database on the localhost and after I created a table for the emails and it worked. Here is the edited code with my database access info and the table name in my code editor:
When i opened the table emails in my database, I found the email that I had submitted using the form (your modified code):
(advice: use mysqli instead of mysql)
Please use prepare statements to prevent Sql Injections.
Here is sample code try this.
ini_set('display_errors', 1);
ini_set('log_errors', 1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$connect = new mysqli ("localhost", "root", "usbw", "test");
if (mysqli_connect_errno()) {
echo 'Failed to connect to MySQL:' . mysqli_connect_error();
}
if (isset($_POST['submit'])) {
$email = filter_input(FILTER_VALIDATE_EMAIL, $_POST['email']);
$sql = "INSERT INTO table (email) VALUES (?)";
$stmt = $connect->prepare($sql);
$stmt->bind_param('s', $email);
$result = $stmt->execute();
if ($result) {
$msg = 'Succesfully added';
} else {
$msg = 'OOPS Error Occured';
}
}
?>
<html>
<form method="POST" action="" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
</html>
Need help identifying the problem with the following basic html/php code which works correctly when I input plain text in the textarea. Why does it return blank page when I enter a URL e.g. http://www.example.com?
<form action="" method="POST">
<textarea rows="10" cols="100" name="userdata">
<?=$_POST["userdata"]; ?></textarea>
<input type="submit" name="submit" value="Send" />
</form>
<?php
echo $_POST["userdata"];
?>
When you load page first time value of $_POST["userdata"] is not set and is empty. and when your submit then only its value changed. just because of post data.
If you again hard refresh then its value will be empty. because of not post.
Simply I must say, store data in DB and fetch and then display. To do so
Post your value to another page or if in same page check by isset($_POST['userdata']) and store into db.
And Fetch from db before your html and display into textarea.
You code is working. Only first time you open the page $_POST["userdata"] does not exist yet, so try this code:
<form action="" method="POST">
<textarea rows="10" cols="100" name="userdata">
<?php
if (isset($_POST["userdata"])) {
echo $_POST["userdata"];
}
?>
</textarea>
<input type="submit" name="submit" value="Send" />
</form>
<?php
if (isset($_POST["userdata"])) {
var_dump( $_POST["userdata"]);
} else{
echo 'No data';
}
?>
When you see a blank page it is an error, to see all errors, put this code on the beginning of you page:
<?php
ini_set('error_reporting', E_ALL);
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
?>
OS: Ubuntu, Apache2, mysql-server
I hosted one index.html on localhost in Apache2 server with one dc.php file
<!DOCTYPE html>
<head>
</head>
<body>
<form method="post" name="form1" action="dc.php">
Username <input type="text" name="username" id="username"/>
Password <input type="text" name="password" id="password"/>
<input type="submit" value="Submit">
</form>
<form method="post" name="form2" action="cancel.html">
</body>
and here is code for dc.php file
<?php
session_start();
ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$mysqlPassword="mypass#"; // Mysql pass
$db_name="mydb1"; // Database name
$tbl_name="mytbl1"; // Table name
mysql_connect("$host", "$username","$mysqlPassword")or die("Cannot connect to MySQL database.");
mysql_select_db("$db_name")or die("MySQL database unavailable.");
$password=$_POST['username'];
$confirm=$_POST['password'];
if ($password != $confirm) {
header("location:error.html");
break;
}
mysql_query("INSERT INTO mytbl1(password, confirm) VALUES('$password', '$confirm');");
echo "Updating records... $password";
ob_end_flush();
?>
so when i clicking on submit button instead of executing php file, the browser stops with url
http://localhost/dc.php
with blank page, and the values are not inserted in mysql.
your action of form is dc.php so if you submit your form the page goes to dc.php , your problem because an error occurred in your code you can add this lines to first of your code to see what excatly make error [in dc.php]
error_reporting(E_ALL);
ini_set("display_errors", 1);
In the following code, data from html form is not received by php variables. The code directly executes if-else statement without waiting for input.
<?php
if(mysql_connect("localhost","root","")==false)
{
die ("Connection Failed");
}
mysql_select_db("fb");
$id=$_POST["email"];
$pwd=$_POST["password"];
$sql=mysql_query("SELECT* FROM admin WHERE id='$id' AND pass='$pwd'");
if($sql)
{
die ("Login");
}
else
{
die ("Failed");
}
?>
<!DOCTYPE html>
<html lang='en'>
<head>
<meta charset="UTF-8" />
<title>
HTML Document Structure
</title>
<!--<link rel="stylesheet" type="text/css" href="style.css" />!-->
</head>
<body>
<form method="POST">
<h1>Welcome</h1>
<div class="inset">
<p>
<label for="email">Login</label>
<input type="text" name="email" id="email">
</p>
<p>
<label for="password">PASSWORD</label>
<input type="password" name="password" id="password">
</p>
</div>
<p class="p-container">
<span>Forgot password ?</span>
<input type="submit" name="Login" id="Login" value="Log in">
</p>
</form>
</body>
</html>
I know this code is vulnerable to SQL injection but who care if its an home assignment. :)
The code directly executes if-else statement without waiting for input.
The reason being is that you have your entire code (HTML/PHP/SQL) inside one file with no conditional statement to control it.
Using your submit button's name element with if(isset($_POST['Login'])) will fix that.
Another option would be to use two seperate files. One with your form and the other with the PHP/SQL and setting action="handler.php" for your form's action.
<form method="POST"> is equivalent to <form method="POST" action=""> (self).
<?php
if(mysql_connect("localhost","root","")==false)
{
die ("Connection Failed");
}
mysql_select_db("fb");
$id=$_POST["email"];
$pwd=$_POST["password"];
if(isset($_POST['Login'])){
$sql=mysql_query("SELECT * FROM admin WHERE id='$id' AND pass='$pwd'");
if($sql)
{
die ("Login");
}
else
{
die ("Failed");
}
} // brace for if(isset($_POST['submit']))
?>
The following links will help you later on.
For passwords, CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.
Plus, mysqli with prepared statements, or PDO with prepared statements.
Always use error reporting this will help you to debug code.
Plus, use or die(mysql_error()) to mysql_query() instead of just the way you have it now. It will signal the actual error, should there be any.
The code directly executes if-else statement without waiting for input.
Then tell it to do those action after input.
if($_POST) {
$id=$_POST["email"];
$pwd=$_POST["password"];
$sql=mysql_query("SELECT* FROM admin WHERE id='$id' AND pass='$pwd'");
if($sql)
{
die ("Login");
}
else
{
die ("Failed");
}
}
I know this code is vulnerable to SQL injection but who care if its an home assignment.
Never give up security just because of the nature of the project. You'll fall into a trap, and then it will bite you later on in life. Make sure you secure your application irregardless of the project.
I have a problem inserting information into a sql database.
The user needs to answer a question and submit that.
<!DOCTYPE html>
<html>
<head>
<title>Some title</title>
</head>
<body>
<form action="neg.php" method="post">
<b>Enter a title:</b><br /><input type="text" name"title" /><br />
<input type="submit" value="I !" />
</form>
</body>
</html>
The php page looks like this:
<?php
/* get all input*/
$connection = mysqli_connect("localhost","X","Y","Z") or die("Some error occurred during connection " . mysqli_error($connection));
$sql="INSERT INTO xyz (title)
VALUES
('$_POST[title]')";
if (!mysqli_query($connection,$sql))
{
die('Error: ' . mysqli_error($connection));
}
echo "1 record added";
?>
Can anyone please help me out here? I'm really stuck, tried a million things, but simply do not see what went wrong. I also do not get an error, so I'm unsure what the problem is. Can anyone please help me out here?
Thanks in advance!
EDIT
OP changed INSERT INTO dislike to INSERT INTO xyz from an edit after my submitting this answer, including changing value="I don't want to see this show ever again!" to value="I !"
Original answer from original question:
The reason why your query is not working is because the = is missing in name"title"
Change it to name="title"
You should also consider using prepared statements or PDO.
The method you're using now, is open to SQL injection
I've made it a bit more safer for you doing it the following way:
<?php
/* get all input*/
$connection = mysqli_connect("localhost","X","Y","Z") or die("Some error occurred during connection " . mysqli_error($connection));
$title=mysqli_real_escape_string($connection,$_POST['title']);
$sql="INSERT INTO dislike (title) VALUES ('$title')";
if (!mysqli_query($connection,$sql))
{
die('Error: ' . mysqli_error($connection));
}
echo "1 record added";
?>
HTML rewrite:
<!DOCTYPE html>
<html>
<head>
<title>Dislike series</title>
</head>
<body>
<form action="neg.php" method="post">
<b>Enter a title:</b><br /><input type="text" name="title" /><br />
<input type="submit" value="I don't want to see this show ever again!" />
</form>
</body>
</html>
Here are a few tutorials on prepared statements that you can study and try:
Tutorial one
Tutorial two
Tutorial three
Here are a few tutorials on PDO:
PDO tutorial one
PDO tutorial two
PDO tutorial three