<?php include("header.php")?>
<?php include("menu.php")?>
<div id="registrationPage">
<div id="registrationDiv" ></div>
<fieldset id="registrationFieldPos">
<legend><h3>Register</h3></legend>
<form id="registrationForm" action="registrationaction.php" method="POST" enctype="multipart/form-data">
<table>
<tr>
<td><label>First Name :</label></td>
<td><input type="text" name="fname" /></td>
</tr>
<tr>
<td><label>Last Name :</label></td>
<td><input type="text" name="lname" /></td>
</tr>
<tr>
<td><label>Username :</label></td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td><label>Password :</label></td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><label>Confirm Password :</label></td>
<td><input type="password" name="passwordconfirm" /></td>
</tr>
<tr>
<td><label>Email :</label></td>
<td><input type="email" name="email" /></td>
</tr>
<tr>
<td><label>Image :</label></td>
<td><input type="file" name="fileUpload" /></td>
</tr>
<tr>
<td><label>Country :</label></td>
<td>
<select name="country">
<?php
$connection = mysqli_connect('localhost', 'root', '', 'mutetistore') or die('connection error'. mysql_error());
mysqli_select_db($connection, 'mutetistore');
$sql = "SELECT * FROM apps_countries" ;
$results = mysqli_query($connection, $sql);
while($result = mysqli_fetch_array($results)):;
?>
<option value=" <?php echo $result['country_name']; ?> "> <?php echo $result['country_name'];?> </option>
<?php endwhile; ?>
</select>
</td>
</tr>
<tr>
<td><label>Languages :</label></td>
<td>
<label>English <input type="checkbox" name="Languages[]" value = "English" /></label>
<label>French<input type="checkbox" name="Languages[]" value = "French" /></label>
<label>Swahili<input type="checkbox" name="Languages[]" value = "Swahili" /></label>
</td>
</tr>
<tr>
<td><label>Gender:</label></td>
<td>
<label>Male <input type="radio" name="gender" value = "male"/></label>
<label>Female</label><input type="radio" name="gender" value = "female"/>
</td>
</tr>
<tr>
<td><input type="submit" name="save" value = "registered"/></td>
</tr>
</table>
</form>
</fieldset>
<div id="divEnd">
</div>
</div>
<?php include("footer.php")?>
<?php
require('databaseconn.php');
if(isset($_POST['save']) ) {
$firstname = $_POST['fname'];
$lastname = $_POST['lname'];
$username = $_POST['username'];
$password = $_POST['password'];
$passwordconfirm = $_POST['passwordconfirm'];
$country = $_POST['country'];
$gender = $_POST['gender'];
$Languages = $_POST['Languages'];
$imagename = $_FILES['fileUpload']['name'];
$imagesize = $_FILES['fileUpload']['size'];
$imagetmp = $_FILES['fileUpload']['tmp_name'];
if(empty( $firstname)) {
echo "please enter username";
}else if(empty( $lastname)) {
echo "please enter lastname";
}else if(empty( $username)) {
echo "please enter username";
}else if(empty( $password)) {
echo "please enter password";
}else if(empty( $password !== $passwordconfirm)) {
echo "password do not match";
}else if(empty( $country)) {
echo "please select your country ";
}else if(empty( $gender)) {
echo "please select your gender ";
}else if(empty( $imagename)) {
echo "please select image";
}else {
$uploadFolder = "Uploads/";
$filename = rand(1000,100000)."-".$imagename;
$filenameUpload = move_uploaded_file($imagetm, $uploadFolder, $filename);
$sql = "INSERT INTO `register` (`id`, `firstname`, `lastname`, `username`, `password`, `country`, `gender`, `language`, `imageName`, `imageSize`, `imageTemp`)
VALUES (NULL, '$firstname', '$lastname', '$username', '$password', '$country', '$gender', '$Languages', '$filenameUpload', '$imagesize', '$imagetmp')";
}
}
?>
<?php echo $_POST["fname"]; ?><br>
<?php echo $_POST["lname"]; ?><br>
<?php echo $_POST["username"]; ?><br>
<?php echo $_POST["password"]; ?><br>
<?php echo $_POST["passwordconfirm"]; ?><br>
<?php echo $_POST["country"]; ?><br>
<?php echo $_POST["gender"]; ?><br>
<?php echo $_POST["password"]; ?><br>
<?php echo $_POST["passwordconfirm"]; ?><br>
<?php echo $_POST["country"]; ?><br>
This code is giving me headache. Could someone spot the error? I have tried it for a day without a solution. I want it to submit data to database (image ,checkbox,radio,etc). I want it to put all the selected checkboxs to database. I will later learn about the implode, exlode, to add commas to the code.
First two lines:
<?php include("header.php")?> <---- End the statement with ;
<?php include("menu.php")?> <---- Here too!
On Other Lines:
while($result = mysqli_fetch_array($results)):; <---What is this? It should be { //Code here
and The closing of while loop should be this! ->} not <?php endwhile; ?>
Here:
}else if(empty( $password !== $passwordconfirm)) { // Your Operation should be != and not !==
Maybe your id should be declared as an Auto-increment. And not to be added as NULL.
Youre full of headaches.. hahaha
Related
I am trying to create a sign up sheet for an assignment but i am having difficulty as i have to allow for admin rights so i decide to create a column called administrator in my table as a boolean ie true or false. on my sign up sheet i wish to use a checkbox if its checked they are an administrator if not then they are not.
how can i make the check box = 1 or 0 to the mysql statment?
here is the code for sign up:
<form method="POST" action="new-user 2.php">
<td>Full Name</td><td>
<input type="text" name="name"></td>
</tr>
<tr>
<td>Email</td>
<td>
<input type="text" name="email"></td>
</tr>
<tr>
<td>UserName</td>
<td>
<input type="text" name="user">
</td> </tr>
<tr>
<td>Password</td>
<td>
<input type="password" name="pass">
</td>
</tr>
<tr>
<td>Confirm Password </td>
<td><input type="password" name="cpass">
</td>
</tr>
</tr>
<tr>
<td>Administrator </td>
<td><input type="checkbox" name="cbox" />
</td>
</tr>
<tr>
<td>
<input id="button" type="submit" name="submit" value="Register">
</td>
</tr>
</form>
</table>
</fieldset>
</div>
</div>
</body>
</html>
<?php
if(isset($_POST['cbox']))
{
$administrator ='1';
}
else
{
$administrator ='0';
}
?>
Thank you
Update:
The new user2.php code is as follows:
require_once('connection.php');
function NewUser()
{
#$salt = 'sadfh9832asd34rf28asjvddap';
#$crypt = crypt ($salt .$password);
$fullname = $_POST['name'];
$userName = $_POST['user'];
$email = $_POST['email'];
$administrator =$_POST['administrator'];
#$password = crypt($_POST['pass']);
$password = md5($_POST['pass']);
echo "<hr>".$_POST['pass'] . "=[$password]<hr>";
#$password = stripslashes($password);
#$password = mysql_real_escape_string($password);
$query = "INSERT INTO `WebsiteUsers`(`fullname`, `userName`, `email`, `pass`, `administrator`) VALUES ('$fullname','$userName','$email','$password', 'administrator')";
$data = mysql_query ($query)or die(mysql_error());
echo "<hr>$query<hr>";
if($data)
{
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
function SignUp()
{
if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-Up.html, is it empty or have some text
{ $query = mysql_query("SELECT * FROM WebsiteUsers WHERE userName = '$_POST[user]'
AND pass = '$_POST[pass]'") or die(mysql_error());
if(!$row = mysql_fetch_array($query) or die(mysql_error()))
{
newuser();
}
else
{
echo "SORRY...YOU ARE ALREADY A REGISTERED USER..."; }
}
}
if(isset($_POST['submit']))
{
SignUp();
}
#header("location:index.html");
?>
<?php
$cookie_name = "cookieuser";
$cookie_value = $fullname;
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
?>
Give a value to the checkbox like this
<input type="checkbox" name="cbox" value="1" />
Then check if that value is assigned to the $_POST variable like this.
if($_POST['cbox'] == '1')
Complete code is listed below. I have done some modifications.
<form method="POST" action="new-user 2.php">
<td>Full Name</td><td>
<input type="text" name="name"></td>
</tr>
<tr>
<td>Email</td>
<td>
<input type="text" name="email"></td>
</tr>
<tr>
<td>UserName</td>
<td>
<input type="text" name="user">
</td> </tr>
<tr>
<td>Password</td>
<td>
<input type="password" name="pass">
</td>
</tr>
<tr>
<td>Confirm Password </td>
<td><input type="password" name="cpass">
</td>
</tr>
</tr>
<tr>
<td>Administrator </td>
<td><input type="checkbox" name="cbox" value="1" />
</td>
</tr>
<tr>
<td>
<input id="button" type="submit" name="submit" value="Register">
</td>
</tr>
</form>
</table>
</fieldset>
</div>
</div>
</body>
</html>
<?php
if(isset($_POST['cbox']))
{
if($_POST['cbox'] == '1'){
$administrator ='1';
}else{
$administrator ='0';
}
}else
{
$administrator ='0';
}
?>
Per your form elemenet, <form method="POST" action="new-user 2.php"> this script is submitting to new-user 2.php. If this page is new-user 2.php then $administrator will be 1 or 0 (as a string).
If this page is not new-user 2.php then this check:
<?php
if(isset($_POST['cbox']))
{
$administrator ='1';
}
else
{
$administrator ='0';
}
?>
will not run, because the PHP only executes on page load; it is not available once the page has loaded.
$_POST['cbox'] is either going to have the value of on or not be set.
You can see all values being submitted by outputting the POST after the form is submitted with this, print_r($_POST);.
If this is new-user 2.php then please update your question to where the usage of $administrator can be seen.
Per your update code the issue is you are checking the wrong form element. Your form element is cbox, not administrator. You also are open to SQL injections with this code and are using the deprecated driver, mysql_. You should switch up to mysqli or pdo.
On to your code... Your NewUser function should be updated to:
function NewUser()
{
#$salt = 'sadfh9832asd34rf28asjvddap';
#$crypt = crypt ($salt .$password);
$fullname = mysql_real_escape_string($_POST['name']);
$userName = mysql_real_escape_string($_POST['user']);
$email = mysql_real_escape_string($_POST['email']);
$administrator = isset($_POST['cbox']) ? 1 : 0;
#$password = crypt($_POST['pass']);
$password = md5($_POST['pass']);
echo "<hr>".$_POST['pass'] . "=[$password]<hr>";
#$password = stripslashes($password);
#$password = mysql_real_escape_string($password);
$query = "INSERT INTO `WebsiteUsers`(`fullname`, `userName`, `email`, `pass`, `administrator`) VALUES ('$fullname','$userName','$email','$password', $administrator)";
$data = mysql_query ($query)or die(mysql_error());
echo "<hr>$query<hr>";
if($data)
{
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
Note the escaping and $administrator = isset($_POST['cbox']) ? 1 : 0;.
I have a form with file upload and user name exits checking conditions.
What im facing it the data are not getting insert in mysql db. file as been successfully saved in given path. kindly help me on this im wasted already 2days with that i tried a lot myself.
form.php
<table style="text-align:right">
<form id="add" method="POST" action="action.php" enctype="multipart/form-data">
<tr>
<h4 class='bg-info'>
<br/>         Become a Member of jobportal and find the right job. Create your Profile now, Free!<br/><br/>
</h4>
</tr>
<tr>
<td></td>
<td> * Mandatory Fields </td>
</tr>
<tr>
<div class="col-md-1"></div>
<td>Enter Your Email-ID: *</td>
<td><input class="form-control input-sm" placeholder="Email ID" type="textfield" name="email"required></td>
</tr>
<tr>
<td>Choose password *</td>
<td><input class="form-control input-sm" placeholder="Enter Your Password" type="password" name="password"required/></td>
</tr>
<td>Re-Enter Your password *</td>
<td><input class="form-control input-sm" placeholder="Enter Your Password" type="password" name="repassword"required/></td>
</tr>
<tr>
<td> Please Enter Your Full Name:</td>
<td> <input class="form-control input-sm" placeholder="Enter Full Name" type="textfield" name="name"required></td>
</tr>
<tr>
<td>Your Current Location: *<td>
<select class="form-control input-sm" required name="location">
<option value='' disabled selected style='display:none;'>Select location *</option>
<option>Andhra Pradesh</option>
<option>Arunachal Pradesh</option>
<option>Assam</option>
<option>Bihar</option>
<option>Chhattisgarh</option>
<option>Goa</option>
<option>Gujarat</option>
<option>Haryana</option>
<option>Himachal Pradesh</option>
<option>Jammu and Kashmir</option>
<option>Jharkhand</option>
<option>Karnataka</option>
<option>Kerala</option>
<option>Madhya Pradesh</option>
<option>Maharashtra</option>
<option>Maharashtra</option>
<option>Manipur</option>
<option>Meghalaya</option>
<option>Mizoram</option>
<option>Nagaland</option>
<option>Odisha</option>
<option>Punjab</option>
<option>Rajasthan</option>
<option>Sikkim</option>
<option>Tamil Nadu</option>
<option>Telangana</option>
<option>Tripura</option>
<option>Uttar Pradesh</option>
<option>Uttarakhand</option>
<option>West Bengal</option>
</select></td>
</td>
</tr>
<tr>
<td>Enter Your Mobile Number: *</td>
<td><input class="form-control input-sm" placeholder="mobile number" type="textfield" name="mobilenumber" required/></td>
</tr>
<tr>
<td>Experience:</td>
<td>
<select class="form-control input-sm" required name="experience">
<option value='' disabled selected style='display:none;'>Select Experience</option>
<option>Fresher</option>
<option>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
</select>
</td>
</tr>
<tr>
<td>Key Skill: *</td>
<td>
<input class="form-control input-sm" placeholder="Enter Your Skill" type="textfield" name="keyskill"/>
</td>
</tr>
<tr>
<td>Please Select your PG Degree</td>
<td>
<select class="form-control input-sm" required name="degree">
<option value='' disabled selected style='display:none;'>Select Degree</option>
<option>B.sc</option>
<option>B.E</option>
<option>B.Com</option>
<option>others</option>
</select>
</td>
</tr>
<tr>
<td>Please Select Higher Studies:</td>
<td>
<select class="form-control input-sm" required name="hsc">
<option value='' disabled selected style='display:none;'>Select Higher Studies</option>
<option>HSC</option>
<option>Diploma</option>
<option>ITI</option>
<option>others</option>
</select>
</td>
</tr>
<tr>
<td>Please Select your Gender: *</td>
<td>
<select class="form-control input-sm" required name="gender">
<option value='' disabled selected style='display:none;'>Select</option>
<option>Male</option>
<option>Female</option>
<option>others</option>
</select>
</td>
</tr>
<tr>
<td>Upload your Resume :</td>
<td><input type="file" name="filep"></td>
</tr>
<tr>
<td> </td>
<td>by clicking register u accepting our terms and condtions. click here !</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="add" class="btn btn-info btn-sm" id="add" value="Register With JobPortal">
</td>
</tr>
</form>
</table>
action.php
$con = mysqli_connect('localhost','root','');
if (!$con) {
die('Could not connect: ' . mysql_error());
} else {
echo 'connected';
}
if (isset($_POST['add']) ) {
if (!get_magic_quotes_gpc() ) {
$email = addslashes ($_POST['email']);
} else {
$email = $_POST['email'];
}
$email = $_POST['email'];
$password = md5 ($_POST['password']);
$name = $_POST['name'];
$location = $_POST['location'];
$mobilenumber = $_POST['mobilenumber'];
$experience = $_POST['experience'];
$keyskill = $_POST['keyskill'];
$degree = $_POST['degree'];
$hsc = $_POST['hsc'];
$gender = $_POST['gender'];
$resume = $_FILES['filep']['name'];
$folder = "C:/wamp/www/userlogin/pic/";
$name="SELECT emailid FROM userregistration WHERE emailid='$email'";
mysqli_select_db($con, 'login');
$result = mysqli_query($con, $name);
if (mysqli_num_rows($result)!=0) {
echo "Username already exists";
} else {
echo"data entered done";
}
if (move_uploaded_file($_FILES["filep"]["tmp_name"], $folder . $_FILES["filep"]["name"])) {
echo "images moved sus";
} else {
echo "not done";
}
echo "<p align=center>File ".$_FILES["filep"]["name"]."loaded...";
$sql = "INSERT INTO userregistration "
. "(email, password, name, location, mobilenumber, experience, keyskill, degree, hsc, gender, resume)"
. "VALUES('$email', '$password', '$name', '$location', '$mobilenumber', '$experience', '$keyskill',
'$degree', '$hsc', '$gender', '$resume')";
mysqli_select_db($con, 'login');
$retval = mysqli_query($con, $sql);
if (!$retval) {
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
echo' insert more data ';
mysqli_close($con);
}
What I exactly need is: I want to upload form data with the file url into database and need to check email id or name already exits.
I only get error in $sql = "insert into" portion other than else working fine.
Thanks in advance.
echo your sql query before
mysqli_select_db($con, 'login');
and execute it in your Mysql phpmyadmin...
I guess there is some problem in your query formation, spacing between words or something.
Errors
Missing database name
mysqli_connect("localhost","root","","login");
And error in $sql query
So final well-From code is
<?php
$con= mysqli_connect("localhost","root","","login");;//missing database
if (! $con)
{
die('Could not connect: ' . mysql_error());
}
else{
echo 'connected';
}
if(isset($_POST['add']))
{
if(! get_magic_quotes_gpc() )
{
$email = addslashes ($_POST['email']);
}
else
{
$email = $_POST['email'];
}
$email = $_POST['email'];
$password = md5 ($_POST['password']);
$name = $_POST['name'];
$location = $_POST['location'];
$mobilenumber = $_POST['mobilenumber'];
$experience = $_POST['experience'];
$keyskill = $_POST['keyskill'];
$degree = $_POST['degree'];
$hsc = $_POST['hsc'];
$gender = $_POST['gender'];
$resume = $_FILES['filep']['name'];
$folder = "C:/wamp/www/userlogin/pic/";
$query001="SELECT emailid FROM userregistration WHERE emailid='$email'";
$result = mysqli_query($con, $query001);
if(mysqli_num_rows($result)!=0){
echo "Username already exists";
}
else
{
echo"data entered done";
if (move_uploaded_file($_FILES["filep"]["tmp_name"], $folder . $_FILES["filep"]["name"]))
{
echo "images moved sus";
}
else
{
echo "not done";
}
echo "<p align=center>File ".$_FILES["filep"]["name"]."loaded...";
$sql = "INSERT INTO userregistration (email, password, name, location, mobilenumber, experience, keyskill,
degree, hsc, gender, resume) VALUES('$email','$password','$name','$location','$mobilenumber','$experience','$keyskill','$degree','$hsc','$gender','$resume')";
$retval = mysqli_query($con, $sql);
if(!$retval )
{
die('Could not enter data: ' . mysql_error());
}
else
{
echo "Entered data successfully\n";
echo' insert more data ';
mysqli_close($con);
}
}
}
?>
and be aware with MySQL Injection.
simply you can use mysqli_real_escape_string()
Example
$name = mysqli_real_escape_string($_POST['name']);
Tip from(Comment)
You have $name declared twice in your code - rename the $name select statement. ($name = $_POST['name']; and also $name="SELECT emailid FROM userregistration WHERE emailid='$email'"; ) – Jesse C
I have a simple form on my page and I want to make sure every field is filled before inserting the values into the database. The problem is the condition never met, even if every field is filled I still get "Something is missing"...
Search:
<form method="post" action="<?php echo $_SERVER[" PHP_SELF "]?>">
<input placeholder="e-mail address" type="text" name="email_search">
<input type="submit" name="search" value="Go">
<?php if (isset($_POST[ "search"])) { $email_search=m ysql_real_escape_string($_POST[ "email_search"]); $check=m ysql_query( "SELECT * FROM torzsvendegek WHERE email = '$email_search'"); $s=m ysql_fetch_array($check); }?>
<form method="post" action="<?php echo $_SERVER[" PHP_SELF "]?>">
<table width="440" border="0" style="text-align:right;">
<tr>
<td>E-mail:</td>
<td>
<input type="text" name="email" value="<?php echo $email_search;?>" disabled>
</td>
</tr>
<tr>
<td>Név:</td>
<td>
<input type="text" name="nev" value="<?php echo $s['nev'];?>">
</td>
</tr>
<tr>
<td>Mikor:</td>
<td>
<input type="text" name="mikor">
</td>
</tr>
<tr>
<td>Éjszakák száma:</td>
<td>
<input type="text" name="ejszakak">
</td>
</tr>
<tr>
<td>Nemzetisége:</td>
<td align="left">
<select name="nyelv">
<option value="magyar" <?php if($s[ 'nyelv']=="magyar" ) echo "selected=\"selected\ ""; ?>>Magyar</option>
<option value="nemet" <?php if($s[ 'nyelv']=="nemet" ) echo "selected=\"selected\ ""; ?>>Német</option>
<option value="lengyel" <?php if($s[ 'nyelv']=="lengyel" ) echo "selected=\"selected\ ""; ?>>Lengyel</option>
<option value="roman" <?php if($s[ 'nyelv']=="roman" ) echo "selected=\"selected\ ""; ?>>Román</option>
<option value="szlovak" <?php if($s[ 'nyelv']=="szlovak" ) echo "selected=\"selected\ ""; ?>>Szlovák</option>
<option value="egyeb" <?php if($s[ 'nyelv']=="egyeb" ) echo "selected=\"selected\ ""; ?>>Egyéb</option>
</select>
</td>
</tr>
<tr>
<td>Megjegyzés:</td>
<td>
<textarea name="megjegyzes">
<?php echo htmlspecialchars($s[ 'megjegyzes']);?>
</textarea>
</td>
</tr>
</table>
<br>
<table width="440">
<tr>
<td>
<input type="submit" name="submit_add" value="Hozzáad">
</td>
</tr>
</table>
</form>
<?php if (isset($_POST[ "submit_add"]) && !empty($_POST[ "nev"]) && !empty($_POST[ "email"]) && !empty($_POST[ "mikor"]) && !empty($_POST[ "ejszakak"])){ $nev=m ysql_real_escape_string($_POST[ "nev"]); $email=m ysql_real_escape_string($_POST[ "email"]); $mikor=m ysql_real_escape_string($_POST[ "mikor"]); $ejszakak=m ysql_real_escape_string($_POST[ "ejszakak"]); $nyelv=m ysql_real_escape_string($_POST[ "nyelv"]); $megjegyzes=m ysql_real_escape_string($_POST[ "megjegyzes"]); $check2=m ysql_query( "SELECT * FROM torzsvendegek WHERE email = '$email'"); $br="<br>" ; if (mysql_num_rows($check2)> 0) { $adatok = mysql_fetch_array($check2); $osszesen = ($adatok['ejszakak'] + $ejszakak); mysql_query("UPDATE torzsvendegek SET nev = '".$nev."', mikor = '".$adatok['mikor']."".$mikor."".$br."', ejszakak = '".$osszesen."', nyelv = '".$nyelv."', megjegyzes = '".$adatok['megjegyzes']."".$megjegyzes."".$br."' WHERE email = '".$email."'"); echo "
<br>".$email." Updated"; } else { mysql_query("INSERT INTO torzsvendegek (id, nev, email, mikor, ejszakak, nyelv, megjegyzes) VALUES (NULL, '$nev', '$email', '".$mikor."".$br."', '$ejszakak', '$nyelv', '".$megjegyzes."')"); echo "
<br>".$email." Added"; } } else { echo "Something is missing"; } ?>
You made 2 mistakes in your code:
1) You didn't close the first form (missing </form>)
2) You disabled the E-mail input field which resulted in always empty
Here's the updated (though deprecated and insecure!!!) code:
<?php
if(isset($_POST["search"])){
$email_search = mysql_real_escape_string($_POST["email_search"]);
$check = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email_search'");
$s = mysql_fetch_array($check);
}
if(isset($_POST["submit_add"]) && !empty($_POST["nev"]) && !empty($_POST["email"]) && !empty($_POST["mikor"]) && !empty($_POST["ejszakak"])){
$nev = mysql_real_escape_string($_POST["nev"]);
$email = mysql_real_escape_string($_POST["email"]);
$mikor = mysql_real_escape_string($_POST["mikor"]);
$ejszakak = mysql_real_escape_string($_POST["ejszakak"]);
$nyelv = mysql_real_escape_string($_POST["nyelv"]);
$megjegyzes = mysql_real_escape_string($_POST["megjegyzes"]);
$check2 = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email'");
$br = "<br>";
if (mysql_num_rows($check2) > 0){
$adatok = mysql_fetch_array($check2);
$osszesen = ($adatok['ejszakak'] + $ejszakak);
mysql_query("UPDATE torzsvendegek SET nev = '".$nev."', mikor = '".$adatok['mikor']."".$mikor."".$br."', ejszakak = '".$osszesen."', nyelv = '".$nyelv."', megjegyzes = '".$adatok['megjegyzes']."".$megjegyzes."".$br."' WHERE email = '".$email."'");
echo "<br>".$email." Updated";
} else {
mysql_query("INSERT INTO torzsvendegek (id, nev, email, mikor, ejszakak, nyelv, megjegyzes) VALUES (NULL, '$nev', '$email', '".$mikor."".$br."', '$ejszakak', '$nyelv', '".$megjegyzes."')");
echo "<br>".$email." Added";
}
} else {
echo "Something is missing";
}
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
Search: <input placeholder="e-mail address" type="text" name="email_search">
<input type="submit" name="search" value="Go">
</form>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<table width="440" border="0" style="text-align:right;">
<tr>
<td>E-mail:</td>
<td><input type="text" name="email" value="<?php echo $email_search;?>"></td>
</tr>
<tr>
<td>Név:</td>
<td><input type="text" name="nev" value="<?php echo $s['nev'];?>"></td>
</tr>
<tr>
<td>Mikor:</td>
<td><input type="text" name="mikor"></td>
</tr>
<tr>
<td>Éjszakák száma:</td>
<td><input type="text" name="ejszakak"></td>
</tr>
<tr>
<td>Nemzetisége:</td>
<td align="left">
<select name="nyelv">
<option value="magyar" <?php if($s['nyelv']=="magyar") echo "selected=\"selected\""; ?>>Magyar</option>
<option value="nemet" <?php if($s['nyelv']=="nemet") echo "selected=\"selected\""; ?>>Német</option>
<option value="lengyel" <?php if($s['nyelv']=="lengyel") echo "selected=\"selected\""; ?>>Lengyel</option>
<option value="roman" <?php if($s['nyelv']=="roman") echo "selected=\"selected\""; ?>>Román</option>
<option value="szlovak" <?php if($s['nyelv']=="szlovak") echo "selected=\"selected\""; ?>>Szlovák</option>
<option value="egyeb" <?php if($s['nyelv']=="egyeb") echo "selected=\"selected\""; ?>>Egyéb</option>
</select>
</td>
</tr>
<tr>
<td>Megjegyzés:</td>
<td><textarea name="megjegyzes"><?php echo htmlspecialchars($s['megjegyzes']);?></textarea></td>
</tr>
</table>
<br>
<table width="440">
<tr>
<td><input type="submit" name="submit_add" value="Hozzáad"></td>
</tr>
</table>
</form>
You need to close your search form tag to keep the two forms separated
Search:<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>"><input placeholder="e-mail address" type="text" name="email_search"><input type="submit" name="search" value="Go"></form>
and
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<table width="440" border="0" style="text-align:right;">
<tr><td>E-mail:</td><td><input type="text" name="email" value="<?php echo $email_search;?>" disabled></td></tr>
<tr><td>Név:</td><td><input type="text" name="nev" value="<?php echo $s['nev'];?>"></td></tr>
<tr><td>Mikor:</td><td><input type="text" name="mikor"></td></tr>
<tr><td>Éjszakák száma:</td><td><input type="text" name="ejszakak"></td></tr>
<tr><td>Nemzetisége:</td><td align="left"> <select name="nyelv">
<option value="magyar" <?php if($s['nyelv']=="magyar") echo "selected=\"selected\""; ?>>Magyar</option>
<option value="nemet" <?php if($s['nyelv']=="nemet") echo "selected=\"selected\""; ?>>Német</option>
<option value="lengyel" <?php if($s['nyelv']=="lengyel") echo "selected=\"selected\""; ?>>Lengyel</option>
<option value="roman" <?php if($s['nyelv']=="roman") echo "selected=\"selected\""; ?>>Román</option>
<option value="szlovak" <?php if($s['nyelv']=="szlovak") echo "selected=\"selected\""; ?>>Szlovák</option>
<option value="egyeb" <?php if($s['nyelv']=="egyeb") echo "selected=\"selected\""; ?>>Egyéb</option>
</select></td></tr>
<tr><td>Megjegyzés:</td><td><textarea name="megjegyzes"><?php echo htmlspecialchars($s['megjegyzes']);?></textarea></td></tr>
</table><br>
<table width="440"><tr><td><input type="submit" name="submit_add" value="Hozzáad"></td></tr></table>
</form>
You did not close your search form and you need to remove the disabled attribute from your email input field.
I re-wrote your code to help you will debugging. I commented out all the stuff related to the database so you can focus on the form fields only. Here is the code I re-wrote. I left comments so you can see what I did.
<?php
/******JUST TO MAKE DEBBUGGING EASIER***/
echo "<pre>"; // Start of the pre> tags
/**ANYTHING TO DO WITH THE DATABASE I HAVE COMMENTED OUT**/
if(isset($_POST["search"])){
$email_search = mysql_real_escape_string($_POST["email_search"]);
/**PRINT_R FOR DEBUGGING PURPOSES, REMOVE!!*/
print_r($email_search);
//$check = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email_search'");
//$s = mysql_fetch_array($check);
}
/***CHECK THE POST DATA, REMOVE FROM APPLICATION ONCE YOU HAVE DEBUGGED THE DATA**/
print_r($_POST);
/***I WILL STORE THE POST DATA IN VARIABLES BEFORE CHECKING**/
$nev = isset($_POST["nev"]) ? mysql_real_escape_string($_POST["nev"]) : null;
$email = isset($_POST["email"]) ? mysql_real_escape_string($_POST["email"]) : null;
$mikor = isset($_POST["mikor"]) ? mysql_real_escape_string($_POST["mikor"]) : null;
$ejszakak = isset($_POST["ejszakak"]) ? mysql_real_escape_string($_POST["ejszakak"]) : null;
$nyelv = isset($_POST["nyelv"]) ? mysql_real_escape_string($_POST["nyelv"]) : null;
$megjegyzes = isset($_POST["megjegyzes"]) ? mysql_real_escape_string($_POST["megjegyzes"]) : null;
if(isset($_POST["submit_add"]) && !is_null($nev) && !is_null($email) && !is_null($mikor) && !is_null($ejszakak)){
/*******
SINCE I ALREADY HAVE THEM, YOU NEED TO REMOVE THEM FROM THE CODE
$nev = mysql_real_escape_string($_POST["nev"]);
$email = mysql_real_escape_string($_POST["email"]);
$mikor = mysql_real_escape_string($_POST["mikor"]);
$ejszakak = mysql_real_escape_string($_POST["ejszakak"]);
$nyelv = mysql_real_escape_string($_POST["nyelv"]);
$megjegyzes = mysql_real_escape_string($_POST["megjegyzes"]);
******/
//$check2 = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email'");
$br = "<br>";
/*********
if (mysql_num_rows($check2) > 0) {
$adatok = mysql_fetch_array($check2);
$osszesen = ($adatok['ejszakak'] + $ejszakak);
mysql_query("UPDATE torzsvendegek SET nev = '".$nev."', mikor = '".$adatok['mikor']."".$mikor."".$br."', ejszakak = '".$osszesen."', nyelv = '".$nyelv."', megjegyzes = '".$adatok['megjegyzes']."".$megjegyzes."".$br."' WHERE email = '".$email."'");
echo "<br>".$email." Updated";
}else {
mysql_query("INSERT INTO torzsvendegek (id, nev, email, mikor, ejszakak, nyelv, megjegyzes) VALUES (NULL, '$nev', '$email', '".$mikor."".$br."', '$ejszakak', '$nyelv', '".$megjegyzes."')");
echo "<br>".$email." Added";
}
****/
}elseif (isset($_POST["submit_add"])) {
echo "Something is missing";
}
echo '</pre>';//end of pre
?>
Search:
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<input placeholder="e-mail address" type="text" name="email_search">
<input type="submit" name="search" value="Go">
</form>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<table width="440" border="0" style="text-align:right;">
<tr>
<td>E-mail:</td>
<td><input type="text" name="email" value="<?php echo $email;?>" ></td>
</tr>
<tr>
<td>Név:</td>
<td><input type="text" name="nev" value="<?php echo $nev;?>"></td>
</tr>
<tr>
<td>Mikor:</td>
<td><input type="text" name="mikor" value="<?php echo $mikor;?>"></td>
</tr>
<tr>
<td>Éjszakák száma:</td>
<td><input type="text" name="ejszakak" value="<?php echo $ejszakak;?>"></td>
</tr>
<tr>
<td>Nemzetisége:</td>
<td align="left">
<select name="nyelv">
<option value="magyar" <?php if($nyelv=="magyar") echo "selected=\"selected\""; ?>>Magyar</option>
<option value="nemet" <?php if($nyelv=="nemet") echo "selected=\"selected\""; ?>>Német</option>
<option value="lengyel" <?php if($nyelv=="lengyel") echo "selected=\"selected\""; ?>>Lengyel</option>
<option value="roman" <?php if($nyelv=="roman") echo "selected=\"selected\""; ?>>Román</option>
<option value="szlovak" <?php if($nyelv=="szlovak") echo "selected=\"selected\""; ?>>Szlovák</option>
<option value="egyeb" <?php if($nyelv=="egyeb") echo "selected=\"selected\""; ?>>Egyéb</option>
</select>
</td>
</tr>
<tr>
<td>Megjegyzés:</td>
<td><textarea name="megjegyzes"><?php echo htmlspecialchars($megjegyzes);?></textarea>
</td>
</tr>
</table><br>
<table width="440">
<tr><td><input type="submit" name="submit_add" value="Hozzáad"></td></tr>
</table>
</form>
i am a beginner and am trying to make a form validation with PHP. i want to check if one of the inputs is empty, the form says that the empty input is required.
I show the php script behind.
<?php
$titleErr = $authorErr = $keywordsErr = $contentErr = "";
$title = $author = $keywords = $content = "";
if (empty($_POST["submit"])) {
if(empty($_POST["title"])){
$titleErr = "title is required";
}
if(empty($_POST["author"])){
$authorErr = "author name is required";
}
if(empty($_POST["keywords"])){
$keywordsErr = "keywords are required";
}
if(empty($_POST["content"])){
$contentErr = "This field is required";
}
}
?>
<form method="post" action="insert_post.php">
<table width="600" align="center" border="10">
<tr>
<td align="center" bgcolor="yellow" colspan="6"><h1>Insert New Post Here</h1></td>
</tr>
<tr>
<td align="right">Post Title:</td>
<td><input type="text" name="title" size="38">
<span style="color:red;"><?php echo $titleErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Author:</td>
<td><input type="text" name="author" size="38">
<span style="color:red;"><?php echo $authorErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Keywords:</td>
<td><input type="text" name="keywords" size="38">
<span style="color:red;"><?php echo $keywordsErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Image:</td>
<td><input type="file" name="image"></td>
</tr>
<tr>
<td align="right">Post Content</td>
<td><textarea name="content" cols="30" rows="15"></textarea>
<span style="color:red;"><?php echo $contentErr; ?></span>
</td>
</tr>
<tr>
<td align="center" colspan="6"><input type="submit" name="submit" value="Publish Now"></td>
</tr>
</table>
</form>
</body>
</html>
<?php
include("includes/connect.php");
if(isset($_POST['submit'])){
$title = $_POST['title'];
$date = date('d-m-Y');
$author = $_POST['author'];
$keywords = $_POST['keywords'];
$content = $_POST['content'];
$image = $_FILES['image'] ['name'];
$image_tmp = $_FILES['image'] ['tmp_name'];
move_uploaded_file($image_tmp, "../images/$image");
$query = "INSERT INTO posts (post_title, post_date, post_author, post_keywords, post_image, post_content) VALUES('$title', '$date', '$author', '$keywords', '$image', '$content')";
$result = mysqli_query($conn, $query);
if($query){
echo"<center><h1>Post Published Succesfully!</h1></center>";
}
}
?>
The problem is i want to stop the scrit if the inputs are empty but i can't use functions like: exit() and break;.
and if i submit, the form sends empty values to the database :C.
how can i solve this problem?
We make use of session variables which temporarily stores data locally. To use sessions we must always start sessions by session_start() at the start of every page to be able to access the variables. Now we can store data and pass it to whatever page we want to without having to send it - we just store it and then grab it.
index.php
<?php
session_start();
$titleErr = $authorErr = $keywordsErr = $contentErr = "";
$title = $author = $keywords = $content = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if(empty($_POST["title"])){
$titleErr = "title is required";
}
if(empty($_POST["author"])){
$authorErr = "author name is required";
}
if(empty($_POST["keywords"])){
$keywordsErr = "keywords are required";
}
if(empty($_POST["content"])){
$contentErr = "This field is required";
}
if(!empty($_POST["title"]) && !empty($_POST["author"]) && !empty($_POST["keywords"]) && !empty($_POST["content"])){
$_SESSION["title"] = $_POST["title"];
$_SESSION["author"] = $_POST["author"];
$_SESSION["keywords"] = $_POST["keywords"];
$_SESSION["content"] = $_POST["content"];
$_SESSION["image"] = $_FILES["image"];
header("location: insert_post.php");
exit();
}
}
?>
<form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<table width="600" align="center" border="10">
<tr>
<td align="center" bgcolor="yellow" colspan="6"><h1>Insert New Post Here</h1></td>
</tr>
<tr>
<td align="right">Post Title:</td>
<td><input type="text" name="title" size="38" value="<?php if(isset($_POST['title'])){ echo $_POST['title']; }; ?>">
<span style="color:red;"><?php echo $titleErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Author:</td>
<td><input type="text" name="author" size="38" value="<?php if(isset($_POST['author'])){echo $_POST['author']; }; ?>">
<span style="color:red;"><?php echo $authorErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Keywords:</td>
<td><input type="text" name="keywords" size="38" value="<?php if(isset($_POST['keywords'])){echo $_POST['keywords']; }; ?>">
<span style="color:red;"><?php echo $keywordsErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Image:</td>
<td><input type="file" name="image"></td>
</tr>
<tr>
<td align="right">Post Content</td>
<td><textarea name="content" cols="30" rows="15" value="<?php if(isset($_POST['content'])){echo $_POST['content']; }; ?>"></textarea>
<span style="color:red;"><?php echo $contentErr; ?></span>
</td>
</tr>
<tr>
<td align="center" colspan="6"><input type="submit" name="submit" value="Publish Now"></td>
</tr>
</table>
</form>
</body>
</html>
insert_post.php
<?php
session_start();
include("includes/connect.php");
$title = $_SESSION['title'];
$author = $_SESSION['author'];
$keywords = $_SESSION['keywords'];
$content = $_SESSION['content'];
$date = date('d-m-Y');
$image = $_SESSION['image']['name'];
$image_tmp = $_SESSION['image']['tmp_name'];
move_uploaded_file($image_tmp, "../images/$image");
$query = "INSERT INTO posts (post_title, post_date, post_author, post_keywords, post_image, post_content) VALUES('$title', '$date', '$author', '$keywords', '$image', '$content')";
$result = mysqli_query($conn, $query);
if($query){
echo"<center><h1>Post Published Succesfully!</h1></center>";
}
else{
echo "<center><h1>Error! Post was not published!</h1></center>";
}
echo $title . " " . $author . " " . $keywords . " " . $content;
?>
Btw, you should be using prepared statements for your database inserts to prevent SQL-injections. Read more about it here.
You don't hAve to Break the Script using the Exit Funktion. Just prove if the error variables aren't empty and only in the Case when they aren't empty send a dB-request.
Chenge these lines:
include("includes/connect.php");
if(isset($_POST['submit'])){
to
include("includes/connect.php");
if( isset($_POST['submit']) //Fix here, it will only insert if all error message
&& empty($titleErr) //are empty.
&& empty($authorErr)
&& empty($keywordsErr)
&& empty($contentErr) ){
Edit
And also change this line
if (empty($_POST["submit"])) {
To
if (isset($_POST["submit"])) {
On the init of your script. The empty function will return true if you did not submit the page, that's why you are hving the error messages.
I am having problem in this following code.It says undefined index on line 83.The second problem is that there is a huge gap between the text fill the required form and the input textbox of the form during output.Please help me out.The code is posted below.
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
$firstnameErr = $lastnameErr = $emailErr = "";
$firstname = $lastname = $email = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["firstname"]))
{
$firstnameErr = "Name is required";
}
else
{
$firstname = test_input($_POST["firstname"]);
}
if (empty($_POST["lastname"]))
{
$lastnameErr = "Name is required";
}
else
{
$lastname = test_input($_POST["lastname"]);
}
if (empty($_POST["email"]))
{
$emailErr = "Email is required";
}
else
{
$email = test_input($_POST["email"]);
}
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<div text align =center><h1>Eventous Info</h1></div>
<h3>Fill the Required Form:</h3>
<p><span class="error">*required field</span></p>
<table>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<tr><?php// echo htmlspecialchars($_SERVER["PHP_SELF"]);?>
<td>Firstname:</td>
<td><input type="text" name="firstname" ></td>
<td><span class="error">* <?php echo $firstnameErr;?></span></td><br><br>
</tr>
<tr>
<td>Lastname:</td>
<td><input type="text" name="lastname" ></td>
<td><span class="error">* <?php echo $lastnameErr;?></span></td><br><br>
</tr>
<tr>
<td>Email</td>
<td><input type="text" name="email"></td>
<td><span class="error">* <?php echo $emailErr;?></span></td><br><br>
</tr>
<tr>
<td>Phone:</td>
<td><input type="text" name="number"><td><br><br>
</tr>
</table>
<input type="submit" >
</form>
<?php
$con = mysql_connect("localhost","ashu123","bangalore");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("evantus", $con);
$sql="INSERT INTO employee (firstname, lastname, email, phone )
***LINE-83***
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[email]','$_POST[number]')";
$sql = "select * from employee";
$query = mysql_query( $sql );
echo "<table>";
echo "<tr><th>firstname</th>";
echo "<th>lastname</th>";
echo "<th>email</th>";
echo "<th>phone</th></tr>";
while( $row = mysql_fetch_assoc($query) )
{
echo "<tr><td>$row[firstname]</td>";
echo "<td>$row[lastname]</td>";
echo "<td>$row[email]</td>";
echo "<td>$row[phone]</td></tr>";
}
echo "</table>";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con)
?>
</body>
</html>
Your form has invalid html code. In short, just use:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<table>
<tr>
<td>Firstname:</td>
<td><input type="text" name="firstname" ></td>
<td><span class="error">* <?php echo $firstnameErr;?></span><br /><br /></td>
</tr>
<tr>
<td>Lastname:</td>
<td><input type="text" name="lastname" ></td>
<td><span class="error">* <?php echo $lastnameErr;?></span><br /><br /></td>
</tr>
<tr>
<td>Email</td>
<td><input type="text" name="email"></td>
<td><span class="error">* <?php echo $emailErr;?></span><br /><br /></td>
</tr>
<tr>
<td>Phone:</td>
<td><input type="text" name="number"><br /><br /><td>
<td></td>
</tr>
</table>
<input type="submit" >
</form>
More about it:
1. After opening the <table> element, next one must be table row, so <form> must be a wrapper to your table.
2. You have placed breaks after closing the </td> tag, which is wrong - they should be inside table cell.
3. Ref: undefined index, guess it is only a warning that you are using the $_POST variable that does not exist.
I feel your insert query is not right, try the query below.
$sql="INSERT INTO employee (firstname, lastname, email, phone ) VALUES ('".$_POST['firstname']."','".$_POST['lastname']."','".$_POST['email']."','".$_POST['number']."')";