insert data in a wordpress database - php

I'm developing a WordPress plugin which is responsible for getting data from an external HTML form and then inserts it in the database. My form code is:
<html>
<body>
<form action = "http://wp.istic.online/wp-content/plugins/news-apps/index.php" method = "POST">
Name: <input type = "text" name = "name" />
<input type = "submit" />
</form>
</body>
</html>
My plugin code is:
<?php
register($_POST['name']);
register($_POST['name']);
function register($name) {
global $wpdb;
$wpdb->insert(
'gcm_tokens',
array(
'token' => $name
),
array(
'%s'
)
);
}
The data is not inserted however when I try to echo the $name variable it works perfectly. But when I try to echo it after the insert function it's not working.
Any help please?


Use wp_nonce_field() like below
<form>
/*
Your code
*/
<input type="hidden" name="action" value="new_post" />
<?php wp_nonce_field( 'new-post' ); ?>
</form>


First, make sure you have correct db prefix, correct table name and you can get $POST variable correctly.
I tried your code by call register('Test'); and It works.

Related

Get value in a textfield using GET method PHP

I have a PHP file named "delete-wish-form.php" with a form that has the following fields:
wishId (hidden field) The value of this field should be equal to a GET variable that is passed in via the URL.
So my question is if the URL is delete-wish-form.php?wishId=1 then I want my hidden field to look like this:
CODE:
<!DOCTYPE HTML>
<html>
<title>Delete Wishes</title>
<body>
<h2>Wishes Form</h2>
<?php
$wishId = $_GET['wishId'];
?>
<form method="get" action="process-delete-wish-form">
<input type="hidden" name="wishId">
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>

You should check if the wishId is define in your url param to avoid thrown error in form, and use htmlspecialchars to avoid xss attack on GET parameter
<?php
$wishId = '';
if(isset($_GET['wishId'])) {
$wishId = htmlspecialchars($_GET['wishId'],ENT_QUOTES);
}
?>
and then in your input hidden field
<input type="hidden" name="wishId" value="<?php echo $wishId;?>">

How to acess form details in php page using html 'id' attribute

i have a form having employeeNo,name and a submit button. when the form is submitted it redirects to a php page, Now the problem is i want to access the values of the form by using 'id' attribute?if possible i need the html and php code.
Is there a way to solve this Problem?
enter code here<html>
<head>
</head>
<body>
<form action="test.php" method="">
<input type="text" name='employeeNo' id="input1">
<br>
<input type="text" name='name' id="input2">
<br>
<input type="submit" id="input3">
</form>
</body></html>

In your test.php file you need to retrieve the values. Since you don't define any method in your form, by default it should be "GET"
Your php file could look like the following:
<?php
$employee_no = $_GET['employeeNo'];
$name = $_GET['name'];
I would suggest defining your form method as POST though, like the following:
...
<form action="test.php" method="POST">
...
so your php file will retrieve values from form like this:
<?php
$employee_no = $_POST['employeeNo'];
$name = $_POST['name'];
You may also look at this for further explanation:
https://www.w3schools.com/php/php_forms.asp

Url from form using php

I am trying to create a link to include variables from a form.
The script below works put only includes the first variable:
http://example.com/abc.php?id=2
I want it to send:
http://example.com/abc.php?id=2&name=zac
PHP code shown below:
$base = 'http://example.com/abc.php';
$id=$_GET['ID'];
$name=$_GET['Name'];
$data = array(
'id' => $id,
'name' => $name,
);
$url = $base . '?' . http_build_query($data);
header("Location: $url");
exit;

You could make your life a bit easier by just sending the form via $_GET and it will redirect to the URL like you're wanting. Here's an example:
<form action="http://example.com/abc.php" method="GET">
<input type="text" name="ID" />
<input type="text" name="Name" />
</form>
This would send the user to: http://example.com/abc.php?ID=id_value&Name=name_value
Note: This will send all form variables with a value set.

How to stay on HTML form page and not navigate to php form action page

I am working on a html form which will connect to a database using a php script to add records.
I have it currently working however when I submit the form and the record is added , the page navigates to a blank php script whereas I would prefer if it when submitted , a message appears to notify the user the record is added but the page remains the same. My code is below if anyone could advise me how to make this change.
Html Form :
<html>
<form class="form" id="form1" action="test.php" method="POST">
<p>Name:
<input type="Name" name="Name" placeholder="Name">
</p>
<p>Age:
<input type="Number" name="Age" placeholder="Age">
</p>
<p>Address
<input type="text" name="Address" placeholder="Address">
</p>
<p>City
<input type="text" name="City" placeholder="City">
</p>
</form>
<button form="form1" type="submit">Create Profile</button>
</html>
PHP Database Connection Code :
<html>
<?php
$serverName = "xxxxxxxxxxxxxxxxxxxxxxxx";
$options = array( "UID" => "xxxxxxxxx", "PWD" => "xxxxxxxx",
"Database" => "xxxxxxxxxx");
$conn = sqlsrv_connect($serverName, $options);
if( $conn === false )
{
echo "Could not connect.\n";
die( print_r( sqlsrv_errors(), true));
}
$Name = $_POST['Name'];
$Age = $_POST['Age'];
$Address = $_POST['Address'];
$City = $_POST['City'];
$query = "INSERT INTO [SalesLT].[Test]
(Name,Age,Address,City) Values
('$Name','$Age','$Address','$City');";
$params1 = array($Name,$Age,$Address,$City);
$result = sqlsrv_query($conn,$query,$params1);
sqlsrv_close($conn);
?>
</html>

Typically your action file would be something like thankyou.php where you'd put whatever message to the user and then maybe call back some data that was submitted over. Example:
Thank you, [NAME] for your oder of [ITEM]. We will ship this out to you very soon.
Or this file can be the the same page that your form resides on and you can still show a thank you message with some javascript if your page is HTML. Something like:
<form class="form" id="form1" action="test.php" method="POST onSubmit="alert('Thank you for your order.');" >

I am taking into consideration that your PHP Database Connection Code snipplet that you posted above is called test.php because you have both connecting to the data base and inserting data into the database in one file.
Taking that into consideration, I think the only line you are missing, to return you back to to top snipplet of code that I shall call index.php would be an include statement just after the data has been added to the database
$query = "INSERT INTO [SalesLT].[Test]
(Name,Age,Address,City) Values ('$Name','$Age','$Address','$City');";
$params1 = array($Name,$Age,$Address,$City);
$result = sqlsrv_query($conn,$query,$params1);
echo "Data added";
include 'index.php'; //This file is whatever had the earlier form
Once you hit the submit button on your form, test.php is called, your data is handled and passed back to index.php.
N.B:
The other thing i should mention is to make it a habit of using mysqli_real_escape_string() method to clean the data that is in the $_POST[]; because in a real website, if you don't, you give an attacker the chance to carry out SQL injection on your website :)

you said page is coming blank and data is saved so i assumed that there are two files one which contains form and another which contains php code (test.php).
when you submit the form you noticed that form is submitted on test.php
and your test.php has no any output code that's why you are seeing blank page.
so make a page thankyou.php and redirect on it when data is saved.header('Location: thankyou.php'); at the end of file.

Put this in form action instead of test.php
<form action=<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?> method="post">
Put your php code at top of the page.
$Name = $_POST['Name'];
This is step closer to being a safer way to posting into your db as well.
$Name =mysqli_real_escape_string( $_POST['Name']);
I like the jscript Alert from svsdnb to tell user data was successfully added to db.

This is not intended to be an out of the box solution; it's just to get you pointed in the right direction. This is completely untested and off the top of my head.
Although you certainly could do a redirect back to the html form after the php page does the database insert, you would see a redraw of the page and the form values would be cleared.
The standard way to do what you're asking uses AJAX to submit the data behind the scenes, and then use the server's reply to add a message to the HTML DOM.
Using JQuery to handle the javascript stuff, the solution would look something like this:
HTML form
<html>
<!-- placeholder for success or failure message -->
<div id="ajax-message"></div>
<form class="form" id="form1">
<p>Name: <input type="Name" name="Name" placeholder="Name"></p>
<p>Age: <input type="Number" name="Age" placeholder="Age"></p>
<p>Address: <input type="text" name="Address" placeholder="Address"></p>
<p>City: <input type="text" name="City" placeholder="City"></p>
<!-- change button type from submit to button so that form does not submit. -->
<button id="create-button" type="button">Create Profile</button>
</form>
<!-- include jquery -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<!-- ajax stuff -->
<script>
// wait until DOM loaded
$(document).ready(function() {
// monitor button's onclick event
$('#create-button').on('click',function() {
// submit form
$.ajax({
url: "test.php",
data: $('#form1').serialize,
success: function(response) {
$('#ajax-message').html(response);
}
});
});
});
</script>
</html>
test.php
<?php
// note: never output anything above the <?php tag. you may want to set headers.
// especially in this case, it would be better to output as JSON, but I'm showing you the lazy way.
$serverName = "xxxxxxxxxxxxxxxxxxxxxxxx";
$options = array( "UID" => "xxxxxxxxx", "PWD" => "xxxxxxxx", "Database" => "xxxxxxxxxx");
$conn = sqlsrv_connect($serverName, $options);
if( $conn === false ) {
echo "Could not connect.\n";
die( print_r( sqlsrv_errors(), true));
}
$Name = $_POST['Name'];
$Age = $_POST['Age'];
$Address = $_POST['Address'];
$City = $_POST['City'];
// if mssql needs the non-standard brackets, then put them back in...
// note placeholders to get benefit of prepared statements.
$query = "INSERT INTO SalesLT.Test " .
"(Name,Age,Address,City) Values " .
"(?,?,?,?)";
$params1 = array($Name,$Age,$Address,$City);
$success = false;
if($result = sqlsrv_query($conn,$query,$params1)) {
$success = true;
}
sqlsrv_close($conn);
// normally would use json, but html is sufficient here
// done with php logic; now output html
if($success): ?>
<div>Form submitted!</div>
<?php else: ?>
<div>Error: form not submitted</div>
<?php endif; ?>

error with submitting a form in wordpress

i've created a plugin (simple form) and this is the shortcode.php file:
<?php
add_shortcode('contact_form','contact_form');
function contact_form(){
if (isset($_POST['submit'])){
global $wpdb, $table_prefix;
$name = $_POST['name'];
$data = array('name'=>$name,'message'=>'message');
$wpdb->insert($table_prefix.'contact_form',$data,array('%s','%s'));
echo 'added';
}
?>
<form method="POST" action="" id="contact_form">
Name: <input type="text" name="name"><br>
<input type="submit" name="submit" value="submit">
</form>
<?php
}
when I submit the form, if I write sth in the text field, is says 'The page doesn't exist' but if i leave it empty, it submits the form.
what is the problem?
I have used this shortcode in a page.

See this question on the WordPress StackExchange site. In summary, WordPress gets confused by a field called name. Try renaming it to (say) contact_name.
Loads more detail here (also wpse).

Categories