I have created a CMS with a ban feature to ban accounts who violate the rules.
However, when I ban someone, I will ban the user but also myself. The unstyled text will appear only if you're an administrator:
You have been banned.
and if you're an user which is being banned, you'll get
Your account has been disabled and cannot be used anymore.
You find the details below.
Date: 13-04-2016 16:06:27
Reason: Violation of the EULA.
If you have questions, feel free to contact the administrator.
And now it's getting spooky: the text above is the only text I have in my scripts. The "You have been banned" is some old, pre-alpha text but it's still spooking around. So for the record, I have deleted this text a long time ago. I have searched every file, every include and every database.
I have even done a map search for the "You have been banned" sentence. No luck, he couldn't find anything! I have also restarted XAMPP and the databases and I also have logged out and logged in again; didn't work either.
Details about the issue.
Text is fully blanco, no styles or anything.
Only appears at admin.php
Appears when a user is banned - I have double checked the ban script and everything is running OK. Queries are pointing to the right database, etc.
Because the text only appears on admin.php, we need to take a look at admin.php. It's a file of 520 lines.
The ban script is on the top:
$sql = "SELECT * FROM bans WHERE user_name='".$_SESSION['user_name']."'";
$result = $conn->query($sql);
if(mysqli_num_rows($result) != 0) {
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$blocked = "
<div class='modal-inner' style='width:500px'>
<h2>Account disabled</h2>
Your account has been disabled and cannot be used anymore.<br />You find the details below.<br /><br />
Processed: ". $row["user_dateofban"] ."<br />
Reason: ". $row["reason"] ."<br /><br />
If you have questions, feel free to contact the administrator.
</div>
";
exit($blocked);
}
}
}
Hope someone can help me out, it's super frustrating!
admin.php
the top.php & bot.php both are just html files. No php.
<?php
include("loginsys.php");
if ($login->isUserLoggedIn() == true) {
//ban config
$sql = "SELECT * FROM bans WHERE user_name='".$_SESSION['user_name']."'";
$result = $conn->query($sql);
if(mysqli_num_rows($result) != 0) {
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$blocked = "
<div class='modal-inner' style='width:500px'>
<h2>Account disabled</h2>
Your account has been disabled and cannot be used anymore.<br />You find the details below.<br /><br />
Processed: ". $row["user_dateofban"] ."<br />
Reason: ". $row["reason"] ."<br /><br />
If you have questions, feel free to contact the administrator.
</div>
";
exit($blocked);
}
}
}
if(isset($_SESSION['user_rank']) && $_SESSION['user_rank'] == "3") {
if(isset($_GET["page"]) && $_GET["page"] == "customization") {
include("assets/top.php");
if(isset($_POST['editcustom'])) {
$sql = "UPDATE customization SET iam='".$_POST["iam"]."', iam2='".$_POST["iam2"]."', about='".$_POST["about"]."', about2='".$_POST["about2"]."', about3='".$_POST["about3"]."', recentwork='".$_POST["recentwork"]."', recentwork2='".$_POST["recentwork2"]."', getintouch='".$_POST["getintouch"]."', getintouch2='".$_POST["getintouch2"]."', address='".$_POST["address"]."', phone='".$_POST["phone"]."', email='".$_POST["email"]."', sendbutton='".$_POST["sendbutton"]."', copyright='".$_POST["copyright"]."'";
$updateuser = $conn->query($sql);
if ($updateuser) {
echo '<div class="alert alert-success">Settings saved.</div>';
} else {
echo '<div class="alert alert-danger">Something went wrong executing the query. Try again.</div>';
}
}
$sql = "SELECT * FROM customization LIMIT 1";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
?>
<h1>Header</h1>
<form method="post">
<table>
<tr>
<td>Header 1</td>
<td><input type="text" value="<?php echo $row["iam"]; ?>" name="iam" />
</tr>
<tr>
<td>Header 2</td>
<td><input type="text" value="<?php echo $row["iam2"]; ?>" name="iam2" />
</tr>
</table>
<h1>About</h1>
<table>
<tr>
<td>About heading</td>
<td><input type="text" value="<?php echo $row["about"]; ?>" name="about" />
</tr>
<tr>
<td>About text</td>
<td><input type="text" value="<?php echo $row["about2"]; ?>" name="about2" />
</tr>
<tr>
<td>About button</td>
<td><input type="text" value="<?php echo $row["about3"]; ?>" name="about3" />
</tr>
</table>
<h1>Recent Work</h1>
<table>
<tr>
<td>Recent Work heading</td>
<td><input type="text" value="<?php echo $row["recentwork"]; ?>" name="recentwork" />
</tr>
<tr>
<td>Recent Work button</td>
<td><input type="text" value="<?php echo $row["recentwork2"]; ?>" name="recentwork2" />
</tr>
</table>
<h1>Contact</h1>
<table>
<tr>
<td>Heading</td>
<td><input type="text" value="<?php echo $row["getintouch"]; ?>" name="getintouch" />
</tr>
<tr>
<td>Text</td>
<td><input type="text" value="<?php echo $row["getintouch2"]; ?>" name="getintouch2" />
</tr>
<tr>
<td>Address</td>
<td><input type="text" value="<?php echo $row["address"]; ?>" name="address" />
</tr>
<tr>
<td>Phone</td>
<td><input type="text" value="<?php echo $row["phone"]; ?>" name="phone" />
</tr>
<tr>
<td>Email</td>
<td><input type="text" value="<?php echo $row["email"]; ?>" name="email" />
</tr>
<tr>
<td>Button text</td>
<td><input type="text" value="<?php echo $row["sendbutton"]; ?>" name="sendbutton" />
</tr>
</table>
<h1>Copyright</h1>
<table>
<tr>
<td>Copyright</td>
<td><input type="text" value="<?php echo $row["copyright"]; ?>" name="copyright" />
</tr>
</table>
<input type="submit" value="Save changes" name="editcustom" />
</form>
<?php
}
} else {
echo "No customization yet.";
}
include("assets/bot.php");
} else {
?>
<iframe src="admin.php?page=dashboard" style="width:700px;height:500px;">
Your browser doesn't support iframes. Please upgrade.
</iframe>
<?php
}
} else {
echo "Error: No permissions";
}
} else {
echo "Error: Not signed in";
}
?>
This is a small guide for improving your code, through which you will probably find the error evaporates or is more easily identified:
In no particular order:
run Error Logging on your PHP!!! Seriously. One of the very first fundamentals to learn.
You should be writing in HTML5 which means your code needs the correct syntax so <br/> becomes <br> and /> closing of tags does not need the slash.
Use correct attributes in your HTML, your <form> should have enctype and action and accept attributes as a minimum. Likewise other HTML tags can do with having more correct ettributes associated with them.
Stop using iframes , they are not as widely supported now as have serious issues with XSS. Instead use CSS and/or PHP includes.
Try and avoid using select * and instead specify the name of each MySQL column you need to select. It is a bit more long winded but saves lots of 'umms' and 'aahs' on larger projects.
Good points: You are escaping PHP variable placements correctly and you are using Object Orientated DB connections, BUT the way you are setting up your database queries is very unsafe and should be improved as a priority:
Instead of putting the variable into the Query string directly you want to bind it to the query. please research this with prejudice (different methods depending on your connection type).
Leading on from the point above you really, really should be cleaning your input / POST data as much as reasonably possible, never ever trust any user input, ever. The $_POST values can be anything, so use a REGEX cleaner or a PHP cleaning function to remove unwanted / damaging characters from form and text inputs.
Add lines to query your MySQL commands and feedback errors to your eyes.
Related
I am creating a page that would allow the user to select an existing address, or input a new one, here are my codes.
<table cellpadding="10px">
<tr>
<td><input type="radio" id="huhu" name="huhu" value="<?php echo $_SESSION['home_address']; ?>"></td><td><?php echo $_SESSION['home_address']; ?></td>
</tr>
<tr>
<td><input type="radio" id="huhu" name="huhu" value="New"></td><td><input type="text" placeholder="New Address" id="newAdd" name="newAdd" disabled></td>
</tr>
</table>
and here are my codes at the next page.
<?php
if(isset($_POST['newAdd'])){
$_SESSION['home_address'] = $_POST['newAdd'];
echo $_POST['newAdd']."<br>";
}
else{
$_SESSION['home_address'];
}
echo $_SESSION['home_address'];
?>
When i click on the existing address, it just deletes it. and does not store anything. but when i input a new on in the text area. it works.
I need to make it so that when the user clicks the address, the same address from the existing session displays.
please help. thank you.
I think you have missed session_start() method in your PHP file. Try to add the following code at the beginning of PHP file
if (!isset($_SESSION))session_start();
if your session info is correctly set.. this should work out.
<?php
session_start();
// for my testing....
$_SESSION['home_address'] = 'curr_session_address';
var_dump($_POST);
var_dump($_SESSION);
$s_addr = isset($_SESSION['home_address']) ? $_SESSION['home_address'] : '';
$p_addr = isset($_POST['newAdd']) ? $_POST['newAdd'] : '';
if ( !empty($p_addr) ) {
$_SESSION['home_address'] = $p_addr;
echo "new_address = $p_addr<br>";
}
else {
echo "session_address = $s_addr<br>";
}
?>
<form method='post' action='?'>
<table cellpadding="10px">
<tr>
<td><input type="radio" id="huhu" name="huhu" value="<?php echo $_SESSION['home_address']; ?>"></td>
<td><?php echo $_SESSION['home_address']; ?></td>
</tr>
<tr>
<td><input type="radio" id="huhu" name="huhu" value="New"></td>
<td><input type="text" placeholder="New Address" id="newAdd" name="newAdd"></td>
</tr>
</table>
<input type='submit' value='submit'>
</form>
Try this one.
if(empty($_POST['newAdd'])){
$_SESSION['home_address'] = $_POST['huhu'];
}
else if(!empty($_POST['newAdd'])){
$_SESSION['home_address'] = $_POST['newAdd'];
}
and i suggest that you dont use $_SESSION in your radio button page. it leads to complications and it will always be over written.
Hi guys I'm new to coding and loving every minute of it :)
So the following code is in my registration.php file. I want to make it so that when the user fills everything BEFORE it will direct them to my invoice.php file after pressing the register button. If they are missing some requirements, go back to the registration form and (hopefully after I get this figured out, put some sticky forms so they don't have to type in whatever text was validated) Also, getting an error "
Notice: Undefined index: submit in C:\xampp\htdocs\assignment_2\registration.php on line 9" on my validation at the top of my PHP code, not too sure what I'm suppose to put there. :( As always, any help is greatly appreciated!
<html>
<h4>
<center>
New User Registration
</center>
</h4>
<body>
<?php
if($_POST["submit"]=="login")
{
if(preg_match("/^[0-9a-zA-Z_]{5,}$/", $_POST["user"]) === 0)
$errUser = '<p class="errText">User must be bigger that 5 chars and contain only digits, letters and underscore</p>';
// Password must be strong
//if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["pass"]) === 0)
if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["pass"]) === 0)
$errPass = '<p class="errText">Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit</p>';
// Email mask
if(preg_match("/^[a-zA-Z]\w+(\.\w+)*\#\w+(\.[0-9a-zA-Z]+)*\.[a-zA-Z]{2,4}$/", $_POST["email"]) === 0)
$errEmail = '<p class="errText">Email must comply with this mask: chars(.chars)#chars(.chars).chars(2-4)</p>';
}
?>
<form action="invoice.php" method="post">
<center>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td>Username</td>
<td>:</td>
<td <input name="user" type="text" size="16" value="<?php echo $_POST["user"]; ?>">
<?php if(isset($errUser)) echo $errUser; ?>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" size="16" value="<?php echo $_POST["pass"]; ?>">
<?php if(isset($errPass)) echo $errPass; ?>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" size="50" value="<?php echo $_POST["email"]; ?>">
<?php if(isset($errEmail)) echo $errEmail; ?>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
</table>
<input type='submit' name='register' value='Register'>
</center>
</form>
</body>
</html>
The problem here is one that many programmers that are new to PHP run into. See, $_POST is an array that includes all parameters that have been submitted with the POST request the script was requested with. But what if there were none, or the script was requested using GET? You got it: it's empty.
In your case, submit doesn't seem to be present in the POST data. In that case you most likely want to just display the form, so the user can enter the data and submit the form (which will set that value). SO you have to check FIRST if "submit" is there.
Second: Your submit button is called "register", and it's value (which is not really necessary, but alright) is "Register". So if the form is submitted, the data that is sent is register=Register&<other fields>. Therefore you have to check for the presence of "register", not "submit"
if (isset($_POST['register']) && $_POST['register']) {
// evaluate
}
you don't have check any var is set so you can see more php error
i change more check, you can try
<html>
<h4>
<center>
New User Registration
</center>
</h4>
<body>
<?php
$errEmail = "";
$errUser = "";
$errPass = "";
//not too sure what this if statement suppose to be.
if(isset($_POST["register"])){//1. no '{' 2. the post is not ckeck 'type', is 'name'
// Email mask
if(preg_match("/^[a-zA-Z]\w+(\.\w+)*\#\w+(\.[0-9a-zA-Z]+)*\.[a-zA-Z]{2,4}$/", $_POST["email"]) === 0)
$errEmail = '<p class="errText">Email must comply with this mask: chars(.chars)#chars(.chars).chars(2-4)</p>';
// User must be digits and letters
if(preg_match("/^[0-9a-zA-Z_]{5,}$/", $_POST["user"]) === 0)
$errUser = '<p class="errText">User must be bigger that 5 chars and contain only digits, letters and underscore</p>';
// Password must be strong
//if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["pass"]) === 0)
if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["pass"]) === 0)
$errPass = '<p class="errText">Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit</p>';
}
?>
<form method="post">
<center>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td>Username</td>
<td>:</td>
<td ><input name="user" type="text" size="16" value="<?php echo (isset($_POST["user"]))?$_POST["user"]:'';/*3.no check the var is set?*/ ?>">
<?php if(isset($errUser) and $errUser !='') echo $errUser; ?>
</td ><!--4. no '</td>'-->
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" size="16" value="<?php echo (isset($_POST["pass"]))?$_POST["pass"]:''; ?>">
<?php if(isset($errPass) and $errPass !='') echo $errPass; ?>
</td >
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" size="50" value="<?php echo (isset($_POST["email"]))?$_POST["email"]:''; ?>">
<?php if(isset($errEmail) and $errEmail !='') echo $errEmail; ?>
</td >
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
</table>
<input type='submit' name='register' value='Register'>
</center>
</form>
</body>
</html>
I am building a project and for some reason, I am unable to get my Update statement to actually update.
I have some input fields in a form which provide the details for the variables below.
Here's my code:
//update database
$stmt = $mysqli->prepare("UPDATE pages SET
pg_name= ?,
pg_title = ?,
pg_keywords = ?,
pg_description = ?,
pg_header1 = ?,
pg_header2 = ?,
pg_maintext = ?,
pg_active = ? WHERE id = ?");
$stmt->bind_param('sssssssii',
$pg_name,
$pg_title,
$pg_keywords,
$pg_description,
$pg_header1,
$pg_header2,
$pg_maintext,
$pg_active,
$id);
if($stmt->execute() === TRUE){
$stmt->close();
echo "Database successfully updated";
} else {
echo "There was a problem updating the database.";
}
I have tested and the variables are being set from my form ok, and when I run the script , I get the 'success' message but check my database and nothings happened.
Anything I've missed? :)
Thanks for your help/
OK< existing form/ table below:
<form action="" method="post">
<table>
<tr>
<td colspan="2"><?php echo "<span style='color: red; font-weight: bold;'>".$errmsg."</span><br />"; ?></td>
</tr>
<tr>
<td>Page Name:</td>
<td><input type="text" name="pg_name" id="pg_name" value="<?php if(isset($id)){ echo $page['pg_title']; }?>" /></td>
</tr>
<tr>
<td>Page Title:</td>
<td><input type="text" name="pg_title" id="pg_title" value="<?php if(isset($id)){ echo $page['pg_title']; }?>" /></td>
</tr>
<tr>
<td>Keywords:</td>
<td><input type="text" name="pg_keywords" id="pg_keywords" value=" <?php if(isset($id)){ echo $page['pg_keywords']; }?>" /></td>
</tr>
<tr>
<td>Description:</td>
<td><input type="text" name="pg_description" id="pg_description" value="<?php if(isset($id)){ echo $page['pg_description']; }?>"/></td>
</tr>
<tr>
<td>Main page header:</td>
<td><input type="text" name="pg_header1" id="pg_header1" value="<? php if(isset($id)){ echo $page['pg_header1']; }?>"/></td>
</tr>
<tr>
<td>Subheader:</td>
<td><input type="text" name="pg_header2" id="pg_header2" value="<? php if(isset($id)){ echo $page['pg_header2']; }?>" /></td>
</tr>
<tr>
<td>Page text</td>
<td><textarea name="pg_maintext" id="pg_maintext"><?php if(isset($id)){ echo $page['pg_maintext']; }?></textarea></td>
</tr>
<tr>
<td>Active?</td>
<td><select name="pg_active">
<option value="1">Yes</option>
<option value="0">No</option>
</select></td>
</tr>
<tr>
<td><input type="submit" name="submit" id="submit" value="<?php if(isset($_GET['page_id'])){ echo "Update"; } else { echo "Add"; } ?>" /><?php if(isset($_GET['page_id'])){ echo "<a href='pages.php' /><input type='button' name='new' id='new' value='New' /></a>"; } ?></td>
<td></td>
</tr>
</table>
</form>
I have tried the SQL commend in my database direct, and it works. Just doesnt work via this form. DB is connected and form is able to pull data from the database.
UPDATE: I've tried everything I an think of - nothing is working here. I've added error reporting to each step, and because it thinks nothing is wrong, no errors are flagging up! I have update access to the SQL as I use it all the time.
This is likely to be due to one of two problems.
-Either your $id is not matching an entry in your DB table or:
-Your mysql user does not have update priveleges.
Given what you said about the query working on the back end, the second option seems most likely.
I wasn't sure what else to call the title...I have a PHP page that accesses a certain MySQL database, pulls the values from the table, and places them in an HTML form (POST method - PHP_SELF). The user can then view the values, alter them as they wish, and submit them. The page then takes those values and updates the MySQL database. Everything works perfectly except that when the user submits and the page goes to show the new updated variables, it still shows the old values. The user is forced refresh the page before the new variables show up. I thought that PHP was perhaps not deleting the variables, so I unset all stored variables after the script was over and it's still not working. I ever tried putting a sleep timer before the script started, and that didn't work either. I'd appreciate any suggestions. Here is my script just for reference:
<html>
<body>
<?php
$sql = "SELECT * FROM lease";
$result = mysql_query($sql);
?>
<form id="lease_update" method="post" action="<?php echo htmlentities($PHP_SELF); ?>">
<table>
<tr>
<th>Account</th>
<th>Car Lease</th>
<th>Radio Lease</th>
<th>Misc. Charges</th>
</tr>
<?php
while($rows = mysql_fetch_array($result)){
?>
<tr>
<td><input type="text" name="account[]" value="<?php echo $rows['accnt']; ?>" /></td>
<td><input type="int" name="car_lease[]" value="<?php echo $rows['car']; ?>" /></td>
<td><input type="int" name="radio_lease[]" value="<?php echo $rows['radio']; ?>" /> </td>
<td><input type="int" name="misc_lease[]" value="<?php echo $rows['misc']; ?>" /></td>
<input type="hidden" name="lease_ID[]" value="<?php echo $rows['ID']; ?>" />
</tr>
<?php
}
?>
</table>
<input type="submit" value="Update" name="lease_update" />
<?php
if(isset($_POST['lease_update'])){
$account = $_POST['account'];
$car_lease = $_POST['car_lease'];
$radio_lease = $_POST['radio_lease'];
$misc_lease = $_POST['misc_lease'];
$lease_ID = $_POST['lease_ID'];
//Get Array Lengths For Each Section
$A = count($lease_ID);
//Update Lease Information
$i = 0;
while($i < $A){
if(!mysql_query('UPDATE lease SET accnt = "' .$account[$i]. '", car = "' .$car_lease[$i]. '", radio = "' .$radio_lease[$i]. '", misc = "' .$misc_lease[$i]. '" WHERE ID = ' .$lease_ID[$i]))
die('Error: ' .mysql_error());
$i++;
}
unset($_POST);
unset($rows);
unset(result);
}
?>
</body>
</html>
You are displaying the data from the database before you update it.
It is normally good practice to do all your database connectivity at the top of the page, then display the results.
In your code (even if a user has submitted an update), you query the data, pull it from database and display it, then run the update with what the user submitted.
Changing your code to this should do the trick (Do read the note below though):
<html>
<body>
<?php
if(isset($_POST['lease_update'])){
$account = $_POST['account'];
$car_lease = $_POST['car_lease'];
$radio_lease = $_POST['radio_lease'];
$misc_lease = $_POST['misc_lease'];
$lease_ID = $_POST['lease_ID'];
//Get Array Lengths For Each Section
$A = count($lease_ID);
//Update Lease Information
$i = 0;
while($i < $A){
if(!mysql_query('UPDATE lease SET accnt = "' .$account[$i]. '", car = "' .$car_lease[$i]. '", radio = "' .$radio_lease[$i]. '", misc = "' .$misc_lease[$i]. '" WHERE ID = ' .$lease_ID[$i]))
die('Error: ' .mysql_error());
$i++;
}
unset($_POST);
unset($rows);
unset(result);
}
$sql = "SELECT * FROM lease";
$result = mysql_query($sql);
?>
<form id="lease_update" method="post" action="<?php echo htmlentities($PHP_SELF); ?>">
<table>
<tr>
<th>Account</th>
<th>Car Lease</th>
<th>Radio Lease</th>
<th>Misc. Charges</th>
</tr>
<?php
while($rows = mysql_fetch_array($result)){
?>
<tr>
<td><input type="text" name="account[]" value="<?php echo $rows['accnt']; ?>" /></td>
<td><input type="int" name="car_lease[]" value="<?php echo $rows['car']; ?>" /></td>
<td><input type="int" name="radio_lease[]" value="<?php echo $rows['radio']; ?>" /> </td>
<td><input type="int" name="misc_lease[]" value="<?php echo $rows['misc']; ?>" /></td>
<input type="hidden" name="lease_ID[]" value="<?php echo $rows['ID']; ?>" />
</tr>
<?php
}
?>
</table>
<input type="submit" value="Update" name="lease_update" />
</body>
</html>
Bad note - your code is wide open to injection attacks. You are using form data with no verification. That's a big red flag. Secondly, you are using deprecated mysql_* functions. Your code should be using mysqli_* functions or better yet move to PDO. It is much safer and you will be able to do a lot more with it.
Edit 2: The page IS being updated after the user submits the form, but the page you display to the user is querying the database before you update it - and using that to display the page to the user.
Greetings,
I have the following code
<?
include("conn.php");
$sn=$_GET["sn"];
$sql="select * from kpi where no='$sn'";
$result=mysql_query($sql,$connection) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
$sn=$row['id'];
$no=$row['no'];
$pdetails=$row['pdetails'];
$kpistatus=$row['kpistatus'];
$status=$row['status'];
$cols=$row['cols'];
$rows=$row['rows'];
}
?>
<form name="form1" method="post" action="formsubmit.php?mode=addtable">
<table width="100%" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td colspan="2"><strong>Add Table</strong></td>
</td>
</tr>
<tr>
<td>NO</td>
<td><input name="no" type="text" id="no" value="<? echo $no; ?>"></td>
</tr>
<tr>
<td>PROJECT DETAILS</td>
<td><textarea name="pdetails" rows="10" cols="100"><? echo $pdetails; ?></textarea></td>
</tr>
<tr>
<td>KPISTATUS</td>
<td>
<?
echo "<table border=\"1\" align=\"left\">\n";
$j=0;
while ($j < $rows)
{
echo "<tr>\n";
$i=0;
while ($i < $cols)
{
?>
<td><input type="text" name="kpistatus" id="kpistatus"></td>
<?
$i++;
}
echo "</tr>\n";
$j++;
}
echo "</table>\n";
?>
</td>
</tr>
<tr>
<td>STATUS</td>
<td><textarea name="status" rows="10" cols="100"><? echo $status; ?></textarea></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="Submit" value="ADD TABLE"></td>
</tr>
</table>
</form>
elseif($mode=="addtable") {
$no=$_POST["no"];
$pdetails=$_POST["pdetails"];
$kpistatus=$_POST["kpistatus"];
$status=$_POST["status"];
$sn=$_POST["id"];
$sql="update kpi set pdetails='$pdetails',kpistatus='$kpistatus',status='$status' where no='$no'";
//echo $sql;
$result=mysql_query($sql,$connection) or die(mysql_error());
//header("location: index.php");
}
?>
Screenshot of the form :
http://img395.imageshack.us/my.php?image=1226818203913yi6.png
Users can input how many rows and column they need to insert data. In screenshot my rows is 10 whereas column is 5.
Now the part where i stuck is, how can i make sure, all inputted data in
< input type="text" name="kpistatus" id="kpistatus"> get saved in kpistatus mysql table..
Please help me.
Thanks.
If you put square brackets in an input name, php will automatically turn them into an array for you in the post array. Then you can just iterate through that and save them as needed. In your form, you would put
<input type="text" name="kpistatus[]" id="kpistatus">
(Note the addition of the two brackets).
Then, in your form handling code, you would have $_POST['kpistatus'] as an array. You could use PHP's implode function to turn this into a comma-seperated list by doing something like implode(',', $_POST['kpistatus'].
A quick note:
In your code, you need to use mysql_real_escape_string on all of your variables before you insert them. Otherwise, a user could enter SQL code into one of the inputs and be able to do whatever they wanted (this is called SQL injection).
Imagine what would happen if someone had a single-quote in their status string. At best it would cause an error, at worst they could overwrite or erase your data.
Sorry if this is obvious to you, but I just want to make sure to cover it.