I have been trying to solve this and need some help. I have a user that logs in and I am passing that variable through Sessions. The main pages are templates that populate based on a key word search (I am passing the variable as a POST) and fill in based off of the information in the database.Now I am creating a way for the users to comment. Below is my basic form. I am getting stuck when i want to bring through one of the values of the database. I will call it $place for this explanation.
while($row = mysqli_fetch_array($result)) {
$place=$row['place'];}
<form action="post_comment.php" method="POST">
<textarea name="comment" cols="50" rows="6" placeholder="Give Your Review!"></textarea><br/>
<input type="submit" value="Comment" class="btn btn-custom" role="button"/>
</form>
in the post_comment.php I have the following
$query="SELECT displayname FROM Users WHERE id='".$_SESSION['id']."' LIMIT 1";
$result2 = mysqli_query($link,$query);
$row = mysqli_fetch_array($result2);
$name=$row['name'];
$query="INSERT INTO `comments` (`comment`, `user`, `place`) VALUES ('".mysqli_real_escape_string($link, $_POST['comment'])."', '".mysqli_real_escape_string($link, $name)."', '".mysqli_real_escape_string($link, $place)."'";
mysqli_query($link, $query);
Can someone explain how to bring $place over to post_comment?
Thank you!
Guessing $place is an id, I would write it in the form as a hidden field, then you can read it also in your post vars.
So you would write your form like this:
<form action="post_comment.php" method="POST">
<input type="hidden" name="place" value="<? echo $place; ?>" />
<textarea name="comment" cols="50" rows="6" placeholder="Give Your Review!"></textarea><br/>
<input type="submit" value="Comment" class="btn btn-custom" role="button"/>
</form>
There's no problem with your $name variable.
However, for $place, you can use a PHP Session. Using a PHP Session is more secure than using a hidden field if you have sensitive information. Having a hidden field will allow users to manually edit the information by using Inspect Element.
1st PHP File
while($row = mysqli_fetch_array($result)) {
$place=$row['place'];}
session_start();
$_SESSION["place"] = $place;
post_comment.php
session_start(); //include at the start of your PHP Script
$comment = mysqli_real_escape_string($link, $_POST['comment']);
$name = mysqli_real_escape_string($link, $_POST["name"]);
$place = mysqli_real_escape_string($link, $_SESSION["place"]);
$query="INSERT INTO `comments` (`comment`, `user`, `place`) VALUES ('$comment', '$name', '$place')";
Related
I am creating a profile page with forms that displays the user's account information from the database in a form. I am using php for this. Would greatly appreciate your help!
Name:
Email:
How can i edit the values in the forms and retain the edited values in the forms after submission?
<div class="form-group">
<label class="control-label" for="name">Name:</label>
<div class="col-sm-4">
<input type="type" name="name" value="<?php echo $name;?>" class="form-control" placeholder=""><br>
</div>
</div>
<div class="form-group">
<label class="control-label" for="email">Email</label>
<div class="col-sm-4">
<input type="text" name="email" value="<?php echo $email;?>" class="form-control" placeholder=""><br>
</div>
</div>
<?php
$sql = "SELECT * FROM profile WHERE UserID ='1'";
$result = mysqli_query($conn, $sql) ;
$row = mysqli_fetch_array($result);
$name = $row ['Name'];
$userid = $row ['Email'];
?>
if(isset($_POST['submit']))
{
$n1 = $_POST['name'];
$n2 = $_POST['email'];
mysqli_query($conn,"UPDATE userprofile SET Name ='$n1' WHERE UserID ='1'");
mysqli_query($conn,"UPDATE userprofile SET Email ='$n2' WHERE UserID = '1'");
}
how can i edit them and retain the edited values inside after submitting? Thank you. I tried this filter/trim method but it only retains the value before the submission.
Not sure what you want to achieve, and what is your problem.
Let's assume you are displaying data describing user (in form), that are fetched from the database.
In this case, after submitting you have to run script that will update data in your database. After updating, your code should redirect user BACK to page he were visiting before, so fetching user data from database will be done again and data presented in your form will be always fresh.
Your code is correct but it has a small bug. The email field is not displaying correctly. You need to replace this line:
$userid = $row ['Email'];
with
$email = $row ['Email'];
So I'm creating a small program with 2 forms, one to add data to a database, and one to delete from it. I've managed to create the first input form, but I'm slightly confused as to how I would get the second form to work. In the database "tasks" I have a table called "ID" which has the columns "ID", "Name" and "Hours"
Here's what the two HTML forms look like
<h2>Add Tasks</h2>
<form action="test.php" method="get">
Name of Task: <input type="text" name="name"><br />
Hours: <input type="number" name="hours"><br />
<input type="submit" value="Add" name="submit">
</form>
<h2>Delete Tasks</h2>
<form action="delete.php" method="get">
ID: <input type="number" name="ID"><br />
<input type="submit" value="Delete">
</form>
And the PHP for the first form "Add tasks" which inserts data
$servername = "localhost";
$username = "root";
$password = "root";
$conn = new mysqli($servername, $username, $password, "Tasks");
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
};
if (isset($_GET['submit'])) {
mysqli_select_db ($conn,"Tasks");
$name = $_GET['name'];
$hours = $_GET['hours'];
$sql = "INSERT INTO ID (Name, Hours) VALUES ('".$name."','". $hours."')";
$results = mysqli_query($conn,$sql);
$query = "SELECT `Name` FROM `ID`";
$result = mysqli_query($conn, $query);
$x=0;
And the PHP for the second form which deletes tasks. This is the part that is not working
if (isset($_GET['submit'])) {
mysqli_select_db ($conn, "Tasks");
$id = $_GET['id'];
$sql = "DELETE FROM ID (ID) VALUES ('".$id."')";
$query = "SELECT `Name` FROM `ID`";
$result = mysqli_query($conn, $query);
$x=0;
How should I format the PHP for the second button. I've basically reused the code for the first form. Do I need to differentiate it somehow from the first button? Currently the page is showing up completely blank. I'm a complete novice so any help would be appreciated.
Your SQL Statement
"DELETE FROM ID (ID) VALUES ('".$id."')"
is wrong.
It should be
DELETE FROM table_name
WHERE some_column=some_value;
. So, change your statement to
DELETE FROM ID WHERE ID='$id'
Suggestions
You should use POST method for action which will result in data edit.
You should check the input, make sure it did not contain SQL statement. A good way is to use $stuff = mysql_real_escape_string($_GET["stuff"]).
I see you have name 'ID' in the form but your are trying to get 'id'. That could be the problem
The sql statement for deletion should look something like the snippet below.
$sql = "DELETE FROM ID WHERE `id`=".$id.";";
$results = mysqli_query($conn,$sql);
In addition to above answers you should give different name to the both form input tags as
<h2>Add Tasks</h2>
<form action="test.php" method="get">
Name of Task: <input type="text" name="name"><br />
Hours: <input type="number" name="hours"><br />
<input type="submit" value="Add" name="submit">
</form>
<h2>Delete Tasks</h2>
<form action="delete.php" method="get">
ID: <input type="number" name="ID"><br />
<input type="submit" value="Delete" name="delete">
</form>
So for adding into database , you can use
if (isset($_GET['submit'])){
// your code here
}
And for deleting from database , you can use
if (isset($_GET['delete'])){
mysqli_select_db ($conn, "Tasks");
$id = $_GET['id'];
$sql = "DELETE FROM ID (ID) WHERE ID='".mysql_real_escape_string($id)."' ;
$query = "SELECT `Name` FROM `ID`";
$result = mysqli_query($conn, $query);
$x=0;
}
This will solve all the problems.
If you are using same name for the type="submit" in both forms than you can use POST method on one form and GET method on the other.
And yes mysql_real_escape_string is used to prevent SQL INJECTION.
I have page which has a table and for each row a corresponding button. I am trying to select that specific row and place the data into the text fields of a form but, the query doesn't seem to be working. Any help is much appreciated. Thanks. Here's the code so far:
<?php
if (isset($_POST['add'])){
unset($_POST['add']);
$id =$_POST['bookID'];
$q = "SELECT * FROM book WHERE book.bookID = $id";
$query1 = $db->query($q);
$data = $query1->fetch(PDO::FETCH_BOTH);
}
?>
<form>
<form action = "basket.php" method="post">
<p><input type="text" name="title" value="<?php print($data['Title']); ? >"/></p>
</form>
<input type="submit" name="add" value="Add to Field" />
</form>
Change about i missed something.
$db->query($q);
$db->execute(); // this line is missing you have to execute
$data = $db->fetch(PDO::FETCH_ASSOC); // no point fetching both when you know the names.
I'm pretty new to PHP, so I'm not quite sure on what to do with this.
Basically I'm trying to insert an entry into my MySQL database, through a "submit" button in HTML. I can't seem to get this to work, is it possible?
<?php
include('db_connect.php');
$SQL = "INSERT INTO chosenitems (ID, Name, Price) VALUES ('', '4-6 Days', '£75.00')";
$result = mysql_query($SQL);
?>
The INSERT works perfectly fine on its own, but I want it to be executed when the "submit" button is pressed.
Any help would be greatly appreciated.
Thanks
Tobo.
Just set the action of the form to the URL of the script that performs the insert.
Note that since you are modifying a database, the request is probably non-idempotent and you should use the POST method.
<form action="/path/to/your/script.php" method="post">
<input type="submit">
</form>
<form method="post">
<input type="submit" name="submit" value="submt"/>
</form>
PHP
<?php
if(isset($_POST['submit']))
{
$SQL = "INSERT INTO chosenitems (ID, Name, Price) VALUES ('', '4-6 Days', '£75.00')";
$result = mysql_query($SQL);
}
?>
You can check button value is posted and can execute line of code in it.
<?php
include('db_connect.php');
if(isset($_REQUEST['SUBMIT_BUTTON_NAME']))
{
$SQL = "INSERT INTO chosenitems (ID, Name, Price) VALUES ('', '4-6 Days', '£75.00')";
$result = mysql_query($SQL);
}
?>
Hope this will be helpful to you
I had for the submit details:
<form id = "submitForm" action="config/profile_save.php" method="post">
<button type="submit" class="button" name="submit" value="submit">Save Profile</button></form>
Inside each input field on the page, I placed form = "submitForm"
I then changed the name too.(This is the super global variable later)
<input type="text" autofocus="true" class="custom_link_url_text" id="custom_link_url_text"
name="custom_link_email" placeholder="Enter your public email address" spellcheck="false"
style="width: 245px;" maxlength="75" form = "submitForm">
I was then able to capture the data on the next page using the name as POST variable.
if(isset($_POST['submit'])) {
$custom_link_email = $_POST['custom_link_email'];
}
Once I did that it was just a case of inserting data into the database.
I have a simple Form along side a PHP update query that simply isn't working! I know the PHP is working on the page as there are several validation checks that need to be passed before hand which are working perfectly. The form its self is inside the Colorbox Popup tool.
My HTML Form Code is:
<div id="stylized" class="myform">
<form action="#" method="post">
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>" />
<label>First Name:<span class="small">Enter your forename</span></label>
<input id="first_name" type="text" name="first_name" maxlength="50" placeholder="e.g. Joe" required autofocus/>
<div class="spacer"></div>
<input type="submit" id="update" name="update" value="Continue to Step 2!">
</form>
</div>
With the PHP Code as follows (this is above the HTML code on the page):
<?php
if($_POST['update']){
$user_i = $_POST['user_id'];
$f_name = $_POST['first_name'];
$first_name = ucfirst($f_name);
mysql_query("UPDATE user SET first_name = '$first_name' WHERE user_id = '$user_i'") or die(mysql_error());
} ?>
The actual submit appears to be working, with the Popup refreshing afterwards, but the database does not update! I have triple checked the syntax and the database fields. 'user' and 'first_name' and 'user_id' is correct.
Update: Because the popup box refreshes, I cannot view the error's from the 'or die(mysql_error()) unfortunately, other wise i might have been one step closer.
Any help would be hugely appreciated.
Many thanks in advance.
When you say pop-up box, I assume you are using ajax to communicate from the form to the server, which as you stated is difficult to view submitted data. If this is the case try:
error_log(serialize($_POST));
This will force an entry in your error log with the $_POST data in serialized format, so you can check the values you are submitting are populated correctly.
You will also want to sanitize the variables you are adding to the SQL:
$sql = "UPDATE user SET first_name = " . mysql_real_escape_string($first_name) . " WHERE user_id = " . mysql_real_escape_string($user_i) . " LIMIT 1";
mysql_query($sql);
I would:
print_r($_POST); to view the POST data.
Generate the SQL from a string so it can be printed for debugging purposes, like so:
$sql = "UPDATE user SET first_name = '$first_name' WHERE user_id = '$user_i'";
echo $sql;
mysql_query($sql) or die(mysql_error());
One of these techniques will likely tell you why the PHP-generated SQL doesn't update your database record.
you set your user_id field by echo $user_id; but your variable name is set to $user_i = $_POST['user_id'];
therefore your user id field is not set and your Mysql command will fail.