This is my promotion.php
<form action="postingPromotionUpdate.php" method="post" enctype="multipart/form-data">
Promo Title: <input type="text" name="promotionTitle"/><br/>
Promo Remark: <textarea name="promotionText" cols="100" rows="10" </textarea><br/>
<input type="submit" value="Update"/>
</form>
This is my postPromotion.php
include 'connect.php';
$promotionTitle=$_POST['promotionTitle'];
$promotionText=$_POST['promotionText'];
mysql_query("update promotion set promotionTitle = '$promotionTitle', promotionText = '$promotionText' where indexNum = 1");
echo "<script>alert('Update Successful!');</script>";
If I post short text, no problem. When I post a very long text, can't to post and save it.
Maybe That's because of two reasons
1.Your character type in mysql maybe short (like varchar[100]) use 'longtext' as character type
2.you don't use mysql_real_escape_string.If single quotes comes in your text query breakes.
Use this function to recover that.
function clean($str)
{
$str = #trim($str);
if(get_magic_quotes_gpc()) {$str = stripslashes($str); }
return mysql_real_escape_string($str);
}
$promotionTitle=clean($_POST['promotionTitle']);
$promotionText=clean($_POST['promotionText']);
Related
I am wanting to be able to create links that show up on the links.html page based on user submissions.
The links would follow this format TITLE, so quite simplistic.
Users will submit data via this form:
<form action="links.php" method="post">
<input type="text" placeholder= "URL:" name="url" required><br>
<input type="text" placeholder= "Title:" name="title" required><br>
<input type="submit">
And the PHP I'm using is
<?php
$url = $_POST["url"];
$title = $_POST["title"];
$text = "".$title." <br> \n"
$file = fopen("./data/links.html","a+ \n");
fwrite($file, $text);
fclose($file);
?>
I know that the issue lies with building the ".$url." part as there are also speech marks. How would you get around this given that the URL requires the "URL" format.
Thanks in advance.
You would need to add the proper escape slashes for the quoting issue
$text = "".$title." <br> \n";
becomes
$text = "".$title." <br> \n";
Or you could mix single and double quotes and not use escapes -
$text = "<a href='".$url."'>".$title."</a> <br> \n";
As long as the $text string is in double quotes, you can do this:
$text = "<a href='{$url}'>{$title}</a> <br> \n";
When I sanitize the input fields or text area I face a problem. When someone gave spaces and submit the form, my script accepts the form. But I want not to accept fields until there is not written at least a single character. My code is as follows.
Html
<form action="" method="POST">
<textarea name='text'></textarea>
<input type='submit' name='submit'>
</form>
Php
if(isset($_POST['submit'])){
if(isset($_POST['text']) && !empty($_POST['text'])){
//do whatever but not accept white space
}
}
You can trim whatever you want, just by using
trim()
Which removes characters from both sides of a string.
Documentaion: http://php.net/manual/bg/function.trim.php
trim and preg_replace will do this easily
<?php
echo $text = " this is niklesh raut ";
echo "\n";
$text = preg_replace('/\s+/', ' ',$text);
echo trim($text);
?>
live demo : https://eval.in/818137
OUTPUT :
this is niklesh raut
this is niklesh raut
With new line and tab : https://eval.in/818138
You can either echo out your statement:
<?php
if(isset($_POST['submit'])){
if(empty($_POST['text'])){
echo "Please enter a value.";
}
}
Or, add the required attribute to your input field.
<form action="" method="POST">
<textarea name='text' required></textarea>
<input type='submit' name='submit'>
</form>
How to get content (a specified content) from inside a #div.
I have form like:
<?php
require_once('phpQuery/phpQuery.php');
$key-one = $_POST['key01'];
$html = file_get_contents('http://google.com/search?q='.$key-one.'');
phpQuery::newDocumentHTML($html);
$result01 = pq('div#resultStats');
?>
<body>
<form name="form1" method="post" action="1.php">
<input type="text" name="key01"><br>
<input type="submit" name="Submit" value="Submit">
</form>
</body>
I got result like:
About 1,570,000,000 results
But I only want
1,570,000,000
Thanks in advance.
You can use PHP str_replace.
Assuming $result01 displays About 1,570,000,000 results:
$result01 = str_replace("About ","",$result01);
$result01 = str_replace(" results","",$result01);
After these changes, echo $result01 will display 1,570,000,000.
you can also use preg_replace,like
$result = preg_replace('/[^\sa-z]/i', '', $string);
this removes every characters and whitespace from your string
When I type something in a text box and save it in mysqli it works perfectly but when I refresh that same page the text that i wrote stuff, it disappears for no reason. I also I have another text box in that page and it works perfectly fine. How can I fix that? The bio text box is the one I'm having issues.
$getpro = mysql_fetch_assoc(mysql_query("SELECT * FROM `profile` WHERE username = '".$user_data['username']."' "));$pro = $getpro;
$bios = $pro["bios"];
$realtionship = $pro["realtionship"];
$impmessage = $pro["impmessage"];
if ($_POST['bio']){
$bio = $_POST['bio'] ;
$query;
}
if ($_POST['impmessage']){
$impmessage = $_POST['impmessage'] ;
$query;
}
$query = mysql_query("UPDATE `profile` SET bios ='$bio', impmessage = '$impmessage' WHERE username = '".$user_data['username']."'");<form name="bio"action="" method="post">
<p>Important Message</p> <textarea cols="50" style="resize:none" name="bio" rows="7" ><? echo $bios; ?></textarea><br />
<input type="submit" value="change">
</form><hr /><form name="impmessage"action="" method="post">
<p>Important Message</p> <textarea cols="50" style="resize:none" name="impmessage" rows="7" ><? echo $impmessage; ?></textarea><br />
<input type="submit" value="change">
</form>
I have rearranged & removed some of the code and tried tidying it a bit:
<?php
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) // if form is submitted using POST method
{
if ( isset( $_POST['bio'] ) ){
$bio = mysql_real_escape_string( $_POST['bio'] ); // escape special characters is user input
$query = mysql_query("UPDATE `profile` SET bios ='$bio' WHERE username = '".$user_data['username']."'"); //update bios
}
if (isset( $_POST['impmessage'] ) ){
$impmessage = mysql_real_escape_string( $_POST['impmessage'] ); // escape special characters is user input
$query = mysql_query("UPDATE `profile` SET impmessage = '$impmessage' WHERE username = '".$user_data['username']."'"); //update impmessage
}
}
$pro = mysql_fetch_assoc(mysql_query("SELECT * FROM `profile` WHERE username = '".$user_data['username']."' "));
?>
<form name="bio" action="" method="post">
<p>Bios</p>
<textarea cols="50" style="resize:none" name="bio" id="bio" rows="7" ><?php echo $pro["bios"]; ?></textarea>
<br />
<input type="submit" value="change">
</form>
<hr />
<form name="impmessage" action="" method="post">
<p>Important Message</p>
<textarea cols="50" style="resize:none" name="impmessage" id="impmessage" rows="7" ><?php echo $pro["impmessage"]; ?></textarea>
<br />
<input type="submit" value="change">
</form>
Some notes for you:
First of all avoid mysql_* functions. Instead use mysqli or PDO
I would always prefer writing the code for processing of user inputs in the very beginning of the page, ie. before outputting anything. Because, if the user inputs makes any changes on the output, it would easily display the updates since we are doing the processing before outputting anything. So, when we query the db, it would fetch the updated data. Also, if we wanted to redirect to another page or have to send some other headers to the browser, we could do it, as the headers should always be sent before outputting anything.
Another thing is, always escape user inputs. Otherwise, prone to sql injections. Best thing would be to use prepared statements which is available in mysqli & PDO.
When you name id of elements in your HTML, make sure that it is unique. Because no same ids could occur twice. But class names can occur for any number of times.
Also make sure that your PHP code doesn't get mixed up with the HTML. Properly enclose the PHP code with the <?php & ?> tags. I would always prefer avoiding shorthands.
Since you are using two forms, both the input won't reach the server side. Only a single one. If you wanted to both inputs to be reached at the same time, then use a single form.
I have also avoided unwanted assignment operations from the fetched data, to other variables.
Also, you should always properly indent your code for better readability.
I hope this would help. Wish you good luck. :)
Looks like you're running your update query every page load. If the post value isn't filled and you refresh it's going to update with empty values.
Ps sberry is right lots of other things to fix before this goes production.
Long story short, I want users to be able to call the value of the variable $city_name into a string that they will submit.
Here's my code;
<?php
if(!isset($post_text)) {
$city_name = "Dallas";
$post_text = $_POST['post_text'];
echo($post_text);
}
?>
<html>
<head></head>
<body>
<form action="" method="post">
<input name="post_text" type="text" value="enter text here" />
<input type="submit" value="submit" />
</form>
I was under the impression that calling $city_name in the form field post_text would return "Dallas", unfortunately that's not the case.
If anyone has any advice or information on what alterations I could add to this code in order to allow the user to call the value of $city_name, it would be greatly appreciated :)!!
Based on your comment:
I would like for the user to be able to input and submit a string such as "I am going to $city_name" and have "I am going to Dallas" echoed on submit.
This is the code:
$city_name = "Dallas";
$post_text = str_replace('$city_name', $city_name, $_POST['post_text']);
echo $post_text;
It's important to use single quotes around '$city_name' here as you are searching for the literal text $city_name and not the contents of the variable $city_name.