In this form I am trying to redirect the user to the given url. There I can only use get method to pass parameters. But my form data are not save in the database when I use the get method. I want to save the data at the same time in the database.
Here is my code:
<?php
include_once 'CryptoUtils.php';
include_once 'dbconnect.php';
if(isset($_POST['btn-signup']))
{
$mobile = mysql_real_escape_string($_POST['Mnumber']);
$email = mysql_real_escape_string($_POST['email']);
$fname = mysql_real_escape_string($_POST['fname']);
$address = mysql_real_escape_string($_POST['address']);
$sitename = mysql_real_escape_string($_POST['sitename']);
$q = ("INSERT INTO template_users(Mnumber,email,fname,address,sitename) VALUES('$mobile','$email','$fname','$address','$sitename')");
mysql_query ($q) or die("Problem with the query: $q<br>" . mysql_error());
}
?>
<!DOCTYPE>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>Ipayy </title>
<link rel="stylesheet" href="style.css" type="text/css"/>
</head>
<body>
<center>
<div id="login-form">
<form action="http://api.ipayy.com/v001/c/oc/dopayment" method="get" >
<table align="left" width="40%" border="0">
<h1 align="left">Create Your Web Site</h1></br></br>
<input type="hidden" name="gh" value="<?php echo $encrypted_string; ?>" />
<tr>
<td><input type="text" name="Mnumber" value="" placeholder="Your Mobile Number" required /></td>
</tr>
<tr>
<td><input type="email" name="email" value="" placeholder="Your Email" required /></td>
</tr>
<tr>
<td><input type="text" name="fname" value="" placeholder="Your First Name" required /></td>
</tr>
<tr>
<td><input type="text" name="address" value="" placeholder="Your Address" required /></td>
</tr>
<tr>
<td><input type="text" name="sitename" value="" placeholder="Your Site name" required /></td>
</tr>
<tr>
<td><button type="submit" name="btn-signup" onclick="myFunction()">Create My gomobi website</button></td>
</tr>
</table>
</form>
</div>
</center>
</body>
</html>
Here is my db connection:
<?php
if(!mysql_connect("localhost","root",""))
{
die('oops connection problem ! --> '.mysql_error());
}
if(!mysql_select_db("ipay"))
{
die('oops database selection problem ! --> '.mysql_error());
}
?>
As you are sending requests to an external link and also want to process the same request in your own server, then either you have to use AJAX to send two requests or you have to use curl to send one request to external link. Hope the following may help.
<button type="button" name="btn-signup" onclick="myFunction()">Create My gomobi website</button>
Check above button code, I changed it to type button as I prefer you to post the form data using your myFunction() and by AJAX. Now below is the possible code for myFunction() . [Note: You must have some code already in myFunction(), which I dont know, you just keep them if needed and also add the following code to it] In case ajax form posting you need not to use method or action in your form tag.
function myFunction()
{
var gh = $('input[name=gh]').val();
var Mnumber = $('input[name=Mnumber]').val();
var email = $('input[name=email]').val();
var fname= $('input[name=fname]').val();
var address= $('input[name=address]').val();
var sitename= $('input[name=sitename]').val();
$.get("http://api.ipayy.com/v001/c/oc/dopayment",
{
gh : gh,
Mnumber : Mnumber,
email : email,
fname : fname,
address : address,
sitename : sitename
},
function(data,status){
//console.log(data);
if(status == 'success')
{
//another POST or GET ajax method can be initiated with same data
//but differant url (the url of your php code which is inserting data to database)Here is an example below
$.post("storedatatodb.php",
{
gh : gh,
Mnumber : Mnumber,
email : email,
fname : fname,
address : address,
sitename : sitename
},
function(data,status)
{
if(status == 'success')
{
// do something - redirect to some page
}
});
}
else
{
//show error message
// or do nothing
}
});
}
In the above case the storedatatodb.php will be like follows
<?php
include_once 'dbconnect.php';
$mobile = mysql_real_escape_string($_POST['Mnumber']);
$email = mysql_real_escape_string($_POST['email']);
$fname = mysql_real_escape_string($_POST['fname']);
$address = mysql_real_escape_string($_POST['address']);
$sitename = mysql_real_escape_string($_POST['sitename']);
$q = ("INSERT INTO template_users(Mnumber,email,fname,address,sitename) VALUES('$mobile','$email','$fname','$address','$sitename')");
mysql_query ($q) or die("Problem with the query: $q<br>" . mysql_error());
?>
ANOTHER method is to use PHP curl .
In this case you may use any method of GET or POST in form tag and in action , use the url of the php file processing your data to insert into db. Assume the file is storedatatodb.php . The code will be like follows
<?php
include_once 'dbconnect.php';
$gh = $_POST['gh'];
$mobile = mysql_real_escape_string($_POST['Mnumber']);
$email = mysql_real_escape_string($_POST['email']);
$fname = mysql_real_escape_string($_POST['fname']);
$address = mysql_real_escape_string($_POST['address']);
$sitename = mysql_real_escape_string($_POST['sitename']);
$q = ("INSERT INTO template_users(Mnumber,email,fname,address,sitename) VALUES('$mobile','$email','$fname','$address','$sitename')");
mysql_query ($q) or die("Problem with the query: $q<br>" . mysql_error());
//curl to send data to external URL
// In case of GET request
$geturl = "http://api.ipayy.com/v001/c/oc/dopayment?gh=".$gh."&mobile=".$mobile."&email=".$email."&fname=".$fname."&address=".$address."&sitename=".$sitename;
// Get cURL resource
$curl = curl_init();
// Set some options
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $geturl
));
// Send the request & save response to $resp
$resp = curl_exec($curl);
//Print error if any
if(curl_errno($curl))
{
echo 'error:' . curl_error($curl);
}
// Close request to clear up some resources
curl_close($curl);
?>
If you are submitting data to same page
then
change from
<form action="http://api.ipayy.com/v001/c/oc/dopayment" method="get" >
to
<form action="">
and also change from
<?php
include_once 'CryptoUtils.php';
include_once 'dbconnect.php';
if(isset($_POST['btn-signup']))
{
$mobile = mysql_real_escape_string($_POST['Mnumber']);
$email = mysql_real_escape_string($_POST['email']);
$fname = mysql_real_escape_string($_POST['fname']);
$address = mysql_real_escape_string($_POST['address']);
$sitename = mysql_real_escape_string($_POST['sitename']);
$q = ("INSERT INTO template_users(Mnumber,email,fname,address,sitename) VALUES('$mobile','$email','$fname','$address','$sitename')");
mysql_query ($q) or die("Problem with the query: $q<br>" . mysql_error());
}
?>
to
<?php
include_once 'CryptoUtils.php';
include_once 'dbconnect.php';
if(isset($_POST['btn-signup']))
{
$mobile = mysql_real_escape_string($_GET['Mnumber']);
$email = mysql_real_escape_string($_GET['email']);
$fname = mysql_real_escape_string($_GET['fname']);
$address = mysql_real_escape_string($_GET['address']);
$sitename = mysql_real_escape_string($_GET['sitename']);
$q = ("INSERT INTO template_users(Mnumber,email,fname,address,sitename) VALUES('$mobile','$email','$fname','$address','$sitename')");
mysql_query ($q) or die("Problem with the query: $q<br>" . mysql_error());
}
?>
Related
I wanna update just one data from a record using php form but the thing is, when i do that, the rest of the data gets removed from the record.. What do i do :/ here are my codes for updating. What is the mistake i am making.. I am very confused. Would really appreciate some help.
<?php
include('db.php');
if(isset($_POST['update']))
{
$hostname = "localhost";
$username = "root";
$password = "";
$databaseName = "winc sports";
$connect = mysqli_connect($hostname, $username, $password, $databaseName);
$id = $_POST['id'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$age = $_POST['age'];
$country=$_POST['country'];
$phone=$_POST['phone'];
$email=$_POST['email'];
$select = "SELECT * FROM studens WHERE id = '$id'";
$selected = mysqli_query($connect, $select);
$row = mysqli_fetch_assoc($selected);
if (empty($_POST['fname'])) {$fname = $row['fname'];} else {$fname = $_POST['fname'];}
if (empty($_POST['country']))
{
$country = $row['country'];
}
else {
$country = $_POST['country'];
}
if (empty($_POST['id'])) {
$id = $row['id'];
}
else {
$id = $_POST['id'];
}
if (empty($_POST['age'])) {$age = $row['age'];} else {$age = $_POST['age'];}
if (empty($_POST['phone'])) {$phone = $row['phone'];} else {$phone = $_POST['phone'];}
if (empty($_POST['email'])) {$email = $row['email'];} else {$email = $_POST['email'];}
$query = "UPDATE students SET Fname= '$fname', Lname = '$lname', Nationality = '$country', PhoneNumber = '$phone', Email= '$email', Age = '$age' WHERE Id = '$id'";
$result = mysqli_query($connect, $query);
var_dump($result);
if($result)
{
echo 'Data Updated';
}else
{
echo 'Data Not Updated';
}
mysqli_close($connect);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>PHP INSERT DATA USING PDO</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<form action="updating.php" method="post">
<input type="text" name="id" placeholder="Enter new ID"><br><br>
<input type="text" name="fname" placeholder="Enter new First Name"><br><br>
<input type="text" name="lname" placeholder="Enter new Last Name"><br><br>
<input type="number" name="age" placeholder="Enter new age" min="13" max="90"><br><br>
<input type="text" name="country" placeholder="Enter new Nationality"><br><br>
<input type="number" name="phone" placeholder="Enter new Phone Number"><br><br>
<input type="text" name="email" placeholder="Enter new Email"><br><br>
<input type="submit" name="update" value="update">
</form>
</body>
</html>
The select statement is fetching data from a table called studens. This looks like a typo of the actual table so it won't actually fetch any results for you to update. Thus, the data you wind up updating the table with is empty. Rename the initial select table to students and it should properly fetch the data.
Also, please look into prepared statements or various other methods to sanitize inputs. Using POST variables directly in a query makes you extremely vulnerable to SQL Injection.
I am trying to make secure my database credentials but they keep showing up in the firebug console.
I simply want to save form information into a database.
My form (form.html)
<form id="Form" method="POST" >
<table>
<tr>
<td>Name:</td>
<td><input id="name" name="name" type="text" /></td>
</tr>
<tr>
<td>Address:</td>
<td><input id="address" name="address" type="text" /></td>
</tr>
<tr>
<td>Telephone:</td>
<td><input id="telephone" name="telephone" type="text" /></td>
</tr>
<tr>
<td>Email:</td>
<td><input id="email" name="email" type="email" /></td>
</tr>
</table>
<div class="SubmitButton">
<input type="submit" id="submit" name="submit" value="Submit" />
</div>
</form>
<div id="Response"></div>
</div>
<!-- javascript to handle form data -->
<script type="text/javascript">
$("document").ready(function(){
var frm = $('#Form');
frm.submit(function (ev) {
ev.preventDefault();
var email = $('#email').val();
if(email)
{
$.ajax({
type: "POST",
dataType:"json",
url: "submit.php",
data: frm.serialize(),
success: function () {
$('#Response').empty();
$('#Response').wrapInner("<span class='SuccessMessage'>Your information has been submitted successfully!</span>")
return;
},
error: function () {
$('#Response').empty();
$('#Response').wrapInner("<span class='ErrorMessage'>Your information was not submitted successfully. Please try again.</span>")
}
});
} else {
$('#Response').empty();
$('#Response').wrapInner("<span class='EmailBlankMessage'>Email address is a required field.</span>")
return;
}
});
});
</script>
Here is my submit.php
<?php
if($_POST)
{
require(dirname(__FILE__)."/../config.php");
$name = $_POST["name"];
$address = $_POST["address"];
$telephone = $_POST["telephone"];
$email = $_POST["email"];
$name = mysql_real_escape_string($name);
$address = mysql_real_escape_string($address);
$telephone = mysql_real_escape_string($telephone);
$email = mysql_real_escape_string($email);
mysql_query("INSERT INTO XXXXX(name, address, telephone, email) VALUES('$name', '$address', '$address', '$email')");
}else {
header("Location: /Form.html");
die();
}
?>
Here is my config.php
<?
$hostname = "XXXXXX";
$database = "XXXXXX";
$username = "XXXXXX";
$password = "XXXXXX";
mysql_connect($hostname, $username , $password) or die (mysql_error());
mysql_select_db($database ) or die (mysql_error());
The config file is placed outside the root. However the 2 main issues I am having is that it won't insert the form data into the table and also the database credentials from config.php show up in the firebug console post response. I don't understand what is wrong with my code.
Your php open tag in config.php is <? - this is short open tag, which I think is disabled in your config. Your php in config.php is then not interpreted and is shown as is. Change it to regular open tag <?php.
Also note that mysql extension is deprecated, you should switch to PDO and prepared statements.
I am trying to have this form submit to a database but I am having no luck. I am a complete newbie and based this code off another form that is already in use. Can anyone spot errors that would make it not work properly? Any help would be huge.
<?php
include("includes/captcha.php");
if (!empty($_POST['submitcontestant'])) {
$addcontestantsql = "INSERT INTO ".$config['db_dbpaper'].".contest (company, name, address, phone)";
$company = mysql_real_escape_string($_POST['company']);
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$captcha = mysql_real_escape_string($_POST['captcha']);
<?php
include("includes/captcha.php");
if (!empty($_POST['submitcontestant'])) {
$addcontestantsql = "INSERT INTO ".$config['db_dbpaper'].".contest (company, name, address, phone)";
$company = mysql_real_escape_string($_POST['company']);
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$captcha = mysql_real_escape_string($_POST['captcha']);
$addcontestantsql .= " VALUES('$company', '$name', '$email', '$phone')";
$allowed = false;
if (empty($company) && empty($name) && empty($address) && empty ($email) && empty($phone)) {
echo '<strong>Please go back and fill out all the fields!</strong>';
}
elseif ($captcha != $captchaans) {
echo '<strong>CAPTCHA incorrect!</strong>';
}
else {
$allowed = true;
echo '<strong>You are in the contest!</strong>';
}
if ($allowed) {
db_exec($addcontestantql);
}
}
?>
<?php
$companysql = "SELECT DISTINCT company FROM ".$config['db_dbpaper'].".contest ";
$mainsql = "SELECT * FROM ".$config['db_dbpaper'].".contest ";
if (!empty($_POST['submit'])) {
$companyname = mysql_real_escape_string($_POST['company']);
$mainsql .= "WHERE company like '$companyname'";
}
$company = db_list($companysql);
$contest = db_list($mainsql);
?>
<div id="fullwidthpage">
<h2>Contest</h2>
<p>Please fill the out form and then click submit. Thank you.</p>
<form method="post">
<table width="491" border="0">
<tr>
<td width="107">Company:</td>
<td width="374"><input name="company" type="text" /></td>
</tr>
<tr>
<td>Name:</td>
<td><input name="name" type="text" /></td>
</tr>
<tr>
<td>Email:</td>
<td><input name="address" type="text" /></td>
</tr>
<tr>
<td>Phone:</td>
<td><input name="phone" type="text" /></td>
</tr>
</table>
<p><?php echo '<img src="'.BASE_URL.'images/captcha/'.date('n').'.jpg">'; ?><br />
What color is this?:<br />
<input name="captcha" size="25" style="text-transform: lowercase;"/>
<input name="submitcontestant" type="submit" value="Submit" />
</p>
</form>
id suggest you to start here : http://se2.php.net/manual/en/intro.mysqli.php
you're way off track at the moment and basically asking someone to code it for you.
after your posts update : it seems that the problem is you're not connecting to sql at all try using $link = mysql_connect('host', 'mysql_user', 'mysql_password');
All set, I was creating my data table in the wrong database, new table was added in the appropriate database and all better :). Thanks to everyone who gave me input!
Ok, I'm in the middle of making a multi function php file.
The file is named functions.php and has switch - case.
At first, I just have a simple register.php file which sends to functions.php.
Here's the error which I get :-
Notice: Undefined index: action in C:\Program Files (x86)\EasyPHP-DevServer-13.1VC9\data\localweb\transfer\functions.php on line 5
functions.php?username=223&password=223&action=register
This is pretty unsecure..I just want to show the action..like functions.php?action=register
What changes do I make to my script ?
Here's the code :-
register.php
<form action="functions.php" name="post">
<table>
<tr>
<td>Username : </td>
<td><input type="text" name="username"/></td>
</tr>
<tr>
<td>Password : </td>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<td><input type="submit" name="action" value="register"></td>
</tr>
</table>
</form>
functions.php
<?php
session_start();
$db = mysql_connect('127.0.0.1', 'root', 'akshay!##') or die (mysql_error($db));
mysql_select_db('transfer', $db);
switch($_POST['action'])
{
case 'register':
$username = (isset($_POST['username'])) ? $_POST['username'] : '';
$password=(isset($_POST['password'])) ? $_POST['password'] : '';
$username=mysql_real_escape_string($username, $db);
$password = md5($password);
$password = mysql_real_escape_string($password);
$query = "select * from users where user_name = '" . $username . "'";
$result = mysql_query($query, $db) or die (mysql_error($db));
if(mysql_num_rows($result) > 0)
{
echo "Username already exists, redirecting";
header('Refresh: 3; URL=register.php');
die();
}
if(empty($username) || empty($password))
{
echo "Fields cannot be empty, redirecting";
header('Refresh: 3; URL=register.php');
}
else
{
$query2 = "insert into users(user_id, user_name, user_pass)
values
(NULL, '" . $username . "', '" . $password . "')";
$result2 = mysql_query($query2, $db) or die (mysql_error($db));
if($result2)
{
echo "Registration successful";
}
else
{
echo "Cannot register";
}
}
break;
}
?>
Based on the query string ("functions.php?username=223&password=223&action=register"), it looks like you're using GET to send the data, and not POST.
You should be looking for $_GET['action'] instead, and you should use
isset($_GET['action'])
to check if the action is set.
Edit
If you're set on using POST, which you really should be for this type of application, then you'll need to change your form:
<form action="functions.php" name="post" method="post">
Additionally, you'll want to use a hidden field for the action parameter instead of using the submit button:
<td>
<input type="hidden" name="action" value="register" />
<input type="submit" name="submit" value="Submit" />
</td>
The method="POST" attribute ensures that your data will be transmitted to functions.php using POST. This way the data won't show up in the URL.
Then, your functions.php can contain:
if (isset($_POST['action'])) {
switch($_POST['action']) {
case 'register':
$username = (isset($_POST['username'])) ? $_POST['username'] : '';
// And so on
}
}
else {
echo "No action specified.";
}
It means that $_POST['action'] isn't set.
In your example you pass it in the URL, so should be using $_GET['action'] instead.
I have a login page (local intranet so dont worry about the security issues).
This page consists of the following form code :
<form action="auth.php" method="get" class="blocklogin">
<tr>
<td class="blocklogin" ><div align="left">Username: <input class="blocklogin" type="text" name="username" id="username" /><br />
</div></td>
</tr>
<tr>
<td class="blocklogin" ><div align="left">Password: <input class="blocklogin" type="password" name="password" id="password" />
</div></td>
</tr>
<tr>
<td colspan="2" class="blockloginfoot" title="Login"><input name="Login" type="submit" value="Login" /></td>
</form>
Now im trying to pass the username and password via the http link by doing the following :
http://localhost/folder/user_login.php?username=user#test&password=test123
But this does not seem to work,its suppose to use the details in the link to login. Am I missing something?
Pls help
The form action auth.php
<?php
session_start();
require_once('database.php');
$username = $_GET['username'];
$password = $_GET['password'];
$sql = "SELECT * FROM access_getaccountswithinfo WHERE username='".$username."' AND password='".$password."'";
$run = mysql_query($sql);
$row = mysql_fetch_array($run);
if (mysql_num_rows($run) == 1) {
$_SESSION['logged_in'] = true;
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
$_SESSION['packagename'] = $row['packagename'];
$_SESSION['creation-date'] = $row['creation-date'];
$_SESSION['cap'] = $row['cap'];
$_SESSION['total'] = $row['total'];
$_SESSION['remainingtopup'] = $row['remainingtopup'];
header("location: usage.php");
} else {
header("location: user_login.php");
}
mysql_close($link);
?>
Database code - database.php :
<?php
$link = mysql_connect('localhost', 'dbase', 'pass123');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
// make dbase the current db
$db_selected = mysql_select_db('dbase', $link);
if (!$db_selected) {
die ('Can\'t use foo : ' . mysql_error());
}
?>
If you try via url:
http://yourserver.com/folder/user_login.php?username=user#test&password=test123
You should use $_GET['username'] and $_GET['password'] to retrieve the value.
Otherwise if you submitting it, use $_POST['username'] and $_POST['password']
May this help.
Your html form uses the method "post" to send the data to your php script. Post data is sent in the header and the setup you have now should work.
When doing it via url you can get the parameters using "$_GET", not "$_POST".
Also, remember to htmlspecialchars() what you send from the form.
instead of using URL passing values to user_login.php where the form is...you have to pass it to auth.php which is the php that actually captures the values as follow
http://localhost/folder/auth.php?username=user#test&password=test123