Changing ID Chosen Being dropdown PHP - php

I have a script for the forum. By default, users can only post if it has opened the site to determine the parent first.
For example domain.com/new.php?parent=3
Here I am trying to modify using the dropdown.
For example:
OPTION 1 (value1)
OPTION 2 (value2)
OPTION 3 (value3)
I add $parent=$_POST['parent']; following the example of the $title=$_POST['title']; But always failed.
Is there a solution?
CODE:
<?php
//This page let users create new topics
include('config.php');
if(isset($_GET['parent']))
{
$id = intval($_GET['parent']);
if(isset($_SESSION['username']))
{
$dn1 = mysql_fetch_array(mysql_query('select count(c.id) as nb1, c.name from categories as c where c.id="'.$id.'"'));
if($dn1['nb1']>0)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>New Topic - <?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?> - Forum</title>
<script type="text/javascript" src="functions.js"></script>
</head>
<body>
<div class="header">
<img src="<?php echo $design; ?>/images/logo.png" alt="Forum" />
</div>
<div class="content">
<?php
$nb_new_pm = mysql_fetch_array(mysql_query('select count(*) as nb_new_pm from pm where ((user1="'.$_SESSION['userid'].'" and user1read="no") or (user2="'.$_SESSION['userid'].'" and user2read="no")) and id2="1"'));
$nb_new_pm = $nb_new_pm['nb_new_pm'];
?>
<div class="box">
<div class="box_left">
Forum Index > <?php echo htmlentities($dn1['name'], ENT_QUOTES, 'UTF-8'); ?> > New Topic
</div>
<div class="box_right">
Your messages(<?php echo $nb_new_pm; ?>) - <?php echo htmlentities($_SESSION['username'], ENT_QUOTES, 'UTF-8'); ?> (Logout)
</div>
<div class="clean"></div>
</div>
<?php
if(isset($_POST['message'], $_POST['title']) and $_POST['message']!='' and $_POST['title']!='')
{
include('bbcode_function.php');
$title = $_POST['title'];
$message = $_POST['message'];
if(get_magic_quotes_gpc())
{
$title = stripslashes($title);
$message = stripslashes($message);
}
$title = mysql_real_escape_string($title);
$message = mysql_real_escape_string(bbcode_to_html($message));
if(mysql_query('insert into topics (parent, id, id2, title, message, authorid, timestamp, timestamp2) select "'.$id.'", ifnull(max(id), 0)+1, "1", "'.$title.'", "'.$message.'", "'.$_SESSION['userid'].'", "'.time().'", "'.time().'" from topics'))
{
?>
<div class="message">The topic have successfully been created.<br />
Go to the forum</div>
<?php
}
else
{
echo 'An error occurred while creating the topic.';
}
}
else
{
?>
<form action="new_topic.php?parent=<?php echo $id; ?>" method="post">
<label for="title">Title</label><input type="text" name="title" id="title" /><br />
<label for="message">Message</label><br />
<div class="message_buttons">
<input type="button" value="Bold" onclick="javascript:insert('[b]', '[/b]', 'message');" /><!--
--><input type="button" value="Italic" onclick="javascript:insert('[i]', '[/i]', 'message');" /><!--
--><input type="button" value="Underlined" onclick="javascript:insert('[u]', '[/u]', 'message');" /><!--
--><input type="button" value="Image" onclick="javascript:insert('[img]', '[/img]', 'message');" /><!--
--><input type="button" value="Link" onclick="javascript:insert('[url]', '[/url]', 'message');" /><!--
--><input type="button" value="Left" onclick="javascript:insert('[left]', '[/left]', 'message');" /><!--
--><input type="button" value="Center" onclick="javascript:insert('[center]', '[/center]', 'message');" /><!--
--><input type="button" value="Right" onclick="javascript:insert('[right]', '[/right]', 'message');" />
</div>
<textarea name="message" id="message" cols="70" rows="6"></textarea><br />
<input type="submit" value="Send" />
</form>
<?php
}
?>
</div>
<div class="foot">Simple PHP Forum Script - Webestools</div>
</body>
</html>
<?php
}
else
{
echo '<h2>The category you want to add a topic doesn\'t exist.</h2>';
}
}
else
{
?>
<h2>You must be logged to access this page.</h2>
<div class="box_login">
<form action="login.php" method="post">
<label for="username">Username</label><input type="text" name="username" id="username" /><br />
<label for="password">Password</label><input type="password" name="password" id="password" /><br />
<label for="memorize">Remember</label><input type="checkbox" name="memorize" id="memorize" value="yes" />
<div class="center">
<input type="submit" value="Login" /> <input type="button" onclick="javascript:document.location='signup.php';" value="Sign Up" />
</div>
</form>
</div>
<?php
}
}
else
{
echo '<h2>The ID of the category you want to add a topic is not defined.</h2>';
}
?>


There is no input element with the name parent in the
form, therefore $_POST['parent'] will not be set. Verify by dumping $_POST after submit: var_dump($_POST).
You could reuse the $id variable which holds the $_GET['parent'] value.
As it has been mentioned in the comments:
Make sure to sanitize all input values before stating SQL queries to prevent SQL injection attacks!

Related

Updating a phpmyadmin table through Php using a url varible

im having a problem when trying to implement a edit page in php.
Getting items from the database doesent pose any problem, yet trying to update it tells me that i have missed a field and trying to skip the check just leaves me with a unedited table.
To explain more, there is a page that directs to this one while passing on a id (propertyID) veriable and from that we use it to grab the desired variables.
Can anyone look at the code and tell me what i have done wrong, i have prevously got a similar page working and am getting quite flustered trying to figure out why this one isent.
<?php
// Start sessions
include('includes/security.inc.php');
authorise();
if (!isset($_GET['propertyID']) || !is_numeric($_GET['propertyID']))
{
header('Location:./houselist.php');
}
else
{
// Include connection file
include('includes/connection.inc.php');
// Get details
connect();
$propertyID = $_GET['propertyID'];
$sql = "SELECT * FROM Properties WHERE propertyID='$propertyID' LIMIT 1";
$result = #mysql_query($sql) or die('Unable to run query');
$record = mysql_fetch_object($result);
mysql_close();
// Check to see if the form has been submitted
if (isset($_POST['submit']))
{
// Check to see all fields have been completed
$address = $_POST['address'];
$categoryID = $_POST['categoryID'];
$price = $_POST['price'];
$landlordName = $_POST['landlordName'];
$img = $_POST['img'];
$description= $_POST['description'];
if (!empty($address) && !empty($categoryID) && !empty($price) && !empty($landlordName) && !empty($img) && !empty($description))
{
// Create an SQL query to add the comment
$sql = "UPDATE property SET propertyID = '$propertyID', img = '$img', address = '$address', price = '$price', landlordName = '$landlordName', description = '$description' WHERE propertyID = $propertyID";
// Connect to the database
connect();
// Run the query and store the result in a variable
$result = mysql_query($sql) or die("Could not run query1");
// Close connection to the database
mysql_close();
// Check if query was successful
if ($result)
{
$message = '<div class="success"><p>You have successfully edited Article details.</p><p>Please Click Here to view the Animal list.</p></div>';
}
else
{
$message = '<div class="error"><p>There was an error editing details, please try again</p></div>';
}
}
else
{
$message = '<div class="error"><p>Please make sure you fill all fields in before submitting the form.</p></div>';
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/960.css"/>
<link rel="stylesheet" type="text/css" href="css/demo.css"/>
<link rel="stylesheet" type="text/css" href="css/960_24_col.css"/>
<link rel="stylesheet" type="text/css" href="css/reset.css"/>
<link rel="stylesheet" type="text/css" href="css/text.css"/>
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<title>Complete Property Solutions</title>
<title>Homescreen - Complete Property Solutions</title>
</head>
<body>
<div class="container_24" id="container">
<div class="grid_24" id="banner">
<img src="img/banner.png" width="960" height="92" />
</div>
<div class="grid_18" id="nav" align="right">
<ul id="topnav">
<li>Home</li>
<li>Properties</li>
<li>Landlords</li>
<li>Tenants</li>
<li>Logout</li>
</ul>
</div>
<div class="grid_6" id="search" align="right">
<form action="search.php" method="GET">
<input type="text" name="term" size="15">
<input type="submit" value="Search">
</form>
</div>
</div>
<div class="container_24" id="container" align="center">
<div id="container">
<form id="PropertyEdit" name="PropertyEdit" method="post" action="<? echo $_SERVER['PHP_SELF'] . "?propertyID=" . $propertyID; ?>">
<input type="hidden" name="propertyID" id="propertyID" value="<?php echo $propertyID; ?>" />
<?php
if (isset($message))
{
echo $message;
}
else
{
?>
<div class="label"><label for="propertyID"></label></div>
<div class="input"><input type="hidden" name="propertyID" id="propertyID" tabindex="1" value="<? echo $record->propertyID; ?>" /></div>
<br />
<div class="label"><label for="categoryID">Category</label></div>
<div class="input"><input type="text" name="categoryID" id="categoryID" tabindex="1" value="<? echo $record->categoryID; ?>" /></div>
<br />
<div class="label">
<label for="address">Address:</label></div>
<div class="input"><input type="text" name="address" id="address" tabindex="1" value="<? echo $record->address; ?>" /></div>
<br />
<div class="label"><label for="price">Price:</label></div>
<div class="input"><input type="text" name="Price" id="price" tabindex="3" value="<? echo $record->price; ?>" /></div>
<div class="label"><label for="landlordName">Landlord</label></div>
<div class="input"><input type="text" name="landlordName" id="landlordName" tabindex="1" value="<? echo $record->landlordName; ?>" /></div>
<br />
<div class="label"><label for="img">Image</label></div>
<div class="input"><input type="text" name="img" id="img" tabindex="1" value="<? echo $record->img; ?>" /></div>
<br />
<div class="label"><label for="description">Description:</label></div>
<div class="input"><textarea name="description" id="description" cols="50" rows="10" tabindex="5"><? echo $record->description; ?></textarea></div>
<br />
<div class="label"> </div>
<div class="input">
<input type="reset" name="reset" id="reset" value="Reset" tabindex="6" />
<input type="submit" name="submit" id="submit" value="Submit" tabindex="7" />
</div>
<p class="normal">Click Here to Return to the Home page</p>
<?php
}
?>
</form> </div>
</div>
</body>
</html>
<?php
}
?>
my best guess for the problem would revolve around
// Check to see if the form has been submitted
if (isset($_POST['submit']))
{
// Check to see all fields have been completed
$address = $_POST['address'];
$categoryID = $_POST['categoryID'];
$price = $_POST['price'];
$landlordName = $_POST['landlordName'];
$img = $_POST['img'];
$description= $_POST['description'];
if (!empty($address) && !empty($categoryID) && !empty($price) && !empty($landlordName) && !empty($img) && !empty($description))
{
// Create an SQL query to add the comment
$sql = "UPDATE property SET propertyID = '$propertyID', img = '$img', address = '$address', price = '$price', landlordName = '$landlordName', description = '$description' WHERE propertyID = $propertyID";
// Connect to the database
connect();
// Run the query and store the result in a variable
$result = mysql_query($sql) or die("Could not run query1");
// Close connection to the database
mysql_close();
// Check if query was successful
if ($result)
{
$message = '<div class="success"><p>You have successfully edited Article details.</p><p>Please Click Here to view the Animal list.</p></div>';
}
else
{
$message = '<div class="error"><p>There was an error editing details, please try again</p></div>';
}
}
else
{
$message = '<div class="error"><p>Please make sure you fill all fields in before submitting the form.</p></div>';
}
}
And the below section, my problem is that im not sure where exactly
<div class="container_24" id="container" align="center">
<div id="container">
<form id="PropertyEdit" name="PropertyEdit" method="post" action="<? echo $_SERVER['PHP_SELF'] . "?propertyID=" . $propertyID; ?>">
<input type="hidden" name="propertyID" id="propertyID" value="<?php echo $propertyID; ?>" />
<?php
if (isset($message))
{
echo $message;
}
else
{
?>
<div class="label"><label for="propertyID"></label></div>
<div class="input"><input type="hidden" name="propertyID" id="propertyID" tabindex="1" value="<? echo $record->propertyID; ?>" /></div>
<br />
<div class="label"><label for="categoryID">Category</label></div>
<div class="input"><input type="text" name="categoryID" id="categoryID" tabindex="1" value="<? echo $record->categoryID; ?>" /></div>
<br />
<div class="label">
<label for="address">Address:</label></div>
<div class="input"><input type="text" name="address" id="address" tabindex="1" value="<? echo $record->address; ?>" /></div>
<br />
<div class="label"><label for="price">Price:</label></div>
<div class="input"><input type="text" name="Price" id="price" tabindex="3" value="<? echo $record->price; ?>" /></div>
<div class="label"><label for="landlordName">Landlord</label></div>
<div class="input"><input type="text" name="landlordName" id="landlordName" tabindex="1" value="<? echo $record->landlordName; ?>" /></div>
<br />
<div class="label"><label for="img">Image</label></div>
<div class="input"><input type="text" name="img" id="img" tabindex="1" value="<? echo $record->img; ?>" /></div>
<br />
<div class="label"><label for="description">Description:</label></div>
<div class="input"><textarea name="description" id="description" cols="50" rows="10" tabindex="5"><? echo $record->description; ?></textarea></div>
<br />
<div class="label"> </div>
<div class="input">
<input type="reset" name="reset" id="reset" value="Reset" tabindex="6" />
<input type="submit" name="submit" id="submit" value="Submit" tabindex="7" />

cookies to store in contact form to edit after preview in php

I'm trying to get the information submitted by the user to store with a cookie, and redisplay when a user hits 'edit' on the preview page. For example if a user enters "jhon" as name and hits submit, then sees a preview and sees they misspelled their name they can hit edit and all the information they entered is still there, and they only have to fix their name.
Form code:
<!doctype html>
<?php
$cookie_name = "first";
$cookie_value = "$first";
setcookie($cookie_name, $cookie_value, time()+3600*60*24*7);
?>
<html>
<head>
<title>Contact Information</title>
<style type="text/css">
</style>
<link href="css/styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="container">
<div id="content">
<h1>Please Answer the Following Questions</h1>
<form method="POST" action="form_preview.php">
<label for="first">First Name: </label>
<input type="textarea" name="first" />
<br /><br />
<label for="last">Last Name: </label>
<input type="textarea" name="last" />
<br /><br />
<label for="first">Email: </label>
<input type="textarea" name="email" />
<br /><br />
<label for="last">Phone Number: </label>
<input type="textarea" name="phone" />
<br /><br />
<input type="submit" name="submit" value="Preview Answers" />
</form>
</div>
</div>
</body>
</html>
Preview code:
<!doctype xhtml>
<html>
<head>
<title>Preview</title>
<link href="css/styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="container">
<div id="content">
<?php
$first = $last = $email = $phone = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$first = test_input($_POST["first"]);
$last = test_input($_POST["last"]);
$email = test_input($_POST["email"]);
$phone = test_input($_POST["phone"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
echo "<h1>Personal Information:</h1>";
echo "First Name: ";
echo $first;
echo "<br><br>";
echo "Last Name: ";
echo $last;
echo "<br><br>";
echo "Email: ";
echo $email;
echo "<br><br>";
echo "Phone Number: ";
echo $phone;
echo "<br><br>";
?>
<form method="post" action="form_entry.php">
<input type="submit" name="edit" value="Edit" />
</form>
<form method="post" action="form_confirmed.php">
<input type="submit" name="confirm" value="Finish" />
</form>
</div>
</div>
</body>
</html>

How to pass an image value from one form to another form?

i have an image at promotions.php . When i clicked on 'edit' link, the variables like 'title', 'description' and 'image' would be passed on to doEditPromotion.php's page form.
I can pass 'title' and 'description' to be displayed on doEditPromotion.php's page form but not the image value.
Can anyone help me with this? Thanks!
doEditPromotion.php -->
<?php
session_start();
include "dbfunction.php";
$id = $_REQUEST['id'];
$query = "SELECT title, description, image, promotionID FROM promotion WHERE promotionID = '$id'";
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$title = $row['title'];
$description = $row['description'];
$image = $row['image'];
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['save']))
{
$title_save = $_POST['title'];
$description_save = $_POST['description'];
$target = 'images/';
$target = $target.basename($_FILES['photo']['name']);
$pic = ($_FILES['photo']['name']);
move_uploaded_file($_FILES['photo']['tmp_name'], $target);
// check that firstname/lastname fields are both filled in
if ($title_save == '' || $description_save == '' || $pic == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
echo $error;
}
else
{
// save the data to the database
$query = "UPDATE promotion SET title = '$title_save', description = '$description_save', image = '$pic' WHERE promotionID = '$id'";
$result = mysqli_query($link, $query);
// once saved, redirect back to the view page
header("Location: promotions.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="codes.css"/>
<link href="styles.css" rel="stylesheet" type="text/css" media="screen" />
<link rel="stylesheet" href="picture-zoom/css/dg-picture-zoom.css" type="text/css" />
<script type="text/javascript" src="picture-zoom/js/external/mootools-1.2.4-core-yc.js"></script>
<script type="text/javascript" src="picture-zoom/js/external/mootools-more.js"></script>
<script type="text/javascript" src="picture-zoom/js/dg-picture-zoom.js"></script>
<script type="text/javascript" src="picture-zoom/js/dg-picture-zoom-autoload.js"></script>
<script>
function myFunction()
{
alert("Are you sure you want to proceed?");
}
</script>
<title>Eco Canteen - Promotions</title>
</head>
<body>
<div id="wrap">
<div id="header">
<div id="logo">
<br/>
<?php
if(isset($_SESSION['username']))
{
?>
<p align="right"><font color="white">Logout</font></p>
<?php
}
else
{
?>
<form align="right" name="form" action="doIndex.php" method="post">
<p><label for="username"><font color="white"> Username: </font></label>
<input name="username" type="text"></input>
<label for="password"><font color="white"> Password: </font></label>
<input name="password" type="password"></input>
<input name="submit" value="Login" type="submit"/></p>
<?php
}
?>
</form>
</div>
<div id='menu'>
<ul>
<li><a href='index.php'><span>Home</span></a></li>
<li><a href='promotions.php'><span>Promotions</span></a></li>
<li><a href='outlets.php'><span>Outlets</span></a></li>
<li><a href='feedback.php'><span>Feedback</span></a></li>
<li class='has-sub '><a href='#'><span>Career</span></a>
<ul>
<li><a href='stall.php'><span>Stall Leasing</span></a></li>
<li><a href='career.php'><span>Career Opportunity</span></a></li>
</ul>
</li>
<li><a href='contactUs.php'><span>Contact Us</span></a></li>
</ul>
</div>
</div>
<br/>
<br/>
<p class="slogan"></p>
<div id="intro">
<h2><b>ECO CANTEEN</b></h2>
</div>
<br/>
<div class="wid_center">
<div id="content">
<div class="gao">
<h3>Promotion > <b>Edit Promotion</b></h3>
<fieldset stype='width:500px'>
<legend><b>Promotion Details</b></legend>
<form method="post" enctype="multipart/form-data">
<table>
<tr>
<td>Promotion Title:</td>
<td><input type="text" name="title" size='36' value="<?php echo $title;?>"/></td>
</tr>
<tr>
<td>Description:</td>
<td><input type="text" name="description" style='width: 300px;height:80px' value="<?php echo $description;?>"/></td>
</tr>
<tr>
<td>Image:</td>
<td><input type='file' name='upfile' id='image' src='images/<?php echo $_REQUEST['$image']?>'></input></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="save" value="Save"/></td>
</tr>
</table>
</form>
</fieldset>
</div>
<br/>
<br/>
<hr class="clear" />
</div>
</div>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<div id="footer">
<p> <br />
Copyright © 2012 EcoCanteen<br />
</p></div>
</div>
</body>
</html>

You named the uploaded file upfile, and then tried to access it as photo. Do print_r($_FILES) and then change one of the following:
$_FILES['photo']['name'] // Either change photo to upfile
...
<input type='file' name='upfile' id='image' src='...' /> // Or upfile to photo

Input reset and submit doesnt work

this is my form, my input reset don't reset all my input and submit don't send my form,
when I press input reset it doesn't work and dont know why and the same happening with submit
what should i do??
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Agregar Publicidad</title>
<link rel="stylesheet" type="text/css" href="../css/EstiloLocales.css"/>
<link rel="stylesheet" type="text/css" href="../libs/css/ui-lightness/jquery-ui-1.8.18.custom.css"/>
<script src="../libs/js/jquery-ui-1.8.18.custom.min.js" type="application/javascript"></script>
<script src="../libs/js/jquery-1.7.1.min.js" type="application/javascript"></script>
<script type="text/javascript">
$(document).ready(function(){
$('.checkin').click(function(){
var labelId = $(this).attr('name');
var colorActual = $('#'+labelId).css('color');
var checkeo = $(this).attr('checked');
$('#COLOSH').val(checkeo);
if(checkeo == 'checked'){
$('#'+labelId).css('color','#f00');
}else{
$('#'+labelId).css('color','#000');
}
var n = $("input:checkbox").length;
var str = '';
for(var cj=1; cj < n; cj++){
var check = document.getElementById(cj+'1').checked;
if(check == true){
str += cj+' ';
}
}
$('#myArr').val(str);
});
});
function cargarCategorias(cadena){
var ar= cadena.split(" ");
if(ar.length < 3){
$('#'+ar+'1').prop("checked", true);
$('#label'+ar).css("color", "#f00");
}else{
ar = ar.split(' ');
for(var i=0;i < ar.length; i++){
$('#'+ar[i]+'1').prop("checked", true);
$('#label'+ar[i]).css("color", "#f00");
}
}
}
function porDefecto(){
$('.label').css('color','#000');
//$(':input').attr('value','');
//$('#descripcion').attr('value','');
}
function loaddefimages(Id)
{
//this.src='../Info/Fotos/fotogenerica.jpg
document.getElementById(Id).src="../Info/Fotos/fotogenerica.jpg";
}
</script>
</head>
<body>
<?php
include "../src/defines.php";
$numero = $_GET['numero'];
$doc = new DOMDocument;
$doc->load(DIR_LOCALES);
$xpath = new DOMXPath($doc);
$elements = $xpath->query('//item[#numero="'.$numero.'"]');
//if ($elements->length >= 1) {
$element = $elements->item(0);
$ar = buscar_categorias( $element->getAttribute('nombre'),DIR_PUBLICIDADES);
if($ar != ''){
$t= implode(' ',$ar);
?>
<script language="javascript">
var cadena = <?php echo $t;?>
cargarCategorias(cadena);
</script>
<?php
}
// }
?>
<form id="form1" name="form1" enctype="multipart/form-data" method="post" action="add_local.php">
<input type="hidden" id="myArr" name="myArr" value="">
<input type="hidden" id="oldvalue" name="oldvalue" value="">
<input type="hidden" id="accion" name="accion" value="1">
<input type="hidden" id="oldName" name="oldName" value="">
<div class="div_principal">
<div class="contenido">
<div class="contenido-uno">
<div class="datos"><!--BEGIN DATOS -->
<div class="datos-uno"><!--BEGIN DATOS UNO -->
<div>
<label for="nombre">Nombre</label>
<input name="nombre" type="text" id="nombre" maxlength="21" style="margin-left:15px;" value="<?php if($element->getAttribute('nombre') == ''){ echo "NO ASIGNADO";}else{echo $element->getAttribute('nombre');} ?>" />
</div>
<div>
<label for="telefono">Teléfono</label>
<input type="text" name="telefono" id="telefono" style="margin-left:10px;" value="<?php if($element->getAttribute('telefono') == ''){ echo "NO ASIGNADO";}else{echo $element->getAttribute('telefono');} ?>"/>
</div>
<div>
<label for="web">Web</label>
<input type="text" name="web" id="web" value="<?php if($element->getAttribute('web') == ''){ echo "NO ASIGNADO";}else{echo $element->getAttribute('web');} ?>" />
</div>
<div>
<label for="correo">Correo:</label>
<input type="text" name="correo" id="correo" value="<?php if($element->getAttribute('correo') == ''){ echo "NO ASIGNADO";}else{echo $element->getAttribute('correo');} ?>"/>
</div>
<div>
<label for="encargado">Encargado</label>
<input type="text" name="encargado" id="encargado" value="<?php if($element->getAttribute('encargado') == ''){ echo "NO ASIGNADO";}else{echo $element->getAttribute('encargado');} ?>"/>
</div>
</div><!--END DATOS UNO -->
<div class="datos-dos"><!--BEGIN DATOS DOS -->
<div>
<label for="numero">Número</label>
<input type="text" disabled="disabled" style="margin-left:30px;" name="numero" id="numero" value="<?php echo $element->getAttribute('numero') ?>" />
</div>
<div>
<div>
<label for="descripcion"> Descripción</label>
</div>
<div style=" position:relative; top:-20px; left:100px;">
<textarea name="descripcion" id="descripcion" style="width:240px; height:100px;" ><?php if($element->getAttribute('descripcion') == ''){ echo "NO ASIGNADO";}else{echo $element->getAttribute('descripcion');} ?></textarea>
</div>
</div>
<div>
<label for="promocion">Promoción</label>
<input type="text" name="promocion" id="promocion" value="<?php if($element->getAttribute('promocion') == ''){ echo "NO ASIGNADO";}else{echo $element->getAttribute('promocion');} ?>" style="margin-left:15px;" />
</div>
</div>
</div><!-- FIN DATOS -->
<div class="imagenes"><!-- BEGIN IMAGENES -->
<div class="ima-uno">
<div class="div-foto">
<img id="foto" onerror="javascript:loaddefimages(this.id);" src="../Info/Fotos/Localimg/<?php echo strtolower($element->getAttribute('numero').'jpg'); ?>" alt="Foto" name="foto" width="310" height="115" />Imagen 297 x 110 px
</div>
<div class="div-btn">
<img src="../src/Img/paneldecontrol-15.png" width="23" height="23" style="position:absolute;" />
<input style="width:67px; z-index:2; opacity:0;" type="file" name="dir_foto" />
</div>
</div>
<div class="ima-dos">
<div class="div-logo">
<img id="logo" src="../Info/Fotos/logos/<?php echo strtolower($element->getAttribute('numero').'png'); ?>" onerror="javascript:loaddefimages(this.id);" alt="logo" width="150" height="115" /></div>
<div class="div-btn-logo">
<img src="../src/Img/paneldecontrol-15.png" width="23" height="23" style="position:absolute;" />
<input style="width:67px; z-index:2; opacity:0;" type="file" name="dir_logo" />
</div>
</div>
</div>
</div>
<div class="contenido-dos">
<div class="div_cat">
<?php
$docCat = new DomDocument;
$docCat->preserveWhiteSpace = FALSE;
$docCat->load(DIR_CATEGORIAS);
$parCat = $docCat->getElementsByTagName('categoria'); // Find Sections
$contador=0;
foreach($parCat as $parametro){
?>
<div>
<input id="<?php echo $parCat->item($contador)->getAttribute('id'); ?>1" class="checkin" type="checkbox" name="label<?php echo $parCat->item($contador)->getAttribute('id'); ?>" />
<label id="label<?php echo $parCat->item($contador)->getAttribute('id'); ?>" class="label" for="a"><?php echo $parCat->item($contador)->getAttribute('nombre'); ?></label>
</div>
<?php
$contador++;
}
?>
</div>
<div class="form-buttons">
<img src="../src/Img/paneldecontrol-17.png" width="23" height="23" style="position:absolute; left: 2px; top: 1px;" />
<input type="reset" onclick="javascript:porDefecto();" style=" z-index:2; width:25px; margin-right:7px; height:23px; opacity:0; " value="Limpiar" />Limpiar campos
<input type="submit" value="Guardar" style="margin-left:30px; margin-right:7px; width:27px; height:23px; z-index:3; opacity:0; " />Guardar
<img src="../src/Img/paneldecontrol-16.png" width="23" height="23" style="position:absolute; left: 152px; top: 1px;" />
</div>
</div>
</div>
</div>
</form>
</body>
</html>
div form-buttons has the input that doesn't work

Your 'reset' has an 'onclick' event, which is wrong. I bet that prevents the reset..
Some of the input elements are disabled, and I doubt wether disabled elements are posted.
For the generated elements, I think it's best to load your page and check the output (the generated source). I will tell you more easily if there's any error in the PHP code, than staring at the PHP source.

Form PHP code is output to the screen

<?php
function VerifyForm(&$values, &$errors)
{
if (strlen($values['fname']) == 0)
$errors['fname'] = 'Enter First Name';
if (strlen($values['lname']) == 0)
$errors['lname'] = 'Enter Last Name';
if (strlen($values['mname']) == 0)
$errors['mname'] = 'Enter Middle Name';
if (strlen($values['address']) == 0)
$errors['address'] = 'Enter Address';
if (strlen($values['terms']) == 0)
$errors['terms'] = 'Please Read Terms and Agreement and Check the box.';
if (!ereg('.*#.*\..{2,4}', $values['email']))
$errors['email'] = 'Email address invalid';
else if (strlen($values['email']) < 0)
$errors['email'] = 'Enter Email Address';
return (count($errors) == 0);
}
function DisplayForm($values, $errors)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>GIA Soap » Products » Customer Informations</title>
<link href="stylesheet/style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="js_files/jquery.js"></script>
<script type="text/javascript" src="js_files/sliding_effect.js"></script>
<script type="text/javascript" src="js_files/slideshow.js"></script>
</head>
<body>
<div class="bg_top">
<div class="bg_bottom">
<div class="wrapper">
<div class="header">
<div class="logo">
</div>
<div class="logo_text">
<div class="logo_head_text">Gia Soap Making</div>
<div class="logo_sub_text">Sub text here</div>
</div>
</div>
<div class="h_nav">
<div class="h_nav_dash">
</div>
</div>
<div class="container">
<div class="content_term">
<div class="content_terms">
<br />
<h1><p>Customer Information</p></h1><br />
<p>Please the following correctly.</p>
<div class="customer_info">
<?php
if (count($errors) > 0)
echo "<p>There were some errors in your submitted form, please correct them and try again.</p>";
?>
<form method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
<!-- hidden values -->
<input type="hidden" value="<?php echo $papaya; ?>" name="papaya" />
<input type="hidden" value="<?php echo $carrot; ?>" name="carrot" />
<input type="hidden" value="<?php echo $guava; ?>" name="guava" />
<label for="customer_fname">First Name (<i>Required</i>)</label>
<input type="text" class="textbox" id="customer_fname" name="customer_fname" value="<?= htmlentities($values['fname']) ?>" />
<span class="error_msg"><?= $errors['fname'] ?></span>
<label for="customer_lname">Last Name (<i>Required</i>)</label>
<input type="text" class="textbox" id="customer_fname" name="customer_fname" value="<?= htmlentities($values['lname']) ?>" />
<span class="error_msg"><?= $errors['lname'] ?></span>
<label for="customer_mname">Middle Name (<i>Required</i>)</label>
<input type="text" class="textbox" id="customer_fname" name="customer_fname" value="<?= htmlentities($values['mname']) ?>" />
<span class="error_msg"><?= $errors['mname'] ?></span>
<label for="customer_add">Address (<i>Required : Complete Address Please</i>)</label>
<input type="text" class="textbox" id="customer_add" name="customer_add1" value="<?= htmlentities($values['address']) ?>" /><br />
<input type="text" class="textbox" id="customer_add" name="customer_add2" /><br />
<input type="text" class="textbox" id="customer_add" name="customer_add3" />
<span class="error_msg"><?= $errors['address'] ?></span>
<label for="customer_email">Email Address (<i>Required</i>)</label>
<input type="text" class="textbox" id="customer_email" name="customer_email" value="<?= htmlentities($values['email']) ?>" />
<span class="error_msg"><?= $errors['email'] ?></span>
<label for="customer_phone">Phone Number </label>
<input type="text" class="textbox" id="customer_phone" name="customer_phone" />
<label for="customer_mobile">Mobile Number </label>
<input type="text" class="textbox" id="customer_mobile" name="customer_mobile" />
<br /><br />
<div class="terms">
<center>
<h1>Terms and Agreement</h1><br />
<p>Please read the following.</p><br />
</div>
<br />
<input type="checkbox" name="terms" value="<?= htmlentities($values['terms']) ?>" /> I Read the Terms and Agreement<br /><br />
<span class="error_msg"><?= $errors['terms'] ?></span>
<input type="submit" value="Send Order" class="prod_subbtn" />
</center>
</form>
</div>
</div>
</div>
<div class="clear"></div>
</div>
<?php include ('includes/footer.php'); ?>
</div>
</div>
</div>
</body>
</html>
<?php
}
function ProcessForm($values)
{
$papaya = $_POST['papaya'];
$carrot = $_POST['carrot'];
$guava = $_POST['guava'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$mname = $_POST['mname'];
$address = $_POST['address'];
}
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$formValues = $_POST;
$formErrors = array();
if (!VerifyForm($formValues, $formErrors))
DisplayForm($formValues, $formErrors);
else
ProcessForm($formValues);
}
else
DisplayForm(null, null);
?>
The output is:
Problem
The PHP code that is supposed to put in the field values can be seen by users.

Chances are short_open_tags is off. Use <?php echo ...; ?> instead of <?=... ?>, like this:
<?php echo htmlentities($values['lname']); ?>

<?= $errors['fname'] ?> is equal to <?php echo $errors['fname'] ?>.
<?= are called 'short tags', which were removed (deprecated) from php.
Use <?php echo $errors['fname']; ?> to see the actual variable value.

The directive short tags is set to off in the php.ini. That disallows <? $phpcode ?> and <?=$monkey?>
The only one allowed is <?php $monkeybusiness ?>

either change <?= to <?php echo or turn short_open_tags = on in the php.ini

Categories