Hey I am trying to get this code running for the past few days now. I do not know what is the problem. Whenever I run the code I can see it running but an empty row gets inserted. Basically I ave tried to hard code the data and the data gets inserted. Here is the HTML form:
<form action="register.php" id="contactForm" type="post">
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>First name *</label>
<input type="text" class="form-control" name="fname" >
</div>
<div class="col-md-6">
<label>Last name *</label>
<input type="text" class="form-control" name="lname" >
</div>
</div>
</div>
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>Gender *</label><br>
<select name="gender">
<option> Male </option>
<option> Female </option>
</select>
</div>
<div class="col-md-6">
<label>Stream *</label><br>
<select name="stream">
<option> B-Tech </option>
<option> M-Tech </option>
</select>
</div>
</div>
</div>
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>Email *</label>
<input type="text" class="form-control" name="email" >
</div>
<div class="col-md-6">
<label>Mobile *</label>
<input type="text" class="form-control" name="mobile">
</div>
</div>
</div>
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>College *</label>
<input type="text" class="form-control" name="college" >
</div>
<div class="col-md-6">
<label>Job Kind *</label>
<input type="text" class="form-control" name="job" >
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
    
<input type="submit" value="Register" class="btn btn-primary btn-lg"
data-loading-text="Loading..." name="submit">
</div>
</div>
</form>
Here is the registration.php
<?php
$connection = mysql_connect("EDITED by billy, was an I.P and port number", "user", "password"); // Establishing Connection with Server
$db = mysql_select_db("Registrations_connect", $connection); // Selecting Database from Server
$first_name = $_POST["fname"];
$last_name = $_POST["lname"];
$sex = $_POST["gender"];
$field = $_POST["stream"];
$contact = $_POST["mobile"];
$eaddress = $_POST["email"];
$institute = $_POST["college"];
$naukri = $_POST["job"];
$query = mysql_query("insert into students(fname, lname, gender, stream, mobile, email, college, job)
values ('$name', '$last_name', '$sex', '$field','$contact', '$eaddress', '$intitute', '$naukri')");
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
mysql_close($connection); // Closing Connection with Server
?>
After running; In the inspect element I checked the response:- It shows Data Inserted successfully but actually an empty row is getting inserted. Basically what i think I am not able to correctly grab the data properly from form. Can somebody please check what is the problem. It will be a great help.
The attribute is method, not type. This typo is causing your form to process a GET rather than a POST. So all your variable assignments are wrong.
$first_name = $_POST["fname"];
would be
$first_name = $_GET["fname"];
or you could use the $_REQUEST; or you can just correct the attribute,
<form action="register.php" id="contactForm" method="post">
Your code also is wide open to SQL injections and is using the deprecated mysql_ functions. You should update to mysqli or pdo and be using prepared statements with parameterized queries.
More on SQL injections:
http://php.net/manual/en/security.database.sql-injection.phpHow can I prevent SQL injection in PHP?https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29
Related
The php code to get to the header after executing the queries
<?php
if (isset($_POST['Submit1'])) {
$con = mysqli_connect("localhost:3306", "root", "", "travels");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$fname1 = $_POST['fname'];
$lname1 = $_POST['lname'];
$pnum1 = $_POST['pnum'];
$email1 = $_POST['email'];
$fcode = $_POST['fcode'];
$sql = "insert into customer_info(fname,lname,pnumber,email) values ('$fname1','$lname1','$pnum1','$email1')";
$sql1 = "insert into booking_info(fname,lname,pnumber,email,f_code) values ('$fname1','$lname1','$pnum1','$email1','$fcode')";
$sql2 = "update flight_info set seats_available=seats_available-1 where flight_code='$fcode'";
mysqli_query($con, $sql);
mysqli_query($con, $sql1);
mysqli_query($con, $sql2);
header("Location: Booking_confirm.php");
}
?>
HTML CODE
<div class="container mt-5">
<div class="row">
<div class="col-md-6">
<form action="Booking.php" method="POST">
<div class="form-group">
<label for="fname">First Name: </label>
<input type="text" name="fname" class="form-control" id="fname"/>
</div>
<div class="form-group">
<label for="lname">Last Name: </label>
<input type="text" name="lname" class="form-control" id="lname"/>
</div>
<div class="form-group">
<label for="pnum">Phone Number: </label>
<input type="text" name="pnum" class="form-control" id="pnum"/>
</div>
<div class="form-group">
<label for="email">Email-Address: </label>
<input type="text" name="email" class="form-control" id="email"/>
</div>
<div class="form-group">
<label for="flight">Flight No: </label>
<input type="text" name="fcode" class="form-control" id="fcode"/>
</div>
<form action="Booking_confirm.php" method="POST" target="_blank">
<button type="Submit" name="Submit1" class="btn btn-primary">Book</button>
</form>
</form>
</div>
This is how my code looks. for some reason my header is not working and i am not able to find out why.
Help would be appreciated.
I have tried every possible change to get the header to work but of no use
You have two nested forms, your first form action="Booking.php" contains all fields while the second, nested form action="Booking_confirm.php", only contains the submit button an NO fields.
Replace
<form action="Booking_confirm.php" method="POST" target="_blank">
<button type="Submit" name="Submit1" class="btn btn-primary">Book</button>
</form>
with
<button type="Submit" name="Submit1" class="btn btn-primary">Book</button>
When clicking submit there is no $_POST['fname'], $_POST['lname'] etc.
Edit: you also might need to replace
<form action="Booking.php" method="POST">
with
<form action="Booking_confirm.php" method="POST" target="_blank">
depending on where your "header"/code is placed
Make sure there is not white space or html tags or any output, before the header() function...
upload the entire code, structure so we can help you find the solution
I'm doing a e-commerce admin panel and I need a quick script for inserting data into MySQL. Here's what i've done and it does nothing.
<form action="#" id="form_sample_1" class="form-horizontal" method="post">
<div class="control-group">
<label class="control-label">Package Name<span class="required">*</span></label>
<div class="controls">
<input type="text" name="pkg_name" data-required="1" class="span6 " value=""/>
</div>
</div>
<div class="control-group">
<label class="control-label">Package Price <span class="required">*</span><small>(In Dollars)</small></label>
<div class="controls">
<input name="pkg_price" type="number" class="span6 " value=""/>
</div>
</div>
<div class="control-group">
<label class="control-label">Package Contains</label>
<div class="controls">
<input name="pkg_contains" type="text" class="span6 " value=""/>
</div>
</div>
<div class="control-group">
<label class="control-label">Your Password</label>
<div class="controls">
<input name="sifre" type="password" class="span6 " value=""/>
</div>
</div>
<div class="form-actions">
<button type="button"name="btn" class="btn btn-primary">Send request to server.</button>
</div>
</form>
<!-- END FORM-->
</div> <!--widget box light-grey end-->
<!-- Mass PHP starts here! -->
<?php
echo mysql_error();
include("include/baglan.php");
// set posts here.
$_POST['pkg_name'] = $pkg_name;
$_POST['pkg_price'] = $pkg_price;
$_POST['pkg_contains'] = $pkg_contains;
$sifre = mysql_real_escape_string(md5($_POST['sifre']));
if($_POST['btn'] and $_POST["sifre"] = $sifre){
mysql_query("INSERT INTO packages (pkg_name, pkg_price,pkg_contains) VALUES $pkg_name $pkg_price $pkg_contains");
echo "Success.";
}
else {
echo mysql_error();}
It returns nothing! I've re-written all code but nothing! please help me. The databae variables are;
id, auto incerment
pkg_name text
pkg_price int
pkg_contains mediumtext
Assign variable name should be the left side.
// set posts here.
$pkg_name=$_POST['pkg_name'];
$pkg_price=$_POST['pkg_price'];
$pkg_contains=$_POST['pkg_contains'];
Values() is function, put all vars in bracket and split them with ','.
mysql_query("INSERT INTO packages (pkg_name, pkg_price,pkg_contains) VALUES($pkg_name,$pkg_price,$pkg_contains)");
I have created a form using Bootstrap modal, a database connection via PHP as well as a simple form validation. When I fill out form and hit submit, it seems to connect to database and no form errors come back. It states: "-1 rows are affected. Thank you for your RSVP" but when I look on PHPMyAdmin there are no values inputted into my database.
Below is my PHP:
<?php
//check if form is submitted and not a hack/bot. Checks to see if form is submitte by the post method then runs fxn.
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
//grab all values that come from form in these variables. Each line below grabs info typed/selected in each form input. The value in square brackets is the name value of each input. Keep the $variables different from input names.
$rsvpvar = $_POST['rsvpBox'];
$fullnamevar = $_POST['fullName'];
$emailvar = $_POST['emailBox'];
$attendvar = $_POST['attend'];
$guestsvar = $_POST['extraGuests'];
$commentsvar = $_POST['additionals'];
//If fxn checks to see if all above variables have values stored in them using !empty fxn and if not if runs the echo. Use !empty (not empty) and not isset because isset will allow db connection even if some form values are blank. If there is a value stored in all form inputs then we incude this php or run the connetion to database.
if(!empty($rsvpvar) && !empty($fullnamevar) && !empty($emailvar) && !empty($attendvar) && !empty($guestsvar) && !empty($commentsvar)){
//Define the below vaiables within parenthesis.
$hostname = "rsvp.db";
$username = "******";
$password = "******";
$dbname = "rsvp";
//Connection to mysql database. OR die drops connection to database for security reasons. Connect error gives message.
$dbc = mysqli_connect($hostname, $username, $password, $dbname) OR die("Could not connect to database, ERROR: ".mysqli_connect_error());
//Set encoding
mysqli_set_charset($dbc, "utf8");
//insert into table "rsvp" by getting or querying values stored in $dbc variable (db info). You insert into the corresponding rows of the db table (i.e. RSVP), then you grab what you're inserting using the VALUES. What you're inserting comes from the above variables.
mysqli_query($dbc, "INSERT INTO rsvp(RSVP, FULLNAME, EMAIL, ATTEND, GUESTS, COMMENTS) VALUES('$rsvpvar', '$fullnamevar', '$emailvar', '$attendvar', $guestsvar', '$commentsvar')");
//define variable $registered which checks database to make sure values were inserted and rows were affected then outputs how many rows affected. Make sure the $dbc or connection info is inside parenthesis.
$registered = mysqli_affected_rows($dbc);
echo $registered." rows are affected. Thank you for your RSVP";
}else{
echo "ERROR: You did not fill out each section";
}
}else{
echo "Please fill out everything on the RSVP form";
}
?>
and my html:
<!-- Modal -->
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
<h2 class="modal-title" id="myModalLabel">RSVP</h2>
</div>
<form role="form" method="post" action="php/rsvp.php">
<div class="modal-body">
<div class="form-inline row response">
<div class="col-sm-12">
<h2>Ya Comin'?</h2>
<div class="radio-inline">
<label class="control-label">
<input type="radio" name="rsvpBox" id="attending" value="option1">
I'll be there with bells on!
</label>
</div>
<div class="radio-inline">
<label class="control-label">
<input type="radio" name="rsvpBox" id="notAttending" value="option2">
Sorry, wish I was cooler...
</label>
</div>
</div>
</div>
<hr>
<div class="deets row">
<div class="col-sm-12">
<h2>Your Deets</h2>
<div class="form-group col-lg-6">
<label class="control-label" for="fullName">Full Name</label>
<input type="text" name="fullName" class="form-control" id="fullName" placeholder="FULL NAME">
</div>
<div class="form-group col-lg-6">
<label class="control-label" for="email">Email</label>
<input type="email" name="emailBox" class="form-control" id="emailBox" placeholder="EMAIL#EXAMPLE.COM">
</div>
</div>
</div>
<hr>
<div class="row days">
<div class="col-sm-12">
<h2>Days Attending</h2>
<div class="checkbox">
<label class="control-label">
<input type="checkbox" name="attend" value="option1">
Friday: Rehersal Dinner & Beach Party
</label>
</div>
<div class="checkbox">
<label class="control-label">
<input type="checkbox" name="attend" value="option2">
Saturday: Wedding & Reception
</label>
</div>
</div>
</div>
<hr>
<div class="guests row">
<div class="col-sm-12">
<h2>Number of Additional Guests</h2>
<select id="extraGuests" name="extraGuests" class="form-control">
<option>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
</select>
</div>
</div>
<div class="extras row">
<div class="col-sm-12">
<h2>Anything Else?</h2>
<h4>Main Course Served Will be Chicken</h4>
<div class="form">
<div class="form-group">
<label class="control-label" for="message"></label>
<textarea name="additionals" id="additionals" class="form-control" rows="3" placeholder="Food specifications, allergies, guest names, etc..."></textarea>
</div>
</div>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
<button type="submit" name="submit" id="submit" value="send" class="btn btn-primary">Submit</button>
</div>
</form>
</div>
</div>
</div>
Please help as I am not an expert on databases...
Your all POST variable is :
$rsvpvar = $_POST['attending'];
$emailvar = $_POST['emailBox'];
$fullnamevar = $_POST['fullName'];
$attend1var = $_POST['friday'];
$attend2var = $_POST['saturday'];
$guestsvar = $_POST['extraGuests'];
$commentsvar = $_POST['additionals'];
SO, should be condition :
if(!empty($rsvpvar) && !empty($emailvar) && !empty($fullnamevar) && !empty($attend1var) && !empty($attend2var) && !empty($guestsvar) && !empty($commentsvar)){
Please use same name in 2 radio input field :
<input type="radio" name="attending" id="attending" value="option1" checked>.
<input type="radio" name="attending" id="notAttending" value="option2">
Note : your code is open for SQL Injection.
I'm trying to submit a form to my PHP validation script and I get 2 undefined indexes. Both of which are an select tag (school and function, focus on the function for this question). I've looked through several posts, and I still don't see what's wrong.
Here's the form:
<form action="actions/user_edit.php?id='. $user['id'] .'" method="post" id="form_editUser" class="col s12">
<div class="row">
<div class="input-field col s12">
<input value="'.$user['name'].'" id="name" name="name" type="text" class="validate">
<label for="name">Naam</label>
</div>
<div class="input-field col s12">
<input value="'.$user['email'].'" id="email" name="email" type="text" class="validate">
<label for="email">Email</label>
</div>
<div class="input-field col s12">
<select id="school" name="school">
<option>Ignore this select kthxbai
<option>
</select>
<label>School</label>
</div>
<div class="input-field col s12">
<select id="function" name="function">
<option value="" disabled>Kies functie</option>
<option value="Admin" >Admin</option>
<option value="Directeur" >Directeur</option>
<option value="Docent" >Docent</option>
</select>
<label>Functie</label>
</div>
</div>
</form>
<div class="modal-footer">
<input type="submit" value="Bewerk" form="form_editUser" class="modal-action modal-close waves-effect waves-green btn">
Annuleer
</div>
Here's the PHP script:
require '../config/db.php';
$userId = $_GET['id'];
$name = mysqli_real_escape_string($conn, $_POST["name"]);
$email = mysqli_real_escape_string($conn, $_POST["email"]);
$schoolId = mysqli_real_escape_string($conn, $_POST["school"]);
$function = mysqli_real_escape_string($conn, $_POST["function"]);
Turns out my form was inside a tbody element, which is not allowed. Problem solved, thanks for all the help!
Make sure to check your $_POST[] variables for existence, eg.
$option = isset($_POST['school']) ? $_POST['school'] : false;
if ($option) {
$schoolId = mysqli_real_escape_string($conn, $_POST["school"]);
}
I have seen cases where if nothing was selected as an option, the same is not included in the POST payload itself.
I want to fill all the fields in my database by getting the ones inputted on my form but it won't fill my database.
I don't know what's wrong with it:
<?php
$handle = mysql_connect("", "root" , "");
return mysql_select_db("bonggarden", $handle);
$SQL = "INSERT INTO table1(fname,femail,fphone,fmsg)
values('".$_POST['name']."','".$_POST['email']."','".$_POST['number']."','".$_PO ST['message']."')";
mysql_query($SQL);
?>
here is my form
<form id="main-contact-form" accept-charset="utf-8" class="" method="post" >
<div class="col-sm-5 col-sm-offset-1">
<div class="form-group">
<label>Name *</label>
<input type="text" name="name" id="name" class="form-control" required="required">
</div>
<div class="form-group">
<label>Email *</label>
<input type="email" name="email" id="email" class="form-control" required="required">
</div>
<div class="form-group">
<label>Phone *</label>
<input type="text" name="number" id="number" class="form-control">
</div>
</div>
<div class="col-sm-5">
<div class="form-group">
<label>Message *</label>
<textarea name="message" id="message" required="required" class="form-control" rows="8"></textarea>
</div>
<div class="form-group">
<button type="submit" name="submit" class="btn btn-primary btn-lg" required="required">Submit Message</button>
</div>
</div>
</form>
<?php
$fname = $_POST['name'];
$femail = $_POST['email'];
$fphone = $_POST['number'];
$fmsg = $_POST['message'];
$handle = mysql_connect("localhost", "root" , "");
mysql_select_db("bonggarden", $handle);
$SQL = "INSERT INTO table1(fname,femail,fphone,fmsg) values('$fname','$femail','$fphone','$fmsg')";
mysql_query($SQL);
?>
// if it still not working echo the variable $fname, $femail, $fphone, $fmsg check value is proparly getting in veriable or not.
Try changing
return mysql_select_db("bonggarden", $handle);
to
mysql_select_db("bonggarden", $handle);
The return is exiting the code before you execute the insert...
You do not need the 'return' in:
return mysql_select_db("bonggarden", $handle);
You may also consider adding the location of your server to your 'mysql_connect' function. EX:
mysql_connect("localhost","root","");
A couple of suggestions too:
1.) Organizationally, assigning your values from $_POST to variables might make it easier to see what values you are sending to your database.
2.) Add a die function that outputs a MySQL error if your code cannot be run. This can often help with debugging and finding out the general location of your error. EX:
mysql_query($SQL) or die(mysql_error());
3.) Finally, and this gets said a lot on this website, consider switching to MySQLi as traditional 'mysql_' commands are now deprecated for security reasons.