I have a value coming from another form in the same page called $_POST['serial']. And i want to use this value to run a query in another form but after I submit the second form nothing happened and the query not running.
<?php
if (isset($_POST['serial'])) {
$serial = $_POST['serial'];
?>
<form action="" method="post">
<button type="submit" name="submit">Click to use</button>
</form>
<?php
if (isset($_POST['submit'])) {
$query = mysql_query("UPDATE table_name SET status = 'inactive' WHERE serial = '$serial'");
}
}
?>
To pass the variable along you would create a hidden input on your second form to contain the value:
<?php
// check and clean up the passed variable
$serial = isset($_POST['serial']) ? htmlspecialchars($_POST['serial']) : '';
?>
<form action="" method="post">
<input type="hidden" name="serial" value="<?php echo $serial; ?>" />
<button type="submit" name="submit">Click to use</button>
</form>
For Safety's Sake
Your script is at risk for SQL Injection Attacks.
If you can, you should stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really not hard.
Additional Thoughts
If you're planning to do a two-step form you'll likely want to place all of the data processing outside of the form page, in a separate PHP file. With the limited code that you have shown I fear that we will miss something in our answers which will lead you to additional questions because your code still isn't working as you would expect.
A button needs a name and a value to be successful. Your button doesn't have a value so $_POST['submit'] will be undefined.
Add a value attribute to your <button> element.
After you do that, $serial will be undefined because your form doesn't submit that.
You need to include it in your form too:
<input type="hidden" name="serial" value="<?php echo htmlspecialchars($serial); ?>">
Related
There are some inputs, and there is a function. The function requires these inputs, and the inputs are user-given. But, the buttons that fire the function and the input submission form are two different buttons. So, when the user presses "submit" to store his variables, the variables are stored fine. But, when he presses the "calculate" button (which fires the function), php says "undefined index" because it reads the $_POST of that input again and again.
If I disable register_globals, it does not show 'undefined index' but these values are 0 again.
If I use another file just to store these values and then redirect back to the page where the function button is, there is a redirect loop, require_once does not work.
What is the way to store the inputs in such way that they can be used again and again in functions and whatsoever? No databases, I need a way to store them in variables.
edit: the form: <label for="asdf">enter value:</label> <input type="text" id="asdf" name="asdf" value="<?php echo $asdf;?>" />
storing the value:
$asdf=$_POST['asdf'];
then I need to write $asdf in the function with the updated value that the user gave through the html form. How to do it? Cannot be much simpler
I would just store them in the session. That way they, they can be used across php scripts, but are not stored in the long-term. Here's an example:
form.php
<?php
session_start();
?>
<html>
<body>
<form action="store.php">
<input type="text" name="x" value="<?php echo $_SESSION['x'] ?>">
<input type="text" name="y" value="<?php echo $_SESSION['y'] ?>">
<input type="submit" value="Submit">
</form>
<form action="calculate.php">
<input type="submit" value="Submit">
</form>
</body>
</html>
store.php
<?php
// Start the session
session_start();
$_SESSION["x"] = $_POST['x']; // substitute your input here
$_SESSION["y"] = $_POST['y']; // substitute your input here
?>
calculate.php
<?php
// Start the session
session_start();
$result = $_SESSION["x"] * $_SESSION["y"];
echo $result;
?>
There is no way to store them in variables. Every request to your server is a new request.
You could store the variables in a cookie/session or give them back after pushing the first button and store them in a hidden field in your html form. Or store them in a file on your server.
I want to create a project that save the fill up forms in previous form and insert into database using one button only. For example answer1.php and answer2.php the save button is in the answer2.php i want to fetch data from answer1.php and save to databse same as in answer2.php
this code below insert data in one form only
$query = mysql_query("INSERT into holiday (holiday_no,holiday_name, status,campaign_name,holiday_type, createdBy, holiday_date, createdDate)
VALUES('$holiday_no', '$id','$status','$campaign_name','$hol', 'System','$date','$createdDate')") or die(mysql_error());
echo "Data has been saved with holiday name";
Not quite sure what you're asking for ...but giving it a try ;-) :
You can put the key-value pairs the first script receives into the next form so they get transmitted once again to the second script. E.g. if in the first step something like category=foo and country=bar gets transmitted write out a form that looks like
<form method="POST" action="answer2.php">
<p>
<input type="hidden" name="category" value="foo" />
<input type="text" readonly="readonly" name="country" value="bar" />
<!-- all the other things you want to add to the form -->
<input type="submit" />
</p>
</form>
But keep in mind that a) you need to encode the values properly for html output, otherwise your scripts are vulnerable for injection attacks, see http://docs.php.net/htmlspecialchars
and b) your second script can't "be sure" that the values haven't been altered or even transmitted to the first script at all; if you need that (e.g. for some transaction mechanism) you need something else like e.g. http://docs.php.net/features.sessions
Use hidden fields, a session, or a temporary table.
<?php
if (empty($_REQUEST)) {
echo '<form action="', $_SERVER['PHP_SELF'], '">
</form>';
} elseif (empty($_REQUEST['some_field_from_your_second_form']) {
// Do the second part of your form
} else {
// Do the final submission
// Sanitize the values
// Insert in the database
}
I'm kinda new to PHP and MySQL.
<p>Pickup Date: <input type="date" name="date"></p>
<input type='submit' name='submit' value='Secure Order!'>
So I have his part in my code. I want the date to be saved in my database. In my database I have a table named date with columns 'date' and 'account name'. I want that when I click the 'secure order' button, the date in the textbox saves in the database. Also, the current user logged in would also be saved in account name.
on your form suppose you have:
<form id="myform" action="myphppage.php" method="post">
now when you hit submit the data in the input will be posted to myphppage.php.
Now you need to write myphppage.php.
At the top you will have something like:
<?php
$account = $_POST['account'];
$mydate = $_POST['date'];
$query="INSERT INTO date (date,account name) VALUES($mydate,$account)";
//Use mysqli object to execute query.
?>
I haven't used the mysqli library because I got used to using the old mysql_ libraries but I got yelled at for suggesting it since it is now deprecated.
This should get you started.
It is also common to have the form post back to itself with the data. In which imagine your form is on the page "myphppage.php" then you could have the following at the top:
<?php
if(isset($_POST['submit'])){
//continue with the php code from above here
}
?>
Why are you using double quotes on your first <input> and then simple quotes on your second <input>? Most of the time, in HTML, we will encourage the use of double quotes.
Also, there are a lot of missing parts for this form to be correct. Here is just an example of how to use the variable typed in the input:
<?php
if(isset($_POST['date'])) {
echo "You picked ", $_POST['date'], "\n"
}
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<p>Pickup Date: <input type="date" name="date"></p>
<input type="submit" value="Secure Order!">
</form>
As for the MySQL part, you will need to learn and try a bit by yourself. Start there: http://www.php.net/manual/en/book.mysqli.php
You can use PHP $_POST SuperGlobal to do that :
HTML:
<input type="text" name="username" />
PHP-onsubmit
<?php
if(isset($_POST['submit'])
{
$username= $_POST["username"];
$date= $_POST["date"];
// your insert code //
}
?>
I'm attempting to create a link for users to click that will remove them from a list. I'm trying to figure out how to do this without using a submit button and without using $_GET(if possible).
Anyway, I'm afraid to do it with $_GET (the way I have it now), because the user can type this in the URL (even though 99% wouldn't know how or think to do this) and they would be removed from the list.
How can I name the link so I can use $_POST?
$attendingUsers = mysql_query("Select acceptedInvites from events where eventID = ".mysql_real_escape_string($_GET['eventID'])." ");
$users= mysql_fetch_array($attendingUsers);
$user = $users['acceptedInvites'];
if(preg_match("/$userid/", $user)){
echo "You are attending this event</br>";
echo 'Click here to remove yourself from the list';
if($_GET['delete']=1){
$sql=...
}
}
Is it possible to do this without using $_GET? Thanks!
Never delete via a link. Read The Spider of Doom
Best way is to link to a "delete" page with an "are you sure" form. Submitting the form (via POST) performs the delete and redirects back to a suitable results page.
For example
Click here
to remove yourself from the list
Then, in remove.php
<?php
// get Event details via $_GET['eventID']
if (isset($_POST['confirm'])) {
// delete via SQL
// redirect
header('Location: http://example.com/events.php');
exit;
}
// display event details
?>
<form method="post" action="remove.php?eventID=<?php echo $eventId ?>">
<p>Are you sure?</p>
<input type="submit" name="confirm" value="Remove me from this event">
</form>
You should probably also look into CSRF protection but that's really outside the scope of this question.
Your are required to use either $_GET or $_POST
<form action="delete.php" method="post">
<input type="hidden" name="eventId" value="yourEventId" />
<a href="#" onclick="this.form.submit();" > Delete</a>
</form>
If I have my JavaScript right, this should do the trick:
Delete
<form id="delete" action="delete.php" method="post">
...
</form>
The link will then submit the form.
You could use some kind of encoding to make the get var unreadable, like an md5 or even an encrypted string.
i am trying to create a donate page. the hole page is php,
there is a textbox that hold the amount value which should be send via hidden input with the url to the the payment gateway. i have tryed many time but it is not working. i am still a beginner in this could any one please help me in fixing my code here
<div class="donate">
<?php
$amount = $_REQUEST['amount'];
$txtCurrency = 840;
$txtAmount = number_format($amount, 2, '.', '');
echo $amount;
$key = "TEST";
$txthttp = "http://test.com/you.php";
?>
<form action="payment.php" name="form1">
<input type="text" id="amount">
<input type="submit">
<input type="hidden" name="txtAmount" value="<?= $txtAmount; ?>">
<input type="hidden" name="txthttp" value="<?= $txthttp; ?>">
<input type="hidden" name="signature" value="<?= $key; ?>">
</form>
</div>
In general, you should avoid using $_REQUEST when you can use $_GET or $_POST. $_REQUEST allows variables to be set by either an HTTP GET or POST, which can pose a security risk, since your site will presumably use one or the other. With that said, here's what I would do:
Add method="post" to your form tag.
Access the input elements by looking at $_POST['txtAmount'], $_POST['txthttp'], etc.
In general, you can view all variables set in the POST by doing this:
var_dump($_POST);
You can access these values from payment.php with $_POST['txtAmount'], $_POST['txthttp'], $_POST['signature']. How you handle them will be up to your code. I see that you used the $_REQUEST array, which will work, however I believe it's better form to be specific and use the $_POST array.