I am saving code in MySQL using php pdo, but the code is not working. my code is...
<?php
session_start();
include 'connection.php';
$question=$_POST['question'];
$answer=$_POST['desc'];
$query = $conn->prepare("insert into qa(ISSUE,DESC)values(':issue','desc')");
$query->bindParam(':issue',$question, PDO::PARAM_STR);
$query->bindParam(':desc', $answer, PDO::PARAM_STR);
$query->execute();
if(!$query)
{
$_SESSION['error']='Error in Posting Issue';
header('location:index.php');
}
but it will not insert the code in MySQL and also it it the data in MySQL like..
:issue!
desc
but whe I use this query...
<?php
session_start();
include 'connection.php';
$question=$_POST['question'];
$answer=$_POST['desc'];
$conn->exec("INSERT INTO qa (ISSUE,DESC) VALUES ('".$question."','".$answer."')");
if($conn)
{
$_SESSION['sucess']='Issue Posted Successfully';
header('location:index.php');
}
else
{
$_SESSION['error']='Error in Posting Issue';
header('location:index.php');
}
?>
else
{
$_SESSION['sucess']='Issue Posted Successfully';
header('location:index.php');
}
?>
Then it will only insert plane text, if I write then it will not insert anything into database, but the success session call.
What I want: I want that if I enter any type of data either php code or html or css, it will save to data base.
Any help will be highly appreciated...
Try this code as #u_mulder said..
<?php
session_start();
include 'connection.php';
$question=$_POST['question'];
$answer=$_POST['desc'];
$query = $conn->prepare("insert into qa(ISSUE, DESC) values (:issue, :desc)");
$query->bindParam(':issue', $question, PDO::PARAM_STR);
$query->bindParam(':desc', $answer, PDO::PARAM_STR);
$query->execute();
if(!$query)
{
$_SESSION['error']='Error in Posting Issue';
header('location:index.php');
}
it will solve the issue..
Related
I want to update the marks of a student in php.
All the values are fetching properly from the table.
But after changing the value it is not updating.
<?php
session_start();
error_reporting(0);
include('includes/config.php');
if(strlen($_SESSION['alogin'])=="")
{
header("Location: index.php");
}
else
{
$stid=intval($_GET['stid']);
if(isset($_POST['submit']))
{
$rowid=$_POST['id'];
$ct=$_POST['ct'];
$wt=$_POST['wt'];
$pro=$_POST['pro'];
$ter=$_POST['ter'];
foreach($_POST['id'] as $count => $id)
{
$c=$ct[$count];
$iid=$rowid[$count];
for($i=0;$i<=$count;$i++)
{
$sql="update tblresult set ct=:c,wt=:w,pro=:p,ter=:t where id=:iid ";
$query = $dbh->prepare($sql);
$query->bindParam(':c',c,PDO::PARAM_STR);
$query->bindParam(':w',w,PDO::PARAM_STR);
$query->bindParam(':p',p,PDO::PARAM_STR);
$query->bindParam(':t',t,PDO::PARAM_STR);
$query->bindParam(':iid',$iid,PDO::PARAM_STR);
$query->execute();
$msg="Result info updated successfully";
}
}
}
}
?>
enter image description here
It looks like the values you're using for bindParam aren't correct.
$query->bindParam(':c',c,PDO::PARAM_STR); for example looks like it should be:
$query->bindParam(':c', $ct, PDO::PARAM_STR);
I would also look at being more consistent with your variable names and maybe the 'Result info updated successfully' message is possibly a little presumptuous.
Is there something wrong with the syntax of the statement? I've been messing around with inserting different variables into the code and it still wont update in phpmyadmin. Pretty new with this language so please bear with me.
Pretty sure the line giving me the issue is:
$pdoQuery ="UPDATE `Lab4` SET `ActiveUser`=".$Yes." WHERE UserName=".$Email."";
I just don't know what the issue is...
<?php
//connect to the database
session_start(); //this must be the very first line on the php page, to register this page to use session variables
$_SESSION['timeout'] = time();
//if this is a page that requires login always perform this session verification
//require_once "inc/sessionVerify.php";
require_once "dbconnect.php";
require_once "inc/util2.php";
require_once "mail/mail.class.php";
include "header.php";
// $EmailCode = $_GET["Code"];
if (isset($_SESSION['Code'])){
echo $_SESSION['Code'];
echo $_SESSION['Email'];
}
?>
<?php
if (isset($_POST['Submit'])){
try {
$pdoConnect = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
}
catch (PDOException $exc) {
echo $exc->getMessage();
exit();
}
//$NotAnActiveUserYet = "No";
// mysql query to insert data
$Email = $_SESSION['Email'];
$Yes = "Yes";
$pdoQuery ="UPDATE `Lab4` SET `ActiveUser`=".$Yes." WHERE UserName=".$Email."";
$pdoResult = $pdoConnect->prepare($pdoQuery);
$pdoResult->execute();
if ($pdoResult) {
echo 'Data Inserted';
} else {
echo 'Data Not Inserted';
}
}
?>
_Try something along these lines:
$params = array(
'ActiveUser' => $Yes,
'UserName' => $Email,
);
$pdoQuery ='UPDATE `Lab4` SET `ActiveUser`=:ActiveUser WHERE `UserName`=:UserName';
$pdoResult = $pdoConnect->prepare($pdoQuery);
$pdoResult->execute($params);
And as tadman said,... NEVER trust anything from a browser. (includes $_REQUEST, $_GET, $_POST, $_COOKIE, etc.)
This question already has answers here:
How do I make a redirect in PHP?
(34 answers)
Closed 5 years ago.
I have a file called inser_product.php which is where I have the function to insert products into the database table.
The function to insert the products looks like this:
<?php
include 'db.php';
function insert_product(){
try{
global $conn;
//prepare sql and bind parametes
$statement = $conn->prepare("insert into products (product_name, product_price, product_description) value (:product_name, :product_price, :product_description)");
$statement ->bindParam(':product_name', $product_name);
$statement ->bindParam(':product_price', $product_price);
$statement ->bindParam(':product_description', $product_description);
// executing the statement
$product_name = $_POST['product_name'];
$product_price = $_POST['product_price'];
$product_description = $_POST['product_description'];
$statement->execute();
header('Location: index.php');
}
catch(PDOException $e){
echo $query . "<br>" . $e->getMessage();
}
$conn = null;
}
?>
Then I used the post method for the button and call the insert_product function:
<?php
if(isset($_POST['submit-button'])){
insert_product();
}
?>
All the insertion works fine but,
How can I redirect the page to my index.php after all the data is inserted?
As you can see I used the code below but it does not work.
echo "<script>window.open('index.php','_self')<script>";
You can use header() of php. But make sure there must be not echo or print before it
<?php
if(isset($_POST['submit-button'])){
insert_product();
header('Location: index.php');
}
?>
try{
$query = "insert into products(product_name, product_price, product_description) values ('$product_name','$product_price','$product_description')";
$conn->exec($query);
header('Location: index.php');
}
For php use:
header('location: index.php');
For JavaScript use
window.location.href='index.php';
When execute the query it's not working, it will print error. $q also not coming when i'm print it. but $_SESSION["username"]; is working?
<?php
session_start();
$_SESSION["username"];
include 'Db_Connection.php';
$q= $_GET[q];
$username= $_SESSION[username];
echo $username;
echo $q;
$sql="INSERT INTO search(searcher,searched_time,searched_email)
VALUES ('$username',NOW(),'$q')";
$result = mysqli_query($con,$sql);
if($result)
{
echo "Success";
}
else
{
echo "Error";
}
?>
Couple of things I can pick up from your provided code.
Your second line $_SESSION["username"]; is superfluous as it does nothing
You are using the mysql_* functions which are deprecated
You are not using prepared statements for inserting variables into your query
try something like this:
session_start();
//start assuming this is in your connection file
$con = new mysqli("db-ip-address", "db-user", "db-pass", "db-name")
//end assuming
$q= $_GET[q];
$username= $_SESSION[username];
echo $username;
echo $q;
$sql="INSERT INTO search(searcher,searched_time,searched_email) VALUES (?,NOW(),?)";
$stmt = $con->prepare($sql);
$stmt->bind_param("ss", $username, $q);
$result = $stmt->execute();
if($result) {
echo "Success";
} else {
echo "Error";
}
//remember to cleanup connections etc
as far as the value $q not printing out, make sure that the value is set via the GET query string http://someurl.com/somefile.php?q=some-value and that $q is not some weird non-printable value. If you want to confirm that the value is set, try running var_dump($_GET) to output the contents of your $_GET array to ensure there is actually a value being set.
I believe this is your problem:
$q= $_GET[q];
q should be surrounded in quotes, e.g.:
$q = $_GET['q'];
Other than that, what Damon said was completely correct.
I want my form to insert the data into an SQL database using PHP which is a separate file while, going to another webpage once the form has been submitted.
<form action="http://localhost:8888/phpv1/studentadded.php" method="post">
<input type="submit" name="submit" value="Send">
Currently I use the following code which works in the sense that it invokes the PHP and causes it to submit the data into the SQL database. However it goes to a blank webpage (the page of the PHP) instead of going to an alternate webpage. What code should I add so that when submitted it goes to an alternate web page?
Thanks :)
Here is my full php script:
<?php
if(isset($_POST['submit'])){
$data_missing = array();
if(empty($_POST['email_banned'])){
// Adds name to array
$data_missing[] = 'Email';
} else {
// Trim white space from the name and store the name
$email_banned = trim($_POST['email_banned']);
}
if(empty($_POST['notes'])){
// Adds name to array
$data_missing[] = 'Notes';
} else {
// Trim white space from the name and store the name
$notes = trim($_POST['notes']);
}
if(empty($data_missing)){
require_once('mysqli_connect.php');
$query = "INSERT INTO banned_emails (id, email_banned, created_on, notes) VALUES ( NULL, ?, NOW(), ?)";
$stmt = mysqli_prepare($dbc, $query);
//i Interger
//d Doubles
//s Everything Else
mysqli_stmt_bind_param($stmt, "ss", $email_banned, $notes);
mysqli_stmt_execute($stmt);
$affected_rows = mysqli_stmt_affected_rows($stmt);
if($affected_rows == 1){
echo 'Student Entered';
header("Location: http://localhost:8888/phpv1/test2.php");
mysqli_stmt_close($stmt);
mysqli_close($dbc);
} else {
echo 'Error Occurred<br />';
echo mysqli_error();
mysqli_stmt_close($stmt);
mysqli_close($dbc);
}
} else {
echo 'You need to enter the following data<br />';
foreach($data_missing as $missing){
echo "$missing<br />";
}
}
}
?>
Have I placed the header in the right place? (I will obviously change the content of the header)
You should edit studentadded.php so it redirects to the desired destination after processing the data.
header("Location: http://example.com/");
I would do it something like this:
if(isset($_POST['submit'])) {
//Your insert into the DB etc
header("location: http://www.google.com");
}