I'm new to PHP. I want to display a message that the database is updated after each time I redirect it after entering the data.
$sql = "INSERT INTO incoming (recipt, userid, username, money)
VALUES ('$recipt', '$userid', '$username', '$money')";
if ($conn->query($sql) === TRUE) {
echo "<script>window.open('incoming2.php','_self')</script>";
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}
2 methods
1-you can redirect to any page adding message in get variable and check at that page if that variable is set then display it as message
//redirect to index.php with msg as
header('location:index.php?msg=2 records updated');
//at index page where you want to display message
if(isset($_GET['msg']) && !empty($_GET['msg'])){
echo '<p class="myMsg">'.$_GET['msg'].'</p>'
}
2- second method is to save the message to session variable and access it at page but you will have to unset that variable as below
//sending message assuming session_start() is written at to of all pages
$_SESSION['msg']="2 records updated or what ever your message is";
//where you want to display message
if(isset($_SESSION['msg']) && !empty($_SESSION['msg'])){
echo '<p class="myMsg">'.$_SESSION['msg'].'</p>'
unset($_SESSION['msg']);
}
Pass the message to your url:
echo "<script>window.open('incoming2.php?message=New+record+created+successfully','_self')</script>";
Then you can get the message in incoming2.php:
echo urldecode($_GET['message']);
Be careful: sanatize your input!
Use header("Location: incoming2.php"); instead of echoing JS.
Also, check your SQL statement for SQL injection vulnerabilities.
If you are posting the data on the same page you could do the following:
<?php
if(isset($_REQUEST["submit"])){
// mySQL code here
// return either success or failed
$confirmation="success";
}
?>
<html>
<head>
<title>Feedback</title>
</head>
<body>
<div>
<?php
if(isset($confirmation)){
echo $confirmation;
}
?>
</div>
<form method="post" action="">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" name="submit" Value="Submit">
</form>
</body>
</html>
If you are sending the data to a separate page:
On the receiving page:
<?php
// mySQL code here
// return either success or failed
//redirect to index.php with confirmation as true or false
header('location:index.php?confirmation=success');
?>
and on the page that you Sent the data from:
<html>
<head>
<title>Feedback</title>
</head>
<body>
<div>
<?php
//at index page where you want to display message
if(isset($_GET['confirmation']) && !empty($_GET['confirmation'])){
echo $_GET['confirmation'];
}
?>
</div>
<form method="post" action="uploaddata.php">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" name="submit" Value="Submit">
</form>
</body>
</html>
You can then use CSS3 animations to fade the message in and out for a better user experience :-)
Related
Im having some Trouble getting a simple PHP Login form to pass and check Login Data against a Database. For some reason the Data will not pass across from the Html Form to the PHP handler. Both are separate files but the code is as follows:
<html>
<head>
<title>Login</title>
</head>
<body>
<h1> Welcome please Login: </h1>
<form action="LoginCreate.php" method="post">
Username: <input type=“name” name=“username” id="username"><br/>
Password: <input type="password” name=“password” id="password"><br/>
<input type="submit" value="Login"> <input type="submit" value="Create Account">
</form>
Then for the PHP fike: (please note I have not yet added code for checking against the database.)
<?
$db=sqlite_open("database.db");
$username = sqlite_escape_string($_POST["username"]);
$password = sqlite_escape_string($_POST["password"]);
if(isset($_POST['Create Account'])){
sqlite_query($db,"INSERT INTO username (name) VALUES ('$username')");
sqlite_query($db,"INSERT INTO password (password) VALUES ('$password')");
echo "<p> Account Created. <p>";
}
else if(isset($_POST['Login'])){
echo "<p> Login Successful. <p>";
}
sqlite_close($db);
?>
What should be causing the Data not to be Posting correctly, have I got the syntax wrong somewhere? I'm using MicroApache and getting no Errors popup in Chrome.
You need to add the name="action" attribute to your submit buttons and check
if(isset($_POST['action'])) {
if ($_POST['action'] == 'Create Account') {
} elseif ($_POST['action'] == 'Login') {
}
}
I have a login button of type submit on page 1. It redirects to page 2.
if the username field entered is correct (exists in the database), I want to go to a page with welcome user and some other buttons.
else go to a page with access denied and link to page 1 again
PAGE 1:
<!DOCTYPE html>
<html>
<head>
</head>
<body style="background-color:lightgrey">
<form name="input" action="page2.php" method="post">
Username:<br/> <input type="text" name="username" /> <br />
Password: <br/> <input type="text" name="password" /> <br />
<input type="submit" value="Log in" />
</form>
</form>
</body>
</html>
Page 2:
<?php
$con = mysql_connect("localhost","root","111");
if (!$con)
{die('Could not connect: ' . mysql_error());
}
mysql_select_db("trial", $con);
$usertext=$_POST["username"];
$passwordtext=$_POST["password"];
$myusers = mysql_query("SELECT Username FROM users", $con);
$found=0;
while($row = mysql_fetch_array($myusers))
{
if($usertext== $row['Username'])
{
$found=1;
}
}
if($found==1)
{
//GO TO ANOTHER PAGE????
}
else
{ //GO TO ANOTHER PAGE????
echo "FAIL";
}
mysql_close($con);
?>
You can use
header("Location: http://www.example.com/");
Dont go with only redirects, because anyone can enter the second page URL at the browser address bar.
If you must ensure the data you show on the second page is secure, displayed to only logged in users use sessions - add session_start(); at the script start.
If user logins correctly do: $_SESSION['logged']=true;
otherwise: $_SESSION['logged']=false;
At the second page use session_start(); once more.
Then check if the user is logged by checking $_SESSION['logged'] variable.
if($_SESSION['logged']==true){
echo 'private data'; //or include some file for example require 'data.html';
}else{
session_destroy();
unset($_SESSION);
echo 'go, and login again!';
}
Also, you should probably redirect the user from the login page to the private data if he is already logged in:
if($_SESSION['logged']==true){
header('Location: second_form.php');
}
Another thing with your snippet is that you never check for valid password :>
OK, another SECURITY VIOLATION is
usertext=$_POST["username"];
$passwordtext=$_POST["password"];
Please, sanitize your input. Anyone can damage your database without it(SQL Injection) - do it this way:
usertext=mysql_real_escape_string($_POST["username"]);
$passwordtext=mysql_real_escape_string($_POST["password"]);
This is an effort to create a PHP page to add data to a table. I am getting a parsing error on line 79 so I have been fiddling with it for a while:
Parse error: syntax error, unexpected T_STRING in /home/sharah19/dev.rahmaninet.org/new.php on line 79
Also I have another question: Whats the easiest way to make this page secure? So only users who are authenticated through the login page can add a record?
The contents of new.php:
<?php
/*
NEW.PHP
Allows user to create a new entry in the database
*/
// creates the new record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($first, $last,$email, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Add a New Record</title>
<link href="rahmani.css" rel="stylesheet">
</head>
<body>
<div id="main">
<h1>RahmaniNET CRM System</h1>
<?php include("header.php"); ?>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<div>
<strong>First Name: *</strong> <input type="text" name="first_name" value="<?php echo $first_name; ?>" /><br/>
<strong>Last Name: *</strong> <input type="text" name="last_name" value="<?php echo $last_name; ?>" /><br/>
<strong>email: *</strong> <input type="text" name="email" value="<?php echo $email; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">
</div>
</div>
</form>
</body>
</html>
<?php
}
// connect to the database
include('connect-db.php');
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
$first_name = mysql_real_escape_string(htmlspecialchars($_POST['first_name']));
$last_name = mysql_real_escape_string(htmlspecialchars($_POST['last_name']));
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
// check to make sure both fields are entered
if ($first_name == '' || $last_name == ''|| $email == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
// if either field is blank, display the form again
renderForm($first_name, $last_name, $email, $error);
}
else
{
// save the data to the database
mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email ='$email' )
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
// if the form hasn't been submitted, display the form
{
renderForm('$first', '$last','$email', $error);
}
?>
The error comes from the lack of a closing quote on your MySQL query:
mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email ='$email') or die(mysql_error());
It should be:
mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email ='$email'") or die(mysql_error());
Also you ask:
Also I have another question: Whats the easiest way to make this page
secure? So only users who are authenticated through the login page can
add a record?
If you are using Apache then you should you use Apache AuthType Basic. More details are here. Details under “Getting it working.”
You are missing a double quote in your sql string:
mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email ='$email' )
I have a PHP form that is located on file contact.html.
The form is processed from file processForm.php.
When a user fills out the form and clicks on submit,
processForm.php sends the email and direct the user to - processForm.php
with a message on that page "Success! Your message has been sent."
I do not know much about PHP, but I know that the action that is calling for this is:
// Die with a success message
die("<span class='success'>Success! Your message has been sent.</span>");
How can I keep the message inside the form div without redirecting to the
processForm.php page?
I can post the entire processForm.php if needed, but it is long.
In order to stay on the same page on submit you can leave action empty (action="") into the form tag, or leave it out altogether.
For the message, create a variable ($message = "Success! You entered: ".$input;") and then echo the variable at the place in the page where you want the message to appear with <?php echo $message; ?>.
Like this:
<?php
$message = "";
if(isset($_POST['SubmitButton'])){ //check if form was submitted
$input = $_POST['inputText']; //get input text
$message = "Success! You entered: ".$input;
}
?>
<html>
<body>
<form action="" method="post">
<?php echo $message; ?>
<input type="text" name="inputText"/>
<input type="submit" name="SubmitButton"/>
</form>
</body>
</html>
The best way to stay on the same page is to post to the same page:
<form method="post" action="<?=$_SERVER['PHP_SELF'];?>">
There are two ways of doing it:
Submit the form to the same page: Handle the submitted form using PHP script. (This can be done by setting the form action to the current page URL.)
if(isset($_POST['submit'])) {
// Enter the code you want to execute after the form has been submitted
// Display Success or Failure message (if any)
} else {
// Display the Form and the Submit Button
}
Using AJAX Form Submission which is a little more difficult for a beginner than method #1.
You can use the # action in a form action:
<?php
if(isset($_POST['SubmitButton'])){ // Check if form was submitted
$input = $_POST['inputText']; // Get input text
$message = "Success! You entered: " . $input;
}
?>
<html>
<body>
<form action="#" method="post">
<?php echo $message; ?>
<input type="text" name="inputText"/>
<input type="submit" name="SubmitButton"/>
</form>
</body>
</html>
Friend. Use this way, There will be no "Undefined variable message" and it will work fine.
<?php
if(isset($_POST['SubmitButton'])){
$price = $_POST["price"];
$qty = $_POST["qty"];
$message = $price*$qty;
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<form action="#" method="post">
<input type="number" name="price"> <br>
<input type="number" name="qty"><br>
<input type="submit" name="SubmitButton">
</form>
<?php echo "The Answer is" .$message; ?>
</body>
</html>
You have to use code similar to this:
echo "<div id='divwithform'>";
if(isset($_POST['submit'])) // if form was submitted (if you came here with form data)
{
echo "Success";
}
else // if form was not submitted (if you came here without form data)
{
echo "<form> ... </form>";
}
echo "</div>";
Code with if like this is typical for many pages, however this is very simplified.
Normally, you have to validate some data in first "if" (check if form fields were not empty etc).
Please visit www.thenewboston.org or phpacademy.org. There are very good PHP video tutorials, including forms.
You can see the following example for the Form action on the same page
<form action="" method="post">
<table border="1px">
<tr><td>Name: <input type="text" name="user_name" ></td></tr>
<tr><td align="right"> <input type="submit" value="submit" name="btn">
</td></tr>
</table>
</form>
<?php
if(isset($_POST['btn'])){
$name=$_POST['user_name'];
echo 'Welcome '. $name;
}
?>
simple just ignore the action attribute and use !empty (not empty) in php.
<form method="post">
<input type="name" name="name">
<input type="submit">
</form>
<?PHP
if(!empty($_POST['name']))
{
echo $_POST['name'];
}
?>
Try this... worked for me
<form action="submit.php" method="post">
<input type="text" name="input">
<input type="submit">
</form>
------ submit.php ------
<?php header("Location: ../index.php"); ?>
I know this is an old question but since it came up as the top answer on Google, it is worth an update.
You do not need to use jQuery or JavaScript to stay on the same page after form submission.
All you need to do is get PHP to return just a status code of 204 (No Content).
That tells the page to stay where it is. Of course, you will probably then want some JavaScript to empty the selected filename.
What I do is I want the page to stay after submit when there are errors...So I want the page to be reloaded :
($_SERVER["PHP_SELF"])
While I include the sript from a seperate file e.g
include_once "test.php";
I also read somewhere that
if(isset($_POST['submit']))
Is a beginners old fasion way of posting a form, and
if ($_SERVER['REQUEST_METHOD'] == 'POST')
Should be used (Not my words, read it somewhere)
I have a little problem. I want to reload my page after submitting a form.
<form method="post" action="">
<textarea cols="30" rows="4" name="update" id="update" maxlength="200" ></textarea>
<br />
<input type="submit" value=" Update " id="update_button" class="update_button"/>
</form>
only use
echo "<meta http-equiv='refresh' content='0'>";
right after insert query before }
example
if(isset($_POST['submit']))
{
SQL QUERY----
echo "<meta http-equiv='refresh' content='0'>";
}
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <!-- notice the updated action -->
<textarea cols="30" rows="4" name="update" id="update" maxlength="200" ></textarea>
<br />
<input name="submit_button" type="submit" value=" Update " id="update_button" class="update_button"/> <!-- notice added name="" -->
</form>
on your full page, you could have this
<?php
// check if the form was submitted
if ($_POST['submit_button']) {
// this means the submit button was clicked, and the form has refreshed the page
// to access the content in text area, you would do this
$a = $_POST['update'];
// now $a contains the data from the textarea, so you can do whatever with it
// this will echo the data on the page
echo $a;
}
else {
// form not submitted, so show the form
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <!-- notice the updated action -->
<textarea cols="30" rows="4" name="update" id="update" maxlength="200" ></textarea>
<br />
<input name="submit_button" type="submit" value=" Update " id="update_button" class="update_button"/> <!-- notice added name="" -->
</form>
<?php
} // end "else" loop
?>
If you want the form to be submitted on the same page then remove the action from the form attributes.
<form method="POST" name="myform">
<!-- Your HTML code Here -->
</form>
However, If you want to reload the page or redirect the page after submitting the form from another file then you call this function in php and it will redirect the page in 0 seconds. Also, You can use the header if you want to, just make sure you don't have any content before using the header
function page_redirect($location)
{
echo '<META HTTP-EQUIV="Refresh" Content="0; URL='.$location.'">';
exit;
}
// I want the page to go to google.
// page_redirect("http://www.google.com")
LOL, I'm just wondering why no one had idea about the PHP header function:
header("Refresh: 0"); // here 0 is in seconds
I use this, so user is not prompt to resubmit data if he refresh the page.
See Refresh a page using PHP for more details
You can maybe use :
<form method="post" action=" " onSubmit="window.location.reload()">
<form method="post" action="">
<table>
<tr><td><input name="Submit" type="submit" value="refresh"></td></tr>
</table>
</form>
<?php
if(isset($_POST['Submit']))
{
header("Location: http://yourpagehere.com");
}
?>
action attribute in <form method="post" action="action="""> should be just action=""
You want a form that self submits? Then you just leave the "action" parameter blank.
like:
<form method="post" action="" />
If you want to process the form with this page, then make sure that you have some mechanism in the form or session data to test whether it was properly submitted and to ensure you're not trying to process the empty form.
You might want another mechanism to decide if the form was filled out and submitted but is invalid. I usually use a hidden input field that matches a session variable to decide whether the user has clicked submit or just loaded the page for the first time. By giving a unique value each time and setting the session data to the same value, you can also avoid duplicate submissions if the user clicks submit twice.
//insert this php code, at the end after your closing html tag.
<?php
//setting connection to database
$con = mysqli_connect("localhost","your-username","your-
passowrd","your-dbname");
if(isset($_POST['submit_button'])){
$txt_area = $_POST['update'];
$Our_query= "INSERT INTO your-table-name (field1name, field2name)
VALUES ('abc','def')"; // values should match data
// type to field names
$insert_query = mysqli_query($con, $Our_query);
if($insert_query){
echo "<script>window.open('form.php','_self') </script>";
// supposing form.php is where you have created this form
}
} //if statement close
?>
Hope this helps.