I want to update a database so that when you put your text in a text box and click the submit button, the data will be sent to the database with a specific id. It is clear what I want to do in the code below. When I write something like this and run it, I receive a 403 error: Access forbidden. How can I fix this?
<?php
function updater($value,$id){
// Create a connection
$conn = new mysqli( 'localhost' , 'user_name' , '' , 'data_base_name' );
// Check the connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE table_name SET name=$value WHERE id=$id";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
//$conn->close();
}
?>
<!DOCTYPE html>
<html>
<header>
</header>
<body>
<form action="<?php updater($_POST['name'],1); ?>" method="post" style="height:50px;width:50px;">
<input type="text" name="name" /><br><br>
<input type="submit" /><br/>
</form>
</body>
</html>
You need to put the URL inside the action attribute that does the form processing, not the function:
action="<?php updater($_POST['name'],1); ?>" // not this
action="" // empty for the same page
Also, usually the edited value fills the input and the record's id is added to the form in a hidden field. If processing is on the same page, best to leave the action empty. So a basic form could be like this:
<form action="" method="post">
<input type="text" name="name" value="<?=htmlspecialchars($row['name']) ?>"/><br>
<input type="hidden" name="id" value="<?=htmlspecialchars($row['id']) ?>"/>
<input type="submit" /><br/>
</form>
Above the form, the processing has to be added
if($_SERVER['REQUEST_METHOD'] === 'POST') {
$conn = new mysqli( 'localhost' , 'user_name' , '' , 'data_base_name' );
updater($conn, $_POST['name'], $_POST['id']);
}
Besides, you must use safer prepared queries:
function updater($mysqli, $value, $id) {
$sql = "UPDATE table_name SET name = ? WHERE id= ?";
$update = $mysqli->prepare($sql);
$update->bind_param('si', $value, $id);
$update->execute();
return $update->affected_rows;
}
like this:
<?php
function updater($value,$id){
// Create connection
$conn = new mysqli( 'localhost' , 'user_name' , 'pass' ,'data_base_name' );
$value =mysqli_real_escape_string($conn,$value);
$id =mysqli_real_escape_string($conn,$id);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE table_name SET name='{$value}' WHERE id='{$id}'";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
}
if(isset($_POST['name'])){
updater($_POST['name'],$_POST['id'])
}
?>
<!DOCTYPE html>
<html>
<header>
</header>
<body>
<form action="" method="post" style="height:50px;width:50px;">
<input type="hidden" name="id" value="1" />
<input type="text" name="name" /><br><br>
<input type="submit" /><br/>
</form>
</body>
</html>
Related
I am creating a simple page which updates a single record tempKey=1, single field reqdTemp MySQL dBase. I have the form working fine; it updates the record, then returns to the initial form ready for the user to change the temperature again.
Q: I would like the form to be pre-populated with the existing information from the database so the user sees the current required temperature about to be changed. I'm not sure where to start!!
The form, updateTemperature.php, is this:
<html>
<body>
<h1>RPi BBQ - Set Temperature</h1>
<form action="insert.php" method="post">
<p>Set Temperature: <input type="text" name="setTemp" /></p><br><br>
<input type="submit" value="Set Temperature" />
</form>
</body>
</html>
The post script, insert.php is this:
<?php
require_once 'login.php';
$con=mysqli_connect($hh,$un,$pw,$db);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
echo 'Connected successfully';
$sql = "UPDATE PiBQ_Temp SET reqdTemp = '$_POST[setTemp]' WHERE tempKey = 1";
mysqli_query($con,$sql);
echo "1 record added";
header ('location: PiBQ_Temp2.php');
mysql_close($con)
?>
To pre-populate the form, query the database for the current value and set that in the returned HTML. So your updateTemperature.php could become something like this:
<?php
require_once 'login.php';
$con=mysqli_connect($hh,$un,$pw,$db);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
echo 'Connected successfully';
$currentTemp = 100; // some default
$sql = "SELECT reqdTemp FROM PiBQ_Temp WHERE tempKey = 1";
$result = mysqli_query($con,$sql);
if(mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
$currentTemp = $row['reqdTemp'];
}
mysql_close($con);
?>
<html>
<body>
<h1>RPi BBQ - Set Temperature</h1>
<form action="insert.php" method="post">
<p>Set Temperature: <input type="text" name="setTemp" value="<?= $currentTemp ?>" /></p><br><br>
<input type="submit" value="Set Temperature" />
</form>
</body>
</html>
I've designed a form to insert data to a database on localhost.
<form action='' method='post'>
<input type='submit' name='CRUD' value='New Data'>
<br><br>
<input type='submit' name='CRUD' value='Retrieve Data'>
<br>
<hr>
</form>
<?php
error_reporting(0);
$x = $_POST['CRUD'];
if ($x == "New Data") {
require 'part1.php';
}
?>
I then made a form to insert the data on another file.
<form method='post'>
<label for='site'>Name: </label>
<input type='text' name='site'>
<br><br>
<label for='date'>Date: </label>
<input type='date' name='time'>
<br><br>
<label for='page'>Web URL: </label>
<input type='url' name='page'>
<br><br>
<label for='desc'>Description: </label>
<input type='text' name='desc'>
<br><br>
<input type='submit' name='finish' value='Go'><input type="reset">
</form>
<?php
if ( !empty( $_POST) ){
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "assignment5";
$resource = $_POST['site'];
$date = $_POST['time'];
$url = $_POST['page'];
$explain = $_POST['desc'];
// Create connection
$conn = new mysqli('localhost', 'root', $password, $dbname) or
die("Unable to connect");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO thedata (date, Name, URL, Description)
VALUES ('$date', '$resource', '$url', '$explain')";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
$conn->close();
}
?>
On there own they work as intended but what I need is to have both forms on the same page. Doing this gives an error where default data is inserted and not the form's inputs.
If you want to put the 2 forms in the same page , you have to give each form a submit button .. be aware to use the same submit button to the same forms
I'm trying to add a string to my database, where I have two columns: "id" and "image". The "id" column is supposed to increment and the "image" column should get a string. This is my phpcode:
<?php
$servername = "somename";
$username = "someusername";
$password = "somepssword";
$dbname = "somedatabase";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$image = $_POST["image"];
$sql = "INSERT INTO photos (image) VALUES ('$image')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
the html form:
the html form:
<body>
<form method="post" action="phpcode.php">
<input type="text" name="message" size="55">
<input type="submit"name="submit" value="Send">
</form>
</body>
</html>
I use this app to send a post to the server: https://www.getpostman.com/ yet for some reason it only increments a value id and doesn't receive anything for image like here:
enter image description here
<form method="post" action="phpcode.php">
<input type="text" name="message" size="55">
<input type="submit"name="submit" value="Send">
</form>
As suspected, your name attribute field is wrong as it does not correspond to what you are trying to post .
Change to
<form method="post" action="phpcode.php">
<input type="text" name="image" size="55">
<input type="submit"name="submit" value="Send">
</form>
When submitting forms, PHP reads from your "name" attribute on your form. That is what you are posting to your controller file.
Hello guys i need some help.I connected to database from server and can insert some info like $sql = "INSERT INTO Posts (Text_Post) VALUES ('Sample Text')";. Now I want to save on click text from <input type="text" /> to database. Can you tell me what i am doing wrong.
<?php
$servername = "google.com";
$username = "google";
$password = "google";
$dbname = "google";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['Submit'])) {
$sql = "INSERT INTO Posts (Text_Post) VALUES ('".$_POST['text']."')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>anonim</title>
</head>
<body>
<form name="form" action="" method="post">
<input type="text" name="text" id="text" value="Salut" /=>
<input type="submit" id="Submit" />
</form>
</body>
</html>
You're missing the name tag on your submit. When data is POST'ed to the server, it uses the name tag.
<input type="submit" id="submit" name="Submit">
Remember to watch your Capitals also - (since you're checking if Submit is SET then you need to POST the submit).
You could just do:
if(isset($_POST['text'])) {
Also, going off the comments: I'd suggest taking a look at this link because you're prone to SQL Injections.
when we are going to post a form using POST or GET. we should always give name to all our fieds so we get get them just using $_POST['name'] or $_GET['name']. In Your case just give a name to your submit tag and check whether data is submitted or not.
replace
<input type="submit" id="Submit" />
with
<input type="submit" id="submit" name="submit">
and check it like
if(isset($_POST['submit'])) {// it will only check where form is posted or not
// your code...
}
I am having trouble inserting data into the database 'justrated'. Once the user has entered their business name it should create a new entry in the table 'businesses'. For some reason I cannot get it so that the data is entered in the table. Any advice is gladly appreciated.
CODE:
<!DOCTYPE html>
<html>
<head>
<title>Test</title>
</head>
<body>
<form>
<input type="text" name="BusinessName" method="POST">
<input type="Submit" value="submit" name="submit" method="POST">
</form>
<?php
if (isset($_POST["submit"])){
//create connection
$conn = new mysqli("localhost", "root", "", "justrated");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO businesses (BusinessName)
VALUES ('".$_POST['BusinessName']."' )";
mysql_query($sql);
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
</body>
</html>
One of your problems is that $_POST['BusinessName'] is empty because the form was submitted using a GET request, not a POST request. The method=POST attribute goes on the <form> element. Eg:
<form method="POST">
<input type="text" name="BusinessName">
<input type="Submit" value="submit" name="submit">
</form>
Also, you should escape the data properly before you insert it into the database:
$sql = "INSERT INTO businesses (BusinessName)
VALUES ('" . $conn->real_escape_string ($_POST['BusinessName']) . "' )";
Furthermore, in these two lines:
mysql_query($sql);
if ($conn->query($sql) === TRUE) {
you try to execute the same query twice using both the MySQL and MySQLi extension. You should remove the first line.
HTML Code
<form method="post" action="test1.php">
<input type="text" name="BusinessName" >
<input type="Submit" value="submit" name="submit" >
</form>
PHP Code
if (isset($_POST["submit"]))
{
//create connection
$conn = new mysqli("localhost", "root", "", "justrated");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO businesses (`BusinessName`)
VALUES ('".$_POST['BusinessName']."' )";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
Don't mix the mysql & mysqli....
Html:
<form method="POST">
<input type="text" name="BusinessName">
<input type="Submit" value="submit" name="submit" >
</form>
Php:
Use
$conn->query($sql); not mysql_query()
hello please check this one i hope this working for you
$sql = "INSERT INTO businesses (`BusinessName`)
VALUES ('".$_POST['BusinessName']."' )";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}