Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I have a PHP form which is supposed to add a book to a table of books in a SQLite database. The form submits, however a book is not added to my database.
<?php
session_start();
require("books.php");
require("layout.php");
$db=sqlite_open ("products.db", 0666, $error);
echo $header;
echo "<p>
<a href='./index.php'>Bookshop</a></p>";
echo "<h1> Add Books </h1>
<p>
<form action='' method='get' id='AddBook'>
Author: <input type='text' name='Author'><br>
Title: <input type='text' name='Title'><br>
Brief_Synopsis: <input type='text' name='Synopsis'><br>
ISBN_Number: <input type='text' name='ISBN'><br>
Publisher: <input type='text' name='Publisher'><br>
imgNumber (save img with this name under /img/): <input type='text' name='imgNum'><br>
Price: <input type='text' name='Price'><br>
Category 1: <input type='text' name='Cat1'><br>
Category 2: <input type='text' name='Cat2'><br>
<input type='submit' value='Submit' name='Submit'>
</form>
</p>";
if(isset($_POST['Submit'])){
$author = $_POST['Author'];
$title = $_POST['Title'];
$Synopsis = $_POST['Synopsis'];
$ISBN = $_POST['ISBN'];
$Publisher = $_POST['Publisher'];
$imgNum = $_POST['imgNum'];
$Price = $_POST['Price'];
$Cat1 = $_POST['Cat1'];
$Cat2 = $_POST['Cat2'];
sqlite_query($db,"INSERT INTO Books (Author, Title, Brief_Synopsis, ISBN_Number, Publisher, imgNumber, price, cat1, cat2) VALUES ('$_POST[Author]', '$_POST[Title]', '$_POST[Synopsis]', '$_POST[ISBN]', '$_POST[Publisher]', '$_POST[imgNum]', '$_POST[Price]', '$_POST[Cat1]', '$_POST[Cat2]')");
echo("Book Added!");
$dbh = null;
}
?>
Why is this code not updating my database correctly? Before I added the if statement it added an empty book to the database every time the page loaded, however now it submits and resets the form, my URL looks correct but the database does not get an item added to it.
Your code is failing silently, because you're using a GET method in your form, whereas you're using POST arrays.
Change the form's method to POST.
I also need to point out that your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements, they're much safer.
The if statement is checking if submit exists and is not null. You cannot check the input type submit, there is no associated value. You can add a hidden input and check it:
<input type="hidden" name="checkSubmit" value="Submitted">
if(isset($_POST['checksubmit']))
I also noticed that the sql injection is looking at $_POST['myvariable'] making the previous checks for variable redundant at best.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
I've created a website where I can upload articles however im having trouble with updating articles that have been created. I have managed to fill in a form with the information from the database pre-filled in but when i submit any changes then to the article then it does not update.
The $var_value is the primary key passed from the previous page to determine which article to load & edit.
Here is my form to update the article.
<?php
$var_value = $_POST['varname'];
$get_studies = "select * from news where `news`.`articleID` = $var_value";
$run_studies = mysqli_query($con,$get_studies);
while($row_studies = mysqli_fetch_array($run_studies)){
$newsTitle = $row_studies['title'];
$newsDate = $row_studies['date'];
$shortBio = $row_studies['shortBio'];
$longBio = $row_studies['longBio'];
$longBio2 = $row_studies['longBio2'];
$image = $row_studies['image'];
}
echo "
<div class='panelContent1' id='addNewsWraper'>
<h2>Dashboard</h2>
<h3>Update Article</h3>
<form method='post' enctype='multipart/form-data' onsubmit='alert('stop submit'); return false;' >
<div class='newsForm'>
<p>Article Title<br /><input type='text' value='$newsTitle' name='newsTitle' /></p>
<p>Short Description<br /><textarea name='newsShort' placeholder='Around a paragraph' />$shortBio</textarea>
<p>Image<br /><input type='file' name='newsImage' /></p>
</div>
<div class='newsForm'>
<p>Date<br /><input type='text' value='$newsDate' name='newsDate' placeholder='2017' /></p>
<p>Story<br /><textarea name='newsLong' placeholder='News article text' />$longBio</textarea>
<p>Story2<br /><textarea name='newsLong2' value='' placeholder='News article text' />$longBio2</textarea>
<button type='submit' name='updateNews'>
Update
</button>
</div>
</form>
</div>
";
?>
Here is how i am trying to update the article. I have tried to update the record based on a primary key, this variable is being passed to the page as its what is loading the content in the form.
<?php
if(isset($_POST['updateNews'])){
$newsTitle = $_POST['newsTitle'];
$newsDate = $_POST['newsDate'];
$newsShort = $_POST['newsShort'];
$newsLong = $_POST['newsLong'];
$newsLong2 = $_POST['newsLong2'];
$newsImage = $_POST['newsImage'];
$insertNews = "UPDATE mods SET title='$newsTitle', date='$newsDate', shortBio='$newsShort', longBio='$newsLong', longBio2='$newsLong2', image='$newsImage' WHERE articleID='$var_value'";
$updateNews = mysqli_query($con,$insertNews);
if($updateNews){
echo "<script>alert('Article updated.');</script>";
}
}
?>
You say $var_value is being passed to your php update script, but I cannot see that is is, nor is it being picked up by a POST and transferred to a local variable. Pass it as a <input type="hidden" and then pick up with a POST to use.
In first php script:
<p>Article Title<br /><input type='text' value='$newsTitle' name='newsTitle' />
<input type="hidden" value='$var_value' name='var_value' />
</p>
In second php script:
$var_value = $_POST['var_value'];
It would also be good to look at protecting your script from sql injection by using a parameterized query.
There is a problem with your query
insertNews = "UPDATE mods SET title='$newsTitle' date='$newsDate' shortBio='$newsShort' longBio='$newsLong' longBio2='$newsLong2' image='$newsImage' WHERE articleID='$var_value'";
Replace this with your current Query you will be good to go.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I want to retrieve the id of the page but the page is dynamic depending upon the id
e.g filepath/Post.php?id=5
Data is sent through a form action where i want to get the other pages id but i don't know how to do it.
echo "<form action='../PHP/Comment.php' method='post'>" . "<input class='comment' type='text' name='comment' placeholder='Add a comment'>" . "</form>"
//then what the action does
$id = isset($_GET['id']); //trying to get the page id but it doesn't
$comment = $_POST['comment'];
//insertion into the table in the database.
mysql_query("INSERT INTO comments (id, comment) VALUES ('$id', '$comment')")
There are better ways to do this. have you tried using a dedicated $_SESSION variable? In PHP, i cud do this:-
<?php $_SESSION['PAGE_ID'] = 10;?>
then retrieve it on the form as
<?php echo $_SESSION['PAGE_ID']?>
Try this
echo "<form action='../PHP/Comment.php' method='post'>
<input class='comment' type='text' name='comment' placeholder='Add a comment'>
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" value="Submit" />
</form>"
Then form processing
$id = isset($_POST['id']);
$comment = $_POST['comment'];
mysql_query("INSERT INTO comments (id, comment) VALUES ($id, '$comment')");
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
I have accessed a MySql database, retrieved the values from the relevant table and put them in a drop down list using:
$material_query= "SELECT material FROM materials";
$material_query_run = mysql_query($material_query);
echo "<select>";
while ($material_query_array= mysql_fetch_array($material_query_run) ){
echo "<option value='' >".$material_query_array['material']."</option>";
}echo "</select>";
How would I now store the selected value from the drop down list within a variable? I think that I need to use POST however, I cannot figure out how.
So the select element needs to be inside a form, which you can then submit and the data submitted (by post or get) can then be processed.
Your select box needs to have a name attribute so that it can be identified. Also you need to have a value in the value attribute of the option elements, as this is the data that is sent.
For example, on your page (e.g. page.php) you would have your current code inside html form tags:
// The Form
<form action="page.php" method="post">
<?php
$material_query = "SELECT material FROM materials";
$material_query_run = mysql_query( $material_query );
echo "<select name='mySelect'>";
while ( $material_query_array = mysql_fetch_array( $material_query_run ) ) {
echo "<option value='".$material_query_array['material']."' >".$material_query_array['material']."</option>";
}
echo "</select>";
?>
<input type="submit" name="submit"/>
</form>
//Process the form
//check if form is submitted
if ( isset( $_POST['submit'] ) ) {
//is submitted
$variable = $_POST['mySelect'];
//DO STUFF WITH DATA
}
So here I have done the following:
Added the form tags ( SEE: http://www.w3schools.com/php/php_forms.asp )
Added the name attribute to the select tags
Added the same value that the select displays to the value attribute of the option tags
Added code to process the form when it is submitted ( See the above link again )
When the user hits the submit button, the data will need to be sent to your PHP processor, either using GET or POST. In your processor, then you would access the SELECT field values just like any other form element.
<form action="processor.php" method="POST">
// FORM ELEMENTS HERE
<input type="submit" value="Go!">
</form>
In your processor:
<?php
$selectbox = $_POST['selectbox'];
Now you can sanitize and use the variable $selectbox in your script or pass it to your database.
You need something like:
<form action="post.php" method="post" name="select_form">
<?php
$material_query="SELECT material FROM materials";
$material_query_run =mysql_query($material_query);
echo "<select name=\"selectbox\">";
while ($material_query_array= mysql_fetch_array($material_query_run) ){
echo "<option value='".$material_query_array['material']."'>".$material_query_array['material']."</option>";
}
echo "</select>";
?>
<input type="submit" value="Submit" name="submit">
</form>
Then in post.php
<?php
if($_POST){
$select=$_POST['selectbox'];
}
?>
On a side note use PDO (http://www.php.net/manual/en/book.pdo.php) or MySQLI (http://uk3.php.net/manual/en/book.mysqli.php) as the MySql interface is outdated.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
This is page 2
$var= $_GET['var'];
$id= $_GET['id'];
echo "Book Title:<br>" .$var. "<br> Book id:".$id."<br>";
$result = mysqli_query($con,"SELECT * FROM books WHERE bookid='$id'");
while ($row = mysqli_fetch_array($result)) {
echo "<br><br>Author:<br>".$row['author'];
echo "<br><br>Average rating is:<br>" .$row['avgrating'];
}
?>
<form name='myForm' action='addreview.php' method='POST' >
Give your reviews here:<br>
<input type='textarea' name='review' style='width: 500px; height:200px' ><br>
<input type='hidden' id='ids' name='ids' value=''<?php echo $id ?> ''>
<input type='SUBMIT' name='done' value='DONE'>
</form>
on page 1 I am retrieving bookid from database and then passing it to page 2, and then i have to pass it to page 3. on page 3 I am retrieving it with GET command but it is not working. Kindly help me
$_GET and $_POST in PHP correspond to the form method= in the HTML. If your form's method="POST", you must use $_POST to get to the value.
You've got too many quotes:
<input type='hidden' id='ids' name='ids' value=''<?php echo $id ?> ''>
^^-- ^^--
That'll produce HTML that will be interepreted as (for an id of 8):
<input [...snip...] value="" 8 "" />
value gets an an empty string, followed by an invalid attribute 8, followed by a couple quotes that aren't a valid attribute OR value.
If you are submitting page 1 via POST, you will need to access your submitted data using $_POST, not $_GET.
<input type='hidden' id='ids' name='ids' value=''<?php echo $id ?> ''>
Look at your value:
value=''<?php echo $id ?>''
It shoud be
value='<?php echo $id; ?>'
This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
table updates empty spaces when user do not enter anything to the textbox
greetings :)
i am having problems updating my database whenever the user clicks on the submit button.
i am going to show you the flow of my program,i already tried figuring out the problem,but i just can't find solutions. i hope someone could help me.
i have 2 problems encountered here:
my database won't update after clicking the submit button
the user may choose which to update,if the textbox is empty,it will update the data with empty spaces.and i want the data to remain as it is if the textbox is empty.
in my program,if you want to update the employee information,you must click the name that contains a link in the page. (in my program its the employee name that needs to be clicked) when clicked,a pop up will open.
the link in my index.php contains the following code:
<td class="sub" width="100" align="center">
<a href="" onclick = javascript:newPopup('empinfo.php?emp=<?php echo $eid ?>');><?php echo$ename?></a>
</td>
NOTE the empinfo.php is my pop up window,it calls the pop up when clicked. emp isthe name i assign to pass in the empinfo.php it contains the employee ID. NO PROBLEM HERE,I JUST WANT TO SHOW YOU THE FLOW
when the empinfo.php appears,it will show this format:
Employee name: //textbox here
Position: /textbox here
Department: /textbox here
Employee Tag: /textbox here
**SUBMIT BUTTON**
when the user clicks the submit button, it should have updated the database with the inputted values,but mine won't update :(
here is the codes i used:
<?php
$con=mysql_connect('localhost','root','mariel') or die(mysql_error());
mysql_select_db('intranet',$con);
if(isset($_POST['submitted']))
{
$qry = "UPDATE gpl_employees_list SET emp_nme = '".$_POST['name']."', emp_pos = '".$_POST['pos']."', emp_dep = '".$_POST['dep']."', emp_tag = '".$_POST['tag']."' WHERE emp_id = '".$_GET['emp']."' ";
mysql_query($qry) or die (mysql_error());
}
?>
this is the content code in my form,together with the submit that i used:
<form action="index.php" method="POST">
<input type='hidden' name='submitted' id='submitted' value='1'/>
<input type='hidden' name='eid' id='eid' value= '<?php echo $_GET['emp']?>' />
<fieldset>
<div class='container'>
<label for='ename' >Employee name:</label><br/>
<input type='text' name='ename' id='ename' value='' maxlength="50" /><br/><br/>
</div>
<div class='container'>
<label for='pos' >Position:</label><br/>
<input type='text' name='pos' id='pos' value='' maxlength="50" /><br/><br/>
</div>
<div class='container'>
<label for='dep' >Department/Division:</label><br/>
<input type='text' name='dep' id='dep' value='' maxlength="100" /><br/><br/>
</div>
<div class='container'>
<label for='tag' >Employee Tag:</label><br/>
<select name="tag" id="tag">
<option value="Y">Yes</option>
<option value="N">No</option>
</select> <br/><br/>
</div>
<div class='container'>
<input type='submit' name='Submit' value='Submit' onclick = "location.reload();window.close()"/>
</div>
</fieldset>
</form>
i hope someone could clear it up for me
MisaChan
It's not updating because you probably need to refer to $_POST['eid'] instead of $_GET['emp'] because you don't have it in index.php like index.php?emp=1. You already have that field so use that:
<input type='hidden' name='eid' id='eid' value= '<?php echo $_GET['emp']?>' />
Also you don't need to do this:
onclick = "location.reload();window.close()"
Type submit reloads the page by default.
Lastly, consider #Sam152's pointers :)
There could be a number of things wrong, but these points should help you debug your script.
Firstly you need to escape your post
variables to ensure things like
apostrophes don't mess up your query,
it's also a security vulnerability.
Secondly, make sure your form action is pointing to the PHP script. Maybe put a print statement at the top of the script to make sure PHP is actually receiving the data.
Then assign the value of the SQL query to a variable and print it out before you run it. You can then easily see what's being sent to the SQL server. Maybe run it in an SQL management tool my phpMyAdmin and observe any errors with it.
Hope this helps. Feel free to update your question with new information as it comes.