I'm creating update password page in php but getting problem i.e. insted of post request i'm getting get. i'm using post method in form. why this happen
please help
here is my code
<?php
if(isset($_POST['add'])){
if(empty($_POST['add'])){
$error='Username or Password did not match';
}
else
{
$password=$_POST['pass'];
$connection = mysql_connect("localhost", "root", "") or die("Connection fail");
$db=mysql_select_db("chanshal", $connection);
$result=mysql_query("UPDATE login SET password='$password' where id=1", $connection );
echo 'Entered data succesfully';
mysql_close($connection);
}
}
$title='Change Password';
$content='
<div class="gallery-box">
<form action="" method="post">
<label style="padding-right:50px;">Password</label> <input type="password" name="pass" value="">
<br />
<br />
<label style="padding-right:50px;">New Password</label> <input type="password" name="new-pass" value="">
<br />
<br />
<input style="width:150px;" name="add" type="submit" value="Update">
</form>
</div>
';
include 'admin-template.php';
You are taking $_POST['pass'], but the new password field has the name new-pass in your form:
$password=$_POST['pass'];
<input type="password" name="new-pass" value="">
So I would say your POST request is working fine, you just update your table with the same data all the time.
Related
I am trying to write a simple html form which requires the user to enter the correct email and password, using $_SERVER as the action for my form. I do not want to send the POST info to another php page, but I want to do it on the same page instead.
I have set two variables, $correct_email and $correct_password.
Here is the form;
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<label for="eml">Email:</label>
<input type="email" name="eml" id="eml" required>
<br>
<label for="pwd">Password:</label>
<input type="password" name="pwd" id="pwd" required>
<br>
<input type="hidden" name="checkMe" value="12345">
<input type="submit" name="submit" value="Submit">
</form>
Here is what I am trying to get work in PHP
$correct_email = "(my personal email)";
$correct_password = "password"];
if ($_POST['eml']) == $correct_email && ($_POST['pwd']) == $correct_password {
echo "<h1>You are logged in</h1>";
} else {
echo "<h1>error</h1>";
}
It is not working, please help! I am also unclear on whether the PHP should come before or after the form.
Also, I would like to have the form be cleared from view, on the page, when the correct info is entered.
Thanks so much
Change the name of the submit button - never call anything "submit" in a form
Put the test at the top
You had issues with the ( and ) in the test
Also an issue with a ] after "password"
<?php
if ($_POST["subBut"] === "Submit") {
$correct_email = "(my personal email)";
$correct_password = "password";
if ($_POST['eml'] == $correct_email && $_POST['pwd'] == $correct_password) {
echo "<h1>You are logged in</h1>";
} else {
echo "<h1>error</h1>";
}
}
else {
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER[" PHP_SELF "]); ?>">
<label for="eml">Email:</label>
<input type="email" name="eml" id="eml" required>
<br>
<label for="pwd">Password:</label>
<input type="password" name="pwd" id="pwd" required>
<br>
<input type="hidden" name="checkMe" value="12345">
<input type="submit" name="subBut" value="Submit">
</form>
<?php } ?>
Seems, that I can't add password protection to the script: it should allow to login with the pass and to submit data from the form to mysql. Login looks fine, but if I try to press submit, it returns me to login page. Seems, that session is dropped or overwritten, but is not clear, how:
//login area
<?php
$password = "test";
session_start();
$_SESSION['txtPassword']= $_POST['txtPassword'] ;
if ( $_SESSION['txtPassword']!=$password ) {
?>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="txtPassword">Password:</label>
<br /><input type="text" title="Enter your password" name="txtPassword" /></p>
<p><input type="submit" name="Submit" value="Login" /></p>
</form>
<?
}
elseif ( $_SESSION['txtPassword']=$password ) {
echo $_SESSION['txtPassword'] ; // tried to print password, result is correct: test
//my db connection, just in case:
include "config.php";
$connect = mysqli_connect(HOST, USER, PASSWORD, NAME);
// data which should be inserted to db
if
(#$_POST['posted']=='1' $_POST['posted'])) {
$sSQL = "UPDATE users SET user_login='".mysqli_real_escape_string($connect, $_POST['usern'])."',user_pass='".mysqli_real_escape_string($connect, dohashpw($_POST['passw']))."' WHERE ID=1";
mysqli_query($connect, $sSQL) or print(mysql_error());
print ' <div class="container"> <p class="pstype">Password updated! </p>';
...
//input form
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"><input type="hidden" name="posted" value="1" />
<div class="col-xs-3">
<label for="ex2">New Username: </label>
<input type="text" class="form-control input-lg" name="usern" >
</div>
<div class="col-xs-3">
<label for="ex2">New Password: </label>
<input type="password" class="form-control input-lg" name="passw" >
</div>
<div class="col-xs-3">
<input type="submit" value="Submit" onclick="<? mysqli_query ($connect, $sSQL);?>; ">
</div>
</form>
I am able to login this page, but when I fill the form and click Submit, I get login area again. If echo $_SESSION show a correct result, I think that it was established, but data are lost after for submit. Could you please help to find my error?
You are assigning and not comparing here :
elseif ( $_SESSION['txtPassword']=$password ) {
this is better
elseif ( $_SESSION['txtPassword']==$password ) {
but thats a bad idea anyway, passwords should not be stored in session variables like this, and you have to hash them once the user submit them and only manipulate and store the hashed passwords in your code and database
<?php
$password = "test";
session_start();
$_SESSION['txtPassword']= $_POST['txtPassword'] ;
if($_SESSION['txtPassword']!=$password ){
?>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ? >">
<p><label for="txtPassword">Password:</label></p>
</br>
<p><input type="text" title="Enter your password" name="txtPassword"/> </p>
<p><input type="submit" name="Submit" value="Login"/></p>
</form>
<?php
}
else{
echo $_SESSION['txtPassword'];
}
?>
i am not understanding why the elseif stands for? you are already checking inside the if condition which both are not equal?.
Not sure why I am having this issue, I am making a edit form that will allow the users to update data.
I have an HTML form that looks like this:
<form enctype="multipart/form-data" method="post" action="updatefacility.php">
<label for="fac_number">Facility Number: </label>
<input type="text" id="fac_number" name="fac_number" value="<?php if (!empty($facNum)) echo $facNum; ?>" /><br />
<label for="fac_name">Facility Name: </label>
<input type="text" id="fac_name" name="fac_name" value="<?php if (!empty($facName)) echo $facName; ?>" /><br />
<label for="fac_address">Address: </label>
<input type="text" id="fac_address" name="fac_address" value="<?php if (!empty($facAddress)) echo $facAddress; ?>" /><br />
<input type="button" value="Update" name="update">
</form>
When I click my button I should be hitting updatefacility.php which looks like this:
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (!$dbc) {
die("Connection failed: " . mysqli_connect_error());
}
if (isset($_POST['update'])) {
echo "test";
}
When I am clicking my button I am expecting my form to submit and return a blank page with the word "test" on it, however nothing happens..
Am I missing something here?
Thanks
You need to change the input type from button to submit.
Like this:
<input type="submit" value="Update" name="update">
I have a HTML form that I want to add a record to an Oracle database when somebody hits submit. The table is hooking up somewhat, the problem is that when somebody submits their information they come up as NULL values in the database table.
HTML:
<form name="myForm" action="/Add_File.php" onsubmit="return validateForm()" method="post"><!--Form-->
<fieldset>
<label class ="label1" for "name">First Name: </label>
<input type="text" name="fname"><br />
<label class ="label1" for "name">Surname: </label><input type="text" name="sname"><br/>
<label for="email">E-mail Address: </label><input type="text" name="email"><br />
<label for "address">Address: </label> <input type="text" name="address"><br />
<label class="label" for "Password">Select a Password: </label> <input type="password" name="pass"><br />
<label class="label" for "Password">Retype-Password:</label> <input type="password" name="pass2"><br />
</fieldset>
<fieldset><input class="button" type="submit" onclick="message()" value="Submit"/>
<input class="button" type="reset" value="reset form" onclick="myFunction()"/>
</fieldset>
</form>
PHP code:
$dbuser = "scott";
$dbpassword = "tiger";
$db = "orabis";
$conn = oci_connect($dbuser,$dbpassword,$db);
if (!$conn){
echo "Connection error";
exit;
}
$fname=$_POST['First_Name'];
$sname=$_POST['Surname'];
$email=$_POST['Email_Address'];
$address=$_POST['Address'];
$selpass=$_POST['Select_A_Password'];
$confirm=$_POST['Retype_Password'];
$sql = "INSERT INTO Become_A_Member_110385461(First_Name,Surname,Email_Address,Address,Select_A_Password,Retype_Password)
VALUES ('".$fname."','".$sname."', '".$email."', '".$address."','".$selpass."', '".$confirm."')";
$stmt = oci_parse($conn, $sql);
if (!$stmt) {
echo "Error in preparing the statement";
exit;
}
oci_execute($stmt, OCI_DEFAULT);
print "Record Inserted";
oci_commit($conn);
oci_close($conn);
change like this
$fname=$_POST['fname'];
$sname=$_POST['sname'];
$email=$_POST['email'];
$address=$_POST['address'];
$selpass=$_POST['pass'];
$confirm=$_POST['pass2'];
I have created a user sign in page where the user signs in to the database with their name and password (DBname =signin, table=information) i want to keep the session going so no matter what page the user goes on to is displays "HELLO and the username)". So far this works perfectly.
When going on to the page to AddRental (only the address information) i have to create a new database connection and session to DB=project and table=address. But for some reason it brings up an error near line2 the SESSION_START();
I think i need to keep 2 sessions going at once but i cant find out how to do so. Does anyone have any suggestions?
many thanks
<?php
session_start();
$hostname="localhost"; // Host name
$username="root"; // phpmyadmin username
$password=""; // phpmyadmin password
$dbname="project"; // Database name
$tblname="address"; // Table name
// Connect to server and select databse.
mysql_connect("$hostname", "$username", "$password")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");
// If form not yet submitted display form
// To check if the Submit button was clicked
if (isset($_POST['submit']))
{
// Get data entered into into form fields
$PostCode = $_POST['PostCode'];
$AddL1 = $_POST['AddL1'];
$AddL2 = $_POST['AddL2'];
$AddL3 = $_POST['AddL3'];
$County = $_POST['County'];
$Country = $_POST['Country'];
// Validation of the data entered into into form fields
//if ((preg_match('/^([A-Za-z]+ ?)*$/', $name))
//&& (preg_match('/^[A-Za-z0-9_]+([\.\-\+]{0,1}[A-Za-z0-9_])*#[A-Za-z0-9_]+([\.-]{0,1}[A-Za-z0-9_]+)*(\.[A-Za-z0-9]{2,4})+$/', $email))
//&& (preg_match('/^[A-Z][A-Z]/', $country))
//&& (preg_match('/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\s)/', $password)))
{
// Insert data taken form fields into table
mysql_query("INSERT INTO `address` (`PostCode`, `AddL1`, `AddL2`, `AddL3`,`County`,`Country`)
VALUES('$PostCode', '$AddL1', '$AddL2', '$AddL3', 'County','Country'") or die(mysql_error());
}
}
// Close connection to database server
// mysql_close($mysql_connect);
?>
<!DOCTYPE html>
<html><head><title> Menu Form </title>
<link rel= "stylesheet" type="text/css" href="AddRental.css"/>
</head><body>
<div id="logo">
<img src="C:/Users/Daisy/Desktop/Website/Forms/FC.JPG" width="30%" height="5%"/>
<div id="addr"> Add Rental </div>
</div>
<div id="content">
<div id ="rform"> Insert Address
<br>
<FORM action = "AddRental.php" method="post">
<label for="PostCode">PostCode</label>
<input type="text" name="PostCode" id="PostCode" value="" maxlength="8" />
<br>
<label for="AddL1">AddL1</label>
<input type="text" name="AddL1" id="AddL1" value="" maxlength="40" />
<br>
<label for="AddL2">AddL2</label>
<input type="text" name="AddL2" id="AddL2" value="" maxlength="25" />
<br>
<label for="AddL3">AddL3</label>
<input type="text" name="AddL3" id="AddL3" value="" maxlength="25" />
<br>
<label for="County">County</label>
<input type="text" name="County" id="County" value="" maxlength="20" />
<br>
<label for="Country">Country</label>
<input type="text" name="Country" id="Country" value="" maxlength="20" />
<br>
<button type="submit" name="submit" >SUBMIT</button></div>
</FORM>
<div id ="lilmenu"> <?php echo "Hello ".$_SESSION['myusername']; ?>
<br>Options <br>
<FORM METHOD="LINK" ACTION="Welcome.php">
<INPUT TYPE="submit" VALUE="Back"></FORM><br>
<FORM name="LogOut" method="post" action="logout.php">
<INPUT name="LogOut" TYPE="submit" VALUE="Log-Out"></FORM>
</div>
</div>
<div id="footer"> © Copyright 2014 </div>
</body></html>
From your comment, you're getting "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2" which is caused by your sql query not the session.
I don't support mysql_* functions but as you're using it, please confirm you sanitize the input before using with mysql_real_escape_string(). Otherwise special characters like ' or " in your input can cause errors in your SQL query.