This is my form:
<form action="add.php" method="post" enctype="multipart/form-data">
<input type="url" name="url"><br>
<input type="submit" value="Upload">
</form>
Here is my add.php:
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "addimage";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "INSERT INTO addimage (url)
VALUES ('')";
if (mysqli_query($conn, $sql)) {
echo "New txt added successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>
Now when I upload text, it shows
txt added successfully
BUT IN PHP MY ADMIN it shows no text in Url column.
I have created 2 columns in my data base Id and Url.
It shows id number(1,2,3....) but not inserted text in php my admin.
Now when I set the value in add.php as http:\
It shows http:\ in all the fields of Url
$sql = "INSERT INTO addimage (url) VALUES ('')";
You insert an empty string into your database...
Please add $_POST['url'], and sanitize it.
Related
This project involves connecting to a database using phpMyAdmin. I have a file named index.php which presents the user with a simple form that connects to a file for processing called functions.php. I'm using WAMP to connect everything but when I try running everything the form and submit work but after the form is submitted the next page displays nothing when it should be displaying some information even if its an error message. I really can't figure out what's wrong. I've already created the database on phpMyAdmin by importing a file containing sql code to create all my tables for a relational database. Here is the code, any help is appreciated.
index.php
<form action="functions.php" method="post">
First Name: <input type = "text" name = "Fname"><br>
<!-- Last Name: <input type = "text" name = "Lname"><br>
Commision: <input type = "text" name = "commision"><br>
Phone Number: <input type = "text" name = "phone"><br>
Job Title: <input type = "text" name = "job"><br> -->
<input type="submit">
</form>
</body>
functions.php
<?php
$host = 'localhost';
$username = 'kempenaar';
$password = 'Jayson38!';
$db_name = '3660Project';
//$Fname = $_POST["Fname"];
echo "in the script";
$conn = mysql_connect($host, $username, $password,$db_name)
if(!$conn)
{
die ('Error connecting to MySQL server.' . mysql_error());
}
$db_select = mysql_select_db($db_name);
if(!$db_select)
{
die('Can\'t use ' . $db_name . ': ' . mysql_error());
}
$sql = "INSERT INTO Employee (First_Name, Last_Name, Commision, Phone_number, Job)
VALUES ($_POST["Fname"], $_POST["Lname"], $_POST["commision"], $_POST["phone"], $_POST["job"])";
if(mysql_query($sql)){
echo "Records inserted successfully.";
header('Location: http://localhost:8888/3660Project/');
} else{
echo "ERROR: Could not able to execute $sql. " . mysql_error($conn);
}
echo "made it here";
?>
I have this code and I am using the latest version of XAMPP:
filename: store.html
<!DOCTYPE html>
<html>
<body>
<form action="store.php" method="post">
User input: <input type="text" name="userinput"><br>
<input type="submit">
</form>
</body>
</html>
filename: store.php
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "database";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
$input = $_POST["userinput"];
$sql = "INSERT INTO table_1 (s_num)
VALUES ('$input')";
?>
Whatever I do, no data is added to the database. Please help. Thank you.
The problem here is that you never executed the query.
$sql = mysqli_query($conn,"INSERT INTO table_1 (s_num)
VALUES ('$input')");
if(!sql){
echo "Error: " . mysqli_error($conn);
}
else{
echo "Success";
}
Reference:
http://php.net/manual/en/mysqli.query.php
Your present code is open to SQL injection if user-input (other than yourself) ever gets involved.
Use prepared statements, or PDO with prepared statements, they're much safer.
Plus, seeing you are running this from your own machine, make sure you are accessing as http://localhost/file.php as opposed to file:///file.php.
You are not executing your sql insertcode.
After this line:
$sql = "INSERT INTO table_1 (s_num)
VALUES ('$input')";
Add these line:
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
I have a Drupal-7 local website and I have a form/button in an article. I want when the button is clicked to be able and track the username and the password of those who clicked the button. The form html code is the following:
<form action="mysql-query.php" method="post" onsubmit="return Press(this)">
<input type="text" name="email" style="display:none;">
<input type="submit" value="Press here" id="test">
</form>
I have created from phpmyadmin a new column on users table called button, which is an Int(1) with default value=0 and the mysql-query.php file contains this code:
<?php
$_POST["email"];
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "drupal";
// Create connection
$conn = mysql_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysql_connect_error());
}
mysql_select_db($dbname);
$sql = mysql_query("UPDATE users SET button='1' WHERE email=loggedInMail");
$output = mysql_query("SELECT name, mail FROM users WHERE button='1'");
?>
I clicked on the button, and checked users table, but all the users I created have a button 0 value. Any ideas of what's wrong?
change line:
$_POST["email"];
to
$postemail = $_POST["email"];
change line:
$sql = mysql_query("UPDATE users SET button='1' WHERE email=loggedInMail");
to
$sql = mysql_query("UPDATE users SET button='1' WHERE email='".$postemail."'");
i am trying to capture some data from a IOT device. The problem isto capture the data you have to feed in the ip to the device so that data is [posted to that ip address.
To process the data,i came up with this script and aptly named it index.php
<?php
$servername = "94.049.947.776";
$username = "droid";
$password = "!#nord";
$dbname = "atree";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$data = $_POST;
$sql = "INSERT INTO gps (data)
VALUES ('$data')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
To test it out,i have this html page
<form method="post" action="972.245.119.017">
<input type="text" name="ed" value="jsonstring" />
<input type="submit" value="submit" />
</form>
However,no data is inserted to the database. What could be wrong with my script?.
$_POST is php variable in form of an Array, maybe try to :
replace :
$data = $_POST;
with :
$data = $_POST['ed']; // the value from the form
or some other value that you posted to the index.php like :
$data = $_POST['VALUE_NAME'];
consider working with PDO (http://php.net/manual/en/book.pdo.php) for the sql part
You should replace :
$data = $_POST;
by :
$data=$_POST['ed'];
I am new here and noob in programming.
I have created a script that can change a database column but now I want to take database login info from user's and the changed value from user's when they give all info correctly the script changed the database column info which was given by the user's.
Here is my login.html source code :
<html>
<center>
<form action="db.php" method="post">
DB Host: <input type="text" name="host"><br>
DB Username: <input type="text" name="usr"><br>
DB Password: <input type="password" name="psw"><br>
DB Name: <input type="text" name="dbname"><br><br><br>
Admin changed Username: <input type="text" name="admusr"><br>
Admin Changed Password: <input type="password" name="admpsw"><br>
<input type="submit">
</form>
</center>
</html>
and here is my db.php source code which can update database column info manually
<?php
$servername = "localhost";
$username = "admin";
$dbname = "mydb";
$password = "1234";
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
mysqli_select_db($conn,"$dbname");
$sql = "UPDATE admins SET user_login='admin1',user_pass='1234' WHERE id=1";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
Is it possible to take value from user's and changed the database column info?
Sorry for bad english.
It's very bad idea... loads of security issues. But if you want to change it from received form values just change your query to this:
// escape received values
$usr = $conn->real_escape_string($_POST['usr']);
$psw = $conn->real_escape_string($_POST['psw']);
// use them in query
$sql = "UPDATE admins SET user_login='".$usr."',user_pass='".$psw."' WHERE id=1";
You got more field which is user filling... I don't know your exact table structure. But if you want to use all of them just add received escaped values to your query:
// escape received values
$usr = $conn->real_escape_string($_POST['usr']);
$psw = $conn->real_escape_string($_POST['psw']);
$host = $conn->real_escape_string($_POST['host']);
$dbname = $conn->real_escape_string($_POST['dbname']);
$admusr = $conn->real_escape_string($_POST['admusr']);
$admpsw = $conn->real_escape_string($_POST['admpsw']);
// use all of them in query depending on your table structure
$sql = "UPDATE admins SET user_login='".$usr."',user_pass='".$psw."' WHERE id=1";
Use $_POST variable to retrieve data that user entered on login.html page
like in db.php for $servername and $username use
$servername = $_POST['host'];
$username = $_POST['usr'];