I wonder if anyone could help me with my problem? I want to send value (input text) to mysql database but it is always blank text. I am the beginner and I think I've made stupid mistake... Code:
<form name="form" method="get">
<input type="text" name="nick">
<input type="text" name="message" height="300px">
</form>
<?php
$servername = "localhost";
$username = "root";
$password = "xxx";
$dbname = "xxxxx";
if (isset($_POST['button1']))
{
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$nickval = $_POST['nick'];
$messageval = $_REQUEST['message'];
$sql = "INSERT INTO Messages (nick, message)
VALUES ('$_GET[nick]', '$_GET[message]')";
if ($conn->query($sql) === TRUE) {
echo "OK";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$result = mysqli_query($conn,"SELECT * FROM Messages");
echo "<table border='1'>
<tr>
<th>Nick</th>
<th>Message</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['nick'] . "</td>";
echo "<td>" . $row['message'] . "</td>";
echo "</tr>";
}
echo "</table>";
$conn->close();
}
?>
<form method="POST" action=''>
<input type="submit" name="button1" value="Send">
</form>
This:
<input type="submit" name="button1" value="Send">
needs to go inside your first form, where your other inputs are.
<form name="form" method="post">
<input type="text" name="nick">
<input type="text" name="message" height="300px">
<input type="submit" name="button1" value="Send">
</form>
And also #Joe T's answer. Many problems wrong with this question it seems
Your SQL should look more like this, the other answer is also right (about moving your submit button inside the same form with your inputs)
$nickval = mysqli_real_escape_string ( $conn , $_POST['nick']);
$messageval = mysqli_real_escape_string ( $conn , $_POST['message']);
$sql = "INSERT INTO Messages (nick, message)
VALUES ( '$nickval', '$messageval')";
As the commenter wrote, don't use $_REQUEST and $_GET, only $_POST is used here.
And if you don't escape your inputs, (as i've done here with mysqli_real_escape_string) you are asking for a world of hurt.
Related
I'm trying to get the selected value from a dropdown list.
The list has name 'select_employee', when I press the button with name 'save' I hope to get the value. I'm using a POST to to get the value.
I get the error 'Undefined index: select_employee'.
<div class="form-group">
<h2>Enter Certified Course Details</h2>
<?php
// start of connect db
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "TrainingDB";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//end of connect db
?>
<form id="form" action="" method="post">
<?php
// Drop down list employee
$sql = "SELECT * FROM employees";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "Select Employee<br>";
echo "<select name='select_employee' id='select_employee'>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<option value='" . $row['id'] . "'>" . $row['fname'] . " " . $row['sname'] . " </option>";
}
echo "</select>";
echo "<br>";
}
?>
</form>
<?php
if(isset($_POST['save'])){
echo "save<br>";
$employee=$_POST['select_employee']; // error here
echo "Selected Employee" . $employee . "<br>";
}
?>
<form Employee="/employee_page.php" method="post">
<button type="submit" class="btn btn-primary" name="save" value="save">Save</button>
</form>
</div>
You are using two different form so make sure to use only one form.
Hi this is my first post so please excuse any errors
Background if this helps
i've created several pages for a website
submit form - puts data in to database - all working ok
summary page - pulls through elements of database - all working ok
edit page - this is where my problem is
my problem
when creating a edit page it does not pull through the updated variable from the form and just updates the database with a empty field
so here is the code
edit.php
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$var_value = $_GET['id'];
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
?>
<form action="/update.php" method="post">
<label>Property Title
<input type="text" name="title" value="<?php echo $row[title]?>" />
<form method='get' action='update.php'>
<input type='hidden' name='id' value= "<?php echo $row[id]?>" >
<input type='submit' class='button radius' value='update' >
</form>
</label>
so that should display whats currently in the database then when a user changes it they click update and it should up date in the database
here is the update.php
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$title =$_POST['title'];
$var_value = $_GET['id'];
$result = $conn->query($sql);
$sql = "UPDATE aparthousesalerent SET title='$title' WHERE id = '$var_value' ";
echo $var_value;
echo $title;
if ($conn->query($sql) === TRUE) {
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
i added in the extra line of echo $var_value and echo $title; to check if that worked and it did but it still doesn't pass it through to the database
thanks for looking
<form action="/update.php" method="post">
<label>Property Title
<input type="text" name="title" value="<?php echo $row[title]?>" />
<form method='get' action='update.php'>
<input type='hidden' name='id' value= "<?php echo $row[id]?>" >
<input type='submit' class='button radius' value='update' >
</form>
as you can see there are nested form
So, remove the form and make method post because you are using $_POST in php file.
<form action="/update.php" method="post">
<label>Property Title
<input type="text" name="title" value="<?php echo $row[title]?>" />
<input type='hidden' name='id' value= "<?php echo $row[id]?>" >
<input type='submit' class='button radius' value='update' >
</form>
and use one either GET or POST
$title =$_POST['title'];
$var_value = $_POST['id'];
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I am trying to post data to a table in my database, but there is no error messages as to why the data is not posted. I have inserted data into the table in phpmyadmin and this data is printed with the result while loop, but data will not post to the table.
<!-- form to take input-->
<form name='form1' method='post'>
Name:
<input type='text' name='Name' id='name' /> <br />
Comment:
<input type='text' name='Comment' id='comment' /> <br />
<input type="submit" name='submit' value="Submit" id='submit'>
</form>
<!-- start php-->
<?php
if(isset($_POST['submit']))
{
$name = $_POST['Name'];
$comment = $_POST['Comment'];
}
$con = mysqli_connect("localhost", "kodie", "hill1124", "comments");
if(mysqli_connect_errno())
{
echo "Failed to connect to MySql: ". mysqli_connect_error();
}
mysqli_query($con, "INSERT INTO commenttable VALUES ('$name','$comment',NOW()");
$query = "SELECT * FROM commenttable";
$result = mysqli_query($con, $query);
$hash = $result;
echo "<table>";
if($hash = NULL)
{
echo "null";
}
while($row = mysqli_fetch_array($result))
{
echo "<tr><td>" . $row['Name'] . "</td><td>" . $row['comment'] . "</td><td>" . $row['timestamp'] . "</td></tr>"; //$row['index'] the index here is a field name
}
echo "</table>";
mysqli_close($con);
?>
I am unsure why it won't post, I don't think it is permissions but I am new to using mysql and don't understand why the statement compiles without errors but doesn't actually put the data on the table.
Any help is appreciated.
In order to INSERT data in your database you need to adjust the insert query.
What you have now:
mysqli_query($con, "INSERT INTO commenttable VALUES ('$name','$comment',NOW()");
Should be
mysqli_query($con, "INSERT INTO commenttable VALUES ('$name', '$comment', NOW())");
You should also consider using mysqli_real_escape_string to prevent SQL-injection
So:
$name = $_POST['Name'];
$comment = $_POST['Comment'];
Becomes:
$name = mysqli_real_escape_string($con, $_POST['Name']);
$comment = mysqli_real_escape_string($con, $_POST['Comment']);
You can also take a look at the following:
http://php.net/manual/en/mysqli.real-escape-string.php;
http://nl3.php.net/manual/en/function.trim.php (removes left over spaces);
http://nl3.php.net/manual/en/function.strip-tags.php (Optional removes html tags from string)
UPDATE
<!-- form to take input-->
<form action="" name="form1" method="post">
Name:
<input type="text" name="Name" id="name"> <br>
Comment:
<input type="text" name="Comment" id="comment"> <br>
<input type="submit" name='submit' value="Submit" id="submit">
</form>
<!-- start php-->
<?php
if($_POST) {
$con = mysqli_connect("localhost", "kodie", "hill1124", "comments");
$name = mysqli_real_escape_string($con, trim($_POST['Name']));
$comment = mysqli_real_escape_string($con, trim($_POST['Comment']));
if (mysqli_connect_errno()) {
echo "Failed to connect to MySql: " . mysqli_connect_error();
}
if (!empty($name) && !empty($comment)) {
$query = mysqli_query($con, "INSERT INTO commenttable VALUES ('$name','$comment',NOW())");
// Check if the query succeeded
if (mysqli_affected_rows($con)) {
$query = "SELECT * FROM commenttable";
$result = mysqli_query($con, $query);
$hash = $result;
echo "<table>";
}
} else {
echo 'Something went wrong: '. mysqli_error($con); // Echo the error (You could replace echo with die())
}
}
if ($hash = NULL) {
echo "null";
}
while ($row = mysqli_fetch_array($result)) {
echo "<tr><td>" . $row['Name'] . "</td><td>" . $row['comment'] . "</td><td>" . $row['timestamp'] . "</td></tr>"; //$row['index'] the index here is a field name
}
echo "</table>";
mysqli_close($con); // this is not necessary
}
?>
You are missing a closing ) at the end of your insert statement:
mysqli_query
($con,
"INSERT INTO commenttable VALUES ('$name','$comment',NOW())");
// This one ^
See the line mysqli_query($con, "INSERT INTO commenttable VALUES ('$name','$comment',NOW()");
You havnt Closed the mysqli_query().
It must be mysqli_query($con, "INSERT INTO commenttable VALUES ('$name','$comment',NOW()"));
Make sure User "kodie" have privileges to do INSERT
Missing parenthesis in
mysqli_query($con, "INSERT INTO commenttable VALUES ('$name','$comment',NOW()");
should be
mysqli_query($con, "INSERT INTO commenttable VALUES ('$name','$comment',NOW()")); // missing )
I have this code here. It successfully inserts data into database but every time I refresh my browser I receive this message from the browser "The page that your looking for used information that you entered. Returning to that page might cause any actions you took to be repeated. Do you want to continue?" When I press continue, it Inserts the same data that I inserted. Can anyone please tell me what's wrong? I just started learning PDO.
<?php
$host = "localhost";
$user = "root";
$db = "pdotest2";
$pass = "";
$dbase = new PDO("mysql:host=" . $host . ";dbname=" . $db, $user, $pass);
if(isset($_POST['firstname']))
{
$fname = $_POST['firstname'];
$lname = $_POST['lastname'];
$sql = "INSERT INTO tbldata(firstname, lastname) VALUES(:firstname, :lastname);";
$query = $dbase->prepare($sql);
$results = $query->execute(array(
':firstname' => $fname,
':lastname' => $lname
));
}
?>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form action="" method="POST">
First Name: <input type="text" name="firstname" required>
<br>
Last Name: <input type="text" name="lastname" required>
<br>
<input type="submit" value="submit" name="submit">
</form>
<?php
$query1 = $dbase->query("SELECT * FROM tbldata");
echo "<table border=1 cellpadding=5>";
while($row = $query1->fetch(PDO::FETCH_ASSOC)){
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
</body>
</html>
Every help would be appreciated.
This message appears because you filled out the form, then clicked "submit". On that page you are viewing after submitting, you hit the refresh button. It is standard for browsers to "resubmit" what you have submitted previously when you hit refresh.
If you want it to not "resubmit", type in the URL and press enter. That way there is no submission data. Only if you click submit after that it should send more data and insert another row.
An easy method is to just click into the address bar (the address should already be present) and press enter. This will reload the page without resubmitting the data.
I'm trying to let the user check off which item to be deleted. When the user check off one or many items and click the Delete button, those data will be erased from the database. I've also added a search box to search for the dvd. The search box works, but the deleting doesn't. This is what it looks like in the browser.
My PHP looks like this (I took out the searching code):
<form action="" method="post">
<p><input type="text" name="search"> <input type="submit" value="Search"></p>
<p><input type="submit" name="deleting" value="Delete"></p>
</form>
<?php
$link = mysqli_connect( $host, $user, $password, $dbname);
if (!$link) {
die('Could not connect: ' . mysqli_connect_error());
}
echo 'Connected successfully<br/>';
//searching code goes here
if (isset ($_POST['deleting']) && isset ($_POST['deleteThese']) )
{
$deleteThese = implode(",", $_POST['deleteThese']);
$queryTwo = "DELETE FROM `$dbname`.`dvds` WHERE `dvds`.`DvdID` IN ($deleteThese)";
$resultTwo = mysqli_query($link, $queryTwo);
}
echo "<table border=\"1\"><tr><th>DvdTitle</th><th>RunningTime</th><th>Delete</th></tr>";
if (mysqli_num_rows($result) == 0)
echo "<tr><td colspan='2'>No records found.</td></tr>";
else {
while ($row = mysqli_fetch_assoc($result)) {
echo "<tr><td>" . $row['DvdTitle'] . "</td>";
echo "<td>" . $row['RunningTime'] . "</td>";
echo "<td>" . "<form>" . "<input type='checkbox' name='deleteThese[]' value='" . $row['DvdID'] . "' >" . "</form>" . "</td></tr>\n";
}
}
echo "</table>";
mysqli_free_result($result);
mysqli_close($link);
?>
Each DvdTitle has an unique Dvd ID, hence the value of each row is the dvd's ID $row['DvdID'].
Adding the parentheses will allow for those ID's to be selected for deletion.
IN($deleteThese)
EDIT
Do not close the form after the submit button. Put that at the end of the code. This will allow the form to include the checkbox values.
<form action="" method="post">
<p><input type="text" name="search"> <input type="submit" value="Search"></p>
<!-- YOUR PHP CODE -->
<p><input type="submit" name="deleting" value="Delete"></p>
</form>
2nd Edit [requested to improve code]
Move the isset on top of the form.
<?php
if (isset ($_POST['deleting']) && isset ($_POST['deleteThese']) )
{
$deleteThese = implode(",", $_POST['deleteThese']);
$queryTwo = "DELETE FROM `$dbname`.`dvds` WHERE `dvds`.`DvdID` IN ($deleteThese)";
$resultTwo = mysqli_query($link, $queryTwo);
}
?>
<form>....
$deletethese might need to have quotes around it.