Can anyone find any errors in this script because I can still submit blank forms. The PHP empty() function also isn't working. I've tried double checking, triple checking and I can't find no simple explanation. I am working in a local environment using XAMPP. Any advice?
<?php
include('core/includes/startsite.inc.php');
if(isset($_POST['submit'])){
$con = new mysqli("localhost", "root", "salvation", "dcstocksolutions");
$name = $_POST['name'];
$comment = $_POST['comment'];
if($name == "" || $comment == ""){
$msg = "Sorry, you missed out a field.";
}
$q = "INSERT INTO testimonials ('name', 'comment') VALUES ('$name', '$comment')";
if($con->query($q)){
$_SESSION['msg'] = "Thank you! Your review was submitted.";
header("Location: testimonials?r=1");
} else {
$msg = "Sorry, there was an error submitting your review, please try again later.";
}
}
?>
<div class="testimonial-container">
<h3 align="center">Leave a review</h3><br />
<?php
if(isset($msg)){
echo("<p align=\"center\">" . $msg . "</p>");
}
?>
<form action="review" method="POST" autocomplete="off">
<table>
<tr>
<td>Full Name:</td>
<td><input type="text" name="name" placeholder="Full Name" value=""></td>
</tr>
<tr>
<td>Comment:</td>
<td><textarea name="comment"></textarea></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Submit Review"></td>
</tr>
</table>
</form>
</div>
<?php
include('core/includes/endsite.inc.php');
?>
Checkout this one. u don't have checked submit button here
<?php
include('core/includes/startsite.inc.php');
if(isset($_POST['submit'])){
$con = new mysqli("localhost", "root", "salvation", "dcstocksolutions");
$name = $_POST['name'];
$comment = $_POST['comment'];
if($name == "" || $comment == ""){
$msg = "Sorry, you missed out a field.";
}else{
$q = "INSERT INTO testimonials ('name', 'comment') VALUES ('$name', '$comment')";
if($con->query($q)){
$_SESSION['msg'] = "Thank you! Your review was submitted.";
header("Location: testimonials?r=1");
} else {
$msg = "Sorry, there was an error submitting your review, please try again later.";
}
}else{echo "Not submited !";}}
?>
<div class="testimonial-container">
<h3 align="center">Leave a review</h3><br />
<?php
if(isset($msg)){
echo("<p align=\"center\">" . $msg . "</p>");
}
?>
<form action="review" method="POST" autocomplete="off">
<table>
<tr>
<td>Full Name:</td>
<td><input type="text" name="name" placeholder="Full Name" value=""></td>
</tr>
<tr>
<td>Comment:</td>
<td><textarea name="comment"></textarea></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Submit Review"></td>
</tr>
</table>
</form>
</div>
<?php
include('core/includes/endsite.inc.php');
?>
Related
I have made a crud project with file upload functionality. For that, each time a user registers in the page a folder with his/her unique id name should be created in the main folder which has been created originally.
If that user, after logging in, uploads the file, it should get stored in that folder which was automatically created when he had registered himself.
For this , I have two files; register.php (code for register functionality) and add.php (for uploading data and file):
Code(Register.php):
if(isset($_POST['submit'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$user = $_POST['username'];
$pass = $_POST['password'];
mkdir("C:/xampp/htdocs/crud/crud_html/'.$name.'/");
if ($user == "" || $pass == "" || $name == "" || $email == "") {
echo "All fields should be filled. Either one or many fields are empty.";
echo "<br/>";
echo "<a href='register.php'>Go back</a>";
} else {
mysqli_query($mysqli, "INSERT INTO login(name, email, username, password) VALUES('$name', '$email', '$user', md5('$pass'))")
or die("Could not execute the insert query.");
echo "Registration successfully";
echo "<br/>";
echo "<a href='login.php'>Login</a>";
if(!file_exists("C:/xampp/htdocs/crud/crud_html/images/'.$id'")){
//if the folder doesn't exist, create it
mkdir("C:/xampp/htdocs/crud/crud_html/images/'.$id'");
else{
continue;
}
}
} else {
?>
<p><font size="+2">Register</font></p>
<form name="form1" method="post" onsubmit="return validatename()" action="">
<table width="75%" border="0">
<tr>
<td width="10%">Full Name</td>
<td><input type="text" name="name" maxlength="20" id="t1" required></td>
</tr>
<tr>
<td><label for="email">Email</label></td>
<td><input type="email" name="email" required ></td>
</tr>
<tr>
<td>Username</td>
<td><input type="text" name="username" maxlength="10" id="t2" required></td>
</tr>
<tr>
<td><label for="psw">Password</label></td>
<td><input type="password" name="password" required id="psw" pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
But this code is not working.
What correction is needed?
I believe the main problem is you reference, in your move_uploaded_file() function a variable called $newd, but in your code above, it looks like you named it $uploads_dir. The below code, simplified from yours, works for me.
Register.php
if ($user == "" || $pass == "" || $name == "" || $email == "") {
echo "All fields should be filled. Either one or many fields are empty.";
echo "<br/>";
echo "<a href='register.php'>Go back</a>";
} else {
mysqli_query($mysqli, "INSERT INTO login(name, email, username, password) VALUES('$name', '$email', '$user', md5('$pass'))")
or die("Could not execute the insert query.");
echo "Registration successfully";
echo "<br/>";
echo "<a href='login.php'>Login</a>";
//check if the folder exists
if(!file_exists("C:/xampp/htdocs/crud/crud_html/images/'.$id'")){
//if the folder doesn't exist, create it
mkdir("C:/xampp/htdocs/crud/crud_html/images/'.$id'");
}
}
Add.php
<?php
//only run this if the form was submitted
if(isset($_POST['Submit'])) {
$pname = rand(1000,10000)."-".$_FILES["file"]["name"]; #file name with random number so that similar don't get replaced
//get the name of the uploaded file
$tname = $_FILES["file"]["tmp_name"];
//set your upload directory
$uploads_dir= __DIR__;
//move the uploaded file to the new directory
move_uploaded_file($tname, $uploads_dir.'/'.$pname);
}
?>
<!--form that will allow the user to upload a file-->
<form action="" method="POST" enctype="multipart/form-data">
<input type="file" name="file" />
<input type="submit" name="Submit" />
</form>
I am trying to create a simple registration form. I have a file for connecting to database
conn.php
<?php
$db_name = "bp_reader";
$mysql_username = "root";
$mysql_password = "";
$server_name = "localhost";
$conn = mysqli_connect ($server_name, $mysql_username, $mysql_password, $db_name);
/*the connection here is fine*/
if($conn){ echo "connected"; }else{ echo "not connected"; }
?>
the registration php
<?php
require "conn.php";
$name = $_POST["name"];
$email = $_POST["email"];
$age = $_POST["age"];
$height = $_POST["height"];
$weight = $_POST["weight"];
$password = $_POST["password"];
//check if user exists
$sql = "select * from user_profile where user_email like '".$email."';";
$result = mysqli_query($conn, $sql);
$response = array();
if(mysqli_num_rows($result) > 0){
$code = "registration failed";
$message = "User already exists";
array_push($response, array("code"=>$code, "message"=>$message));
echo json_encode($response);
}else {
$sql = "insert into user_profile values ('".$name."', '".$email."', '".$age."', '".$height."', '".$weight."', '".$password."');";
$result = mysqli_query($conn, $sql);
$code = "registration Success";
$message = "Thank you for registration... you can login now..";
//jason data
array_push($response, array("code"=>$code, "message"=>$message));
echo json_encode($response);
}
mysqli_close($conn);
?>
and i have a simple html registration form
<html>
<body>
<form action="register.php" method="post">
<table>
<tr>
<td>Name:</td>
<td>
<input type="text" name="name" /> </td>
</tr>
<tr>
<td>Email:</td>
<td>
<input type="email" name="email" /> </td>
</tr>
<tr>
<td>DOB:</td>
<td>
<input type="date" name="age" /> </td>
</tr>
<tr>
<td>height:</td>
<td>
<input type="number" name="height" /> </td>
</tr>
<tr>
<td>weight:</td>
<td>
<input type="number" name="weight" /> </td>
</tr>
<tr>
<td>Password:</td>
<td>
<input type="password" name="password" /> </td>
</tr>
<tr>
<td>
<input type="submit" value="Register" /> </td>
</tr>
</table>
</form>
</body>
</html>
The problem is when I fill the form and submit, I get the correct response that the registration is successful however when I check my database on phpMyAdmin, the database remain unchanged. I am not able to figure out where the problem is.
If you have id field as identifier and autoincrement, you should set its:
$sql = "insert into user_profile values ('', '".$name."', '".$email."', '".$age."', '".$height."', '".$weight."', '".$password."');";
In my registration page when you forget to fill your username you receives this message: "Please insert a username", when you forget to fill the password then you receives this message: "Please insert a password" or when you forget to fill the email then you receives this message: "Please insert a email" as you can see in the code bellow.
<?php
include"header"
if(isset($_POST["register"])){
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
if(($username) == ""){
?><p><?php echo "Please insert a username"; ?></p><?php
}
if(($password) == ""){
?><p><?php echo "Please insert a password"; ?></p><?php
}
if(($email) == ""){
?><p><?php echo "Please insert a email"; ?></p><?php
}
else{
$checkusername = mysql_query("SELECT `id` FROM `user` WHERE `username` = '".$username."'") or die(mysql_error());
$checkemail = mysql_query("SELECT `id` FROM `user` WHERE `email` = '".$email."'") or die(mysql_error());
if(mysql_num_rows($checkusername) == 1){
?><p><?php echo "Username already exists"; ?></p><?php
}
if(mysql_num_rows($checkemail) == 1){
?><p><?php echo "Email already exists"; ?></p><?php
}
else{
mysql_query("INSERT INTO `database`.`user`(`username`,`password`,`email`) VALUES ('".$username."','".$password."','".$email."')") or die(mysql_error());
?><p><?php echo "You are Registered"; ?></p><?php
}
}
}
?>
<div id="loginform">
<form name="loginform" method="post">
<table cellpadding="0" id="tb">
<tr>
<td colspan="2"><div class="loginheader"><h2>Register</h2></div></td>
</tr>
</table>
<table cellpadding="0" id="REGOPTIONS">
<tr>
<td class="field">Username:</td>
<td><input type="text" class="text" name="username"></td>
</tr>
<tr>
<td class="field">Password:</td>
<td><input type="password" class="text" name="password"></td>
</tr>
<tr>
<td class="field">Email:</td>
<td><input type="email" class="text" name="email"></td>
</tr>
</table>
<table cellpadding="0">
<tr>
<td class="field"></td>
<td><input type="submit" class="submitbutton" name="register" value="Register" /></td>
</tr>
</table>
</form>
</div>
But my registration page can only display one error message at a time. I need my page to display all of them at once if you forget to fill your informations (username, password and email) at the same time like that:
"Please insert a username"
"Please insert a password"
"Please insert a email"
Transformed into an array. Try:
<?php
if(isset($_POST["register"])){
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
if (!empty($username) && !empty($password) && !empty($email)){
$checkusername = mysql_query("SELECT `id` FROM `user` WHERE `username` = '".$username."'") or die(mysql_error());
$checkemail = mysql_query("SELECT `id` FROM `user` WHERE `email` = '".$email."'") or die(mysql_error());
if(mysql_num_rows($checkusername) == 1){
?><p><?php echo "Username already exists"; ?></p><?php
}
if(mysql_num_rows($checkemail) == 1){
?><p><?php echo "Email already exists"; ?></p><?php
}
else{
mysql_query("INSERT INTO `database`.`user`(`username`,`password`,`email`) VALUES ('".$username."','".$password."','".$email."')") or die(mysql_error());
?><p><?php echo "You are Registered"; ?></p><?php
}
} else{
if(empty($username)){
$error[] = "Please insert a username";
}
if(empty($password)){
$error[] = "Please insert a password";
}
if(empty($email)){
$error[] = "Please insert a email";
}
foreach ($error as $value) {
echo "Erros: $value<br />\n";
}
}
}
?>
<div id="loginform">
<form name="loginform" method="post">
<table cellpadding="0" id="tb">
<tr>
<td colspan="2"><div class="loginheader"><h2>Register</h2></div></td>
</tr>
</table>
<table cellpadding="0" id="REGOPTIONS">
<tr>
<td class="field">Username:</td>
<td><input type="text" class="text" name="username"></td>
</tr>
<tr>
<td class="field">Password:</td>
<td><input type="password" class="text" name="password"></td>
</tr>
<tr>
<td class="field">Email:</td>
<td><input type="email" class="text" name="email"></td>
</tr>
</table>
<table cellpadding="0">
<tr>
<td class="field"></td>
<td><input type="submit" class="submitbutton" name="register" value="Register" /></td>
</tr>
</table>
</form>
</div>
What I normally do is run through my form validation, and save each error (is there is one) to an array.
ie
$la_errors = array();
if(($username) == ""){
$la_errors[] = "Please insert username";
}
//etc. Then
if(!empty($la_errors)) {
break;
}
When you need to display the errors, explode the array, and display in a format (like or whatever) of your choice
I am trying to have this form submit to a database but I am having no luck. I am a complete newbie and based this code off another form that is already in use. Can anyone spot errors that would make it not work properly? Any help would be huge.
<?php
include("includes/captcha.php");
if (!empty($_POST['submitcontestant'])) {
$addcontestantsql = "INSERT INTO ".$config['db_dbpaper'].".contest (company, name, address, phone)";
$company = mysql_real_escape_string($_POST['company']);
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$captcha = mysql_real_escape_string($_POST['captcha']);
<?php
include("includes/captcha.php");
if (!empty($_POST['submitcontestant'])) {
$addcontestantsql = "INSERT INTO ".$config['db_dbpaper'].".contest (company, name, address, phone)";
$company = mysql_real_escape_string($_POST['company']);
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$captcha = mysql_real_escape_string($_POST['captcha']);
$addcontestantsql .= " VALUES('$company', '$name', '$email', '$phone')";
$allowed = false;
if (empty($company) && empty($name) && empty($address) && empty ($email) && empty($phone)) {
echo '<strong>Please go back and fill out all the fields!</strong>';
}
elseif ($captcha != $captchaans) {
echo '<strong>CAPTCHA incorrect!</strong>';
}
else {
$allowed = true;
echo '<strong>You are in the contest!</strong>';
}
if ($allowed) {
db_exec($addcontestantql);
}
}
?>
<?php
$companysql = "SELECT DISTINCT company FROM ".$config['db_dbpaper'].".contest ";
$mainsql = "SELECT * FROM ".$config['db_dbpaper'].".contest ";
if (!empty($_POST['submit'])) {
$companyname = mysql_real_escape_string($_POST['company']);
$mainsql .= "WHERE company like '$companyname'";
}
$company = db_list($companysql);
$contest = db_list($mainsql);
?>
<div id="fullwidthpage">
<h2>Contest</h2>
<p>Please fill the out form and then click submit. Thank you.</p>
<form method="post">
<table width="491" border="0">
<tr>
<td width="107">Company:</td>
<td width="374"><input name="company" type="text" /></td>
</tr>
<tr>
<td>Name:</td>
<td><input name="name" type="text" /></td>
</tr>
<tr>
<td>Email:</td>
<td><input name="address" type="text" /></td>
</tr>
<tr>
<td>Phone:</td>
<td><input name="phone" type="text" /></td>
</tr>
</table>
<p><?php echo '<img src="'.BASE_URL.'images/captcha/'.date('n').'.jpg">'; ?><br />
What color is this?:<br />
<input name="captcha" size="25" style="text-transform: lowercase;"/>
<input name="submitcontestant" type="submit" value="Submit" />
</p>
</form>
id suggest you to start here : http://se2.php.net/manual/en/intro.mysqli.php
you're way off track at the moment and basically asking someone to code it for you.
after your posts update : it seems that the problem is you're not connecting to sql at all try using $link = mysql_connect('host', 'mysql_user', 'mysql_password');
All set, I was creating my data table in the wrong database, new table was added in the appropriate database and all better :). Thanks to everyone who gave me input!
My headers were working on my localhost but not working online.
<?php
require_once 'func/func.php';
if(isset($_POST['sub'])){
$user = trim(mysqli_real_escape_string($dbc,$_POST['username']));
$pass = mysqli_real_escape_string($dbc,$_POST['pass']);
$sql = "select * from register where matric = '$user' and passw ='$pass'";
$result = mysqli_query($dbc,$sql) or die(mysqli_error($dbc));
$num = mysqli_num_rows($result) or die(mysqli_error($dbc));
if($num == 1){
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['name'] = $row['fname'].' '.$row['lname'];
$_SESSION['trader'] = $row['trader'];
$_SESSION['pic'] = $row['passport'];
$_SESSION['username'] = $row['username'];
error_reporting(E_ALL | E_WARNING | E_NOTICE);
ini_set('display_errors', TRUE);
flush();
header("Location: home/home.php");
die('should have redirected by now');
echo $pass;
}else{
echo "Invalid User Name or Password";
}
}
?>
<html><head>
</head>
<body>
<form action="" method="post">
<table width="409" border="0" align="center" cellpadding="4" cellspacing="4">
<tr>
<td width="166">User Name</td>
<td width="215">
<input type="text" name="username" id="text1">
</tr>
<tr>
<td>Password</td>
<td><p>
<input type="password" name="pass" id="password1">
</tr>
<tr>
<td colspan="2" align="center"><input name="sub" type="submit" value="Login" /></td>
</tr>
</table>
<? if(isset($msg)) echo $msg; ?> </form>
</body></html>
the func file contains the session and mysqli connect file it is working on localhost.
with all errors on it is not dispaying error. it is outputing shoul have redirected by now. please help me out
Your redirect works.
The problem is the URL is not correct.
Try it like this:
header("Location: http://site.com/home/home.php");
Try this way:
header("Location: ./home/home.php");