I'm using kespersy antivirus.I want to store the details in database.but password and confirm password value is not printed while testing.
all the field values are echoed except password and confirm password.$pass is password variable and $c_pass is confirm password variable.
<form name="profile" method="post">
<p style="margin-left:1cm">Name<a style="margin-left:45px"></a> : <input type="text" name="p_name" size=18 maxlength=50></p>
<p style="margin-left:1cm">Email<a style="margin-left:45px"></a> : <input type="text" name="email" size=18 maxlength=50></p>
<p style="margin-left:1cm">Password<a style="margin-left:25px"></a> : <input type="password" name="pass" size=18 maxlength=50></p>
<p style="margin-left:1cm">Confirm<a style="margin-left:30px"></a> : <input type="password" name="c_pass" size=18 maxlength=50></p>
<p style="margin-left:1cm">Phone<a style="margin-left:45px"></a> : <input type="text" name="phone" size=18 maxlength=50></p>
<p style="margin-left:1cm">Address<a style="margin-left:30px"></a> : <textarea name="address" max=200></textarea></p>
<p style="margin-left:1cm">EIN<a style="margin-left:50px"></a>   : <textarea name="ein" max=200></textarea></p>
<center><input type="submit" name="edit" value="Edit" /> </center>
</form>
<?php
include "config.php";
if(isset($_REQUEST['edit']))
{
echo "hai";
echo $pass=$_REQUEST['Pass'];
echo $c_pass=$REQUEST['c_pass'];
echo $address=$_REQUEST['address'];
echo $p_name=$_REQUEST['p_name'];
echo $phone=$_REQUEST['phone'];
echo $email=$_REQUEST['email'];
echo $ein=$_REQUEST['ein'];
echo $datz=date('m-d-yy h:i:s');
if($pass==$c_pass)
{
echo $c_pass;
echo $pass;
if($p_name!='' && $address!='' && $p_name!='' && $phone!='' && $email!='' && $ein!='' && $pass!='')
{
echo $sql="insert into register(name,address,contact_name,phone,email,password,ein,c_date) values ('$name','$address','$p_name','$phone','$email','$pass','$ein','$datz')";
if(mysql_query($sql))
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('registered successfully');
</SCRIPT>");
}
else
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('try again');
</SCRIPT>");
}
}
}
}
?>
First of all why do you use the $_REQUEST variable?
It would be much safer if you use $_POST instead.
Can you update your question with your HTML form so we can see what you did there?
Another suggestions is to use mysqli functions or even prepared statements.
With prepared statements you are better protected against SQL injections like Jack mentioned.
If you dont use prepared statements it is really important that you escape the user input before you save it in your Database:
$name = mysqli_real_escape_string($dblink, $name);
And you should not save the passwords in plaintext, at least use MD5.
$pass = md5($pass);
Better use SHA1 as mentioned by BlackPearl:
$pass = sha1($pass);
UPDATE:
I see a typo in your HTML:
<input type="password" name="pass" size=18 maxlength=50></p>
But in your PHP Code you use:
$_REQUEST['Pass']
which is wrong.
you have to use the same name it is case sensitive.
Related
While I found something similar to this question on here it didn't answer my question outright.
I have set up this php script to validate the form data, which works, after its validated I want it to then pass the info onto another script page to let the user then verify their input data and then mail the data. Its at this state that I'm having trouble. I've spent the last few days trying to find a solution to this and unfortunately coming up short.
<?php
$name_error = '';
$email_error = '';
$comments_error = '';
$error = false;
if (!empty($_POST['submitted']))
{ //if submitted, the validate.
$name = trim($_POST['name']);
if (empty($name))
{
$name_error='Name is required';
$error = true;
}
$email = trim($_POST['email']);
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email))
{
$email_error='E-mail address not valid';
$error = true;
}
$comments = trim($_POST['comments']);
if (empty($comments))
{
$comments_error='Comments are required';
$error = true;
}
if ($error == false)
{
$name_send = $name;
$email_send = $email;
$comments_send = $comments;
/* Redirect visitor to the thank you page */
header('Location: /mail.php');
exit();
}
}
The form this is attached to:
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>" method="post">
<label>Your Name</label><br />
<input type="text" name="name" style="width:95%" class="text" value='<?php echo htmlentities($name) ?>' />
<br/>
<span class='error'><?php echo $name_error ?></span>
<br />
<label>Email</label><br />
<input type="email" name="email" style="width:95%" class="text" value='<?php echo htmlentities($email) ?>' />
<br/>
<span class='error'><?php echo $email_error ?></span>
<br />
<label for="comments" style="font-size:16px;">Feedback Comments</label><br />
<textarea name="comments" style="width:95%;" rows="8" value='<?php echo htmlentities($comments) ?>'></textarea>
<br />
<span class='error'><?php echo $comments_error ?></span>
<br />
<input type="checkbox" name="allowCommentPublish" checked="checked" />
<label for="allowCommentPublish" style="font-size:10px;">Allow these comments to be used on our website</label>
<fieldset class="optional">
<h2>[ OPTIONAL ]</h2>
<label>Company Name</label><br />
<input type="text" name="companyName" style="width:95%" class="text" />
<br/>
<label>Phone</label><br />
<input type="text" name="phone" style="width:95%" class="text" /><br/>
<div style="margin:5px 0px;">
<input type="checkbox" name="incmarketing" />
<label style="font-size:10px;"> Yes, you can email me specials and promotions.</label>
<br/>
</div>
</fieldset>
<fieldset>
<input type="submit" name="submitted" value="Send" />
</fieldset>
I will point out im focusing on the main data inputs: Name E-mail and comments.
I need the info from this form to be sent onward but i dont know exactly how to do this and any help will be appreciated greatly.
For passing the values to next page you will have to use either of the three methods.
1. Set cookies with the data.
2. Use global variable session.
3.Pass the data in the url.
For cookies u can set cookies with the values like
setcookie('name',$name);
in ur next page read those cookie data
For sessions:
$_SESSION['name']= $name;
for reading data from cookies & session:
$name = $_COOKIE['name'];
$name = $_SESSION['name'];
For using sessions you must add the line
session_start();
at the start of both the pages that send or receive(use) the data
and for urls
header('Location: /mail.php?name=$name&email=$email&comment=$comments');
Read more on using session
If you need to pass values from one script to another you can use $_SESSION variables. To start a session use: (at the top of the php script)
session_start();
$_SESSION['somename'] = $somevariable;
To access or get that same variable you can use this:
session_start();
$some_other_variable = $_SESSION['somename'];
or you can use hidden input fields.
You can use hidden fields and javascript to submit the form. However as this is the same php page as the original form you will need an if statement
echo '<form name="newForm" action="newpage.php" method="POST">';
echo '<input type="hidden" name="name2" value"' . $name . '">;
echo '<input type="hidden" name="email2" value"' . $email . '">;
echo '<input type="hidden" name="comments2" value"' . $comments . '"></form>;
echo '<script> if (document.getElementById("name2").value != ""){window.onload = function(){ window.document.newForm.submit(); }} </script>';
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input onclick="this.value=''" type="text" name="first_name" value="First Name">
<input onclick="this.value=''" type="text" name="last_name" value="Last Name">
<input onclick="this.value=''" type="text" name="pwd" value="The Passcode">
<input name="submit" type="submit" value="Submit" class="submit_">
<textarea name="comments" id="comments" rows="4" cols="50"></textarea>
</form>
PHP :
if(isset($_POST['submit']))
{
$name = mysql_real_escape_string($_POST['first_name']);
$pwd = mysql_real_escape_string($_POST['pwd']);
$text = mysql_real_escape_string($_POST['comments']);
// print_r($_POST);
if(is_null($text)) {
debug_to_console('some fields empty');
echo "<p class=\"warning\">* Your Message Did Not Contain Any Characters.</p>";
}
else if($name === 'First Name'){
debug_to_console('name isnt set');
echo "<p class=\"warning\">* You Have Not Entered Your First Name Correctly.</p>";
}
else if($pwd !== 'XyZ'){
debug_to_console('password not set');
echo "<p class=\"warning\">* Passcodes Do Not Match.</p>";
} else {
Keeps returning 'password not set' even though the form input matches the variable. Used print_r and $pwd states XyZ.
tried removing onClick from the form input. I'm assuming this is a caps thing?
Please help, thank you.
Check $pwd with
var_dump($pwd);
I do believe $pwd is a string (because you use !== instead of !=) AND doesn't contain: XyZ
(if you didn't change the value in input field pwd, its value is still: The Passcode)
I am working in PHP. i have made a form named as Donor.php and a connect it to database. Now I am trying to apply checks in on it in PHP. But their is a problem. As I have applied checks for empty fields in PHP on a form but these checks are not working. Please check out my code. As my work is stuck just because of this problem. My code file is here:
Donor.php
<?php
//error_reporting(0);
if(isset($_POST['submit'])){
$first_name=$_POST['firstname'];
$last_name=$_POST['lastname'];
$Country=$_POST['country'];
$City=$_POST['city'];
$Gender=$_POST['gender'];
$Email=$_POST['email'];
$Password=$_POST['pwd'];
include_once "connectionn.php";
$emailChecker=mysql_real_escape_string($Email);
$sql_email_check=mysql_query("Select Email FROM user WHERE Email='$emailChecker'");
$email_check=mysql_num_rows($sql_email_check);
if((empty($first_name)) ||(empty($last_name)) ||(empty($City)) ||(empty($Gender)) ||(empty($Email)) ||(empty($Password))) {
$errorMsg='We are sorry, but there appears to be a problem with the form you submitted.';
if (empty($first_name)) {
$errorMsg.='$var is either 0, empty, or not set at all';
header('Location: Donor.php');
}
if(empty($last_name)){
$errorMsg.='lastname';
header('Location: Donor.php');
}
if(empty($City)){
$errorMsg.='City';
header('Location: Donor.php');
}
if(empty($Gender)){
$errorMsg.='Gender';
header('Location: Donor.php');
}
if(empty($Email)){
$errorMsg.='email';
header('Location: Donor.php');
}
if(empty($Password)){
$errorMsg.='Password';
echo "$errorMsg.";
header('Location: Donor.php');
}
}else if($email_check>0){
$errorMsg="invalid";
}else{
$sql="INSERT INTO user (User_ID,First_Name, Last_Name, gender, city, Email, Password) VALUES (NULL,'$first_name', '$last_name','$Gender','$City','$Email','$Password')";
$result=mysql_query($sql);
$UserID="SELECT max(User_ID) as usr from user";
$userIDResult=mysql_query($UserID);
if($userIDResult === false)
{
die(mysql_error());
}
while($R=mysql_fetch_array($userIDResult)){
$usrID= $R['usr'];
}
$donor="INSERT INTO donor(User_ID, Country)Values('".$usrID."','$Country')";
$resultdonor=mysql_query($donor);
mysql_close();
header('Location: DonorPro.php');
}
}
?>
<?php
include "Header.php";
//include "registration.php";
?>
<div class="DonorDiv">
<h1>Lets Join:</h1>
<form name="input" action="" method="post" <?php print"$errorMsg"; ?>>
First Name: <input type="text" name="firstname" placeholder="First Name" id="r">
<?php print "$first_name";
// if (!isset($_POST['firstname'])) {
//echo '$var is either 0, empty, or not set at all';
//}
?>
Last Name: <input type="text" name="lastname" placeholder="Last Name" id="u" <?php print "$last_name";?>> <br>
Institution: <input type="text" name="country" placeholder="Institution" id="" <?php print "$Institution";?>>
City: <input type="text" name="city" placeholder="City" id="" <?php print "$City";?>><br>
Country: <input type="text" name="country" placeholder="Country" id="" <?php print "$Country";?>><br>
Gender: <input type="text" name="gender" placeholder="Gender" id="" <?php print "$Gender";?>><br>
Email Address: <input type="Email" name="email" placeholder="Email" id="g" <?php print "$Email";?>><br>
Password:<input type="Password" name="pwd" placeholder="Password" id="v" <?php print"$Password";?>><br>
<input type="submit" src="images/button(9).png" alt="Submit" id="q">
</form>
</div>
<?php include "Footer.php"; ?>
The PHP mysql lib is deprecated, you should consider using myslqi or php PDO instead.
Here is a tutorial
You should also be careful : $first_name and the other variables as they are not defined when you display the form, so you will get warnings.
Anyway, your problem is that this check is always false :
if(isset($_POST['submit'])){
The easiest (but not the best) way to correct that is to add a hidden input in your form :
<input type="hidden" name="hidden">
You have to quit the PHP script after telling the browser to redirect to another page:
header('Location: Donor.php');
exit;
(Besides SQL injection and some other problems.)
This is a part of my registration form. I want to display back the input user inserted if they forgot to enter all the info needed. However, I get this on my textbox in register form where everyone including my user can see it.
Notice:Undefined variable: name in D:\XAMPP\htdocs\registration.php on line 113
I want it to echo back the input that user had inserted and display it again so that user does not have to enter the same input over again. Help ?
$myusername=($_POST['username']);
$name=($_POST['name']);
if(isset($_POST['username'])) {
echo $_POST['username'];
}
if(isset($_POST['name'])) {
echo $_POST['name'];
}
<input type="text" name="username" size="60" value="<?php echo $myusername; ?>"/>
<input type="text" name="name" size="60" value="<?php echo $name; ?>"/>
Assuming you send the user back to the page they were at previously if the form fails to validate, the POST array is emptied. POST will only carry the information to the page that the form is submitting to.
You can use sessions to save the data in an array, indexed by form field name. Then when the user is sent back to the form, if there are any entries in the array, you can iterate over them through to your form fields.
you can controll the variables with if clause; means you can write:
if ( isset($_POST['send']) && isset($myusername) ) {
echo $myusername;
}
else {
echo '<span style="color:red;">Please complete this field</span>';
}
and do the same in html value for textfiels...
$myusername = isset($_POST['username']) ? ($_POST['username']) : '';
$name = isset($_POST['name']) ? ($_POST['name']) : '';
<input type="text" name="username" size="60" value="<?php echo $myusername; ?>"/>
<input type="text" name="name" size="60" value="<?php echo $name; ?>"/>
Try this, this should remove your error?
if(isset($_POST['username'])) {
$myusername=($_POST['username']);
<input type="text" name="username" size="60" value="<?php echo $myusername; ?>"/>
echo $_POST['username'];
}
if(isset($_POST['name'])) {
$name=($_POST['name']);
<input type="text" name="name" size="60" value="<?php echo $name; ?>"/>
echo $_POST['name'];
}
Here we are checking for POST value first then we using it.
Write the isset function inside the value of each of your .
Exemple :
<input type="text" name="username" size="60" value="
<?php if( isset( $_POST["myusername"] ) )
echo $_POST["myusername"] ?> "/>
you can use this tutorial for validation of input fields in php
http://www.w3schools.com/php/php_form_validation.asp
or you can use this method
<?php
$myusername="";
$name="";
if(isset($_POST['submit'])){
$myusername = $_POST['username'];
$name = $_POST['name'];
}
?>
<form method="POST" action="">
<input type="text" name="username" size="60" value="<?php echo $myusername; ?>"/>
<input type="text" name="name" size="60" value="<?php echo $name; ?>"/>
<input type="submit" name="submit" size="60" value="submit"/>
</form>
I need your help.. I'm trying to make the textbox red whenever there's an error in a form...
This is what i've being able to do. But when i submit the fore, I get an Undefined Index error_css in the form
if (isset($_POST['submit'])) {
if (empty($_POST['username'])) {
$error_css='background-color:red';
}
Form
<label for="username">Username:</label>
<input id="username" type="text" value="<?php if(isset($_POST['username'])){ echo $_POST['username']; } ?>" name="username" title='Username' />
thanks for your time...
Try something like this:
<?php
$username = "";
$error_css = "";
if (isset($_POST['submit'])) {
if(isset($_POST['username']))
$username = $_POST['username'];
else
$error_css='background-color:red';
}
?>
<label for="username">Username:</label>
<input id="username" type="text" value="<?php echo $username; ?>" name="username" title='Username' style="<?php echo $error_css; ?>"/>
If you can, why not look into a solution like jQuery validation plugin? It's not a complete solution, as you still need some sort of server side validation, but it'll get you on your way.
you never set the style in the html tag and the first if{if{}} statements are redundant. It should be:
<label for="username">Username:</label>
<input type="text" <?php
if(isset($_POST['username'])) {
echo 'value="'.$_POST['username'].'"';
} else {
echo 'style="background-color:red"';
}
?> name="username" title='Username' >
Form
<label for="username">Username:</label>
<input id="username" type="text" value="<?php echo #$_POST['username']; ?>"
name="username" title='Username' style="<?php echo #$error_css; ?>"/>
Your variable $error_css is empty/does not exist.
I think the 2 if cases in the beginning of your script never reach the point where $error_css gets its content.