I'm trying to create users and save them to my database. I have this login formula with css and html and the code to put it into my db:
function registerUser()
{
echo "
<form method='get' action=''>
<div style=\"text-align: center;\"><input class=\"button\" style=\"z-index:1;\" type=\"submit\" name=\"reset\" value=\"Neues Spiel\">
Zur Highscore
</form>
<form style=\"border:5; border-color:blue; \" align=\"center\" action=\"\" method=\"post\">
<table style='background-color:#696969' border='5' align='center'>
<tr>
<th>Dein Username:</th>
</tr>
<tr>
<td><input type=\"text\" size=\"24\" maxlength=\"50\"
name=\"username\"></td>
</tr>
<tr>
<th>Dein Passwort:</th>
</tr>
<tr>
<td><input type=\"password\" size=\"24\" maxlength=\"50\"
name=\"password\"></td>
</tr>
<tr>
<th>Passwort Wiederholen:</th>
</tr>
<tr>
<td><input type=\"password\" size=\"24\" maxlength=\"50\"
name=\"password2\"></td>
</tr>
<tr><td><input style=\"margin-left:49;\" align=\"center\" type=\"submit\" value=\"Abschicken\" name=\"saveUser\"></tr></td>
</table>
</form>
";
}
and my saveUser() function:
function saveUser($username, $password, $passwordCheck)
{
$this->db->exec("INSERT INTO users (username, password) VALUES ({$username}, {$password})");
}
And I got this in my other document to get access:
if(isset($_GET['saveUser'])){
$user->saveUser($_GET['username'],$_GET['password'],$_GET['password2']);
}
It does not work.
Modify your code and use this:
$this->db->exec("INSERT INTO users (username, password) VALUES ('{$username}', '{$password}')");
And also one thing you forgot you need to validate your data to avoid sql injections, never ever trust an input coming from the user of any type.
Related
So I have this program where the user sets up a database table. First, I ask them how many fields they want.
first.php
<html>
<form name="formCreateFields" method="post" align="center" action="second.php">
<p>Number of fields: <input type ="text" name="fieldsNum"/>
<input type="submit" name="submitFieldsNum" value=" Submit "/></p><br>
</form>
</html>
Then I loop the fields, depending on their input above.
second.php
<?php
echo "<form name='formSetupFields' method='post' align='center' action='third.php'>";
for ($z=1; $z<=$_POST['fieldsNum']; $z++) {
echo "<table align='center'>
<tr>
<th rowspan=2> <big> $z </big> </th> <th>Name</th> <th>Type</th> <th>Length</th>
</tr>
<tr>
<td><input type='text' name='fieldName$z'></td>
<td><input type='text' name='fieldType$z'></td>
<td><input type='text' name='fieldLength$z'></td>
</tr>
</table><br><br>";
}
<input type='submit' name='submitFieldSetup'>
</form>";
?>
I'm having problems after this. I've been trying to test fetching them by putting them in an array and using foreach to view them but can't seem to get anywhere. I thought it was okay to use something like $_POST['fieldName$z'] but I guess I was wrong.
I just need to find out how I could fetch all the inputs in the second file. Any ideas? Thanks in advance! :)
If fieldsNum is a number, the for should be fine in this case, just properly concatenate the values:
echo "<form name='formSetupFields' method='post' align='center' action='third.php'>";
echo "<table align='center'>";
echo '
<tr>
<th rowspan=2></th> <th>Name</th> <th>Type</th> <th>Length</th>
</tr>';
for ($z = 1; $z <= $_POST['fieldsNum']; $z++) {
echo "
<tr>
<td><input type='text' name='inputs[$z][name]'></td>
<td><input type='text' name='inputs[$z][type]'></td>
<td><input type='text' name='inputs[$z][length]'></td>
</tr>
";
}
echo '</table><br><br>';
echo "<input type='submit' name='submitFieldSetup'>";
echo '</form>';
Then in third.php;
if(isset($_POST['inputs'])) {
$inputs = $_POST['inputs'];
foreach($inputs as $input) {
echo $input['name'];
echo $input['type'];
echo $input['length'];
}
}
I'm trying to find how to retain my text value after submit, so the text that i submit is still keep in the textbox, there's so many reference in internet but too hard for me to understand (newbie here), so i'd like to ask here, if anyone have some solution.
Here's my form code:
echo
"<form method='post' action='process.php'>
<tr>
<td>Nama Jurusan</td>
<td>:</td>
<td><input type='text' name='jurusan' size='50%'></td>
</tr>
<tr>
<td>Nama Laboratorium</td>
<td>:</td>
<td><input type='text' name='lab' size='50%></td>
</tr>
<input name='submit' type='submit' id='ajukan' value='Ajukan'>
</form>";
As you can see, i was placing the form inside echo.
Here's my process.php code:
<?php
if(isset($_REQUEST['submit'])) {
include "../conf/koneksi.php";
$jurusan = $_POST['jurusan'];
$lab = $_POST['lab'];
$urutkan= "ALTER TABLE tb_pengusul AUTO_INCREMENT = 1";
mysql_query($urutkan);
$input = mysql_query("INSERT INTO tb_pengusul (nama_jurusan,nama_laboratorium)
VALUES ('$jurusan','$lab')") or die (mysql_error());
echo "<script language=\"Javascript\">\n";
echo "window.alert('Input sukses !')";
echo "</script>";
echo "<META HTTP-EQUIV=\"REFRESH\" CONTENT=\"0;URL='../koordinator.php?url='\">";
}
?>
Use Post value as,
This will works only if you form page and submit code are in same page ( process.php )
<?php echo"<form method='post' action='process.php'>
<tr><td>Nama Jurusan</td>
<td>:</td>
<td><input type='text' name='jurusan' value='".$_POST['jurusan']."' size='50%'></td>
</tr>
<tr>
<td>Nama Laboratorium</td>
<td>:</td>
<td><input type='text' name='lab' value='".$_POST['lab']."' size='50%'></td>
</tr>
<input name='submit' type='submit' id='ajukan' value='Ajukan'>
</form>";?>
Also you have error in your code in line
<td><input type='text' name='lab' size='50%></td>
it should be <td><input type='text' name='lab' size='50%'></td>
If your form is still available in the process.php file, change it like this:
echo "<form method='post' action='process.php'>
<tr><td>Nama Jurusan</td>
<td>:</td>
<td><input type='text' name='jurusan' size='50%'";
if (isset($_POST['jurusan']))
{
echo " value=\'$_POST['jurusan']\'";
}
echo "></td>
</tr>
<tr>
<td>Nama Laboratorium</td>
<td>:</td>
<td><input type='text' name='lab' size='50%'";
if (isset($_POST['lab']))
{
echo " value=\'$_POST['lab']\'";
}
echo "></td>
</tr>
<input name='submit' type='submit' id='ajukan' value='Ajukan'>
</form>";
you need to use PHP sessions.
add the following string to your process.php page
session_start();
$_SESSION['prev_values'] = $_POST;
and the following to your form page
$lab = "";
$jur = "";
session_start();
if(isset($_SESSION['prev_values'])){
$jur = $_SESSION['prev_values']['jurusan'];
$lab = $_SESSION['prev_values']['lab'];
}
echo
"<form method='post' action='process.php'>
<tr>
<td>Nama Jurusan</td>
<td>:</td>
<td><input type='text' name='jurusan' size='50%' value='$jur'></td>
</tr>
<tr>
<td>Nama Laboratorium</td>
<td>:</td>
<td><input type='text' name='lab' size='50%' value='$lab'></td>
</tr>
<input name='submit' type='submit' id='ajukan' value='Ajukan'>
</form>";
SECURITY NOTICE:
Please note: this script is basic and it is vulnerable to XSS (just to name one). As a rule of thumb, you should NEVER display directly user inputs without some form of sanitation
i've made a website, and i made a control panel for it for admin
now iwant to make admin able to add more users to be admins from the control panel
its worked
but i want to make him able to edit them also ( like the usernames and passwords )
i wrote the code but it didnt work and i think the problem maybe with the $editget = $_GET['euid']; it dosent give the number in the url that should be www.example.com/admin/index.php?adpa=users&euid=4 , so it should get me the number 4
i did the same thing with delectation it works and the GET gave me the number after deluid=
so where im going wrong
here is the code :
$eusername = $_POST['eusername'];
$epassword = $_POST['epassword'];
#===========================================================#
if (isset($_POST['edit']) and $_POST['edit'] == 'user') {
$editget = $_GET['euid'];
$edituserinfo = $db->query("update user set username='$eusername', password='$epassword' where user_id='$editget'");
if (isset($edituserinfo)) {
die ("
<center>
<div class='head'>تــــــــم</div>
<div class='bodypanel'>
<br>
تــــعديل بيـــانات الـــمدير بنـــجاح
<br>
<br>
</div>
</center>
<meta http-equiv='refresh' content='4; url=?cpages=users' />
");
}
}
and here is the edit form code :
if ($_REQUEST['euid']) {
$edituid = $db->query("select * from user where user_id='$editu'");
$redit = $edituid->fetch(PDO::FETCH_OBJ);
echo "
<form action='?cpages=users' method='post'>
<table width='100%' align='center' cellpadding='10' cellspacing='0'>
<tr>
<td class='tbl' colspan='2'>تعديل بيانات مدير</td>
</tr>
<tr>
<td class='tblrl' align='left'>اسم المدير : </td>
<td class='tblrl' align='right'><input type='text' name='eusername' value='".$redit->username."'></td>
</tr>
<tr>
<td class='tblrl' align='left'>كلمة سر المدير : </td>
<td class='tblrl' align='right'><input type='text' name='epassword' value='".$redit->password."'></td>
</tr>
<tr>
<td class='tblb' colspan='2' align='center'><input class='buttons' type='submit' value='تعديل'/></td>
</tr>
</table>
<input type='hidden' name='edit' value='user' />
</form>";
}
You are not passing the userId in the form
change
<form action='?cpages=users' method='post'>
to
<form action='?cpages=users&euid=" . $_GET['euid'] . "' method='post'>
your problem is here in the form in this line
<form action='?cpages=users' method='post'>
your taking it to users page but there is no euid in there so just add
&euid=" . $_GET['euid'] . " to get it to work fine
hello guys i have a problem with this code
when id add a comment and comment insert in database
and when i make refresh on the same page i get this warning :
One of the fields are still empty,
i think the problem in the first code
<?php
if ($_POST['add'] and $_POST['add']=='comm'){
$comm_name =strip_tags($_POST['comm_name']);
$comm_country =strip_tags(mysql_real_escape_string($_POST['comm_country']));
$c =strip_tags(mysql_real_escape_string($_POST['comm']));
$comm_thread =strip_tags(mysql_real_escape_string($_POST['comm_thread']));
$status =$_POST['status'];
$getidtopic=$_GET['id_topic'];
$post_code=$_POST['post_code'];
if ($comm_name=='' or $comm_country=='' or $c=='' or $post_code=='' ){
echo "<script>alert(\"One of the fields are still empty
\");</script>";
}else if ($_POST['post_code']==$_SESSION['code']) {
$insertcomm=mysql_query("insert into comments values('','$comm_name','$comm_country','$comm','$comm_thread','$status') ")or die (mysql_error);
echo "<script>alert(\"your comment has been adding\");</script>";
}
}
?>
and this is the comment's form
<form action='' method='post' >
<table class='rightcol' width='100%' cellpadding='0' cellspacing='5'>
<tr>
<td colspan='3' id='addcomm'>add comm</td>
</tr>
<tr>
<td width='15%' ><div id='title_comm' value=''>name : </div></td>
<td ><input type='text' name='comm_name' value='<?if (!$insertcomm){
echo $comm_name;
}?>'/></td>
</tr>
<tr>
<td width='15%' ><div id='title_comm'>country </div></td>
<td ><input type='text' name='comm_country'
value='<?if (!$insertcomm){echo $comm_country;}?>'/>
</td>
</tr>
<tr>
<td valign='top' width='15%'><div id='title_comm'>comment : </div></td>
<td width='50%'>
<textarea cols='55' rows='12' name='comm'>
<?if (!$insertcomm){echo $c;}?>
</textarea></td>
<td valign='top' ><div id='note_comm'>
your comment will not insert if you try to use some thing bad
</div></td>
</tr>
<tr>
<td width='15%' ><div id='title_comm'><span style='color:red'>code : <br/>write these codes </span></div></td>
<td ><input type='text' name='post_code'/></td>
</tr>
<tr>
<td ><div id='code'>
<?php
$text=rand(400,80000);
echo $_SESSION['code']=$text;
?>
</div></td>
</tr>
<td colspan='4' ><input type='submit' name='addcomm' id='add' value='add comm'/></td>
</table>
<input type='hidden' name='comm_thread' value='<?php echo $getidtopic;?>' />
<input type='hidden' name='add' value='comm'/>
<input type='hidden' name='status' value='2'/>
</form>
that is because, when you refresh the page, the $_POST fields are reset, and the fields get empty, so when the page executes its PHP line if ($comm_name=='' or $comm_country=='' or $c=='' or $post_code=='' or $post_code=='' ){ it will find them to be empty.
You need to show us the table definition to better figure out what the issue is exactly. My guess is that your SQL statement is not properly prepared.
I am new here and I have a question. I have a problem that I can't figure it out with _POST. I have been searching for hours before start writing! As far as I can see I haven't done any of the mistakes that are posted for other similar question (form action..., name attribute...,etc). Please, can you check my code below to tell me what am I doing wrong??
I use xampp 1.7.3 on windows 7.
<?php require("includes/header.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?><head>
<script type="text/javascript">
function theChecker()
{
if(document.getElementById('checker').checked){
document.getElementById('submitter').disabled=false;
}
else{
document.getElementById('submitter').disabled=true;
}
}
</script>
</head>
<?php require("includes/body_no_menus.php"); ?>
<div align="center">
<form name="signup" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?php
echo "<hr/>
<table width='600' border='0'>
<tr>
<td width='237'>Κωδικός οικοδομής</td>
<td width='351'><input name='building_id' type='text' id='building_id' size='30' maxlength='40' />*</td>
</tr>
<tr>
<td>Κωδικός διαμερίσματος</td>
<td><input name='apartment_id' type='text' id='apartment_id' size='30' maxlength='40' />*</td>
</tr>
<tr>
<td></td>
<td height='31' colspan='2' ><label>
<input name='send' type='submit' value='Αποστολή' />
</label></td>
</tr>
</table>
";
?>
</form>
</div>
<p>
<?php
if(isset($_POST['send'])) {
// Check input / Required fields
$building_id = check_input($_POST['building_id'],"Εισάγετε τον κωδικό της οικοδομής!");
$apartment_id = check_input($_POST['apartment_id'],"Εισάγετε όνομα χρήστη!");
$query = "SELECT idTENANT,FNAME,LNAME,BUILDING_ADMIN,PHONE FROM TENANT,APARTMENT, BUILDING
WHERE TENANT.APARTMENT_ID = APARTMENT.idAPARTMENT
AND APARTMENT.BUILDING_ID = BUILDING.idBUILDING
AND idAPARTMENT = '$apartment_id'
AND idBUILDING = '$building_id'";
$result=mysql_query($query) or die ("Couldn't execute query.");
$row = mysql_fetch_array( $result );
$id = $row['idTENANT'];
$fname = $row['FNAME'];
$lname = $row['LNAME'];
$apartment = $row['APARTMENT_ID'];
$phone = $row['PHONE'];
if($row['BUILDING_ADMIN'] == 0)
$admin = "ΟΧΙ";
else
$admin = "ΝΑΙ";
echo " <hr />
<table width='300' border='0'>
<tr>
<td>Όνομα</td>
<td>$fname</td>
</tr>
<tr>
<td>Επίθετο</td>
<td>$lname</td>
</tr>
<tr>
<td>Όνομα χρήστη</td>
<td><input name='username' type='text' size='30' maxlength='20' />*</td>
</tr>
<tr>
<td>Κωδικός χρήστη</td>
<td><input name='password' type='password' size='30' maxlength='20'/>*</td>
</tr>
<tr>
<td>Επαλήθευση κωδικού</td>
<td><input name='verify_password' type='password' size='30' maxlength='40'/> *</td>
</tr>
<tr>
<td>Διαχείριση οικοδομής</td>
<td>$admin</td>
</tr>
<tr>
<td>Τηλέφωνο</td>
<td>$phone</td> </tr>
<tr>
<td></td>
<td><input name='checkterms' type='checkbox' id='checker' onclick='theChecker()' value='Ναι'/>
<label>Έχω διαβάσει και αποδέχομαι τους όρους χρήσης.</label> *</td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='complete' id='submitter' value='Ολοκλήρωση εγγραφής' disabled/></td>
</tr>
</table>
";
}
if(isset($_POST['complete'])) {
// Password match
if ($password != $verify_password)
{
echo '<font color="red">Οι κωδικοί δεν ταιριάζουν</font>';
}//if
else
{
// Execute MySQL commands
$query = "UPDATE TENANT SET USERNAME = '$un', PASSWD='$pw' WHERE idTENANT='$id'";
$result=mysql_query($query) or die ("Couldn't execute query.");
header("Location: main_login.php");
}//else
}//if
?>
</p>
<?php require("includes/footer.php"); ?>
The first _POST (if(isset($_POST['send']))...) works perfectly. But if(isset($_POST['complete'])) {... does nothing. I ve tried to echo some data to see if my connection doesn't work, but its the _POST...
Please help me!!!!
Thanks for your time!
what you could try:
use vardump to see what $_POST contains: var_dump($_POST);.
use firebug (or something similar for another browser) to lookup the request and see which POST-Parameters are sent.
The second set of form elements (username, password, verify_password, checkterms, complete) are not inside any html form element. Clicking the second button does not post the form to server.
header("Location: main_login.php");
Is not going to work, when $_POST["complete"] is reached. You already sent heaps of output before that. Enable more error_reporting.