I have two pages page one and page_two, in page_one the user enter some information which will be inserted in the database and when the he press enter he should be directed to page_two and inside this page there are the same information that he entered in page_one. and the problem is every time the user refresh page_two the data is inserted in the database again. I tried to fix this issue by using header to a new page, it worked but in page_two the information that was entered in page_one is lost.
page_one
<form action="page_one.php" method="post" name="info" >
<input name="userName" type="text" />
<input name="userEmail" type="text" />
<input name="userPass" type="text" />
<input name="submit" type="submit" />
</form>
<?php
include('db.php');
if(isset($_POST['Login']))
{
$user_name = $_POST['userName'];
$user_email = $_POST['userEmail'];
$password = $_POST['userPass'];
mysql_query("INSERT INTO users VALUES ('$user_name',' $user_email',' $password')");
header("Location:page_two.php.php");
exit;
}
?>
page_two
<?php
$user_name = $_POST['userName'];
$user_email = $_POST['userEmail'];
$password = $_POST['userPass'];
echo 'your user name: '.$user_name;
echo 'your email: '.$user_email;
echo 'your password: '.$password;
<input name="userName" type="hidden" value="<?php echo $user_name; ?>" />
<input name="userEmail" type="hidden" value="<?php echo$user_email; ?>" />
<input name="userPass" type="hidden" value="<?php echo $password; ?>" />
when I try this code it gives me this error message from page_two:
notice undefined index userName
notice undefined index userEmail
notice undefined index userPass
Pass the variables via url to page_two.
So your header will be
header("Location:page_two.php.php?userName=user_name&userEmail=user_email&userPass=password");
Now catch these variables using $_GET on page_two
<?php
$user_name = $_GET ['userName'];
$user_email = $_GET ['userEmail'];
$password = $_GET ['userPass'];
echo 'your user name: '.$user_name;
echo 'your email: '.$user_email;
echo 'your password: '.$password;
You have the correct approach, but on page_2, instead of retrieving the values from the $_POST array, you should retrieve them from the database, as they now exist there. This will remove your undefined index problem.
Redirect using header to some safe page after inserting the data. You can rather use id of the inserted row to get data on page_2.
Hope this helps.
Since you're building a multi-page web-app. I suggest you have to use SESSION to save the posted information of the 1st page, then use the SESSION variable for the 2nd page.
I hope the link below helps.
http://www.html-form-guide.com/php-form/php-order-form.html
On page two you should include a Select statement which will select all the values that are stored in your table.
mysql_query("SELECT * FROM users ");
Related
I need to pass the sessions user name (that they have logged in with) which is an email! I need to pass this to a separate page and output it in a table to represent a review submitted
$_SESSION['name'] = $_POST['name']; - sends page to login in when refreshed
$name = ['name'] - sends page back to login
<!-- logged in user information -->
<?php if (isset($_SESSION['email'])) : ?>
<p>Welcome you are logged in as: <strong><?php echo $_SESSION['email']; ?></strong></p>
the 'email' needs passing across from the code above 'index.php' to the code below 'reviews.php'
<p>
<input name="product_id" value="<?php echo "$var" ?>" readonly> <!-- get value from previous page-->
<input name="track_name" value="<?php echo "$var_value" ?>" readonly> <!-- get value from previous page-->
<input name="track_name" value="<?php echo "EMAIL_HERE" ?>" readonly> <!-- get value from previous page-->
<!-- get value from previous page-->
<input type="Submit" name="Submit" value="Submit"></p>
As this is an assignment I can only use PHP MYSQL HTML CSS
I would like the user name (email) to be echo out in a table as $var and $var_value is, they should then all print out beside each other in a form
UPDATE
using this code I have managed to now get the variable value across but cannot insert it to the DB
$email = $_SESSION['email'];
$sql = "INSERT INTO reviews (rating, review, track_name, product_id, email) values('$rate', '$text', '$track', '$artist', '$email')";
``" readonly>```
so the update is how can I now get this inserted to my database?
did you try to use $_SESSION['email'] variable in reviews.php page?
I hope that u are using CSRF tokens too
FINALLY THANK YOU FOR YOUR HELP ALL
$email = $_SESSION['email']; Get the email from session
$email = (isset($_POST['email']) ? $_POST['email'] : null); Remove index error
<input name="email" value="<?php echo "$email" ?>" readonly> <!-- get value from previous page--> Display the value
$review_query = mysqli_query($result,"SELECT rating, review, email FROM reviews WHERE track_name = '$var_value' AND product_id = '$var'"); Grab it from the DB
<td class='col-4 col-s-4' name='email'><?php echo $email ?></td> Output its value
I am trying to create a page to allow users to edit their details using PHP, which validates the content before being submitted.
I want to allow users to update their username, first and second name and email address.
The validation consists of:
<?php
if(preg_match("/^[0-9a-zA-Z_]{3,}$/", $_POST["username"]) == 0)
$error_username = '<li>Usernames may contain only digits, upper and lower case letters and underscores</li>';
if(preg_match("/^[A-Za-z]+$/", $_POST["fname"]) == 0)
$error_fname = '<li>First Name may contain upper and lower case letters</li>';
if(preg_match("/^[A-Za-z]+$/", $_POST["sname"]) == 0)
$error_sname = '<li>Second Name may contain upper and lower case letters</li>';
if(preg_match("/^[a-zA-Z]\w+(\.\w+)*\#\w+(\.[0-9a-zA-Z]+)*\.[a-zA-Z]{2,4}$/", $_POST["email"]) == 0)
$error_email = '<li>Email Addresses must have a valid email address format</li>';
else header("Location: edit.php");
?>
And to display the errors:
<ul>
<?php if(isset($error_username)) echo $error_username; ?>
<?php if(isset($error_fname)) echo $error_fname; ?>
<?php if(isset($error_sname)) echo $error_sname; ?>
<?php if(isset($error_email)) echo $error_email; ?>
</ul>
The form that I have is:
<form name="edit_account" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<input class="form_field" name="username" type="text" value="<?php echo $_POST["username"]; ?>" placeholder="Username">
<input class="form_field" name="fname" type="text" value="<?php echo $_POST["fname"]; ?>" placeholder="First Name">
<input class="form_field" name="sname" type="text" value="<?php echo $_POST["sname"]; ?>" placeholder="Second Name">
<input class="form_field" name="email" type="text" value="<?php echo $_POST["email"]; ?>" placeholder="Email Address">
<input type="submit" name="Submit" value="Update Account">
</form>
Providing that all requirements of the validation are met, the user is taken to edit.php and then redirected to a success page:
<?php
$sql = $mysqli;
$id = htmlentities($_SESSION['user_id']);
$username = $sql->real_escape_string($_POST['username']);
$fname = $sql->real_escape_string($_POST['fname']);
$sname = $sql->real_escape_string($_POST['sname']);
$email = $sql->real_escape_string($_POST['email']);
$query = ("
UPDATE users
SET
username='$username',
fname='$fname',
sname='$sname',
email='$email'
WHERE id='$id'") ;
$sql->query($query) or die($query.'<br />'.$sql->error);
header ('Location: success.php');
?>
When I attempt to run this code, the updating fields are submitted into the database as blanks - However, without the validation, the users submitted details are successfully entered.
Can someone please point out what is causing the form to submit as a blank. Thanks.
It looks like you are redirecting to edit.php (which contains database insertion code) from the validation script. The issue is that the $_POST variable is reset when you redirect.
I would include('path/to/edit.php') the edit.php script rather than redirect to it. If that isn't possible, I would save the $_POST data in a $_SESSION variable.
Hope this helps
You're posting them to the validation page, but losing them when you redirect to the edit.php page. Store the information in session variables before going to edit.php, like this:
$_SESSION['username'] = $_POST["username"];
// other variables also
On the edit.php, instead of pulling from $_POST, pull from $_SESSION.
Side Notes
Don't forget session_start() at the top of each page. Also, you should look into prepared statements when using user input.
Basically I want to create a cookie in PHP that remembers what a user has entered into a form (that directs to a separate page), so that anytime they come back to the page, the form is already prepopulated with whatever information they put into it the first time around.
I've looked everywhere and can't really find a good answer for how to do this. This is how my code is configured right now (which isn't working).
PHP:
$fname = $_POST['fname'];
$lname = $_POST['lname'];
setcookie( "fname", $fname, time() + 36000 );
setcookie( "lname", $lname, time() + 36000 );
HTML:
<form method="post" action="hidden.php">
<p>
First Name: <input type="text" maxlength="40" name="fname" id="fname" value="
<?php
if(isset($_COOKIE['fname']))
{
echo $_COOKIE['fname'];
}
else
{
echo "";
}
?>"/>
</p>
<p>
Last Name: <input type="text" maxlength="40" name="lname" id="lname" value="
<?php
if(isset($_COOKIE['lname']))
{
echo $_COOKIE['lname'];
}
else
{
echo "";
}
?>"/>
</p>
Any mind telling me what I'm doing wrong and how I can fix it? Thank you!
You're close, however $fname in your HTML is empty (presuming you've submitted all relevant code). You need to either set $fname to the value of $_COOKIE['fname'], or just echo the cookie value directly. For instance:
echo $_COOKIE['fname']; // Be sure to sanitize this!
I already have this code figured out, but the entries a user submits with the submit button aren't going anywhere. Is there any way to fix this, or should I just use the $_POST method?
PHP code:
<?php
include ("dbroutine.php");
function register() {
$connect = db_connect;
if (!$connect)
{
die(mysql_error());
}
$select_db = mysql_select_db(securitzed, $connect);
if (!$select_db) {
die(mysql_error());
}
//Collecting info
$fname = $_REQUEST ['fname'];
$lname = $_REQUEST ['lname'];
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$email = $_REQUEST['email'];
//Here we will check do we have all inputs filled
if(empty($_REQUEST['username'])){
die("Please enter your username!<br>");
}
if(empty($_REQUEST['password'])){
die("Please enter your password!<br>");
}
if(empty($_REQUEST['email'])){
die("Please enter your email!");
}
//Let's check if this username is already in use
$user_check = mysql_query("SELECT username FROM members WHERE username = '".$_REQUEST
['username']."'");
$do_user_check = mysql_num_rows($user_check);
//Now if email is already in use
$email_check = mysql_query("SELECT email FROM members WHERE email= '".$_REQUEST['email']."'");
$do_email_check = mysql_num_rows($email_check);
//Now display errors
if($do_user_check > 0){
die("Username is already in use!<br>");
}
if($do_email_check > 0){
die("Email is already in use!");
}
//If everything is okay let's register this user
$insert = mysql_query("INSERT INTO members (username, password, email)
VALUES ('".$_REQUEST['username']."', '".$_REQUEST['password']."', '".$_REQUEST['email']."', '".$_REQUEST['fname']."', '".$_REQUEST['lname']."')");
if(!$insert){
die("There's little problem: ".mysql_error());
}
}
switch($act){
case "register";
register();
break;
}
HTML code:
<body>
<form method="post">
First Name: <input type="text" name="fname" value="" /> <br />
Last Name: <input type="text" name="lname" value="" /> <br />
E-mail: <input type="email" name="email" value="" /> <br />
Desired Username: <input type="text" name="username" value="" /> <br />
Password: <input type="password" name="password" value="" /> <br />
Confirm Password: <input type="password" name="passwordconf" value="" /> <br />
<input type="submit" value="Submit"/>
</form>
</body>
If I need to add anything, could anyone point it out, if not, I could also add some extra code if needed.
$_REQUEST contains: $_COOKIE, $_GET, and $_POST variables. if you use $_REQUEST you have no guarantee that the data came from the post data, which leads to security holes in your script. I would use $_POST but by using this method you are vulnerable to SQL injections.
$_GET retrieves variables from the querystring, or your URL. $_POST retrieves variables from a POST method, such as (generally) forms. $_REQUEST is a merging of $_GET and $_POST where $_POST overrides $_GET.
Fix
You have to specify the action in your form as below.
<form action="fetch_data.php" method="post">
<form action="URL">
URL - Where to send the form-data when the form is submitted.
Possible values:
An absolute URL - points to another web site (like
action="http://www.example.com/example.htm")
A relative URL - points to a file within a web site (like action="example.htm")
First, I advice you to read more about variables.
Second, $_REQUEST is a variable like $_POST, $_SESSION, $_GET and so on, which can be stored into your database. So, for your question, Yes you can use $_REQUEST to insert data in a MySQL database
HOWEVER, using it as a substitute for the $_POST variable is not secure at all and not a good practice. Take a look at this to see how the $_POST variable works.
Third, you are using mysql_* functions in your code. please consider using PDO or MYSQLI instead to prevent SQL INJECTION and secure your website better. In addition, MYSQL is dupricated in PHP 5.5 and up. take a look at this tutorial, it shows you how to use PDO instead of MYSQL.
Fourth, you should not be storing passwords directly to databases, you need some form of password hashing. read more about it here
Try using
$fname = $_POST ['fname'];
$lname = $_POST ['lname'];
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
You could also do following to check request params
var_dump($_POST);
Use ACTION in your HTML form.
Sanitize the data as well from sql injection.
Check if data from $_REQUEST is not empty.
I want to pass the $username value to doMember.php page from member.php with form :
member :
$username = $_GET['user'];
<form name="member" method="get" action="doMember.php?user=<?php echo $username;?>">
in the doMember.php page :
$username = $_GET["user"];
echo $username;
but the $username in doMember.php is empty. Is there something missing?
HTML and PHP are not the same
$username = $_GET['user'];
echo '<form name="member" method="get" action="doMember.php?user='.$username.'">';
You should not set the parameters in the action. Take a look at the generated HTML, you'll see your form will be sent to "doMember.php?user=", so you'll always send an empty user.
The browser will append all form variables to the action upon submit, so simply put doMember.php.
You should place the username in an
<input type="hidden" name ="username" val="usr">
instead
Form method='post'
The field name of that form must be named "user"
Can't you include the value of $user_name in a hidden variable in your so
$username = $_GET['user'];
<form name="member" method="get" action="doMember.php">
<input type="hidden" id="user_name" name="user_name" value="<?php echo $username; ?>"
.
.
.
</form>