I have one instance of where a user on my PHP site can login, and I'm trying to make a second where administrators can post announcements.
My login works beautifully, but for some reason I can't get my announcement submission to work. Despite my input fields being named appropriately, the field is being seen as "not set" when I type in a title and announcement on my form. Here is my code:
FORM:
<form action="announce.php">
<input type="text" name="title" />
<textarea name="announce" cols="20" rows="2" ></textarea>
<input type="submit" name="submit" value="Announce" />
</form>
Here is my PHP:
include_once 'creds.php';
$con=mysqli_connect("$db_hostname","$db_username","$db_password","$db_database");
if (isset($_POST['title']))
{
$title = $_POST['title'];
$announce = $_POST['announce'];
$query = "INSERT INTO announcements (labname, name, author, announce)
VALUES ($lab, $title, $username, $announce)";
$insert = mysqli_query($con, $query);
mysqli_close($con);
echo "added successfully";}
else
{
echo "something went wrong";
}
My other form seems to work but this one doesn't... is my syntax wrong somewhere?
Your form is submitting as a GET request, not POST.
Change this line:
<form action="announce.php">
to this:
<form action="announce.php" method="post">
Edit: I should really refresh the page before posting. All credit to noobie-php for getting this right in their comment 30 mins before I posted this!
Php :
include_once 'creds.php';
$con=mysqli_connect("$db_hostname","$db_username","$db_password","$db_database");
if (isset($_POST['submit']))
{
$title = $_POST['title'];
$announce = $_POST['announce'];
$query = "INSERT INTO announcements (labname, name, author, announce)
VALUES ($lab, $title, $username, $announce)";
$insert = mysqli_query($con, $query);
mysqli_close($con);
echo "added successfully";}
else
{
echo "something went wrong";
}
i think if (isset($_POST['submit'])) this is the problem.
Related
I want to update and insert conditionally but query always goes "Insert" data. No "update" anyway. My code is below:
<form method="post" action="">
<label>ID: </label> <input type="text" name="id">
<label>Subject: </label> <input type="text" name="subject">
<input type="submit" name="submit">
</form>
<?php
$conn = new mysqli("localhost", "root", "", "zidm");
$id=$_POST['id'];
$subject=$_POST['subject'];
if (isset($_POST['submit'])){
$sql = "UPDATE exam SET subject = '$subject' WHERE id = '$id'";
mysqli_query($conn,$sql);
echo "Data Updated";
}
else {
$sql="INSERT INTO exam (subject) VALUES ( '$subject)";
mysqli_query($conn,$sql);
echo "Data Inserted";
}
?>
The issue is that you are checking for form submission but also have an else statement which will always fire on page load. You need to wrap your entire logic in the form submission check and then check for the id parameter.
// Form was submitted
if (isset($_POST['submit'])) {
if (!empty($_POST['id'])) {
// Update
} else {
// Insert
}
}
I want it so that when the user types into the textarea/input and clicks save changes, the information they input has been added and saved into the database. Below is my code:
$name = $_SESSION['u_name'];
$uid = $_SESSION['u_uid'];
$id = $_SESSION['u_id'];
$con = mysqli_connect("localhost", "root", "pass123", "db_name");
if ($con->connect_error) {
die("Connection failed: " . $conn->connect_error);
echo "<script type='text/javascript'>alert('connection failed. try again');</script>";
}
$remind1 = $_POST['remind1'];
$remind2 = $_POST['remind2'];
$remind3 = $_POST['remind3'];
$remind4 = $_POST['remind4'];
$remind5 = $_POST['remind5'];
if (isset($_POST['updBtn'])){
$sql = "UPDATE reminders SET remindone='$remind1' WHERE username='$uid'";
if ($con->query($sql) === TRUE) {
echo "<script type='text/javascript'>alert('Updated successfully');</script>";
}else{
echo "<script type='text/javascript'>alert('error while updating. try again');</script>";
}
}
Below is the corresponding HTML:
<form action="body.php" method="post">
<input type="submit" class="sideBtn" value="Save Changes" name="updBtn"><br>
<input type="text" class="event" name="remind1"><br>
<input type="text" class="event" name="remind2"><br>
<input type="text" class="event" name="remind3"><br>
<textarea class="event" name="remind4"></textarea><br>
<textarea class="event" name="remind5"></textarea><br>
</form>
Ideally what would happen, is that whatever the user types into the textarea/input is updated in the database, then they can access and later tweak the text if they need to.
I have been able to pinpoint that my problem is somewhere along the $_POST variables in my PHP as, if I were to substitute the aforementioned variable with a string as such:
$sql = "UPDATE reminders SET remindone='hello' WHERE username='$uid'";
...it works perfectly. But with when using the POST variable, it does not work.
How can I fix this mistake of mine and make it so that the user is able to post text into the database? Is the $_POST variable required here or is there another method to achieve this?
I'm a novice at mysql having trouble with inserting fields. I have created a login form and a homepage form for users to enter personal details. The login form submitted to mysql database fine, but the personal details form refused to submit; only when I specified the same fields as the first form did the form submit. Obviously, I would like to add new data in the second form, and I would appreciate tips on organizing my database, which consists of a single table profile.It stores info on every user including fields: id,username,password,avatar,location,goal, etc.
Appreciate your help & patience. I will combine the info from the two forms into a user record eventually. Right now, though, I would like to know why no new entry is created or error message displayed even though my error display is turned on.
EDIT:: sorry for not including whole code
loginform.php (works fine)
<?php
require("connect.php");
session_start();
$query = "SELECT * FROM `profile`";
if ($query_run=mysqli_query($cnn,$query))
{
echo "
<h1>Sign up for Runners World</h1>
<form action='' method='post'>
Username: <input type='text' name='username'><br>
Email: <input type='text' name='email'><br>
Password: <input type='text' name='pw'><br>
<input type='submit' name='submit' value='submit'>
</form>
";
}
else {
die("<br>could not connect to table");
}
?>
<?php
if (isset($_POST['submit']))//if you submitted the form
{
$username = $_POST['username'];
$password = $_POST['pw'];
$email = $_POST['email'];
if ($username and $password and $email)
{
$addLogin = "INSERT INTO profile (username,email,password) VALUES ('$username','$email','$password')";
$success = $cnn->query($addLogin);
if ($success)
{
$_SESSION['name']="$username";
echo("<script>location.href = 'homePage.php';</script>");
}
else
{
die("login data failed to reach database");
}
}
else {echo "please fill out all the fields";}
}
else {
$submit=null;
echo 'no form submitted';
}
?>
addDetails.php (not submitting)
<?php
session_start();
error_reporting(E_ALL);
ini_set("display_errors",1);
require("connect.php");
require("login.php");
echo "<h1>Welcome ".$_SESSION['name']."</h1>";
echo "<form action='' method='post'>
Avatar: <input type='text' name='avatar'><br>
Location: <input type='text' name='location'><br>
Descripiton: <input type='text' name='about'><br>
Daily Goal: <input type='text' name='goal'><br>
<input type='submit' value='submit' name='submit'>
</form>
";
$avatar = $_POST['avatar'];
$location = $_POST['location'];
$goal = $_POST['goal'];
$about = $_POST['about'];
if (isset($_POST['submit']))
{
$sql = "INSERT INTO profile (avatar,location,goal) VALUES ('$avatar','$location','$goal')";
if ($cnn->query($sql)===TRUE)
{echo "you have inserted profile fields";}
else
{echo "sqlQuery failed to insert fields";}
}
?>
If you want to add data to a row that already exists, look up the UPDATE command in SQL
You should change the Sql statement in 'addDetails.php' to:
UPDATE profile
SET avatar={$avatar}, location={$location}, goal={$goal}
WHERE id={$id}
By the way you should never ever use this statement in your production, it is not safe, you should keep in mind to prevent Sql injection.
I'm learning PHP and I've hit a wall.
When the user submits to the form, it adds to the database.
I am also trying to display all items in the database on the same page as the form.
However,this only works if the form has just been submitted. If the form has not been submitted (but there is still content in the database), nothing is shown.
How can I always show what is in the current database?
<form action="" method="post">
<input type="text" name="todo_content" id="">
<input type="submit" value="Submit">
</form>
<?php
if ( isset($_POST['todo_content'])) {
$latest_content = $_POST['todo_content'];
} else {
die();
}
$todo_db = mysqli_connect('localhost', 'root', 'root');
mysqli_select_db($todo_db, 'todo_list');
mysqli_query(
$todo_db,
"INSERT INTO todo_items (item_content) VALUES ('$latest_content')"
);
$all_todos = mysqli_query( $todo_db, "SELECT item_content FROM todo_items" );
$all_todos_result = mysqli_fetch_array($all_todos);
var_dump($all_todos_result); // these show nothing
var_dump($all_todos); // these show nothing
?>
The die() is your problem:
if ( isset($_POST['todo_content'])) {
echo 'is set';
$latest_content = $_POST['todo_content'];
} else {
die();
}
If $_POST is not set, you will never reach the part where you start printing your items. And since the form is not submitted, $_POST is empty.
EDIT
You could do it like this:
<form action="" method="post">
<input type="text" name="todo_content" id="">
<input type="submit" value="Submit">
</form>
<?php
$todo_db = mysqli_connect('localhost', 'root', 'root');
mysqli_select_db($todo_db, 'todo_list');
if ( isset($_POST['todo_content'])) {
$latest_content = $_POST['todo_content'];
mysqli_query($todo_db, "INSERT INTO todo_items (item_content) VALUES ('$latest_content')");
}
$all_todos = mysqli_query( $todo_db, "SELECT item_content FROM todo_items" );
$all_todos_result = mysqli_fetch_array($all_todos);
var_dump($all_todos_result); // these show nothing
var_dump($all_todos); // these show nothing
?>
You need to move your insert query inside your if condition and you will need not to die if the form is not submitted but print the form and your query results
$todo_db = mysqli_connect('localhost', 'root', 'root');
mysqli_select_db($todo_db, 'todo_list');
if ( isset($_POST['todo_content'])) {
echo 'is set';
$latest_content = $_POST['todo_content'];
mysqli_query($todo_db, "INSERT INTO todo_items (item_content) VALUES ('$latest_content')");
} else {
?>
<form action="" method="post">
<input type="text" name="todo_content" id="">
<input type="submit" value="Submit">
</form>
<?php
$all_todos = mysqli_query( $todo_db, "SELECT item_content FROM todo_items" );
$all_todos_result = mysqli_fetch_array($all_todos);
var_dump($all_todos_result);
var_dump($all_todos);
}
As side note i'd say you are at high risk of mysql injection. You should use prepaed statments and not inserting $_POST data inside your database directly
I am setting up my custom blog's basic submission system.
This is the PHP section of it that I try to submit the inserted data into the database
<?php
session_start();
if(!isset($_SESSION['user_id'])){
header('Location: login.php');
exit();
}
include('../includes/db_connect.php');
if(isset($_POST['submit'])){
$newTitle = $_POST['newTitle'];
$newPost = $_POST['newPost'];
$my_date = date("Y-m-d H:i:s");
if(!empty($newPost))
if(!empty($newTitle)){
$sql="INSERT INTO posts (title, body)
VALUES($newTitle, $newPost)";
$query = $db->query($sql);
if($query){
echo "Post entered to database";
}else{
echo "Error Submitting the data";
}
}
}
?>
Then There is the submission form, I am pretty sure this is the faulty end for some reason, but I cannot find out why.
<form action="<?php echo $_SERVER['PHP_SELF']?>"name="newTitle" method="post">
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<p>Title:</p><br><input type="text" name="newTitle">
<textarea name="newPost" cols="110" rows="25"/></textarea><br>
<label for="newPost">Add New Post</label><input type="submit" name="submit" value="submit"/>
</form>
This is the database's table:
post_id (A_I)
user_id
title
body
category_id
posted(datetime)
Bear in mind that I am a rookie in this area, so don't be too harsh :)
Use single quote for strings:
$sql="INSERT INTO posts (title, body) VALUES ('$newTitle', '$newPost')";
//^ ^ ^ ^
Notice:
Try to use PDO and param binding in your projects to prevent sql injection.
Nice Tutorial about PDO
Use single form tag only:
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<p>Title:</p><br><input type="text" name="newTitle">
<textarea name="newPost" cols="110" rows="25"/></textarea><br>
<label for="newPost">Add New Post</label>
<input type="submit" name="submit" value="submit"/>
</form>
And in your php code, you can check youe data by using isset() function
if(isset($_POST['submit'])){
if(isset($_POST['newTitle']) && ($_POST['newPost']))
$newTitle = $_POST['newTitle'];
$newPost = $_POST['newPost'];
$my_date = date("Y-m-d H:i:s");
$sql="INSERT INTO posts (title, body)
VALUES('$newTitle', '$newPost')"; //use variable in single quote.
$query = $db->query($sql);
if($query){
echo "Post entered to database";
}else{
echo "Error Submitting the data";
}
}