I have an update form where users can update their information, but some of the information should not be able to be updated if it already has a value.
From what I understand you must put php code outside the form tags so how would the form know if the database field has a value or not? Would this work below im guessing it won't
<form>
<?php
if (empty($user_data['fieldName'])) {
echo '<label>field name</label>
<input type="text" name="fieldName">';
}
?>
</form>
Does anyone know a way around this? Or how would i check before the field is displayed in the update area?
This part of the code is correct, you may have a problem when assigning the user data in the array $user_data.
An alternative would be to simply disable the input text, that way you could display information to the user without letting him change it.
<form>
<?php
$disabled = "";
if (empty($user_data['fieldName'])) {
$disabled = 'disabled="disabled"'
} ?>
<label>field name</label>
<input type="text" name="fieldName" <?php echo $disabled; ?>/>
</form>
Of course you can do in that way but you should check on the server too if not update exist
Also the most readable way of do this is using alternate php syntax like this
<form>
<?php if (empty($user_data['fieldName'])): ?>
<label>field name</label>
<input type="text" name="fieldName">
<?php endif; ?>
</form>
in that way you can see colors of your html code
see this link,
Alternative php syntax
the doc is for codeigniter but is applicable on clean php
Sorry for my bad english :)
You should have a presentation code, like this :
<form>
<label>field name</label>
<input type="text" name="fieldName" <?=!empty($user_data['fieldName'])?'disabled="disabled"':''?>>
</form>
And a script to update, where you must check if value is set before updating.
As mentioned in a comment, you can put PHP anywhere in a *.php file, so long as it is enclosed in the correct opening and closing tags.
That said, this is a two-sided process:
In the form I would suggest simply disabling the input, so the data is shown, but is not modifiable:
<form>
<label>field name</label>
<input type="text" value="<?php echo addslashes($user_data['fieldName']) ?>" name="fieldName" <?php if(!empty($user_data['fieldName'])) { echo 'disabled="disabled"; } ?> />
</form>
<?php /* Off the top of my head I can not remember how exactly to escape this
form value, it may be `htmlspecialchars`, but it eludes me in the immediate
moment. Sorry. */ ?>
And on your server-side, where you handle the form post data, you will want to double-check that someone didn't forge the data:
if(!empty($user_data['fieldName']) && !empty($_POST['fieldName'])) {
unset($_POST['fieldName']);
}
This way you avoid people modifying the form structure on the client to forge data into your system. You should always do similar checks.
Related
Below is my form- which value i like to update into database.
<form action="#" class="form">
<div class="form__slider">
<div class="form__slider-rating" id="slider__rating"></div>
<div class="form__slider-value" id="form__slider-value"></div>
<!-- <input type="number" class="form__slider-value" id="form__slider-value" value=""> -->
</div>
<input type="hidden" name="movie_id" id="movie_id" value="<?php echo $post_id; ?>" />
<input type="hidden" name="name" id="name" value="<?php echo $userName; ?>" />
<textarea class="form__textarea" name="remark" id="remark" placeholder="Review"></textarea>
<button type="button" class="form__btn">Send</button>
</form>
and in site it was look like this
This blue mark value I need to update into database. How to do that?
Regarding PHP, you need to handle a form.
Firstly, write a code that would handle the form itself, you can do that, by putting some php on top of your page;
if(isset($_POST['form-slider-value'] && $_POST['form-slider-value'] !== null) {
$value = $_POST['form-slider-value'];
//Database handle
}
Of course don't forget to add name 'form-slider-value' to the input.
Ideally there would be classes or similar stuff for that, I'd advise you to use some kind of framework.
Basically. PHP and FORMS works with handling them, once you submit your form with a button submit, it goes to a place where you address it Form action=. Then everything that is written within names will be at $_POST data.
It is not recommended to keep standalone code in one file, with HTML,css,PHP all together.
Hope that answered your question.
As well. This thing is very common to do or use. I advise you to learn about PHP Forms.
https://www.w3schools.com/php/php_forms.asp
And read about constructing a class. Id say do it the proper way.
Learn about frameworks as well, they are modern day time saviors once you learn it.
I got this PHP src:
$tags = get_meta_tags('http://www.autostraddle.com');
echo "CMS is: ";
echo $tags['generator'];
This code is not user friendly; it's not ready for one online tool for my website, because I want create a simple service - CMS detector, and...
$tag = isset($_REQUEST['url']) ? get_meta_tags('url') : '';
<form action="index.php" method="post">
<input type="text" name="url" size="65" value="<?php echo $tag; ?>"/><br />
<input type="submit" value="Go!">
echo $tag['generator'];
I want create one online tool about detecting what CMS is, but I need this PHP script with HTML form because this will be used from users, and not only from me.
They must put any url, and then the script will perform as described to get the meta tag 'generator'; how do I get the meta tag 'generator'? I want only this meta tag.
Well, and how to do this with 'if else'? if there is meta tag generator do this, but if there is not such tag 'generator', then write any 'echo' message, e.g.
CMS is not known.
Well, this is simple PHP script, but I don't know how to create variables and how to get a URL; mayve with cURL?
What you're struggling with is actually getting the user-side input from the POST superglobals. This is something you can try, but there are many ways to implement this. You could also use method="SET" and capture the user parameters from URL of the action="" file.
Notice, in this case, the action="" parameter is empty. That means the PHP script will execute on the same page where the HTML form is. This might not be what you're trying to do, so if you need to redirect, add the PHP code to a separate file and add it to your website and to the action="" parameter.
<form action="" method="POST">
<input type="text" name="url" size="65" placeholder="http://yoururl"/>
<input type="submit" name="submit" value="Go!">
</form>
<?php
if(isset($_POST['submit']))
{
$tags = get_meta_tags($_POST['url']);
if($tags['generator'])
echo "CMS: <b>" . $tags['generator'] . "</b><br>";
else
echo "No CMS info available.<br>";
}
?>
Give this a shot.
I'm trying to set the value in my input text using the get method. However, when I try to render the page, it keep showing my code in the text field instead. Can someone explain what I did wrong?
<form name="quotepage" action="search.php" method="get">
<b>Stock Symbol:</b>
<input type="text" size="8" name="sb" value="<?php echo $_GET["sb"]; ?>" />
<input type="submit" value="Quote" onClick="quotepage.action='search.php';"/>
</form>
When I try to render the page, it will show my code in the value tag in my text field.
If you are seeing an error/warning/notice in your text box, try changing:
<?php echo $_GET["sb"]; ?>
into:
<?php echo isset($_GET["sb"])?$_GET["sb"]:""; ?>
to avoid showing the content if there was no content yet.
And better yet, change it to:
<?php echo isset($_GET["sb"])?htmlspecialchars($_GET["sb"]):""; ?>
to also escape nasty characters such as " that otherwise will break your HTML.
If you are actually seeing <?php echo $_GET["sb"]; ?> inside your text box, then you are having problems running PHP. Check that your script file name ends with .php and check PHP is working on your system.
Do you have a LAMP stack or similar set up?
You need Apache running with PHP installed at the least for this. Also what is this 'onClick="quotepage.action='search.php';"' attribute for?
This question has been asked multiple times before,
but I have a different situation from those I've read.
My Database multiple forms that are to be loaded upon user request. This is not the problem and I can handle this. Within these forms, there are fields that are filled dynamically from 2 queries.
One of my fields that is to be filled from the database looks like this:
<label class="itemLabel" for="name">Name : </label>
<input name="name" type="text" class="itemInput" value="<? echo $queryB[1]; ?>" readonly="readonly" />
as you can see, the value is set to be a PHP code echo $queryB[1] ... When I got the form from the DB and echoed it, the fields got the value <? echo $queryB[1]; ?> instead of the actual value.
I've tried to use eval($myForm) where my form is retrieved from the DB, but nothing appeared in the place where the form should appear. I would appreciate if someone can help me with this.
Your PHP instance has short_open_tag disabled.
Change it to:
<?php echo $queryB[1]; ?>
...and it should do what you expect.
There is nothing different in your situation and it is exactly the same as others.
and the answer is the same as well: do not mix the code and the data.
Do not store the code in the database.
Do not pass GO, do not collect $200
Implement some sort of placeholders or - even better - some form builder and create these forms on the fly, based on the data from database.
Why not to store only relevant data in the database, like
name
type
value
class
and some flags like disabled, readonly and such?
take a look at http://pear.php.net/package/HTML_QuickForm2/
Building on my comment and Col Shrapnel's answer, here is a simple placeholder example. You should really maintain the HTML in a flat file (as it effectively seems to be part of the view in your application), but for simplicity's sake let's say it still resides in the database. Store the following value:
<label class="itemLabel" for="name">Name : </label>
<input name="name" type="text" class="itemInput" value="{queryValue}" readonly="readonly" />
Now, when you load the value from the database, you can replace the placeholder from the text:
$html = str_replace('{queryValue}', $queryB[1], $htmlTemplate);
This is an incredibly simplified example, and masks a load of potential issues regarding placeholder names, formats etc., but it might get you started.
Alternatively, if you decide to opt for the file route, you could have two files:
view.phtml:
<label class="itemLabel" for="name">Name : </label>
<input name="name" type="text" class="itemInput" value="<?php echo $this->value; ?>" readonly="readonly" />
In your current PHP script:
class View {
public function render($file) {
// check for file existence etc.
require_once $file;
}
}
$view = new View();
$view->value = $queryB[1];
$view->render('view.phtml');
I seem to have a bit of a problem here that I can't quite figure out.
So the deal is I have a php script along with an HTML file, in that file I have a few forms with some text boxes and some drop downs. Now the reason I had to go single forms on all of these was because if I did one big one none of them would work when I would hit the submit button. I have no idea... My current code is below, my previous code only had one form and it wouldn't work at all.
<form method="post" id="locationFromPost" name="locationFormPost">
<div class="formRow">
<div class="label">
<label for="locationForm">Current Location:</label>
</div>
<div class="field">
//If post is null go back to value pull originally else echo post
<?php if($_POST['locationForm']==null) $location=$location;else $location=$_POST['locationForm']; ?>
<input type="text" name="locationForm" id="locationForm" value="<?php echo $location?>"></input>
</div>
</div>
</form>
...... and so on.......
<form method="post" id="sexFromPost" name="sexFormPost">
<div class="formRow">
<div class="label">
<label for="sexForm">Sex</label>
</div>
<div class="dropDown">
<select name="sex" id="sexForm" >
//If post is null go back to value pull originally else echo post
<?php if($_POST['sexForm']==null) $sex=$sex;else $sex=$_POST['sexForm']; ?>
<option value="1" <?php if($sex==1){echo"selected='selected'";}?>>Male</option>
<option value="2" <?php if($sex==2){echo"selected='selected'";}?>>Female</option>
<option value="3" <?php if($sex==3){echo"selected='selected'";}?>>Not Specified</option>
</select>
</div>
</div>
</form>
...... and so on.......
<form method="post" id="submit" name="submit">
<div class="formRow"><div id="seperator"></div></div>
<div class="submitButton">
<input type="submit" name="submit" id="submit" value="Save Changes"/>
</div>
</div>
</form>
So thats what the top part of my code looks like, all the div's are for formatting you don't have to worry about those. Now the php code to save the information is below. I should note that the variables you see in the php parts of the code above are retrieved from the Database in the earlier part of the code, thats working fine. What I am having problems with is I want a user to be able to edit their information then just hit the submit button and the information to be saved. What currently happens is, well, absolutely noting. The page will refresh and all the values will go back to what they were when they were pulled, they are not stored in the DB at all, now I checked to make for sure that part of the code works, buy doing some test. It saves the data no problem. What I thin is the problem is the forms them-selfs, if I do everything in one big form it doesn't work... Don't know why. now if I hit enter at the end of each of the forms individually in the browser the data goes in but just that field, sometimes other fields are wiped completely out and a null or empty string is stored. I cant seem to figure this thing out at all.
heres the php to save the information.
<?php
if (isset($_POST['submit']))
{
mysql_query("UPDATE members SET location= '".$_POST['locationForm']."' WHERE usr='" .mysql_real_escape_string($_SESSION['usr']) ."'");
mysql_query("UPDATE members SET location= '".$_POST['sexForm']."' WHERE usr='" .mysql_real_escape_string($_SESSION['usr']) ."'");
........ you know the rest.......
}?>
I am completely lost at why this thing is doing this, now im not the best PHP programmer by any-means, so it could (probably is) be me. If anyone could point out what I would need to do to get a system like that working please let me know
Thanks.
I wasn't clear exactly what your problem was.
However this:
<?php if($_POST['locationForm']==null) $location=$location;else $location=$_POST['locationForm']; ?>
Doesn't look to me like it is going to do much. Try something like this:
<?php
if(!isset($_POST['locationForm'])){
$location=$location;
}
else {
$location=$_POST['locationForm'];
}
?>
(Curly braces are my own personal liking)
Assuming you have $location defined somewhere you didn't show us. This will check if there is NOT a $_POST['locationForm'], and if there is it will use it.
Try placing all the form fields within on form tag and also use mysql_real_escape_string on your variable as well.
you need all the fields that are going to be submitted to any given page to exist in a single form tag. any elements in a different form tag will submit as a set of THAT form tag.
I' assuming that you also want to maybe combine down your updates?
//$_SESSION['usr'] should already be sanitized and safed wherever you handle your site credentials..
//set your submittable values, with a default to an empty string in this case.
$sex=isset($_POST['sexForm'])?mysql_real_escape_string($_POST['sexForm']):"";
$location=isset($_POST['locationForm'])?mysql_real_escape_string($_POST['locationForm']):"";
//single statement, no need to iterate for each field, that's wasted connections.
$sql="update "UPDATE members SET location= '$location' , sex='$sex' WHERE usr='".$_SESSION['usr']."'";