I am making a website in CodeIgniter and for one of these pages I need to insert information into a database, however every time I enter information into my form and submit it, the page refreshes like it had been submitted but nothing enters the database.
Controller:
public function insertjob()
{
$this->load->helper('form');
$data['title']="Add a new job";
$this->load->view("insertjob", $data);
}
public function addingjob()
{
$jobtype=$this->input->post('jobtype');
$jobinfo=$this->input->post('jobinfo');
$this->load->model("cmodel");
if($this->cmodel->addjob($jobtype, $jobinfo)){
$data['msg']="New job addition successful";
}else{
$data['msg']="There was an error please try again";
}
$this->load->view("confirmation",$data);
Model:
function addjob($jobtype,$jobinfo)
{
$newjob=array("jobtype"=>$jobtype,"jobinfo"=>$jobinfo);
return $this->db->insert('clientjobs', $newjob); exit;
View:
</p>
<?php
echo form_open('client/insertjob');
echo form_label('Job:', 'Job');
echo form_input('jobtype');
echo form_label('Job information:', 'Job information');
echo form_input('jobinfo');
echo form_submit('Add job', 'Submit Post!');
echo form_close();
?>
Try removing the exit from your model:
function addjob($jobtype,$jobinfo)
{
$newjob=array("jobtype"=>$jobtype,"jobinfo"=>$jobinfo);
return $this->db->insert('clientjobs', $newjob);
}
It's not neccessary and could be breaking the database class, as well as halting any execution for the application.
Here's your problem:
echo form_open('client/insertjob');
If you look at your HTML code in your browser, you'll see something like this:
<form action="client/insertjob">
There will probably be a whole bunch of other attributes in your form tag - they're not important for this answer.
That action attribute is telling the browser where to go after you click submit. Where is it going? Back to the insertjob method. But it needs to go to your addingjob method - that's where the database update is actually being done. So change the form_open call to:
echo form_open('client/addingjob');
As I see your are using 2 controller functions for posting, page 1 to page 2. You have error on form open you should post your data to addingjob not insertjob.
echo form_open('client/addingjob');
will fix your issue but I highly recommend you to use, one controller for form submit. Below code will send post to same url. And you could add some attributes on it.
<?php
$attributes = array('class' => 'form-horizontal');
echo form_open($this->uri->uri_string(),$attributes); ?>
Related
I am new to php, this is my first post, my apologies about the formatting and the sloppiness of my coding. I'm not sure exactly how to post code. but I believe my question is fairly simple.
I am learning php OOP and trying to re-display an html form in PHP that is called from an object function displayContactForm() using method='POST' that I created from an object class with other various member functions that just simply echo html tags and display a simple `contact.php page with an html form.
All i'm trying to do is re-display the form with blank values after user hits submit and validation fails, so that the form essentially is cleared and user has to re-enter information. I wrote one if/else statement to handle the submit which will check if $_POST is set, and fields are !empty, (else) "redisplay cleared form (or) clear form somehow"? I posted my code for my php page below. The if-else statement is line 31-38. I can't use header relocation. The suggested line for my else statement I was supposed to use for this project was $this->displayContactForm($this->form); to redisplay the form. But it just duplicates the form beneath the original form that is on the page, and I end up with two forms? i'm confused?... Any help is appreciated.
<?php
require('./PageLib.php');
require('./ContactFormLib.php');
//created a class called ContactPage that extends class Page
class ContactPage extends Page{
public $form;
public function __construct($arg=NULL) {
$this->form = new ContactForm();
}
//OVERRIDDEN Page::displayPage()
public function displayPage(){
echo "<html>\n<head>\n";
//HEAD/////////////////
$this->displayTitle();
$this->displayStyles();
echo "</head>\n<body>\n";
//HEADER///////////////
$this->displayHeader();
$this->displayNav($this->navLinks);
//CONTENT//////////////
$this->displayContactForm($this->form);
echo $this->content;
$this->displayFooter();
if(isset($_POST['name'], $_POST['phone'], $_POST['email']) && !empty($_POST['name']) && !empty($_POST['phone']) && !empty($_POST['email'])){
echo " Checked form values. Now echoing content to page.";
}
else {
$this->displayContactForm($this->form);
}
echo "\n</body>\n</html>\n";
public function displayContactForm($f) {
$f->displayForm();
}
}
$contactpage = new ContactPage();
$contactpage->pageTitle = "Contact Page";
$contactpage->headerTitle = "Contact - OOP php Page Builder";
$contactpage->content="<h3>Contact Page Content</h3>\n";
$contactpage->displayPage();
?>
This is not possible with just PHP. You will have to use Ajax in combination with PHP to perform this task. PHP by itself requires a page refresh to "re_display" content.
I just started using Code Igniter framework and also just started learning on PHP OOP. I came across something when coding for the forms.
In a form if I have two buttons that would lead to different pages, what would be the most suitable way to do it? I found two ways. The first is to have a dynamic action/link, let's call it method A:
Method A
Variable $form_link is 'form_link'.
(View) main_user_view.php
<?php echo form_open($form_link); ?>
<?php echo form_button($add_user_button); ?>
<?php echo form_button($delete_user_button); ?>
<?php echo form_close(); ?>
(Controller) User.php
public function form_link()
{
// Value of button clicked
$form_submitted = $this->input->post('submit_form');
if($form_submitted == 'add_user')
{
redirect('User/add_user');
}
elseif($form_submitted == 'delete_user')
{
redirect('User/delete_user');
}
elseif($form_submitted == 'back')
{
redirect('User');
}
}
And the other way is instead of having a second button I would use an anchor and make an absolute path for it.
Method B
Variable $form_link is 'add_user' which is a function in the controller.
(View) main_user_view.php
<?php echo form_open($form_link); ?>
<?php echo form_button($add_user_button); ?>
<?php echo anchor('add_delete_user/delete_users_view', 'Delete', array('class'=>'btn btn-info', 'role'=>'button'));?>
<?php echo form_close(); ?>
The only problem I have with method A is that if in the form I have input fields, I cannot get the data through POST as redirect does not carry over the data to other functions. I resolved that by using method B where the anchor would lead to the function I want whereby I can get the POST data.
So my main question is, should I use method B instead whenever I have two or more buttons in a form?
You have to use button names for form post actions,
public function form_link()
{
if($this->input->post('add_user'))
{
redirect('User/add_user');
}
if($this->input->post('delete_user'))
{
redirect('User/delete_user');
}
}
What my opinion is also to use the Method B. To make the URL more nicer you can use custom routing (which is located at 'application/config/routes.php')
After the user hits the submit button, how do I reset the drop down menu to the "blank" option of the the menu? I am using a MVC set up with php and HTML, and the concrete5 library. THANKS IN ADVANCE! Here is what I have so far:
Controller code:
public function authorize() {
$selectHost = array('' => '');
foreach ($this->host->getHostInfo() as $row) {
if (isset($row['HARDWARE_id'])) {
$selectHost[$row['id']] = $row['host'];
}
}
$this->set('selectHost',$selectHost);
$postCheck=array(array('param' => 'host',
'check' => '^[0-9]{1,50}$',
'error_msg' => 'Invalid Host ID'),
);
$post = scrub($_POST,$postCheck);
if (isset($post['host'])) {
$this->host->authorize($post['host']);
$this->set('test', "<p> The host has successfully been authorized.</p>");
}
else{
$this->set('failed', "<p>Invalid Host ID</p>");
}
}
view code:
<form method="post" enctype="multipart/form-data" action="<?=$this->action('authorize')?>">
<?php
$form = Loader::helper('form');
print $form->label('host', 'Host: ');
print $form->select('host', $selectHost);
?>
<?php
print $form->submit('Submit','Submit');
echo $test;
echo $failed;
?>
</form>
I'm pretty positive that there's no way to override C5's desire to take the POSTed value and use that as the default. Even if, as TWR suggested, you specify a value. (This is typically a good thing, because if the page is POSTed to and there's an error, you don't want to show the value from the database; you want to show what was in the POST).
You can override the form helper pretty easily.
However, I'd suggest that you do a redirect after successful submission (don't redirect after an error -- then the POSTed value will be useful) to a page. You can redirect to another page, or the same one, ideally with a confirmation message. See https://github.com/concrete5/concrete5/blob/master/web/concrete/core/controllers/single_pages/dashboard/blocks/stacks.php#L23 for an example of using redirect.
This is the best practice for your problem but also because, with your current code, if somebody hits refresh, it'll rePOST the data and reauthorize the host.
i think you could extend the form tag with a (javascript) onsubmit action which does the reset.
Since it's a form submit, you just want to change the value of the "drop box"/select in your view. After a submit, you'll have a fresh page load; so, in every case you'll want to display the default value, and not the current value of $selectHost
In your view, change this
print $form->select('host', $selectHost);
to this
print $form->select('host', $selectHost, null);
According to http://www.concrete5.org/documentation/developers/forms/standard-widgets
If the problem is that the Concrete5 form helpers are not behaving as you want, then just don't use them -- instead just use regular HTML form inputs instead.
<form method="post" enctype="multipart/form-data" action="<?=$this->action('authorize')?>">
<label for="host">Host: </label>
<select id="host" name="host">
<?php foreach ($selectHost as $value => $text): ?>
<option value="<?php echo htmlentities($value); ?>"><?php echo htmlentities($text); ?></option>
<?php endforeach; ?>
</select>
<input type="submit" value="Submit" />
<?php
echo $test;
echo $failed;
?>
</form>
I have a page with links to reports. Whenever somebody clicks on one report, they can download the excel file. However, sometimes there are no fields to make a report; in that case, I want to display an alert message and after they click on "accept", they get redirected to the main panel. When they click on the report, they go to a controller that uses a switch to get the data. If there's no data, the model returns FALSE; so at the end of the controller, I check:
if ($result_array != FALSE)
to_excel($result_array->result_array(), $xls,$campos);
else {
echo "<script>alert('There are no fields to generate a report');</script>";
redirect('admin/ahm/panel');
}
If I get rid of redirect('admin/ahm/panel'); then the alert works, but it moves the user to the page that was supposed to generate the excel file. But if I use the redirect, the controller moves the user to the main panel without showing the alert.
echo "<script>
alert('There are no fields to generate a report');
window.location.href='admin/ahm/panel';
</script>";
and get rid of redirect line below.
You were mixing up two different worlds.
use this code to redirect the page
echo "<script>alert('There are no fields to generate a report');document.location='admin/ahm/panel'</script>";
Combining CodeIgniter and JavaScript:
//for using the base_url() function
$this->load->helper('url');
echo "<script type='javascript/text'>";
echo "alert('There are no fields to generate a report');"
echo "window.location.href = '" . base_url() . "admin/ahm/panel';"
echo "</script>";
Note: The redirect() function automatically includes the base_url path that is why it wasn't required there.
The redirect function cleans the output buffer and does a header('Location:...'); redirection and exits script execution. The part you are trying to echo will never be outputted.
You should either notify on the download page or notify on the page you redirect to about the missing data.
echo "<script>
window.location.href='admin/ahm/panel';
alert('There are no fields to generate a report');
</script>";
Try out this way it works...
First assign the window with the new page where the alert box must be displayed then show the alert box.
This way it works`
if ($result_array)
to_excel($result_array->result_array(), $xls,$campos);
else {
echo "<script>alert('There are no fields to generate a report');</script>";
echo "<script>redirect('admin/ahm/panel'); </script>";
}`
that worked but try it this way.
echo "<script>
alert('There are no fields to generate a report');
window.location.href='admin/ahm/panel';
</script>";
alert on top then location next
//functions.php:
<?php
function fx_alert_and_redirect($msg, $page){
**echo "<!DOCTYPE html><html><head>Login...</head><body><script type='text/javascript'>alert(\"" .$msg . "\");window.location.href=\"$page\";</script></body></html>";**
}
?>
//process_login-form.php:
<?php require_once '../app/utils/functions.php'; ?>
<?php
// ...
fx_alert_and_redirect("Mauvais nom d'usager ou mot de passe!", "../index.php?page=welcome");
?>
I've been searching about deleting db entries in Codeigniter and I finally created a solution that I think is secure. I would really appreciate any feedback! I'm not sure if I'm doing this right..
Advantages:
Uses POST request
ID of entry to be deleted is
validated
Uses CSRF protection (automatically
generated by Codeigniter)
In my example I'm deleting user submitted links (a DB table row contains a link title, link URL, an link description).
HTML: Database entires are contained within a form. Each entry has a form button with the respective link id in the id attribute.
<?php echo form_open('profile/remove_link'); ?>
<?php echo form_hidden('link_id', ''); //value will be populated via jquery ?>
<ul id="user_links">
<?php foreach($query as $row): ?>
<li><?php echo $row->link_title; ?></li>
<li><?php echo auto_link($row->link_url, 'url', TRUE); ?></li>
<li><?php echo $row->link_description; ?></li>
<button type="submit" class="remove" id="<?php echo $row->link_id ?>" value="remove">Remove Link</button>
<?php endforeach; ?>
</ul>
</form>
JQUERY: When user clicks on the remove button, the respective link id is added to the the hidden text input named link_id.
$(document).ready(function(){
$('.remove').click(function() {
var link_to_remove = $(this).attr("id");
$("input[name=link_id]").val(link_to_remove);
});
});
Upon clicking a remove button, it sends the id of link to be removed to controller profile and function remove_link
function remove_link()
{
$this->load->model('Profile_model');
$links_data['query'] = $this->Profile_model->links_read(); //get links from db to add in view
//Validation
$this->form_validation->set_rules('link_id', 'Link ID', 'trim|required|xss_clean|max_length[11]|numeric'); //validate link id
if ($this->form_validation->run() == FALSE) //if validation rules fail
{
$this->load->view('profile/edit_links_view', $links_data);
}
else //success
{
$link_id = $this->input->post('link_id'); //get id of link to be deleted
$seg = 'user_links'; //used to redirect back to user links page
$this->Profile_model->links_delete($link_id, $seg); //send link id to model function
}
}
MODEL
function links_delete($link_id, $seg)
{
$this->db->where('user_id', $this->tank_auth->get_user_id());
$this->db->where('link_id', $link_id);
$this->db->delete('user_links');
redirect("/profile/$seg/");
}
If the ids are unique integers in your database, you could remove these rules:
trim|xss_clean|numeric
And add this one:
is_natural_no_zero
Returns FALSE if the form element contains anything other than a natural number, but not zero: 1, 2, 3, etc.
The numeric rule allows some characters you probably don't want, like decimals and negative. Here's the source (one line):
return (bool)preg_match( '/^[\-+]?[0-9]*\.?[0-9]+$/', $str);
If for some reason you are echo'ing the input back in your HTML output before validating, or are just paranoid, then by all means: xss_clean it up. Otherwise it's not really needed, as I don't think there's any possible method of XSS attacks that only use a number.
Reference:
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
http://ha.ckers.org/xss.html
Also, you might want to add a LIMIT 1 clause to your query, and definitely make sure to return a value (probably TRUE/FALSE) from your model so you know whether or not the query was successful, so you can give feedback to the user instead of assuming everything went well.
The only thing that I see wrong is that you don't validate who can and can't delete records. That's the only issue you should focus on. Permissions to check if the person sending the request of deletion is allowed to perform such operations. Other than that it's just a matter of preference.
I would suggest rewriting controller and model a bit to make the flow more logical and provide better performance:
controller:
function remove_link()
{
if ($this->input->post('link_id'))
{
//Validation
$this->form_validation->set_rules('link_id', 'Link ID', 'is_natural_no_zero');
if ($this->form_validation->run())
{
$seg = 'user_links'; //do you really need to assign it to variable ??
$this->load->model('Profile_model');
if ($this->Profile_model->links_delete($this->input->post('link_id')) //send link id to model function
{
redirect('/profile/user_links'); // redirect user in controller and only when model returns true
}else{
// inform user about error somehow, eg. by setting session flashdata and redirecting back to /profile/user_links
}
}
} // else statement here was a mistake as in case of form_validation failure nothing happened
$this->load->model('Profile_model');
$links_data['query'] = $this->Profile_model->links_read(); //get links from db to add in view
$this->load->view('profile/edit_links_view', $links_data);
}
model:
function links_delete($link_id)
{
$this->db->where('user_id', $this->tank_auth->get_user_id())
->where('link_id', $link_id)
->delete('user_links'); // you can chain methods without writing always $this->db->
return $this->db->affected_rows(); // returns 1 ( == true) if successfuly deleted
}
And as a side note in your jQuery code I suggest using $('#some_id') instead of $('input[name=XXXX]') - it saves some javascript code execution thus is faster