I'm trying to insert somethig to db and after i write this code i get just a blank page in php. Cam you help me ? if i delete all // i get blank page if it is as now i get imput containers
<?php
function create()
{
if(isset($_POST["submit"]))
{
$db = new mysqli('localhost', 'root', 'root', 'idoctor_db');
$username = $db->real_escape_string($_POST['username']);
$password = $db->real_escape_string($_POST['password']);
$password_conf = $db->real_escape_string($_POST['password_conf']);
$nick = $db->real_escape_string($_POST['nick']);
//create_new_user($username, $password, $password_conf, $nick);
//$db->query
//('
//INSERT INTO `idoctor_db`.`users` (`ID` ,`Login` ,`Password` ,`Name` ,`Level`)
//VALUES ('5 ' , 'kev5', 'roo5', 'kevkev5', ' 3 ' );
//');
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<link rel="stylesheet" href="css/login.css" />
</head>
<body>
<div class="container">
<form action="<?php create(); ?>" method="POST">
<input type="text" name="username" placeholder="Username..." />
<input type="password" name="password" placeholder="Password" />
<input type="password" name="password_conf" placeholder="Confirm password" />
<input type="text" name="nick" placeholder="Nick" />
<input type="submit" value="Create" name="submit"/>
</form>
</div>
</body>
</html>
If there are no errors in running this query, you will see a blank page.
All the work is happening in the background, look at your mysql table to confirm if the insert worked.
If you want to check the outcome of the query... just do the following
$outcome = $db->query
('
INSERT INTO `idoctor_db`.`users` (
`ID` ,
`Login` ,
`Password` ,
`Name` ,
`Level`
)
VALUES
(' 4 ', ' kev4 ', ' root ', ' kevkev4 ', ' 3 ');
');
if($outcome) {
echo 'success';
} else {
echo 'failed';
}
After your edit... I see another problem in your code:
<form action="<?php create(); ?>" method="POST">
<!-- ^ This is not how you submit form data to php...
action is supposed to be a URL.. however if left blank
it will take you to the same page
Try this instead:
<?php
if(isset($_POST["submit"]))
{
$db = new mysqli('localhost', 'root', 'root', 'idoctor_db');
$username = $db->real_escape_string($_POST['username']);
$password = $db->real_escape_string($_POST['password']);
$password_conf = $db->real_escape_string($_POST['password_conf']);
$nick = $db->real_escape_string($_POST['nick']);
//create_new_user($username, $password, $password_conf, $nick);
//$db->query
//('
//INSERT INTO `idoctor_db`.`users` (`ID` ,`Login` ,`Password` ,`Name` ,`Level`)
//VALUES ('5 ' , 'kev5', 'roo5', 'kevkev5', ' 3 ' );
//');
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<link rel="stylesheet" href="css/login.css" />
</head>
<body>
<div class="container">
<form method="POST">
<input type="text" name="username" placeholder="Username..." />
<input type="password" name="password" placeholder="Password" />
<input type="password" name="password_conf" placeholder="Confirm password" />
<input type="text" name="nick" placeholder="Nick" />
<input type="submit" value="Create" name="submit"/>
</form>
</div>
</body>
</html>
Related
I have a form that I am trying to use to reset passwords. I can get it to send the email out and I can click the link, but when I click the link all I get is the header. My form is not showing. I am extremely new to all of this. Any help will be much appreciated. I did search through some other posts, but none of them seemed to get me any closer to the right answer. Everything seems to work as it should, I just can't get my form to display so that I can enter the information.
<!DOCTYPE html>
<html lang="en">
<head>
<title>Reset Password Form</title>
</head>
<body>
<div class="container"><h2>Reset New Password Here</h2>
<?php
if($_GET['email'] && $_GET['token']) {
$conn = mysqli_connect("localhost", "root", "", "user");
// Check connection
if($conn === false){
die("ERROR: Could not connect. "
. mysqli_connect_error());
}
$email = $_GET['email'];
$token = $_GET['token'];
$query = mysqli_query("SELECT * FROM `customers` WHERE `reset_link_token`='".$token."' and `emailaddress`='".$email."';");
$current_date = date("Y-m-d H:i:s");
if (mysqli_num_rows($query) > 0) {
$row = mysqli_fetch_array($query);
if($row['expiry_date'] <= $current_date) { ?>
<form action="update-password.php" method="post">
<input name="email" type="hidden" value="<?php echo $email; ?>" />
<input name="reset_link_token" type="hidden" value="<?php echo $token; ?>" />
<div class="form-group"><label for="new-password">Password</label>
<input id="new-password" name="password" type="password" /></div>
<div class="form-group"><label for="confirm-password">Confirm Password</label>
<input id="confirm-password" name="confirm_password" type="password" /></div>
<input class="submit-btn" name="submit" type="submit" />
</form>
<?php }
} else {
echo "This forget password link has been expired";
}
}
?>
</div>
</body>
</html>
Hi for some reason my update statement is not working, most probably because of the id=%d, its not getting the id for the statement i think but its finding the id because it is listed in the url (shown Below). What is the problem please ?
This works when i Insert a number for the id, example : id=77, so most probably the problem is the %d how can i get it to find the id with the %d ?
http://localhost/test/edit.php?id=77
<?php
ob_start();
session_start();
include_once 'logindb.php';
$conn = new mysqli($hn, $un, $pw, $db);
if ($conn->connect_error) die($conn->connect_error);
if((isset($_POST['submit']))){
if((!isset($_POST['title'])) || (!isset($_POST['times'])) ){
echo "All values must be set";
}
else{
$title = $_POST['title'];
$times = $_POST['times'];
$film_id = $_GET['id'];
$upfile = 'Uploads/posters/'.$_FILES['userfile']['name'];
if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upfile)){
echo "File moved into folder";
header( "Location: index.php" ) ;
}
else{
echo "Problem: could not move image file to destination directory";
}
$upfile2 = 'Uploads/trailers/'.$_FILES['userfile2']['name'];
$format1 = "UPDATE films SET titles = '$title', ftimes = '$times', poster = '$upfile', trailer = '$upfile2' WHERE id = %d";
$query = sprintf($format1, $film_id );
$result = mysqli_query($conn, $query)
or die("Error in query: ". mysqli_error($conn));
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="Empire.css"/>
<script type="text/javascript" src="script.js"> </script>
<title>Movie Form</title>
</head>
<body class="formola">
<div class="form-style-5">
<p class="top"> List Movies </p>
<form method = "post" action="edit.php" enctype="multipart/form-data">
<fieldset>
<legend><span class="number">1</span> Details </legend>
<input type="text" name="title" placeholder="Movie Title">
<input type="text" name="times" placeholder="Times">
</fieldset>
<fieldset>
<legend><span class="number">2</span> Attachments </legend>
<div class="form-group ">
<label> Film Poster <br> </label>
<input type="hidden" class="form-control" name="MAX_FILE_SIZE" value="100000000">
Upload this Film Poster: <br> <input name="userfile" id="userfile" type="file"> <br>
<input type="hidden" class="form-control" name="MAX_FILE_SIZE" value="10000000">
Upload this Trailer: <br> <input name="userfile2" id="userfile2" value="10000000" type="file"> <br>
</div>
</fieldset>
<input type="submit" name = "submit" value="Upload" />
</form>
</div>
</body>
</html>
Hope you guys can help me, I've been trying to figure out what seems to be my error but to no avail, here is my code:
**This is my index.php**
<?php
include('config.php');
if($_POST['submit']=='Borrow')
{
$mysqli->query("INSERT INTO `borrowersprofile`(`lastname`, `firstname`, `middlename`) VALUES(
'".$_POST['lastname']."',
'".$_POST['firstname']."',
'".$_POST['middlename']."',
NOW())");
header("Location: index.php");
exit;
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="css.css" rel="stylesheet" type="text/css" />
</head>
<body>
<form method="post" action="">
<label for="lastname">Lastname:</label>
<input name="lastname" type="text" id="lastname" style="width:120px;"/>
<label for="firstname">Firstname:</label>
<input name="firstname" type="text" id="firstname" style="width:120px;"/>
<label for="middlename">M.I:</label>
<input name="middlename" type="text" id="middlename" style="width:35px;"/><br />
<input type="submit" name="submit" value="Borrow" />
</form>
</body>
</html>
and here is the config.php
<?php
$db_username = 'root';
$db_password = '';
$db_name = 'bsystem';
$db_host = 'localhost';
$mysqli = new mysqli($db_host, $db_username, $db_password,$db_name);
?>
I've been trying to check and even tried to remake the database but its still not adding data, btw, this is a school project so security doesn't really matter, hope you guys can help me out! Thanks.
As pointed out by #user328
1) Assuming the ID or primary key of your table is AUTO_INCREMENT, therefore you do not need to mention ID column in your query. Sql inserts it automatically for you.
2) You need to mention the column name where to save the value returned by now().
if($_POST['submit']=='Borrow')
{
$mysqli->query("INSERT INTO `borrowersprofile`(`lastname`, `firstname`, `middlename`, `DATE`) VALUES(
'".$_POST['lastname']."',
'".$_POST['firstname']."',
'".$_POST['middlename']."',
NOW())");
header("Location: index.php");
exit;
}
Try to create this table in your database and then use the script below.
sql table:
CREATE TABLE `borrowersprofile` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
`lastname` VARCHAR(100) NOT NULL,
`firstname` VARCHAR(100) NOT NULL,
`middlename` VARCHAR(100) NOT NULL,
`datetime` DATETIME NOT NULL
)ENGINE=InnoDB;
index.php
<?php
require_once('./config.php');
if(!empty($_POST['lastname']) AND !empty($_POST['firstname']) AND !empty($_POST['middlename'])){
$lastname = $_POST['lastname'];
$firstname = $_POST['firstname'];
$middlename = $_POST['middlename'];
if ($stmtint = $mysqli->prepare("INSERT INTO `borrowersprofile`( `lastname`, `firstname`, `middlename`, `datetime`) VALUES(?, ?, ?, NOW())") {
$stmtint->bind_param("sss", $lastname, $firstname, $middlename);
if ($stmtint->execute()) {
$stmtint->close();
echo "User saved successfully!";
}else{
die("Error Message:".$mysqli->error);
}
header("Location: index.php");
exit;
}
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="css.css" rel="stylesheet" type="text/css" />
</head>
<body>
<form method="post" action="">
<label for="lastname">Lastname:</label>
<input name="lastname" type="text" id="lastname" style="width:120px;"/>
<label for="firstname">Firstname:</label>
<input name="firstname" type="text" id="firstname" style="width:120px;"/>
<label for="middlename">M.I:</label>
<input name="middlename" type="text" id="middlename" style="width:35px;"/><br />
<input type="submit" name="submit" value="borrow" />
</form>
</body>
config.php
<?php
$db_username = 'root';
$db_password = '';
$db_name = 'bsystem';
$db_host = 'localhost';
$mysqli = new mysqli($db_host, $db_username, $db_password,$db_name);
if ($mysqli->connect_error) {
die('Connect Error (' . $mysqli->connect_errno . ') '
. $mysqli->connect_error);
}
?>
I am trying to detect a form click using if(isset($_POST['appSelecter'])){ however it seems to not be returning true. This might be to do with the fact that my button click returns to the same page which would loose the form data i had just populated. Can someone confirm if my assumption is correct and if so - how would i need to change this?
Thanks
tried to only paste a sample piece of code to not confuse matters - seems i have made things worse - here is the full flow
<?php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--META-->
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Client Portal Login</title>
<!--STYLESHEETS-->
<link href="css/style.css" rel="stylesheet" type="text/css" />
<!--SCRIPTS-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
<!--Slider-in icons-->
<script type="text/javascript">
$(document).ready(function() {
$(".username").focus(function() {
$(".user-icon").css("left","-48px");
});
$(".username").blur(function() {
$(".user-icon").css("left","0px");
});
$(".password").focus(function() {
$(".pass-icon").css("left","-48px");
});
$(".password").blur(function() {
$(".pass-icon").css("left","0px");
});
});
</script>
</head>
<body>
<!--WRAPPER-->
<div id="wrapper">
<!--SLIDE-IN ICONS-->
<div class="user-icon"></div>
<div class="pass-icon"></div>
<!--END SLIDE-IN ICONS-->
<!--LOGIN FORM-->
<form name="login-form" class="login-form" action="index.php" method="post">
<!--HEADER-->
<div class="header">
<!--TITLE--><h1>Client Portal Login</h1><!--END TITLE-->
<!--DESCRIPTION--><span>Please login to your client portal</span><!--END DESCRIPTION-->
</div>
<!--END HEADER-->
<!--CONTENT-->
<div class="content">
<!--USERNAME--><input name="username" type="text" class="input username" value="Username" onfocus="this.value=''" /><!--END USERNAME-->
<!--PASSWORD--><input name="password" type="password" class="input password" value="Password" onfocus="this.value=''" /><!--END PASSWORD-->
</div>
<!--END CONTENT-->
<!--FOOTER-->
<div class="footer">
<!--LOGIN BUTTON--><input type="submit" name="submit" value="Login" class="button" /><!--END LOGIN BUTTON-->
<!--REGISTER BUTTON--><input type="submit" name="submit" value="Register" class="register" /><!--END REGISTER BUTTON-->
</div>
<!--END FOOTER-->
</form>
<?php
include("application.php");
if(isset($_POST['submit'])){
$username=$_POST["username"];
$password=$_POST["password"];
$userid = logUserIn($username, $password);
if($userid > 0){
$applicationsForUser = getAppInformation($userid);
printUserApplicationSelectionForm($applicationsForUser);
if(isset($_POST['appSelecter'])) {
echo "this is a test message";
}
}
}
function printUserApplicationSelectionForm($applicationsForUser){
echo "<br/>";
echo "<br/>";
echo "<br/>";
echo "<br/>";
foreach ($applicationsForUser as $app) {
?>
<form action="index.php" method="post">
<input type="hidden" name="userid" value="<?php echo $app->getUserid(); ?>">
<input type="hidden" name="name" value="<?php echo $app->getName(); ?>">
<input type="hidden" name="created" value="<?php echo $app->getDateCreated(); ?>">
<input type="hidden" name="invoice" value="<?php echo $app->getInvoice(); ?>">
<input type="hidden" name="comment" value="<?php echo $app->getComment(); ?>">
<input type="submit" name="appSelecter" value="<?php echo $app->getName(); ?>">
</form>
<?php
}
}
function getAppInformation($userid){
$applicationsForUser = array();
$conn = new mysqli('localhost:3306', 'root', '', 'clientportal');
if ($conn->connect_errno > 0) {
die('Could not connect: ' . mysql_error());
}else{
//we have connected to the database
$sql = "SELECT * FROM application WHERE userid = '$userid'";
if(!$val = $conn->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}else{
$index = 0;
while($row = $val->fetch_assoc()){
$userid = $row['userid'];
$name = $row['name'];
$dateCreated = $row['date'];
$invoice = $row['invoiceid'];
$comment = $row['commentsid'];
$application = new Application($userid, $name, $dateCreated, $invoice, $comment);
$applicationsForUser[$index] = $application;
$index++;
}
}
}
$conn -> close();
return $applicationsForUser;
}
function logUserIn($username, $password) {
if(!isset($username) && !isset($password)){
return -1;
}
$result = -1;
//$conn = mysql_connect('localhost', 'web214-admin-ava', 'secondstory');
$conn = new mysqli('localhost:3306', 'root', '', 'clientportal');
if ($conn->connect_errno > 0) {
die('Could not connect: ' . mysql_error());
}else{
//we have connected to the database
$sql = "SELECT * FROM members WHERE username = '$username' AND password = '$password'";
if(!$val = $conn->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}else{
while($row = $val->fetch_assoc()){
$result = $row['id'];
break;
}
}
}
$conn -> close();
return $result;
}
?>
<!--END LOGIN FORM-->
</div>
<!--END WRAPPER-->
<!--GRADIENT--><div class="gradient"></div><!--END GRADIENT-->
</body>
</html>
You have used folowing in the form submit:
onClick="location.href='index.php'" // Making a GET request
This is not submitting the form using POST method. Remove this and it'll work.
Update: There is no submit button with name submit so this condion will not work:
if(isset($_POST['submit']))
Make it:
if(isset($_POST['appSelecter']))
You don't need if(isset($_POST['submit'])) instead use;
if(isset($_POST['appSelecter'])) {
$username=$_POST["username"];
$password=$_POST["password"];
$userid = logUserIn($username, $password);
if($userid > 0){
$applicationsForUser = getAppInformation($userid);
printUserApplicationSelectionForm($applicationsForUser);
}
}
You dont nee this
onClick="location.href='index.php'"
dont do anything , just apply value to button i, i think you have applied already ,
by location.href your request will be send by GET Method in thgis case no form elements sent to the server
if you allow native form submission then all form elements will be sent to server, in case of multiple forms , the only elements sent realted to that submit button form thats it
I'm having trouble with <?php echo $_SERVER['PHP_SELF']; ?>. For some reason this line in my HTML form removes my $_GET variables (that I manually put into place) from the URL.
To understand my problem here is my register.php code:
<?php
session_start();
// IF USER NOT REMEMBERED(DID NOT CLICK REMEBER ME BUTTON) OR NO SESSION IS FOUND THEN THROW HIM OUT TO LOGIN
//SECURITY SO THAT USERS CANT ACCESS WEB URL DIRECTLY
$host="localhost"; // Host name
$username="user"; // Mysql username
$password="password"; // Mysql password
$db_name="database"; // Database name
$tbl_name="temp_table"; // Table name
// Connect to server and select databse.
$link_temp = mysql_connect("$host", "$username", "$password") or die("cannot connect");
mysql_select_db($db_name, $link_temp);
$results=mysql_query("SELECT temporary_password, temporary_username FROM $tbl_name WHERE temporary_username = '".$_GET['temp_username']."'");
$row = mysql_fetch_array($results);
if($_GET['temp_password'] != $row['temporary_password'] || $_GET['temp_username'] != $row['temporary_username']){
mysql_close();
header("Location: index.php?invalid_user=1");
}
elseif (empty($_GET['temp_password']) || empty($_GET['temp_username']) || empty($_GET)) {
mysql_close();
header("Location: index.php?invalid_user=1");
}
if(isset($_POST['submit']))
{
//retrieve our data from POST
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1 != $pass2){
echo '<div class="alert">Passwords do not match!</div>';
die();
}
$encrypted_mypassword = md5($pass1);
$dbhost = "localhost";
$dbname = "dbname";
$dbuser = "user";
$dbpass = "password"; //not really
$link_users = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $link_users);
//sanitize values before entering into database
$firstname = mysql_real_escape_string($firstname);
$lastname = mysql_real_escape_string($lastname);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$firstname = ucfirst(strtolower($firstname));
$lastname = ucfirst(strtolower($lastname));
$query = "INSERT INTO users ( firstname, lastname, username, password)
VALUES ('$firstname' , '$lastname' , '$username' , '$encrypted_mypassword');";
mysql_query($query);
mysql_close();
echo '<div class="info">User Successfully Created!</div>';
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Secure Customer Login</title>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0" />
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black" />
<link rel="stylesheet" type="text/css" href="css/reset.css">
<link rel="stylesheet" type="text/css" href="css/structure_register.css">
<link href='https://fonts.googleapis.com/css?family=Nothing+You+Could+Do' rel='stylesheet' type='text/css'>
<script>document.createElement('footer');</script>
</head>
<body>
<div class="img">
<img src="images/logo.png" />
</div>
<form class="box login" style="max-width:334px;" name="register" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset class="boxBody">
<label>First Name</label>
<input type="text" name="firstname" maxlength="50" tabindex="1" placeholder="First Name" required />
<label>Last Name</label>
<input type="text" name="lastname" maxlength="50" tabindex="2" placeholder="Last Name" required />
<label>Username</label>
<input type="email" name="username" maxlength="50" tabindex="3" placeholder="Email" required/>
<label>Password</label>
<input type="password" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z])\w{6,}" onchange="this.setCustomValidity(this.validity.patternMismatch ? 'Password must contain at least 6 characters, including UPPER and lowercase and numbers' : ''); if(this.checkValidity()) form.pass2.pattern = this.value;" placeholder="Password" name="pass1" tabindex="4" />
<label>Repeat Password</label>
<input type="password" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z])\w{6,}" onchange="this.setCustomValidity(this.validity.patternMismatch ? 'Please enter the same Password as above' : '');" placeholder="Repeat Password" name="pass2" tabindex="5" />
</fieldset>
<footer>
<center><input type="submit" name="submit" value="Register" class="btnLogin" /></center>
</footer>
</form>
<footer id="main">
© 2014 Rye High Group. All rights reserved.</a>
</footer>
</body>
</html>
Basically the register.php page on my website gets an input from a link that contains two get variables: temp_username and temp_password. So the link that is used to access the site looks like this: my_domin.ca/register.php?temp_username=SomeUser1&temp_password=Somepassword1
The get variables are compared to entries in the database and if they return true the user is granted access to register.php, otherwise he will be forwarded to index.php. Accessing register.php is no problem, but as soon as the form is submitted the $_GET variables are removed from the URL thus forwarding the user to index.php
My question is: How can I modify <?php echo $_SERVER['PHP_SELF']; ?> to stop removing GET variables
P.S. I will transition to mysqli as soon as I get basic functionality working on my site (since I know mysql_* the best and want to reduce errors in the transition period)
$_SERVER['REQUEST_URI'] : The URI which was given in order to access this page.
Reference
Your form should be like:
<form action="<?php echo $_SERVER['REQUEST_URI'] ?>">
your inputs
</form>