I asked a question before about my code with submitting users. After a few days of just guessing, I finally got it working. But, now. I can't select the user inside the table for a login. This is my code.
<?php
if($_POST['submit_id'] == 1)
{
//echo $_POST['fname'];
$playerf = $_POST['fname'];
$playerl = $_POST['lname'];
$name = $_POST['firstname'];
$link = mysqli_connect("localhost","tester","abc123","biscuit") or die(" Did not connect. " . mysqli_error($link));
$query = "SELECT firstname FROM Users" or die("Did not work." . mysqli_error($link));
if($name != $fname)
{
echo "Does not match.";
}
else
{
header ("Location: game.php");
}
}
?>
<table align = "center">
<tr>
<td>
Welcome to <b> Besco's Biscuits </b>. Please fill out the following <br />
areas and we will begin your adventure soon. :)
</td>
</tr>
</table>
<br /> <br /> <br /> <br /> <br />
<table align = "center">
<tr>
<td>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" > <br />
Firstname: <input type="text" name="fname" id= "fname" required = "1"> <br />
Lastname: <input type = "text" name = "lname" id= "lname" required = "1"> <br />
<input type = "submit" value = "Register" id="submit_id" >
<input name="submit_id" type="hidden" id="submit_id" value="1">
<input type = "reset" name="Reset" value="Reset Page" class = "account">
</form>
</td>
</tr>
</table>
When I try to submit a user for it to identify/match, it doesn't and sends me straight into the game. Can someone help? A Beta is due in 3 days.!!!
You are not executing your query nor are you fetching the results:
$query = mysqli_query($link, "SELECT firstname FROM Users") or die("Did not work." . mysqli_error($link));
$user = mysqli_fetch_assoc($link, $query);
if($name != $user['firstname'])
Additionally:
Where did $fname come from? Did you just make that up?
You don't seem to use your POST variables which are probably necessary for you to run your query and get an exact match for your user. The above code will return every user but only check the first one. I doubt that is what you want.
You have two POST variables that seem to hold a first name. Does that look correct to you?
Related
I have multiple checkbox in my form and the person need to input the quantity of the types of item that is selected. Now, my problem is that I can't get the data to be inserted into database.
This is my add_record.php code:
<?php
include("connect.php");
include("header.php");
$sql_student = "SELECT * FROM student";
$result_student = mysql_query($sql_student);
?>
<form method="post" id="add_form" action="add_record.php">
<label>Name</label>
<input placeholder="Enter Student Name" type="text" name="name" id="name" class="form-control" />
<br />
<input placeholder="Enter Student ID" type="text" name="stud_id" id="stud_id" class="form-control" />
<br />
<?php
$sql_baggage = "SELECT * FROM baggage";
$result_baggage = mysql_query($sql_baggage);
?>
<label>Bag Types</label></br>
<table style="border:none;">
<?php while($row_bag = mysql_fetch_array($result_baggage))
{
$baggage_id = $row_bag['baggage_id'];
?>
<tr>
<td><?php echo $row_bag['baggage_id'];?>
<td><?php echo $row_bag['baggage_type'];?></td>
<td><input type="checkbox" name="tick[]" value="<?php echo $baggage_id;?>"/></td>
<td><input type="text" size="2" name="txt[<?php echo $baggage_id;?>]" placeholder=" "></td>
<?php
?></td></tr>
</table>
<br />
<input type="submit" name="submit" id="submit" value="Add Record" class="btn btn-success btn-secondary pull-right" />
</form>
<?php
if(isset($_POST['submit']))
{
$name = $_POST["name"];
$stud_id = $_POST["stud_id"];
$stu_query = "INSERT INTO student(student_id,student_name) VALUES ('$stud_id','$name')";
if(mysql_query($stu_query))
{
if(!empty($_POST['tick']))
{
foreach($_POST['tick'] as $selected)
{
$qty = $_POST['txt'][$selected];
$inv_query = "INSERT INTO inventory (invstu_id,invbag_id,invbag_quantity) VALUES
('$stud_id','$selected', '$qty')";
if(mysql_query($inv_query))
{
echo'<script>alert("A record has been inserted!")</script>';
}
else
{
echo "Database error";
}
}
}
else
{
echo'<script>alert("A record has been inserted!")</script>';
}
}
}
?>
</body>
</html>
I know that the data is passed through foreach function since I get the echo of database error two times when I tick two of the checkbox. However, the value is not inserted into the database.
Finally solve the issue by echoing the mysql_error(), there is nothing wrong with the code. Just a bit problem at the database. Thanks!!
What I am trying to do with this script is allow users to update a url for their websites, and since each user isn't going to have the same amount of websites is is hard for me to just add $_POST['website'] for each of these.
Here is the script
<?php
include("config.php");
include("header.php");
include("functions.php");
if(!isset($_SESSION['username']) && !isset($_SESSION['password'])){
header("Location: pubs.php");
}
$getmember = mysql_query("SELECT * FROM `publishers` WHERE username = '".$_SESSION['username']."'");
$info = mysql_fetch_array($getmember);
$getsites = mysql_query("SELECT * FROM `websites` WHERE publisher = '".$info['username']."'");
$postback = $_POST['website'];
$webname = $_POST['webid'];
if($_POST['submit']){
foreach ( $_POST['website'] as $key => $value )
{
$update = mysql_query("UPDATE `websites` SET `postback` = '".mysql_real_escape_string($postback[$value])."' WHERE id = '$webname'");
}
}
print"
<div id='center'>
<span id='tools_lander'><a href='export.php'>Export Campaigns</a></span>
<div id='calendar_holder'>
<h3>Please define a postback for each of your websites below. The following variables should be used when creating your postback.<br />
cid = Campaign ID<br />
sid = Sub ID<br />
rate = Campaign Rate<br />
status = Status of Lead. 1 means payable 2 mean reversed<br />
A sample postback URL would be <br />
http://www.example.com/postback.php?cid=#cid&sid=#sid&rate=#rate&status=#status</h3>
<table class='balances' align='center'>
<form method='POST' action=''>";
while($website = mysql_fetch_array($getsites)){
print"
<tr>
<input type ='hidden' name='webid' value='".$website['id']."' />
<td style='font-weight:bold;'>".$website['name']."'s Postback:</td>
<td><input type='text' style='width:400px;' name='website[]' value='".$website['postback']."' /></td>
</tr>";
}
print"
<td style='float:right;position:relative;left:150px;'><input type='submit' name='submit' style='font-size:15px;height:30px;width:100px;' value='Submit' /></td>
</form>
</table>
</div>";
include("footer.php");
?>
What I am attempting to do insert the what is inputted in the text boxes to their corresponding websites, and I cannot think of any other way to do it, and this obviously does not works and returns a notice stating Array to string conversion
If there is a more logical way to do this please let me know.
UPDATE
I added a foreach statement, but this still doesn't seem to solve the problem. It doesn't update anything in the database.
I was able to fix the problem with some trial and error, Lawrence helped with the informing me to use a foreach statement. This is what I have ended up with.
<?php
include("config.php");
include("header.php");
include("functions.php");
if(!isset($_SESSION['username']) && !isset($_SESSION['password'])){
header("Location: pubs.php");
}
$getmember = mysql_query("SELECT * FROM `publishers` WHERE username = '".$_SESSION['username']."'");
$info = mysql_fetch_array($getmember);
$getsites = mysql_query("SELECT * FROM `websites` WHERE publisher = '".$info['username']."'");
$postback = $_POST['website'];
$webname = $_POST['webid'];
if($_POST['submit']){
$i = -1;
foreach ($postback as $key => $value)
{
$i ++;
print_r($webname[$i]);
$update = mysql_query("UPDATE `websites` SET `postback` = '".cleanQuery($postback[$key])."' WHERE `id` = '".$webname[$i]."'") or die("MySQL ERROR: ".mysql_error());
}
}
print"
<div id='center'>
<span id='tools_lander'><a href='export.php'>Export Campaigns</a></span>
<div id='calendar_holder'>
<h3>Please define a postback for each of your websites below. The following variables should be used when creating your postback.<br />
cid = Campaign ID<br />
sid = Sub ID<br />
rate = Campaign Rate<br />
status = Status of Lead. 1 means payable 2 mean reversed<br />
A sample postback URL would be <br />
http://www.example.com/postback.php?cid=#cid&sid=#sid&rate=#rate&status=#status</h3>
<table class='balances' align='center'>
<form method='POST' action=''>";
while($website = mysql_fetch_array($getsites)){
print"
<tr>
<input type ='hidden' name='webid[]' value='".$website['id']."' />
<td style='font-weight:bold;'>".$website['name']."'s Postback:</td>
<td><input type='text' style='width:400px;' name='website[]' value='".$website['postback']."' /></td>
</tr>";
}
print"
<td style='float:right;position:relative;left:150px;'><input type='submit' name='submit' style='font-size:15px;height:30px;width:100px;' value='Submit' /></td>
</form>
</table>
</div>";
include("footer.php");
?>
I have to post a value via "form post" and insert it into table, here is my code in both files:
<html>
<body>
<table>
<form enctype="multipart/form-data" action="<?php $_SERVER["DOCUMENT_ROOT"] ?> /contents/ad_posting_process_4.php" method="post">
<?php $cat_no = "101010"; ?>
<input type=hidden id="category" value=" <?php echo $cat_no; ?> ">
<tr> <td>Sub Category: </td><td> <input type=text id="sub_category" > </td>
<tr><td></td> <td><input type="submit" name="action" value="Post"></td></tr></tr>
</form>
</body></html>
here is ad_posting_4.php
<?php session_start();
include($_SERVER["DOCUMENT_ROOT"]."/includes/conn.php");
$category = mysql_real_escape_string($_POST['category']);
$sub_category = mysql_real_escape_string($_POST['sub_category']);
echo "category=". $category;
echo "sub_category=". $sub_category; ?>
No value sent through post.
where am I wrong?
Regards:
You need to use the name attribute:
<input type="text" name="category" />
<input type="text" name="sub_category" />
the input type needs to be enclosed in quotes ' and also have a name attribute, and not id.
<input type='hidden' name="category" value=" <?php echo $cat_no; ?> " />
<tr> <td>Sub Category: </td>
<td><input type='text' name="sub_category" > </td>
I recently did something very similar with my own website and received help from this community. On the HTML side I created a standard form and gave each input a "name." For example let's say you are trying to capture city and state:
<html>
<body>
<form>
<tr>
<td>State: </td><td> <input type="text" style="border:1px solid #000000" name="state" /></td>
<td>City</td><td><input type="text" style="border:1px solid #000000" name="city" /></td>
</tr>
</form>
</body>
</html>
Then set up a mySQL database with a column named "state" and one named "city". Next, use PHP to insert the data from the form into your database. I am new to PHP, but from what I understand using PDOs is more secure than using the old mysql commands.
$dbtype = "mysql";
$dbhost = "localhost";
$dbname = "name";
$dbuser = "user";
$dbpass = "pass";
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$sql = "SELECT column_name FROM information_schema.columns WHERE table_name = '[Insert Name of your table here]'";
$q = $conn->prepare($sql);
$q->execute();
$columns = $q->fetchAll(PDO::FETCH_COLUMN, 0);
$cols = array();
foreach ($_POST as $key=>$value)
{
// if a field is passed in that doesn't exist in the table, remove it. The name of the input that is removed will be echoed so you can debug. Remove echo if you go to production.
if (!in_array($key, $columns)) {
unset($_POST[$key]);
echo $key;
}
}
$cols = array_keys($_POST);
$sql = "INSERT INTO Facilities(". implode(", ", $cols) .") VALUES (:". implode(", :", $cols) .")";
$q = $conn->prepare($sql);
array_walk($_POST, "addColons");
$q->execute($_POST);
function addColons($value, &$key)
{
$key = ":{$key}";
}
This has been working out very well for me. Note that it can only match HTML form inputs with columns of the exact same name. In my case I wanted to create over 100 inputs so this was easier. If you are dealing with 5-10 it might be easier to just insert the specific variables manually.
im new to php and learning quite fast. i have a form which allows the user to update his/her security question and also requires the user to enter his/her reference number in order to go ahead with the change.
my code for the form is as follows:
<form action="securityupdated.php" method="post">
<table width="80%" border="0">
<tr>
<td><label for="secret_question">Secret Question</label></td>
<td><span id="spryselect1">
<select name="secret_question" id="secret_question">
<option selected="selected">Please Select Your Secret Question</option>
<option id="secret_question" value="What Is Your Mothers Maiden Name?">What Is Your Mothers Maiden Name</option>
<option id="secret_question" value="What Was The Name Of Your First Pet?">What Was The Name Of Your First Pet</option>
<option id="secret_question" value="What Was Your First Car?">What Was Your First Car</option>
<option id="secret_question" value="What Is Your Favourite Colour?">What Is Your Favourite Colour</option>
</select>
<span class="selectRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="secret_anwser">Your Anwser</label></td>
<td><br /><span id="sprytextfield1">
<input type="text" name="secret_anwser" id="secret_anwser" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="password">Your Reference</label>
</td>
<td><br />
<span id="sprytextfield2">
<input type="text" name="ref" id="ref" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td> </td>
<td><br /><input name="" type="submit" value="Update" /></td>
</tr>
</table>
</form>
my php script is as follows:
<?php
$secret_question = mysql_real_escape_string($_REQUEST['secret_question']);
$secret_anwser = mysql_real_escape_string($_REQUEST['secret_anwser']);
$sql= "UPDATE public SET secret_question = '$secret_question', secret_anwser = '$secret_anwser' WHERE active = 'activated' AND ni = '". $_SESSION['ni']."'";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
else
{
echo '<hr /><h3 align="center">Security Question Has Been Updated</h3><hr />';
}
?>
what i dont know is how to code it so that it can check if the ref entered by the user matches with my ref field in my database and if so then it should go ahead with the update and if not, it should ask the user to enter his password again?
I'm not a believer in "security questions", but i suppose adding password check would be reasonable, since if someone does get to this point, he might block the real user from requesting password restoration, if thats what you are using it for. So yep, use mysql_fetch_row to get password (I hope it is sha1 hash?) and compare it to whatever user enters (add new password field)
HTML:
<tr>
<td><label for="password_check">Your password</label></td>
<td><input type="text" name="password_check" id="password_check" /></td>
</tr>
And php:
$result = mysql_query("SELECT `password` FROM public WHERE ni = '". $_SESSION['ni']."'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
if(strlen($row[0])>0 && $row[0]==sha1($_POST['password_check'])){
.. your existing update code goes here
}
<?php
if(isset($_POST['submit'])){
$ref_number = $_POST['reference_number'];
$query = "SELECT * FROM table_name WHERE reference_number = 'ref_number'";
$result = mysql_query($query);
$output = mysql_num_rows($result);
if($output > 0){
//Proceed in registration or whatever you want to do here
}else{
echo "<script type='text/javascript'>alert('Please put your whatever again')</script>";
}
}
?>
Part of your form
<input type='text' name='reference_number'><br />
<input type='submit' name='submit' value='Submit'>;
Do you have one ref number for everyone or just a single ref?
If every user has its own ref:
$Result = mysql_query("SELECT * FROM table WHERE user_id = 'user_id' AND ref_number = '$Ref_Number'");
Or if there is only one ref number:
$Result = mysql_query("SELECT * FROM table WHERE ref_number = '$Ref_Number'");
If the ref number provided equals the one in the database, then you'll get a row back.
if (mysql_num_rows($Result) != 0)){
// your update code
} else {
// present password form
}
If you have only one ref-number for everyone it might be more interesting to just store that value in a variable.
$Query = mysql_query("SELECT * FROM table");
$R = mysql_fetch_array($Result);
$RealRef_number = $R['ref_number'];
if ($_POST['Ref_number'] == $RealRef_number){
// proceed to updating
} else {
// they were not equal..
}
hallo!
I am a university student, and I want to make an address book, using php, where someone can view a table with all the listed contacts' details (e.g. name, phone, email) and there will be the possibility of
-adding a new contact and
-editing
-deleting an existing contact.
I have created a table with the relevant fields in my database, and I have written some code (found on the internet but it didn't work + 20hours of trying to make it work on my own.... without the proper result) which shows the table of contacts, but:
The edit doesn't work at all
When the delete works, it deletes the contacts from last to first and not the row I am selecting
when I put the code for deleting in comments, the "Add" works
when the code for deleting is functional, then the "Add" actually "Deletes" (unless the table is empty, in which case it adds up to ONE contact).
If anyone can give me some hints/suggestions on what to change, please please do!
Here is my code:
<html>
<head>
<title>Address Book</title>
</head>
<body>
<?php
mysql_connect("localhost", "mydb", "mypassword") or die(mysql_error());
mysql_select_db("mydb") or die(mysql_error());
if (isset($_POST['mode']))
{
$mode = $_POST['mode'];
$id = $_POST['id'];
$name = $_POST['name'];
$phone = $_POST['phone'];
$email= $_POST['email'];
if ($mode=="add")
{Print '<h2>Add Contact</h2> <p>
<form action="" method=post>
<table>
<tr><td>Name:</td><td><input type="text" name="name" /></td></tr>
<tr><td>Phone:</td><td><input type="text" name="phone" /></td></tr>
<tr><td>Email:</td><td><input type="text" name="email" /></td></tr>
<tr><td colspan="2" align="center">
<input type="hidden" name="mode" value="added" />
<input type="submit" value="Submit" />
</td></tr>
</table> </form> <p>'; }
if ($mode =="added")
{mysql_query ("INSERT INTO address (name, phone, email) VALUES ( '$name', '$phone', '$email')");
echo "New contact added successfully!";}
if ($mode=="edit")
{Print '<h2>Edit Contact</h2> <p>
<form action="" method=post>
<table>
<tr><td>Name:</td><td><input type="text" value="';
Print $name; print '" name="name" /></td></tr>
<tr><td>Phone:</td><td><input type="text" value="';
Print $phone; print '" name="phone" /></td></tr>
<tr><td>Email:</td><td><input type="text" value="';
Print $email; print '" name="email" /></td></tr>
<tr><td colspan="2" align="center"><input type="submit" /></td></tr>
<input type=hidden name=mode value=edited>
<input type=hidden name=id value='; Print $id; print '>
</table>
</form> <p>';
}
if($mode=="edited")
{mysql_query ("UPDATE address SET name = '$name', phone = '$phone', email = '$email' WHERE id = $id");
Print "Data Updated!<p>";}
if ($mode=="remove")
{mysql_query ("DELETE FROM address where id=$id");
Print "Entry has been removed <p>";}
}
$data = mysql_query("SELECT * FROM address ORDER BY name ASC")
or die(mysql_error());
Print '<h2>Address Book</h2><p>
<form action="" method=post>
<table border cellpadding=3>
<tr><th width=100>Name</th><th width=100>Phone</th><th width=200>Email</th><th width=100 colspan=2>Admin</th></tr>
<td colspan=5 align=right>
<input type ="hidden" name = "mode" value="add"/> <input type = "submit" value="Add Contact"/>';
while($info = mysql_fetch_array( $data ))
{
Print "<tr><td>".$info['name'] . "</td> ";
Print "<td>".$info['phone'] . "</td> ";
Print "<td> " .$info['email'] . "</td>";
Print '<td>
<input type ="hidden" name="mode" vlaue="edit"/>
<input type ="submit" value="Edit"
?id='. $info['id'] .'&name=' . $info['name'] .'
&phone=' . $info ['phone'] .'&email=' . $info['email'] .'/></td>';
Print "<td>
<input type ='hidden' name='mode' value='remove'/>
<input type ='hidden' name='id' value = ".$info['id']." />
<input type ='submit' value = 'remove' /> </td></tr> ";
}
Print "</table>";
Print " </form>";
if(!$mode) echo "You may add, edit or delete a contact";
echo $mode;
?>
</body>
</html>
The reason why things aren't behaving the way you expect is that all your rows are being put into one big form. Therefore there are multiple hidden fields <input type ='hidden' name='id' value = ".$info['id']." />, all of which get submitted when you click any of your 'submit' buttons. But actually the value that will be passed along to your script will be the last value i.e. the last row id.
One way you could get around it is to use a link with the ID as a $_GET argument in the URL, for example:
Edit
Then you can change the line near the top to use $mode = $_GET['mode']; and $id=$_GET['id']
Once you have got the ID in the way, you can display a form with editable fields just for that particular id.
if ($mode == 'edit')
{
$data = mysql_query("SELECT * FROM address WHERE id=$id");
// then fetch the row data and populate the HTML form
}
Of course, the above example is vulnerable to SQL injection http://php.net/manual/en/security.database.sql-injection.php so a slightly more robust method would be wise - see the link for advice!