I am working in PHP. i have made a form named as Donor.php and a connect it to database. Now I am trying to apply checks in on it in PHP. But their is a problem. As I have applied checks for empty fields in PHP on a form but these checks are not working. Please check out my code. As my work is stuck just because of this problem. My code file is here:
Donor.php
<?php
//error_reporting(0);
if(isset($_POST['submit'])){
$first_name=$_POST['firstname'];
$last_name=$_POST['lastname'];
$Country=$_POST['country'];
$City=$_POST['city'];
$Gender=$_POST['gender'];
$Email=$_POST['email'];
$Password=$_POST['pwd'];
include_once "connectionn.php";
$emailChecker=mysql_real_escape_string($Email);
$sql_email_check=mysql_query("Select Email FROM user WHERE Email='$emailChecker'");
$email_check=mysql_num_rows($sql_email_check);
if((empty($first_name)) ||(empty($last_name)) ||(empty($City)) ||(empty($Gender)) ||(empty($Email)) ||(empty($Password))) {
$errorMsg='We are sorry, but there appears to be a problem with the form you submitted.';
if (empty($first_name)) {
$errorMsg.='$var is either 0, empty, or not set at all';
header('Location: Donor.php');
}
if(empty($last_name)){
$errorMsg.='lastname';
header('Location: Donor.php');
}
if(empty($City)){
$errorMsg.='City';
header('Location: Donor.php');
}
if(empty($Gender)){
$errorMsg.='Gender';
header('Location: Donor.php');
}
if(empty($Email)){
$errorMsg.='email';
header('Location: Donor.php');
}
if(empty($Password)){
$errorMsg.='Password';
echo "$errorMsg.";
header('Location: Donor.php');
}
}else if($email_check>0){
$errorMsg="invalid";
}else{
$sql="INSERT INTO user (User_ID,First_Name, Last_Name, gender, city, Email, Password) VALUES (NULL,'$first_name', '$last_name','$Gender','$City','$Email','$Password')";
$result=mysql_query($sql);
$UserID="SELECT max(User_ID) as usr from user";
$userIDResult=mysql_query($UserID);
if($userIDResult === false)
{
die(mysql_error());
}
while($R=mysql_fetch_array($userIDResult)){
$usrID= $R['usr'];
}
$donor="INSERT INTO donor(User_ID, Country)Values('".$usrID."','$Country')";
$resultdonor=mysql_query($donor);
mysql_close();
header('Location: DonorPro.php');
}
}
?>
<?php
include "Header.php";
//include "registration.php";
?>
<div class="DonorDiv">
<h1>Lets Join:</h1>
<form name="input" action="" method="post" <?php print"$errorMsg"; ?>>
First Name: <input type="text" name="firstname" placeholder="First Name" id="r">
<?php print "$first_name";
// if (!isset($_POST['firstname'])) {
//echo '$var is either 0, empty, or not set at all';
//}
?>
Last Name: <input type="text" name="lastname" placeholder="Last Name" id="u" <?php print "$last_name";?>> <br>
Institution: <input type="text" name="country" placeholder="Institution" id="" <?php print "$Institution";?>>
City: <input type="text" name="city" placeholder="City" id="" <?php print "$City";?>><br>
Country: <input type="text" name="country" placeholder="Country" id="" <?php print "$Country";?>><br>
Gender: <input type="text" name="gender" placeholder="Gender" id="" <?php print "$Gender";?>><br>
Email Address: <input type="Email" name="email" placeholder="Email" id="g" <?php print "$Email";?>><br>
Password:<input type="Password" name="pwd" placeholder="Password" id="v" <?php print"$Password";?>><br>
<input type="submit" src="images/button(9).png" alt="Submit" id="q">
</form>
</div>
<?php include "Footer.php"; ?>
The PHP mysql lib is deprecated, you should consider using myslqi or php PDO instead.
Here is a tutorial
You should also be careful : $first_name and the other variables as they are not defined when you display the form, so you will get warnings.
Anyway, your problem is that this check is always false :
if(isset($_POST['submit'])){
The easiest (but not the best) way to correct that is to add a hidden input in your form :
<input type="hidden" name="hidden">
You have to quit the PHP script after telling the browser to redirect to another page:
header('Location: Donor.php');
exit;
(Besides SQL injection and some other problems.)
Related
i have a little problem
I have a form in login.php:
`
<form action="loginscript.php" method="post">
<h2>Login form</h2>
<label for="nick">Podaj imie: </label>
<input type="text" name="nick" id="nick">
<br>
<label for="pass">Podaj haslo: </label>
<input type="password" name="pass" id="pass">
<br>
<p>LOG IN</p>
<input type="submit" name="submit" id="submit">
</form>
`
and i have a loginscript.php file:
`
<?php
session_start();
if (isset($_POST["nick"]) && isset($_POST["pass"])) {
$nick=$_POST["nick"];
$pass=sha1(sha1($_POST["pass"]));
$conn = mysqli_connect("localhost", "root", "", "baza2");
if ($conn) {
$query = mysqli_query($conn, "SELECT * FROM login_table WHERE nick='$nick' AND pass='$pass'");
if (mysqli_num_rows($query)) {
$_SESSION["logged"]=true;
header("Location: main.php");
} else {
header('Location: login.php');
}
mysqli_close($conn);
}
}
?>
`
In the loginscript.php in else i have redirect to login.php page. How can i change maybe p tag from 'LOG IN' to 'USERNAME OR PASSWORD IS WRONG'?
I tried using jquery but that doesn't work, maybe I don't know how. Please help :(
You can't change anything on the target page from there, but what you can do is provide some information to the target page which that page can use. For example, consider this redirect:
header('Location: login.php?failed=true');
Then in the login.php code you can check for the "failed" query string value and conditionally change the output based on that. For example:
<?php
$message = isset($_GET['failed']) ? "USERNAME OR PASSWORD IS WRONG" : "LOG IN";
?>
<form action="loginscript.php" method="post">
<h2>Login form</h2>
<label for="nick">Podaj imie: </label>
<input type="text" name="nick" id="nick">
<br>
<label for="pass">Podaj haslo: </label>
<input type="password" name="pass" id="pass">
<br>
<p><?= $message ?></p>
<input type="submit" name="submit" id="submit">
</form>
you could try the code below.
if (mysqli_num_rows($query)) {
$_SESSION["logged"]=true;
echo "<script type='text/javascript'> document.location = 'main.php';</script>";
} else {
echo "<script>alert('Your Password or username is wrong!');</script>";
}
I have a form on a website. I need to save my information to database. I made a database in localhost but when I click on submit it displays the whole code of register.php in the same page and no data saved in database,i have placed all the files in htdocs. I have form in index.html and register.php file is seperate. Here the php file:
<?php
mysql_connect('localhost','root','');
if(!$link){
die('could not connect: ' . mysql_error());
}
echo 'connected successfully';
mysql_select_db(learnqurandb);
$name = $_post['fullname'];
$email = $_post['email'];
$mobile = $_post['mobile'];
$country = $_post['country'];
$course = $_post['course'];
$skype_id = $_post['skype'];
if($name == ""){
echo "<script>alert('please enter your name')</script>";
exit();
}
if($email == ""){
echo "<script>alert('please enter your E-mail')</script>";
exit();
}
if($mobile == ""){
echo "<script>alert('please enter your Mobile Numbet')</script>";
exit();
}
if($country == ""){
echo "<script>alert('please enter your country name')</script>";
exit();
}
if($course == ""){
echo "<script>alert('please select your desire course')</script>";
exit();
}
if($skype_id == ""){
echo "<script>alert('please enter your Skype ID')</script>";
exit();
}
$check_skype_id = "select * from learnquran where skype = '$skype_id";
$count = mysql_query('$check_skype_id');
if(mysql_num_rows ($count) > 0){
echo"<script>alert('Skype_id $skype_id is already exists, please try another one.')</script>";
exit();
}
$query = "INSERT INTO registration (fullname,email,mobile,country,course,skype) values('$name','$email','$mobile','$country','$course','$skype_id')";
if(mysql_query ($query)){
echo "<script>alert('Registration Successfull')</script>";
}
}
?>
my html form is this
<div id="form_div">
<h2>Quick Registration</h2>
<form name="Form1" method="post" action="register.php" />
<label for="name">Name:</label>
<input type="text" name="fullname" id="fname" /><br><br>
<label for="email">Email:</label>
<input type="text" name="email" id="user_email" /><br><br>
<label for="mobile">Mobile:</label>
<input type="text" name="mobile" id="user_mobile" /><br><br>
<label for="country">Country:</label>
<input type="text" name="country" id="user_country" /><br><br>
<label for="skype">Skype ID:</label>
<input type="text" name="skype" id="skype_id" /><br><br>
<label for="course">Course:</label>
<select name="course" id="desired_course" ><br><br>
<option value="Select course..." selected>Select course</option><br>
<option value="Quran Reading">Quran Reading</option>
<option value="Memorizing the Holy Quran">Memorizing Holy Quran</option>
</select><br><br>
<input type="submit" class="submit" id="button1" value=""/>
</form>
</div>
You should be using PDO instead of mysql_connect as it has been deprecated as of PHP 5.5.0. Please view this tutorial on how to use PDO. Here's more information about it: http://php.net/manual/en/function.mysql-connect.php
https://www.youtube.com/watch?v=QtCdk459NFg&list=PLfdtiltiRHWHkDwEoZ29Q9FKtWVjA46HC
As for your code just displaying on your screen, make sure that your server has php enabled.
While I found something similar to this question on here it didn't answer my question outright.
I have set up this php script to validate the form data, which works, after its validated I want it to then pass the info onto another script page to let the user then verify their input data and then mail the data. Its at this state that I'm having trouble. I've spent the last few days trying to find a solution to this and unfortunately coming up short.
<?php
$name_error = '';
$email_error = '';
$comments_error = '';
$error = false;
if (!empty($_POST['submitted']))
{ //if submitted, the validate.
$name = trim($_POST['name']);
if (empty($name))
{
$name_error='Name is required';
$error = true;
}
$email = trim($_POST['email']);
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email))
{
$email_error='E-mail address not valid';
$error = true;
}
$comments = trim($_POST['comments']);
if (empty($comments))
{
$comments_error='Comments are required';
$error = true;
}
if ($error == false)
{
$name_send = $name;
$email_send = $email;
$comments_send = $comments;
/* Redirect visitor to the thank you page */
header('Location: /mail.php');
exit();
}
}
The form this is attached to:
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>" method="post">
<label>Your Name</label><br />
<input type="text" name="name" style="width:95%" class="text" value='<?php echo htmlentities($name) ?>' />
<br/>
<span class='error'><?php echo $name_error ?></span>
<br />
<label>Email</label><br />
<input type="email" name="email" style="width:95%" class="text" value='<?php echo htmlentities($email) ?>' />
<br/>
<span class='error'><?php echo $email_error ?></span>
<br />
<label for="comments" style="font-size:16px;">Feedback Comments</label><br />
<textarea name="comments" style="width:95%;" rows="8" value='<?php echo htmlentities($comments) ?>'></textarea>
<br />
<span class='error'><?php echo $comments_error ?></span>
<br />
<input type="checkbox" name="allowCommentPublish" checked="checked" />
<label for="allowCommentPublish" style="font-size:10px;">Allow these comments to be used on our website</label>
<fieldset class="optional">
<h2>[ OPTIONAL ]</h2>
<label>Company Name</label><br />
<input type="text" name="companyName" style="width:95%" class="text" />
<br/>
<label>Phone</label><br />
<input type="text" name="phone" style="width:95%" class="text" /><br/>
<div style="margin:5px 0px;">
<input type="checkbox" name="incmarketing" />
<label style="font-size:10px;"> Yes, you can email me specials and promotions.</label>
<br/>
</div>
</fieldset>
<fieldset>
<input type="submit" name="submitted" value="Send" />
</fieldset>
I will point out im focusing on the main data inputs: Name E-mail and comments.
I need the info from this form to be sent onward but i dont know exactly how to do this and any help will be appreciated greatly.
For passing the values to next page you will have to use either of the three methods.
1. Set cookies with the data.
2. Use global variable session.
3.Pass the data in the url.
For cookies u can set cookies with the values like
setcookie('name',$name);
in ur next page read those cookie data
For sessions:
$_SESSION['name']= $name;
for reading data from cookies & session:
$name = $_COOKIE['name'];
$name = $_SESSION['name'];
For using sessions you must add the line
session_start();
at the start of both the pages that send or receive(use) the data
and for urls
header('Location: /mail.php?name=$name&email=$email&comment=$comments');
Read more on using session
If you need to pass values from one script to another you can use $_SESSION variables. To start a session use: (at the top of the php script)
session_start();
$_SESSION['somename'] = $somevariable;
To access or get that same variable you can use this:
session_start();
$some_other_variable = $_SESSION['somename'];
or you can use hidden input fields.
You can use hidden fields and javascript to submit the form. However as this is the same php page as the original form you will need an if statement
echo '<form name="newForm" action="newpage.php" method="POST">';
echo '<input type="hidden" name="name2" value"' . $name . '">;
echo '<input type="hidden" name="email2" value"' . $email . '">;
echo '<input type="hidden" name="comments2" value"' . $comments . '"></form>;
echo '<script> if (document.getElementById("name2").value != ""){window.onload = function(){ window.document.newForm.submit(); }} </script>';
I'm using kespersy antivirus.I want to store the details in database.but password and confirm password value is not printed while testing.
all the field values are echoed except password and confirm password.$pass is password variable and $c_pass is confirm password variable.
<form name="profile" method="post">
<p style="margin-left:1cm">Name<a style="margin-left:45px"></a> : <input type="text" name="p_name" size=18 maxlength=50></p>
<p style="margin-left:1cm">Email<a style="margin-left:45px"></a> : <input type="text" name="email" size=18 maxlength=50></p>
<p style="margin-left:1cm">Password<a style="margin-left:25px"></a> : <input type="password" name="pass" size=18 maxlength=50></p>
<p style="margin-left:1cm">Confirm<a style="margin-left:30px"></a> : <input type="password" name="c_pass" size=18 maxlength=50></p>
<p style="margin-left:1cm">Phone<a style="margin-left:45px"></a> : <input type="text" name="phone" size=18 maxlength=50></p>
<p style="margin-left:1cm">Address<a style="margin-left:30px"></a> : <textarea name="address" max=200></textarea></p>
<p style="margin-left:1cm">EIN<a style="margin-left:50px"></a>   : <textarea name="ein" max=200></textarea></p>
<center><input type="submit" name="edit" value="Edit" /> </center>
</form>
<?php
include "config.php";
if(isset($_REQUEST['edit']))
{
echo "hai";
echo $pass=$_REQUEST['Pass'];
echo $c_pass=$REQUEST['c_pass'];
echo $address=$_REQUEST['address'];
echo $p_name=$_REQUEST['p_name'];
echo $phone=$_REQUEST['phone'];
echo $email=$_REQUEST['email'];
echo $ein=$_REQUEST['ein'];
echo $datz=date('m-d-yy h:i:s');
if($pass==$c_pass)
{
echo $c_pass;
echo $pass;
if($p_name!='' && $address!='' && $p_name!='' && $phone!='' && $email!='' && $ein!='' && $pass!='')
{
echo $sql="insert into register(name,address,contact_name,phone,email,password,ein,c_date) values ('$name','$address','$p_name','$phone','$email','$pass','$ein','$datz')";
if(mysql_query($sql))
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('registered successfully');
</SCRIPT>");
}
else
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('try again');
</SCRIPT>");
}
}
}
}
?>
First of all why do you use the $_REQUEST variable?
It would be much safer if you use $_POST instead.
Can you update your question with your HTML form so we can see what you did there?
Another suggestions is to use mysqli functions or even prepared statements.
With prepared statements you are better protected against SQL injections like Jack mentioned.
If you dont use prepared statements it is really important that you escape the user input before you save it in your Database:
$name = mysqli_real_escape_string($dblink, $name);
And you should not save the passwords in plaintext, at least use MD5.
$pass = md5($pass);
Better use SHA1 as mentioned by BlackPearl:
$pass = sha1($pass);
UPDATE:
I see a typo in your HTML:
<input type="password" name="pass" size=18 maxlength=50></p>
But in your PHP Code you use:
$_REQUEST['Pass']
which is wrong.
you have to use the same name it is case sensitive.
I was trying to get variable in Query String from URL. But somehow, its just got one variable instead of getting all variables from querystring. I really don't know what goes wrong with my code. Here is the code I want to print out error from the invalidate form:
<?php
displayForm();
function displayForm(){
?>
<form action="./prod_add_action.php" method="post" name="addproductForm">
<fieldset>
<legend>Online Ordering System Setup</legend>
<label for="product_name">Product Name: </label><input type="text" name="product_name" value="" /><?php echo $_GET["name_error"]; ?>
<label for="product_date">Product Date: </label><input type="text" name="product_date" value="" /><?php echo $_GET["date_error"]; ?>
<label for="product_price">Product Price: </label><input type="text" name="product_price" value="" /><?php echo $_GET["price_error"]; ?>
<input name="add_button" type="submit" value="Add" />
<input name="reset_button" type="reset" value="Clear" />
</fieldset>
</form>
<?php
}
?>
And here is the code I created the querystring:
$query_string = "name_error=" .urlencode($name_error) ."&date_error=" .urlencode($date_error) ."&price_error=" .urlencode($price_error);
header("Location: ./prod_add.php?$query_string");
exit();
In the first code, the page only print the first $_GET['name_error'], while it should be include $_GET['date_error'] and $_GET['price_error. ']
This is the address:
http://example.com/prod_add.php?name_error=Product+name+must+be+characters+only&date_error=Product+date+must+be+input+as+this+formate+DD-MM-YYYY&price_error=Product+price+must+be+float+number+only
You should use & instead of &'s ?
$query_string = "name_error=" .urlencode($name_error) ."&date_error=" .urlencode($date_error) ."&price_error=" .urlencode($price_error);
header("Location: ./prod_add.php?$query_string");
exit();
Change & to & as:
$query_string = "name_error=" . urlencode($name_error) . "&date_error=" . urlencode($date_error) . "&price_error=" . urlencode($price_error);
header("Location: ./prod_add.php?$query_string");
exit();