I have a HTML form handled by php. The form has various text input fields and one of those asks the user to input a link containing http://.
The problem is when I submit a link like http://www.google.com/ the form fails badly by displaying random content from different php files on my website.
Here's a resume of my code:
<form action="add.php" method="post">
<input type="text" name="link" />
<input type="submit" value="submit" />
<?php
if (isset($_POST['link']))
{
$link = mysql_escape_string($_POST['link']);
mysql_query("INSERT INTO mytable(link) values($link)");
}
?>
Works just fine when not submitting a string that contains http://. Anyone has any idea why this happens?
Sidenote: You will find an mysqli_* based version further down.
Assuming you are connected to your DB, you did not wrap $link in VALUES with quotes.
Change this line:
mysql_query("INSERT INTO mytable(link) values( $link )");
^ ^ <- missing quotes
to:
mysql_query("INSERT INTO mytable(link) values('$link')");
Tested and working with this example: (form is set to self) and using http://www.google.com/ as an input and a few others containing http://
<?php
define('DB_NAME', 'xxx');
define('DB_USER', 'xxx');
define('DB_PASS', 'xxx');
define('DB_HOST', 'xxx');
$dbh = mysql_connect(DB_HOST, DB_USER, DB_PASS);
if(!$dbh)
{
die('Could not connect to database: ' . mysql_error());
}
$db_select = mysql_select_db(DB_NAME);
if(!$db_select)
{
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
if(isset($_POST['submit']) && !empty($_POST['link'])){
$link = mysql_real_escape_string($_POST['link']);
mysql_query("INSERT INTO mytable (link) values('$link')");
if(!mysql_query)
{
die("sorry");
}
else{ echo "Success"; }
mysql_close();
}
?>
<!DOCTYPE html>
<html>
<body>
<title></title>
<h3>Place your Link Below:</h3>
<form action="" method="post">
<input type="text" name="link" />
<input type="submit" name="submit" value="submit" />
</body>
</html>
Footnotes:
Do consider switching to mysqli_* functions with prepared statements or PDO. The mysql_* functions are deprecated and will be removed from future releases.
Here is an mysqli_* based version:
<?php
define('DB_NAME', 'xxx');
define('DB_USER', 'xxx');
define('DB_PASS', 'xxx');
define('DB_HOST', 'xxx');
$dbh = mysqli_connect(DB_HOST, DB_USER, DB_PASS);
if(!$dbh)
{
die('Could not connect to database: ' . mysqli_error());
}
$db_select = mysqli_select_db($dbh,DB_NAME);
if(!$db_select)
{
die('Can\'t use ' . DB_NAME . ': ' . mysqli_error());
}
if(isset($_POST['submit']) && !empty($_POST['link'])){
$link = mysqli_real_escape_string($dbh,$_POST['link']);
mysqli_query($dbh,"INSERT INTO mytable (link) values('$link')");
if(!mysqli_query)
{
die("sorry");
}
else{ echo "Success"; }
mysqli_close($dbh);
}
?>
<!DOCTYPE html>
<html>
<body>
<title>Home Page</title>
<h3>Please Place your Order Below:</h3>
<form action="" method="post">
<input type="text" name="link" />
<input type="submit" name="submit" value="submit" />
</body>
</html>
Related
I am using PHPStorm and I am trying to send my user's input from an html form to my database using PHP. My database seems to be getting the inputs since it creates a new id (which is the primary key and it is set to auto-increment) however, the fields are empty!
Here is my HTML
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form name="i_createaccount" id="createaccount" action="info.php" method="post">
<h2 class="formtitle">Create an account</h2>
<input type="text" class="firstnlast" name="i_name" placeholder="First Name" required/>
<input type="text" class="firstnlast" name="i_last" placeholder="Last Name" required/>
<input id="txtEmail" type="email" name="i_email" placeholder="Email" required/>
<input type="submit" name="submit" class="next, button" value="Join Now"/>
</form>
</body>
</html>
Here is my info.php
<?php
if(empty($_SERVER['CONTENT_TYPE'])) {
$type = "application/x-www-form-urlencoded";
$_SERVER['CONTENT_TYPE'] = $type;
}
//Connecting to sql db.
define('DB_NAME', 'nabi_data');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Cant use ' . DB_NAME . ':' . mysql_error());
}
$message = '';
$i_name = (string)filter_input(INPUT_POST, 'i_name');
$i_last = (string)filter_input(INPUT_POST, 'i_last');
$i_email = (string)filter_input(INPUT_POST, 'i_email');
$sql = "INSERT INTO nabi_instructors (i_name, i_last, i_email) VALUES ('$i_name', '$i_last', '$i_email')";
if (!mysql_query($sql)) {
die('Error: ' . mysql_error());
mysql_close();
}
I have this error when i try to submit to my demo database:
Can't use demo: Unknown database 'demo' How do i get the server going?
Basic form:
<form action="demo.php" method="post" />
<p>Input 1: <input type="text" name="input1" /></p>
<p>Input 2: <input type="text" name="input2" /></p>
<input type="submit" value="Submit" />
</form>
Server communication setup:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
define('DB_NAME', 'demo');
define('DB_USER', 'root');
define('DB_PASSWORD', 'root');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
$value = $_POST['input1'];
$value2 = $_POST['input2'];
$sql = "INSERT INTO demo (input1, input2) VALUES ('$value', '$value2')";
if (!mysql_query($sql)) {
die('Error: ' . mysql_error());
}
mysql_close();
?>
</body>
</html>
All my code should work and is from this tutorial: Tutorial video link
Here is download link to the original php files i have used:
Original from tutorial: Basic php form
Orignial from tutorial: Communication with server php-file
Your database is called "forms1" not "demo".. table is called "forms1".
Change define('DB_NAME', 'demo'); to define('DB_NAME', 'forms1');
Your database name is forms1 not demo. demo is your table name
Try this code
define('DB_NAME', 'forms1');//Your database name is forms1 not demo
define('DB_USER', 'root');
define('DB_PASSWORD', 'root');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
Change this code because in your table column input2 not available
$sql = "INSERT INTO demo (input1) VALUES ('$value')";
You need to define your Database on mysql_connect
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
I am new working on a project that has me connecting a database and a webpage and before doing the official database, I wanted to test a basic database.
I test to make sure everything is working by using phpMyAdmin. I can tell that I formed SOME kind of connection between my html and php, but that's where the issue is. whenever I press the submit button on my site, instead of getting a message telling me that everything works, I instead get a white page with all of my php code. I have tried making sure all my syntax is correct and all the variables are labeled correctly, but nothing is going through.
<!DOCTYPE php>
<?php
define('DB_NAME', 'training');
define('DB_USER', 'root');
define('DB_PASSWORD', '********');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!link){
die('Could not connect: ' .mysql_error);
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!db_selected){
die('Error: ' .mysql_error());
}
$Name = $_POST=['name'];
$Job = $_POST['job'];
$sql = "INSERT INTO employee (name,job) VALUES ('$Name', '$Job')";
if (!mysql_query($sql)){
die('Error: ' .mysql_error());
}
echo 'Success!';
mysql_close();
?>
<!DOCTYPE html>
<html>
<h1 style="text-align:center">Undergrad Sign-up</h1>
<style>
#body {background-color:#001b38;}
</style>
<body id="body" style="color:white;text-align:center" >
<form action="DBconnect.php" method="post" />
Name<br>
<input type="text" name="name" maxlength=20 required/>
<br>
Job<br>
<input type="text" name="job" maxlength=20 required/>
<br>
<button type="submit" value="submit">Submit</button>
</form>
</body>
</html>
I am trying to get a video play to play from a database. I have a form with the following code:
<form action="abs3xvideos.php" method="POST" enctype="multipart/form-data">
<input type="file" name="id" />
<input type="submit" name="submit" value="UPLOAD!" />
<form action="abs3xvideos.php">
Search ABS3X:
<input type="search" name="googlesearch">
<input type="submit">
</form>
I then have another page the form is linked to with the following code:
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
define('DB_Name', 'gaufensr_abs3x');
define('DB_User', 'gaufensr_owner');
define('DB_Password', 'password');
define('DB_Host', 'localhost');
$link = mysql_connect(DB_Host, DB_User, DB_Password);
if (!$link) {
die('could not connect:' . mysql_error());
}
$db_selected = mysql_select_db(DB_Name, $link);
if (!#db_selected) {
die('can\t use' . DB_Name. ': ' . mysql_error());
}
echo 'CONNECTED SUCCESSFULLY';
$id = $_POST['id'];
$value = $_POST['id'];
$sql = "INSERT INTO videos (video_name) VALUES ('$value')";
if (!mysql_query($sql)) {
die(`ERROR: ` .mysql_error());
}
if (isset($_POST['id'])){
$id = $_POST['id'];
$query = mysql_query("SELECT * FROM `videos` WHERE id='$id'");
while($row = mysql_fetch_assoc($query))
{
$id = $row['id'];
$video_name = $row['video_name'];
}
echo "You are watching " .$id. "<br />";
echo "<embed src=`$id` width='560' height='315'></embed>";
}
else
{
echo "Error!";
}
mysql_close();
?>
I get the following error message when I try to upload a video using the form page that I created:
CONNECTED SUCCESSFULLY
Notice: Undefined index: id in /home1/gaufensr/public_html/abs3xvideos.php on line 39
Notice: Undefined index: id in /home1/gaufensr/public_html/abs3xvideos.php on line 40
Error!
I am at a loss. I spoke with someone on stackflow earlier and they suggested that something might be wrong with my while loop but I am not to sure what the mistake could be. Should I separate the PHP code into different pages maybe?
Did you urlencode the name?
$video_name = urlencode($row['video_name']);
Or rawurldecode may work better.
$video_name = rawurldecode($row['video_name']);
you forget to close form
Use
<form action="abs3xvideos.php" method="post" enctype="multipart/form-data">
<input type="file" name="id" />
<input type="submit" name="submit" value="UPLOAD!" />
</form>//from close here
<form action="abs3xvideos.php">
Search ABS3X:
<input type="search" name="googlesearch">
<input type="submit">
</form>
I've been trying to learn PHP and have been given a simple task to help me.
I'm trying to get a user to complete a form which has their email address in it, then save it to a database.
Here's my code so far:
<html>
<body>
<form action="postemail.php" method="post"> Email Address: <input type="text" name="emailaddress" /> <input type="submit" />
</form>
</body>
</html>
<?php
$connection = mysql_connect("localhost","edwardHost","password");
if (!$connection) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("my_database", $connection);
$sql="INSERT INTO Subscribers (EmailAddress) VALUES ('$_POST[emailaddress]')";
if (!mysql_query($sql,$connection)) {
die('Error: ' . mysql_error());
}
mysql_close($connection);
?>
Thanks in advance!
Change your query to this
One more thing i forget last time you are missing single quete around $_POST[emailaddress]. In your query
$sql="INSERT INTO Subscribers (EmailAddress) VALUES ('".$_POST['emailaddress']."')";
Dont use mysl function as the are deprciated
Learn mysqli_ function or PDO Or both
Check this link for mysql identifier http://dev.mysql.com/doc/refman/5.0/en/identifier-qualifiers.html
Try this example using PDO in your postemail.php
define('DB_TYPE', 'mysql');
define('DB_HOST', '127.0.0.1');
define('DB_NAME', 'dbname');
define('DB_USER', 'root');
define('DB_PASS', 'password');
try {
// create a new instance of a PDO connection
$db = new PDO(DB_TYPE.':host='.DB_HOST.';dbname='.DB_NAME, DB_USER, DB_PASS);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e) {
// if the connection fails, display an error message
echo 'ERROR: ' . $e->getMessage();
}
if(isset($_POST['emailaddress']) && !empty($_POST['emailaddress'])) {
$emailaddress = $_POST['emailaddress'];
$sql = 'INSERT INTO Subscribers (EmailAddress) VALUES (:emailaddress )';
$stmt = $db->prepare($sql);
$stmt->bindValue('emailaddress ', $emailaddress);
$stmt->execute();
}
After you have totaly filled in the form, it first needs to check if the submit button is clicked, then it has to send it to a database.
You also need to give you submit button a name=""
HTML code:
<html>
<body>
<form action="postemail.php" method="post">
Email Address: <input type="text" name="emailaddress" />
<input type="submit" name="submit" value="add to database" />
</form>
</body>
</html>
PHP code:
<?php
if(isset($_POST['submit'])){
$connection = mysqli_connect("localhost","edwardHost","password","my_database");
if (!$connection) {
die('Could not connect: ' . mysql_error());
}
$email = $_POST['emailaddress'];
$sql = "INSERT INTO Subscribers (EmailAddress) VALUES ('$email')";
if (!mysqli_query($connection,$sql)) {
die('Error: ' . mysql_error());
}
mysql_close($connection);
}
?>
<html> <body>
<form action="postemail.php" method="post">
Email Address: <input type="text" name="emailaddress" />
<input type="submit" />
</form>
</body> </html>
<?php $connection = mysql_connect("localhost","username","password");
if (!$connection) { die('Could not connect: ' . mysql_error());
}
mysql_select_db("my_database", $connection);
$sql="INSERT INTO Subscribers (EmailAddress) VALUES ('$_POST[emailaddress]')";
if (!mysql_query($sql,$connection)) { die('Error: ' . mysql_error()); }
mysql_close($connection);
?>