I'm working on a cms for my site and this form is not submitting. I know its a query problem, but I can't figure out whats wrong. Any help? Also, the $db is in my config and I do include it at the top of the page. The problem is its not submitting and all it does it refresh, nothing else. I also want to display there form submissions in a table later, but I don't know how to do that, if anyone can help me with that part that would be great as well.
php:
<?php
if(isset($_POST['submit']))
{
$c_name = $_POST['channel_username'];
$v_link = $_POST['video_link'];
$v_title = $_POST['video_title'];
$v_desc = $_POST['vido_description'];
$v_tags = $_POST['video_tags'];
$m_sources = $_POST['music_sources'];
$s_requests = $_POST['special_requests'];
if(empty($c_name) or empty($v_link) or empty($v_title) or empty($v_title) or empty($v_desc) or empty($v_tags))
{
echo 'You must fill in the first 5 fields.';
}
else
{
$getRank = $db->query("SELECT * FROM users WHERE username = '".$_SESSION['username']."'");
while ($row = $getRank->fetch_assoc())
{
$usename = $row['username'];
$rank = $row['rank'];
}
$db->query("INSERT INTO submitted_forms (username, rank, channel_username, video_link, video_title, video_description, video_tags, music_sources, special_requests) VALUES ('$username', '$rank', '$c_name', '$v_link', '$v_title', '$v_desc', '$v_tags', '$m_sources', '$s_requests')");
echo 'Form submitted successfully.';
}
}
?>
Html:
<form method="POST">
<p>Channel name <input type="text" name="channel_name" required>*</p>
<p>Video Link <input type="text" name="video_link" required>*</p>
<p>Video Title <input type="text" name="video_title" required>*</p>
<p>Video Description <input type="text" name="video_description" required>*</p>
<p>Video Tags <input type="text" name="video_tags" required>*</p>
<p>Music Sources <input type="text" name="music_sources"></p>
<p>Special Requests <input type="text" name="special_requests"></p>
<br></br>
<p><input type="submit" name="submit" value="Submit"></p>
</form>
If the problem is indeed with the query, then it's probably this:
$db->query("INSERT INTO submitted_forms (username, rank, channel_username, video_link, video_title, video_description, video_tags, music_sources, special_requests) VALUES (''.$username.'', ''.$rank.'', ''.$c_name.'', ''.$v_link.'', ''.$v_title.'', ''.$v_desc.'', ''.$v_tags.'', ''.$m_sources.'', ''.$s_requests.'')");
I think instead, you want:
$db->query("INSERT INTO submitted_forms (username, rank, channel_username, video_link, video_title, video_description, video_tags, music_sources, special_requests) VALUES ('$username', '$rank', '$c_name', '$v_link', '$v_title', '$v_desc', '$v_tags', '$m_sources', '$s_requests')");
-- edit --
further to that, although it won't give you an error as-is, you really oughtn't insert fresh POST data in there. At the very least you probably want to use mysqli_real_escape_string on it.
Related
I have been trying to solve this and need some help. I have a user that logs in and I am passing that variable through Sessions. The main pages are templates that populate based on a key word search (I am passing the variable as a POST) and fill in based off of the information in the database.Now I am creating a way for the users to comment. Below is my basic form. I am getting stuck when i want to bring through one of the values of the database. I will call it $place for this explanation.
while($row = mysqli_fetch_array($result)) {
$place=$row['place'];}
<form action="post_comment.php" method="POST">
<textarea name="comment" cols="50" rows="6" placeholder="Give Your Review!"></textarea><br/>
<input type="submit" value="Comment" class="btn btn-custom" role="button"/>
</form>
in the post_comment.php I have the following
$query="SELECT displayname FROM Users WHERE id='".$_SESSION['id']."' LIMIT 1";
$result2 = mysqli_query($link,$query);
$row = mysqli_fetch_array($result2);
$name=$row['name'];
$query="INSERT INTO `comments` (`comment`, `user`, `place`) VALUES ('".mysqli_real_escape_string($link, $_POST['comment'])."', '".mysqli_real_escape_string($link, $name)."', '".mysqli_real_escape_string($link, $place)."'";
mysqli_query($link, $query);
Can someone explain how to bring $place over to post_comment?
Thank you!
Guessing $place is an id, I would write it in the form as a hidden field, then you can read it also in your post vars.
So you would write your form like this:
<form action="post_comment.php" method="POST">
<input type="hidden" name="place" value="<? echo $place; ?>" />
<textarea name="comment" cols="50" rows="6" placeholder="Give Your Review!"></textarea><br/>
<input type="submit" value="Comment" class="btn btn-custom" role="button"/>
</form>
There's no problem with your $name variable.
However, for $place, you can use a PHP Session. Using a PHP Session is more secure than using a hidden field if you have sensitive information. Having a hidden field will allow users to manually edit the information by using Inspect Element.
1st PHP File
while($row = mysqli_fetch_array($result)) {
$place=$row['place'];}
session_start();
$_SESSION["place"] = $place;
post_comment.php
session_start(); //include at the start of your PHP Script
$comment = mysqli_real_escape_string($link, $_POST['comment']);
$name = mysqli_real_escape_string($link, $_POST["name"]);
$place = mysqli_real_escape_string($link, $_SESSION["place"]);
$query="INSERT INTO `comments` (`comment`, `user`, `place`) VALUES ('$comment', '$name', '$place')";
I'm stuck on a posting script, I want information from mysql table 'category' from name to put that in mysql table 'post' to cat.
I cant get the data from category table in my html form "$row['name']
So when I click on sumbit the name from table 'category' example category called by 'name' test will be inserted into $cat
<html>
<body>
<title>ADD NEW POST</title>
<?php
// POST.PHP POSTING NEW CONTENT
include 'config.php';
// values from form
$id=$_POST['id'];
$title=$_POST['title'];
$pic=$_POST['pic'];
$youtube=$_POST['youtube'];
$cat=$_post['cat'];
// insert data to mysql
$sql="INSERT INTO post(id, pic, youtube, cat)VALUES('$id', '$title', '$pic', '$youtube', '$cat')";
$result=mysql_query($sql);
// succes added
if($result){
echo "Added a new post";
}
else {
echo "SOMETHING WENT WRONG!";
}
// end of post script ^^
?>
<?php
$query2 = mysql_query("SELECT * FROM `category` ");
while($row=mysql_fetch_array($query2)){
}
// html form start ?>
<form action="<?php $_PHP_SELF ?>" method="post">
title: <input name="title" type="text" id="title"><br />
Picture link: <input name="pic" type="text" SIZE="80" id="pic"><br />
Youtube link: <input name="youtube" type="text" SIZE="80" id="youtube"><br />
Category game: <select name="name">
<option VALUE="<?php echo ''.$row['name'].''; ?>"><?php echo ''.$row['name'].''; ?></option>
<br /><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
You are vulnerable to SQL injection attacks. And if you have even bare bones minimal error handling in your code, you'd have been told WHERE the error is:
$result = mysql_query($sql) or die(mysql_error());
^^^^^^^^^^^^^^^^^^^^^^^-- you **NEED** this
As for the actual problem:
$sql="
INSERT INTO post(id, pic, youtube, cat)
^^^^^^^^^^^^^^^^^^^^^--- FOUR fields
VALUES
('$id', '$title', '$pic', '$youtube', '$cat')";
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^--- FIVE values
You're missing title in the field list.
Never EVER assume success. Assume everything will fail, code accordingly, and treat success as a pleasant surprise.
I'm pretty new to PHP, so I'm not quite sure on what to do with this.
Basically I'm trying to insert an entry into my MySQL database, through a "submit" button in HTML. I can't seem to get this to work, is it possible?
<?php
include('db_connect.php');
$SQL = "INSERT INTO chosenitems (ID, Name, Price) VALUES ('', '4-6 Days', '£75.00')";
$result = mysql_query($SQL);
?>
The INSERT works perfectly fine on its own, but I want it to be executed when the "submit" button is pressed.
Any help would be greatly appreciated.
Thanks
Tobo.
Just set the action of the form to the URL of the script that performs the insert.
Note that since you are modifying a database, the request is probably non-idempotent and you should use the POST method.
<form action="/path/to/your/script.php" method="post">
<input type="submit">
</form>
<form method="post">
<input type="submit" name="submit" value="submt"/>
</form>
PHP
<?php
if(isset($_POST['submit']))
{
$SQL = "INSERT INTO chosenitems (ID, Name, Price) VALUES ('', '4-6 Days', '£75.00')";
$result = mysql_query($SQL);
}
?>
You can check button value is posted and can execute line of code in it.
<?php
include('db_connect.php');
if(isset($_REQUEST['SUBMIT_BUTTON_NAME']))
{
$SQL = "INSERT INTO chosenitems (ID, Name, Price) VALUES ('', '4-6 Days', '£75.00')";
$result = mysql_query($SQL);
}
?>
Hope this will be helpful to you
I had for the submit details:
<form id = "submitForm" action="config/profile_save.php" method="post">
<button type="submit" class="button" name="submit" value="submit">Save Profile</button></form>
Inside each input field on the page, I placed form = "submitForm"
I then changed the name too.(This is the super global variable later)
<input type="text" autofocus="true" class="custom_link_url_text" id="custom_link_url_text"
name="custom_link_email" placeholder="Enter your public email address" spellcheck="false"
style="width: 245px;" maxlength="75" form = "submitForm">
I was then able to capture the data on the next page using the name as POST variable.
if(isset($_POST['submit'])) {
$custom_link_email = $_POST['custom_link_email'];
}
Once I did that it was just a case of inserting data into the database.
what is the issue with this code , I'm using a form to insert some values into a database , i have a controller setup like that. when i submit the form , the value was not posted in the database, but if i remove all others fields and left only 2 fields in the form and post it ,it works so there's something that i miss,been trying to resolve for more than 6 hours .please some help :
//database insertion
if (isset($_POST['VideoTITLE']))
if (isset($_POST['ByArtist']))
if (isset($_POST['GroupName']))
if (isset($_POST['URL']))
if (isset($_POST['VideoDate']))
{
try
{
$sql = 'INSERT INTO videoclip SET
VideoTITLE = :VideoTITLE,
ByArtist = :ByArtist,
GroupName = :GroupName,
URL = :URL,
VideoDate = CURDATE()
';
$s = $pdo -> prepare($sql);
$s -> bindValue(':VideoTITLE',$_POST['VideoTITLE']);
$s -> bindValue(':ByArtist',$_POST['ByArtist']);
$s -> bindValue(':GroupName',$_POST['GroupName']);
$s -> bindValue(':URL',$_POST['URL']);
$s -> execute();
}
catch(PDOException $e)
{
$error = 'error adding submitted data' . $e-> getMessage();
include 'error.html.php';
exit();
}
header('Location:.');
exit();
}
here's my html form setup:
<form action="?" method="post" class="form-horizontal">
<legend>Song Info</legend>
<fieldset>
<label>Song Title </label>
<input type="text" id="VideoTITLE" name="VideoTITLE" placeholder="song name…">
<label>Artist </label>
<input type="text" id="ByArtist" name="ByArtist" placeholder="artist name…">
<label>Musical Group</label>
<input type="text" id="GroupName" name="GroupName" placeholder="Type something…">
<label>Poster link</label>
<input type="text" id="URL" name="URL" placeholder="Type something…">
</fieldset><br>
<input type="submit" class="btn btn-success" value="Post video">
</form>
Its a couple of problems, maybe more:
You have isset($_POST['VideoDate']) in your if condition which will always be false since VideoDate is not in your form. You should take this out since you seem to want to set it using CURDATE() in your insert script.
your insert statement is incorrect. mysql inserts typically look like INSERT INTO TABLE_NAME (COL1, COL2) values('VALUE1', 'VALUE2'); so you should change your insert code to look like
$sql = 'INSERT INTO videoclip (VideoTITLE, ByArtist, GroupName, URL, VideoDate) values (:VideoTITLE, :ByArtist, :GroupName, :URL, CURDATE())';
Your syntax is incorrect for INSERT. It should be something like:
$sql = 'INSERT INTO videoclip (VideoTITLE, ByArtist, GroupName, URL, VideoDate)
VALUES (:VideoTITLE, :ByArtist, :GroupName, :URL, CURDATE())';
In addition, $_POST['VideoDate'] is not valid as you do not have it in your form.
You're doing the if statements wrong.
if (isset($_POST['VideoTITLE']) && isset($_POST['ByArtist']) && isset($_POST['GroupName'])
&& isset($_POST['URL']) && isset($_POST['VideoDate'])) {
....
}
This is basic programming stuff, so you might want to get a good introductory book to programming or PHP.
I am working on a system and i want to check if a record exist. If a record exist then it will not record the data and instead will return to the form. If the data does not exist then it will proceed to recording the data to DB.
HTML form:
<form name="studentform" onSubmit="return validate_form ( );" action="queries/insert.php" method="post">
Student Number: <input type="text" name="studentnumber"/>
College:
<select name="college" id=a></select>
Course:
<select name="course" id=b></select>
<input type="radio" name="status" value="regular" />Regular
<input type="radio" name="status" value="irregular" />Irregular
<br><br>
<hr>
<br>
Name:
<input type="text" name="lname">
<input type="text" name="fname">
<input type="text" name="mname">
Address:
<input type="text" name="address" />
<br><br>
Gender:
<select name="gender">
<option value="">---</option>
<option value="Male">Male</option>
<option value="Female">Female</option>
</select>
<input type="submit" value="Submit">
</form>
PHP form:
$query = ("SELECT studentnumber FROM students where studentnumber = '$_POST[studentnumber]'");
$result=mysql_query($query);
if($result)
{
if(mysql_num_rows($result) >= 1)
{
echo "<script type='text/javascript'>alert('User already exist'); location.href = '../admin_home.php';</script>";
}
}
else{
$sql="INSERT INTO students (studentnumber, college, course, status, lname, fname, mname, address, gender)
VALUES
('$_POST[studentnumber]','$_POST[college]','$_POST[course]','$_POST[status]','$_POST[lname]','$_POST[fname]','$_POST[mname]','$_POST[address]','$_POST[gender]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "<script type='text/javascript'>alert('Record Successfully Added'); location.href = '../admin_home.php';</script>";
}
I don't know why but i always get the undefined index error. Maybe i've done something wrong somewhere. Thanks !!
"Undefined index" is referring to your array ($_POST, probably), and it should be a notice, not an error. Can you post the exact message?
In the meantime, switch your first line for
$query = "SELECT studentnumber FROM students where studentnumber = '".mysql_real_escape_string($_POST['studentnumber'])."'";
Also, it's helpful for debugging to print out the query to make sure it looks like you'd expect:
print $query."<br />"; // obviously
[edit]As you've now posted the error message, it becomes far more simple - $_POST['studentnumber'] does not exist. Check your form.
A good way to debug posted results is to use the code
print '<pre>';
print_r($_POST);
print '</pre>';
The problem is in your queries:
$query = ("SELECT studentnumber FROM students where studentnumber = '$_POST[studentnumber]'");
$_POST[studentnumber] is not correct. It needs to be $_POST['studentnumber']. Notice the quotes around the key.
I suggest doing it this way:
$query = sprintf("SELECT studentnumber FROM students where studentnumber = '%s'"
, mysql_real_escape_string($_POST['studentnumber']));
Change all your queries accordingly.
try with this:
if( isset($_POST['submit']) ){
$student_num = mysql_real_escape_string( $_POST['studentnumber'] );
// Set all the require form fields here with mysql_real_escape_string() fun
if( !empty($student_num) ){
// Your Query Here
}
else{
echo 'Value not Set in Student Number Field!';
}
}
Edit: first check all the fields after isset($_POST['submit']) so that you confirm about all the values are properly getting or not
after getting all the required values start your query