I am not able to place this astrik(*) after the text box in my code.Secondly,My form is displaying towards down.I am not able to figure out the problem.Could you please help me out.Please try to give more explanation as soon as possible.
<style>
.error {color: #FF0000;}
</style>
<?php
$firstnameErr = $lastnameErr = $emailErr = "";
$firstname = $lastname = $email = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["firstname"]))
{$firstnameErr = "Name is required";}
else
{
$firstname = test_input($_POST["firstname"]);
}
if (empty($_POST["lastname"]))
{$lastnameErr = "Name is required";}
else
{
$lastname = test_input($_POST["lastname"]);
}
if (empty($_POST["email"]))
{$emailErr = "Email is required";}
else
{
$email = test_input($_POST["email"]);
}
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<div text align =center><h1>Eventous Info</h1></div>
<h3>Fill the Required Form:</h3>
<p><span class="error">*required field</span></p>
<table>
<form action="insert.php" method="post">
<tr>
<td>Firstname</td><td>:</td> <td><input type="text" name="firstname" >
</td>
<span class="error">* <?php echo $firstnameErr;?></span><br><br>
</tr>
<tr>
<td>Lastname</td><td>:</td><td><input type="text" name="lastname" ></td>
<span class="error">* <?php echo $lastnameErr;?></span><br><br>
</tr>
<tr>
<td>Email</td><td>:</td><td><input type="text" name="email"></td>
<span class="error">* <?php echo $emailErr;?></span><br><br>
</tr>
<tr>
<td>Phone</td><td>:</td><td><input type="text" name="number"><td><br><br>
</tr>
</table>
<input type="submit" >
</form>`
The <span> element with the asterisk needs to be inside a table cell (td). If you want it in the next cell over, wrap it in another <td> tag; if you want it in the field with the input, put it immediately after the input and before </td>
The way you are wrapping the colon in it's own cell makes me wonder if you're setting the table up correctly also. I would look at keeping the table to three cells per row:
<tr>
<td>Firstname:</td>
<td><input type="text" name="firstname" /></td>
<td><span class="error">* <?php echo $firstnameErr;?></span></td>
</tr>
You have to put the <span class="error">* <?php echo $firstnameErr;?></span> inside a table cell , like <td>my content</td>. Objects are not allowed outside cells in tables.
Also, table cells are only allowed inside rows. The structure of tables should be like this:
<table>
<tr>
<td>Row 1 Cell A</td>
<td>Row 1 Cell B</td>
<td>Row 1 Cell C</td>
</tr>
<tr>
<td>Row 2 Cell A</td>
<td>Row 2 Cell B</td>
<td>Row 2 Cell C</td>
</tr>
</table>
If you place objects anywhere else inside a table, the browsers don't know where to put them. Usually the objects are just put right above or below the table.
Related
I think this is very simple but I don't know how to execute it.
I have a form with some data and I have created a another php file to validate the form data, but I am unable to display the error message back into the form if validation fails. I have attached both files, but I don't know hot to execute it :(
My form.php looks like
<form name="form1" method="post" action="process/process_add_page.php">
<fieldset>
<legend>Add Page</legend>
<table width="1056" height="365" border="1">
<tr>
<th width="77" scope="col">Page Title</th>
<th width="962" scope="col"><label for="page_title"></label>
<input type="text" name="page_title" id="page_title"><span style="color:#FF0000">* <?php echo $titleerror;?></span></th>
</tr>
<tr>
<th scope="row">Page Description</th>
<td><label for="page_description"></label>
<textarea name="page_description" class="ckeditor" id="page_description" cols="100" rows="5"></textarea></td>
</tr>
<tr>
<th scope="row">Seo Title</th>
<td><label for="seo_title"></label>
<input type="text" name="seo_title" id="seo_title"></td>
</tr>
<tr>
<th scope="row">Seo Description</th>
<td><label for="seo_description"></label>
<textarea name="seo_description" class="ckeditor" id="seo_description" cols="45" rows="5"></textarea></td>
</tr>
<tr>
<th scope="row">Page Order</th>
<td><label for="page_order"></label>
<input type="text" name="page_order" id="page_order"></td>
</tr>
<tr>
<th scope="row">Page Status</th>
<td><label for="page_status"></label>
<select name="page_status" id="page_status">
<option value="1">Active</option>
<option value="0">Inactive</option>
</select></td>
</tr>
<tr>
<th colspan="2" scope="row"><input type="submit" name="btnsubmit" id="btnsubmit" value="Submit"></th>
</tr>
</table>
<p> </p>
</fieldset>
</form>
and my process_add_pages.php looks like this
<?php
require_once('../../classes/database.php');
require_once('../../classes/pages.php');
require_once('../../classes/redirect.php');
$objPage=new Page();
$titleerror='';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if(empty($_POST['page_title'])){
$titleerror = "Title is required";
echo $titleerror;
}else
{
$page_title=mysqli_real_escape_string($objPage->conxn,$_POST['page_title']);
if (!preg_match("/^[a-zA-Z ]*$/",$page_title)) {
$titleerror = "Only letters and white space allowed";
}
}
$page_description=mysqli_real_escape_string($objPage- >conxn,$_POST['page_description']);
$seo_title=mysqli_real_escape_string($objPage->conxn,$_POST['seo_title']);
$seo_description=mysqli_real_escape_string($objPage->conxn,$_POST['seo_description']);
$page_order=mysqli_real_escape_string($objPage->conxn,$_POST['page_order']);
$page_status=mysqli_real_escape_string($objPage->conxn,$_POST['page_status']);
}
$objPage->setPage_title($page_title);
$objPage->setPage_description($page_description);
$objPage->setSeo_title($seo_title);
$objPage->setSeo_description($seo_description);
$objPage->setPage_status($page_status);
if($objPage->addPage()){
new Redirect('../index.php?page=page&action=view&success=The page has been created');
}else{
new Redirect('../index.php?page=page&action=view&error=The page could not be created');
}
?>
There are few little changes you have to do to make it work..
There is a couple of problem in your process_add_pages.php file. your code is ..
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if(empty($_POST['page_title'])){
$titleerror = "Title is required";
echo $titleerror; /*error part-1 */
}else
{
$page_title=mysqli_real_escape_string($objPage->conxn,$_POST['page_title']);
if (!preg_match("/^[a-zA-Z ]*$/",$page_title)) {
$titleerror = "Only letters and white space allowed"; /*error part-2 */
}
}
$page_description=mysqli_real_escape_string($objPage- >conxn,$_POST['page_description']);
$seo_title=mysqli_real_escape_string($objPage->conxn,$_POST['seo_title']);
$seo_description=mysqli_real_escape_string($objPage->conxn,$_POST['seo_description']);
$page_order=mysqli_real_escape_string($objPage->conxn,$_POST['page_order']);
$page_status=mysqli_real_escape_string($objPage->conxn,$_POST['page_status']);
}
if anything goes wrong in the validation it will echo the error message in the process_add_pages.php file. but it will also execute the sql queries. so if there is any problem in validation you can redirect to the form page with an error message.
you can try this new code format...
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if(empty($_POST['page_title'])){
$titleerror = "Title is required";
new Redirect('../index.php?error="The page need a page title"');
}elseif
{
$page_title=mysqli_real_escape_string($objPage->conxn,$_POST['page_title']);
if (!preg_match("/^[a-zA-Z ]*$/",$page_title)) {
new Redirect('../index.php?error="Only letters and white space allowed"');
}
}
else {
$page_description=mysqli_real_escape_string($objPage- >conxn,$_POST['page_description']);
$seo_title=mysqli_real_escape_string($objPage->conxn,$_POST['seo_title']);
$seo_description=mysqli_real_escape_string($objPage->conxn,$_POST['seo_description']);
$page_order=mysqli_real_escape_string($objPage->conxn,$_POST['page_order']);
$page_status=mysqli_real_escape_string($objPage->conxn,$_POST['page_status']);
}
}
I Think, this is the better way to Check validation. Add onsubmit in form. Check CheckValidation() function in tag.
<form name="form1" method="post" action="process/process_add_page.php" onsubmit="return CheckValidation()">
<fieldset>
<legend>Add Page</legend>
<table width="1056" height="365" border="1">
<tr>
<th width="77" scope="col">Page Title</th>
<th width="962" scope="col"><label for="page_title"></label>
<input type="text" name="page_title" id="page_title">
<span style="color:#FF0000" style="display:none" id="RequiredTitle">* Title is required</span>
<span style="color:#FF0000" style="display:none" id="OnlyLetters">* Only letters and white space allowed</span>
</th>
</tr>
<tr>
<th scope="row">Page Description</th>
<td><label for="page_description"></label>
<textarea name="page_description" class="ckeditor" id="page_description" cols="100" rows="5"></textarea></td>
</tr>
.
.
.
//Rest of the code
</form>
<script>
function CheckValidation()
{
var Title=$('#page_title').val();
if(Title=="")
{
$('#RequiredTitle').show();
return false;
}
else
{
if(!preg_match("/^[a-zA-Z ]*$/",Title))
{
$('#OnlyLetters').show();
return false;
}
}
}
</script>
When I enter a video ID and the length of loan and then hit button FindDetails my form will show the name of the video, it's price to hire and the total cost of hire.
This causes two problems:
Submitting the form wipes video ID and the length of loan. Rats!
I cant adjust how many days I want to borrow a video and watch
the cost of the loan automatically adjust.
NB I include all php script as I will actually need to submit the form to write details of the reservation in a csv file. I'm not sure if this will stop a work around solution.
PHP:
<?php
if (isset($_POST['FindDetails'])) {
$ID = $_POST['videoID'];
$Days = $_POST['days'];
//Open the CSV file
$file_handle = fopen("video.csv", "r");
//loop until hit the last line feof)
while (!feof($file_handle))
{
//put data in each line [0],[1] etc into a variable.
$info = fgetcsv($file_handle);
// Check its the one we want.
if($info[0]==$_POST["videoID"])
{
$videoName = "$info[2]";
$videoCost ="$info[4]";
$costOfHire= $videoCost*$Days;
}
}
fclose($file_handle);
}
if (isset($_POST['submit'])) {
$ID = $_POST['videoID'];
$VideoName = $_POST['videoName'];
$VideoCost = $_POST['videoCost'];
$Days = $_POST['days'];
$Total = $_POST['total'];
$DateFrom = $_POST['date_from'];
$DateTo = $_POST['date_to'];
$StudentName = $_POST['studentName'];
//Saving loan details
$csv_file = 'loans.csv';
if (is_writable($csv_file)) {
if (!$csv_handle = fopen($csv_file,'a')) {
// this line is for troubleshooting
echo "<p>Cannot open file $csv_file</p>";
exit;
}
$csv_item = "\"$ID\",\"$VideoName\",\"$VideoCost\",\"$Days\",\"$Total\",\"$DateFrom\",\"$DateTo\",\"$StudentName\"\n";
if (is_writable($csv_file)) {
if (fwrite($csv_handle, $csv_item) === FALSE) {
//for testing
//echo "Cannot write to file";
exit; }
}
fclose($csv_handle);
}
}
if (isset($_POST['submit'])) {
echo "<p style='padding: .5em; border: 2px solid red;'>Thanks for booking the Video. Please collect from E24 on the date ordered.</p>";
}
?>
HTML:
Loans
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
Enter the Video ID below
<table id="tables" class="form" style="width:100%;">
<tr>
<td>Video ID</td>
<td><input type="text" value="" name="videoID" id="videoID" placeholder= "Enter A Number between 1 and 8"/></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="FindDetails" id="FindDetails" value="Search Video" /></td>
</tr>
<tr>
<td>Video Name</td>
<td><input type="text" value="<?php echo (isset($videoName))?$videoName:'';?>" name="videoName" id="videoName"/></td>
</tr>
<tr>
<td>Video Rental Cost (per day)</td>
<td><input type="text" value="<?php echo (isset($videoCost))?$videoCost:'';?>" name="videoCost" id="videoCost"/></td>
</tr>
<tr><td></td><td></td></tr>
<tr>
<td>Number of days</td>
<td><input type="text" value="" name="days" id="days" placeholder= "Enter the number of days you wish to borrow the video for" /></td>
</tr>
<tr>
<td>Total cost</td>
<td><input type="text" value="<?php echo (isset($costOfHire))?$costOfHire:'';?>" name="total" id="total"/></td>
</tr>
Part 1
I assume the HTML and PHP portions presented are in the same file.
You use <?php echo (isset($costOfHire))?$costOfHire:'';?> for example to access variables set in the PHP code.
Why not use <?php echo (isset($ID))?$ID:'';?> to simply recycle the submitted video ID? Then do the same for the length of loan variable.
Part 2
Here is one way live loan cost calculation could work. The javascript will go between <script></script> tags in the <head> of the document.
function updateLoanCost(loanPeriod) {
var costDisplayEl = document.getElementById("loanCostDisplay");
var dollarsPerDay = 3;
costDisplayEl.innerText = "$" + loanPeriod * dollarsPerDay;
}
Enter a number of days <br />
<input type = "number" id = "test" onchange = "updateLoanCost(this.value);"/>
<div id = "loanCostDisplay"></div>
So I'm having a challenge with a subscription system that I've been building.
I'm using a simple login php page to validate the username and password of the user against the DB, once authenticated the script creates a secure session and calls the edit_subscription.php file and passes the ID of the user through the Url.
The edit_subscription.php file takes the ID and pulls the user info using MYsql
and loads their info into a form. The user can then edit or modify their subscription details and press the submit button to update the DB.
Everything works except the mysql Update back to the DB.
I've managed to narrow the problem down to the ID variable
If I hardcode the variable into the update command it works and the db is updated
If I hardcode the ID into a variable used in the update command, it works up to a point. if I move that hardcoded variable in front of line 42 the update command will no longer work.
I think it's something to do with the post command, but even when I load the old ID into a hidden form and try to have it repost for the update command it still doesn't work and treats the variable as if it's empty.
I've tried for hours to get this working, and just can seem to get it going.
anyone have any suggestions pertaining to specifically this issue
(please don't comment of security or, best practices unless it relates specifically to the issue described thanks)
<?
$id = htmlspecialchars($_GET['ID']);
$username="****";
$database="****";
$host="****";
$pass ="****";
mysql_connect($host,$username,$pass);
#mysql_select_db($database) or die( "Unable to select database");
$result = mysql_query("SELECT * FROM `****`.`****` WHERE `Subscriber ID` = '$id' LIMIT 1");
$name_old=mysql_result($result,0,"Name");
$address1_old=mysql_result($result,0,"Address 1");
$address2_old=mysql_result($result,0,"Address 2");
$city_old=mysql_result($result,0,"City");
$prov_old=mysql_result($result,0,"Prov");
$postal_old=mysql_result($result,0,"Postal");
$country_old=mysql_result($result,0,"Country");
$email_old=mysql_result($result,0,"Email");
$qty_old=mysql_result($result,0,"qty");
$status_old=mysql_result($result,0,"Status");
$ezine_old=mysql_result($result,0,"Ezine");
$mailout_old=mysql_result($result,0,"Mailout");
$password_old=mysql_result($result,0,"Password");
$nameErr = $emailErr = $passwordErr = "";
$name=$_POST['name'];
$email=$_POST['email'];
$address1=$_POST['address1'];
$address2=$_POST['address2'];
$city=$_POST['city'];
$province=$_POST['prov'];
$postal=$_POST['postal'];
$country=$_POST['country'];
$password=$_POST['password'];
$mailout=$_POST['mailout'];
$ezine=$_POST['ezine'];
$status="Subscribed";
$qty=$_POST['qty'];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["password"])) {
$passwordErr = "* Password is required";
}
if (empty($_POST["name"])) {
$nameErr = "* Name is required";
} else {
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "* Invalid Characters";
}
}
if(isset($_POST['mailout'])){}
else{
$mailout="NO";
}
if(isset($_POST['ezine'])){}
else{
$ezine="NO";
}
if (empty($_POST["email"])) {
$emailErr = "* Email is required";
} else {
$email = test_input($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "* Invalid email";
}
}
if($name != NULL AND $nameErr == ""){
if($email != NULL AND $emailErr == ""){
if($password != NULL AND $passwordErr == ""){
mysql_query("UPDATE `Subscribers` SET
`Name` ='$name',
`Email` = '$email',
`Address 1` = '$address1',
`Address 2` = '$address2',
`City` = '$city',
`Prov` = '$province',
`Postal` = '$postal',
`Country` = '$country',
`Password` = '$password',
`qty` = '$qty',
`Status` = '$status',
`Mailout` = '$mailout',
`Ezine` = '$ezine',
WHERE `Subscriber ID` = $id");
mysql_close();
echo ("<p align=\"center\"><font color=\"red\">Thank you for updating your subscription, you should receive an email confirmation shortly</font></p>");
}
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<table width="100%" border="0">
<tr>
<td width="11%" align="right">Name</td>
<td width="3%"> </td>
<td width="47%"><input type="text" name="name" value="<?php echo $name_old;?>">
<font color="red"> <?php echo $nameErr;?></font></td>
<td width="39%" bgcolor="#CCCCCC"><input type="checkbox" name="ezine" value="YES"
<? if($ezine_old =="YES"){echo "checked";} ?>>
Subscribe by email</td>
</tr>
<tr>
<td width="11%" align="right">Address 1</td>
<td> </td>
<td width="47%"><input type="text" name="address1" value="<?php echo $address1_old;?>"></td>
<td bgcolor="#CCCCCC"><input type="checkbox" name="mailout" value="YES" <? if($mailout_old =="YES"){echo "checked";} ?>>
Subscribe by Post </td>
</tr>
<tr>
<td width="11%" align="right">Address 2</td>
<td> </td>
<td width="47%"><input type="text" name="address2" value="<?php echo $address2_old;?>"></td>
<td bgcolor="#CCCCCC"><input type="text" name="qty" value="<?php echo $qty_old;?>" size="5">
# of copies.</td>
</tr>
<tr>
<td align="right">City</td>
<td> </td>
<td><input type="text" name="city" value="<?php echo $city_old;?>"></td>
<td> </td>
</tr>
<tr>
<td align="right">Province</td>
<td> </td>
<td><input type="text" name="prov" value="<?php echo $prov_old;?>" >
<td> </td>
</tr>
<tr>
<td align="right">Postal</td>
<td> </td>
<td><input type="text" name="postal"value="<?php echo $postal_old;?>" ></td>
<td></td>
</tr>
<tr>
<td align="right">Country</td>
<td> </td>
<td><input type="text" name="country" value="<?php echo $country_old;?>" ></td>
<td> </td>
</tr>
<tr>
<td align="right">Email</td>
<td> </td>
<td colspan="2"><input type="text" name="email" value="<?php echo $email_old;?>">
<font color="red"><?php echo $emailErr;?></font></td>
</tr>
<tr>
<td align="right">Password</td>
<td> </td>
<td colspan="2"><input type="password" name="password" value="<?php echo $password_old;?>">
<font color="red"> <?php echo $passwordErr;?></font></td>
</tr>
<tr>
<td align="right"> </td>
<td> </td>
<td> </td>
<td></td>
</tr>
<tr>
<td align="right"> </td>
<td><img src="images/shim.png" width="20" height="20" /></td>
<td><input type="Submit" ></td>
<td> </td>
</tr>
</table>
<p> </p>
</form>
There is a comma after
Ezine = '$ezine' ,
Remove it. Also you shall also use mysqli extension or PDO sql . mysql_ is deprecated
As you said, there is a lot wrong with that code.. however to satisfy your question here is the simple answer:
You left an extra comma in your update statement.
`Ezine` = '$ezine',
In the future try always checking if the query went through.
$result = mysql_query(..);
if($result) {
// it worked
} else {
// it failed
echo mysql_error(); // or mysqli_error($link); or $link->error, etc.
}
Best of luck
I almost have it but I am missing something. The form is being sent and the row is being created but there is not data. It is blank (both the email and the database). I know it is something simple I am missing but I cannot figure it out.
There is no errors, the form disappears like it is supposed to. I am getting an email but there is no userdata in it. It creates a row in the database, but again there is no data being put in the row.
If anyone can look at my code below and tell me what I am missing to make the inputed info be seen, I would sure appreciate it.
I have searched and searched and tried different things but I cannot get it to send the info.
AJAX_Quote.php
<?php
include_once('class/class_email.php');
$connect = mysqli_connect("localhost","admin","password","database");
$FName = $_POST['Form_FName'];
$LName = $_POST['Form_LName'];
$Email = $_POST['Form_Email'];
$Company = $_POST['Form_Company'];
$Number = $_POST['Form_Number'];
$Comments = $_POST['Form_Comments'];
$EID = $_POST['eid'];
//$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `id`='$EID' LIMIT 1;";
//$R_GetEquipment = mysql_query($SQL_GetEquipment, $Link);
//$row = mysql_fetch_assoc($R_GetEquipment);
$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `id`='$EID' LIMIT 1;";
$result = mysqli_query($connect,$SQL_GetEquipment);
$row = mysqli_fetch_assoc($result);
$EmailBody = "$FName $LName has requested a quote from NAPE on Item $EID\n
Information on quote request: \n
Name: $FName $LName \n
Email: $Email \n
Company: $Company \n
Number: $Number \n
Comments: $Comments \n
\n
Information Requested for: {$row['itemname']}\n
The URL to {$row['itemname']} is: http://www.domain.com/new-product.php?Item=$EID
\n
Click to send a quote now:\n
http://www.domain.com/Admin/send-quote.php?id=$EID ";
$e = new email();
//First value is the URL of your server, the second the port number
$e->set_server( 'mail.domain.com', 26);
//First value is your username, then your password
$e->set_auth('noreply#domain.com', 'nape112233');
//Set the "From" setting for your e-mail. The Name will be base64 encoded
$e->set_sender( 'Quote Requested', 'noreply#domain.com' );
//for one recipient
$send_to = array('email#gmail.com');
//you may also specify multiple recipients by creating an array like this:
//$send_to = array('foo1#localhost.local', 'foo2#localhost.local', 'foo3#localhost.local');
$subject = 'Quote Request from NAPE';
$body = "$EmailBody";
if( $e->mail($send_to, $subject, $body, $headers) == true )
{
//message was received by the smtp server
//['last'] tends to contain the queue id so I like to save that string in the database
echo 'last: '.htmlspecialchars($e->srv_ret['last']).'';
}else{
//something went wrong
echo 'all: '.nl2br(htmlspecialchars($e->srv_ret['all'])).'';
echo 'full:'.nl2br(htmlspecialchars($e->srv_ret['full'])).'';
}
mysqli_query($connect,"INSERT INTO users (`fname`,`lname`,`email`,`company`,`number`)
VALUES ('$FName','$LName','$Email','$Company','$Number')");
?>
My form code
<form id="contact" name="contact" action="#" method="post" style="width:600px">
<br />
<table width="80%">
<tr>
<td width="36%">*First Name:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_FName" name="Form_FName" />
</td>
</tr>
<tr>
<td width="36%">*Last Name:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_LName" name="Form_LName" />
</td>
</tr>
<tr>
<td width="36%">Company Name:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_Company" name="Form_Company" />
</td>
</tr>
<tr>
<td>*Your E-Mail:</td>
<td> </td>
<td>
<input type="text" id="Form_Email" name="Form_Email" />
</td>
</tr>
<tr>
<td width="36%">*Phone Number:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_Number" name="Form_Number" />
</td>
</tr>
<tr>
<td width="36%" h>Comments:</td>
<td width="3%"> </td>
<td width="61%">
<textarea id="Form_Comments" name="Form_Comments" cols="25" rows="3"></textarea>
</td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
<tr>
<td width="36%" align="center" colspan="3">
<button id="send">Request Quote</button>
</td>
</tr>
<tr>
<td colspan="5"> </td>
</tr>
<tr>
<td width="100%" colospan="3">
<b><?php echo $itemname; ?></b>
<br />
<br /> Manufacturer: <?php echo $manufactuer;?>
<br /> Model: <?php echo $model;?>
<br /> Category: <?php echo $category;?>
<br />
</td>
</tr>
</table>
</form>
</div>
<!-- basic fancybox setup -->
<script type="text/javascript">
$(document)
.ready(function () {
$(".modalbox").fancybox();
$("#contact").submit(function () {
return false;
});
$("#send").on("click", function () {
{
// if both validate we attempt to send the e-mail
// first we hide the submit btn so the user doesnt click twice
$("#send").replaceWith("<em>Your request has been sent...</em>");
$.ajax({
type: "POST",
url: "AJAX_Quote.php",
data: $("#idForm").serialize(),
success: setTimeout(function () { parent.$.fancybox.close(); }, 2000)
});
}
});
});
</script>
The name of your form inputs is of the format name="Form_FName" but in your PHP you refer to them as $FName = $_POST['fname'];. The correct PHP would be $FName = $_POST['Form_FName'];
Also I suggest escaping your input fields to avoid SQL injection. Check out mysqli_real_escape_string.
http://php.net/manual/en/mysqli.real-escape-string.php
I created a database with user's first name, last name, email, and temp password. When a user logs in for the first time they are shown a profile with the information already in the database as well as some additional fields they must fill in. On clicking submit the form should then update their profile in the database but it doesn't. The database is called 'users'. Could someone please tell me what I'm doing wrong?
<?php
$testerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
$tester = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["tester"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
include "scripts/connect_to_mysql.php";
$sql = mysql_query("SELECT * FROM users WHERE id='$testerID' AND username='$tester' AND password='$password' LIMIT 1"); // query the person
$row = mysql_fetch_array($sql);
$fname = $row['fname'];
$lname = $row['lname'];
$email = $row['email'];
$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 0) { // evaluate the count
echo "Your login session data is not on record in the database.";
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Tester Home</title>
</head>
<body>
<table width="886">
<tr>
<td width="876"><h1>Welcome
<?php
echo $fname;
?>
to the Closed Beta</h1></td>
</tr>
</table>
<p> </p>
<div id="content">
<?php
$date = getdate();
// Parse the form data and add inventory item to the system
if (isset($_POST['$new_password'])) {
$new_email = mysql_real_escape_string($_POST['email']);
$new_password = mysql_real_escape_string($_POST['new_password']);
$phone_model = mysql_real_escape_string($_POST['phone_model']);
$carrier = mysql_real_escape_string($_POST['carrier']);
$sql_update = mysql_query("UPDATE users SET email='$new_email', password='$new_password', phone_model='$phone_model', carrier='$carrier' WHERE id='$testerID'");
}
if(is_null($test_start)){
echo "
<form action=\"index.php\" enctype=\"multipart/form-data\" name=\"myForm\" id=\"myform\" method=\"post\">
<table width=\"90%\" border=\"0\" cellspacing=\"0\" cellpadding=\"6\">
<tr>
<td width=\"20%\" align=\"right\">ID: </td>
<td width=\"80%\"><label>
$testerID
</label></td>
</tr>
<tr>
<td align=\"right\">Username: </td>
<td><label>
$tester
</label></td>
</tr>
<tr>
<td align=\"right\">First Name: </td>
<td><label>
$fname
</label></td>
</tr>
<tr>
<td align=\"right\">Last Name: </td>
<td><label>
$lname
</label></td>
</tr>
<tr>
<td align=\"right\">Email Address: </td>
<td><label>
<input type=\"text\" name=\"email\" id=\"email\" value=\"\"/>
</label></td>
</tr>
<tr>
<td align=\"right\">Old password: (the one you were assigned)</td>
<td><label>
<input type=\"text\" name=\"old_password\" id=\"old_password\" value=\"$password\"/>
</label></td>
</tr>
<tr>
<td align=\"right\">New Password: </td>
<td><label>
<input type=\"text\" name=\"new_password\" id=\"newPassField\" />
</label></td>
</tr>
<tr>
<td align=\"right\">Confirm New Password: </td>
<td><label>
<input type=\"text\" name=\"confirm_password\" id=\"newPassField\" />
</label></td>
</tr>
<tr>
<td align=\"right\">Phone Model: </td>
<td><label>
<input type=\"text\" name=\"phone_model\" id=\"phone_model\" value=\"$phone_model\"/> (a 4 digit number)
</label></td>
</tr>
<tr>
<td align=\"right\">Carrier: </td>
<td><label>
<input type=\"text\" name=\"carrier\" id=\"carrier\" cols=\"64\" rows=\"5\" value=\"$carrier\"/>
</label></td>
</tr>
<input type=\"submit\" name=\"button\" id=\"button\" value=\"Update\" />
</table>
</form>";
}else{
}
?>
</div>
<p> </p>
</body>
</html>
You have isset($_POST['$new_password']) instead of isset($_POST['new_password']). Notice the added $
if there is an error in your sql then the best way to find out what it is, is to add in error checking code
or die(mysql_error());
i have added it to the end of your query here
$sql_update = mysql_query("UPDATE users SET email='$new_email', password='$new_password', phone_model='$phone_model', carrier='$carrier' WHERE id='$testerID'") or die(mysql_error());
Where have you defined your mysql_select_db for the DB selection?
Also, I'm not quite used to apply for UPDATE selections, but you could use INSERT with a DUPLICATE value, if you know the ids or a similar column that is fixed for each user. Something like:
$query = "INSERT INTO users (_columns_) VALUES (_$columns_) ON DUPLICATE KEY UPDATE _column_='_$column_'";
Changing your columns and the posted values from the form with a post method, of course. Add there a WHERE clause if needed, even thought that would be something to look for on the db.