Peace be to you all, I am working on a "forgotten username" system and my code goes like follows :-
First form :-
`<form action="security.php" method="post">
Please Enter your email address:<br>
<input type="text" name="email" value="<?php $_POST['email']?>">
<input type="submit" value="submit">
</form>`
the php code:
`<?php
$mode_allowed = array('username','password');
if(isset($_GET['mode']) === true && in_array($_GET['mode'],$mode_allowed) === true){
if(isset($_POST['email']) === true && empty($_POST['email']) === false){
if(email_exists($_POST['email']) === true){
header('location:security.php');
}else{
echo "Sorry, we can't find this email";
}
}
}else{
header('location:index.php');
}
?>`
Now the other page:
<form action="security.php" method="POST">
<p> Answer this question <p>
<select type="text" selected="selected" name="security_question" value="<?php $security_question?>">
<option name="security_question" value="<?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
$array = mysql_fetch_array($security_question);
echo $array[0];
?>">
<?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
$array = mysql_fetch_array($security_question);
echo $array[0];
?>
</option> </select> <br>
<input type="text" name="answer"/> <br>
<input type="submit" value="recover"/>
</form>
and its PHP:
<?php
include "session.php";
include "database/db.php";
if(isset($_POST['answer'])){
$answer = $_POST['answer'];
if(!empty($answer)){
$sql = mysql_query("SELECT `username` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' AND `answer`='".mysql_real_escape_string($answer)."'");
if(mysql_num_rows($sql) == 1){
echo"hello";
}else {
echo "no";
}
}else{
echo "<script type='text/javascript'>alert('you must answer this question');</script>";
}
}
?>
I have also included a hidden field for the email:-
<input type="hidden" name="email" value="<?php echo $_POST['email'];?>">
Now, the code works perfectly only when i remove the "email" part from the SQL statement!! what's the mistake here?!
You haven't given the <input> a name attribute, so it will NOT submit with the form.
<input type="hidden" name="email" value="<?php echo $_POST['email'];?>"></input>
^ ^^^^^^^^^^^---missing ^^^^^^^^--illegal html
Your HTML is fundamentally broken...
try to echo email within isset
echo $email=mysql_real_escape_string($_POST['email']);
if here $email is not empty then use it simply
$sql = mysql_query("SELECT `username` FROM `users` WHERE `email`='$email' AND `answer`='".mysql_real_escape_string($answer)."'");
may this help to resolve....
Related
I am a newbie to PHP. & My PHP Code doesn't work, I want to update some date using MySQL but it seems that first IF condition is 'false' i don't why, I am using PHP 7 & XAMP as a local host, Dreamweaver as an IDE & this is my code:
if(isset($_POST["btn_edit"]))
{
$name = $_POST["name"];
$email = $_POST["email"];
$password = $_POST["password"];
if(!empty($_FILES["img"]["name"]))
{
$img = $_FILES["img"]["name"];
$img_temp = $_FILES["img"]["tmp_name"];
if(move_uploaded_file($img_temp, "assets/images/".$img))
{
$query = mysqli_query($Connection, "UPDATE entry_data SET names='$name',emails='$name',passwords='$password',images='$img' WHERE id='$ID'");
if($query)
{
$result = header("Location:index.php");
}
else
{
echo mysql_error();
}
}
}
else
{
$query = mysqli_query($Connection, "UPDATE entry_data SET names='$name',emails='$name',passwords='$password',images='$img' WHERE id='$ID'");
if($query)
{
echo "<h5>Updated</h5>";
}
}
}
it showing me nothing just refresh the page & this is HTML CODE:
<form method="post" enctype="multipart/form-data">
<input name="name" value="<?php echo $name ?>" />
<input name="email" value="<?php echo $email ?>" />
<input name="password" value="<?php echo $password ?>" />
<img width="50" height="50" src="<?php echo 'assets/images/'.$row[4] ?>" />
<input name="img" type="file" class="text-info" required="required" />
<br/>
<input name"btn_edit" type="submit" />
<?php if(isset($_POST["btn_edit"])) echo $result ?>
You have syntax issue in your button HTML.
This:-
<input name"btn_edit" type="submit" />
Need to be:-
<input name="btn_edit" type="submit" /><!-- = is missing in name -->
I have written the below HTML code:
<form action="index.php" method="POST">
<input type="text" name="title" required>
<input type="text" name="brief_text" required>
<textarea name="text" required></textarea>
<input type="submit" name="add" value="Add">
</form>
My PHP code:
<?php
require_once('db.php');
if(isset($_POST['add'])){
$title = $_POST['title'];
$brief_text = $_POST['brief_text'];
$text = $_POST['text'];
$blog_cat_id = $_POST['blog_cat_id'];
if($title AND $brief_text AND $text AND $blog_cat_id){
$insert_blog = "insert into blog values ('','$title','$brief_text','$text','$blog_cat_id',NOW())";
$run_insertion = mysqli_query($con, $insert_blog);
if($run_insertion){
echo "Blog has been added!";
}
else{
echo "Error adding blog!!!";
}
}
else{
echo "All fields are required!";
}
}
else{
echo "GOODBYE";
}
?>
Every time I refresh the page, it only shows the form and "GOODBYE" and does not even insert the data into database table.
Help me out please.
Is it still showing 'GOODBYE' now you've changed
$_POST['add_blog']
to
$_POST['add']
when you click submit?
You have few mistakes,
1) should be: $_POST['add'] instead of $_POST['add_blog']
2) don't have $_POST['blog_cat_id'] as not in form
EDIT
Copied your code and made some changes:
code:
if(isset($_POST['add'])){
print_r($_POST);
$title = $_POST['title'];
$brief_text = $_POST['brief_text'];
$text = $_POST['text'];
$blog_cat_id = $_POST['blog_cat_id'];
if($title AND $brief_text AND $text AND $blog_cat_id){
echo "inside condition";
$insert_blog = "insert into blog values ('','$title','$brief_text','$text','$blog_cat_id',NOW())";
$run_insertion = mysqli_query($con, $insert_blog);
if($run_insertion){
echo "Blog has been added!";
}
else{
echo "Error adding blog!!!";
}
}
else{
echo "All fields are required!";
}
}
else{
echo "GOODBYE";
}
HTML:
<form action="index.php" method="POST">
<input type="text" name="title" required>
<input type="text" name="brief_text" required>
<input type="text" name="blog_cat_id" required>
<textarea name="text" required></textarea>
<input type="submit" name="add" value="Add">
</form>
output
Array ( [title] => test [brief_text] => test [blog_cat_id] => 1 [text] => testing [add] => Add )
inside condition
Now, check your query if doesn't work.
Hope this will help you.
Your query is wrong, columns are not specified and you are open to sql injection you should learn to use parameterized query. but for this time you can use the following.
Try this:
htmlcode
<form action="index.php" method="POST">
<input type="text" name="title" required>
<input type="text" name="brief_text" required>
<input type="text" name="blog_cat_id" required>
<textarea name="text" required></textarea>
<input type="submit" name="add" value="Add">
</form>
index.php
<?php
require_once('db.php');
if(isset($_POST['add'])){
$title = $_POST['title'];
$brief_text = $_POST['brief_text'];
$text = $_POST['text'];
$blog_cat_id = $_POST['blog_cat_id'];
if($title AND $brief_text AND $text AND $blog_cat_id){
$insert_blog = "insert into blog('col1','col2','col3','col4','col5','col6') values ('','$title','$brief_text','$text','$blog_cat_id',NOW())";
$run_insertion = mysqli_query($con, $insert_blog);
if($run_insertion){
echo "Blog has been added!";
}
else{
echo "Error adding blog!!!";
}
}
else{
echo "All fields are required!";
}
}
?>
Note : col1, col2, col3, col4, col5 and col6 will be your column name.
i have a code for updating data to myql. It looks doesn't have a problem but it ain't changed
my update code :
//previous data//
....
if (isset($_POST['update'])) {
$nim = mysqli_real_escape_string($connection, ($_POST['nim']));
$name = mysqli_real_escape_string($connection, ($_POST['name']));
$class1 = mysqli_real_escape_string($connection, ($_POST['class2']));
$class2 = mysqli_real_escape_string($connection, ($_POST['class1']));
if (!preg_match("/^[1-9][0-9]*$/",$nim)) {
$error = true;
$nim_error = "NIM only contain numbers";
}
if (!preg_match("/[^a-zA-Z]/",$name)) {
$error = true;
$name_error = "NIM only contain numbers";
}
if (!preg_match("/^[1-9][0-9]*$/",$class1)) {
$error = true;
$class1_error = "Class only contain numbers";
}
if (!preg_match("/^[1-9][0-9]*$/",$class1)) {
$error = true;
$class2_error = "Class only contain numbers";
}
$result = "UPDATE users SET nim='$nim', name='$name', class1='$class1', class1='$class1' WHERE id='$id'";
mysqli_query($connection, $result);
}
?>
and this is my html code :
<div id="popup2" class="overlay">
<div class="popup">
<h2 class="range2">Edit</h2>
<a class="close" href="#">×</a>
<div class="content">
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input class="input" type="text" name="nim" placeholder="NIM" required/>
<input class="input" type="text" name="name" placeholder="Name" required/>
<i>SK</i>
<input class="input1" type="text" name="class1" placeholder="00" required/>
<i>-</i>
<input class="input1" type="text" name="class2" placeholder="00" required/>
<input name="update" type="submit" class="button" id="submit" value="Submit">
</form>
</div>
</div>
</div>
is there any wrong code ? Thank you..
It is really hard to explain: Take a look.
If you want to update a single data you will need a identity(Primary
key). That mean which data you want to update.
Below Example: check index.php file
In file index.php change dbname to your database name in connection.
browse project_url/index.php?id=1 [here use any id from your database]
Then update your data.
index.php
//Show existed data againist id
if(isset($_GET['id'])){
$id = $_GET['id'];
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = :id');
$stmt->execute(array('id'=>$id));
$data = $stmt->fetch();
if (empty($data)) {
echo "No data found in user table. Use proper ID.";
}
}
//Update query
$msg = array();
if (isset($_POST['id']) && $_POST['id']!='') { //operation is update, because id exist
if($_POST['nim']!=0 && is_numeric($_POST['nim'])){
$nim = $_POST['nim'];
}else{
$msg[]="Nim only can be number";
}
if($_POST['name']!=''){
$name = $_POST['name'];
}else{
$msg[]="came only can not be empty";
}
if(is_numeric($_POST['class1'])){
$class1 = $_POST['class1'];
}else{
$msg[]="Class1 only can be number";
}
if(is_numeric($_POST['class2'])){
$class2 = $_POST['class2'];
}else{
$msg[]="Class1 only can be number";
}
$id = $_POST['id'];
if(count($msg)==0){
$stmt = $pdo->prepare('UPDATE users SET nim=:nim, name=:name, class1=:class1, class2=:class2 WHERE id=:id');
$result = $stmt->execute(array(
'nim' => $nim,
'name' => $name,
'class1'=> $class1,
'class2'=> $class2,
'id' => $id,
));
if($result){
echo "successfully updated.";
}else{
echo "update failed";
}
}
}else{
//You can run here insert operation because id not exist.
echo "Id not set";
}
?>
<div id="popup2" class="overlay">
<div class="popup">
<h2 class="range2">Edit</h2>
<a class="close" href="#">×</a>
<div class="content">
<?php foreach ($msg as $value) {
echo $value."<br>";
}?>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?php if(isset($data)){?>
<input class="input" type="hidden" name="id" value="<?php echo $data['id']; ?>" />
<?php } ?>
<input class="input" type="text" name="nim" value="<?php echo isset($data)?$data['nim']:''?>" placeholder="NIM" required/>
<input class="input" type="text" name="name" value="<?php echo isset($data)?$data['name']:''?>" placeholder="Name" required/>
<i>SK</i>
<input class="input1" type="text" name="class1" value="<?php echo isset($data)?$data['class1']:''?>" placeholder="00" required/>
<i>-</i>
<input class="input1" type="text" name="class2" value="<?php echo isset($data)?$data['class2']:''?>" placeholder="00" required/>
<input name="update" type="submit" class="button" id="submit" value="Submit">
</form>
</div>
</div>
</div>
My friend,
only do one thing to resolve this
echo $result = "UPDATE users SET nim='$nim', name='$name', class1='$class1', class1='$class1' WHERE id='$id'";
die;
then submit your form again and you will get your static query into your page then just copy that query and try to run into phpmyadmin then you will get your actual error.
I have a form on a website. I need to save my information to database. I made a database in localhost but when I click on submit it displays the whole code of register.php in the same page and no data saved in database,i have placed all the files in htdocs. I have form in index.html and register.php file is seperate. Here the php file:
<?php
mysql_connect('localhost','root','');
if(!$link){
die('could not connect: ' . mysql_error());
}
echo 'connected successfully';
mysql_select_db(learnqurandb);
$name = $_post['fullname'];
$email = $_post['email'];
$mobile = $_post['mobile'];
$country = $_post['country'];
$course = $_post['course'];
$skype_id = $_post['skype'];
if($name == ""){
echo "<script>alert('please enter your name')</script>";
exit();
}
if($email == ""){
echo "<script>alert('please enter your E-mail')</script>";
exit();
}
if($mobile == ""){
echo "<script>alert('please enter your Mobile Numbet')</script>";
exit();
}
if($country == ""){
echo "<script>alert('please enter your country name')</script>";
exit();
}
if($course == ""){
echo "<script>alert('please select your desire course')</script>";
exit();
}
if($skype_id == ""){
echo "<script>alert('please enter your Skype ID')</script>";
exit();
}
$check_skype_id = "select * from learnquran where skype = '$skype_id";
$count = mysql_query('$check_skype_id');
if(mysql_num_rows ($count) > 0){
echo"<script>alert('Skype_id $skype_id is already exists, please try another one.')</script>";
exit();
}
$query = "INSERT INTO registration (fullname,email,mobile,country,course,skype) values('$name','$email','$mobile','$country','$course','$skype_id')";
if(mysql_query ($query)){
echo "<script>alert('Registration Successfull')</script>";
}
}
?>
my html form is this
<div id="form_div">
<h2>Quick Registration</h2>
<form name="Form1" method="post" action="register.php" />
<label for="name">Name:</label>
<input type="text" name="fullname" id="fname" /><br><br>
<label for="email">Email:</label>
<input type="text" name="email" id="user_email" /><br><br>
<label for="mobile">Mobile:</label>
<input type="text" name="mobile" id="user_mobile" /><br><br>
<label for="country">Country:</label>
<input type="text" name="country" id="user_country" /><br><br>
<label for="skype">Skype ID:</label>
<input type="text" name="skype" id="skype_id" /><br><br>
<label for="course">Course:</label>
<select name="course" id="desired_course" ><br><br>
<option value="Select course..." selected>Select course</option><br>
<option value="Quran Reading">Quran Reading</option>
<option value="Memorizing the Holy Quran">Memorizing Holy Quran</option>
</select><br><br>
<input type="submit" class="submit" id="button1" value=""/>
</form>
</div>
You should be using PDO instead of mysql_connect as it has been deprecated as of PHP 5.5.0. Please view this tutorial on how to use PDO. Here's more information about it: http://php.net/manual/en/function.mysql-connect.php
https://www.youtube.com/watch?v=QtCdk459NFg&list=PLfdtiltiRHWHkDwEoZ29Q9FKtWVjA46HC
As for your code just displaying on your screen, make sure that your server has php enabled.
I'm trying to do simple script with PHP and insert some data, but nothing happens! I knew that I missed something but what is it?
This my code:
<?php
$host= "localhost";
$user="root";
$pass="freedoom19";
$db="dddd";
$con = mysqli_connect($host,$user,$pass,$db) or mysql_error();
//====== Get Variable======= //
$name = $_POST['name'];
$email=$_POST['email'];
$rate=$_POST['select_style'];
$content=$_POST['content'];
$insert="insert into reviews (name,email,rate,content) values ('$name','$email','$rate','$content')";
//====== Get Variable======= //
if($_POST['submit-comment']) {
if($name && $email && $content == true) {
mysqli_query($con,$insert);
$success = "<span class='success_testmonial'>Thank You! .. Your Raiting Has Been Submitted And We Will Post It As Soon We Verify It !</span>";
}
else {
$error = "<span class='error_testmonial'>Error : one or some fields has left empty .. Please fill all field and try again.</span>";
}
}
mysqli_close($con);
?>
And this it the form and the "action" ..
<form method="post" action="" id="form-contact" class="clearfix">
<div id="form-left">
<label for="text-name">Name *</label><br />
<input type="text" name="name" class="input" id="text-name" /><br />
<label for="text-email">From *</label><br />
<input type="text" name="email" class="input" id="text-email" /><br />
<label for="text-phone">Rate us *</label><br />
<div class="select-style">
<select>
<option value="5.0">5.0</option>
<option value="4.5">4.5</option>
<option value="4.0">4.0</option>
<option value="3.5">3.5</option>
<option value="3.0">3.0</option>
<option value="2.5">2.5</option>
<option value="2.0">2.0</option>
<option value="2.0">2.0</option>
<option value="1.5">1.5</option>
<option value="1.0">1.0</option>
</select>
</div>
</div>
<div id="form-right">
<label for="text-comment">Review <span></span></label><br />
<textarea name="content" cols="10" rows="20" class="input textarea" id="text-comment"></textarea><br />
<input type="submit" name="submit-comment" class="button" value="Rate Us" />
</div>
<p id="text-contact">
<br><br><font color="#980303">Please Note *</font> Thate Your Reviews Will Not Published Untill We Check it and sure that the review don't contain Bad words or bad language, and be sure that we will publish all reviews and we accept criticism!
</form>
So what I missed please?
Check this working code. Also you had not set element name for Drop down as select_style. It was throwing error for that too.
PHP Code
if(isset($_POST['submit-comment']) && $_POST['submit-comment']!='') {
$host= "localhost";
$user="root";
$pass="";
$db="test";
$con = mysqli_connect($host,$user,$pass,$db) or mysql_error();
//====== Get Variable======= //
$name = mysqli_real_escape_string($con,$_POST['name']);
$email = mysqli_real_escape_string($con,$_POST['email']);
$rate = mysqli_real_escape_string($con,$_POST['select_style']);
$content = mysqli_real_escape_string($con,$_POST['content']);
$insert="insert into reviews (name,email,rate,content) values ('$name','$email','$rate','$content')";
if($name && $email && $content == true) {
mysqli_query($con,$insert);
$success = "<span class='success_testmonial'>Thank You! .. Your Raiting Has Been Submitted And We Will Post It As Soon We Verify It !</span>";
echo $success;
}
else {
$error = "<span class='error_testmonial'>Error : one or some fields has left empty .. Please fill all field and try again.</span>";
echo $error;
}
mysqli_close($con);
}
HTML
<form method="post" action="" id="form-contact" class="clearfix">
<div id="form-left">
<label for="text-name">Name *</label><br />
<input type="text" name="name" class="input" id="text-name" /><br />
<label for="text-email">From *</label><br />
<input type="text" name="email" class="input" id="text-email" /><br />
<label for="text-phone">Rate us *</label><br />
<div class="select-style">
<select name="select_style">
<option value="5.0">5.0</option>
<option value="4.5">4.5</option>
<option value="4.0">4.0</option>
<option value="3.5">3.5</option>
<option value="3.0">3.0</option>
<option value="2.5">2.5</option>
<option value="2.0">2.0</option>
<option value="2.0">2.0</option>
<option value="1.5">1.5</option>
<option value="1.0">1.0</option>
</select>
</div>
</div>
<div id="form-right">
<label for="text-comment">Review <span></span></label><br />
<textarea name="content" cols="10" rows="20" class="input textarea" id="text-comment"></textarea><br />
<input type="submit" name="submit-comment" class="button" value="Rate Us" />
</div>
<p id="text-contact">
<br><br><font color="#980303">Please Note *</font> Thate Your Reviews Will Not Published Untill We Check it and sure that the review don't contain Bad words or bad language, and be sure that we will publish all reviews and we accept criticism!
</form>
try to put your get variables inside the if else statement
check if there are datas in POST when done submitting:
if($_POST['submit-comment']) {
$name = $_POST['name'];
$email=$_POST['email'];
$rate=$_POST['select_style'];
$content=$_POST['content'];
$insert="insert into reviews (name,email,rate,content) values ('$name','$email','$rate','$content')";
if ($con->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
var_dump($_POST);
}
$con->close();
check for errors:
$check = mysqli_query($con,$insert);
var_dump($check);
if you found one, let me know
Note:
Put your insert query and passed on variables (POST) inside your if statement isset(POST["submit-comment"] to eliminate errors of undefined variables.
You should use mysqli_* prepared statement instead to prevent SQL injections.
Answer:
If you insist on retaining your code, you can use mysqli_real_escape_string() function to fertilize a bit the content of your variables before using it in your query.
Your PHP file should look like this:
<?php
$host= "localhost";
$user="root";
$pass="freedoom19";
$db="cookindoor";
$con = mysqli_connect($host,$user,$pass,$db) or mysql_error();
//====== IF SUBMIT-COMMENT ======= //
if(isset($_POST['submit-comment'])) {
if(!empty($_POST["name"]) && !empty($_POST["email"]) && !empty($_POST["content"])) {
//====== GET VARIABLES ======= //
$name = mysqli_real_escape_string($con,$_POST['name']);
$email = mysqli_real_escape_string($con,$_POST['email']);
$rate = mysqli_real_escape_string($con,$_POST['select_style']);
$content = mysqli_real_escape_string($con,$_POST['content']);
$insert="INSERT INTO reviews (name,email,rate,content) VALUES ('$name','$email','$rate','$content')";
mysqli_query($con,$insert);
$success = "<span class='success_testmonial'>Thank You! .. Your Raiting Has Been Submitted And We Will Post It As Soon We Verify It !</span>";
}
else {
$error = "<span class='error_testmonial'>Error : one or some fields has left empty .. Please fill all field and try again.</span>";
}
}
mysqli_close($con);
?>
Recommendation:
But if you execute it in mysqli_* prepared statement, your insert query would look like this. Though this is just a simple example but still executable:
if($stmt = $con->prepare("INSERT INTO reviews (name, email, rate, content) VALUES (?,?,?,?)")){ /* CHECK THE QUERY */
$stmt->bind_param('ssss', $_POST["name"], $_POST["email"], $_POST["rate"], $_POST["content"]); /* BIND VARIABLES TO YOUR QUERY */
$stmt->execute(); /* EXECUTE YOUR QUERY */
$stmt->close(); /* CLOSE YOUR QUERY */
}