I am trying to add a captcha to my guestbook submission form but cannot get the if(($_POST['code']) == ($_SESSION['code'])) statement to work. Please see code below. Any help would be greatly appreciated.
if ($_POST['postbtn']){
$name = strip_tags($_POST['name']);
$email = strip_tags($_POST['email']);
$comment = strip_tags($_POST['comment']);
if(($_POST['code']) == ($_SESSION['code'])) {
$code = strip_tags($_POST['code']);
}
if($name && $email && $comment && $code){
$time = date("h:i A");
$date = date("F d, Y");
$ip = $_SERVER['REMOTE_ADDR'];
// add to the database
mysqli_query($con,"INSERT INTO guestbook VALUES (
'', '$name', '$email', '$comment', '$time', '$date', '$ip'
)");
echo "Your post has been added.";
}
else
echo"You did not enter in all the required info.";
}
echo "<form action='./index.php' method='post'>
<table>
<tr>
<td>Name:</td>
<td><input type='text' name='name' style='width: 200px;' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' style='width: 200px;' /></td>
</tr>
<tr>
<td>Comment:</td>
<td><textarea name='comment' style='width: 197.5px; height: 50px;'>
</textarea></td>
</tr>
<tr>
<td><img src='captcha.php?'/></td>
<td><input type='text' name='code' style='width: 200px;' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='postbtn' value='Post' /></td>
</tr>
</table>
</form>";
Can you try echo on both $_POST['code'] and $_SESSION['code'] so that you can debug it and see if you are getting the values correctly? I don't think you are getting them right. if not just add up a complete scenario here with proper field names and values.
Related
I've got a PHP form that displays current data on one side of the page and on the other side are fields that can be filled in to update the data. I have two files "modify.php" and "modify.config.php" to process the update. When hitting the "save" button on modify.php I get a success message (through the config page); the record id (site_id) passes through to the success message in the url but the data does not update in the mysql database. Any help is greatly appreciated!
Modify.php:
<?php
if(isset($_GET['id'])) {
require_once 'includes/connection.php';
$id = mysqli_real_escape_string($conn, $_GET['id']);
$sql = "SELECT * FROM sites WHERE site_id='$id' ";
$result = mysqli_query($conn, $sql) or die ("Bad Query: $sql");
$row = mysqli_fetch_array($result);
}
?>
<form action='modify.config.php?id=<?php echo $_GET['id']; ?>' method='POST'>
<table width='100%'>
<thead>
<th colspan='2'><strong>Current Details:</strong></th>
<th colspan='2' style='background-color:#2c9cd4; color:#ffffff;'><strong>New Details:</strong></th>
</thead>
<tr class='hover'>
<td width='15%'><strong>Site Code: </strong></td>
<td width='35%'><?php echo $row['site_code'] ?></td>
<td colspan='2' bgcolor='#f2f2f2'><input type='text' name='site_code' class='input2' placeholder='Site Code (UCCE)' maxlength='4' size='20' id='site_code' value='<?php if (isset($trimmed['site_code'])) echo $trimmed['site_code']; ?>' autofocus /></td>
</tr>
</tr>
<tr class='hover'>
<td width='15%'><strong>Name: </strong></td>
<td width='35%'><?php echo $row['site_name'] ?></td>
<td colspan='2' bgcolor='#f2f2f2'><input type='text' name='site_name' class='input2' placeholder='Site Name' maxlength='100' size='50' id='site_name' value='<?php if (isset($trimmed['site_name'])) echo $trimmed['site_name']; ?>' autofocus /></td>
</tr>
<tr class='hover'>
<td width='15%'><strong>Description: </strong></td>
<td width='35%'><?php echo $row['description'] ?></td>
<td colspan='2' bgcolor='#f2f2f2'><input type='text' name='description' class='input2' placeholder='Description' maxlength='100' size='50' id='description' value='<?php if (isset($trimmed['description'])) echo $trimmed['description']; ?>' autofocus /></td>
</tr>
<tr class='hover'>
<td width='15%'><strong>Street Address: </strong></td>
<td width='35%'><?php echo $row['address_street'] ?></td>
<td colspan='2' bgcolor='#f2f2f2'><input type='text' name='address_street' class='input2' placeholder='Street Address' maxlength='100' size='50' id='address_street' value='<?php if (isset($trimmed['address_street'])) echo $trimmed['address_street']; ?>' autofocus /></td>
</tr>
<tr class='hover'>
<td width='15%'><strong>City: </strong></td>
<td width='35%'><?php echo $row['address_city'] ?></td>
<td colspan='2' bgcolor='#f2f2f2'><input type='text' name='address_city' class='input2' placeholder='City' maxlength='100' size='50' id='address_city' value='<?php if (isset($trimmed['address_city'])) echo $trimmed['address_city']; ?>' autofocus /></td>
</tr>
</table>
</div>
<span style='float:right;'>
<button type='submit' class='save' id='submit' name='submit'>
<img src='images/save.png' height='13px' width='13px' style='vertical-align: sub;' /> Save </button>
<input type='hidden' name='submit' id='submit' value='TRUE' />
</span>
</form>
And Modify.Config.php:
<?php
if(isset($_GET['id'])) {
require_once 'includes/connection.php';
$id = mysqli_real_escape_string($conn, $_GET['id']);
$sql = "SELECT * FROM sites WHERE site_id='$id'";
$result = mysqli_query($conn, $sql) or die ("Bad Query: $sql");
$row = mysqli_fetch_array($result);
}
include 'includes/connection.php';
if (isset($_POST['submit'])) {
$site_code = mysqli_real_escape_string($conn, trim($_POST['site_code']));
$site_name = mysqli_real_escape_string($conn, trim($_POST['site_name']));
$description = mysqli_real_escape_string($conn, trim($_POST['description']));
$address_street=mysqli_real_escape_string($conn, trim($_POST['address_street']));
$address_city = mysqli_real_escape_string($conn, trim($_POST['address_city']));
$error = false;
if (!$error) {
if (!empty($site_code) && !empty($site_name) && !empty($description) && !empty($address_street) && !empty($address_city))
{
$sql = "UPDATE sites SET site_code='$site_code', site_name='$site_name', description='$description', address_street='$address_street', address_city='$address_city' WHERE site_id='$id'";
mysqli_query($conn, $sql);
}
$page_title = "Modify Success";
$page_content = "Site <strong><a href='site.php?id={$row['site_id']}'> {$row['site_code']} {$row['description']}</a></strong> has been successfully modified.";
include "header.php";
include "includes/box_success.php";
echo "<p> <p>";
include "footer.php";
mysqli_close($conn);
exit();
} else {
$page_title="Modify - ERROR";
$page_content = "<p><strong>The site {$row['site_code']} could not be updated.</strong></p><p>{$sql}<br>{mysqli_error($conn)}</p>";
include "header.php";
include "includes/box_error.php";
echo "<p valign='middle'>
<span style='float:left'>
<a href='modify.php?id={$row['site_id']}'>
<button type='submit' class='trans-left' value='submit-previous'>
<img src='images/chevron_back.png' height='15' width='18' style='vertical-align: sub;' />
Retry
</button></a>
</span></p>
<p> </p>";
echo "</div>";
include "footer.php";
}
}
mysqli_close($conn);
?>
Are you sure you are committing the changes to the database? I see you doing an update then closing the connection. Try adding the following before you close the connection.
mysqli_commit($conn);
I want to change the error code SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'xx#yahoo.com' for key 'email' message into something like "error email already in use"
create.php
<?php
require_once 'dbconfig.php';
if ($_POST) {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$contactnum = $_POST['contactnum'];
$email = $_POST['email'];
$pass = $_POST['pass'];
$lang = $_POST['lang'];
try {
$stmt = $db_con->prepare("INSERT INTO tbluser(fname,lname,contactnum,email,pass,lang) VALUES(:ufname,:ulname,:ucontact,:uemail,:upass,:ulang)");
$stmt->bindParam(":ufname", $fname);
$stmt->bindParam(":ulname", $lname);
$stmt->bindParam(":ucontact", $contactnum);
$stmt->bindParam(":uemail", $email);
$stmt->bindParam(":upass", $pass);
$stmt->bindParam(":ulang", $lang);
if ($stmt->execute()) {
echo "Successfully Added";
} else {
echo "Query Problem";
}
} catch(PDOException $e) {
echo $e->getMessage();
}
}
?>
I tried to add something like this
if (mysql_errno() == 1062) {
echo"error email already in use!";
}
But can't make it work. Thanks for your help, I'm still new in php. Can someone advise me how to use PDO?
addform.php
<style type="text/css">
#dis{
display:none;
}
</style>
<div id="dis">
<!-- here message will be displayed -->
</div>
<form method='post' id='emp-SaveForm' action="#">
<table class='table table-bordered'>
<tr>
<td>First Name</td>
<td><input type='text' name='fname' class='form-control' required /></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type='text' name='lname' class='form-control' required></td>
</tr>
<tr>
<td>Contact Number</td>
<td><input type='number' name='contactnum' class='form-control' required></td>
</tr>
<tr>
<td>Email</td>
<td><input type='email' name='email' class='form-control' required /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name='pass' class='form-control' required /></td>
</tr>
<tr>
<td>Language</td>
<td><input type='text' name='lang' class='form-control' required /></td>
</tr>
<tr>
<td colspan="2">
<button type="submit" class="btn btn-primary" name="btn-save" id="btn-save">
<span class="glyphicon glyphicon-plus"></span> Save this User
</button>
</td>
</tr>
</table>
</form>
mysql_errno is part of the deprecated mysql extension - you're using PDO, so you need to check the error with it too:
if ($stmt->execute()) {
echo "Successfully Added";
} else {
if ($stmt->errorCode() == 1062) {
# Here ^
echo "error email already in use!";
} else {
echo "some other problem...";
}
}
Errors can show up in event/error logs and cause unnecessary noise if you are ever trying to find a legit error, so if you can I would avoid relying on them. Instead try:
IF (SELECT 1 = 1 FROM users WHERE email=?) THEN
BEGIN
SELECT 0 AS Result--signals already exists to the application
END;
ELSE
BEGIN
INSERT INTO users(columns) VALUES(values);
SELECT LAST_INSERT_ID() AS Result;
END;
END IF;
Or something along those lines.
I'm trying to find how to retain my text value after submit, so the text that i submit is still keep in the textbox, there's so many reference in internet but too hard for me to understand (newbie here), so i'd like to ask here, if anyone have some solution.
Here's my form code:
echo
"<form method='post' action='process.php'>
<tr>
<td>Nama Jurusan</td>
<td>:</td>
<td><input type='text' name='jurusan' size='50%'></td>
</tr>
<tr>
<td>Nama Laboratorium</td>
<td>:</td>
<td><input type='text' name='lab' size='50%></td>
</tr>
<input name='submit' type='submit' id='ajukan' value='Ajukan'>
</form>";
As you can see, i was placing the form inside echo.
Here's my process.php code:
<?php
if(isset($_REQUEST['submit'])) {
include "../conf/koneksi.php";
$jurusan = $_POST['jurusan'];
$lab = $_POST['lab'];
$urutkan= "ALTER TABLE tb_pengusul AUTO_INCREMENT = 1";
mysql_query($urutkan);
$input = mysql_query("INSERT INTO tb_pengusul (nama_jurusan,nama_laboratorium)
VALUES ('$jurusan','$lab')") or die (mysql_error());
echo "<script language=\"Javascript\">\n";
echo "window.alert('Input sukses !')";
echo "</script>";
echo "<META HTTP-EQUIV=\"REFRESH\" CONTENT=\"0;URL='../koordinator.php?url='\">";
}
?>
Use Post value as,
This will works only if you form page and submit code are in same page ( process.php )
<?php echo"<form method='post' action='process.php'>
<tr><td>Nama Jurusan</td>
<td>:</td>
<td><input type='text' name='jurusan' value='".$_POST['jurusan']."' size='50%'></td>
</tr>
<tr>
<td>Nama Laboratorium</td>
<td>:</td>
<td><input type='text' name='lab' value='".$_POST['lab']."' size='50%'></td>
</tr>
<input name='submit' type='submit' id='ajukan' value='Ajukan'>
</form>";?>
Also you have error in your code in line
<td><input type='text' name='lab' size='50%></td>
it should be <td><input type='text' name='lab' size='50%'></td>
If your form is still available in the process.php file, change it like this:
echo "<form method='post' action='process.php'>
<tr><td>Nama Jurusan</td>
<td>:</td>
<td><input type='text' name='jurusan' size='50%'";
if (isset($_POST['jurusan']))
{
echo " value=\'$_POST['jurusan']\'";
}
echo "></td>
</tr>
<tr>
<td>Nama Laboratorium</td>
<td>:</td>
<td><input type='text' name='lab' size='50%'";
if (isset($_POST['lab']))
{
echo " value=\'$_POST['lab']\'";
}
echo "></td>
</tr>
<input name='submit' type='submit' id='ajukan' value='Ajukan'>
</form>";
you need to use PHP sessions.
add the following string to your process.php page
session_start();
$_SESSION['prev_values'] = $_POST;
and the following to your form page
$lab = "";
$jur = "";
session_start();
if(isset($_SESSION['prev_values'])){
$jur = $_SESSION['prev_values']['jurusan'];
$lab = $_SESSION['prev_values']['lab'];
}
echo
"<form method='post' action='process.php'>
<tr>
<td>Nama Jurusan</td>
<td>:</td>
<td><input type='text' name='jurusan' size='50%' value='$jur'></td>
</tr>
<tr>
<td>Nama Laboratorium</td>
<td>:</td>
<td><input type='text' name='lab' size='50%' value='$lab'></td>
</tr>
<input name='submit' type='submit' id='ajukan' value='Ajukan'>
</form>";
SECURITY NOTICE:
Please note: this script is basic and it is vulnerable to XSS (just to name one). As a rule of thumb, you should NEVER display directly user inputs without some form of sanitation
so I'm trying to simply send one field of data from a form to a php file. Below is my form in a table. I also posted my php code. It keeps returning that $username is null. Ive tried post/get and it doesn't seem to matter.
HTML:
<form action='http://k9minecraft.tk/scripts/adduser.php' method='POST'>
<table>
<tr>
<td>First Name:</td>
<td><input type='text' id='first'></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type='text' id='last'></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' id='email'></td>
</tr>
<tr>
<td>Minecraft Name:</td>
<td><input type='text' name='user'></td>
</tr>
<tr>
<td><input type='submit' value='Send'></td>
<td><input type='reset' value='Reset'></td>
</tr>
</table>
</form>
PHP:
<?php
print_r($_POST);
if (isset($_POST['user'])) {
$username = $_POST['user'];
echo $username;
echo 'username is not null';
}
?>
The issue is that all of your inputs have id but not name. The id are used by JavaScript. The name are used for sending form data.
Change it to be like this:
<form action='http://k9minecraft.tk/scripts/adduser.php' method='POST'>
<table>
<tr>
<td>First Name:</td>
<td><input type='text' name='first' id='first'></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type='text' name='last' id='last'></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' id='email'></td>
</tr>
<tr>
<td>Minecraft Name:</td>
<td><input type='text' name='user'></td>
</tr>
<tr>
<td><input type='submit' name='Send' value='Send'></td>
<td><input type='reset' name='Rest' value='Reset'></td>
</tr>
</table>
</form>
This code is working. You need to add some condition, that checks, if $username is posted or not.
Something like that:
if(count($_POST)){
$username ='';
if(isset($_POST['user'])){
$username = $_POST['user'];
if ($username==null || !$username)
echo 'username is null';
echo strlen($username);
echo $username;
}
}
Try this to find out if the field is posted by the formular:
isset($_POST['user'])
I think $username==null will be true even if $username really is equal to an empty string.
This is how people usually do it:
if(isset($_POST['user']) && !empty($_POST['user'])) {
$user = $_POST['user'];
}
Note: == null will not work with empty string. see here.
You also need to add a name attribute for other input fields of yours.
try using this
<?php
if(isset($_POST['submit'])){
$msg = "";
/* Validate post */
if(isset($_POST['user'])==""){
$msg .= "username is null";
}
/*End Validate*/
if($msg==""){
$user = $_POST['user'];
}else{
echo $msg;
}
}
?>
I am new here and I have a question. I have a problem that I can't figure it out with _POST. I have been searching for hours before start writing! As far as I can see I haven't done any of the mistakes that are posted for other similar question (form action..., name attribute...,etc). Please, can you check my code below to tell me what am I doing wrong??
I use xampp 1.7.3 on windows 7.
<?php require("includes/header.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?><head>
<script type="text/javascript">
function theChecker()
{
if(document.getElementById('checker').checked){
document.getElementById('submitter').disabled=false;
}
else{
document.getElementById('submitter').disabled=true;
}
}
</script>
</head>
<?php require("includes/body_no_menus.php"); ?>
<div align="center">
<form name="signup" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?php
echo "<hr/>
<table width='600' border='0'>
<tr>
<td width='237'>Κωδικός οικοδομής</td>
<td width='351'><input name='building_id' type='text' id='building_id' size='30' maxlength='40' />*</td>
</tr>
<tr>
<td>Κωδικός διαμερίσματος</td>
<td><input name='apartment_id' type='text' id='apartment_id' size='30' maxlength='40' />*</td>
</tr>
<tr>
<td></td>
<td height='31' colspan='2' ><label>
<input name='send' type='submit' value='Αποστολή' />
</label></td>
</tr>
</table>
";
?>
</form>
</div>
<p>
<?php
if(isset($_POST['send'])) {
// Check input / Required fields
$building_id = check_input($_POST['building_id'],"Εισάγετε τον κωδικό της οικοδομής!");
$apartment_id = check_input($_POST['apartment_id'],"Εισάγετε όνομα χρήστη!");
$query = "SELECT idTENANT,FNAME,LNAME,BUILDING_ADMIN,PHONE FROM TENANT,APARTMENT, BUILDING
WHERE TENANT.APARTMENT_ID = APARTMENT.idAPARTMENT
AND APARTMENT.BUILDING_ID = BUILDING.idBUILDING
AND idAPARTMENT = '$apartment_id'
AND idBUILDING = '$building_id'";
$result=mysql_query($query) or die ("Couldn't execute query.");
$row = mysql_fetch_array( $result );
$id = $row['idTENANT'];
$fname = $row['FNAME'];
$lname = $row['LNAME'];
$apartment = $row['APARTMENT_ID'];
$phone = $row['PHONE'];
if($row['BUILDING_ADMIN'] == 0)
$admin = "ΟΧΙ";
else
$admin = "ΝΑΙ";
echo " <hr />
<table width='300' border='0'>
<tr>
<td>Όνομα</td>
<td>$fname</td>
</tr>
<tr>
<td>Επίθετο</td>
<td>$lname</td>
</tr>
<tr>
<td>Όνομα χρήστη</td>
<td><input name='username' type='text' size='30' maxlength='20' />*</td>
</tr>
<tr>
<td>Κωδικός χρήστη</td>
<td><input name='password' type='password' size='30' maxlength='20'/>*</td>
</tr>
<tr>
<td>Επαλήθευση κωδικού</td>
<td><input name='verify_password' type='password' size='30' maxlength='40'/> *</td>
</tr>
<tr>
<td>Διαχείριση οικοδομής</td>
<td>$admin</td>
</tr>
<tr>
<td>Τηλέφωνο</td>
<td>$phone</td> </tr>
<tr>
<td></td>
<td><input name='checkterms' type='checkbox' id='checker' onclick='theChecker()' value='Ναι'/>
<label>Έχω διαβάσει και αποδέχομαι τους όρους χρήσης.</label> *</td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='complete' id='submitter' value='Ολοκλήρωση εγγραφής' disabled/></td>
</tr>
</table>
";
}
if(isset($_POST['complete'])) {
// Password match
if ($password != $verify_password)
{
echo '<font color="red">Οι κωδικοί δεν ταιριάζουν</font>';
}//if
else
{
// Execute MySQL commands
$query = "UPDATE TENANT SET USERNAME = '$un', PASSWD='$pw' WHERE idTENANT='$id'";
$result=mysql_query($query) or die ("Couldn't execute query.");
header("Location: main_login.php");
}//else
}//if
?>
</p>
<?php require("includes/footer.php"); ?>
The first _POST (if(isset($_POST['send']))...) works perfectly. But if(isset($_POST['complete'])) {... does nothing. I ve tried to echo some data to see if my connection doesn't work, but its the _POST...
Please help me!!!!
Thanks for your time!
what you could try:
use vardump to see what $_POST contains: var_dump($_POST);.
use firebug (or something similar for another browser) to lookup the request and see which POST-Parameters are sent.
The second set of form elements (username, password, verify_password, checkterms, complete) are not inside any html form element. Clicking the second button does not post the form to server.
header("Location: main_login.php");
Is not going to work, when $_POST["complete"] is reached. You already sent heaps of output before that. Enable more error_reporting.