I have a sign up form and I am trying to record the date the form was filled out, into MySQL table. All of the information that I am requesting within the form is being recorded, except for the date. Would anyone be able to help me out with this task?
Here is a snippet of my PHP code of where I think the problem resides. I am also using PHPmyadmin for my database; if that is relevant.
Here is the link to the page www.3elementsreview.com/sign-up
$value = $_POST['First'];
$value2 = $_POST['Last'];
$value3 = $_POST['City'];
$value4 = $_POST['State'];
$value5 = $_POST['Country'];
$value6 = $_POST['Email'];
$value7 = $_POST['Y-m-d H:i:s'];
$sql = "INSERT INTO members (First, Last, City, State, Country, Email, Date) VALUES ('$_POST[First]','$_POST[Last]','$_POST[City]','$_POST[State]','$_POST[Country]','$_POST[Email]','$_POST[Date]')";
Your code is dangerous and allows sql injection attacks.
First off mysql_* library is depreciated.
Second if you are going to use mysql_* functions, use mysql_real_escape string on ALL your POST fields.
Thirdly this will solve your issue:
$value = mysql_real_escape_string($_POST['First']);
$value2 = mysql_real_escape_string($_POST['Last']);
$value3 = mysql_real_escape_string($_POST['City']);
$value4 = mysql_real_escape_string($_POST['State']);
$value5 = mysql_real_escape_string($_POST['Country']);
$value6 = mysql_real_escape_string($_POST['Email']);
$sql = "INSERT INTO members (First, Last, City, State, Country, Email, Date) VALUES ('$value','$value2','$value3','$value4','$value5','$value6',NOW())";
in mysql, the function NOW() is used to return the current date/time.
Unless your parameter is called Y-m-d%20H:i:s=____, you should probably be collecting a $_POST['date'] variable or something, then converting it into a date after assigning it to a variable.
$value7 = $_POST['date'];
$value7 = date('Y-m-d H:i:s', $value7);
Related
I have a question, I want to edit customer information, but I only want to update record of one customer at a time. I tried to add where _SESSION['customerCode'] but it doesn't seem to work.
<?php
$connection =
mysql_connect("com-db-02.student-cit.local", "team16", "DbSLzU")
or die (mysql_error());
$db = mysql_select_db("team16") or die(mysql_error());
$FName = $_POST['fname'];
$LName = $_POST['lname'];
$Email = $_POST['custemail'];
$Address = $_POST['address'];
$Town = $_POST['town'];
$County = $_POST['county'];
$Eircode = $_POST['eircode'];
$Phone = $_POST['phone'];
$query = mysql_query("UPDATE CUSTOMER set custFName = '$FName', custLName = '$LName', custemail = '$Email' where customerCode = "$_SESSION['customerCode']"") or die(mysql_error());
?>
I get an error unexpected '$_SESSION' (T_VARIABLE)
Also is it possible to add not update those fields that are blank, so if customer wants to change their address only, other fields won't get wiped out
You have a mistake on your concatination. Make it like this .$_SESSION['customerCode']
Try the code below.
session_start();
$custCode = $_SESSION['customerCode'];
$query = mysql_query("UPDATE CUSTOMER set custFName = '$FName', custLName = '$LName', custemail = '$Email' where customerCode = ".$custCode) or die(mysql_error())
Also is it possible to add not update those fields that are blank, so
if customer wants to change their address only, other fields won't get
wiped out
This was already been answered here before. Search for MySQL COALESCE
You can check the following:
https://dba.stackexchange.com/a/36748
https://stackoverflow.com/a/15525287/4672534
Im trying to make a simple ordersystem where the user inputs basic contact information, to this I want to add a fixed value that will allways be sent to the database in this case the price for the product. Also I want the date when the order is placed to also be sent to the database. I have solved the the user input part with a simple input form but have no idea how to get a fixed value for price or pris in this case and the date when the form i submitted to always be sent to the database along with the users contact information.
The code I have right now looks like this:
<?php /*Detta är kod för Order*/ include('input.php');?>
<?php if(!empty($_POST)){
//Contact
$mail = $_POST['mail'];
$first_name = $_POST['fname'];
$last_name = $_POST['lname'];
$adress = $_POST['adress'];
$phone = $_POST['phone'];
//Zip code
$zip = $_POST['zip'];
$city = $_POST['city'];
//Orders
$type = $_POST['type'];
$price = $_POST['price'];
$many = $_POST['many'];
$date = $_POST['date'];
$img = $_POST['img'];
$paymentstatus = $_POST['paymentstatus'];
$sqlContact = "INSERT INTO Contact (Mail, FName, LName, Adress, Phone) Values('$mail', '$first_name', '$last_name', '$adress', '$phone');";
$sqlZipCode = "INSERT INTO ZipCode (Zip, City) Values('$zip', '$city')";
$sqlOrders = "INSERT INTO Orders (Type, Price, Many, Date, IMG, Paymentstatus) Values('$typ','$pris','$antal','$datum','$img', '$betaldstatus')";
$resultKontakt = mysql_query($sqlKontakt) or die(mysql_error() . mysql_errno());
$resultPostNr = mysql_query($sqlPostNr) or die(mysql_error() . mysql_errno());
$resultOrders = mysql_query($sqlOrders) or die(mysql_error() . mysql_errno());
}
https://www.dropbox.com/s/x8c53o2865hln58/Input.php
https://www.dropbox.com/s/5yyq33uux0tqd2h/Order.php
How have worked around so that I get a fixed value "49" for the price and also so that the user can input the current date but I don't want this to be visible for the user and also not in the HTML-form as the information for the price is stated on the site and the date is to se when the order is submitted but it has to be as an attribute because I also need to show the data "submitted orders" on an Adminpage.
First of all: Never show your DB-password in a forum!
To your date-question: Use the DB-date now() of mysql so you get a reliable date:
$sqlOrders = "INSERT INTO Orders (Typ, Pris, Antal, Datum, IMG, BetaldStatus) Values('$typ','$pris','$antal',now(),'$img', '$betaldstatus')";
To your Price: (still not clear to me what you exactly want.
$pris = 49;
You have disabled the text field 'pris' but still somebody may edit the '$pirs' variable using a proxy tool and change the price, so i suggest according to the product the user has selected get the price and insert into the table, do not receive the price using the form (using post variable).
I have using PHP for inserting integer value in Database.
Iam using like this
$postcode = $_POST['postcode'];
$mysql_user_resultset = mysqli_query($con, "INSERT into user (postcode) VALUES ($postcode)");
I have several field in DB. like name, username, etc. all are defined as varchar, but postcode only defined as int. If not enter the value for postcode, it doesn't insert into database
You could simply cast your variable into int:
$postcode = (int) $_POST['postcode'];
$mysql_user_resultset = mysqli_query($con, "INSERT into user (postcode) VALUES ($postcode)");
Note that you're not using any precautions regarding SQL injections, I would suggest you to bind your parameters before query them, using PDO class.
Convert $_POST['postcode'] to int, using
$postcode = (int)$_POST['postcode'];
Use PDO or sprintf for formatting mysql query:
sprintf example:
$mysql_user_resultset = mysqli_query($con, sprintf(
"INSERT into user (postcode) VALUES (%d)",
$_POST['postcode']));
PDO example:
$st = $db->prepare("INSERT into vendors user (postcode) VALUES (:postcode)");
$st->bindParam(':postcode', $_POST['postcode'], PDO::PARAM_INT);
$mysql_user_resultset = $st->execute();
header ('Refreash: 1;url=registrationform.php');
include 'dbconnect.php';
$id = $_POST['id'];
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$password = $_POST['password'];
$DOB = $_POST['dob'];
$gender = $_POST['gender'];
$telephone = $_POST['telephone'];
$memberTypeID = $_POST['memberTypeID'];
$Active = $_POST['Active'];
$sql = "UPDATE user SET firstName = '$firstName', lastName = '$lastName', email = '$email', password = '$password', DOB = '$DOB', gender = '$gender', telephone = '$telephone', memberTypeID = '$memberTypeID', Active = '$Active' WHERE userID = $id";
$result=mysql_query($sql)or die ("COULD NOT UPDATE USER!!");
This is the code i am using to enter the DOB back into the database, when entered it returns 0000-00-00.
Try what is inside $_POST['dob']..Also if the input value is not a valid date value then don't try to insert it. So if its not a valid value then make the dob as null and also make your table structure compatible to allow NULL values.If your $_POST['dob'] doesn't contains a valid date value in YYYY-MM-DD format then that value will be inserted as 0000-00-00 in the database.
So try something like the following
$DOB = NULL;
if(isset($_POST['dob']) && trim($_POST['dob']) != '')
//make necessary validateions and assign the value
$DOB = $newValue;//Assume $newValue contains new date value in YYYY-MM-DD format
Also don't use mysql_ functions anymore since they are deprecated. Try using mysqli_ functions and prepare statements because your code is vulnerable to sql injections
My code is showing -1 Record Inserted error and not inserting the fields to database. Any thoughts of why is it doing this?
<?php
include("dbconnect.php");
$con=new dbconnect();
$con->connect();
error_reporting(E_ALL);
if($_POST) {
$users_name = $_POST['name'];
$users_email = $_POST['email'];
$users_website = $_POST['website'];
$users_comment = $_POST['content'];
$users_name = htmlspecialchars($users_name);
$users_email = htmlspecialchars($users_email);
$users_website = htmlspecialchars($users_website);
$users_comment = htmlspecialchars($users_comment);
$postid = $_GET['id'];
$sSql = "INSERT INTO comments
( post_id, name, email, website,content)
VALUES ($postid, '$users_name',
'$users_email', '$users_website', '$users_comment' )";
mysql_query($sSql);
$update=mysql_affected_rows();
echo "<h2>$update Record Inserted</h2><br />";
echo '<h2> Your Comment is submitted</h2><br />';
}
?>
For some reason, the comments table is not getting updated. I am new to programming in mySQL and PHP. Any suggestions would be of so much help to me. Thanks.
First insert dummy values in your php SQL statement & comment mysql_query statement.
$sSql = "INSERT INTO comments (post_id,name,email,website,content) VALUES (100, 'anoop.pete','anoop.pete#gmail.com', 'www.anooppete.com', 'Nice Website' )";
//mysql_query($sSql);
//$update=mysql_affected_rows();
Print the SQL statement...
print($sSql);
Copy the SQL statement from web browser, Execute the $sSql in MySql
If the row is inserted, in MySQL, uncomment and run the same page again.
mysql_query($sSql);
$update=mysql_affected_rows();
If it runs, try removing htmlspecialchars()
$users_name = $_POST['name'];
$users_email = $_POST['email'];
$users_website = $_POST['website'];
$users_comment = $_POST['content'];
I guess your htmlspecialchars() is returning some invalid characters...
-1 means the query returned an error.
Put this sql query into your sql browser's sql 'querier' and see what the error is:
INSERT INTO
comments
(post_id,
name,
email,
website,
content)
VALUES
(2,
'name',
'email#',
'http://',
'comment')