Usage of session to retain to text box value in PHP - php

Hi I have this and works fine except the following issue.
echo "<form method='post' action=''>";
echo " <input type='text' name='txt1' id='txt1' value=".$_SESSION['txt1'].">";
echo " <input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'>";
echo "</form>";
<A submit button here to send the form data>
The issue is if I have a value in the text box like John when I submit the form I retain the original user typed word Jonn in the text box. However if the user type John Carter, when the form is submitted it retains only John. In other words texts only up to first space between the texts. How do I retain entire text?
EDIT
<?php
if(isset($_POST['sendone']))
{
echo "Hello";
echo "<form method='post' action=''>";
echo " <input type='text' name='txt1' id='txt1'>";
echo " <input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'>";
echo "</form>";
}
if(isset($_POST['sendtwo']))
{
if($_POST['txt1']=='')
{
echo "Hello";
echo "<form method='post' action=''>";
echo " <input type='text' name='txt1' id='txt1'>";
echo " <input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'>";
echo "</form>";
echo "Empty";
}
else
{
$_SESSION['txt1'] = $_POST['txt1'];
echo "Hello";
echo "<form method='post' action=''>";
echo " <input type='text' name='txt1' id='txt1' value=".$_SESSION['txt1'].">";
echo " <input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'>";
echo "</form>";
echo "Hit success!";
}
}
?>


You need to include the single quotes around the value for the value= attribue when echoing the _SESSION["txt1"], otherwise the resulting HTML isn't valid .. like this:
<?php
if(isset($_POST['sendone']))
{
echo "Hello";
echo "<form method='post' action=''>";
echo " <input type='text' name='txt1' id='txt1'>";
echo " <input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'>";
echo "</form>";
}
if(isset($_POST['sendtwo']))
{
if($_POST['txt1']=='')
{
echo "Hello";
echo "<form method='post' action=''>";
echo " <input type='text' name='txt1' id='txt1'>";
echo " <input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'>";
echo "</form>";
echo "Empty";
}
else
{
$_SESSION['txt1'] = $_POST['txt1'];
echo "Hello";
echo "<form method='post' action=''>";
// check out this line here:
echo " <input type='text' name='txt1' id='txt1' value='" . htmlspecialchars($_SESSION['txt1']) . "'>";
echo " <input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'>";
echo "</form>";
echo "Hit success!";
}
}
?>
Though, it's worth nothing that it is much more performant (and readable!) to use plain HTML where possible, and just use echo for the variables you wish to include.


Check this code.
<form name="" method="post">
<input type="text" name="txt1">
<input type="submit" name="sendtwo">
<input type="submit" name="sendone">
</form>
<?php
if(isset($_POST['sendone']))
{
echo "Hello";
echo "<form method='post' action=''>";
echo " <input type='text' name='txt1' id='txt1'>";
echo " <input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'>";
echo "</form>";
}
if(isset($_POST['sendtwo']))
{
if($_POST['txt1']=='')
{
echo "Hello";
echo "<form method='post' action=''>";
echo " <input type='text' name='txt1' id='txt1'>";
echo " <input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'>";
echo "</form>";
echo "Empty";
}
else
{
$_SESSION['txt1'] = $_POST['txt1'];
echo "Hello";
echo "<form method='post' action=''>";
// check out this line here:
echo " <input type='text' name='txt1' id='txt1' value='" . $_SESSION['txt1'] . "'>";
echo " <input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'>";
echo "</form>";
echo "Hit success!";
}
}
?>

Related

PHP get request resets page

So, I'm making a PHP page. I'm trying to get a url like this
https://nikkiedev.com/folder/indexfile/?schedule-btn=true&time-zone=CET
but instead, when I click on my GET form for the time zone it goes to
https://nikkiedev.com/folder/indexfile/?time-zone=CET
Here's my code:
<div class='mobile-center'>
<form method="GET">
<button name="schedule-btn" type="submit" value="true" class="btn">schedule</button>
<button name="roles-btn" type="submit" value="true" class="btn">roles</button>
</form>
<?php
$sched_btn = $_GET["schedule-btn"];
$roles_btn = $_GET["roles-btn"];
if (isset($sched_btn)) {
echo "<div class='mobile-center'>";
echo "<h1>Change schedule</h1>";
echo "<hr>";
echo "<p>Choose time zone</p>";
echo "<form method='GET'>";
echo "<p>
<input type='radio' name='time-zone' value='CET'> CET
<input type='radio' name='time-zone' value='EST'> EST
<input type='submit'>
</p>";
echo "</form>";
$timezone = $_GET["time-zone"];
echo "</div>";
if ($timezone == "CET") {
echo "<h1>CET</h1>";
}
else if ($timezone == "EST") {
echo "<h1>EST</h1>";
}
}
?>
</div>

Add the value of $sched_btn as a hidden input in the new form.
if (isset($sched_btn)) {
echo "<div class='mobile-center'>";
echo "<h1>Change schedule</h1>";
echo "<hr>";
echo "<p>Choose time zone</p>";
echo "<form method='GET'>";
echo "<input type='hidden' name='schedule-btn' value='$sched_btn'>";
echo "<p>
<input type='radio' name='time-zone' value='CET'> CET
<input type='radio' name='time-zone' value='EST'> EST
<input type='submit'>
</p>";
echo "</form>";
$timezone = $_GET["time-zone"];
echo "</div>";
if ($timezone == "CET") {
echo "<h1>CET</h1>";
}
else if ($timezone == "EST") {
echo "<h1>EST</h1>";
}
}

Label tag is not moving the form structure in line

The label tag has the right syntax however the form structure is not aligned well the way I want it.I also put id as well
echo "<form action='getregister.php' method='post'>";
echo "<fieldset >";
echo "<legend>Register</legend>";
echo "<input type='hidden' name='submitted' id='submitted' value='1'/>";
echo "<label for='First_name'>First Name: </label>";
echo "<input type='text' name='U_fname' id='First_name' value=''><br>";
echo "<label for='Last_name'>Last Name: </label>";
echo "<input type='text' name='U_sname' id='Last_name' value=''><br>";
echo "<label for='Address' >Address: </label>";
echo "<input type='text' name='U_address' id='Address' value=''><br>";
echo "<label for='Postcode' >Postcode: </label>";
echo "<input type='text' name='U_postcode' id='Postcode' value=''><br>";
echo "<label for='Telno' >Tel No: </label>";
echo "<input type='text' name='U_telNo' id='Telno' value=''><br>";
echo "<label for='Email' >Email Address: </label>";
echo "<input type='email' name='U_email' id='Email' value=''><br>";
echo "<label for='password' >Password:</label>";
echo "<input type='password' name='U_password' id='password' value=''><br>";
echo "<label for='passwords' >Confirm Password:</label>";
echo "<input type='password' name='U_confirmPassword' id='passwords' value=''><br>";
echo "<input type='submit' name='Submit' value='Register' />";
echo "<button type='reset' value='Reset'>Clear form</button>";
echo "</fieldset>";
echo "</form>";

Try like this:
echo "<form action='getregister.php' method='post'>";
echo "<fieldset >";
echo "<legend>Register</legend>";
echo "<input type='hidden' name='submitted' id='submitted' value='1'/>";
echo "<table>";
echo "<tr>";
echo "<td><label for='First_name' >First Name: </label></td>";
echo "<td><input type='text' name='U_fname' value=''></td>";
echo "</tr>";
echo "<tr>";
echo "<td><label for='Last_name'>Last Name: </label></td>";
echo "<td><input type='text' name='U_sname' id='Last_name' value=''>";
echo "</tr>";
echo "<table>";
echo "</fieldset>";
echo "</form>";

Php mysql query works in chrome but not firefox/IE

I am just finishing up my university assignment and it is working perfectly in google chrome, unfortunately when I went to test it in firefox and IE there are a few mysql querys that just aren't working. The one below is for adding a song to a database, it does this in Chrome, but when trying to do the same in firefox/IE the page just refreshes and nothing happens. I've tried searching for the past hour but haven't been able to come up with a solution. Any help would be appreciated.
The form and inputs
if (!$edit) {
?>
<form class="inline" method="post" action="dataGridAdmin.php">
<td><input type="text" name="song" size="20"></td>
<td><input type="text" name="artist" size="20"></td>
<td>
<?php
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
?>
<input type="image" src="add.png" name="addTrack" value="yes"></td>
<td><input type="image" src="search.png" name="searchMusic" value="yes"></td>
</form>
<?php
}
?>
</table>
The php and mysql
// do we want to add a new track?
if (isset($_POST["addTrack"]) && $_POST["addTrack"]=="yes") {
$dbQuery="insert into music values (NULL, '".$_POST["song"]."','".$_POST["artist"]."', 'Y')";
$dbResult=mysql_query($dbQuery);
}
FULL FILE:
<html>
<head>
<title>Music Database Editor</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<?php
include "dbConnect.php";
session_start();
if (!(isset($_SESSION["currentUser"]))) header ("Location: adminLogin.php");
$currentUser=$_SESSION["currentUser"];
$currentUserID=$_SESSION["currentUserID"];
$dbQuery="select * from users where id='$currentUserID'";
$dbResult=mysql_query($dbQuery);
$dbRow=mysql_fetch_array($dbResult);
$adminPriv=$dbRow["admin"];
if ($adminPriv=='N') {
header ("Location: adminLogin.php");
}
// print_r($_POST); // this line can be removed after debugging
// set up page size and current page
$pageSize=10;
if (isset($_POST["thisPage"])) $thisPage=$_POST["thisPage"];
else if (isset($_GET["page"])) $thisPage=$_GET["page"];
else $thisPage=1;
// now check for database activity
// do we want to add a new track?
if (isset($_POST["addTrack"]) && $_POST["addTrack"]=="yes") {
$dbQuery="insert into music values (NULL, '".$_POST["song"]."','".$_POST["artist"]."', 'Y')";
$dbResult=mysql_query($dbQuery);
}
// do we want to modify an existing track?
if (isset($_POST["updateData"]) && $_POST["updateData"]=="yes") {
$dbQuery="update music set ".
"song='".$_POST["newSong"]."', ".
"artist='".$_POST["newArtist"]."' ".
"where id=".$_POST["id"];
$dbResult=mysql_query($dbQuery);
}
// do we want to delete a track?
if (isset($_POST["deleteTrack"]) && $_POST["deleteTrack"]=="yes") {
$dbQuery="delete from music where id=".$_POST["id"];
$dbResult=mysql_query($dbQuery);
}
// have we clicked on the edit icon?
if (isset($_POST["editTrack"]) && $_POST["editTrack"]=="yes") {
$edit=true;
$dbQuery="select * from music where id=".$_POST["id"];
$dbResult=mysql_query($dbQuery);
$dbRow=mysql_fetch_array($dbResult);
// set up the values that will appear in the edit form
$editId=$dbRow["id"];
$editSong=$dbRow["song"];
$editArtist=$dbRow["artist"];
}
else $edit=false;
// how many tracks are in the table?
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes")
$dbQuery="select count(id) from music where song like '%".$_POST["song"]."%' and got='Y'";
else
$dbQuery="select count(id) from music where got='Y'";
$dbResult=mysql_query($dbQuery);
$dbRow=mysql_fetch_array($dbResult);
$totalRows=$dbRow[0];
// adjust $thisPage if we have just deleted the only track on the previous page
if (($thisPage*$pageSize)-($pageSize-1)>$totalRows) $thisPage--;
// do we want to search for a track? track name
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
if (isset($_POST["song"]) && $_POST["song"]!="")
$likeStr="where song like '%".$_POST["song"]."%'";
if (isset($_POST["artist"]) && $_POST["artist"]!="")
$likeStr="where artist like '%".$_POST["artist"]."%'";
if (isset($_POST["song"]) && $_POST["song"]!="" && isset($_POST["artist"]) && $_POST["artist"]!="")
$likeStr="where song like '%".$_POST["song"]."%' and artist like '%".$_POST["artist"]."%'";
} else $likeStr="";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") { // are the tracks sorted?
$dbQuery="select * from music $likeStr " .
" order by ".$_POST["sortField"]." ".$_POST["sortDirection"].
" limit $pageSize offset " . ($thisPage-1)*$pageSize;
} else $dbQuery="select * from music $likeStr where got='Y' limit $pageSize offset ".($thisPage-1)*$pageSize;
$dbResult=mysql_query($dbQuery);
$numResults=mysql_num_rows($dbResult);
// which tracks are we currently displaying?
if ($numResults==0) {
$first=0; $last=0;
} else {
$first=(($thisPage-1)*$pageSize)+1;
if ($thisPage<$totalRows/$pageSize) $last=$first+($pageSize-1); else $last=$totalRows;
}
$prevPage=$thisPage-1;
$nextPage=$thisPage+1;
echo "<hr width='1300'>";
echo "<br>";
echo "<h3>Music Database Editor</h3>";
// echo "<p>$dbQuery</p>";
// display button link to previous page
if ($thisPage>1) {
echo "<form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
"<input type=\"hidden\" name=\"thisPage\" value=\"$prevPage\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
echo "<input type=\"image\" src=\"previous.png\" alt=\"Previous page\">".
"</form> ";
} else echo "<img src=\"previous.png\"> ";
echo "Displaying tracks $first-$last of $totalRows ";
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes")
echo "containing '".$_POST["song"]."".$_POST["artist"]."' ";
// display button link to next page
if ($thisPage<$totalRows/$pageSize) {
echo "<form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
"<input type=\"hidden\" name=\"thisPage\" value=\"$nextPage\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
echo "<input type=\"image\" src=\"next.png\" alt=\"Next page\">".
"</form> ";
} else echo "<img src=\"next.png\"> ";
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
echo "<input type=\"image\" src=\"showAll.png\" alt=\"Show All\">".
"</form> ";
}
?>
<!-- now the current page of tracks -->
<table cellspacing="5">
<tr>
<!-- Sort song name -->
<th><form class="inline" method="post" action="dataGridAdmin.php">
<input type="hidden" name="sort" value="yes">
<input type="hidden" name="sortField" value="song">
<input type="hidden" name="sortDirection" value="asc">
<input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
?>
<input type="image" src="sort_ascend.png" alt="Sort A-Z">
</form>
Song
<form class="inline" method="post" action="dataGridAdmin.php">
<input type="hidden" name="sort" value="yes">
<input type="hidden" name="sortField" value="song">
<input type="hidden" name="sortDirection" value="desc">
<input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
?>
<input type="image" src="sort_descend.png" alt="Sort Z-A">
</form></th>
<!-- Sort artist name -->
<th><form class="inline" method="post" action="dataGridAdmin.php">
<input type="hidden" name="sort" value="yes">
<input type="hidden" name="sortField" value="artist">
<input type="hidden" name="sortDirection" value="asc">
<input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"artist\" value=\"".$_POST["artist"]."\">";
}
?>
<input type="image" src="sort_ascend.png" alt="Sort A-Z">
</form>
Artist
<form class="inline" method="post" action="dataGridAdmin.php">
<input type="hidden" name="sort" value="yes">
<input type="hidden" name="sortField" value="artist">
<input type="hidden" name="sortDirection" value="desc">
<input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"artist\" value=\"".$_POST["artist"]."\">";
}
?>
<input type="image" src="sort_descend.png" alt="Sort Z-A">
</form></th><th></th><th></th></tr>
<?php
while ($dbRow=mysql_fetch_array($dbResult)) {
$id=$dbRow["id"];
$song=$dbRow["song"];
$artist=$dbRow["artist"];
// are we editing a track? If so, display the form
if ($edit) {
if ($id==$_POST["id"]) {
echo "<tr><form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
"<input type=\"hidden\" name=\"updateData\" value=\"yes\">".
"<input type=\"hidden\" name=\"id\" value=\"$editId\">".
"<td><input type=\"text\" name=\"newSong\" value=\"$editSong\"></td>".
"<td><input type=\"text\" name=\"newArtist\" value=\"$editArtist\"></td>".
" <input type=\"hidden\" name=\"thisPage\" value=\"$thisPage\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
echo "<input type=\"image\" src=\"edit.png\"></td>".
"<td></td></form></tr>";
} else {
echo "<tr><td>$song</td><td>$artist</td><td></td><td></td>";
}
}
// not editing, so display the tracks as text
else {
echo "<tr><td width='300'>$song</td><td width='300'>$artist</td>";
echo "<td><form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
" <input type=\"hidden\" name=\"editTrack\" value=\"yes\">".
" <input type=\"hidden\" name=\"id\" value=\"$id\">".
" <input type=\"hidden\" name=\"thisPage\" value=\"$thisPage\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
echo " <input type=\"image\" src=\"edit.png\" alt=\"Edit track\">".
" </form></td>".
"<td><form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
" <input type=\"hidden\" name=\"deleteTrack\" value=\"yes\">".
" <input type=\"hidden\" name=\"id\" value=\"$id\">".
" <input type=\"hidden\" name=\"thisPage\" value=\"$thisPage\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
echo " <input type=\"image\" src=\"delete.png\" alt=\"Delete track\">".
" </form></td>".
"</tr>";
}
}
// only display the "add track" form if we are NOT currently editing
if (!$edit) {
?>
<tr>
<form class="inline" method="post" action="dataGridAdmin.php">
<td><input type="text" name="song" size="20"></td>
<td><input type="text" name="artist" size="20"></td>
<td>
<?php
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
?>
<input type="image" src="add.png" name="addTrack" value="yes"></td>
<td><input type="image" src="search.png" name="searchMusic" value="yes"></td>
</form>
</tr>
<?php
}
?>
</table>
<p></br>&nbsp Logout
</body>
</html>
If it helps, this is what it looks like:
http://i57.tinypic.com/2hpmzbt.jpg

First off, your insert has absolutely no protection against SQL injection. There's a running joke thanks to XKCD about Bobby Tables you can see that explains the whole problem in detail.
Second, I can't tell where the problem is because you're not showing the code that does the output, just the code that does the submission. Is your PHP block on the same page you're submitting to or a separate page? Are you using a redirect?

Try upgrading you php and mysql version. As Abhik Chakraborty said PHP Mysql has nothing to do with the browser !! .

The input type 'image' does not support a value field.
See: http://www.w3.org/TR/html4/interact/forms.html#h-17.4.1
Instead the value of an 'image' input is the coordinates where the user clicked on the image.
Try to check if addTrack.x is set instead:
// do we want to add a new track?
if (isset($_POST["addTrack"]) && isset($_POST["addTrack.x"])) {
$dbQuery="insert into music values (NULL, '".$_POST["song"]."','".$_POST["artist"]."', 'Y')";
$dbResult=mysql_query($dbQuery);
}
As other people states you should also read up on SQL injections.

I see a couple things that could cause issues.
First thing, like the guy before me said you have this open for SQL injection, the least you want to do is filter the $_POST data. Also you have no database provided for your query
<?php
// do we want to add a new track?
if (isset($_POST["addTrack"]) && $_POST["addTrack"]=="yes") {
$db_connection = mysqli_connect("myhost","myuser","mypassw","mydb") or die("Error " . mysqli_error($link));
//Clean the data and get it ready
$addTrack=mysqli_real_escape_string(strip_tags($db_connection,$_POST['addTrack']));
$song=mysqli_real_escape_string($db_connection,strip_tags($_POST['song']));
$artist=mysqli_real_escape_string($db_connection,strip_tags($_POST['artist']));
$dbQuery="insert into music (NULL, '$song','$artist', 'Y')";
$dbResult=mysqli_query($db_connection,$dbQuery);
if($dbResult){
//Your query worked!!
}
}
?>

php included form acting strangley with Firefox

For some reason when I call a function to create a form, the drop down menus aren't sticky and the browser forces users to click into the first text field and tab through the rest. It won't let them mouse through the fields. This is only happening in FF, not IE or Chrome. The forms I'm including are just basic html and only php pages I include are doing this.
Here is one function:
function addNoteUI($keyword) {
echo "<div id='search_result_right'>";
echo "<center><div id='enter_note_header'>Assign a Salesperson</div></center><p>";
echo "<form id='response' action='notes_add.php' method='post'>";
echo "<label for='mod_num'>MOD Initials: <label>";
echo "<input type='text' name='mod_num' size='2' maxlength='4'><p>";
echo "<label for='sales_num'>Assigned to Sales Person: <label>";
echo "<input type='text' name='sales_num' size='2' maxlength='4'><p>";
echo "<input type='hidden' name='question_num' value='$keyword'>";
echo "<label for='response'>Note</label><br>";
echo "<textarea name='response' cols='30' rows='7 maxlength='510'></textarea><p>";
echo "<input type='submit' value='Assign'>";
echo "</form>";
echo "</div>";
Here is the other:
function changeDept() {
include 'ask_search.php';
echo "<div id='search_result'>";
echo "<form action='change_dept.php' method='post'>";
echo "<label for='current_num'>Enter the Question Number to be Changed: <label>";
echo "<input type='text' name='current_num' size='4'><p>";
echo "<label for='store'>Select New Store/Department: <label>";
echo "<select name='store'>";
echo "<option>Please Select</option>";
echo "<option value='Albany'>Sales (Albany Store)</option>";
echo "<option value='Saratoga'>Sales (Saratoga Store)</option>";
echo "<option value='Web Sales'>Sales (TaftFurniture.com)</option>";
echo "<option value='Financing'>Financing</option>";
echo "<option value='Customer Service'>Customer Service</option>";
echo "<option value='Delivery'>Delivery</option>";
echo "<option value='HR'>Human Resources</option>";
echo "<option value='Web Contact'>Website Comment</option>";
echo "<input type='submit' value='Change' id='dropdown'>";
echo "</select></form></div>";
}
Thanks in advance.

Your labels are not closing properly:
echo "<label for='mod_num'>MOD Initials: <label>";
Should be:
echo "<label for='mod_num'>MOD Initials: </label>";
Also, in the second example, you have an input inside the select. The input must be outside:
echo "<option value='Web Contact'>Website Comment</option>";
echo "<input type='submit' value='Change' id='dropdown'>";
echo "</select></form></div>";
Should be:
echo "<option value='Web Contact'>Website Comment</option>";
echo "</select>";
echo "<input type='submit' value='Change' id='dropdown'></form></div>";
And another one, you're not closing your P tags:
echo "<input type='text' name='mod_num' size='2' maxlength='4'><p>";
Should be:
echo "<p><input type='text' name='mod_num' size='2' maxlength='4'></p>";
Try to be more careful with your tags. Some browsers are more forgiving about malformed HTML, but others are not.

validating dynamic text box content in PHP

I have this and works fine. But can someone tell me is there a SMARTER way to validate this?
In the validation here, you may find that the echo "<form....... is replicated thrice to make sure that the form content is also visible along side the validation message when the form is submitted. Im sure there is a more refined method of validating text box content without form being replicated multiple times.
Also appreciate if some one can suggest me a method to retain the text box value after the form is being submitted. Usually when the form is submitted the value you enter disappears.
Thanks
<?php
include ("../connection/index.php");
?>
<form method='post' action=''>
<input type="submit" name="sendone" id="sendone" value="OneClick">
</form>
<?php
if(isset($_POST['sendone']))
{
echo "Hello";
echo "<form method='post' action=''><input type='text' name='txt1' id='txt1'><input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'></form>";
}
if(isset($_POST['sendtwo']))
{if($_POST['txt1']=='')
{
echo "Hello";
echo "<form method='post' action=''><input type='text' name='txt1' id='txt1'><input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'></form>";
echo "Empty";}
else
{
echo "Hello";
echo "<form method='post' action=''><input type='text' name='txt1' id='txt1'><input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'></form>";
echo "Hit success!";
}}
?>
EDIT
Concept
<hard coded submit1 button>
<dynamically create a text box with a submit2 button>
<when submit2 is activated is should validate the text box content>
When the validation happens both the vaidated message and the text box should be visible

did you mean something like this?
<?php
if(isset($_POST['sendtwo']))
{
echo "Hello";
}
?>
<form method='post' action=''>
<?php
if (!isset($_POST['sendone'])) {
?>
<input type="submit" name="sendone" id="sendone" value="OneClick">
<?
} else {
?>
<input type="hidden" name="sendone" id="sendone" value="OneClick">
<input type='text' name='txt1' id='txt1'<?=isset($_POST['txt1']) && trim($_POST['txt1']) !== '' ? ' value="'.trim($_POST['txt1']).'"' : ''?>>
<input type='submit' name='sendtwo' id='sendtwo' value='TwoClick'>
<?
}
?>
</form>
<?php
if (isset($_POST['sendtwo'])) {
if (trim($_POST['txt1']) == '') {
echo 'Empty';
} else {
echo 'Hit success!';
}
}

Categories