I can't put post values from forms in variables? - php

In the code below the variables I create ($host, $username etc.) remain empty. What am I doing wrong? When I just make a variable with a regular string it works fine.
<form action="" method="post">
<input type="text" name="host" id="host-input" value="" />
<input type="text" name="dbname" id="db-input" value="" />
<input type="text" name="password" id="password-input" value="" />
<input type="text" name="username" id="username-input" value="" />
<input type="submit" name="submit" value="Submit">
</form>
<?php
if (isset($_POST['submit']))
{
$host = $POST['host'];
$username = $POST['username'];
$dbname = $POST['dbname'];
$password = $POST['password'];
$file = 'testbestandje.php';
// Open the file to get existing content
$current = file_get_contents($file);
// Append a new person to the file
$current .= '<? $conn=mysql_connect("'.$host.'","'.$dbname.'","'.$password.'") or die("Kan geen verbinding maken met de DB server");
mysql_select_db("'.$username.'",$conn) or die("Kan database niet selecteren"); ?>';
// Write the contents back to the file
file_put_contents($file, $current);
}
?>


$_POST is the correct variable name
$host = $_POST['host'];
$username = $_POST['username'];
$dbname = $_POST['dbname'];
$password = $_POST['password'];
Documentation

Related

Form not posting what i need it to

I am experimenting with php,
How ever i can't find out how to post input data from one file to an other one.
This is the current code
<?php
if (isset($_POST['mysql'])) {
$my_file = 'test/core/config.php';
$handle = fopen($my_file, 'w') or die('Cannot open file: '.$my_file);
$data = '<?php
//connect to db
$host = "$host"; //i want the form value to be imported here
$user = "$user";
$port = "$port";
$pass = "$pass";
$db = "$db";
$sql = conn($host, $user, $port, $pass, $db);
?>';
fwrite($handle, $data);
}
?>
Here is the html form
<form class="form" action="testinstall.php" method="post">
<label for="host">Host</label>
<input type="text" name="host">
<label for="user">Username</label>
<input type="text" name="user">
<label for="port">Port</label>
<input type="text" name="port">
<label for="pass">Password</label>
<input type="text" name="pass">
<label for="db">Databace</label>
<input type="text" name="db">
<button type="submit" name="mysql">Submit</button>
</form>

Try in this away:
$data = "<?php
//connect to db
$host = '$host';
$user = '$user';
$port = '$port';
$pass = '$pass';
$db = '$db';
$sql = conn($host, $user, $port, $pass, $db);
?>";
You should use " outer to print values of variables.

How do you trigger the next record in the PHP array via the HTML submit button?

Goal: I want to create an HTML form that displays pre-populated information from the 22 arrays from array_file.php.
First, I will go on index.php. On index.php, I will see a form with pre-populated data. I will not be able to edit the first and last name fields, but I will be able to edit the email field (if necessary).
Second, once everything looks okay, I will click the "Submit" button.
Third, if nothing is wrong (i.e., email field is populated), the "Submit" button should take me to the second record in the array.
Finally, once it has looped through all the arrays, it will provide a message, such as, "You're done!"
Current problem: My current index.php page shows all 22 pre-populated forms on one page. While I can edit and submit to the database using the individual "Submit" button, I'd rather be able to look at each pre-populated form one at a time.
Here is the code:
<?php
ob_start();
include 'array_file.php';
ob_end_clean();
?>
<?php
$i=1;
while ($i<=22){
?>
<form action="index.php" method="post">
<h2>Form</h2>
<label>First Name:</label>
<input class="input" name="first_name" type="text" value="<?php echo htmlentities($array[$i][1]) ?>" disabled><br>
<label>Last Name:</label>
<input class="input" name="last_name" type="text" value="<?php echo htmlentities($array[$i][2]) ?>" disabled><br>
<label>Email:</label>
<input class="input" name="email" type="text" value="<?php echo htmlentities($array[$i][3]) ?>"><br><br>
<input class="submit" name="submit" type="submit" value="Submit">
</form>
<?php
$i=$i+1;
}
?>
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['submit'])){
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = mysqli_real_escape_string($conn,$_POST['email']);
if($email !=''){
//Insert Query of SQL
mysqli_query(#conn,"INSERT into form(form_first_name, form_last_name, form_email) values ('$first_name', '$last_name', '$email')");
echo "<br/><br/><span>Data inserted successfully!</span>";
}
else{
echo "<p>Insertion Failed <br/> Some required fields are blank!</p>";
}
}
$mysqli->close(); // Closing Connection with Server
?>
Let me know if you need me to provide any more information. Thank you in advance!

I hope this code is what you need.
<?php
ob_start();
include 'array_file.php';
ob_end_clean();
if(isset($_POST['submit']) and isset($_POST[email])){
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = mysqli_real_escape_string($conn,$_POST['email']);
if($email !=''){
//Insert Query of SQL
mysqli_query(#conn,"INSERT into form(form_first_name, form_last_name, form_email) values ('$first_name', '$last_name', '$email')");
echo "<br/><br/><span>Data inserted successfully!</span>";
}
}
/// find which form will be published
if( isset($_SESSION["form"]) and $_SESSION["form"]<22){
$form=$_SESSION["form"]+1;
$_SESSION["form"]=$form;
}else{
$form=1;
$_SESSION["form"]=$form;
}
// determine which is the next form number
if($form<22){ $nextForm=$form+1; }else{ $nextForm="??"; }
<!-- form area !-->
<form action="index.php?form=<?php echo $nextForm; ?>" method="post">
<h2>Form</h2>
<label>First Name:</label>
<input class="input" name="first_name" type="text" value="<?php echo htmlentities($array[$form][1]) ?>" disabled><br>
<label>Last Name:</label>
<input class="input" name="last_name" type="text" value="<?php echo htmlentities($array[$form][2]) ?>" disabled><br>
<label>Email:</label>
<input class="input" name="email" type="text" value="<?php echo htmlentities($array[$form][3]) ?>"><br><br>
<input class="submit" name="submit" type="submit" value="Submit">
</form>

Can't get my PHP to show error when form field is blank

I am making a PHP Journal through a form, but no matter what I do, it always comes up as successfully posted. I've tried using empty() and null but I'm not sure what I'm doing wrong.
Here is the HTML for the form:
<form action="journal_post.php" method="post">
<p>Give your entry a title.</p>
<input class="input" type="text" name="title" />
<p>What is your mood today?</p>
<input class="input" type="text" name="mood" />
<p>Now please tell me about your day.</p>
<textarea class="input" name="entry" rows="12" cols="75" type="text"> </textarea>
<br>
<br>
<input class="submit" type="image" src="submit.png" name="submit" value="Submit" />
<form>
Here is the PHP:
<?php
$servername = "localhost";
$username = "root";
$password = "blahblah";
debug_to_console($password);
//Establishing Connection with Server
$connection = mysql_connect($servername, $username, $password);
//Selecting Database from Server
$journal_db = mysql_select_db("journal_db", $connection);
if(isset($_POST['submit'])){
//Fetching variables of the form which travels in URL
$title = $_POST['title'];
$mood = $_POST['mood'];
$entry = $_POST['entry'];
if($title !=''||$entry !=''){
//Insert Query of SQL
$query = mysql_query("insert into entrys(j_title, j_mood, j_entry) values ( '$title', '$mood', '$entry')");
echo "<br/><br/><span>Journal entry recorded..!!</span>";
}
else{
echo "<p>Insertion Failed <br/> Some Fields are Blank....!!</p>";
}
}
//Closing Connection with Server
mysql_close($connection);
?>

Change:
if($title !=''||$entry !=''){
to:
if($title !=''&&$entry !=''){
You want to check that both $title and $entry aren't empty, not either-or.

You should definitely use isset() to check the field before insertion into database

the line
<textarea class="input" name="entry" rows="12" cols="75" type="text"> </textarea>
actually adds a space in the entry, change it to
<textarea class="input" name="entry" rows="12" cols="75" type="text"></textarea>

Can't insert form data into database (MySQLIi)

EDIT: I'm not sure what to really say. The comments was what helped my issue out right now. I didn't remember the fact to show an error, and that was what helped me. I had pretty much just tried something that obviously wasn't working due to wrongly placed variables and such,and displaying the error code let me know what variables was the faulty ones. Thank you for all your help, and this issue is now resolved!
So long story short, the title. I have no idea why this code refuses to input the inserted data into the database, and I've tried a bunch of things that haven't resulted any better.
Connection:
<?php
session_start();
$host = 'host';
$dbusername = 'username';
$dbpassword = 'password';
$anslutning = mysqli_connect($host, $dbusername, $dbpassword) or die("<b>Could not connect to database server</b>");
$anslutning->select_db('databasename') or die("<b>Could not connect to the specified database</b>");
?>
Form to grab data from :
echo '
<h2><center>Post a topic</center></h2>
<br /><br />
<div class="indexform">
<form action="index.php" method="POST">
Title: <input type="text" name="title"> <br /> <br />
Content: <textarea name="content" class="content"> </textarea>
<br /> <br />
<input type="submit" name="postTopicOnGeneral">
</form>
</div>
';
PHP code to insert it into database
if(isset($_POST['postTopicOnGeneral'])) {
$username = $_POST['username'];
$title = $_POST['title'];
$content = $_POST['content'];
$general = $_POST['general'];
$addPostOnGeneral = $anslutning->prepare('INSERT INTO tblPosts(title, content, author, category) VALUES(?, ?, ?, ?)');
$addPostOnGeneral->bind_param("ssss", $title, $content, $username, $general);
$addPostOnGeneral->execute();
echo "<center>Post created!</center>";
sleep(2);
echo "<script> window.location.href = 'index.php?general=1' </script>";
}

Undefined index:username and Undefined:general is what I get from that.
You are bound to get that error since you are not fetching $username and $general from anywhere in your form.
Change your form this:
echo '
<h2><center>Post a topic</center></h2>
<br /><br />
<div class="indexform">
<form action="index.php" method="POST">
Title: <input type="text" name="title"> <br /> <br />
Content: <textarea name="content" class="content"> </textarea>
<br /> <br />
<input type="submit" name="postTopicOnGeneral">
</form>
</div>';
to this:
echo '
<h2><center>Post a topic</center></h2>
<br /><br />
<div class="indexform">
<form action="index.php" method="POST">
Title: <input type="text" name="title"> <br /> <br />
Content: <textarea name="content" class="content"> </textarea>
<br /> <br />
Username:
<input type="text" name="username">
General:
<input type="text" name="general">
<input type="submit" name="postTopicOnGeneral">
</form>
</div>';
And then in your index.php:
if(isset($_POST['postTopicOnGeneral'])) {
echo $username = $_POST['username'];
echo $title = $_POST['title'];
echo $content = $_POST['content'];
echo $general = $_POST['general'];
// rest of your code

Try to change
$username = $_POST['username'];
$title = $_POST['title'];
$content = $_POST['content'];
$general = $_POST['general'];
With this:
$username = isset($_POST['username']) ? $_POST['username'] : '';
$title = isset($_POST['title']) ? $_POST['title'] : '';
$content = isset($_POST['content']) ? $_POST['content'] : '';
$general = isset($_POST['general']) ? $_POST['general'] : '';

how to check whether old password entered is present or not in db

I m having a login page where user enters id and password.To reset the password i have to check whether the entered password is present or not whether it matches with the id i have entered.How to validate it.I m unable to validate it. If user enters any password it displays the record is updated. How to validate it. Here is the code
login.php
<label type="text" name="id" maxlength="50" size="20">ID</label><br />
<input type="text" name="id" placeholder="ID" class="input" size="20"/><br /></div>
<div class="formItem">
<label type="text" name="uid" maxlength="50" size="20">Password</label><br />
<input type="password" name="uid" placeholder="ID" class="input" size="20"/><br /></div>
<span class="field">(* Required field)</span><br /><br />
<input type="submit" name="login1" value="LOGIN" class="button"><br /><br /><br /><br />
</form>
</div>
</body>
</html>
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$db = "abc";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
mysql_select_db($db,$dbhandle) or die('cannot select db');
if(isset($_POST['login1']))
{
$id= $_POST['id'];
$uid= $_POST['uid'];
$query= "select * from resume where id='$id'
AND uid='$uid'";
$run= mysql_query($query);
if(mysql_num_rows($run)>0){
echo "<script>window.open('resetp.php','_self')</script>";
}
else {
echo "<script>alert('Login details are incorrect!')</script>";
}
}
?>
resetp.php
<label type="text" name="uid" maxlength="50" size="20">Old Password</label><br />
<input type="text" name="uid" placeholder="id" class="input" size="20"/><br /></div>
<div class="formItem">
<label type="text" name="uid" maxlength="50" size="20">New Password</label><br />
<input type="password" name="pass" placeholder="pass" class="input" size="20"/><br /></div>
<div class="formItem">
<label type="text" name="cpas" maxlength="50" size="20">Confirm Password</label><br />
<input type="password" name="cpas" placeholder="" class="input" size="20"/><br /></div>
<div class="formItem">
<input type="submit" name="login1" value="RESET" class="formButton"><br /><br /><br /><br /></div>
</form>
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$db = "resume1";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
mysql_select_db($db,$dbhandle) or die('cannot select db');
if(isset($_POST['login1']))
{
$pass= $_POST['pass'];
$uid= $_POST['uid'];
$cpas=$_POST['cpas'];
$query = "Update `resume` SET uid='".$_POST['pass']."' where uid='".$_POST['uid']."'";
$run = mysql_query($query);
if($query)
{
echo "<script>alert('Record updated')</script>";
}
else
{
echo "<script>alert('no')</script>";
}
}
?>
How can i validated it

Try this:
This line
<label type="text" name="uid" maxlength="50" size="20">New Password</label><br />
should be
<label type="text" name="pass" maxlength="50" size="20">New Password</label><br />

I guess couldn't understand your requirement.
Why don't you validate like you are doing in login.php
$query= "select * from resume where id='$id'
AND uid='$uid'";
$run= mysql_query($query);.................

the PHP script should be at the beginning, not at the end of the code. Begin with the <?php .... ?> and then follow the <HTML> ... </HTML> otherwise the result is returned even before the script is processed.
There are a lot of security issues with your code. You can try this.
<?php
require 'db.php';
$username = isset($_POST['username']) ? htmlspecialchars(trim($_POST['username']), ENT_QUOTES, 'UTF-8') : '';
$password = isset($_POST['password']) ? htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8') : '';
$error = array();
$error_found = 0;
if(isset($_POST['submit']) && ($_POST['submit'] == 'Reset'))
{
//check for errors.
//check if username field is empty.
if(empty($username))
{
$error[] = 'Please provide your user-name.';
}
//check if password field is empty.
if(empty($password))
{
$error[] = 'Please provide a password.';
}
//if errors exist, put errors found as true.
if(!empty($error))
{
$error_found = 1;
}
//else no errors are found.
else
{
//proceed to reset.
//connecting to database.
$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die('Unable to connect, check your connection parameters. ');
mysql_select_db(MYSQL_DB, $db) or die('Could not select database, check availability. ' . mysql_error($db));
//querying the database. Checking if user-name password combination exists.
$query = 'SELECT username FROM resume WHERE username = "' . mysql_real_escape_string($username, $db) .
'" AND password = PASSWORD("' . mysql_real_escape_string($password, $db) . '")';
$result = mysql_query($query, $db) or die(mysql_error($db));
//checking if result is true.
if(mysql_num_rows($result) > 0)
{
//the result is true and so you can now reset your password.
}
else
{
$error[] = 'The username password combination you provided does not exist.';
$error_found = 1;
}
}
}
//HTML
?>
<!DOCTYPE HTML>
<html>
<head><title> ... </title></head>
<body>
<!--Your html code here -->
<?php
//if errors are found, then errors are shown here.
if($error_found == 1)
{
echo '<fieldset><center>';
echo '<ul>';
foreach($error as $e)
{
echo '<li>' . $e . '</li>';
}
echo '</ul>';
echo '</center></fieldset>';
}
?>
<form action="nameOfThisScript.php" method="POST">
Username:<input id="username" type="text" name="username" required />
Password:<input id="password" type="password" name="password" required />
<button id="Reset" type="submit" name="submit" value="Reset">Reset</button>
</form>
</body>
</html>
create a script named db.php in the same folder as this script and put the code
<?php
define('MYSQL_HOST', 'localhost');
define('MYSQL_USER', 'root');
define('MYSQL_PASSWORD', '');
define('MYSQL_DB', 'resume1');
?>
Hope this helps.

Categories