I have this code
require_once("../Packages/Connection.php");
$create_object = mysql_query("SELECT * FROM `Articles` WHERE `group` = 'News' ORDER BY `id` DESC;");
while($row=mysql_fetch_array($create_object))
{
$time = $row[time];
$date = date("H:i M jS o ",$time);
print "<form action='Update.php' method='post' float:left;>
<input hidden='hidden' name='articleId' value='$row[id]'>
<input hidden='hidden' name='method' value='update'>
<textarea name='articleText' rows='3' cols='25'>$row[text]</textarea>
<br />
<input type='submit' value=' Update '>
</form><br />
<form action='Update.php' method='post'>
<input hidden='hidden' name='articleId' value='$row[id]'>
<input hidden='hidden' name='method' value='delete'>
<input type='submit' value=' Delete ' onClick='return confirmDelete()'float:left;'>
</form>
<hr><br />";
}
And it outputs the text alright, it changes the new line to <br /> but every time I update, it adds a new, so first time I enter a text like:
Hi
My name is Jesper
it outputs Hi <br />
My name is Jesper to the database
and second time if i want to change something, like the name..
Hi <br /><br />
My name is JapSeyz
and it continues to add <br />'s.. how do I limit this to only one?
That's because you are using nl2br before storing the text to database. Go and see it there...
The right way is to escape the data (e.g., nl2br) only when viewing. The data in the database should be clear, without any modifications regarding escaping for a particular purpose.
In the <textarea> element, though, new-lines are already handled without need to insert <br> elements in there.
So do not use nl2br when storing data and use it only when printing on a page (not in the form element).
I am fix nl2br bug with my own function:
if (!function_exists('snl2br')) {
function snl2br( $input ) {
return preg_replace('~(\r?\n\s?)+?~',"<br>",$input);
}
}
i hope it will help you.
Related
I have a script where a user can input some text, view it, and change it. It looks like that:
if(isset($_POST['change']))
{
$text = $_POST['text'];
echo"
<form method='post' action='datei.php'>
<p>You wrote: $text</p>
<input name='text' type='hidden' size='21' value='$text'>
<input name='submit' type='submit' value='Change'>
</form>";
}else
{
$text = $_POST['text'];
echo"
<form method='post' action='datei.php'>
<p>Write some additional Information</p>
<input name='text' type='text' size='21' value='$text'>
<input name='change' type='submit' value='View'>
</form>";
}
When I load the page the first time, I get the following notification
Notice: Undefined index: text in ...
I found two solutions how to fix the problem:
Ignore Notifications
Use isset()
If I would use isset I would have to change two lines from above to:
if(isset($_POST['text']))$text = $_POST['text'];
and
<input name='text' type='text' size='21' value='"; if(isset($_POST['text'])) echo $text; echo"'>
Since my original form has more then 20 input fields, this would make the code less readable and more likly for erros when editing the code. Is there any better way to get around the notification that I currently miss?
First be sure that you define all the variables before using them, like
$text = false;
Plus, checking that a variable is set is always a good practice. Not to mention that you shouldn't be using $_POST directly.
Got a bit of a confusing situation, I have a form on my webpage that allows a user to enter information into a database...
Form
<form id="insertbill">
Total <input type="text" id="total" name="total" /><br />
Bill name<input type="text" id="bill-name" name="bill-name" /><br />
bill descriptiion <input type="text" id="bill-description" name="bill-description" /><br />
bill colour<input type="text" id="bill-colour" name="bill-colour" />
<input type="button" value="submit" onClick="insertBill();" />
</form>
This form then send the information via AJAX to my php which then inputs it into my DB
AJAX
function insertBill()
{
$.post('insert_bill.php', $('#insertbill').serialize(),
function(data) {
$('#bills').append(data);
});
};
PHP
$uid = $_SESSION['oauth_id'];
$bill = mysql_real_escape_string($_POST['total']);
$billname = mysql_real_escape_string($_POST['bill-name']);
$billdescription = mysql_real_escape_string($_POST['bill-description']);
$billcolour = mysql_real_escape_string($_POST['bill-colour']);
#Insert Record
$query = mysql_query("INSERT INTO `outgoings` (user_id, bill, bill_name, bill_description, bill_colour ) VALUES ('$uid', '$bill', '$billname', '$billdescription', '$billcolour')") or die(mysql_error());
Once this is done, the data is then returned to the webpage, with another form that allows the user to update the record...
Returned data/form
Print "<tr>";
Print "<th>total:</th> <td>".$bill . "</td> ";
Print "<th>bill name:</th> <td>".$$billname . "</td> ";
Print "<th>bill deposit:</th> <td>".$billdescription . "</td> ";
Print "<th>colour:</th> <td>". $billcolour . " </td></tr>";
echo "<th>edit:</th> <td>
<form id='bill-upd'>
<input type='hidden' value='". $billname."' name='billid' id='billid''>
Total <input type='text' id='total' name='total' /><br />
Bill name<input type='text' id='bill-name' name='bill-name' /><br />
bill descriptiion <input type='text' id='bill-description' name='bill-description' /><br />
bill colour<input type='text' id='bill-colour' name='bill-colour' />
<input type='button' value='submit' onClick='updateBill();' />
</form>
</td>";
My problem is that the returned form doesn't update, this is because I need to somehow find the id of the record that was inserted, place it into my form to be returned I think... I hope this isn't too confusing, but has anybody a better way of doing this without reloading the page?
here's what what you could include on your, insert_bill.php, view page:
<script>
var json=<?
$arr=array($bill, $billname, $billdescription, $billcolour);
echo json_encode($arr); ?>;
$('tr td:nth-child(0)').html(json[0]);
$('tr td:nth-child(1)').html(json[1]);
$('tr td:nth-child(2)').html(json[2]);
$('tr td:nth-child(3)').html(json[3]);
</script>
I guess the one outstanding issue is the "id" you says gets returned from your database. Can you explain a little further? Are their multiple forms on your insert_bill.php page? Regardless, you could put that $id into the array and feed it into and html() function like I did with the other variables.
You need to return the data from the database and then change, i imagine if you just need the id you must do.
in PHP
echo mysql_last_insert_id(); // so you get the last inserted id and "return" to the JS
In JS, inside the function data
You get the echo as a return and change the id
and then $("#billid").val(data)
I hope it help you
I try to make a editor for a job offer. It must have a preview function. There are 2 form. First form submits the preview, the second one appears when the preview is there and sends the variables to save them in the database. The problem is, that when the second form get submitted, all quotes disappear. I tryed mysql_real_escape_string, htmlspecialchars, htmlentitles, but nothing works. Do you got an idea where the problem is?
Could it be that there's a problem, because I use the variable '$content' to store the site's content, instead to make a direct output with 'echo'?
Thanks!
<td><input style='float:left;' type='submit' name='jobpreview' value='preview' />
</form>";
if(isset($_GET['preview']))
{
$_POST['titel'] = htmlentities($_POST['titel']);
$_POST['elm1'] = htmlentities($_POST['elm1']);
$content .= " <td><form action='?s=intern&sub=neuerjob&preview' method='POST'>
<input type='hidden' name='titel' value='".$_POST['titel']."' />
<input type='hidden' name='elm1' value='".$_POST['elm1']."' />
<input style='float:left;' type='submit' name='jobsave' value='save' />
</form></td></tr></table>";
}
You need to use the second parameter to htmlentities() to encode the quotes.
$titel = htmlentities($_POST['titel'], ENT_QUOTES);
$elm1 = htmlentities($_POST['elm1'], ENT_QUOTES);
<input type='hidden' name='titel' value='".$titel."' />
<input type='hidden' name='elm1' value='".$elm1."' />
For this purpose, htmlentities() is overkill though, and you can use htmlspecialchars()
also with the ENT_QUOTES param.
$titel = htmlspecialchars($_POST['titel'], ENT_QUOTES);
$elm1 = htmlspecialchars($_POST['elm1'], ENT_QUOTES);
I am generating a checklist based on mysql data in an HTML form. When the submit button is clicked the php script changes the "complete" field in the mysql database. How can I process more than one item at a time with lists that have variable lengths? Currently when I click more than two boxes, only one gets processed.
Here's the HTML form:
<form method='post' action='listprocessor.php'>
<input style="float:right" type='checkbox' name='complete_goal' value='61'>Milk</input>
<input style="float:right" type='checkbox' name='complete_goal' value='117'>Eggs</input>
<input style="float:right" type='checkbox' name='complete_goal' value='118'>Bread</input>
<input style="float:right" type='submit' name='submitbtn' value='Completed'></input>
</form>
and here's the simplified php:
$_POST['submitbtn'];
$completed_goal = $_POST['complete_goal'];
$query = mysql_query("UPDATE notes SET complete='1' where note_id='$completed_goal'");
Your input element name should be an array, such as complete_goal[].
<input style="float: right;" type="checkbox" name="complete_goal[]" value="61">Milk</input>
You can update them all in a single query using a WHERE note_id IN (<?php echo implode( ',', $_POST['completed_goal'] ); ?>).
$query = mysql_query( "UPDATE `notes` SET `complete` = '1' WHERE `note_id` IN (" . implode( ',', $_POST['completed_goal'] ) . ")" );
Should work and hope it helps. Afaik are all inputs with same name are treated like radiobuttons. So you have to create an array with all checkboxes.
<form method='post' action='listprocessor.php'>
<input style="float:right" type='checkbox' name='complete_goal[]' value='61'>Milk</input>
<input style="float:right" type='checkbox' name='complete_goal[]' value='117'>Eggs</input>
<input style="float:right" type='checkbox' name='complete_goal[]' value='118'>Bread</input>
<input style="float:right" type='submit' name='submitbtn' value='Completed'></input>
</form>
<?php
if(isset($_POST['complete_goal']))
{
$query = mysql_query("UPDATE `notes` SET `complete`='1' WHERE `note_id` IN ('".implode("','", array_values($complete_goal))."');");
}
?>
EDIT: Added Chris N' idea of mysql update.
I'd use a unique name attribute for each checkbox, then grab all of the checkboxes in the script you're using for submit handling and do
foreach($post_fields as $post_field_name) {
if(isset($_POST[$post_field_name])) {
// do your query
}
}
Perhaps this will work (might have to check syntax as it was off the top of my head). any checkbox that isnt' checked should not be listed in the $complete_goals array so you're safe to process them all :)
foreach ($_REQUEST['complete_goal'] as $key) {
$query = mysql_query("UPDATE notes SET complete='1' where note_id='$key'");
}
This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
table updates empty spaces when user do not enter anything to the textbox
greetings :)
i am having problems updating my database whenever the user clicks on the submit button.
i am going to show you the flow of my program,i already tried figuring out the problem,but i just can't find solutions. i hope someone could help me.
i have 2 problems encountered here:
my database won't update after clicking the submit button
the user may choose which to update,if the textbox is empty,it will update the data with empty spaces.and i want the data to remain as it is if the textbox is empty.
in my program,if you want to update the employee information,you must click the name that contains a link in the page. (in my program its the employee name that needs to be clicked) when clicked,a pop up will open.
the link in my index.php contains the following code:
<td class="sub" width="100" align="center">
<a href="" onclick = javascript:newPopup('empinfo.php?emp=<?php echo $eid ?>');><?php echo$ename?></a>
</td>
NOTE the empinfo.php is my pop up window,it calls the pop up when clicked. emp isthe name i assign to pass in the empinfo.php it contains the employee ID. NO PROBLEM HERE,I JUST WANT TO SHOW YOU THE FLOW
when the empinfo.php appears,it will show this format:
Employee name: //textbox here
Position: /textbox here
Department: /textbox here
Employee Tag: /textbox here
**SUBMIT BUTTON**
when the user clicks the submit button, it should have updated the database with the inputted values,but mine won't update :(
here is the codes i used:
<?php
$con=mysql_connect('localhost','root','mariel') or die(mysql_error());
mysql_select_db('intranet',$con);
if(isset($_POST['submitted']))
{
$qry = "UPDATE gpl_employees_list SET emp_nme = '".$_POST['name']."', emp_pos = '".$_POST['pos']."', emp_dep = '".$_POST['dep']."', emp_tag = '".$_POST['tag']."' WHERE emp_id = '".$_GET['emp']."' ";
mysql_query($qry) or die (mysql_error());
}
?>
this is the content code in my form,together with the submit that i used:
<form action="index.php" method="POST">
<input type='hidden' name='submitted' id='submitted' value='1'/>
<input type='hidden' name='eid' id='eid' value= '<?php echo $_GET['emp']?>' />
<fieldset>
<div class='container'>
<label for='ename' >Employee name:</label><br/>
<input type='text' name='ename' id='ename' value='' maxlength="50" /><br/><br/>
</div>
<div class='container'>
<label for='pos' >Position:</label><br/>
<input type='text' name='pos' id='pos' value='' maxlength="50" /><br/><br/>
</div>
<div class='container'>
<label for='dep' >Department/Division:</label><br/>
<input type='text' name='dep' id='dep' value='' maxlength="100" /><br/><br/>
</div>
<div class='container'>
<label for='tag' >Employee Tag:</label><br/>
<select name="tag" id="tag">
<option value="Y">Yes</option>
<option value="N">No</option>
</select> <br/><br/>
</div>
<div class='container'>
<input type='submit' name='Submit' value='Submit' onclick = "location.reload();window.close()"/>
</div>
</fieldset>
</form>
i hope someone could clear it up for me
MisaChan
It's not updating because you probably need to refer to $_POST['eid'] instead of $_GET['emp'] because you don't have it in index.php like index.php?emp=1. You already have that field so use that:
<input type='hidden' name='eid' id='eid' value= '<?php echo $_GET['emp']?>' />
Also you don't need to do this:
onclick = "location.reload();window.close()"
Type submit reloads the page by default.
Lastly, consider #Sam152's pointers :)
There could be a number of things wrong, but these points should help you debug your script.
Firstly you need to escape your post
variables to ensure things like
apostrophes don't mess up your query,
it's also a security vulnerability.
Secondly, make sure your form action is pointing to the PHP script. Maybe put a print statement at the top of the script to make sure PHP is actually receiving the data.
Then assign the value of the SQL query to a variable and print it out before you run it. You can then easily see what's being sent to the SQL server. Maybe run it in an SQL management tool my phpMyAdmin and observe any errors with it.
Hope this helps. Feel free to update your question with new information as it comes.