I coule really use some help. I need to post the new name of the file to the database. Currently this code is posting the orginal name to the database? How can I post the new name to the database? Please see the code below.
<form action="" method="post" enctype="multipart/form-data">
<p>
<label for="file">Name:</label>
<input type="text" name="user_name" id="name" size="24"/>
</p>
<p>
<label for="file">Email Address:</label>
<input type="text" name="email" id="email" size="24"/>
</p>
<p>
<label for="file">Phone Number:</label>
<input type="text" name="phone" id="phoneNumber" size="24"/>
</p>
<p>
<label for="file">Comments:</label>
<textarea cols="80" rows="6" name="comments"></textarea>
</p>
<p>
<label for="file">Filename:</label>
<input type="file" name="fupload" id="fupload" size="24"/>
</p>
<br />
<input type="submit" name="submit" value="Submit" />
</form>
<br>
<br>
<?php
require 'config.php';
require 'functions.php';
if(isset($_FILES['fupload'])) {
if(preg_match('/[.](jpg)|(gif)|(png)$/', $_FILES['fupload']['name'])) {
$old_filename = $_FILES['fupload']['name'];
$random_digit=rand(0000,9999);
$filename=$random_digit . $old_filename;
$source = $_FILES['fupload']['tmp_name'];
$target = $path_to_image_directory . $filename;
move_uploaded_file($source, $target);
createThumbnail($filename);
}
}
include "connect.php";
$db_database = new mysqli($db_host, $db_user, $db_pass, $db_database);
$user_name = stripslashes($_POST['user_name']);
$email = stripslashes($_POST['email']);
$phone = stripslashes($_POST['phone']);
$comments = stripslashes($_POST['comments']);
$filename = basename( $_FILES['fupload']['name']);
$query = "INSERT into upload
(user_name, email, phone, comments, fupload, date_added)
values ('$user_name', '$email', '$phone', '$comments', '$filename', NOW())";
$db_database->query($query);
?>
You need to tweak the line:
$filename = basename( $_FILES['fupload']['name']);
just before you create the SQL statement; you should set the value of $filename there to the new name of your file.
Oh, and I'm sure that someone will be along shortly to point out that your script is open to SQL injections.
Related
*
Im trying to make a Register page. But the POST in php can not get any data from form in html page. If I ran the code. The raw in data base is created but doesn't have any data inside. PLease Help!
*
My insert.php
$firstname=mysqli_real_escape_string($_POST ['firstname']);
$lastname=mysqli_real_escape_string($_POST ['lastname']);
$pw=md5(mysqli_real_escape_string($_POST ['pw']));
$pw2=md5(mysqli_real_escape_string($_POST ['pw2']));
$email= mysqli_real_escape_string($_POST ['email']);
$mobile=mysqli_real_escape_string($_POST ['mobile']);
$address=mysqli_real_escape_string($_POST ['address']);
$postcode=mysqli_real_escape_string($_POST ['postcode']);
$sql = "INSERT INTO user (user_firstname, user_lastname, user_email)
VALUES ('$firstname', '$lastname', '$email')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
echo $sql;
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
My form in html:
<form action="insert.php" method="POST">
<div class="login-img"><img src="images/register-ico.png"></div>
<div class="login-form">
<label><i></i><p>Email Address<span class="required"> *</span></p></label>
<input class="login-input" name='email' id="email" type="text" placeholder="harry#boei.co.nz">
<label><i></i><p>First Name<span class="required"> *</span></p></label>
<input class="login-input" name='firstname' id="firstname" type="text">
<label><i></i><p>Last Name</p></label>
<input class="login-input" name ='lastname'id="lastname" type="tel">
<label><i></i><p>Password<span class="required"> *</span></p></label>
<input class="login-input" name='pw'id="password" type="email">
<label><i></i><p>Re-enter Password<span class="required"> *</span></p></label>
<input class="login-input" 'name'='pw2' id="password2" type="text">
<label><i></i><p>Mobile</p></label>
<input class="login-input" name='mobile'id="mobile" type="text">
<label><i></i><p>Delivery Address</p></label>
<input class="login-input" name='address'id="address" type="text">
<label><i></i><p>Postcode</p></label>
<input class="login-input" name='postcode'id="postcode" type="text">
<div class="step-required"><span class="required"> * required field</span></div>
<p><input type="submit" name="submit" value="submit"></p>
</div>
<div class="register-info">
<input name="reg" type="reg" value="reg">
<div class="register-text"><p>By Registering, you agree to accept our <br>Terms and Conditions and Privacy.</p></div>
</div>
</form>
what is your PHP version? HTTP_RAW_POST_DATA DEPRECATED in PHP 5.6.0 and REMOVED as of PHP 7.0.0 and it's just getting raw POST data.
HTTP_RAW_POST_DATA it should be $_POST.
You are typing 'Email' incorrectly in post parameters.
declare mysql connection
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
and it should be something like
$firstname = $mysqli->real_escape_string($_POST["firstname"]);
and if you want a procedure type
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
$firstname = mysqli_real_escape_string($SQLConnection, $_POST["firstname"]);
Complete Newbie to PHP, but trying to do a simple form submit to a MySQL Database. I keep getting the Notice: Undefined index: warning on my form input variables. What could be issue here. The form is on a seperate PHP page submitting to the process.php file.
Form Code:
<form name="example" id="example" method="POST" action="process.php" enctype="multipart/form-data">
<p>
<label for="first_name">First Name:</label>
<input size="20" name="first_name" id="first_name" />
</p>
<p>
<label for="city">city</label>
<input size="20" name="city" id="city" />
</p>
<p>
<label for="state">state</label>
<input size="20" name="state" id="state" />
</p>
<p>
<label for="zip">zip</label>
<input size="20" name="zip" id="zip" />
</p>
<p>
<label for="email">e-mail</label>
<input size="20" name="email" id="email" />
</p>
<p>
<label for="form_upload">file</label>
<input size="40" type="file" name="form_data" id="form_data" />
</p>
<p>
<input type="submit" value="Submit form" name="submit" />
</p>
</form>
Process.php
<?php
mysql_connect("localhost", 'root', '') or die('Could not connect:' . mysql_error());
mysql_select_db("practice") or die(mysql_error());
mysql_query("CREATE TABLE user (id INT(5)NOT NULL AUTO, name VARCHAR(30), email VARCHAR(40), city VARCHAR(40), state VARCHAR(3), zip INT(5) )");
if (isset($_POST)) {
$name = $_POST['first_name'];
$email = $_POST['email'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
}
mysql_query("INSERT INTO user VALUES('$name', '$email', '$city', '$state', '$zip')");
?>
i guess you should change this
if (isset($_POST)){
and give an index like that
if (isset($_POST['submit'])){
and also
change the query to
mysql_query("INSERT INTO user (name , email, city,state, zip)
VALUES('$name', '$email', '$city', '$state', '$zip')" );
and you should escape your variables like that before inserting them.
$name = mysql_real_escape_string($name) ;
// and so on
last thing is why you create table everytime you submit ? you should check if exist .
Trying to post a simple form to my database but can't get it to work. I have PHP and MySQL activated through XAMPP. The database "E-mail list" is set up with the table "Players".
PHP code:
<?php
$mysqli = new mysqli('localhost', 'root', '', 'E-mail list');
if(isset($_POST['save']))
{
$name = $mysqli->real_escape_string($_POST['name']);
$email = $mysqli->real_escape_string($_POST['email']);
$phone = $mysqli->real_escape_string($_POST['phone']);
$other = $mysqli->real_escape_string($_POST['other']);
$query = 'INSERT INTO Players (
name,
email,
phone,
other
)
VALUES ('.$name.', "'.$email.'", "'.$phone.'","'.$other.'")';
if ($mysqli->query($query))
{
echo 'Data Saved Successfully.';
}
else
{
echo 'Cannot save data.';
}}
?>
And the form:
<form id="myForm" method="post">>
<div data-role="fieldcontain">
<label for="name">Please enter your name:</label>
<input type="text" name="name" id="name" class="required" value="" autocomplete="off" />
<label for="email">Please enter your e-mail:</label>
<input type="text" name="email" id="email" value="" class="required" autocomplete="off" />
<label for="phone">Please enter your phone number:</label>
<input type="number" name="phone" id="phone" value="" class="required" autocomplete="off" />
<br><br>
<label for="other">Other comments</label>
<textarea name="other" id="other" autocomplete="off" placeholder="Anything else you'd like to add?">
</textarea>
</form>
<p><strong id="error"></strong></p>
<br><br>
<input type="button" id="save" name="save" value="Submit Form" />
<p id="response"></p>
I did some changes in your codes both PHP and HTML Parts.,
For PHP :
<?php
$mysqli = new mysqli('localhost', 'root', '', 'E-mail list');
/* check connection */
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
if(isset($_POST['save']))
{
$name = $mysqli->real_escape_string($_POST['name']);
$email = $mysqli->real_escape_string($_POST['email']);
$phone = $mysqli->real_escape_string($_POST['phone']);
$other = $mysqli->real_escape_string($_POST['other']);
$query = "INSERT INTO Players (`name`,`email`,`phone`,`other`) VALUES ('".$name."','".$email."','".$phone."','".$other."')";
if($mysqli->query($query))
{
echo 'Data Saved Successfully.';
}
else
{
echo 'Cannot save data.';
}
}
?>
For HTML :
<form id="myForm" method="post" action="">
<div data-role="fieldcontain">
<label for="name">Please enter your name:</label>
<input type="text" name="name" id="name" class="required" value="" autocomplete="off" /><br />
<label for="email">Please enter your e-mail:</label>
<input type="text" name="email" id="email" value="" class="required" autocomplete="off" /><br />
<label for="phone">Please enter your phone number:</label>
<input type="number" name="phone" id="phone" value="" class="required" autocomplete="off" />
<br><br>
<label for="other">Other comments</label>
<textarea name="other" id="other" autocomplete="off" placeholder="Anything else you'd like to add?">
</textarea>
<p><strong id="error"></strong></p>
<br><br>
<input type="submit" id="save" name="save" value="Submit Form" />
<p id="response"></p>
</form>
I think this may help you to resolve your problem.
Missing double quotes for name value in your SQL.
VALUES ("'.$name.'", "'.$email.'", "'.$phone.'","'.$other.'")';
Use Firefox/firebug to see the parameters and result, and add an echo($query); so you can see it in firebug.
'E-mail list' doesn't seem like convenient database name, though it should be okay.
Anyway, your goal should be to display all possible error that may occur.
So, you have to always check for the errors and report them in more usable form than just 'Cannot save data.'
Always check your connect
$mysqli = new mysqli('localhost', 'root', '', 'E-mail list');
if ($mysqli->connect_error) {
trigger_error($mysqli->connect_error);
}
same for the query
if (!$mysqli->query($query)) {
trigger_error($mysqli->error." ".$query);
}
If you see no error messages - check the logic of your code: if you ever run the code, if you run the code you wrote, if PHP works, typos etc.
I would like to get some user data using a php form and store it in a mysql database , trouble is, the page simply refreshes when I submit the form.
Here is my php form:
<form id="companyform" name="companyform" method="post" action="index3.php" data-ajax="false">
<b>To enlist your business fill in the form below:</b>
<p>
<label for="name">Company Name:</label>
<input type="text" name="companyname" id="companyname" data-mini="true"/>
</p>
<p>
<label for="name">Company Address:</label>
<input type="text" name="companynaddress" id="companynaddress" data-mini="true"/>
</p>
<p>
<label for="textfield">Tel No.:</label>
<input type="text" name="tel" id="tel" data-mini="true"/>
</p>
<p>
<label for="textfield">Fax No.:</label>
<input type="text" name="fax" id="fax" data-mini="true"/>
</p>
<p>
<label for="textfield">Email:</label>
<input type="text" name="email" id="email" data-mini="true"/>
</p>
<p>
<label for="textfield">Website Address:</label>
<input type="text" name="website" id="website" data-mini="true"/>
</p>
<p>
<label for="textfield">Contact Person Name:</label>
<input type="text" name="contactname" id="contactname" data-mini="true"/>
</p>
<p>
<label for="textfield">Contact Person Number:</label>
<input type="text" name="contactnumber" id="contactnumber" data-mini="true"/>
</p>
<p>
<label for="textfield">Contact Person Email:</label>
<input type="text" name="contactemail" id="contactemail" data-mini="true"/>
</p>
<p>
<input name="submit" type="submit" id="submit" value="Submit" />
</p>
</form>
and here is my database connection code:
<?php
if (array_key_exists('submit', $_POST)) {
$con = mysql_connect("host", "user", "pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("botswanasearchdb", $con);
$companyname = $_POST['companyname'];
$companyaddress = $_POST['companyaddress'];
$tel = $_POST['tel'];
$fax = $_POST['fax'];
$emailid = $_POST['emailid'];
$website = $_POST['website'];
$contactname = $_POST['contactname'];
$contactnumber = $_POST['contactnumber'];
$contactemail = $_POST['contactemail'];
// prepare the SQL query
$sql = "INSERT INTO businessuser (companyname, companyaddress, tel, fax, emailid, website, contactname, contactnumber, contactemail) VALUES ('$companyname', '$companyaddress', '$tel', '$fax', '$emailid', '$website', '$contactname', '$contactnumber', '$contactemail')";
mysql_close($con);
}
?>
This is your form tag:
<form id="companyform" name="companyform" method="post" action="index3.php" data-ajax="false">
So you are submitting the form to index3.php (the action attribute). According to your comment index3.php contains your form and that is why the form refreshes when you submit it. You are basically reloading your form on form submit.
You need to submit the form to your php script that contains the php code you posted.
Edit: If everything is on the same page, you can do something like:
if (array_key_exists('submit', $_POST))
{
// your code
// show thank you message
}
else
{
// show form
}
Another edit: As you are using the deprecated mysql_* functions and not escaping the data, you have an sql injection whole and a ' character in your data will break your query. You should switch to PDO / mysqli and prepared statements. And always add error handling.
Here is the code:
contact_us2.php
<form id="form1" method="post" action="enquires.php">
<fieldset>
<legend>Form to database example</legend>
<label for="text">
<span>Comments:</span>
<textarea id="text" name="comments" rows="4" cols="80"></textarea>
</label>
<label for="name">
<span>Name:</span>
<input id="name" type='text' name='name' size='50'/>
</label>
<label for="email">
<span>Email:</span>
<input id="email" type='text' name='email' size='50'/>
</label>
<label for="submit1" id="submit"><span> </span>
<input id="submit1" class="submit" type="submit" name="submit" value="Submit"/>
</label>
</fieldset>
</form>
enquires.php
<?php
session_start();
error_reporting(E_ALL & ~E_NOTICE);
require('authenticate.php');
include_once"../scripts/connect_to_mysql.php";
$name = $_post['name'];
$email = $_post['email'];
$comments = $_post['comments'];
echo "$email";
// Query the body section for the proper page
mysql_select_db("hardware_cms" )or die (mysql_error());
$sqlCommand = MYSQL_QUERY("INSERT INTO enquires (id, name, email, comments)". "VALUES ('NULL', '$name', '$email', '$comments')") or die (mysql_error());
?>
There is no errors. The only thing that is inserted into the database is the id. I think the problem is in contact_us2.php. I'm new to html and php sorry if this is a silly question.
The error is in the php code because you have to use $_POST and don't $_post
$name = $_POST['name'];
$email = $_POST['email'];
$comments = $_POST['comments'];
Replace $_post with $_POST and see what happens.
Also, PLEASE sanitize your SQL inputs (either by using mysql_real_escape_string, or better - by using PDO prepared statements).