EDIT: Mangling is fixed - primary issue appears to be the php/mysql connection
In an attempt to learn how to use a MySQL db on a webpage, I'm following a basic tutorial for connecting to a MySQL instance via PHP (all managed through WAMP2)
The tutorial: http://www.freewebmasterhelp.com/tutorials/phpmysql/4 uses a PHP_SELF method (that I understand is now depreciated).
I've tried a few other suggestions that I've found doted around, but I can't find resolution to the following error I see in the apache log:
(20024)The given path is misformatted or contained invalid characters: Cannot map POST /%3C$SEARCH.PHP%3E HTTP/1.1 to file, referer: http://localhost/search.php
This error prevents the HTML page from being returned, and I get a 403 error in my browser
It appears that this line of HTML/PHP is the culprit:
<form name="search" method="post" action="<?=$PHP_SELF?>">
I have seen suggestions that say to either turn on short_open_tag (a bad idea according to some), change the
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
I can't get any of these methods to work, and wondered if anyone could let me know what dumb thing I've missed this time...
The whole php file I am using is:
<?php
// // This is only displayed if they have submitted the form
if ($searching =="yes")
{
echo "<h2>Results</h2><p>";
//If they did not enter a search term we give them an error
if ($find == "")
{
echo "<p>You forgot to enter a search term";
exit;
}
include("dbinfo.php");
mysql_connect($host,$username,$password);
mysql_select_db("database") or die(mysql_error());
// We preform a bit of filtering
$find = strtoupper($find);
$find = strip_tags($find);
$find = trim ($find);
//Now we search for our search term, in the field the user specified
$data = mysql_query("SELECT * FROM main WHERE upper($field) LIKE'%$find%'");
//And we display the results
while($result = mysql_fetch_array( $data ))
{
echo $result['Item1'];
echo " ";
echo $result['Item2'];
echo "<br>";
echo "<br>";
}
//This counts the number or results - and if there wasn't any it gives them a little message explaining that
$anymatches=mysql_num_rows($data);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your query<br><br>";
}
//And we remind them what they searched for
echo "<b>Searched For:</b> " .$find;
}
?>
<h2>Search</h2>
<form name="search" method="post" action="<?=$PHP_SELF?>">
Seach for: <input type="text" name="find" /> in
<Select NAME="field">
<Option VALUE="item1">Item1</option>
<Option VALUE="item2">Item2</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="Search" />
</form>
Avoid shortags, they are out of date, make sure to be using:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
What does the form's html look like when you load the page?
EDIT:
After reviewing my answer I'd like to rephrase it a bit, as they are not "out of date" per say, but they generally do cause problems (for those that don't know how to set up php fully), so for beginners I'd suggest avoiding them.
I'm sure this is probably bad design, but I've always just hard-coded the script name in cases like that (so, just action="search.php").
The $_SERVER['PHP_SELF'] variable contains the full path of your php script, for example:
/your_server_path/your_file_name.php
Obviously, when launched, your script can't find the file because it's looking for something like
/your_server_path/your_server_path/your_file_name.php
Try to do something like this:
<form method="post" action="<?='http://localhost'.$_SERVER['PHP_SELF']?>">
Related
there!
I want to do a database search and display the result back to the user in a pre-populated HTML form.
I located the exact part in the code that is not working but I can't understand why PHP is not picked by the server. I'm using UwAMP.
To illustrate the problem here is my short snippet of code that I need help with:
<form id="st_reg" action="" method="POST">
Student Number:
<input type="number" name="s_num" min="1000000" max="3000000" > </br>
<input type="Submit" value="Search">
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['s_num'])){
$errors[] = "You forgot to enter the Student No!";
}
else{
$st_no = trim($_POST['s_num']);
}
if(empty($errors)){
//Open database connection
require('../../connect_to_database/mysql_connect.php');
//Check if the student is already in the database
$query = "SELECT * FROM student WHERE student_no = $st_no";
//Run the query
$result = mysqli_query($db_connection,$query);
if(!$result){
echo "The student does not exist!";
echo"Please <a href='index.html'>go back</a> and choose another action!";
}
elseif($result){
echo "<h2>Student Details:</h2>";
while($row = mysqli_fetch_array($result)){
echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="<?php if(isset(\$row[\'student_no\'])) echo \$row[\'student_no\']; ?> ">
AND the PHP code inside VALUE ATTRIBUTE is not executing when it should in reality. Don't bother about GLOBAL php tags not being closed 'cause they are in the file (I'm not that dump).
Please note all this code is inside a .php file with HTML code. This is a just the processing part after the form is submitted. I saved my time by using single-quotes for echo and escaped the sigle-quotes along the way where DB access was required. I tried curly brackets around variables, echo with double-quotes escaping double-qoutes within it but none of these attempts were successful. This is strange because I can perfectly echo $row['student_no'] outside of this context and is running fine.
I also looked at similar questions on this website. They were close but none of them had nearly to this context. I am open to any suggestions and better than that solutions.
echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="<?php if(isset(\$row[\'student_no\'])) echo \$row[\'student_no\']; ?> ">
should look like this:
echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="' . (isset($row['student_no']) ? $row['student_no'] : '') . '">
CONTINUATION OF STRING...
The following will do what you want.
value="<?= (isset($row["student_no"]) ? $row["student_no"] : "") ?>"
You don't need to worry about all of the escaping when you're inside the PHP chunk already.
I have a web site that allows people to upload a csv file and then it loads it into a postgres database. uploading the file is fine and i capture the file name and location ../Data/Uploads/mycsv.csv as $_POST['fname'].
I'm trying to use this variable in $file=file($_POST['fname']) but cant get it to work however if i hard code it in as $file=file("../DATA/Uploads/mycsv.csv") it works. I have attached the code in question. Thanks in advance for any help
Also to clarify echo $_POST['fname']; returns ../DATA/Uploads/mycsv.csv, which is the same as the hard coded value.
please bear with me as im only relatively new to this. I have attached the 2 html forms being used as well. the top one passes the $fname variable containing the file name and path from the php code used to upload the file.
<Form Method="post" Action="../PHP/Loadcsv.php">
<input type="text" value="<?php echo htmlspecialchars($fname);?>" name="fname">
<br />
<Input Type="submit" Value="Continue">
</Form>
this is the php copy the csv into the database
<?PHP
if ($_POST['submit']) {
$file = file(printf($_POST['fname'])); //****doesnt work******
//$file = file("../DATA/Uploads/csv_trial1.csv"); //********This works******
$db = pg_connect("host=localhost dbname=blah user=me password=you");
pg_exec($db, "COPY personaldetails FROM stdin");
foreach ($file as $line) {
$tmp = explode(",", $line);
pg_put_line($db, sprintf("%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $tmp[0], $tmp[1], $tmp[2], $tmp[3], $tmp[4], $tmp[5], $tmp[6], $tmp[7]));
}
pg_put_line($db, "\\.\n");
pg_end_copy($db);
?>
below is the html to run the above php.
<form id='form' method='post' action='' >
<input type="submit" name="submit" />
</form>
after running a whole lot of echo to find where the variable is reaching, i dont think it is reaching the inside of the if statement possibly due to the next use of post??
**update**
So after a little playing and bouncing ideas almost literally off my office walls.... i was on the right track and Devon was right too, my problem was the 2 post requests the answer was to have a php variable $filename = $_POST['fname']; to take the variable from the first form and put this into the input for the second form
<form id='form' method='post' action='' >
<input type="hidden" value="<?php echo htmlspecialchars($filename);?>" name="fname">
<input type="submit" name="submit" />
I'm sure there may be other ways to achieve this but at the moment it works.
I'm not sure where you came up with printf(), but any print or echo command will output the arguments to the browser and won't return it to the function at hand. You don't need to use anything special to use a variable as an argument. Just: file($_POST['fname']);
Printf specifically outputs a formatted string and returns the length of the string. So this is the equivalent of calling file(integer) where integer is the length of $_POST['fname']'s value.
I've been trying to create a simple little blog for something I want to add in my school assignment. All I want it to do is to output my input in the order it is entered (like a wall on facebook).
My code is:
<?php
//other form that does the password
$pass = $_POST['pass'];
$blog =$_POST['blog'];
?>
<form method="post"
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<textarea placeholder="Write Something, Me."
autofocus
required
autocomplete="off"
name="blog"></textarea>
<br />
<input type="password"
placeholder="Password"
autocomplete="off"
name="pass"
method="post" />
<input type="submit"
name="submit"
value="Submit">
</form>
<?php
If ($pass=="pass") {
echo 'Access Confirmed<br>';
echo $blog;
echo '<br/><br/>';
echo $blog;
echo '<br/><br/>';
echo $blog;
} else {
echo 'Wrong password or invalid blog entry. Try again Noob.<br>';
}
?>
I need to be able to call $blog as an array and output multiples datas as they are being entered (like in facebook). But as you can tell it's just printing the same thing over and over again. Also I don't want it do delete all the inputs if the "Password" (can't really call it secure) is entered incorrectly. I still want to be able to see the previous inputs.
I've tried many things, but none seem to work for me.
If this is unclear and you still have questions, please ask. Thanks.
I think you're a long ways from where you want to be with this. I'll get you started by saying that if you have an array, you can't simply use echo to print it, you need to enumerate through the array and print out the pieces that you're interested in.
foreach ($blog as $value) {
echo $value;
}
Start here and work your way up: http://www.php.net/manual/en/control-structures.foreach.php
I am trying to retrieve a value from database and put it in a textbox.
I tried:
<input type="text" name="Balance" value="<?php $Balance= $_GET["Balance"]; ?>" readonly = "true" />
and:
<input type="text" name="Balance" value="<?php echo $Balance; ?>" readonly = "true" />
But I am getting an error saying that Balance is undefined.
The php script is located in another page (connect.php) and I already put the
<form method="post" action="connect.php" >
What else should I do?
TIA
First of all your form method is POST, so:
... $Balance= $_POST["Balance"]; ...
I think you dont know anything about what you are currently doing.
$_GET is not used to fetch something from a Database, it is used to pass and fetch parameters via URL. For accessing a Database, you need mysqli or PDO. Look for some tutorials.
Example for the code you need:
$sql = "SELECT balance FROM mytable";
$result = $db->Execute($sql);
echo "<input type='text' name='Balance' value='" . $result . "' readonly/>"
Just for you to get an idea:
mysql_connect('127.0.0.1', 'root', '')
and mysql_select_db('accounting')
and ($res = mysql_query("SELECT `id`,`balance` FROM `accounts`"))
and ($row = mysql_fetch_object($res));
HTML:
<input type="text" name="Balance" value="<?= $row->balance ?>" >
It won't work on your computer, because I don't know the tables you're using and other things I need to know, and anyway, do a search, this topic probably has been covered a million times in the last 10-15 years since PHP exists, long before Stack Overflow existed.
PS: That's one of the oldest ways of doing it. There are other ways, like PDO, but I use the "old" way and am happy with it.
I have created my PHP page where I have search query field. After submitting query I am printing result on same page. The query is working fine but I want query to be displayed even after result displayed. i.e. query is being disappeared after result comes. How can I retain the query word/s along with result in webpage. This might be very basic and sounds like stupid but since I am newbie and tried so many ways but in vain.
Below is my code:
<html>
<head>
<TITLE>PHP FORMS</TITLE>
</head>
<body algin=center>
<p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>Enter Drug Name <input type="text" name="drugName"></p>
<p><input type="submit" value="search"></p>
</form>
</body>
</html>
Can anyone suggest valuable idea and cause for it?
try this
<input type="text" name="drugName"
value="<?php echo (isset($_POST['drugName']) ? $_POST['drugName'] : '') ?>">
Change your form method to GET and append as many strings as you want. Then via PHP, use $_GET['varstring'] value.
OR if you must use POST
foreach ($_POST as $set => $myval){
echo "{$set} = {$myval}\n";
}