sorry if my querstion is bad, my english is bad
NB : ignore the sql injection filtering
i am using insert() function that I created myself to insert to database
but i am stuck with these code
I want to upload image to ../images directory. If i insert with image included, text is inserted but image not uploaded
i think the query are not going into
if(!empty($gambar))
{
$dir="../images/";
$tmp=$_FILES['gambar']['tmp_name'];
$namafile=time().".jpg";
$ukuran=$_FILES['gambar']['size'];
$file_type=$_FILES['gambar']['type'];
move_uploaded_file($tmp,$dir.$namafile);
$this->perintah="insert into ".$tbl." (".$kol.",gambar) values (".$isi.",".$namafile.")";
$q=mysql_query($this->perintah);
}
but to
else
{
$this->perintah="insert into ".$tbl." (".$kol.") values (".$isi.")";
$q=mysql_query($this->perintah);
}
i have to declare variables
$gambar = $_FILES['gambar'];
and in form tag too
<form method='post' action='controller.php?act=inputsiswa' name='siswa' enctype='multipart/form-data'>
my question:
whats wrong with my code?
at this lines
public function insert($tbl,$kol,$isi,$gambar)
may i declare variable to
public function insert($tbl,$kol,$isi,$gambar = null)
or
public function insert($tbl,$kol,$isi,empty($gambar))
or what?
All of my codes
model.php
public function insert($tbl,$kol,$isi,$gambar)
{
if(!empty($gambar))
{
$dir="../images/";
$tmp=$_FILES['gambar']['tmp_name'];
$namafile=time().".jpg";
$ukuran=$_FILES['gambar']['size'];
$file_type=$_FILES['gambar']['type'];
move_uploaded_file($tmp,$dir.$namafile);
$this->perintah="insert into ".$tbl." (".$kol.",gambar) values (".$isi.",".$namafile.")";
$q=mysql_query($this->perintah);
}
else
{
$this->perintah="insert into ".$tbl." (".$kol.") values (".$isi.")";
$q=mysql_query($this->perintah);
}
echo '<script> alert("Data Berhasil Dimasukkan!"); top.location="index.php?act='.htmlentities($_GET['act']).'";</script>';
if(!$q)
{
echo "<script> alert(\"Gagal Coy !\"); top.location=\"index.php\";</script>";
exit();
}
}
controller.php
case "inputsiswa":
$file = $_FILES['gambar'];
$isi = "'".$_POST['nisn']."','".$_POST['username']."','".$_POST['password']."','".$_POST['nama']."','".$_POST['tempat_lahir']."','".$_POST['tanggal_lahir']."','".$_POST['jenis_kelamin']."','".$_POST['kelas']."','".$_POST['jurusan']."','".$_POST['tipekelas']."','".$_POST['goldar']."','".$_POST['alamat']."','".$_POST['kodepos']."','".$_POST['kontak']."','".$_POST['email']."','Aktif'";
$kol = "nisn,username,password,nama,tempat_lahir,tgl_lahir,jenkel,id_kelas,id_jurusan,id_tipe_kelas,id_goldar,alamat,kode_pos,kontak,email,status";
$as->insert("tbl_siswa",$kol,$isi,$file);
content.php
<form method='post' action='controller.php?act=inputsiswa' name='siswa' enctype='multipart/form-data'>
NISN<br /><input type='text' name='nisn' class='text' required/><br />
Username<br /><input type='text' name='username' class='text' required/><br />
Password<br /><input type='password' name='password' class='text' required/><br />
Ulangi Password<br /><input type='password' name='password2' class='text' required/><br />
Nama Lengkap<br /><input type='text' name='nama' class='text' required/><br />
Tempat Lahir<br /><input type='text' name='tempat_lahir' class='text' required/><br />
Tanggal Lahir <br /><input type='text' name='tanggal_lahir' class='text' required/><br />
Jenis Kelamin <br />
<select name ='jenkel'>
<option value=''>pilih jenis kelamin..</option>
<option value='Pria'>Pria</option>
<option value='Wanita'>Wanita</option>
</select>
<br>
Kelas<br>
<select name='kelas'>
<option value ='0'>pilih kelas..</option>";
$tbl='tbl_kelas';
$isi = $as->select($tbl,'*');
while($r=mysql_fetch_array($isi)){
echo"<option value=$r[id_kelas]>$r[kelas]</option>";
}
echo"</select><br />
Jurusan<br>
<select name='jurusan'>
<option value ='0'>pilih jurusan..</option>";
$tbl='tbl_jurusan';
$isi = $as->select($tbl,'*');
while($r=mysql_fetch_array($isi)){
echo"<option value=$r[id_jurusan]>$r[jurusan]</option>";
}
echo"</select><br />
Tipe Kelas<br>
<select name='tipekelas'>
<option value ='0'>pilih tipe kelas..</option>";
$tbl='tbl_tipe_kelas';
$isi = $as->select($tbl,'*');
while($r=mysql_fetch_array($isi)){
echo"<option value=$r[id_tipe_kelas]>$r[tipe_kelas]</option>";
}
echo"</select><br />
Golongan Darah<br>
<select name='goldar'>
<option value ='0'>pilih golongan darah..</option>";
$tbl='tbl_goldar';
$isi = $as->select($tbl,'*');
while($r=mysql_fetch_array($isi)){
echo"<option value=$r[id_goldar]>$r[nama_goldar]</option>";
}
echo"</select><br />
Alamat<br />
<textarea name='alamat'></textarea><br />
Kode Pos <br /><input type='text' name='kodepos' class='text' /><br />
Kontak <br /><input type='text' name='kontak' class='text' required/><br />
Email <br /><input type='text' name='email' class='text' /><br />
Foto <br /><input type='file' name='gambar' class='text'/><br /><br>
<div style='width:500px; margin-top:-10px;'><input class='graybutton' type='submit' value='Tambahkan'> <input class='graybutton' type='reset' value='Ulangi'></div>
</form>";
In your HTML, you have:
Foto <br /><input type='file' name='gambar' class='text'/><br /><br>
But in your PHP you have:
$file = $_POST['gambar'];
Perhaps I'm missing what you are doing, but surely it should be:
$file = $_FILES['gambar'];
Or am I missing something?
Galih, we've all been noob. But please give us more detail of your problems, instead of "it doesn't work and you're stuck".
Yes, from your codes, the answer from Ralfe is one of the possibilities, and the comment from Kemal Fadillah about query fails is the other one.
From me, if you are doing image upload to the server, make sure the server's directory is writable by the application e.g the PHP.
And be aware from SQL injection since you insert the user's input to MySQL server without any filtering.
Related
In my first page I have this code:
$number="1234567891";
$str="456";
echo "<form action='edit.php' method='POST'><input type='hidden' name='msg' value='$message' />
<input type='hidden' name='text' value='$number' />
<input type='hidden' name='edit' value='$str' />
<input type='submit' name='chedit' value='Go' style='position:relative; top:25px; left: 50%;'>
</form>";
In my edit.php I have this code:
<form action="#" method="POST">
Edit Number
<input type="text" name="change" value="$mumu"/>
<input type="submit" name="pch" value="Change"/>
</form>
<?php
if (isset($_POST["chedit"]))
{
$suj = $_POST["msg"];
$text = $_POST["text"];
$mumu =$_POST["edit"];
if(isset($_POST["pch"]))
{
$change = $_POST["change"];
$obinna = str_replace("$change","$mumu","$text");
echo $obinna;
}
}
?>
My problem is that whenever I put a new text in new form and click submit to edit a character in the old string submitted line the page refreshes and no result is output. Please can anybody sort this out?
// try this ..
if (isset($_POST["chedit"]))
{
$suj = $_POST["msg"];
$text = $_POST["text"];
$mumu =$_POST["edit"];
if(isset($_POST["pch"]))
{
$change = $_POST["change"];
//456 , //555(post value) , //(your text)12345678910
// $obinna = str_replace("Set old value you change in text","set new value you want to set in text ","your orignal text ");
$obinna = str_replace("$mumu","$change","$text");
echo $obinna;
}
}
echo '<form action="#" method="POST">
Edit Number
<input type="text" name="change" value="" placeholder="Change"/>
<input type="text" name="edit" value="" placeholder="Edit"/>
<input type="submit" name="pch" value="Submit"/>
</form>'
Check Demo Url :- https://eval.in/931366
I have website that insert some info's like name , date , msg and IMG into mysqli database
here is my CODE
HTML & PHP CODE
<form action='' method='POST'>
<input type='date' name='bdate' min='2003-12-31' max='2016-04-02'><br><br>
<input type='text' name='send_name'/>
<input type='text' name='min_name' value='Some Name' disabled='true' ><br>
<textarea name='my_text' rows='11' cols='40'></textarea>
<input type='submit' name='submit' value='Send'>
<input type='file' name='Image' id='Image' >
</form>
if (isset($_POST['submit'])) {
$imgData = $_FILES['Image']['tmp_name'];
$imageProperties = $_FILES['Image']['tmp_name'];
$sql = "INSERT INTO output_images(imageType ,imageData)
VALUES('".$imageProperties['mime']."', '".$imgData."')";
$current_id = mysqli_query($connection,$sql) or die("<b>Error:</b> Problem on Image Insert<br/>" . mysqli_error());
if(isset($current_id)) {
echo "Image Upload Ok";
}
$imgData = $_FILES['Image']['tmp_name'];
$imageProperties = $_FILES['Image']['tmp_name'];
$min_name = "Ministry Of Intinor";
$dat = $_POST['bdate'];
$info = $_POST['my_text'];
$mySQL = mysqli_query($connection," INSERT INTO `mddb`.`ministry_tbl` (`sender_name`, `min_name`, `b_date`, `infos`,`img`,`img_name`) VALUES ('".$_SESSION['username']."', '".$min_name."', '".$dat."', '".$info."','".$imgData."','".$imageProperties['mime']."') ");
if ($mySQL) {
echo "Done";
}
}
My problem is the database not store the BLOB* img and its always [BLOB - 0 B]
NOTE
you have to use enctype="multipart/form-data" add input type="file" before submit button
<input type='date' name='bdate' min='2003-12-31' max='2016-04-02'><br><br>
<input type='text' name='send_name'/>
<input type='text' name='min_name' value='Some Name' disabled='true' ><br>
<textarea name='my_text' rows='11' cols='40'>
<input type='file' name='Image' id='Image' >
<input type='submit' name='submit' value='Send'>
</form>
A better approach is to not save images in database as it is not a good practice. Just save the uploaded image in a directory and save the path to that image in database. It would save you some database space and search time.
For reference please view my answer here PHP-SQL: Uploaded image displaying as junk text
I have a basic sum example with some PHP and HTML, inside this PHP page the reset button only resetting first two input field, and it is not resetting the third answer field. I dont know what is the error with this cause i am new to PHP. someone please help me to fix this.
code
<html>
<head>
<title>Title goes here</title>
</head>
<body>
<form action="" method="post">
<label>Enter Num1:</label>
<input type="text" name="num1" id="num1" /><br>
<label>Enter Num2:</label>
<input type="text" name="num2" id="num2" /><br><br>
<input type="radio" name="rad" value="add"/>addition
<input type="radio" name="rad" value="sub"/>sub
<input type="submit" name="btn_submit" value="fire">
<?php
if(isset($_POST['btn_submit']))
{
$num1 = $_POST['num1'];
$num2 = $_POST['num2'];
$rad_val = $_POST['rad'];
if($rad_val=="add"){
$total = $num1+$num2;
}
else if($rad_val=="sub"){
$total = $num1-$num2;
}
echo "<SCRIPT TYPE=\"text/javascript\">
document.getElementById(\"num1\").value= $num1;
document.getElementById(\"num2\").value= $num2;
</SCRIPT>";
echo "<label>Answer is:</label> <input type=\"text\" name=\"rad\" value = $total />";
echo"<input type=\"reset\" name=\"reset\" value=\"reset\" />";
}
else if(isset($_POST['reset'])){
echo "<script>window.location = 'your_page.php';</script>";
}
?>
</form>
</body>
</html>
The reset function loads the your_page.php. So the initial value on that page might be needed to be changed to 0. Could you give an example of your_page.php?
You can trigger a page refresh by changing the line
echo"<input type=\"reset\" name=\"reset\" value=\"reset\" />";
to
echo"<input type=\"reset\" name=\"reset\" value=\"reset\" onclick= \"window.location = 'your_page.php';\"/>";
OR
Even better. Just Reset the value in the Answer to 0, This will save on the page reload.
Add an ID to the result field :
<input type=\"text\" name=\"rad\" id=\"rad\" value = $total />";
And change te value on the reset click/
echo"<input type=\"reset\" name=\"reset\" value=\"reset\" onclick= \" document.getElementById(\"rad\").value= 0;\"/>";
With Jquery you can reset to any value but you net to prevent the default action:
Example:
$('#Reset').click(function(){
event.preventDefault();
$('#element').val('default');
$('#element2').val('default');
$('#element3').val('default');
});
I want to give the users of my website the ability to add, edit and remove questions of a FAQ that's stored on a database. They select the title from a form and then they can press 'select' (to edit the q&a) or 'delete'. Deleting doesn't work.
The first problem is: when they click delete, it leads them to the 'edit' form instead of deleting the database table row.
The second problem: when I make them click the button, I ask to confirm the delete. Whether they press 'Ok' or 'Cancel' doesn't matter, they are always lead to the 'edit' form.
The code in the admin panel (index.php):
if(isset($_POST['actie']) && $_POST['actie'] != "")
{
$actie = $_POST['actie'];
if($actie == "csd_faq") { verwerk_csd_faq($DB); }
if($actie == "csd_faq_edit") { verwerk_edit_csd_faq($DB); }
}
if($GLOBALS['logged_in'] && isset($_GET['actie']) && $_GET['actie'] != "")
{
$actie = $_GET['actie'];
if($actie == "csd_faq") { toon_csd_faq($DB); }
if($actie == "csd_faq_edit") { edit_csd_faq($DB); }
}
The code for the functions:
//ADD FAQ
function toon_csd_faq($DB)
{?>
<h2>Een FAQ toevoegen:</h2>
Gebruik het formulier hieronder om een FAQ toe te voegen.
<br /><br />
<form action='index.php?actie=csd_faq' method='post'>
<input type='hidden' name='actie' value='csd_faq' />
<input type='hidden' name='naam' value='<? echo $GLOBALS['nickname']; ?>' />
Vraag (Q): <br />
<input type='text' name='q' size='80' /><br /><br />
Antwoord (A): <br />
<textarea name='a' cols='80' rows='10'></textarea><br /><br />
<input type='submit' value='Toevoegen' />
</form>
<?}
function verwerk_csd_faq($DB)
{
$naam = $_POST['naam'];
$q = clean($_POST['q']);
$a = clean($_POST['a']);
$DB->q("INSERT INTO `csd_faq` (`datum`, `naam`, `q`, `a`) VALUES (NOW(), '$naam', '$q', '$a')");
echo "<b class='roze'>FAQ succesvol toegevoegd!</b>"
."<br /><br />";
}
// EDIT FAQ
function edit_csd_faq($DB)
{
echo "<h2>Een FAQ bewerken:</h2>";
if(isset($_GET['faq_id'])) //bewerken
{
$faq_id = $_GET['faq_id'];
$faq = $DB->q1("SELECT * FROM `csd_faq` WHERE `faq_id` = '$faq_id'");
?>
Gebruik het formulier hieronder om de FAQ te bewerken
<br /><br />
<form action='index.php?actie=csd_faq_edit' method='post'>
<input type='hidden' name='actie' value='csd_faq_edit' />
<input type='hidden' name='faq_id' value='<? echo $faq_id; ?>' />
<input type='hidden' name='naam' value='<? echo $GLOBALS['nickname']; ?>' />
Vraag (Q): <br />
<input type='text' name='q' size='80' value='<? echo $faq[3]; ?>' /><br /><br />
Antwoord (A): <br />
<textarea name='a' cols='80' rows='10'><? echo $faq[4]; ?></textarea><br /><br />
<input type='submit' name='update' value='Update' />
</form>
<br />
« <a href='javascript:history.go(-1)'>Kies een andere FAQ</a>
<?}
else { //selectie box tonen ?>
Selecteer de te bewerken FAQ.
<br /><br />
<form action='index.php' method='get'>
<input type='hidden' name='actie' value='csd_faq_edit' />
Titel: <br />
<select name='faq_id' size='10' style='width:500px;'>
<?
$result = $DB->q("SELECT * FROM `csd_faq` ORDER BY `datum` DESC");
$lijst = "";
while($faq = $DB->fa($result))
{
$lijst .= "<option value='".$faq[0]."'>".$faq[3]."</option>";
}
echo $lijst;
?>
</select>
<br /><br />
<input type='submit' name='selecteer' value='Selecteer' />
<input type='submit' name='delete' value='Verwijder' onClick='confirm("Zeker dat je deze FAQ wilt verwijderen?")' />
</form>
<?}
}
function verwerk_edit_csd_faq($DB)
{
if(isset($_POST['update'])) {
$faq_id = $_POST['faq_id'];
$naam = $_POST['naam'];
$q = clean($_POST['q']);
$a = clean($_POST['a']);
$DB->q("UPDATE `csd_faq` SET `datum` = NOW(), `naam` = '$naam', `q` = '$q', `a` = '$a' WHERE `faq_id` = '$faq_id'");
echo "<b class='roze'>FAQ succesvol bewerkt!</b>"
."<br /><br />";
}
else if(isset($_GET['delete'])) {
$faq_id = $_GET['faq_id'];
$DB->q("DELETE FROM `csd_faq` WHERE `faq_id` = '$faq_id'");
echo "<b class='roze'>FAQ succesvol verwijderd!</b>"
."<br /><br />";
}
}
You probably want to check for $_POST['delete'] and $_POST['faq_id'], not $_GET['delete'] and $_GET['faq_id'] as the method of the form is POST.
Below is the source code of a program. Can anyone help me to figure out the working of a program.
<?php
session_start();
?>
<?php
$aCaptcha = array (
array(),
array('crocodile'),
array('panda', 'panda bear', 'giant panda'),
array('pig'),
array('tiger'),
array('zebra'),
array('cow'),
array('elephant')
);
if (isset($_POST['register'])) {
$error = array();
if (!in_array(strtolower($_POST['captcha']), $aCaptcha[$_SESSION['captcha']])) {
$error['captcha'] = "<span style='color:red'>The name of the animal is not correct.</span>";
}
if (count($error) == 0) {
echo "<span style='color:red'>Thank you for completing the form.
We shall contact you soon.</span>";
die();
}
}
?>
<form action="index.php" method="post">
<?php
$_SESSION['captcha'] = rand(1, 7);
?>
<td colspan="3"><strong>Contact Form</strong></td>
<p>Full Name : <input type="text" name="Nmaes" value='' />
<p>Mobile No. : <input type="text" name="Nmaes" value='' />
<p>Email id : <input type="text" name="Nmaes" value='' />
<p>Subject : <input type="text" name="Nmaes" value='' />
<p>Message : <input type="text" name="Nmaes" value='' />
<p><img src="<?php echo $path;?>captcha/<?php echo $_SESSION['captcha'];?>.jpg" /></p>
<p>Type the name of the animal you see in the picture above. <input type="text" name="captcha" value='' />
<?php echo(isset($error['captcha']))?$error['captcha']:"";?></p>
<p><label> </label><input type='submit' name='register' value='register' /></p>
</form>
On the first page
random number between 1 and 7 is generated and stored in session
form is displayed
picture in the captcha directory is displayed based on the random number
On the second page
array with acceptable answers is generated - the keys are numbers 1 and 7 and the values are arrays of acceptable answers
the below code checks that the answer given by the user $_POST['captcha'] is one of the acceptable answers $aCaptcha[$_SESSION['captcha']]
if (!in_array(strtolower($_POST['captcha']), $aCaptcha[$_SESSION['captcha']])) {
$error['captcha'] = "<span style='color:red'>The name of the animal is not correct.</span>";
if acceptable then a message is printed out and PHP stops executing
echo "<span style='color:red'>Thank you for completing the form. We shall contact you soon.</span>";
die();