Why i can't insert on my database? This is my code
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$bdate = $_POST['bdate'];
$id = $_POST['id'];
if (!empty($name) && !empty($email)){
mysql_query("insert into customer(id,name,email,bdate) values($id,'$name','$email','$bdate')");
}
else {
echo "Please fill <strong>name</strong> and <strong>e-mail</strong> fields!";
}
?>
My form is
<form method="post" action="new_customer.php">
ID: <input type="text" name="id" size="5" value="<?php echo $new_id; ?>" disabled="disabled" /><br />
Name: <input type="text" name="name" size="50" /><br />
E-mail: <input type="text" name="email" size="30" /><br />
Birth Date: <input type="text" name="bdate" size="10" /><br /><br />
<input type="submit" value="Save" />
</form>
The var $new_id is filled with this query
SELECT (Max(id) + 1) as new_id FROM customer
But when I submit the form, the error i get is:
Notice: Undefined index: id in F:\UniServer\www\admin\customer.php on line 6
and then a mysql error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' '')' at line 1
i think the first error causes the secund, right?
Because disabled fields are not present in $_POST array.
In your case make id field auto increment in the database and make a query without it:
mysql_query("INSERT INTO customer(name, email, bdate) values('$name', '$email', '$bdate')");
Also your code is subject to SQL injection - use mysql_real_escape_string before the query:
$name = mysql_real_escape_string($_POST['name']);
remove " disabled="disabled" " ...
This is stopping the form to post the field to your PHP.
Please provide the code of mysql that is fetching records, as there might be an error in assignment of table id value to php value.
Instead of disabled="disabled" you want to use readonly="readonly". This prevents the field from being edited, but the value can still be read programatically (which is not the case with disabled).
Related
I created a section for editing. When I edit the information and click the save button, the information is not saved and the header section does not display completely.
<?php
if (isset($_POST['submit_btn']))
{
$id = $_POST['id'];
$fn = trim($_POST['name']);
$ln = trim($_POST['lastname']);
$age = trim($_POST['age']);
$q = "UPDATE `users` SET `fn` = '$fn',
`ln` = '$ln',
`age` = '$age'
WHERE id = '$id'";
mysqli_query($dbconnect,$q);
if (mysqli_affected_rows($dbconnect) > 0)
redirect("?msg=ok&id=**$id**");
else
redirect("?msg=error&id=**$id**");
}
else
echo ("Not In If(isset)");
?>
<form action="" method="post">
<label for="name">FirstName:</label>
<input type="text" name="name" id="name" value="<?php echo $row['fn']?>">
<br>
<label for="lastname">LastName:</label>
<input type="text" name="lastname" id="lastname" value="<?php echo $row['ln']?>">
<br>
<label for="age">Age:</label>
<input type="text" name="age" id="age" value="<?php echo $row['age']?>">
<br>
<input type="submit" name="submit_btn" value="Save">
<a href="index2.php">
Back
</a>
</form>
</body>
Bold sections do not work here.
Below is a picture of the result:
In the link that I specified, after clicking on save the ID will not be displayed and all the information filled in the forms will be lost.
Sorry if the result is styleless and boring and I just created this page to practice php😁
Thank you for being responsive🙏🙏🙏
You are mistaking a POST request with a GET request.
Part, which appears in the URL is sent to the webserver in GET request.
Your form is submitting POST request to the webserver, logic in the code does the same, but you are trying to display information from url (GET).
Please check the examples in php.net:
POST variables: https://www.php.net/manual/en/reserved.variables.post.php
GET variables: https://www.php.net/manual/en/reserved.variables.get.php
You can take an example with GET request variable below, however, be careful with trusting the "end client" and always prepare your statements, which you send to your database to execute queries.
if (isset($_GET['submit']))
{
$number = $_GET['number'];
echo $number
? "Number which was submitted: $number <br>"
: 'Number is not set';
} else {
echo 'Form has not been yet submitted';
}
?>
<form action="" method="get">
<input type="number" name="number" placeholder="Number">
<input type="submit" name="submit" value="Save">
</form>
I have HTML registration form when I submit the form the PHP code appears and data not insert to database i made my database using phpMyAdmin, what should I do?
Here my PHP code:
<?php
$con=mysqli_connect('localhost','root','');
$db=mysqli_select_db($con,'research_sys');
if ($con) {
echo "good";
}else {
die('error');
}
if(isset($_POST['submit'])){
$Fname = mysqli_real_escape_string($con,$_POST["Fname"]);
$Lname = mysqli_real_escape_string($con,$_POST["Lname"]);
$email = mysqli_real_escape_string($con,$_POST['email']);
$password = mysqli_real_escape_string($con,$_POST['password']);
$sql = mysqli_query($con,"INSERT INTO `research_sys`.`researcher` (Re_fname,Re_lname,Re_mobile,Re_password) values ('$Fname','$Lname','$email','$password ')");
if (mysqli_query($sql)){
echo "insert";
} else {
echo "error" .$sql ."<br>". mysqli_error($con);
}
}
?>
here my registration HTML code
<form method="post" action="connect.php">
<legend class="center">Register </legend>
<br>
<div>
<input type="text" name="Fname" placeholder="First Name"/>
</div>
<div>
<input type="text" name="Lname" placeholder="Last Name"/>
</div>
<div>
<input type="text" name="email" placeholder="Email"/>
</div>
<div>
<input type="password" name="password" placeholder="Password"/>
</div>
<div>
<input type="password" name="con_password" placeholder="Password confirm"/>
</div>
<input type="submit" name="submit" value="submit"/>
</form>
Look at the following:
$sql = mysqli_query($con,"INSERT INTO `research_sys`.`researcher`
^^^^^^^^^^^^ function
(Re_fname,Re_lname,Re_mobile,Re_password)
values ('$Fname','$Lname','$email','$password ')");
^ space
if (mysqli_query($sql)){
^^^^^^^^^^^^ function
You're using that mysqli_query() function twice, remove one and just do:
if ($sql){...}
and mysqli_error($con) should have thrown you an error about it.
If it didn't throw an error, then that may suggest you're using this as file:/// as opposed to http://localhost.
Edit:
"i have html registration form whin i submit the form the php code apears"
That's because of what I wrote above before quoting you. You need to run this off a webserver with php/mysql installed and running properly and as http://localhost.
Also, remove the space in this '$password '. That space counts as a character.
Double-check your column names also. There seems to be something that doesn't match (Re_fname,Re_lname,Re_mobile,Re_password) the Re_mobile and you're referencing an email '$email' in VALUES.
You also seem to store plain text passwords; don't, it's not safe if you intend on going live with this. Use password_hash() and a prepared statement.
Footnotes:
$con=mysqli_connect('localhost','root','');
$db=mysqli_select_db($con,'research_sys');
You can shorten that to using all 4 arguments in mysqli_connect():
$con=mysqli_connect('localhost','root', '', 'research_sys');
No matter how many sites I go to to try and get this to work, it still doesn't. I am unable to have the data that has been entered end up in the database. The form submits, but doesn't come back with an error. When looking in phpMyAdmin, there are no records. I've tweaked it a million times with no luck. Can a second set of eyes show me what I'm doing wrong?
Thanks!!
Tim
<body>
<form action="insert.php" method="post"><br>
Date: <input type="text" name="date" id="date"><br>
Time: <input type="text" name="time" id="time"><br>
City: <input type="text" name="city" id="city"><br>
Fire Dept: <input type="text" name="fire" id="fire"><br>
Address: input type="text" name="addy" id="addy"><br>
Call Type/Level <input type="text" name="level" id="level"><br>
Description: <input type="text" name="desc" id="desc"><br>
Units: <input type="text" name="units" id="units"><br>
Submitted by: <input type="text" name"who" id="who"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
<?php
if (isset($_POST['submit'])){
$db=mysql_connect("", "", "");
$mydb=mysql_select_db("rm911_incidents");
$date=$_Post['date'];
$time=$_Post['time'];
$city=$_Post['city'];
$fire=$_Post['fire'];
$addy=$_Post['addy'];
$level=$_Post['level'];
$desc=$_Post['desc'];
$units=$_Post['units'];
$who=$_Post['who'];
$sql = "INSERT INTO incidents(date,time,city,fire,addy,level,desc,units,who)
VALUES
('$date','$time','$city','$fire','$addy','$level','$desc','$units','$who')";
$result = mysql_query($sql);
if($result)
{
echo "<br>Input data is successful";
}
else
{
echo ("<br>Input data has failed");
}
}
?>
Okay, so I have fixed the error that Leo mentioned (Thank you!), however that was not the problem either. The errors that I am getting using the error reporting that you provided are: Undefined index: xxx... (xxx being every field name in the db). I have an 'id' field in the db, auto_increment-ing - did I forget to set that as the index?
The POST data is stored in the $_POST array, not the $_Post array. You should get a Notice on the undefined variable in your server log or in the browser (if PHP messages are sent to the browser).
The problem is in your post array name $_Post
$date=$_Post['date'];
$time=$_Post['time'];
$city=$_Post['city'];
$fire=$_Post['fire'];
$addy=$_Post['addy'];
$level=$_Post['level'];
$desc=$_Post['desc'];
$units=$_Post['units'];
$who=$_Post['who'];
Instead of $_Post you should use $_POST. Also, you can do
var_dump($_POST);
at the top of php file, so you will be able to see what the form sends to your script.
Regards
changed a few things, this should work.. if it doesnt is most likely an issue with your db
<html>
<body>
<form action="insert.php" method="POST"><br> <!-- method POST-->
Date: <input type="text" name="date" id="date"><br>
Time: <input type="text" name="time" id="time"><br>
City: <input type="text" name="city" id="city"><br>
Fire Dept: <input type="text" name="fire" id="fire"><br>
Address: <input type="text" name="addy" id="addy"><br>
Call Type/Level <input type="text" name="level" id="level"><br>
Description: <input type="text" name="desc" id="desc"><br>
Units: <input type="text" name="units" id="units"><br>
Submitted by: <input type="text" name="who" id="who"><br> <!-- name"who" changed -->
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
<?php
if (isset($_POST['submit'])) {
$db=mysql_connect("", "", "") or die ("Cant connect");
$mydb=mysql_select_db("rm911_incidents") or die ("Cant find db");
$date = $_POST['date']; //_POST not _Post
$time = $_POST['time'];
$city = $_POST['city'];
$fire = $_POST['fire'];
$addy = $_POST['addy'];
$level = $_POST['level'];
$desc = $_POST['desc'];
$units = $_POST['units'];
$who = $_POST['who'];
$sql = "INSERT INTO incidents ( date , time, city , fire , addy , level , desc , units , who )
VALUES ( '$date' , '$time' , '$city' , '$fire' , '$addy' , '$level' , '$desc' , '$units' , '$who' )";
$result = mysql_query($sql) or die ("Cant insert");
if($result)
{
echo "<br>Input data is successful";
}
else
{
echo "<br>Input data has failed";
}
}
?>
Also you're missing an opening square bracket:
Address: input type="text" name="addy" id="addy"><br>
Should be:
Address: <input type="text" name="addy" id="addy"><br>
Try doing this in your php file at the very top after the <?php:
//error reporting set to all
error_reporting(E_ALL);
ini_set('display_errors', 'On');
Also place your php code before your html.
You should see errors being outputted and be able to debug it.
Post the errors here if you need help.
can you check if Submitted by: <input type="text" name"who" id="who"><br> is causing error..
it should be Submitted by: <input type="text" name="who" id="who"><br>
If this doesnt help.. Try running a static insert query in your php file and check if its working...
Regards,
Leo
I've created a form for the user to fill out and on submit it is processed and stuff is done with it. Usually just a database query.
With the database that I am working with, some fields can be NULL, so the user could leave something blank in some of the fields. However, when testing this, I tried having one or more fields empty, but the form wouldn't really submit anything at all. When I was debugging, almost all the values of the fields, even the ones with text in it, turn out NULL when I retrieve the values from the POST method.
The thing is, I need to be able to allow the user to submit a form with some fields blank, as they are not completely necessary. How would I go about this?
Do I have to check isset() for everything that could be blank and set it to NULL if it is?
Thanks in advance!
EDIT: Here is the form code.
<form onsubmit="return confirm('Are you sure you want to save the edits?');" method="post" action="orgedit.php?id=<?php echo $organization_id?>" id="orgform" name="orgform" >
Parent Organization ID: <input type="text" name="parent_id" value="<?php echo $row['parent_id']; ?>"/> <br /><br />
Organization nm: <input type="text" name="org_nm" value="<?php echo $row['org_nm']; ?>"/> <br /><br />
TBR Organization Sysnm: <input type="text" name="tbr_sysnm" value="<?php echo $row['tbr_sysnm']; ?>"/> <br /><br />
Type: <input type="text" name="type" value="<?php echo $row['type']; ?>"/> <br /><br />
Contact nm: <input type="text" name="contact_nm" value="<?php echo $row['contact_nm']; ?>"/> <br /><br />
Financial Info: <input type="text" name="financial_info" value="<?php echo $row['financial_info']; ?>"/> <br /><br />
Other Info: <input type="text" name="other_info" value="<?php echo $row['other_info']; ?>"/> <br /><br />
Active: <input type="text" name="active" value="<?php echo $row['active']; ?>"/> <br /><br />
URL: <input type="text" name="url" value="<?php echo $row['url']; ?>"/> <br /><br />
<input type="submit" value="Save Entry" name="save" />
</form>
and here is the php processing code :)
if(isset($_GET['id']))
{
$organization_id = $_GET['id'];
$parent_organization_id = $_POST['parent_organization_id'];
$organization_nm = $_POST['organization_nm'];
$tbr_organization_sysnm = $_POST['tbr_organization_sysnm'];
$type = $_POST['type'];
$contact_nm = $_POST['contact_nm'];
$financial_info = $_POST['financial_info'];
$other_info = $_POST['other_info'];
$active = $_POST['active'];
$url = $_POST['url'];
After I get the values I simply escape them and perform a query.
I have figured out the problem!
if(isset($_GET['id']))
{
$organization_id = $_GET['id'];
$parent_organization_id = $_POST['parent_id'];
$organization_nm = $_POST['org_nm'];
$tbr_organization_sysnm = $_POST['tbr_sysnm'];
$type = $_POST['type'];
$contact_nm = $_POST['contact_nm'];
$financial_info = $_POST['financial_info'];
$other_info = $_POST['other_info'];
$active = $_POST['active'];
$url = $_POST['url'];
I was retrieving the wrong values from the form. This could've been fixed by either changing the php code or the html code.
The problem is, the one or more fields empty issue still persists. If one of the fields is blank, the entry is not saved. I've checked the logs and the message it outputted was:
PHP Notice: Undefined index: parent_id
PHP Notice: Undefined index: org_nm
PHP Notice: Undefined index: tbr_sysnm
This happens when I don't write anything for any of those fields and try to save the form.
EDIT 2: The problem was fixed once again. Did a var dump and found that the server wasn't giving out anything when the code was trying to retrieve the values. It was a spelling mistake in a few of the fields.
My first guess would be:
Probably your form inputs don't have a name attribute. Input data is only submitted if the input has a name attribute and the PHP $_POST key will be the name of the attribute.
Let's see OP's code to see if my guess is correct.
I have a page which basically allows an admin user to create manager user types (basically a register function. So when the values are submitted, they are stored into the DB, very very basic stuff. However, I have a hidden variable type..reasons are I have 3 different user levels and I have declared they identification as an integer (e.g. 7 = manager, 8 =user etc.)
Can someone help me out with how to correctly pass this hidden value so it stores in the database...
Here is my form:
<form id="userreg" name="userreg" method="post" action="adduser-process.php">
<label>Full Name:</label> <input name="fullname" size="40" id="fullname" value="<?php if (isset($_POST['fullname'])); ?>"/>
<br />
<label>Username:</label> <input name="username" size="40" id="username" value="<?php if (isset($_POST['username'])); ?>"/> <br />
<label>Password:</label> <input name="password" size="40" id="password" value="<?php if (isset($_POST['password'])); ?>"/> <br />
<label>Email Address:</label> <input name="emailaddress" size="40" id="emailaddress" value="<?php if (isset($_POST['emailaddress'])); ?>"/>
<br />
<input name="userlevel" type="hidden" size="1" id="userlevel" value="<?php $_POST[5]; ?>" /> <br />
<input value="Add User" class="addbtn" type="submit" />
</form></div>
Next, here is the script that runs the query:
<?php
require_once "config.php";
$fullname = $_POST['fullname'];
$username = $_POST['username'];
$password = $_POST['password'];
$emailaddress = $_POST['emailaddress'];
$userlevel = $_POST[5];
$sql = "INSERT INTO users_tb VALUES('".$user_id."','".$fullname."','".$username."',MD5('".$password."'),'".$emailaddress."','".$userlevel."')";
$result = mysql_query($sql, $connection)
or die("MySQL Error: ".mysql_error());
header("Location: administratorfrontview.php");
exit();
?>
I'm basically trying to pass the hidden typem with a constant value of '5' just for this form, as it will not be changed...also while im here, for some reason, the 'fullname' is not stored in the DB either!!?? WTH?? all other fields are processed fine. Any help is much appreciated! Thank you.
Two things. One, $userlevel should equal $_POST['userlevel'] not 5 as POST data isn't always in that order. Two, your insert statement should be preceded with the column names (to prevent any data from going in the wrong order).
$sql = "INSERT INFO users_tb (id, name, username, password, email, userlevel) ".
"('".$user_id."','".$fullname."','".$username."',MD5('".$password."'),'".
$emailaddress."','".$userlevel."')";
Your PHP for outputting the value is wrong. Use:
<?= $_POST[5]; ?>
or
<?php echo $_POST[5]; ?>