This is really bugging me and I can't figure it out. I have a form with a few options being sent by POST:
<form method="POST" action="scripts/submit.php"><strong>
To User: <input type="text" name="ID" size="21" /><br />
Short Description: <input type="text" name="Item" size="21" /><br />
Link: <input type="text" name="Link" size="21" /><br />
Points: <select name="Points">
<option value="1" selected="selected">1</option>
<option value="0">0</option><option value="-1">-1</option>
</select> (1 = Positive, 0 = Neutral, -1 = Negative)<br />
Text: <br /><textarea name="Text" rows="5" cols="50"/></textarea></strong><br />
<input type="submit" value="Send" />
</form>
And here is the portion of submit.php that is giving me trouble:
<?php
include('functions.php');
Connect();
if(!isset($_SESSION))
{
session_start();
}
$id_from = $_SESSION['SESS_MEMBER_ID'];
$id_to = Sanitize($_POST['ID']);
$item = Sanitize($_POST['Item']);
$link = Sanitize($_POST['Link']);
$points= Sanitize($_POST['points']);
$text = Sanitize($_POST['Text']);
Does anyone see an issue here? I am getting undefined index's from all of the variables except the session one.
Thanks in advance.
edit: If i just have this:
<?php
include('functions.php');
Connect();
if(!isset($_SESSION))
{
session_start();
}
$id_from = $_SESSION['SESS_MEMBER_ID'];
$id_to = Sanitize($_POST['ID']);
$item = Sanitize($_POST['Item']);
$link = Sanitize($_POST['Link']);
$points = Sanitize($_POST['points']);
$text = Sanitize($_POST['Text']);
?>
The variables populate just fine. If I add:
$id_query=mysql_query("SELECT ID FROM tbl_users WHERE Username = '$id_to'");
$count=mysql_num_rows($id_query);
$id_row=mysql_fetch_array($id_query);
$id_to=$id_row['ID'];
if ($points> 1 || $points< -1) {
echo "Nice try";
exit();
} else {
if(!($id_to == $id_from))
{
if($count==1)
{
mysql_query("INSERT INTO tbl_data (Item, Link, Points, Text, ID_To, ID_From) VALUES ('$item', '$link', '$points', '$text', '$id_to','$id_from')");
header('Location:?id=submit');
}
else
{
echo "Nice try1";
}
}
else
{
echo "Nice try2";
}
}
I just took your code over at my dev server at tried to test run it. Since I don't know what your Sanitize() do, I can't be sure what is going on inside this function.
If you try to remove the Sanitize(), I'm pretty sure it would work and you will have to look inside this to find the bug.
I'm guessing you might be missing something like ($var, str) for sanitize a string. Can you please tell a little more about this function ?
edit: some minor spelling errors.
Edit: Did some more test and made the error happen and the two codes shows it. The 1st works, while the 2nd gives me a empty var_dump.
This one gives me a full var_dump();
<?
function Sanitize($String) {
$output = mysql_real_escape_string(stripslashes($String));
return $output;
}
if(!isset($_SESSION))
{
session_start();
}
?>
<form method="post" action=""><strong>
To User: <input type="text" name="ID" size="21" /><br />
Short Description: <input type="text" name="Item" size="21" /><br />
Link: <input type="text" name="Link" size="21" /><br />
Points: <select name="Points"><option value="1" selected="selected">1</option><option value="0">0</option><option value="-1">-1</option></select> (1 = Positive, 0 = Neutral, -1 = Negative)<br />
Text: <br /><textarea name="Text" rows="5" cols="50"/></textarea></strong><br />
<input type="submit" value="Send" />
</form>
<?
$id_from = $_SESSION['SESS_MEMBER_ID'];
$id_to = Sanitize($_POST['ID']);
$item = Sanitize($_POST['Item']);
$link = Sanitize($_POST['Link']);
$points= Sanitize($_POST['points']);
$text = Sanitize($_POST['Text']);
var_dump($_POST);
echo $text;
?>
This one gives me an empty var_dump
<?
if(!isset($_SESSION))
{
session_start();
}
?>
<form method="post" action=""><strong>
To User: <input type="text" name="ID" size="21" /><br />
Short Description: <input type="text" name="Item" size="21" /><br />
Link: <input type="text" name="Link" size="21" /><br />
Points: <select name="Points"><option value="1" selected="selected">1</option><option value="0">0</option><option value="-1">-1</option></select> (1 = Positive, 0 = Neutral, -1 = Negative)<br />
Text: <br /><textarea name="Text" rows="5" cols="50"/></textarea></strong><br />
<input type="submit" value="Send" />
</form>
<?
$id_from = $_SESSION['SESS_MEMBER_ID'];
$id_to = Sanitize($_POST['ID']);
$item = Sanitize($_POST['Item']);
$link = Sanitize($_POST['Link']);
$points= Sanitize($_POST['points']);
$text = Sanitize($_POST['Text']);
var_dump($_POST);
echo $text;
?>
based on your comment that you have this code:
$id_query = mysql_query("SELECT ID FROM tbl_users WHERE Username = '$id_to'");
$count = mysql_num_rows($id_query);
$id_row = mysql_fetch_array($id_query);
$id_to = $id_row['ID'];
if ($points > 1 || $points < -1) {
} else {
if (! ($id_to == $id_from)) {
if ($count == 1) {
mysql_query("INSERT INTO tbl_data (Item, Link) VALUES ('$item', '$link')");
header('Location:?id=submit');
} else {}
} else {}
}
I think the problem is on the line that says:
header('Location:?id=submit');
Perhaps you're testing with something that somehow make $points either greater than 1 or less than -1, $count is 1, and $id_to is different from $id_from, which then make the else block executed and (especially the line) header() executed, and user get redirect immediately.
To check if this is true, try var_dump($_GET) to see if you got something like:
array (size=1)
'id' => string 'submit' (length=6)
If you do, and perhaps the database isn't updated, then it's the mysql_query that sits right before the header is the one that you need to check.
Hope this helps.
Related
for example, I receive two inputs value1 and value2 and I want this input for different functions. Like addition, subtraction and multiplication.
my code
<?php
$x = $_POST['fnum'];
$y = $_POST['snum'];
if (isset($_POST['add'])) {
$sum = $x + $y;
echo "Result:<input type='text' value='$sum'/>";
}
if (isset($_POST['sub'])) {
$sub = $x - $y;
echo "Result:<input type='text' value='$sub'/>";
}
if (isset($_POST['mul'])) {
$mul = $x * $y;
echo "Result:<input type='text' value='$mul'/>";
}
<body>
<form method="post">
Enter first number <input type="text" name="fnum" />
<hr />
Enter second number <input type="text" name="snum" />
<hr />
<input type="submit" name="add" value="ADD" />
<input type="submit" name="sub" value="Subtract" />
<input type="submit" name="mul" value="Multiply" />
</form>
</body>
In this it is asking me to feed input for each operation separately
Good, Just use the posted value in your form input like -
Enter first number <input type="text" name="fnum" value="<?php echo #$_POST['fnum'];?>"/><hr/>
Enter second number <input type="text" name="snum" value="<?php echo #$_POST['snum'];?>"/><hr/>
So that user don't need to put the same value again and when press the other buttons the form will automatically submit with the previous values.
Note: Remember, you need to check all the posted value is set or not and use proper conditions of POST method. Have a look at the given example of your problem as solution, I give it here to give you a proper guide.
Example:
<?php
$x = 0;
$y = 0;
if(isset($_POST['submit'])) {
$x = $_POST['fnum'];
$y = $_POST['snum'];
$operator = "";
if($_POST['submit'] == 'ADD') {
$operator = "+";
} elseif($_POST['submit'] == 'Subtract') {
$operator = "-";
} elseif($_POST['submit'] == 'Multiply') {
$operator = "*";
}
$result = $x . $operator . $y;
}?>
Your form will be-
<form method="post">
Enter first number <input type="text" name="fnum" value="<?php echo $x;?>"/><hr/>
Enter second number <input type="text" name="snum" value="<?php echo $y;?>"/><hr/>
<input type="submit" name="submit" value="ADD"/>
<input type="submit" name="submit" value="Subtract"/>
<input type="submit" name="submit" value="Multiply"/>
</form>
Result:
<input type='text' value='<?php echo (isset($result) ? $result : "-";)?>'/>
I want to get three values separated by a comma when the form is submitted. The value from the checkbox, textbox 1 and textbox 2.
This is my code that retrieves values from mysql database and generates checkboxes and two corresponding textboxes.
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<?php
$query = "SELECT * FROM subject";
$data = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($data)){
$s = $row['sub'];
echo $s;
?>
<input type="checkbox" name="req_sub[]" value= "<?php echo $s; ?>" />
<input type="text" name="<?php echo $s; ?>" placeholder="Total Number" />
<input type="text" name="<?php echo $s; ?>" placeholder="Pass Number" />
<?php
}
?>
<input type="submit" name="submit" value="Add">
</form>
Suppose the user checks the first three boxes , and enters the values like in this picture -
when I click add, I get the values --
Physics
Math
Chemistry
by using the code below:
<?php
if (isset($_POST['submit'])) {
if (!empty($_POST['req_sub'])) {
foreach ($_POST['req_sub'] as $selected) {
echo $selected."</br>";
}
}
}
?>
but how do I get the values like this-
Physics,40,30
Math,40,30
Chemistry,30,25
I want this output in a variable so that I can store it in my database table.
I have spent several hours behind this in last few days. Please help me with this one.
you need to assign unique names to the <input type="text" ... /> so you can recieve its values in the PHP.
Second, you need to write PHP code, that's concatenating those values.
For example, your HTML code might be:
<input type="checkbox" name="req_sub[]" value= "<?php echo $s; ?>" />
<input type="text" name="total[<?php echo $s; ?>]" placeholder="Total Number" />
<input type="text" name="pass[<?php echo $s; ?>]" placeholder="Pass Number" />
and your PHP code might be:
if (isset($_POST['submit'])) {
if (!empty($_POST['req_sub'])) {
foreach ($_POST['req_sub'] as $selected) {
$total = $_POST['total'][$selected];
$pass = $_POST['pass'][$selected];
$var = $selected . ',' . $total . ',' . $pass;
echo $var . '<br />';
}
}
}
I'm trying to sort one array by another array. Both these arrays get their content from a form.
Here's my form code:
<form method="post" action="">
<div class="groupcontainer">
<br/><label>Group One:</label><br/>
<input type="text" name="groupname[]" value="groupone" /><br/>
<br/><label>Variable Group One:</label><br/>
<input type="text" name="variable[]" value="variableone" />
<input type="text" name="variable[]" value="variabletwo" />
</div>
<br/>
<div class="groupcontainer">
<br/><label>Group Two:</label><br/>
<input type="text" name="groupname[]" value="grouptwo" /><br/>
<br/><label>Variable Group Two:</label><br/>
<input type="text" name="variable[]" value="variablethree" />
<input type="text" name="variable[]" value="variablefour" />
</div>
<br/>
<input type="submit" name="submit" value="Submit" />
</form>
Here's the PHP code:
<?php
if (!$_POST['submit'] == "") {
foreach($_POST['groupname'] as $groupname) {
$groupnum = 1;
foreach($_POST['variable'] as $variable) {
print "$".$groupname.$groupnum." = '".$variable."';<br/>";
$groupnum++;
}
print "$".$groupname." = array(";
for ($arrnum = 1; $arrnum <= count($_POST['variable']); $arrnum++) {
print "$".$groupname.$arrnum.", ";
}
print ");<br/><br/>";
}
}
?>
This is the result I get when I submit the form:
$groupone1 = '$variableone';
$groupone2 = '$variabletwo';
$groupone3 = '$variablethree';
$groupone4 = '$variablefour';
$groupone = array($groupone1, $groupone2, $groupone3, $groupone4, )
$grouptwo1 = '$variableone';
$grouptwo2 = '$variabletwo';
$grouptwo3 = '$variablethree';
$grouptwo4 = '$variablefour';
$grouptwo = array($grouptwo1, $grouptwo2, $grouptwo3, $grouptwo4, )
This is the result that I actually want:
$groupone1 = '$variableone';
$groupone2 = '$variabletwo';
$groupone = array($groupone1, $groupone2)
$grouptwo1 = '$variablethree';
$grouptwo2 = '$variablefour';
$grouptwo = array($grouptwo1, $grouptwo2)
The whole thing needs to be dynamic since I want to add as many groups and variables as I want.
I've been searching for an answer for days and already asked two people who didn't know an answer. Maybe you guys can help. Thanks!
Update:
Just to clarify a few points:
So basically I want to be able to add as many input forms as I want (I use jQuery for that) to create as many groups and variables as I want, for example like this:
$groupwuteva1 = 'hello';
$groupwuteva2 = 'bye':
$randomname1 = 'green';
$randomname2 = 'blue';
$randomname3 = 'red';
$blabla1 = 'abc';
$blabla2 = 'xyz';
$blabla3 = '123';
$blabla4 = 'bla';
Whatever I use as groupname will be used in array one, e.g. I call a group "Colors" and the variables I put into the form for that group are "blue", "red" and "green". Then I would get this code:
$colors1 = 'green';
$colors2 = 'blue';
$colors3 = 'red';
I hope this clairfies some questions. And thanks a ton for all responses so far!
You can take the group name as a container to store all associated variable values in it. And later, use variable variables and implode() function to process your html form.
HTML
<form method="post" action="">
<div class="groupcontainer">
<br/><label>Groupe One:</label><br/>
<input type="text" name="groupname[]" value="groupone" /><br/>
<br/><label>Variable Group One:</label><br/>
<input type="text" name="groupone[]" value="variableone" />
<input type="text" name="groupone[]" value="variabletwo" />
</div>
<br/>
<div class="groupcontainer">
<br/><label>Groupe Two:</label><br/>
<input type="text" name="groupname[]" value="grouptwo" /><br/>
<br/><label>Variable Group One:</label><br/>
<input type="text" name="grouptwo[]" value="variablethree" />
<input type="text" name="grouptwo[]" value="variablefour" />
</div>
<br/>
<input type="submit" name="submit" value="Submit" />
</form>
PHP
if(isset($_POST['submit'])){
foreach($_POST['groupname'] as $value){
$arr = array();
$i = 1;
foreach($_POST[$value] as $v){
$var = $value . $i;
$$var = $v;
echo $var . " = " . $$var . "<br />";
$arr[] = $$var;
++$i;
}
$output = $value . " = array(" . implode(",", $arr) . ")";
echo $output . "<br /><br />";
}
}
Output:
groupone1 = variableone
groupone2 = variabletwo
groupone = array(variableone,variabletwo)
grouptwo1 = variablethree
grouptwo2 = variablefour
grouptwo = array(variablethree,variablefour)
try this form:
<form method="post" action="">
<?php foreach(array('groupone', 'grouptwo') as $num):?>
<div class="groupcontainer">
<br/><label>Groupe <?php echo $num;?>:</label><br/>
<input type="text" name="groupname[]" value="<?php echo $num;?>" /><br/>
<br/><label>Variable Group <?php echo $num;?>:</label><br/>
<input type="text" name="variable[<?php echo $num;?>][]" value="<?php echo uniqid();?>" />
<input type="text" name="variable[<?php echo $num;?>][]" value="<?php echo uniqid();?>" />
</div>
<br/>
<?php endforeach;?>
<input type="submit" name="submit" value="Submit" />
</form>
and code:
if ($_POST) {
foreach($_POST['groupname'] as $groupname) {
$$groupname = array();
foreach($_POST['variable'][$groupname] as $variable) {
${$groupname}[] = $variable;
}
}
var_dump($groupone);
var_dump($grouptwo);
}
I have an administrator.php which displays 300 records from a table called 'player'. Next to each record, there is an edit option which redirects you to edit.php and the 15 columns of that record (including the primary key - playerid) is displayed inside text boxes. Line of code below:
<a href='edit.php?playerid=".$query2['playerid']."'>Edit</a>
On edit.php you are able to change data of these columns. Upon submit, an update query is sent to update the table but unfortunately, it's not working. My error message continues to display ("testing for error..."); not sure why.
//Setups up the database connection
$link = mysql_connect("localhost", "root", "");
mysql_select_db("fantasymock", $link);
if(isset($_GET['playerid'])) {
$playerid = $_GET['playerid'];
//Query to display results in input box
$query1 = mysql_query("SELECT * from player WHERE playerid = '$playerid'");
$query2 = mysql_fetch_array($query1);
}
if(isset($_POST['submit'])) {
$playerid = $_POST['playerid'];
$preranking = $_POST['preranking'];
$playerlast = $_POST['playerlast'];
$playerfirst = $_POST['playerfirst'];
$position = $_POST['position'];
$battingavg = $_POST['battingavg'];
$run = $_POST['run'];
$homerun = $_POST['homerun'];
$rbi = $_POST['rbi'];
$sb = $_POST['sb'];
$win = $_POST['win'];
$save = $_POST['save'];
$strikeout = $_POST['strikeout'];
$era = $_POST['era'];
$whip = $_POST['whip'];
//Query to update dB
$query3 = mysql_query("UPDATE player SET playerid='$playerid', preranking='$preranking', playerlast='$playerlast', playerfirst='$playerfirst', position='$position', battingavg='$battingavg', run='$run', homerun='$homerun', rbi='$rbi', sb='$sb', win='$win', save='$save', strikeout='$strikeout', era='$era', whip='$whip' WHERE playerid='$playerid'");
header("Location: administrator.php");
} else {
echo "Testing For Error....";
}
?>
<form action="" method="POST">
Player ID:<input type="text" name="playerid" value="<?php echo $query2['playerid'];?>"/> <br/>
Preranking:<input type="text" name="preranking" value="<?php echo $query2['preranking'];?>"/> <br/>
Last Name:<input type="text" name="playerlast" value="<?php echo $query2['playerlast'];?>"/> <br/>
First Name:<input type="text" name="playerfirst" value="<?php echo $query2['playerfirst'];?>"/> <br/>
Position:<input type="text" name="position" value="<?php echo $query2['position'];?>"/> <br/>
Batting Avg:<input type="text" name="battingavg" value="<?php echo $query2['battingavg'];?>"/> <br/>
Runs:<input type="text" name="run" value="<?php echo $query2['run'];?>"/> <br/>
Homeruns:<input type="text" name="homerun" value="<?php echo $query2['homerun'];?>"/> <br/>
Rbi:<input type="text" name="rbi" value="<?php echo $query2['rbi'];?>"/> <br/>
Sb:<input type="text" name="sb" value="<?php echo $query2['sb'];?>"/> <br/>
Wins:<input type="text" name="win" value="<?php echo $query2['win'];?>"/> <br/>
Saves:<input type="text" name="save" value="<?php echo $query2['save'];?>"/> <br/>
Strikeouts:<input type="text" name="strikeout" value="<?php echo $query2['strikeout'];?>"/> <br/>
Era:<input type="text" name="era" value="<?php echo $query2['era'];?>"/> <br/>
Whip:<input type="text" name="whip" value="<?php echo $query2['whip'];?>"/> <br/>
<br>
<input type="submit" name="submit" value="submit">
</form>
FYI: Every column in the table and tablename is spelled correctly, I've triple checked before posting. And I'm aware of MySQL injection. Can someone see a problem? Thank you in advance!
EDIT: I just added an additional if statement if($query3) and it now works.
You are checking for POST variables, but you are getting to edit.php through a GET request. There isn't anything on $_POST. Therefore it drops down to the else of your if block and prints out Testing For Error...
Your script in getting into the else part. That means there nothing it is getting as $_POST['submit']. Make sure that your submit button must have a name attribute as submit.
<input type="submit" name="submit" value="" />
please check what showing in error.log file. You may insert these lines at your edit.php file
error_reporting(E_ALL);
ini_set('display_errors', 1);
to display error.
Replace your else part by this for more detailed mysql errors
else{ echo "Testing For Error...." .mysql_error(); }
as far as i can see my code is sound however, I keep getting an error
this is the error
Notice: Undefined variable: person in
\sql\modify.php on line 12
here is my code..
<?php
include 'includes/connection.php';
if (!isset($_POST['submit'])){
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);
}
?>
<h1>You are modifying A User</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
<br />
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify"/>
</form>
<?php
if(isset($_POST['sumbmit'])) {
$u = "UPDATE people SET `Name` = '$_POST[inputName]', `Description` = '$_POST[inputDesc]' WHERE ID = $_POST[id]";
mysql_query($u) or die(mysql_error());
echo "User has been modify";
header("Location: index.php");
}
?>
any Thoughts or am im I just blind???
<?php
include 'includes/connection.php';
// set $person veriable
if (!isset($_POST['submit'])){
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);
}
// if form submit you use update and redirect
else {
$u = "UPDATE people SET `Name` = '$_POST[inputName]', `Description` = '$_POST[inputDesc]' WHERE ID = $_POST[id]";
mysql_query($u) or die(mysql_error());
//echo "User has been modify"; // this not need, bcz execute header('location') redirect you current page
header("Location: index.php");
exit(); //use it after header location
}
?>
<h1>You are modifying A User</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
<br />
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify"/>
</form>
You just need to check if you actually got output.
Just a plain example:
if ($person):
?>
<h1>You are modifying A User</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
<br />
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify"/>
</form>
<?php
endif;
Remember to always validate your input and output, but also if queries you try to run do produce a result set.
Here's the issue:
<?php
include 'includes/connection.php';
if (!isset($_POST['submit'])){
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);
}
?>
At this point $person is set only if the form hasn't been submitted; but later on:
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
You're using it anyway. If the form has been submitted, then you're going to get the warning you're seeing. What you need to do is something like:
if (isset($_POST['submit'])){
$name = $_POST['name'];
$description = $_POST['description']
} else {
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);
$name = $person['name'];
$description= $person['description'];
}
And then:
Name<input type="text" name="inputName" value="<?php echo $name ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $description; ?>" />
The variables are now set either way.
A couple of other things - you're not doing any error checking to see if your query has worked; if the query fails, your code will carry on regardless.
Secondly, the mysql_ functions are deprecated and will stop working at some point; you should look at moving to using mysqli_* or PDO instead.