Im trying to create a guestbook with mysql database. I have no trouble display the sql data on my form.
But when im trying to input data my send button dosent work. I think the problem is in this code, but I cant find it. and have done the tutorial a couple of times.
I dont have any error messages. But this is some of the code.
thanks
<?php
if(isset($_GET['page'])){
echo "
<form action='guest_process.php' method='post'>
<p>Name: <input type='text' name='name'> </p>
<p>Email: <input type='text' name='email'> </p>
<p>Comment: </p>
<p><textarea name='comment'></textarea></p>
<hr />
<p><input type='button' name='submit' value='Post Entry'></p>
</form>
";
}else{
$connect = mysql_connect('localhost','root','') or die ('Couldnt connet');
$db = mysql_select_db('guestbook');
$query = mysql_query('select * from guestbook order by id desc');
$num_rows = mysql_num_rows($query);
if($num_rows > 0){
//display entries
while($row = mysql_fetch_assoc($query)){
echo "
<p>
<b>Name: </b>".$row['name']."
</p>
<p>
<b>Email: </b>".$row['email']."
</p>
<p>
<b>Comment: </b>".$row['comment']."
</p>
<p>
<b>Date: </b>".$row['date']." | Time: ".$row['time']."
</p>
<hr />
";
}
} else{
echo 'no entries in database';
}
}
?>
The guestbook is seperated in two php files.
This is the other page the guest_process.php
<?php
if($_post['submit']){
$connect = mysql_connect('localhost','root','') or die ('Couldnt connet');
$db = mysql_select_db('guestbook');
$name = strip_tags($_POST['name']);
$email = strip_tags($_POST['email']);
$comment = n12br($_POST['comment']);
$date = date('Y-m-d');
$time = date('H:i:s');
$query = mysql_query("insert into guestbook values('','$name','$email','$comment','$date','$time')");
header('Location: index.php');
}else {
header ('Location: index.php');
}
?>
use <input type="submit" value="Post Entry"> instead of <input type=button>
this is not good:
<input type =button name='submit' value='Post Entry'>
it should be:
<input type="submit" name="submit" value="Post Entry">
The problem is that there is no code to put anything in a database.
First you need to actually post something. You might think that this line does this, but it doesn't:
<input type =button name='submit' value='Post Entry'>
Apart from the fact you need " around the type, a "button" isn't actually something that does submitting. You'll need client-side code for that. You could better change it to
<input type="button" name='submit' value='Post Entry'>
You won'nt be there though. Now you need to take the info from the $_POST variable (try var_dump($_POST) to see what's in there), and put it in your database. You can find the appropriate commands for SQL and the php-mysql connection in your tutorial probably
Related
Working on echoing the users questions out so far I can insert the values and this is working thru the php admin but its not working thru , the form on the users profile page?
The error says ,"Call to a member function query() on a non-object in profile.php on line 82" The php code on this line is as follows
$query1=$db->query("SELECT id,title,question,username FROM QnA WHERE username='$dbusername'");
The rest of profile.php is below
<?php
session_start();
$dusername=$_GET['username'];
if (isset($dusername)){
require('connect.php');
$userquery =$db->query("SELECT id,firstname,username,lastname,email FROM users WHERE username = '".$dusername."'");
while ($row =$userquery->fetch()){
$id=$row["id"];
$dbusername =$row["username"];
$dfirstname = $row["firstname"];
$demail =$row["email"];
$dlastname =$row["lastname"];
}
}
?>
<html>
<head><title><?php echo $dfirstname;?></title>
<link rel="stylesheet" href="stylesheets/profile.css" type="text/css">
</head>
<body>
<div id="container">
<?php
echo'
<div id="qform"><center>
<form action="ask.php" method="post">
<b>Title</b>
<br/>
<input type ="text" name="title"/>
<br/>
<b>Question</b>
<br/>
<textarea name="question"></textarea>
<br/>
<b>This is to make sure your not a robot 2+2=</b>
<input type="text" name="plus"/>
<br/>
<input type="submit" value="Submit"name="submit"/>
</form></center>
</div>
';
?>
<div id="questions">
<?php
$query1=$db->query("SELECT id,title,question,username FROM QnA WHERE username='$dbusername'");
//$query2=$db->query("SELECT * FROM answers");
while($asked=$query1->fetch()){
if($asked['username']==$dbusername){
echo '<div class="asked"><b>Title</b><br/><b> ',$asked['title'],'</b> <hr/><br/><b>Question</b><br/><b>',$asked['question'],'</b></div><br/><br/>';
}
else if(!$asked['username']==$dbusername){
error_reporting(E_ALL);
echo 'No questions have been asked';
}
}
?>
</div>
</div>
</center>
</body>
</html>
The form is in the profile.php the action for the form is in a separate file named ask.php which is below.
<?php
//form action below
require('profile.php');
session_start();
require('connect.php');
$plus=$_POST['plus'];
$title=$_POST['title'];
$question=$_POST['question'];
$dusername=$_SESSION['username'];
if(isset($_POST['submit'])){
if(!empty($_POST['title']) && !empty($_POST['question'])&& $plus==4){
$query="INSERT INTO `QnA` (id,title,question,username) VALUES (?,?,?,?)";
$query=$db->prepare($query);
$query->execute(array(' ',$title,$question,$dusername));
echo'succes';
header("Location: profile.php");
}
else{
error_reporting(E_ALL);
echo " Fill in all Slots or you gave the wrong answer to the security question";
}
}
?>
The below code is not returning True at all :
if(isset($_POST['username'])){
that's why it is going in else statement.
You are using isset function for username field, but you should check for Submit button. Try replacing following lines :
<input type="submit" value="Log In" />
to
<input type="submit" value="Log In" name="submitbtn" />
AND
if(isset($_POST['username'])){
to
if(isset($_POST['submitbtn'])){
It should work then :)
You have error in you query add space between ANDpassword=', maybe this should work
$query="SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1" ;
to debug you error try
$res = mysql_query($query) or die(mysql_error());
Take note this query is vulnerable in SQL Injection, maybe you should try using mysqli or PDO for security purposes.
How can I prevent SQL injection in PHP?
Try this :
<form action="login.php" method="post" >
<table>
<tr>
<td>Username: </td><td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password: </td><td><input type="password" name="password" id ="password"/></td>
</tr>
</table>
<input type="submit" value="Log In" />
<input type="button" value="Register" onClick="location.href='register.php'" />
</form>
</body>
</html>
<?php
require('connect.php');
session_start();
if ($_SESSION['username'])
{
header("Location: home.php");
}
else{
if(isset($_POST['username'])){
require('connect.php');
//According to user's input
$username=$_POST['username'];
$password=$_POST['password'];
$query="SELECT * FROM users WHERE username='".$username."'AND password='".$password."'";
$res = mysql_query($query);
//check username and password for match
if (mysql_num_rows($res) > 0){
//Sets username to the comment session so no username has to be input
$_SESSION['username']=$username;
// jumps to secure page
header ("Location: home.php");
}
As above mentioned you are getting 0 rows values, there may be space or some thing else in you query so do below.
echo this query
SELECT * FROM users WHERE username='".$username."' AND password='".$password."'
and execute this query manually in database and see what is happening with this query. And correct your query accordingly.
Trying to get this form to add new data into my database yet for some reason it doesn't seem to work? Instead of staying on the same page "admin.php?page=3" it redirects to just "admin.php" and no echos or signs that it is even doing anything? Could someone help me out here? Cheers!
Form:
<form>
<form name="postnewstory" action="admin.php?page=3" method="POST">
<strong>News Title: </strong><input type="text" name="news_title"><br><br />
<strong>News Story:</strong><br>
<textarea name="news_body" rows="4" cols="60"></textarea><br><br />
<input type="file" name="news_photo"><br>
<strong>Story Link: </strong><br />
<input name="button" type="radio" value="0" checked="checked">No Link<br>
<input type="radio" name="button" value="1">Link<br><br />
<strong>Link Address: </strong><input type="text" name="news_link"><br>
<strong>News Story Tags: </strong><input type="text" name="news_tags">
<input type="submit" value="Post" name="postnewstory" class="btn btn-success"><br />
</form>
PHP:
I know its very basic, just trying to get it to work before I add error checks or anything.
<?php
if (isset($_POST['postnewstory'])){
$username = $user_data['username'];
$email_address = $user_data['email_address'];
$news_title = $_POST['news_title'];
$news_photo = $_POST['news_photo'];
$button = $_POST['button'];
$news_link = $_POST['news_link'];
$news_tags = $_POST['news_tags'];
$exists = mysql_query ("SELECT * FROM users WHERE username='$username'") or die ("not found");
if (mysql_num_rows($exists) != 0){
//update the info in database
mysql_query ("INSERT INTO news (`news_id` ,`news_title` ,`news_body` ,`news_photo` ,`news_date` ,`username` ,`news_tags` ,`button ,`news_link`)
VALUES (NULL , '$news_title', '$news_body', '$news_photo', now(), '$username', '$news_tags', '$button', '$news_link');") or die ("update didn't work");
echo "<div class='alert alert-success'><strong>This post was sent!</strong></span></div> ";
echo '<meta http-equiv="refresh" content="2;url=admin.php?page=3">';
} else echo "<strong><font color=red>Update did not work, please try again.</font></strong>";
}
?>
You have a missing backtick in:
,`button
change to:
,`button`
Rewrite:
("INSERT INTO news (`news_id` ,`news_title` ,`news_body` ,`news_photo` ,`news_date` ,`username` ,`news_tags` ,`button`,`news_link`)
Footnotes:
I quote Shankar:
"Replace die ("update didn't work"); with die (mysql_error()); to know the exact error why your query ain't working."
I think this should work;
Change the line
echo '<meta http-equiv="refresh" content="2;url=admin.php?page=3">';
to
echo "<script>window.location = 'admin.php?page=3';</script>";
I'm currently managing a little database for a club and I'm starting to feel more and more pressure to update the thing to PHP5. The only thing is that I'm not quite a 100% sure on how to convert this structure without messing up the whole thing. (Or starting from scratch)
Could you guys tell me if this is easily editable/updatable or if I should redo everything? (The total file is 800 lines, so I hope to not have to redo it :P)
So I open the databse with:
//Database connection settings
$mysql_server = "localhost";
$mysql_user = "user";
$mysql_password = "pass";
$mysql_database = "database";
//Connect using settings
$connection = mysql_connect("$mysql_server","$mysql_user","$mysql_password")
or die ("Unable to connect to MySQL server.");
$db = mysql_select_db("$mysql_database")
or die ("Unable to select requested database.");
Then I can create users with:
if($changeme ==1) //if user pressed save, then update table
{
$name = mysql_real_escape_string($_POST["name"]);
mysql_query("INSERT INTO Members (name,) VALUES
('$name')") or die(mysql_error());
//show end text
echo "Edit complete!<br />
<form><input type='button' onClick=\"parent.location='users.php'\" value='OK'></form>";
}else{//user didn't press save
?>
<!--Edit form-->
<form action="users.php?new=1&changeme=yes" method="post">
Naam:<br>
<input name="name" type="text" value="" size="79"><br>
<input type="submit" name="Submit" value="Create">
<input type='button' onClick="parent.location='users.php'" value='Back to list'>
</form>
}
I left out everything but name to make it shorter, it has like 30 fields.
Next we can also edit the profiles like this:
if($changeme ==1) //if user pressed save, then update table
{
$id = $_POST['id']; //get ID from form
$name = $_POST["name"];
mysql_query("UPDATE Members SET name='$name' WHERE id='$id'") or die(mysql_error());
//show end text
echo "Edit complete!<br />
<form><input type='button' onClick=\"parent.location='users.php'\" value='OK'></form>";
}else{//user didn't press save
$id = $_GET['edit'];
$sql = "SELECT * FROM Members WHERE id='$id'";
$self = mysql_query($sql);
while ($row = mysql_fetch_array($self)) {
$name = $row["name"];
}
?>
<!--Edit form-->
<form action="users.php?edit=<?php echo $id ?>&changeme=yes" method=post>
<input type="hidden" name="id" value="<?php echo $id ?>">
Name:<br>
<input name="name" type="text" value="<?php echo $name ?>" size="79"><br>
<input type="submit" name="Submit" value="Change">
<input type='button' onClick="parent.location='users.php'" value='Back to list'>
</form>
<?php
}//didn't press save
Please help me. I written a code but it is not working well.
I want to retrieve data from database and display text fields.
My Code is:
<DOCTYPE html>
<html>
<head><title>Practice</title></head>
<body align="center">
<?php
$con=mysqli_connect("localhost","root","","address_db");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
<form action="1.php" method="post">
Name <br><input type="text" name="name" value="<?php echo $_GET['n']; ?>"><br>
Address 1<br><input type="text" name="address_1" value=""><br>
Address 2<br><input type="text" name="address_2" value=""><br>
Address 3<br><input type="text" name="address_3" value=""><br><br><br>
<input type="submit" name="reset" value="Clear">
<input type="submit" name="submit" value="Submit">
<input type="submit" name="retrieve" value="Retrieve">
</form>
<?php
if (isset($_POST['submit']))
{
$name=$_POST['name'];
$address_1=$_POST['address_1'];
$address_2=$_POST['address_2'];
$address_3=$_POST['address_3'];
if(($name=='')||($address_1=="")||($address_2=="")||($address_3==""))
{
echo "<script>alert('Please fill all fields')</script>";
exit();
}
else
{
mysqli_query($con,"INSERT INTO address_tbl (name,address_1,address_2,address_3)
VALUES ('$name','$address_1','$address_2','$address_3')");
echo "<script>alert('Your record successfull inserted into database...')</script>";
exit();
}
}
if (isset($_POST['retrieve']))
{
$result = mysqli_query($con,"SELECT * FROM address_tbl");
while($row = mysqli_fetch_array($result))
{
$name=$row['name'];echo "<br>";echo "<br>";
$add1=$row['address_1'];echo "<br>";echo "<br>";
$add2=$row['address_2'];echo "<br>";echo "<br>";
$add3=$row['address_3'];echo "<br>";echo "<br>";
echo "<script type='text/javascript'>
window.open('1.php?n=$name','_self'); </script>";
}
}
?>
</body>
</html>
Please help me. give me any hint that I can solve my problem. Thanks
try this ,
mysqli_query($con,"INSERT INTO `1address_tbl` (`name`,`address_1`,`address_2`,`address_3`)
VALUES ('$name','$address_1','$address_2','$address_3')");
it should work fine now. it needs to include ( ` ) around the table names and column name to make sql work correctly. you left them out,
you replace this with yours.
First of all you should have your php in a seperate file called index.php with just php code then create a page called index.html.php in that page use a foreach loop to output data from the database its the most common and practical way of doing what your trying to do .
Here is my login PHP code.
<?php // rnlogin.php
include_once 'rnheader.php';
echo "<h3>Member Log in</h3>";
$error = $user = $pass = "";
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "")
{
$error = "Not all fields were entered<br />";
}
else
{
$query = "SELECT user,pass FROM rnmembers
WHERE user='$user' AND pass='$pass'";
if (mysql_num_rows(queryMysql($query)) == 0)
{
$error = "Username/Password invalid<br />";
}
else
{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please
<a href='rnmembers.php?view=$user'>click here</a>.");
}
}
}
echo <<<_END
<form method='post' action='rnlogin.php'>$error
Username <input type='text' maxlength='16' name='user'
value='$user' /><br />
Password <input type='password' maxlength='16' name='pass'
value='$pass' /><br />
<input type='submit' value='Login' />
</form>
_END;
?>
As you can see the error message is printed with echo.
Is there a way that I can put this error message in a control and display it only if there is error?
It sounds like I have to combine PHP with JavaScript?
The following code is used by Gmail to display error message.
It works even if JavaScript is turned off.
In other words, they use some techniques independent of JS.
Any idea, how I can do similar thing here?
<code>
<td align="left">
<div id="errormsg_0_Passwd" class="errormsg">
The username or password you entered is incorrect.
[<a target="_blank" name="helpLink" href="http://www.google.com/support/accounts/bin/answer.py?answer=27444&hl=en&ctx=ch_ServiceLoginAuth&p=mail">?</a>]
</div>
</td>
</code>
Thank you
Is there a way that I can put this error message in a control and display it only if there is error?
in PHP you can do anything. Want to put this error message in a control? Put it into control
if ($error) $error = "<control>$error</control>";
You have to distinguish string operation from echoing.
echoing a string is not the only way of string manipulations.
you can prepare your string first and then echo it out.
So, you can prepare all parts of the string first, and then print them all together.
Also, there is another way to output HTML, a preferred one.
<?php
// your php code here
//before output we close PHP tag and use pure HTML
//with some PHP specks
?>
<form method="post" action="rnlogin.php">
<?php if($error): ?>
<code>
<td align="left">
<div id="errormsg_0_Passwd" class="errormsg">
<?php echo $error ?>
</div>
</td>
</code>
<? endif ?>
Username <input type='text' maxlength='16' name='user'
value='$user' /><br />
Password <input type='password' maxlength='16' name='pass'
value='$pass' /><br />
<input type='submit' value='Login' />
</form>
Your answer stays in your question!
You declared $error="" make use of this,
check like this
if($error!="") echo $error;
anyone in my opinion do like this if the error exists then show it other wise do the rest.
for this you may need to change your code..
make the html part out of php tags and inside the html part use php tags again and display the error message.
in my observation you need to have bit knowledge on html also.