It's been a little while with PHP, so please excuse my ignorance. I have this web page:
<?php
mysql_connect ("localhost", "user", "pass");
mysql_select_db ("expiration");
if (isset ($_REQUEST['new_expire']) && $_REQUEST['new_expire'] != "") {
$insert_query = "INSERT INTO files (path, expires) VALUES ('";
$insert_query .= $_REQUEST['new_path'];
$insert_query .= "', '";
$insert_query .= $_REQUEST['new_expire'];
$insert_query .= "');";
mysql_query ($insert_query);
}
?>
<html>
<head></head>
<body>
<?php echo print_r $_REQUEST; ?>
<form action="index.php" method="POST">
<p>Add New Expiration</p>
<table>
<tr>
<td align="right">
Select File:
</td>
<td>
<select id="new_path">
<?php $options = buildOptions (); echo $options; ?>
</select>
</td>
</tr>
<tr>
<td align="right">
MySQL Expire Time:
</td>
<td>
<input type="text" id="new_expire" />
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" value="Save" />
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
mysql_close ();
?>
When I load the page, the result of the print_r is an empty array. When I submit the form, it's still empty. I get no new record in the database. Any ideas?
Change all the places you have id to name, for example:
<input type="text" id="new_expire" /> --> <input type="text" name="new_expire" />
The _REQUEST (either _POST or _GET) is only from input elements with a name
Related
I am trying to get some informations from users such as name midterm final grades and post them into database which I am using the MySQL server.
The problem is when I press the Add to DD button nothing changes and the data does not go into my table in database.
here is my main code:
<html>
<body>
<table border ="1">
<tr>
<td>Name</td>
<td><input id="name"> </input></td>
</tr>
<tr>
<td>Midterm</td>
<td> <input id="midterm"> </input></td>
</tr>
<tr>
<td>Final</td>
<td> <input id="final"> </input></td>
</tr>
<tr>
<td>Grade</td>
<td> <input id="grade"> </input></td>
</tr>
<td><input type="button" onclick="calculate()" value="Calculate"></td>
<td> <input type="submit" value="Add to DB"> </td>
</tr>
</table>
</body>
<script type="text/javascript">
function calculate(){
var mid=document.getElementById('midterm').value;
var fin=document.getElementById('final').value;
var grade=mid*(0.3)+fin*(0.7);
document.getElementById('grade').value=grade;
}
</script>
</html>
and this is also the code that inserts datas :
<html>
<body>
<form method="get" action="grade.php">
<input type="text" value="Welcome to Student Grades Calculator">
<br>
<input type="submit" value="GO">
</form>
</body>
</html>
<?php
$name=$_POST['name'];
$midterm=$_POST['midterm'];
$final=$_POST['final'];
$grade=$_POST['grade'];
echo 'Hey';
$connect= mysql_connect('localhost','root','','test');
if(mysqli_connect_errno())
{
echo "Failed to connect to MySQL:".mysql_connect_errno();;
}
$s = "INSERT INTO(name,midterm,final,grade) VALUES('rr','33','33','33')";
$sql = "INSERT INTO(name,midterm,final,grade) VALUES ('$name','$midterm','$final','$grade')";
mysqli_query($connect , $sql);
mysqli_close($connect);
?>
You need to set your variables to $_GETnot $_POST
$name=$_GET['name'];
$midterm=$_GET['midterm'];
$final=$_GET['final'];
$grade=$_GET['grade'];
I also recommend using post instead of get just for security
This question already has answers here:
mysqli_real_escape_string() expects exactly 2 parameters, 1 given
(5 answers)
Closed 5 years ago.
I am very new to stackoverflow. I want to create this form which uploads information to the database. When I click submit it does not get uploaded. I have checked my connections file and that is correct. Code below. Please help.
<?php
include("/connections/db_conx.php");
if ( isset($_POST['submit']) ) {
$title = mysqli_real_escape_string($_POST['title']);
$text = mysqli_real_escape_string($_POST['text']);
$picture = mysqli_real_escape_string($_POST['picture']);
$sql = "INSERT INTO news (title, text, picture) VALUES('$title','$text','$picture', now(),now(),now())";
$query = mysqli_query ($db_conx, $sql);
echo 'Entered into the news table';
}
?>
<html>
<head>
</head>
<body>
<table border="0">
<tr>
<form method="post" action="index.php" id="tech">
<td>Title</td><td> <input type="text" name="title"></td> </tr>
<tr> <td>Text</td><td> <textarea rows="4" name="text" cols="50" name="comment" form="tech"> </textarea>
</td> </tr>
<tr> <td>Picture</td><td> <input type="varchar" name="picture"></td> </tr>
<tr> <td><input id="button" type="submit" name="submit" value="Submit"></td>
</tr>
</form>
</table>
</body>
</html>
Here is the code you need to use:
<?php
include("/connections/db_conx.php");
if(isset($_POST['submit'])) {
$title = mysqli_real_escape_string($db_conx, $_POST['title']);
$text = mysqli_real_escape_string($db_conx, $_POST['text']);
$picture = mysqli_real_escape_string($db_conx, $_POST['picture']);
$sql = "INSERT INTO news (`title`, `text`, `picture`) VALUES('$title','$text','$picture');";
if(!$result = $db_conx->query($sql)){
die('There was an error running the query [' . $db_conx->error . ']');
}
echo 'Entered into the news table';
}
?>
<html>
<head>
</head>
<body>
<form method="post" action="index.php" id="tech">
<table border="0">
<tr>
<td>Title</td>
<td> <input type="text" name="title"></td>
</tr>
<tr>
<td>Text</td>
<td><textarea rows="4" name="text" cols="50" name="comment" form="tech"> </textarea></td>
</tr>
<tr>
<td>Picture</td>
<td> <input type="varchar" name="picture"></td>
</tr>
<tr>
<td><input id="button" type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
</body>
</html>
Your problem is that the mysqli_real_escape_string() function requires 2 parameters: the database connection, and the string to escape.
I've also included completely reformatted code, and error checking as well.
Try This :
$title = mysqli_real_escape_string($db_conx, $_POST['title']);
$text = mysqli_real_escape_string($db_conx, $_POST['text']);
$picture = mysqli_real_escape_string($db_conx, $_POST['picture']);
$sql = "INSERT INTO news (title, text, picture) VALUES('$title','$text','$picture')";
$query = mysqli_query ($db_conx, $sql);
if($query){
echo 'Entered into the news table'; // Your Success Message
}
else {
echo mysqli_error($db_conx);
}
please assist
I have created a search page to query the database, when the submit button is selected, no data is populated into the grid and there is no error message or notice that gives me an indication of where the issue is. Please assist.
Here is the code:
<?php
if(isset($_POST['submit']))
{
$txtLastName = $_POST['txtLastName'];
$txtidnumber = $_POST['txtidnumber'];
$txtMedicalAidNumber = $_POST['txtMedicalAidNumber'];
//connect to the database
$db = mysql_connect
("server", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
}
$mydb = mysql_select_db("mediouqp_login");
if($txtLastName != '' && $txtidnumber != '' && $txtMedicalAidNumber != '')
{
$sql = "SELECT last_name, id_number, medical_id_number FROM patient WHERE last_name LIKE '%" . $txtLastName . "%' OR id_number LIKE '%" . $txtidnumber ."%'";
}
else
{
$sql = "SELECT last_name FROM patient ORDER BY last_name DESC";
}
$result = mysql_query($sql);
}
if($result)
{
if(mysql_num_rows($result) > 0)
{
echo 'Total records found are- '.mysql_num_rows($result);
}
else
{
echo "No records found.";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style2.css">
</head>
<body>
<ul>
<li>PATIENT DETAILS
<li>REPORTS</li>
<li>ADMINISTRATOR</li>
<li>DOWNLOADS</li>
</ul>
<div class="headerTitle">
<h1 id="mainHeader">search patient details</h1>
</div>
<form action="search_patient.php" method="post" name="frm_search" id="frm_search">
<table>
<tr>
<td class="Label" id="lname">Last Name
</td>
<td class="Field">
<input type ="lastname" name ="txtLastName" ></input>
<span id="spnLastName"></span>
</td>
</tr>
<tr>
<td class="Label" id="lname">ID Number
</td>
<td class="Field">
<input type ="lastname" name ="txtidnumber" ></input>
<span id="spnIdNumber"></span>
</td>
</tr>
<tr>
<td class="Label" id="lname">Medical Aid Number
</td>
<td class="Field">
<input type ="medicalaidnumber" name ="txtMedicalAidNumber" ></input>
<span id="spnMedicalaidNumber"></span>
</td>
</tr>
<tr>
<td class="Label">
</td>
<td>
<input type="submit" id="btnSearchPatient" value="Submit"></input>
<input type = "button" onClick="window.location='create_patient.php';" value="Create Patient" /></input>
</td>
</tr>
</table>
</form>
<br/>
<br/>
<table id="tblpatient" class="Grid">
<tr class="Header">
<td> </td>
<td> </td>
<td> </td>
<td>Last Name</td>
<td>ID Number</td>
<td>Medical Aid</td>
</tr>
<?php
if($result)
{
while($row = mysql_fetch_array($result))
{
$last_name = $row['last_name'];
$id_number = $row['id_number'];
$medical_id_number = 0;//$row['medical_id_number'];
?>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td><?php echo $last_name;?></td>
<td><?php echo $id_number;?></td>
<td><?php echo $medical_id_number;?></td>
</tr>
<?php
}
}
?>
</table>
</body>
</html>
Note: This extension(mysql) was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used along with prepared statements.
As per the code you have written it will be submitting the data but what you have written under this statement will never Work.
if(isset($_POST['submit'])){// Codes Inside this}
Reason this code will not work
Your Submit button is not having the name which you have given in the isset($_POST['submit']).
You mist add the name to the submit button which you have in your code.
Replace your Submit button as i have provided by adding the name to it and changing the button code style.
Replace:
<input type="submit" id="btnSearchPatient" value="Submit"></input>
With:
<input type="submit" id="btnSearchPatient" name="submit" value="Submit" />
After all the above steps that has been provided ensure the note below in order the data comes as not expected.
Note: If you need to execute the statement perfect you first put echo to the select statement that you have coded and break the execution over there. You will find the SQL statement over to the browser and you copy that echoed statement into the SQL section of the DB created in the Phpmyadmin and check whether your code executed well. If so you got the required output that you can remove the echo and exit statement and you can proceed.
<?php if(isset($_POST['submit']))
{
$tadd=$_POST["tadd"]; //getting values
$pname=$_POST["pname"];
$date=$_POST["date"];
$result=mysql_query("insert into pannel(tadd,pname,date)values('$tadd','$pname','$date')");
echo "<script type='text/javascript'>
alert('Quotation Generated Successfully!')
</script>";
} ?>
<center>
<h1>Title</h1>
</center>
<form name="form" method="post" action="" onSubmit="submit;">
<center><table border="0" cellspacing="0" style="width:350px">
<tr> <td><b>To Address</td> <td><textarea name="tadd" rows="5"
cols="30"></textarea></td></tr>
<tr> <td><b>Project Name</td> <td><input type="text" name="pname" required></td></tr>
<tr> <td><b>Date</td> <td><input type="text" name="date"
id="datepicker" required></td></tr>
<tr> <td colspan="2" align="center"><input type="submit" name="submit"
value="submit"/></td> </tr></center> </table> </form>
I have one record in my database with
id tadd pname date
1 hello vvv 22/10/2014
if i insert values into database again it should data already inserted
please help me regarding this issue
You can achieve this using mysql_num_rows() which is one way to do this, which I believe the goal is to avoid duplicates.
Sidenote: You can also set your column(s) as UNIQUE to avoid duplicates.
N.B.: I used the pname column as an example. It's up to you to check which one will always be unique in regards to a username for instance.
$query = "SELECT * FROM pannel where pname = '".$pname."'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0){
echo "Already exists.";
}
else{
mysql_query("insert into pannel (tadd, pname,date) values ('$tadd','$pname','$date')");
}
Do sanitize your data:
$tadd = mysql_real_escape_string($_POST["tadd"]);
and do the same for the others.
Even better, use mysqli with prepared statements, or PDO with prepared statements.
They're much safer, because your present code is open to SQL injection.
Footnotes:
You should get rid of onSubmit="submit;" in your form. As outlined in comments, it's not going to do anything.
Edit:
<?php
// assuming DB connection has been made.
if(isset($_POST['submit'])) {
$tadd= mysql_real_escape_string($_POST["tadd"]);
$pname= mysql_real_escape_string($_POST["pname"]);
$date= mysql_real_escape_string($_POST["date"]);
$query = "SELECT * FROM pannel where pname = '".$pname."'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0){
echo "Already exists.";
exit;
}
else{
mysql_query("insert into pannel (tadd, pname,date) values ('$tadd','$pname','$date')");
echo "<script type='text/javascript'>alert('Quotation Generated Successfully!')</script>";
}
} // brace for if(isset($_POST['submit']))
?>
<!DOCTYPE html>
<head></head>
<body>
<center><h1>Title</h1></center>
<form method="post" action="">
<div align="center">
<center>
<table border="0" cellspacing="0" style="width:350px">
<tr> <td><b>To Address</td> <td><textarea name="tadd" rows="5" cols="30"></textarea></td></tr>
<tr> <td><b>Project Name</td> <td><input type="text" name="pname" required></td></tr>
<tr> <td><b>Date</td> <td><input type="text" name="date" id="datepicker" required></td></tr>
<tr> <td colspan="2" align="center">
<input type="submit" name="submit" value="submit"/>
</td> </tr>
</table>
</center>
</div>
</form>
</body>
</html>
I have to add in database many links that have same characteristics(Link type, country, author, project). For example I want to add 6 links-6rows in my database(see image), all at once. Please help me do that.
<html>
<head><title>Add values to DataBase</title></head>
<body>
<form name="input" action="" method="post">
<table>
<tr>
<td>
<b>Link Type: <br><input type="text" name="LinkType"><br>
</td>
<td>
<b>Country: <br><input type="text" name="Country"><br>
</td>
</tr>
<tr>
<td>
<b>Author: <br><input type="text" name="Author"><br>
</td>
<td>
<b>Project: <br><input type="text" name="Project"><br>
</td>
</tr>
</table>
<b>Links:</b><br>
<textarea rows="20" cols="80" name='Link'>
</textarea><br>
<input type="submit" onclick="Confirmare()" name="introdu" value="Exporta">
</form>
</body>
</html>
<?PHP
error_reporting(E_ALL & ~E_NOTICE);
mysql_connect("localhost", "root", "pechea.com") or die(mysql_error());
mysql_select_db("repdb") or die(mysql_error());
$Link=$_POST['Link'];
$LinkType=$_POST['LinkType'];
$Project=$_POST['Project'];
$Date=$_POST['Date'];
$Country=$_POST['Country'];
$Author=$_POST['Author'];
$Status=$_POST['Status'];
?>
<script type="text/javascript">
function Confirmare()
{
<?php
mysql_query("INSERT INTO projects (Link, LinkType, Project, Date, Country, Author, Status)
VALUES ('".$Link."', '".$LinkType."', '".$Project."','".$Date."', '".$Country."', '".$Author."', '".$Status."') ") or die(mysql_error());
?>
alert("Values Added in DB!");}
</script>
Explode links in the textarea
$links = explode("\n", $_POST['Link']);
Loop though links and insert
foreach($links as $link) {
mysql_query("INSERT ...");
}
Don't forget to escape...