PHP getting data from HTML fields - mysql

I'm having some problems with getting data from HTML fields. This is how it looks in HTML
<form action="getInfo.php">
<span>Series</span>
<input class="searchFieldAlign" type="text" name="seriesName" /><Br>
<span>Volume</span>
<input class="searchFieldAlign" type="text" name="volumeName" /><Br>
<span>Nr</span>
<input class="searchFieldALign" type="text" name="issueNR" /><Br>
<p input class="searchFieldALign" type=submit></p>
</form>
This is my php script:
<?php
$seriesName = mysqli_real_escape_string($conn, $_POST['seriesName']);
$volumeName = mysqli_real_escape_string($conn, $_POST['volumeName']);
$issueNR = mysqli_real_escape_string($conn, $_POST['issueNR']);
$con=mysqli_connect("localhost","user","psswd","db");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$qryIssueInfo = mysqli_query($con,"select issueNR, issueVolume, issueName, issueImageURL from issue, series where (seriesName='$seriesName') and (issueVolume='$volumeName') and (issueNR=$issueNR)");
$rowIssueInfo = mysqli_fetch_array($qryIssueInfo);
The problem is I don't get output from my query. There are no problems if i change it to this:
$qryIssueInfo = mysqli_query($con,"select issueNR, issueVolume, issueName, issueImageURL from issue, series where seriesName='Buffy, the Vampire Slayer' and issueVolume= 'Season 8' and issueNR=1");

If you not set form method = "post" it will be "get" and you should $_GET.
To correct:
<form method="post" action"getInfo.php">
Take it easy

The first version does not contain the apostrophes around the variables.
You should also consider security issues, like SQL injection.

Related

How to write the query to accept the input from the search box and search from MySql db (Wordpress)

I'm trying to access data from local wamp server from a Wordpress site using a Search box. I created the search box using the function get_search_form(), and I am unable to write a query in php to access using the same.
I have used Wamp server (localhost) and a Wordpress site.
I have tried writing an html code for the search box and tried to access the data using it. But it didn't work. I felt it's easy to run a single php script rather than a separate html and php scripts.
Code to fetch data from db:
$connect = mysqli_connect("localhost", "root", "", "mydb");
$output = '';
if(isset($_POST["query"]))
{
$search = mysqli_real_escape_string($connect, $_POST["query"]);
$query = "
SELECT * FROM clients;
WHERE Name LIKE '%".$search."%'
OR Aadhar LIKE '%".$search."%'
OR Mobile LIKE '%".$search."%'
OR Company LIKE '%".$search."%'
OR Description LIKE '%".$search."%'
";
}
else
{
$query = "SELECT * FROM clients ORDER BY Name";
}
$result = mysqli_query($connect, $query);
if(mysqli_num_rows($result) > 0)
{
$output .= '
<div class="table-responsive">
<table class="table table bordered">
<tr>
<th>Name</th>
<th>Aadhar</th>
<th>Mobile</th>
<th>Company</th>
<th>Description</th>
</tr>
';
while($row = mysqli_fetch_array($result)
{
$output .= '
<tr>
<td>'.$row["Name"].'</td>
<td>'.$row["Aadhar"].'</td>
<td>'.$row["Mobile"].'</td>
<td>'.$row["Company"].'</td>
<td>'.$row["Description"].'</td>
</tr>
';
}
echo $output;
}
else
{
echo 'Data Not Found';
}
I am successfully able to access all the data using this code.
First of all the function get_search_form(); will create a Search Box and a Submit button with a wrapper form. Form method is GET so $_POST in your code is completely wrong. Next is the search box created using this function have the name "s". The below code will be generated through the function :
<form role="search" method="get" class="search-form" action="">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>
So change your code $_POST['query'] with $_GET['s']. Hope it will work for you.

Query works when form action is to same page, not when it redirects to another

I have query that gets data from a form, when the submit button is pressed the data should be stored in a database. When the form's action is action="#" the data is inputted into the database. But when the action is action="otherPage.php" the data is not inserted into the database. Any help ?
Side Note: I know the queries need to be changed to counter SQL injection this is just for testing
Code:
if(isset($_POST['submit']))
{
$name = $_POST['fullName'];
$idNumber = $_POST['idNo'];
$cardNo = $_POST['cardNo'];
$_SESSION['fullName'] = $name;
$_SESSION['id'] = $idNumber;
$checkExists = "SELECT * FROM system.table WHERE idNumber = '$idNumber' ";
$resExists = mysqli_query($connection,$checkExists)
or die("Error in query: ". mysqli_error($connection));
if(mysqli_fetch_assoc($resExists) > 0)
{
$updateCard = "UPDATE system.table SET cardNo = '$cardNo' WHERE idNumber=$idNumber";
$resUpdate= mysqli_query($connection,$updateCard)
or die("Error in query: ". mysqli_error($connection));
}
if(mysqli_fetch_assoc($resExists) < 1)
{
$company = $_POST['company'];
$name = trim($name);
$last_name = (strpos($name, ' ') === false) ? '' : preg_replace('#.*\s([\w-]*)$#', '$1', $name);
$first_name = trim(preg_replace('#'.$last_name.'#', '', $name));
$insert = "INSERT INTO system.table (idNumber,name,surname,company,cardNo) VALUES
('$idNumber','$first_name','$last_name','$company','$cardNo')";
$resInsert = mysqli_query($connection,$insert)
or die("Error in query: ". mysqli_error($connection));
}
$connection->close();
}
I do not know if this is the corrext way to go around it, but it works. I included ob_start(); at the beginning of my code, left the action as
<form role="form" method="POST" action="#">
Then included
header('Location:otherPage.php');
so that the page automatically redirects to otherPage.php
If you have two files in the same folder, it should be working:
myFolder
- testForm.php
- testUpload.php
testForm.php:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form method="post" action="testUpload.php">
<fieldset>
<legend>Form</legend>
<label>Name: </label>
<input type="text" name="name">
<input type="submit">
</fieldset>
</form>
</body>
</html>
testUpload.php:
<?php
print($_POST['name']);
exit;
Do you have any Redirection Statements in the config of your Web Server (e.g. Apache httpd.conf)?

Getting PHP and SQL scripting to work properly

So, from what I have been learning for these past few weeks I believe I have sufficient knowledge on how to perform PHP, and SQL related queries to create a good and dynamic website that could support something like a forum. I've not been able to do that yet, and am having quite a bit of trouble with it as well. So far, I've made a PHP file, that was simply to see if I could use PHP well. It did not work out, and I've been getting plenty of errors, and I've been unable to fix them, whatsoever. And so, I'd like to come here to ask, if anyone out there could possibly analyze my code that I've written, and see what is wrong with it, if possible. Along with that, I'd like to know what would be the "Proper" way of
A. Connecting to SQL
B. Selecting Data
C. Displaying/Utilizing Data
And thank you, for reading and/or possibly replying to this.
Here, is the code I've written but have been unable to work.
<?php
include 'header.php';
include 'connect.php';
?>
<body>
<form>
Input First name:<br>
<input type="text" name="FN">
<br>
Input Last name:<br>
<input type="text" name="LN">
<br>
Input Email:<br>
<input type="text" name="Email">
<br>
<input type="submit" method="post">
<?php
if (isset($_POST['FN'], $_POST['LN'], $_POST['Email']))
$sql = 'INSERT INTO `info` ("USERID", "FN", "LN", "Email") VALUES (\'$_POST[FN]\', '$_POST["LN"]', '$_POST["Email"]')';
?>
</form>
<?php
$sql = "SELECT FN, LN, Email
FROM
info"
$result = "mysql_query($sql)"
while($row_list = mysql_fetch_assoc( $result )) {
ECHO <div>The Names are:</div><br>
ECHO $FN . "," . $LN . "," . $Email;
}
?>
</body>
</html>
Your PHP code is wrong in so many ways even in your query. What I did is clean your codes.
<?php
include 'header.php';
include 'connect.php';
?>
<body>
<form action="" method="POST">
Input First name:<br>
<input type="text" name="FN">
<br>
Input Last name:<br>
<input type="text" name="LN">
<br>
Input Email:<br>
<input type="text" name="Email">
<br>
<input type="submit" name="submit-btn" value="submit">
</form>
<?php
if (isset($_POST['submit-btn'])){
$sql = 'INSERT INTO info ( "FN", "LN", "Email") VALUES ('$_POST[FN]', '$_POST["LN"]', '$_POST["Email"]')';
if (mysql_query($sql)) {
echo "New record created successfully";
}
}
$sql = "SELECT FN, LN, Email FROM info";
$result = mysql_query($sql)
while($row_list = mysql_fetch_assoc( $result )) {
ECHO '<div>The Names are:</div><br>';
ECHO $FN . "," . $LN . "," . $Email;
}
?>
</body>
</html>
try to indent your code to make it more readable for yourself.
as already answered by user3814670, your insert query was wrong, with 4 elements (id,fn,ln,email) and only 3 data (fn,ln,email)
your query was't being executed also cleaned by user3814670 by adding the lines
if (mysql_query($sql)) {
echo "New record created successfully";
}
try to print your query to the screen and executing it in you database to see if your query fails or print the error to screen
mysql_error()
add this on top of your file after
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
Here's how you display data from the database using while loop
while($row=mysql_fetch_array($result)) {
echo $row['FN'] . " " . $row['LN'] . " " . $row['Email'];
}

Submit form to calculate quadratic equation

Am just learning html. I need to write code that solves the quadratic equation formula. I tried php code embeding in html but am getting blank output. How do I get user values a, b, c and display conditional answers?
Here's a simple example of what you need to do. First make a HTML form:
<form method="post" action="index.php">
<input type="text" name="a" value="Enter 'a'" />
<input type="text" name="b" value="Enter 'b'" />
<input type="text" name="c" value="Enter 'c'" />
<input type="submit" name='calc' value="Calculate" />
</form>
There is your form. Now the calculations:
<?php
// Check if the form is submitted
if (isset($_POST['calc'])) {
//assign variables
$a = $_POST['a'];
$b = $_POST['b'];
$c = $_POST['c'];
//after assigning variables you can calculate your equation
$d = $b * $b - (4 * $a * $c);
$x1 = (-$b + sqrt($d)) / (2 * $a);
$x2 = (-$b - sqrt($d)) / (2 * $a);
echo "x<sub>1</sub> = {$x1} and x<sub>2</sub> = {$x2}";
} else {
// here you can put your HTML form
}
?>
You need to do more checks on it, but as I said before this is a simple example.
Edit: learn from the source , the official php site: http://php.net/manual/en/tutorial.forms.php
1.Create a form with the fields you want. <form method='post' ....>...</form>
2.The user submit the form and then write a PHP code which get the posted data ($_POST)
and manipulate it according to the quadratic equation formula.
3.Echo the result.
I have smaller example.
This file sends data from form to itself. When it sends something - result of condition
$_SERVER['REQUEST_METHOD']=='POST'
is true. If its true - server process code in "if" block. It assigns data sent from form to 2 variables, then adds them and store in "$sum" variable. Result is displayed.
<html>
<body>
<form method="POST">
<p>
A: <br />
<input name="number_a" type="text"></input>
</p>
<p>B: <br />
<input name="number_b" type="text"></input>
</p>
<p>
<input type="submit"/>
</p>
</form>
<?php
if ($_SERVER['REQUEST_METHOD']=='POST') // process "if block", if form was sumbmitted
{
$a = $_POST['number_a'] ; // get first number form data sent by form to that file itself
$b = $_POST['number_b'] ; // get second number form data sent by form to that file itself
$sum = $a + $b; // calculate something
echo "A+B=" . $sum; // print this to html source, use "." (dot) for append text to another text/variable
}
?>
</body>
</html>
You need PHP server to test/use this! PHP file must be processed by web server, which creates page. Opening php file from disk will not work. If you need more explanations - ask for it in comments.

fill a select html with mysql table rows

I'm writting a web app, I'm doing a html form with javascript to validate the data, I'm using a servlet to insert the data in a DB, but I need, when the form load, fill a select in the html form with the rows of a table in a MySql DB, I think I have to make a query in a ResultSet and then fill the select in the html form with this info, and then use the HttpServletResponse, but I have no idea how to make this
Use PHP to access the database and then put it into the form. Something like this:
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM table_name WHERE id='$id'");
$info = mysql_fetch_array($result))
$name = $info['name'];
$email = $info['email'];
$anotherField = $info['another_field'];
In this, the info array has all of the database data in it of the id. But of course you would change the values and stuff. Change table_name to the table name, and if you are going to do something in the URL like ?id=373384 or something, then this will work. (I would assume you are doing it this way.) But, if it isn't 'id', just change WHERE id='$id' to what is in the database to identify a line.
$info['name']; would be the "name" column in your table. But, you can change 'name' and stuff to what you have in your database.
Here is the form code to pre-fill it with data:
<form>
<input type="text" name="name" value="<?php echo $name ?>" />
<input type="text" name="name" value="<?php echo $email ?>" />
<!--etc...-->
<input type="submit" value="Submit" />
</form>
You would need to change a lot of this, but I'm sure you get the point of it. :)
Note: This is not a simple copy+paste script. You will have to do a lot of charing because I don't know what your table values are and stuff.
If you have any questions, please do ask.