Jump to content

Search the Community

Showing results for tags 'sqli'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • W3Schools
    • General
    • Suggestions
    • Critiques
  • HTML Forums
    • HTML/XHTML
    • CSS
  • Browser Scripting
    • JavaScript
    • VBScript
  • Server Scripting
    • Web Servers
    • Version Control
    • SQL
    • ASP
    • PHP
    • .NET
    • ColdFusion
    • Java/JSP/J2EE
    • CGI
  • XML Forums
    • XML
    • XSLT/XSL-FO
    • Schema
    • Web Services
  • Multimedia
    • Multimedia
    • FLASH

Calendars

  • Community Calendar

Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Languages

Found 2 results

  1. I am new to php and am having a real problem getting it to write to SQL tables from form input. I finally managed to get a 3 column test form to insert the data into a test table, so moved on to the next test of inserting a 10 column form that includes 4 check boxes following the script of the one I got to insert. But I cannot get it to insert the data. I also have the problem that my localhost is running php 7.1 while the SQL side of the server is using php 5.6, thus the many single quotes versus double quotes or no quotes. With the first test script, I debugged line by line, and figured out if I get a bunch of warnings in netbeans and my local server but no red flags it most likely will work on the server. But this script has me at a loss. I have stripped out anything superfluous such as the thank you html, the email send portion, and debugged it line by line with the server. The connection is good, it takes a second as if it is inserting, I get zero warnings or errors at this point, but in the end it has not inserted the data into the table. I have checked and rechecked the database name, table name, columns etc and nothing. I appreciate any ideas and help from anyone here. Thanks so much! This is the form portion of the html: <form class="contact-form" role="form" action="volunteers2remote.php" method="post" onsubmit="document.getElementById('updatesButton').disabled=true; document.getElementById('updatesButton').value='Submitting, please wait...';"> <div class="form-group"> <label for="firstname" class="hidden">First Name</label> <input type="text" class="form-control" name="firstname" id="firstname" value="" required="required" placeholder="First Name"> </div> <div class="form-group"> <label for="lastname" class="hidden">Last Name</label> <input type="text" class="form-control" id="lastname" name="lastname" value="" required="required" placeholder="Last Name"> </div> <div class="form-group"> <label for="email" class="hidden">Email</label> <input type="email" class="form-control" id="email" name="email" value="" required="required" placeholder="Email"> </div> <div class="form-group"> <label for="zip" class="hidden">ZIP</label> <input type="text" class="form-control field-half-width" id="zip" name="zip" placeholder="ZIP"> </div> <div class="form-group"> <label for="phone" class="hidden">Phone</label> <input type="text" class="form-control field-half-width" id="phone" name="phone" value="" required="required" placeholder="Phone"> </div> <div class="form-inline"> I will: (uncheck those which you prefer not to do)<br> <input type="checkbox" name="house_party" class="cbox" id="house_party" placeholder="House Party" value="yes" checked><label for="party" type="text" class="special">Host a house party</label> <input type="checkbox" name="canvass" class="cbox" id="canvass" placeholder="Canvass" value="yes" checked><label for="canvass" type="text" class="special">Knock on doors</label><br> <input type="checkbox" name="phonebank" class="cbox" id="phonebank" placeholder="Phonebank" value="yes" checked><label for="phonebank" class="special">Make phone calls</label> <input type="checkbox" name="anything" value="anything" class="cbox" id="any" placeholder="Anything" value="yes" checked><label for="any" class="special">Help with anything you need</label> </div> <div class="form-group"> <label for="comments" class="hidden">Comments</label> <textarea name="comments" id="comments" class="form-control" rows="5" placeholder="Comments"></textarea> </div> <button type="submit" class="btn btn-default" value="Send" id="sendButton">Send</button> </form> <!-- volunteer-form --> This is the stripped down php: <?php ini_set('display_errors', '1'); ?> <?php deleted connection info $link = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); if (!$link) { die('Could not connect to database: ' . mysqli_error()); } // define variables $firstname = $_POST[firstname]; $lastname = $_POST[lastname]; $email= $_POST; $zip= $_POST[zip]; $phone= $_POST[phone]; $house_party= $_POST[house_party]; $canvass= $_POST[canvass]; $phonebank= $_POST[phonebank]; $anything= $_POST[anything]; $comments= $_POST[comments]; if ($_SERVER[REQUEST_METHOD] == 'POST') if (empty($_POST[firstname])) { $nameErr = 'First name is required'; } else { $firstname = test_input($_POST[firstname]); } // check if name only contains letters and whitespace if (!preg_match('/^[a-zA-Z ]*$/',$firstname)) { $firstnameErr = 'Only letters and white space allowed'; } if ($_SERVER[REQUEST_METHOD] == 'POST') if (empty($_POST[lastname])) { $nameErr = 'Last name is required'; } else { $lastname = test_input($_POST[lastname]); } // check if name only contains letters and whitespace if (!preg_match('/^[a-zA-Z ]*$/',$lastname)) { $lastnameErr = 'Only letters and white space allowed'; } if ($_SERVER[REQUEST_METHOD] == 'POST') if (empty($_POST)) { $emailErr = 'Email is required'; } else { $email = test_input($_POST); } // check if e-mail address is well-formed if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $emailErr = 'Invalid email format'; } /* Check all form inputs using test_input function */ if ($_SERVER[REQUEST_METHOD] == 'POST') { $firstname = test_input($_POST[firstname]); $lastname = test_input($_POST[lastname]); $email = test_input($_POST); $phone = test_input($_POST[phone]); $comments = test_input($_POST[comments]); } if (isset($_POST['myCheckbox'])) { $checkBoxValue = "yes"; } else { $checkBoxValue = "no"; } if(!empty($_POST['check'])) { foreach($_POST['check'] as $value) { $check_msg .= "Checked:".$value."\n"; } } if (isset($_POST[house_party])) { $anything = 'yes'; } else { $anything = 'no'; } if (isset($_POST[canvass])) { $canvass = 'yes'; } else { $canvass = 'no'; } if (isset($_POST[phonebank])) { $anything = 'yes'; } else { $anything = 'no'; } if (isset($_POST[anything])) { $anything = 'yes'; } else { $anything = 'no'; } $check = isset($_POST[check]) ? $_POST[check] : ''; function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } //inserting data into database if (isset($_POST[firstname], $_POST[lastname], $_POST, $_POST[zip], $_POST[phone], $_POST[house_party], $_POST[canvass], $_POST[phonebank], $_POST[anything], $_POST[comments])){ if ($stmt = $link->prepare('INSERT INTO `volunteerstest`(`firstname`, `lastname`, `email`, `zip`, `phone`, `house_party`, `canvass`, `phonebank`, `anything`, `comments`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)')) { $stmt->bind_param('ssssssssss', $_POST[firstname], $_POST[lastname], $_POST, $_POST[zip], $_POST[phone], $_POST[house_party], $_POST[canvass], $_POST[phonebank], $_POST[anything], $_POST[comments]); if (!$stmt->execute()) { error_log('Execute failed '.$stmt->error); } else { echo 'Data successfully inserted! firstname '.$_POST[firstname].' lastname '.$_POST[lastname].' email '.$_POST.' ZIP '.$_POST[zip].' phone '.$_POST[phone].' house_party '.$_POST[house_party].' canvass '.$_POST[canvass].' phonebank '.$_POST[phonebank].' anything '.$_POST[anything].' and comments '.$_POST[comments].''; } $stmt->close(); } else { echo "data insertion failed"; } } ?>
  2. Dynamic menu coding problem

    Hello W3S! It's been a while since i've been online here... sorry about that Anyways. I have some trouble with a dynamic menu i'm trying to make with MySQLI... not sure if that is the problem anyhow... Here is the code as a start, i will explain under the code below what i'm trying to do: // File that we are on (viewing / watching)$tab = pathinfo( $_SERVER['SCRIPT_NAME'], PATHINFO_FILENAME );$menu_res = query("SELECT * FROM menu WHERE menu_file_url = ".$tab);$menu_row = mysqli_fetch_row($menu_res);if( $tab == $menu_row['menu_file_url'] || $menu_row['menu_accessible'] == "no" ) stderr("Page Error", "We are currently working on this page! Go to another page to keep browsing! Thanks for your patience! :)");if(isset($CURUSER)){ $menu_while_res = query(" SELECT * FROM menu WHERE menu_accessible = 'yes' AND menu_view = 'user' OR menu_view = 'both' ORDER BY menu_order_id ASC");}else{ $menu_while_res = query(" SELECT * FROM menu WHERE menu_accessible = 'yes' AND menu_view = 'guest' OR menu_view = 'both' ORDER BY menu_order_id ASC");}$HTMLOUT .= "<ul class='nav_first'>"; while ($menu_while_row = mysqli_fetch_array($menu_while_res, MYSQLI_ASSOC)) { // Menu Items Loaded Here $tabarray = array( $menu_while_row['menu_array_id_name'] => "<li><a href='".$menu_while_row['menu_file_url']."'>".$menu_while_row['menu_name']."</a></li>", ); // K = Key // V = Value foreach($tabarray as $k => $v) { if( $tab == $k ) $HTMLOUT .= str_replace("<li>", "<li class='nav_active'>", $v); else $HTMLOUT .= $v; } // Unset Menu For re-load again unset($tabarray); }$HTMLOUT .= "</ul>"; Currently i'm trying to make a dynamic menu with MySQLI! It's working perfectly... but when i tried to "expand" the project a bit longer and try to make a dynamic menu with errors on pages if the users are not allowed to view a specific file, then i get nothing... What i'm trying to do is to controle in the database with "Enum" as my DB setup that is "no" is has been set on one of the menu items (menu_accessible).. then the item will NOT show on the menu! AND if the user still tries to enter that specific page by URL, he will then get an error message saying that we are working on the website page... The code i'm trying to insert into this project is this little peace of code here: // File that we are on (viewing / watching)$tab = pathinfo( $_SERVER['SCRIPT_NAME'], PATHINFO_FILENAME );$menu_res = query("SELECT * FROM menu WHERE menu_file_url = ".$tab);$menu_row = mysqli_fetch_row($menu_res);if( $tab == $menu_row['menu_file_url'] || $menu_row['menu_accessible'] == "no" ) stderr("Page Error", "We are currently working on this page! Go to another page to keep browsing! Thanks for your patience! :)"); However, i get no respond on the code! Even when i have checked if the "$tab" variable is real and related to the name inside the DB (which it is!)... so if possible, can anyone help and tell me what i'm doing wrong here Oo? Thanks alot by the way! And sorry for the long goodbye hehe ...studies and all, killing me! -.-' Anyways, hope some answers or good tips... really need this one Thanks in advance! Mr rootKID
×