www.webdeveloper.com
Results 1 to 5 of 5

Thread: more php assistance

  1. #1
    Join Date
    Oct 2012
    Posts
    36

    more php assistance

    Alright guys just a little more help,

    below are the three pages i'm currently working with, some of it seems to be working but i'm having issues with the insert.php page, at the bottom is the results i'm seeing just need someone to guide me to resolve.

    I am not getting any syntax errors at all, and all 3 files are under one folder


    This is labeled index.html
    HTML Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
    <style type="text/css">
     .labelclass{
      float: left;
      width: 150px;
     }
    </style>
    </head>
    <body>
    <img src="http://omgtechhelp.com/wp/wp-content/themes/OMGTech/images/logo7small.jpg" />
    <center>
    <h1><u>Notes For The Month Of August</u></h1>
    </center>
    <hr />
    <form name="myform" action="insert.php" target="_blank" method="post">
    <span class="labelclass" style="font-family:'Comic Sans MS', cursive">Customer Name: </span><input type="text" name="customername" /><br />
    <span class="labelclass" style="font-family:'Comic Sans MS', cursive">Phone Number: </span><input type="tel" name="pnumber" /><br />
    <span class="labelclass" style="font-family:'Comic Sans MS', cursive">E-Mail Address: </span><input type="text" name="eaddy" /><br />
    <span class="labelclass" style="font-family:'Comic Sans MS', cursive">Issue: </span><input type="text" name="issue" /><br />
    <span class="labelclass" style="font-family:'Comic Sans MS', cursive">Results: </span><input type="text" name="results" /><br />
    <span class="labelclass" style="font-family:'Comic Sans MS', cursive">Date: </span><input type="date" name="Date" /><br />
    <input type="submit" name="submit" value="submit" style="background-color:#F60" />
    </body>
    </html>


    This is labeled db_tb.php
    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
    </head>

    <body>
    <?php  
    $host 
    "localhost"// Host name
    $username "root"// Mysql username...please try and locate your mysql                 
                                      //configuration. i.e. your username and password. 
    $password ""// Mysql password
    // Connect to server
    mysql_connect("$host""$username""$password") or die('ERROR: Cannot connect' .mysql_error());

    //here is the newly added code..Selecting the database
    mysql_query("USE mydb");

    $sql mysql_query"CREATE TABLE UserNote (CustomerName varchar(255), Phone varchar(255), Email varchar(150), Issue varchar(255), Result varchar(255))");

    if (
    $sql) {
    echo 
    "Database and table created succesffully";
    }
    else {
       die (
    'ERROR: Cannot connect'.mysql_error());
    }
    ?>
    </body>
    </html>


    This is labeled insert.php
    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
    </head>

    <center>
    <h1><u>Notes For The Month Of August</u></h1>
    </center>

    <body>
    <?php
    //Protect against mysql_injection
     
    $customername mysql_real_escape_string(trim($_POST["customername"]));
    $phonenumber mysql_real_escape_string(trim($_POST["pnumber"]));
    $email mysql_real_escape_string(trim($_POST["eaddy"]));
    $issue mysql_real_escape_string(trim($_POST["issue"]));
    $result mysql_real_escape_string(trim($_POST["results"]));
    $date mysql_real_escape_string(trim($_POST["Date"]));
     
    //Now check form input(Validating the form).
    $errmsg_arr = array(); //Array to store validation errors
    $check_Error false//Validation error flag
     
    if (empty($customername)){
    $errmsg_arr[]= '.Please Enter Your Name';
     
    $check_Error true;
    }
    if (empty(
    $phonenumber)){
    $errmsg_arr[]= '.Please Enter Your Phone Number';
     
    $check_Error true;
    }
    if (empty(
    $email)){
    $errmsg_arr[]= '.Please Enter Your Email';
     
    $check_Error true;
    }
    if (empty(
    $issue)){
    $errmsg_arr[]= '.Please what is your issue';
     
    $check_Error true;
    }
    if (empty(
    $result)){
    $errmsg_arr[]= '.Please what is your issue';
     
    $check_Error true;
    }
      if (empty(
    $date)){
    $errmsg_arr[]= '.Please what is your issue';
     
    $check_Error true;
    }
    //Printing out any error message stored in the array.
    if ($check_Error == true){
      echo 
    '<h1>ERROR: </h1><h3>Please check below for Error Details</h3>';
     
      if( isset(
    $errmsg_arr) && is_array($errmsg_arr) && count($errmsg_arr) > ) {
          echo 
    '<ul><font color="red">';
          foreach(
    $errmsg_arr as $msg) {
            echo 
    '<li><b>Error: &nbsp;&nbsp;&nbsp;'.$msg.'</b></li><br />';
           }
             echo 
    '</font></ul>';
       }
          
    //Please change the a href link to the name of your page.
          
    echo "<p><a href='http://localhost/site/practice5.html'>Go Back To Register</a></p>";
    }
    //After validating successfully
    else {
    /* Now we will write a query to insert user details into database */
    $host "localhost"// Host name...change it to your configuration information.
    $username "root"// Mysql username...change it to your configuration information.
    $password ""// Mysql password...change it to your configuration information.
    $db_name "mydb"// Database name...change it to your configuration information.
    // Connect to server
    mysql_connect("$host""$username""$password") or die('ERROR: Cannot connect' .mysql_error());
    //connect to database
    mysql_select_db("$db_name") or die ('ERROR: Cannot connect'.mysql_error());
     
    $tbl_name "UserNote";  //Mysql Table name...change it to your configuration information.
     
    $sql="INSERT INTO $tbl_name (CustomerName, Phone, Email, Issue, Result, Date)
            VALUES(
    $customername', '$phonenumber', '$email',  '$issue', '$result', '$date')";
    }
    if (  
    mysql_query($sql) ) //notice the "!" it means if the mysql_query($sql)  cannot be executed, then die error. ELSE execute the mysql_querry($sql) to
                                            //insert into table in the database.
    {   
    die(
    'Error in Registration,: ' mysql_error());
    }
    else
    {    
    //Insert User into the database.
    echo 'Customer Name: '$customername '<br />Phone Number: ' .$phonenumber '<br />E-Mail Address: ' $email;
    echo 
    '<br />Issue:'$issue '<br />Results:' $result '<br />' 'Date:' .$date '<br />' ;
    }
    ?>
    </body>
    </html>


    This is the error

    ERROR:
    Please check below for Error Details

    '; if( isset($errmsg_arr) && is_array($errmsg_arr) && count($errmsg_arr) > 0 ) { echo '
    '; foreach($errmsg_arr as $msg) { echo '
    Error: '.$msg.'

    '; } echo '
    '; } //Please change the a href link to the name of your page. echo "
    Go Back To Register

    "; } //After validating successfully else { /* Now we will write a query to insert user details into database */ $host = "localhost"; // Host name...change it to your configuration information. $username = "root"; // Mysql username...change it to your configuration information. $password = ""; // Mysql password...change it to your configuration information. $db_name = "mydb"; // Database name...change it to your configuration information. // Connect to server mysql_connect("$host", "$username", "$password") or die('ERROR: Cannot connect' .mysql_error()); //connect to database mysql_select_db("$db_name") or die ('ERROR: Cannot connect'.mysql_error()); $tbl_name = "UserNote"; //Mysql Table name...change it to your configuration information. $sql="INSERT INTO $tbl_name (CustomerName, Phone, Email, Issue, Result, Date) VALUES($customername', '$phonenumber', '$email', '$issue', '$result', '$date')"; } if ( mysql_query($sql) ) //notice the "!" it means if the mysql_query($sql) cannot be executed, then die error. ELSE execute the mysql_querry($sql) to //insert into table in the database. { die('Error in Registration,: ' . mysql_error()); } else { //Insert User into the database. echo 'Customer Name: '. $customername . '
    Phone Number: ' .$phonenumber . '
    E-Mail Address: ' . $email; echo '
    Issue:'. $issue . '
    Results:' . $result . '
    ' . 'Date:' .$date . '
    ' ; } ?>
    Last edited by spudly1987; 08-16-2013 at 03:21 AM.

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,176
    Looks like it's not being processed as a PHP file. If running it locally, are you running a web server on your computer, and accessing any page involved via a "http://" link instead of a "file://" link?
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Oct 2012
    Posts
    36
    Yes currently I am using XAMPP and running it though the local host , the direct link is http://localhost/site/, But even before I do that, its showing that message in Dreamweaver which I am using as well.

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,176
    Well, if I save the insert.php code as insert.html and the try to load it in my browser, I get the output you showed here, which tells me it's not being processed as a PHP script. So, make sure that apache is actually running (won't even get this far, though, if you use a "http://localhost" request if Apache is not running), that you really saved it with a ".php" suffix, are accessing it via a "localhost" url, etc.

    PS: If you're trying to run it from within Dreamweaver, I have no idea what configuration settings that requires, as I'm not a DW user.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,213
    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
    </head>

    <body>
    <?php  
    $host 
    "localhost"// Host name
    $username "root"// Mysql username...please try and locate your mysql                 
                                      //configuration. i.e. your username and password. 
    $password ""// Mysql password
    // Connect to server
    mysql_connect("$host""$username""$password") or die('ERROR: Cannot connect' .mysql_error());

    //here is the newly added code..Selecting the database
    mysql_query("USE mydb");

    $sql mysql_query"CREATE TABLE UserNote (CustomerName varchar(255), Phone varchar(255), Email varchar(150), Issue varchar(255), Result varchar(255))");

    if (
    $sql) {
    echo 
    "Database and table created succesffully";
    }
    else {
       die (
    'ERROR: Cannot connect'.mysql_error());
    }
    ?>
    </body>
    </html>
    Why have you got HTML wrapped around a block of PHP code?

    Change to this, save it as database.php
    PHP Code:
    <?php  
    $host 
    "localhost"// Host name
    $username "root"// Mysql username...please try and locate your mysql                 
                                      //configuration. i.e. your username and password. 
    $password ""// Mysql password
    // Connect to server
    mysql_connect("$host""$username""$password") or die('ERROR: Cannot connect' .mysql_error());

    //here is the newly added code..Selecting the database
    mysql_query("USE mydb");

    $sql mysql_query"CREATE TABLE UserNote (CustomerName varchar(255), Phone varchar(255), Email varchar(150), Issue varchar(255), Result varchar(255))");

    if (
    $sql) {
    echo 
    "Database and table created succesffully";
    }
    else {
       die (
    'ERROR: Cannot connect'.mysql_error());
    }
    ?>
    </html>
    Then in the insert.php file add...
    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
    </head>

    <center>
    <h1><u>Notes For The Month Of August</u></h1>
    </center>

    <body>
    <?php

    // Add this include.
    include("database.php");

    //Protect against mysql_injection
     
    $customername mysql_real_escape_string(trim($_POST["customername"]));
    $phonenumber mysql_real_escape_string(trim($_POST["pnumber"]));
    $email mysql_real_escape_string(trim($_POST["eaddy"]));
    $issue mysql_real_escape_string(trim($_POST["issue"]));
    $result mysql_real_escape_string(trim($_POST["results"]));
    $date mysql_real_escape_string(trim($_POST["Date"]));
    Which is something I suggested before.

    From a security stand point, none of your inputs are sanitized and can lead to hack attempts breaking your PHP and or SQL Injection.

    I suggest that you sanitize your inputs in to a safe array and also use a white list of what inputs your script accepts. This is a rough idea of how I would tackle the problem.
    PHP Code:
    function sanitize$v ){
            
    // example of striping slashes and HTML tags
            
    return stripslashes(htmlentities($v));
            }
        
    $safe_POST = array("customername"=>"","pnumber"=>"","eaddy"=>"","issue"=>"","results"=>"","Date"=>"");

    foreach(
    $safe_POST as $key=>$v$safe_POST[$key] = sanitize$_POST[$key] );

    $errmsg_arr = array('.Please Enter Your Name'=>false,
                        
    '.Please Enter Your Phone Number'=>false,
                        
    '.Please Enter Your Email'=>false,
                        
    '.Please what is your issue'=>false,
                        
    '.Please what is your issue'=>false,
                        
    '.Please what is your issue'=>false
                        
    );
    // checking for empty fields
    foreach( $safe_POST as $k=>$v)
        if( empty(
    $v) ) $errmsg_arr[$key] = true;

    if( 
    in_arraytrue $errmsg_arr ) ){
        echo 
    '<ul><font color="red">';
        foreach( 
    $errmsg_arr as $err=>$v) {
            if(
    $v) echo "<li><b>Error: &nbsp;&nbsp;&nbsp;{$err}</b></li><br />";
            }
        echo 
    '</font></ul>';
        }else{
            
    // turn contents in to variables
            
    extract$safe_POST );
        }
                        
    //... rest of script to fit needs... 
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles