Issue storing option value in MySQL using PHP -

-

this question has answer here:

i trying use post method in order submit contents of form pre-created mysql table. there different input types each part of form including datetime, number , option values , can't figure out problem code. appreciated. hmtl , php below...tia.

php code:

<?php      $servername = "localhost";     $username = "root";     $password = "cornwall";      $con=mysqli_connect('localhost','root','cornwall','ibill');     // code creates connection mysql database in phpmyadmin named 'ibill':      if (mysqli_connect_errno()) {       echo "failed connect mysql: " . mysqli_connect_error();     }     // connection checked, if fails, echo sent page stating connection error.      if($_post['formsubmit'] == "submit")      {        $typeofactivity = $_post['typeofactivity'];        $employer = $_post['employer'];        $datetime = $_post['datetime'];        $amount = $_post['amount'];        $errormessage = "";         // - - - snip - - -      }          if(empty($typeofactivity)) {           $errormessage .= "<li>you forgot enter activity!</li>";        }        if(empty($employer)) {           $errormessage .= "<li>you forgot enter employer!</li>";        }        if(empty($datetime)) {           $errormessage .= "<li>you forgot select time , date!</li>";        }        if(empty($amount)) {           $errormessage .= "<li>you forgot select amount of session!</li>";        }         $record_session = "insert session_details (typeofactivity, employer, datetime, amount) values ('$typeofactivity', '$employer', '$datetime', '$amount')"        mysql_query($sql);     }        /** error reporting */     error_reporting(e_all);     ini_set('display_errors', 1);     ini_set('display_startup_errors', 1);      ?>

html:

<!--********************************record session page************************************--> <!--***************************************************************************************-->  <!--********************************header**********************************************--> <div data-role="page" id="sessionrecord">     <div data-role="header" data-id="foo1" data-position="fixed">     <div class='cssmenu'>       <ul>         <li class='active'><a href='#home'>home</a></li>         <li><a href='#sessionrecord'>record session</a></li>         <li><a href='#viewsessions'>view sessions</a></li>         <li><a href='#email'>e-mail invoice</a></li>       </ul>     </div>   </div><!-- /header --> <!--********************************header**********************************************-->  <!--********************************main**********************************************-->   <div data-role="main" class="ui-content">      <img class="mainlogo" src="/projects/ibill_v3/img/ibill logo.png" alt="ibill logo" width="250" height="190">          <section class="maincontent">           <h1>record session using form below</h1>             <form method="post" action="record_session.php" id="sessionrecord">               <fieldset>                   <select name="typeofactivity" id="typeofactivity" data-native-menu="false">                     <option>type of session</option>                     <option value="surf">surf</option>                     <option value="coast">coasteer</option>                     <option value="bodyboard">bodyboard</option>                     <option value="climbing">cornish challenge</option>                   </select>               </fieldset>               <fieldset>                   <select name="employer" id="employer" data-native-menu="false">                     <option>employer</option>                     <option value="nac">newquay activity centre</option>                     <option value="coastline">coastline coasteer</option>                   </select>               </fieldset>                   <label for="datetime">date , time of session</label>                   <input type="datetime-local" data-clear-btn="false" name="datetime" id="datetime" value="">                   <label for="amount">amount (gbp)</label>                   <input type="number" data-clear-btn="true" name="amount" id="amount" value="">                 <div id="submitbutton">                   <input type="submit" name="formsubmit" value="submit">                 </div>             </form>          </section>   </div> <!--********************************main**********************************************-->  <!--********************************footer**********************************************-->   <div data-role="footer">     <footer class="footer">         <p>awilliams&copy;</p>     </footer>   </div> </div> <!--********************************footer**********************************************-->  <!--********************************end of record session page************************************--> <!--***************************************************************************************-->

multiple issues

  1. no input sanitization

    $typeofactivity = $_post['typeofactivity']; $employer = $_post['employer']; $datetime = $_post['datetime']; $amount = $_post['amount'];  // // // // // // // // // // //   $record_session = "insert session_details (typeofactivity, employer, datetime, amount) values ('$typeofactivity', '$employer', '$datetime', '$amount')"

  2. end of line missing ;

    $record_session = "insert session_details (typeofactivity, employer, datetime, amount) values ('$typeofactivity', '$employer', '$datetime', '$amount')"

  3. extra }

       // - - - snip - - - section. }

  4. $sql undeclared variable

    mysql_query($sql);

  5. mysql_query wrong api use mysqli connection

    mysql_query($sql);

  6. unused variables $servername, $username, , $password

    $servername = "localhost"; $username = "root"; $password = "cornwall";  $con=mysqli_connect(['localhost','root','cornwall','ibill');

  7. root should used administration

    $username = "root";

possible solution

<?php  // validate inputs exist first $errormessage = "";  // check if empty avoid unused variable notice if(empty($_post['typeofactivity'])) { $errormessage .= "<li>you forgot enter activity!</li>"; } else $typeofactivity = $_post['typeofactivity'];  if(empty($_post['employer'])) { $errormessage .= "<li>you forgot enter employer!</li>"; } else $employer = $_post['employer'];  if(empty($_post['datetime'])) { $errormessage .= "<li>you forgot select time , date!</li>"; } else $datetime = $_post['datetime'];  if(empty($_post['amount'])) { $errormessage .= "<li>you forgot select amount of session!</li>"; } else $amount = $_post['amount'];   // don't bother database unless form fields have been posted if ( empty($errormessage) ){    /*      phpmyadmin tool administer mysql database management system     https://www.phpmyadmin.net/      -- run these commands root      -- create new user run page     create user 'phpsessionrecord'@'localhost' identified 'lxfyymgr4npolvbb';      -- grant user minimal privileges     -- https://en.wikipedia.org/wiki/principle_of_least_privilege     grant insert on ibill.session_details 'phpsessionrecord'@'localhost';    */    $servername = "localhost";   $username = "phpsessionrecord";   $password = "lxfyymgr4npolvbb";   $databasename = "ibill";    // create mysqli connection mysql database   $con = new mysqli($servername, $username, $password, $databasename);    // stop script if connection failure , print out error message   if ($con->connect_error)     die( "failed connect mysql: " . $con->error() );    // parameterized sql statement string   $record_session = "     insert session_details       (typeofactivity, employer, datetime, amount)     values (?, ?, ?, ?)   ";    // prepare statement   if (!($stmt = $con->prepare($record_session))) {     die( "prepare failed: " . $con->errno);   }    // bind parameters datatypes in same order question marks   // values (?, ?, ?, ?) : (string, string, string, decimal)   $stmt->bind_param('sssd', $typeofactivity, $employer, $datetime, $amount);    // execute or die   if (!$stmt->execute()) {     die( "execute failed: " . $stmt->errno;    /** error reporting */   error_reporting(e_all);   ini_set('display_errors', 1);   ini_set('display_startup_errors', 1);  } else echo $errormessage;

Comments

Post a Comment

Popular posts from this blog

html - Styling progress bar with inline style -

-
i trying set progress bar color red using inline style. need in way because have access <body> part of document. style need apply: progress { color: red } progress::-moz-progress-bar { background: red;} progress::-webkit-progress-value { background: red; } progress[aria-valuenow]:before { background: red; } i tried <progress style="background: red;"> incorrect effect, progress bar color turns blue red background. guide right direction desired style? thank in advance. here live example: https://jsfiddle.net/z36d3f6l/
Read more

java - Oracle Sql developer error: could not install some modules -

-
i have downloaded fresh copy of sqldeveloper ( sqldeveloper-4.1.3.20.78-no-jre ) oracle website. when unzip , lauch gui, keep getting following error message: warning - not install modules: dynamic module config - no module providing capability org.netbeans.netbinox found. my system: windows 7 32 bit hp probook. jdk 1.6 , 1.7, 1.8 available in java/jdk subdirectory. netbeans 8.0.2 installed finally got way out after dirty hours. extracted sqldeveloper zip in nested directory. i.e: e://a/b/c/sqldeveloper. starting sqldeveloper gui above directory threw erros. solution: go in c:\users**username**\appdata\roaming : delete sql developer , sqldeveloper folders extract sql developer zip in new non nested directory. i.e: e:// start , should work now reference: https://community.oracle.com/thread/3870680?start=0&tstart=0
Read more

How to use autoclose brackets in Jupyter notebook? -

-
this may sound silly question, how make use of autoclose brackets in jupyter notebook? example, when type print( jupyter notebook auto-closes brakets print() and places cursor inside. type argument, say print(1 + 1) now cursor between second 1 , right bracket ) . key navigate right of ) ? of course can press end or → or ) achieve this, not seem save time, purpose of brackets autoclose suppose? thanks in advance.
Read more