Issue storing option value in MySQL using PHP -

-

this question has answer here:

i trying use post method in order submit contents of form pre-created mysql table. there different input types each part of form including datetime, number , option values , can't figure out problem code. appreciated. hmtl , php below...tia.

php code:

<?php      $servername = "localhost";     $username = "root";     $password = "cornwall";      $con=mysqli_connect('localhost','root','cornwall','ibill');     // code creates connection mysql database in phpmyadmin named 'ibill':      if (mysqli_connect_errno()) {       echo "failed connect mysql: " . mysqli_connect_error();     }     // connection checked, if fails, echo sent page stating connection error.      if($_post['formsubmit'] == "submit")      {        $typeofactivity = $_post['typeofactivity'];        $employer = $_post['employer'];        $datetime = $_post['datetime'];        $amount = $_post['amount'];        $errormessage = "";         // - - - snip - - -      }          if(empty($typeofactivity)) {           $errormessage .= "<li>you forgot enter activity!</li>";        }        if(empty($employer)) {           $errormessage .= "<li>you forgot enter employer!</li>";        }        if(empty($datetime)) {           $errormessage .= "<li>you forgot select time , date!</li>";        }        if(empty($amount)) {           $errormessage .= "<li>you forgot select amount of session!</li>";        }         $record_session = "insert session_details (typeofactivity, employer, datetime, amount) values ('$typeofactivity', '$employer', '$datetime', '$amount')"        mysql_query($sql);     }        /** error reporting */     error_reporting(e_all);     ini_set('display_errors', 1);     ini_set('display_startup_errors', 1);      ?>

html:

<!--********************************record session page************************************--> <!--***************************************************************************************-->  <!--********************************header**********************************************--> <div data-role="page" id="sessionrecord">     <div data-role="header" data-id="foo1" data-position="fixed">     <div class='cssmenu'>       <ul>         <li class='active'><a href='#home'>home</a></li>         <li><a href='#sessionrecord'>record session</a></li>         <li><a href='#viewsessions'>view sessions</a></li>         <li><a href='#email'>e-mail invoice</a></li>       </ul>     </div>   </div><!-- /header --> <!--********************************header**********************************************-->  <!--********************************main**********************************************-->   <div data-role="main" class="ui-content">      <img class="mainlogo" src="/projects/ibill_v3/img/ibill logo.png" alt="ibill logo" width="250" height="190">          <section class="maincontent">           <h1>record session using form below</h1>             <form method="post" action="record_session.php" id="sessionrecord">               <fieldset>                   <select name="typeofactivity" id="typeofactivity" data-native-menu="false">                     <option>type of session</option>                     <option value="surf">surf</option>                     <option value="coast">coasteer</option>                     <option value="bodyboard">bodyboard</option>                     <option value="climbing">cornish challenge</option>                   </select>               </fieldset>               <fieldset>                   <select name="employer" id="employer" data-native-menu="false">                     <option>employer</option>                     <option value="nac">newquay activity centre</option>                     <option value="coastline">coastline coasteer</option>                   </select>               </fieldset>                   <label for="datetime">date , time of session</label>                   <input type="datetime-local" data-clear-btn="false" name="datetime" id="datetime" value="">                   <label for="amount">amount (gbp)</label>                   <input type="number" data-clear-btn="true" name="amount" id="amount" value="">                 <div id="submitbutton">                   <input type="submit" name="formsubmit" value="submit">                 </div>             </form>          </section>   </div> <!--********************************main**********************************************-->  <!--********************************footer**********************************************-->   <div data-role="footer">     <footer class="footer">         <p>awilliams&copy;</p>     </footer>   </div> </div> <!--********************************footer**********************************************-->  <!--********************************end of record session page************************************--> <!--***************************************************************************************-->

multiple issues

  1. no input sanitization

    $typeofactivity = $_post['typeofactivity']; $employer = $_post['employer']; $datetime = $_post['datetime']; $amount = $_post['amount'];  // // // // // // // // // // //   $record_session = "insert session_details (typeofactivity, employer, datetime, amount) values ('$typeofactivity', '$employer', '$datetime', '$amount')"

  2. end of line missing ;

    $record_session = "insert session_details (typeofactivity, employer, datetime, amount) values ('$typeofactivity', '$employer', '$datetime', '$amount')"

  3. extra }

       // - - - snip - - - section. }

  4. $sql undeclared variable

    mysql_query($sql);

  5. mysql_query wrong api use mysqli connection

    mysql_query($sql);

  6. unused variables $servername, $username, , $password

    $servername = "localhost"; $username = "root"; $password = "cornwall";  $con=mysqli_connect(['localhost','root','cornwall','ibill');

  7. root should used administration

    $username = "root";

possible solution

<?php  // validate inputs exist first $errormessage = "";  // check if empty avoid unused variable notice if(empty($_post['typeofactivity'])) { $errormessage .= "<li>you forgot enter activity!</li>"; } else $typeofactivity = $_post['typeofactivity'];  if(empty($_post['employer'])) { $errormessage .= "<li>you forgot enter employer!</li>"; } else $employer = $_post['employer'];  if(empty($_post['datetime'])) { $errormessage .= "<li>you forgot select time , date!</li>"; } else $datetime = $_post['datetime'];  if(empty($_post['amount'])) { $errormessage .= "<li>you forgot select amount of session!</li>"; } else $amount = $_post['amount'];   // don't bother database unless form fields have been posted if ( empty($errormessage) ){    /*      phpmyadmin tool administer mysql database management system     https://www.phpmyadmin.net/      -- run these commands root      -- create new user run page     create user 'phpsessionrecord'@'localhost' identified 'lxfyymgr4npolvbb';      -- grant user minimal privileges     -- https://en.wikipedia.org/wiki/principle_of_least_privilege     grant insert on ibill.session_details 'phpsessionrecord'@'localhost';    */    $servername = "localhost";   $username = "phpsessionrecord";   $password = "lxfyymgr4npolvbb";   $databasename = "ibill";    // create mysqli connection mysql database   $con = new mysqli($servername, $username, $password, $databasename);    // stop script if connection failure , print out error message   if ($con->connect_error)     die( "failed connect mysql: " . $con->error() );    // parameterized sql statement string   $record_session = "     insert session_details       (typeofactivity, employer, datetime, amount)     values (?, ?, ?, ?)   ";    // prepare statement   if (!($stmt = $con->prepare($record_session))) {     die( "prepare failed: " . $con->errno);   }    // bind parameters datatypes in same order question marks   // values (?, ?, ?, ?) : (string, string, string, decimal)   $stmt->bind_param('sssd', $typeofactivity, $employer, $datetime, $amount);    // execute or die   if (!$stmt->execute()) {     die( "execute failed: " . $stmt->errno;    /** error reporting */   error_reporting(e_all);   ini_set('display_errors', 1);   ini_set('display_startup_errors', 1);  } else echo $errormessage;

Comments

Post a Comment

Popular posts from this blog

Django REST Framework perform_create: You cannot call `.save()` after accessing `serializer.data` -

-
i have following viewset: class artistprofileviewset(viewsets.modelviewset): queryset = artistprofile.objects.all() serializer_class = artistprofileserializer def perform_create(self, serializer): if serializer.is_valid(): serializer.save() with following serializers: class simpleartisttrackserializer(serializers.hyperlinkedmodelserializer): class meta: model = artisttrack fields = (...my fields...) class artistprofileserializer(serializers.hyperlinkedmodelserializer): owners = userserializer(many=true, required=false) tracks = simpleartisttrackserializer(many=true, required=false) class meta: model = artistprofile fields = (...my fields...) i getting following error: assertionerror: cannot call `.save()` after accessing `serializer.data`.if need access data before committing database inspect 'serializer.validated_data' instead. i don't see editing serializer.data object. th...
Read more

Why does Go error when trying to marshal this JSON? -

-
i'm trying rather simple example of trying decode json file structs using golang. however, when attempting error that json: cannot unmarshal object go value of type []main.track which don't understand. here's code in question, , json can found here . package main import ( "encoding/json" "fmt" "net/http" "os" ) // tracks group of track types type tracks struct { tracks []track } // track represents singular track type track struct { name string url string artist artist } // artist represents single artist type artist struct { name string mbid string url string } func main() { url := "http://ws.audioscrobbler.com/2.0/?method=geo.gettoptracks&api_key=c1572082105bd40d247836b5c1819623&format=json&country=netherlands" response, err := http.get(url) if err != nil { fmt.printf("%s\n", err) os.exit(1) } de...
Read more