Leaderboard

querySelectorAll returns a NodeList, which does not have an addEventListener method. Assigning an event handler to a collection of elements is a jQuery thing. In plain JavaScript, you have to loop over the elements in the collection and assign the event handler to each one individually, or attach it to a common parent element. document.querySelectorAll("p").forEach((e) => { e.addEventListener('click', fn); });

You don't do any validation of $class to make sure it's a number between 8 and 55 before trying to use it with $days Same for $class as used with $periods, except values of 7, 8, 15, 16, 23, 24, and so on aren't valid You do a mysqli_connect for every single mysqli_query. All you need is one at the beginning of the script, then assign the connection to a variable and use that You're connecting as root, and without a password. Do things right and create a proper user with a proper password. If $whose is a string then don't put the variable directly into a query - use prepared statements instead Same for $sub, except it's even worse because that value came from the user, and a malicious user could easily screw up your database by doing something as simple as inserting an apostrophe And then you turn around and use $sub as a table name? That's completely wrong: never use unknown variables, especially from $_GET or $_POST, as table or column names. Fixing the above should resolve the error message too Why are there <br>s in your data? That doesn't make sense and suggests you're doing something weird with the data, like putting HTML into it. Using isset with the pwd in the $_POST only checks if there was a field named "pwd" in your form. If that field is left empty, isset will still return true. And assuming pwd is a password, shouldn't you be checking that password? When you do check the password, make sure that your code does not keep running after that. Right now the user will get redirected with some Javascript, yes, but all your code kept on running. And you're doing the thing where you use a variable as a table again, this time with $whose Are you putting multiple values into your $whose table? Don't. One value at a time, using multiple rows if you have to. On that subject, apparently $period is a column name? Don't. What you're doing with $day, where you have a column named "day" and multiple rows for the days, is what you should be doing with periods too. ...Are you putting an actual password into your form? And your own phone number as the sender? What's the point of the "msg" form field? Either that or what's the point of the "s" message you put into the session? What's going on with this? And why have a form that automatically submits? If you want to do something immediately then do it - don't send a form to the user (which they won't see for long) that is just going to come right back to you. All your various outputs need to be escaped with functions like htmlspecialchars so that someone like me can't insert <>s or "s that will mess up your HTML, or worse let me hijack some other user's browsing sessions for my own malicious purposes. Is this a school assignment or something?