herghost Posted October 13, 2009 Share Posted October 13, 2009 Hi all, I think this is going to be easy to resolve but for I have been looking at it to long and I cannot see my issue! I hope this is in the right section as it uses modalbox, however I think its a php error not modalbox. Basically I have a registration form as follows: <form action="pages/reg_do.php" id="myform" onsubmit="return false;"> <fieldset> <legend>Register New User</legend> <table> <tr> <td><label for="name"><strong>Username </strong></label></td> <td> </td> <td><input type="text" size="30" id="username" name="username" /></td> </tr> <tr> <td><label for="password"><strong>Password </strong></label></td> <td> </td> <td><input type="text" size="30" id="password" name="password" /></td> </tr> <tr> <td><label for="email"><strong>Email</strong></label></td> <td> </td> <td><input type="text" size="30" id="email" name="email" /></td> </tr> <tr> <td> <label for="first_name"><strong>First Name</strong></label></td> <td> </td> <td><input type="text" size="30" id="first_name" name="first_name" /></td> </tr> <tr> <td><label for="last_name"><strong>Last Name</strong></label></td> <td> </td> <td><input type="text" size="30" id="last_name" name="last_name" /></td> </tr> <tr> <td><label for="city"><strong>City</strong></label></td> <td> </td> <td><input type="text" size="30" id="city" name="city" /></td> </tr> <tr> <td><label for="state"><strong>State</strong></label></td> <td> </td> <td><select name="state"> <option value="WA">Western Australia</option> <option value="SA">Southern Australia</option> <option value="VIC">Victoria</option> <option value="NT">Nothern Territories</option> <option value="TAS">Tasmania</option> <option value="QLD">Queensland</option> </select></td> </tr> </table> </fieldset> <p><input type="submit" value="Register" onclick="Modalbox.show('pages/reg_do.php', {title: 'Registering....', width: 500, params:Form.serialize('myform') }); return false;" /> or <a href="#" title="Cancel & close dialog" onclick="Modalbox.hide(); return false;">Cancel & close</a></p> </form> </body> </html> This is opened from the main page in a modalbox popup box, once the form is submitted it goes to red_do.php, which loads in a replacement modalbox: <?php session_start(); include '../common/dbconnect.php'; $username = $_GET['username']; $password = $_GET['password']; $first_name = $_GET['first_name']; $last_name = $_GET['last_name']; $email = $_GET['email']; $city = $_GET['city']; $state = $_GET['state']; $query = 'INSERT INTO users (user_id, username, password) VALUES ("", "$username", "$password")'; $result = mysql_query($query, $conn) or die(mysql_error()); $user_id = mysql_insert_id($conn); $query = 'INSERT INTO users_details (user_id, username, first_name, last_name, email, city, state) VALUES ("$user_id","$username", "$first_name", "$last_name", "$email", "$city", "$state") '; $result = mysql_query($query, $conn) or die(mysql_error()); $_SESSION['logged'] = 1; $_SESSION['username'] = $username; echo "thankyou, working"; ?> I then get the thankyou message, however instead of submitting the actual values into the database it will physically submit $username as apposed to the value of $username. What am I missing. As a sidenote, i understand the importance of escaping strings and this is done in the database connect file using: foreach ($_POST as $key => $value) { $_POST[$key] = mysql_real_escape_string($value); } foreach ($_GET as $key => $value) { $_GET[$key] = mysql_real_escape_string($value); } as I know people like pointing this out Many Thanks Quote Link to comment https://forums.phpfreaks.com/topic/177564-solved-form-problem/ Share on other sites More sharing options...
ialsoagree Posted October 13, 2009 Share Posted October 13, 2009 Just took a quick glance but... <?php $query = 'INSERT INTO users (user_id, username, password) VALUES ("", "$username", "$password")'; ?> Your variables are inside single quotes, therefor they're not being parsed by PHP as variables and instead are being sent as literal text. Instead, you should be using: <?php $query = 'INSERT INTO users (user_id, username, password) VALUES ("", "'.$username.'", "'.$password.'")'; ?> (Notice how the variables appear in red above - literal text - and blue here - PHP variables?) You might also want to notice that you're submitting the user_id as "", if user_id is being set by automatically by the database, you shouldn't submit a value for the user_id at all, simply skip it in the first and second list. You propagate this error further: <?php $query = 'INSERT INTO users_details (user_id, username, first_name, last_name, email, city, state) VALUES ("$user_id","$username", "$first_name", "$last_name", "$email", "$city", "$state") '; ?> Quote Link to comment https://forums.phpfreaks.com/topic/177564-solved-form-problem/#findComment-936236 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.