Jump to content

[SOLVED] form problem

herghost

By herghost
in PHP Coding Help

Recommended Posts

herghost Advanced Member

herghost

Posted
Posted

Hi all, I think this is going to be easy to resolve but for I have been looking at it to long and I cannot see my issue!

 

I hope this is in the right section as it uses modalbox, however I think its a php error not modalbox.

 

Basically I have a registration form as follows:

 

  <form action="pages/reg_do.php" id="myform" onsubmit="return false;">
  <fieldset>
  <legend>Register New User</legend>
  
  
  <table>
  <tr>
    <td><label for="name"><strong>Username	</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="username" name="username" /></td>
  </tr>
  <tr>
    <td><label for="password"><strong>Password	</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="password" name="password" /></td>
  </tr>
  <tr>
    <td><label for="email"><strong>Email</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="email" name="email" /></td>
  </tr>
  <tr>
    <td> <label for="first_name"><strong>First Name</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="first_name" name="first_name" /></td>
  </tr>
  <tr>
    <td><label for="last_name"><strong>Last Name</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="last_name" name="last_name" /></td>
  </tr>
  <tr>
    <td><label for="city"><strong>City</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="city" name="city" /></td>
  </tr>
  <tr>
    <td><label for="state"><strong>State</strong></label></td>
    <td> </td>
    <td><select name="state">
     	<option value="WA">Western Australia</option>
    	<option value="SA">Southern Australia</option>
     	<option value="VIC">Victoria</option>
     	<option value="NT">Nothern Territories</option>
     	<option value="TAS">Tasmania</option>
     	<option value="QLD">Queensland</option>
     	</select></td>
  </tr>
</table>
</fieldset>
   <p><input type="submit" value="Register" onclick="Modalbox.show('pages/reg_do.php', {title: 'Registering....', width: 500, params:Form.serialize('myform') }); return false;" /> or <a href="#" title="Cancel & close dialog" onclick="Modalbox.hide(); return false;">Cancel & close</a></p>

  </form>
</body>
</html>

 

This is opened from the main page in a modalbox popup box, once the form is submitted it goes to red_do.php, which loads in a replacement modalbox:

 

<?php
session_start();
include '../common/dbconnect.php';


$username = $_GET['username'];
$password = $_GET['password'];
$first_name = $_GET['first_name'];
$last_name = $_GET['last_name'];
$email = $_GET['email'];
$city = $_GET['city'];
$state = $_GET['state'];

	$query = 'INSERT INTO users (user_id, username, password)
           			VALUES ("", "$username", "$password")';
        $result = mysql_query($query, $conn) or die(mysql_error());

         $user_id = mysql_insert_id($conn);

        $query = 'INSERT INTO users_details 
                (user_id, username, first_name, last_name, email, city, state)
           VALUES 
	   ("$user_id","$username", "$first_name", "$last_name", "$email", "$city", "$state") ';
                
        $result = mysql_query($query, $conn) or die(mysql_error());

        $_SESSION['logged'] = 1;
        $_SESSION['username'] = $username;
	echo "thankyou, working";

        
?>

 

I then get the thankyou message, however instead of submitting the actual values into the database it will physically submit $username as apposed to the value of $username.

 

What am I missing.

 

As a sidenote, i understand the importance of escaping strings and this is done in the database connect file using:

 

 foreach ($_POST as $key => $value) {
    $_POST[$key] = mysql_real_escape_string($value);
  }
  foreach ($_GET as $key => $value) {
    $_GET[$key] = mysql_real_escape_string($value);
  }

 

as I know people like pointing this out :)

 

Many Thanks

Link to comment
https://forums.phpfreaks.com/topic/177564-solved-form-problem/
Share on other sites
ialsoagree Newbie

ialsoagree

Posted
Posted

Just took a quick glance but...

 

<?php
$query = 'INSERT INTO users (user_id, username, password)
                    VALUES ("", "$username", "$password")';
?>

 

Your variables are inside single quotes, therefor they're not being parsed by PHP as variables and instead are being sent as literal text.

 

Instead, you should be using:

 

<?php
$query = 'INSERT INTO users (user_id, username, password)
                    VALUES ("", "'.$username.'", "'.$password.'")';
?>

(Notice how the variables appear in red above - literal text - and blue here - PHP variables?)

 

You might also want to notice that you're submitting the user_id as "", if user_id is being set by automatically by the database, you shouldn't submit a value for the user_id at all, simply skip it in the first and second list.

 

You propagate this error further:

 

<?php
        $query = 'INSERT INTO users_details 
                (user_id, username, first_name, last_name, email, city, state)
           VALUES 
         ("$user_id","$username", "$first_name", "$last_name", "$email", "$city", "$state") ';
?>

Link to comment
https://forums.phpfreaks.com/topic/177564-solved-form-problem/#findComment-936236
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.