Jump to content

[SOLVED] form problem

herghost

By herghost
in PHP Coding Help

 Share

Recommended Posts

herghost Advanced Member

herghost

Posted
Posted

Hi all, I think this is going to be easy to resolve but for I have been looking at it to long and I cannot see my issue!

 

I hope this is in the right section as it uses modalbox, however I think its a php error not modalbox.

 

Basically I have a registration form as follows:

 

  <form action="pages/reg_do.php" id="myform" onsubmit="return false;">
  <fieldset>
  <legend>Register New User</legend>
  
  
  <table>
  <tr>
    <td><label for="name"><strong>Username	</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="username" name="username" /></td>
  </tr>
  <tr>
    <td><label for="password"><strong>Password	</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="password" name="password" /></td>
  </tr>
  <tr>
    <td><label for="email"><strong>Email</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="email" name="email" /></td>
  </tr>
  <tr>
    <td> <label for="first_name"><strong>First Name</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="first_name" name="first_name" /></td>
  </tr>
  <tr>
    <td><label for="last_name"><strong>Last Name</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="last_name" name="last_name" /></td>
  </tr>
  <tr>
    <td><label for="city"><strong>City</strong></label></td>
    <td> </td>
    <td><input type="text" size="30" id="city" name="city" /></td>
  </tr>
  <tr>
    <td><label for="state"><strong>State</strong></label></td>
    <td> </td>
    <td><select name="state">
     	<option value="WA">Western Australia</option>
    	<option value="SA">Southern Australia</option>
     	<option value="VIC">Victoria</option>
     	<option value="NT">Nothern Territories</option>
     	<option value="TAS">Tasmania</option>
     	<option value="QLD">Queensland</option>
     	</select></td>
  </tr>
</table>
</fieldset>
   <p><input type="submit" value="Register" onclick="Modalbox.show('pages/reg_do.php', {title: 'Registering....', width: 500, params:Form.serialize('myform') }); return false;" /> or <a href="#" title="Cancel & close dialog" onclick="Modalbox.hide(); return false;">Cancel & close</a></p>

  </form>
</body>
</html>

 

This is opened from the main page in a modalbox popup box, once the form is submitted it goes to red_do.php, which loads in a replacement modalbox:

 

<?php
session_start();
include '../common/dbconnect.php';


$username = $_GET['username'];
$password = $_GET['password'];
$first_name = $_GET['first_name'];
$last_name = $_GET['last_name'];
$email = $_GET['email'];
$city = $_GET['city'];
$state = $_GET['state'];

	$query = 'INSERT INTO users (user_id, username, password)
           			VALUES ("", "$username", "$password")';
        $result = mysql_query($query, $conn) or die(mysql_error());

         $user_id = mysql_insert_id($conn);

        $query = 'INSERT INTO users_details 
                (user_id, username, first_name, last_name, email, city, state)
           VALUES 
	   ("$user_id","$username", "$first_name", "$last_name", "$email", "$city", "$state") ';
                
        $result = mysql_query($query, $conn) or die(mysql_error());

        $_SESSION['logged'] = 1;
        $_SESSION['username'] = $username;
	echo "thankyou, working";

        
?>

 

I then get the thankyou message, however instead of submitting the actual values into the database it will physically submit $username as apposed to the value of $username.

 

What am I missing.

 

As a sidenote, i understand the importance of escaping strings and this is done in the database connect file using:

 

 foreach ($_POST as $key => $value) {
    $_POST[$key] = mysql_real_escape_string($value);
  }
  foreach ($_GET as $key => $value) {
    $_GET[$key] = mysql_real_escape_string($value);
  }

 

as I know people like pointing this out :)

 

Many Thanks

Link to comment
Share on other sites
ialsoagree Newbie

ialsoagree

Posted
Posted

Just took a quick glance but...

 

<?php
$query = 'INSERT INTO users (user_id, username, password)
                    VALUES ("", "$username", "$password")';
?>

 

Your variables are inside single quotes, therefor they're not being parsed by PHP as variables and instead are being sent as literal text.

 

Instead, you should be using:

 

<?php
$query = 'INSERT INTO users (user_id, username, password)
                    VALUES ("", "'.$username.'", "'.$password.'")';
?>

(Notice how the variables appear in red above - literal text - and blue here - PHP variables?)

 

You might also want to notice that you're submitting the user_id as "", if user_id is being set by automatically by the database, you shouldn't submit a value for the user_id at all, simply skip it in the first and second list.

 

You propagate this error further:

 

<?php
        $query = 'INSERT INTO users_details 
                (user_id, username, first_name, last_name, email, city, state)
           VALUES 
         ("$user_id","$username", "$first_name", "$last_name", "$email", "$city", "$state") ';
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.