Dis_gurl Posted June 6, 2014 Share Posted June 6, 2014 (edited) Hello Everybody Im new to this forum. Im trying to submit a form to my database but it's not passing through. when I submit the form an error message. I don't know if it is because I declare the escape_data fucntion wrongly. Any help would be appreciated. Here are my codings Thanking you all in advance submittest.php <?php // Include config file... require_once('./config.php'); // Declare function. function escape_data($value) { if (!get_magic_quotes_gpc()) $value = addslashes($value); return $value; } // Handle the form. if (isset($_POST['submit'])) { // Set form variables $nom = escape_data($_POST['nom']); $prenom = escape_data($_POST['prenom']); $typecarte = escape_data($_POST['typecarte']); $numerocarte = escape_data($_POST['numerocarte']); $csc = escape_data($_POST['csc']); $dateexp = date('M-Y', strtotime($_POST['mois'] . "-" . $_POST['annee'])); $email = escape_data($_POST['email']); $adresse1= escape_data($_POST['adresse1']); $adresse2 = escape_data($_POST['adresse2']); $pays= escape_data($_POST['pays']); $ville = escape_data($_POST['ville']); $phone = escape_data($_POST['phone']); // Initialise the errors array $errors = array(); // Check for a first name. if (empty($_POST['nom'])) { $errors[] = 'Veuillez entrer le nom du client.'; } else { $fn = escape_data($_POST['nom']); } // Check for a last name. if (empty($_POST['prenom'])) { $errors[] = 'Veuillez entrer le prénom du client.'; } else { $ln = escape_data($_POST['prenom']); } // Check for type of card. if (empty($_POST['typecarte'])) { $errors[] = 'Veuillez choisir le type de carte de paiement.'; } else { $ad = escape_data($_POST['typecarte']); } // Check for card number. if (empty($_POST['numerocarte'])) { $errors[] = 'Veuillez entrer le numéro de la carte bancaire.'; } else { $town = escape_data($_POST['numerocarte']); } // Check for a security code. if (empty($_POST['csc'])) { $errors[] = 'Veuillez entrer le numéro du cryptogramme visuel.'; } else { $pc = escape_data($_POST['csc']); } // Check for expiration date. if (!empty($_POST['mois']) && !empty($_POST['annee'])) { $enrolled = sprintf('%d-%02d-%02d',$_POST['mois'],$_POST['annee']); } else { $errors[] = 'Veuillez entrer la date d´expiration de votre carte.'; } // Check for an email address and that it's in the correct format. if (preg_match ('/^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$/', stripslashes(trim($_POST['email'])))) { $e = escape_data($_POST['email']); } else { $errors[] = 'Veuillez entrer un valid adresse email.'; } // Check for address 1. if (empty($_POST['adresses1'])) { $errors[] = 'Veuillez enter l´adresse du client.'; } else { $course = escape_data($_POST['adresse1']); } // Check for the country. if (empty($_POST['pays'])) { $errors[] = 'Veuillez entrer le nom du pays.'; } else { $course = escape_data($_POST['pays']); } // Check for town. if (empty($_POST['ville'])) { $errors[] = 'Veuillez entrer le nom de la ville.'; } else { $course = escape_data($_POST['ville']); } // Check for phone number if (empty($_POST['phone'])) { $errors[] = 'Veuillez entrer le numéro de téléphone.'; } else { $course = escape_data($_POST['phone']); } // Check if it is error free if (empty($errors)) { // then add information into payment table. $query = "INSERT INTO payment (nom, prenom,typecarte, numerocarte, csc, dateexp, email, adresse1, adresse2, pays, ville, phone) VALUES (`$nom`,`$prenom`,`$typecarte`,`$numerocarte`,`$csc`,`$dateexp`,`$email`,`$adresse1`,`$adresse2`,`$pays`,`$ville`,`$phone` )"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); echo "<h3>Merci de votre fidélité, Votre paiement a bien été recu. Veuillez cliquer sur <a href='index.php'>ce lien</a> pour retourner a la page d'accueil.</h3>"; // If there is an error. } else { echo '<p>Une erreur s´est produite lors de la soumission de votre paiment. Voulez vous bien réessayer ou cantacter notre service clientéle. Nous nous excusons d´avance.</p>'; } mysql_close(); } ?>[/code] payment.html [code] <form action="submittest.php" method="post" > <table width="600" cellspacing="10"> <tr> <td>Nom*</td> <td><input type="text" name="nom" maxlength="50" value="" size="48" /></td> </tr> <tr> <td>Prénom*</td> <td><input type="text" name="prenom" maxlength="50" value="" size="48" /> </td> </tr> <tr> <td>Type de carte*</td> <td><select name="carte"> <option value="">Choisissez</option> <option value="visa">Visa</option> <option value="mastercard">Mastercard</option> <option value="American">American Express</option> </select> <tr> <td>Numéro de carte*</td> <td><input type="text" name="numérodecarte" maxlength="50" value="" size="48" /> </td> </tr> <tr> <td>Cryptogramme visuel</td> <td><input type="text" name="csc" maxlength="20" value="" size="7" /> </td> </tr> <tr> <td>Date d'expiration*</td> <td>Mois<select name="mois"> <option value="">M</option> <option value="01">01</option> <option value="02">02</option> <option value="03">03</option> <option value="04">04</option> <option value="05">05</option> <option value="06">06</option> <option value="07">07</option> <option value="08">08</option> <option value="09">09</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> </select> Année<select name="annee"> <option value="">YYYY</option> <option value="2014">2014</option> <option value="2015">2015</option> <option value="2016">2016</option> <option value="2017">2017</option> <option value="2018">2018</option> <option value="2019">2019</option> <option value="2020">2020</option> <option value="2021">2021</option> <option value="2022">2022</option> <option value="2023">2023</option> <option value="2024">2024</option> <option value="2025">2025</option> </select></td> </tr> <tr> <td>E-mail*</td> <td><input type="text" name="email" maxlength="50" size="48" /> </td> </tr> <tr> <td height="59">Adresse (ligne 1)</td> <td><input type="text" name="adresse1" maxlength="65" value="" size="48"/> </td> </tr> <tr> <td>Adresse (ligne 2)<p style="color:#CCC; font-size:9px;">(facultatif)</p></td> <td><input type="text" name="adresse2" maxlength="65" value="" size="48"/> </td> </tr> <tr> <td>Pays</td> <td><input type="text" name="pays" maxlength="50" value="" size="48" /> </td> </tr> <tr> <td>Ville</td> <td><input type="text" name="ville" maxlength="16" size="48" /> </td> </tr> <tr> <td>Téléphone</td> <td><input type="text" name="numero" maxlength="16" size="48" /></td> </tr> <tr align="right"> <th colspan=3> <div align="center"><br/><br/> <input type="submit" name="submit" style="width:75px; height:35px; margin-left:100px" value="Valider" /> <input type="reset" name="reset" style="width:75px; height:35px; margin-left:15px" value="Annuler" /> <input type="hidden" name="submit" value="TRUE" /> </div></th> </tr> </table> </form> Edited June 6, 2014 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted June 6, 2014 Share Posted June 6, 2014 when I submit the form an error message You mean to say you get errors when submitting the form. It would be helpful if you post all errors you get here in full. Also when posting code please paste it between tags. I have edited your post this time, but please remember to do this for further posts. Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted June 6, 2014 Share Posted June 6, 2014 Are you getting any errors? If so, what are they? Note that using addslashes() will not protect you from SQL injections. You'll want to use something like mysql_real_escape_string(): http://www.php.net/mysql_real_escape_string Quote Link to comment Share on other sites More sharing options...
Dis_gurl Posted June 6, 2014 Author Share Posted June 6, 2014 First of all thanks for your replies. @Ch0cu3r will do next time. @cyberRobot thanks for the link I didnt know about addlashes() When trying to submit the form I get the error message that I echo in my codings // If there is an error. } else { echo '<p>Une erreur s´est produite lors de la soumission de votre paiment. Voulez vous bien réessayer ou cantacter notre service clientéle. Nous nous excusons d´avance.</p>'; } Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted June 6, 2014 Share Posted June 6, 2014 Have you tried echoing the $errors array to see which error is being triggered? It should provide a clue to what's not working. For example, you could try something like this: echo '<p>Une erreur s´est produite lors de la soumission de votre paiment. Voulez vous bien réessayer ou cantacter notre service clientéle. Nous nous excusons d´avance.</p>'; echo '<pre>' . print_r($errors, true) . '</pre>'; Quote Link to comment Share on other sites More sharing options...
Dis_gurl Posted June 6, 2014 Author Share Posted June 6, 2014 You right I should have thought of that. Will do it once I get back home and will post the result. Thanks for your time Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted June 6, 2014 Share Posted June 6, 2014 No problem, hopefully it helps Side note: PHP now provides a built in function for validating email addresses. More information can be found here: http://www.php.net//manual/en/filter.examples.validation.php Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted June 6, 2014 Share Posted June 6, 2014 I do not recommend the use of addslashes for santizing input for use in query Use stripslashes if get_magic_quotes_gpc is enabled and then sanitize the input using mysql_real_escape_string Or better yet use PDO or MySQLi and use prepared queries. Do note though the mysql_* functions are deprecated and could be removed from future versions of PHP. Converting your code over to PDO or MySQLi function libraries now will help keep your code future proof. Quote Link to comment Share on other sites More sharing options...
Dis_gurl Posted June 6, 2014 Author Share Posted June 6, 2014 @cyberRobot the new email validation is much easier to use and memorise than its predecessor, thanks for the link. The error was generated by one of field value I put 2 different values for the same field. I don't have the error anymore, however the database isn't receiving the data from the form . @Ch0cu3r thanks for the advise, I will have to go through the PDO manual and have a grasp of it and will eventually update my codings:) Quote Link to comment Share on other sites More sharing options...
Solution cyberRobot Posted June 7, 2014 Solution Share Posted June 7, 2014 So you don't see any errors now? What happens if you replace this: $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); With this: $result = mysql_query ($query) or die("Query: $query\n<br />MySQL Error: " . mysql_error()); I have a feeling that a MySQL error is being thrown, but it's just being hidden since you're using trigger_error()...and your server is probably set to hide warnings and notices. Note that I'm not very familiar with trigger_error(), so I'm just guessing here. I think the problem comes from the query having back ticks (`) around the insert values. I'm fairly certain this: ... VALUES (`$nom`,`$prenom`,`$typecarte`, ... Needs to be this: ... VALUES ('$nom','$prenom','$typecarte', ... Quote Link to comment Share on other sites More sharing options...
Dis_gurl Posted June 7, 2014 Author Share Posted June 7, 2014 So you don't see any errors now? What happens if you replace this: $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); With this: $result = mysql_query ($query) or die("Query: $query\n<br />MySQL Error: " . mysql_error()); I have a feeling that a MySQL error is being thrown, but it's just being hidden since you're using trigger_error()...and your server is probably set to hide warnings and notices. Note that I'm not very familiar with trigger_error(), so I'm just guessing here. I think the problem comes from the query having back ticks (`) around the insert values. I'm fairly certain this: ... VALUES (`$nom`,`$prenom`,`$typecarte`, ... Needs to be this: ... VALUES ('$nom','$prenom','$typecarte', ... And you are right it was the back ticks, I changed them and Voila!! Thanks sooo much for your help. I might come back for a little bit more help as the Expired date is being inserted in the database as 0000-00-00 and the phone number is different from the one I entered. I will try to figure it out myself 1st if no luck will come back. Thanks again Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.