Jump to content

Information not uploading to the database

wongle

By wongle
in PHP Coding Help

 Share

Recommended Posts

wongle Member

wongle

Posted
Posted

Hi there,

I am trying to create a script to upload an electronic signature to the a customers record but keep getting ID but does not create the entry on the database and no error messages are produced in the logs, simply refreshes the page.

Here is what I have so far.

Code 

<?php
include '../../main.php';
check_loggedin($pdo);
$msg    =   null;
$date = new DateTime();
$totay_date = $date->format('Y-m-d\TH:i:s');

    $folderPath = "upload/";
    $image_parts = explode(";base64,", $_POST['signature']);
    $image_type_aux = explode("image/", $image_parts[0]);
    $image_type = $image_type_aux[1];
    $image_base64 = base64_decode($image_parts[1]);
    $file = $folderPath . $name . "_" . uniqid() . '.' . $image_type;
    file_put_contents($file, $image_base64);

if (isset($_GET['id'])) {

    $stmt = $pdo->prepare('SELECT * FROM contacts WHERE id = ?');
    $stmt->execute([$_GET['id']]);
    $contact = $stmt->fetch(PDO::FETCH_ASSOC);

    $stmt = $pdo->prepare('SELECT id,username FROM accounts');
    $stmt->execute();
    $all_account_info = $stmt->fetchAll(PDO::FETCH_ASSOC);

    if(isset($_POST['$name']) == null || isset($_POST['$file'])){
        $msg    =   '';
    }else{
        $id = isset($_POST['id']) && !empty($_POST['id']) && $_POST['id'] != 'auto' ? $_POST['id'] : auto;
        $stmt = $pdo->prepare('INSERT INTO esign VALUES (?, ?, ?, ?)');
        $result = $stmt->execute([$id, $_GET['id'], $_POST['name'], $_POST['$file']]);
        $msg    =   "Signature has been recorded.";

    }

    if (!$contact) {
        exit('Help');
    }
} else {
    exit('No ID specified!');
}

?>


 
Form 

        <form action="add-sig.php?id=<?=$contact['id']?>" method="post">
                                        <h1>Signature Pad</h1>
                                        <div class="col-md-12">
                                            <label class="form-label" for="name">Name</label> <input class="form-control" id="name" name="name" required="" type="text">
                                        </div>
                                        <div class="col-md-12">
                                            <label class="" for="">Signature:</label><br>
                                            <div id="sig"></div><br>
                                            <textarea id="signature64" name="signature" style="display: none"></textarea>
                                            <div class="col-12">
                                                <button class="btn btn-sm btn-warning" id="clear">&#x232B;Clear Signature</button>
                                            </div>
                                        </div><br>
                                        <button class="btn btn-success" name="submit" type="submit">Submit</button>
                                    </form>
                                </div>


 
Database 

  `id` int(11) NOT NULL,
  `client_id` int(11) NOT NULL,
  `name` varchar(100) NOT NULL,
  `signature_img` varchar(255) NOT NULL

It loads the ID when clicking add signature and the address link looks something like add-sig.php?id=29 when accessing the page from the clients record page.

When I am in the clients record, I would like to be able to view the signature on their record.

The form converts the signature into an image file.

I am scratching my head in what's wrong with the script.

Any advice would be greatly appreciated.

Cheers.

mac_gyver Prolific Member

mac_gyver

Posted
Posted (edited)

@gw1500se, a post method form can have get parameters in the url.

for performing an action on the server, such as inserting, updating, or deleting data, a post method form is correct. you can get a form to submit to the same page it is on, and 'automatically' include any existing get parameters, by simply leaving the entire action='...' attribute out of the form tag.

a number of the $_POST elements you are using don't match what the posted form is submitting. for debugging, add the following line of code before the start of your form processing code - 

echo '<pre>'; print_r($_POST); echo '</pre>';

next, your post method from processing code should -

  1. detect if a post method form was submitted before referencing any of the form data.
  2. once you have done item #1, except for unchecked checkbox and radio buttons, all form fields will be set, even if they are empty. all the isset() statements for the always set fields are a waste of typing and in fact are hiding typo mistakes in the current code.
  3. trim all the input data at once.
  4. external data submitted to your site can come from anywhere, can be anything, and cannot be trusted. you must validate all input data before using it. your current image handling code (i'm not sure where $name is coming from) will allow any type of file, such as a .php file, containing anything, such as php code, to be put anywhere on the server, using directory traversal. validate all inputs, and pieces of inputs, storing validation errors in an array using the field name as the array index.
  5. after the end of the validation logic, if there are no errors (the array holding the errors will be empty), use the submitted form data.
  6. set the default fetch mode to assoc when you make the database connection so that you don't need to specify it in each fetch statement.
  7. list out the columns in the INSERT query. this will help avoid mistakes and make your code self-documenting.
  8. after you have processed the form data, if there are no errors, redirect to the exact same url of the current page to cause a get request for that page.
  9. if there are errors at step #5, the code would continue on to redisplay the html document, display any errors, redisplay the form, and populate appropriate fields with their existing values so that the visitor doesn't need to keep reentering data over and over. 
  10. often, the failure logic for a condition test is shorter than the success logic. if you invert the condition being tested and put the failure logic first, it will make your code easier to read and follow.
  11. if you want to display a one-time success message (step #8), store it in a session variable, then test, display, and clear that session at the appropriate point in the html document.

 

Edited by mac_gyver
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.