|
You'd need to move the <select> inside the <form> element, and use a different name for the button.
But don't ignore the SQL Injection[^] vulnerability. It's a critical security vulnerability, which is so simple to exploit that even a 3 year old can exploit it[^]. It can be used to extract private data from your database, which can lead to massive fines[^]. Or it can be used to alter data in your database without your knowledge, which could have disastrous results.
PHP: SQL Injection - Manual[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thank you so much for your help..
I'm not worried about sql injection, cause its only me and 2 other people who has access to the site, since its protected through .htaccess, and will remain that way.. there is no sensitive information on the server either way
I tried to move the select tag into the form, but now, the results from the database is shown outside the dropdown menu
I have changed the name of the button to something else, and now, nothing is posted to the database when i hit the submit button..
Would you be willing to edit the script and post it here, if its not too big of a deal? i feel like i would understand the errors better, if i could compare the 2 codes, and see where i messed up
|
|
|
|
|
Something like this should work:
<?php
@session_start();
header('Content-Type: text/html; charset=ISO-8859-1');
include('includes/config.php');
?>
<link rel="stylesheet" type="text/css" href="css/chat.css" />
<div id="sidebar_header">Garderobe</div>
<div id="sidebar_content">
<form action="nygad.php" method="POST">
<p style="display: inline;">Skid i havet.</p><br /><br />
<select name="sko">
<?php
if(isset($_SESSION['logget_ind']) && $_SESSION['logget_ind'] == true) {
$brugernavn = mysql_real_escape_string($_SESSION['brugernavn']);
$getSko = mysql_query("SELECT `navn` FROM `chat_clothes` WHERE `ejer` = '$brugernavn' AND `type` = 'sko'");
while ($showSko = mysql_fetch_array($getSko)) {
$navn = htmlentities($showSko['navn']);
echo "<option value=\"$navn\">$navn</option><br />";
}
}
?>
</select>
<?php
if (isset($_POST['sko'])) {
$shoes = mysql_real_escape_string($_POST['sko']);
$id = mysql_real_escape_string($_SESSION['id']);
mysql_query("UPDATE chat_brugere SET shoes='$shoes' WHERE id='$id'");
echo 'sko er opdateret!';
}
?>
<p style="text-align:center;">
<input type="submit" name="btn" value="Opdater!" />
</p>
</form>
</div> <!--
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I tried the new script, and now it looks like it wants to post the selected value, but the problem now, is that none of the values from chat_clothes are appearing in the dropdown menu.. its just blank (even though i'm logged in as before)
This is the script in the browser: [^]
And this is the table chat_clothes: chat-clothes — ImgBB[^]
|
|
|
|
|
Check the the session variable logget_ind is set, and the value is equal to true .
Also check that the session variable brugernavn is set, and matches one of the ejer values from your table.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
OH MY GOD!! IT WORKS NOW!!
I found the reason why it did not show the value in the dropdown menu..
The reason is that the value in the column in the table where it was searching for values, was "Røde Converse".. after i changed it to "Rode Converse", it now shows up.. So it was simply because the value contained a Ø (which is a letter in my language), and not anything wrong with the code you posted.
Anyways, the script is working perfect now, after you fixed it.. Thank you SO much for your help.. This has been very enlightning for me.. before posting my question here, i tried posting about my problem at stackoverflow, and they just inactivated my question, since the code is outdated..
Thanks man!
|
|
|
|
|
It is many years since I last used PHP, but shouldn't
echo "<option value=\"$navn\">$navn</option><br />";
be something like
echo "<option value=\"" . $navn . "\">" . $navn . "</option>";
to ensure that the value, rather than the variable name is concatenated. Plus the <br /> is not necessary as options are stacked anyway and the breaks will be saved for outside of the select rather than inside its options list.
|
|
|
|
|
PHP: Strings - Manual[^]
If the string uses double-quotes, variables referenced within the string will be expanded. So the two options will produce the same output.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
hello again...
Have to create 4 or 5 online forms for a website I built for my local area of NA. I found a basic HTML Form template at w3schools; & used that for my first form:
https://www.burlingtoncountyna.org/gsr.report.html
So...when users finish & hit the Submit button, the form (& all included info) needs to go to our secretary's e-mail. I've read everything I can get my hands on regarding PHP, but for a beginner coder such as myself...informationals on the web never tell you precisely *take this snippet...customize it thusly; & place it here*...even the instructionals on w3schools are vague on this topic (for people such as myself). So...can someone take a look at that form page; & point me in the right direction, at least?
thanx
mark4man
|
|
|
|
|
Hi guys.
I have Debian 9 and Wine 5.16
I run "wine control" to add new certificate from pfx-file, but when i try to add pfx from certificate import wizard i receive message, that file format is not supported.
Where could the problem be?
Thank.
|
|
|
|
|
ArturNoubel wrote: i receive message, that file format is not supported.
Where could the problem be? Probably in the fact that the file format is not supported by the application you are using for the import.
|
|
|
|
|
Thank you, problem solved!
modified 4-Nov-20 8:13am.
|
|
|
|
|
Hello
I want the source code for a project
Solver of third-degree equations php
Hope you can help me
|
|
|
|
|
Member 14965627 wrote: Hope you can help me People here will help with code that you have written, but we will not do your work for you. If you are looking for samples or tutorials then www.google.com[^] is the place.
|
|
|
|
|
No. And don't you realize how rude it is to ask that?
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
this page has an error when pressing the money button to consult, I have sql code but it is not working properly
https://i.stack.imgur.com/9AkC5.jpg[^]
sql code used:
SELECT
e.nomeEvento,p.nomecompl,c.nomecasa, COALESCE(l.observacao,'Sem informação') AS `observacao`, CONCAT('R$ ',REPLACE(REPLACE(REPLACE(FORMAT(IFNULL(l.valorExtornado, 0), 2), ".", "@"), ",", "."), "@", ",")) AS `valorExtornado`,
l.idpart, l.parcela, p.id AS idParticipante, DATE_FORMAT(l.datavcto, '%d/%m/%Y') AS `dataVcto`,
CONCAT('R$ ',REPLACE(REPLACE(REPLACE(FORMAT(l.valor, 2), ".", "@"), ",", "."), "@", ",")) AS `valorDevido`,
IF(l.datapgto IS NULL,'danger','success') AS `pagoCSS`,
IF(l.datapgto IS NULL,'Pendente','Pago') AS `pago`,
IFNULL(DATE_FORMAT(l.datapgto,'%d/%m/%Y'),'') AS `dataPgto`, CONCAT('R$ ',REPLACE(REPLACE(REPLACE(FORMAT(IFNULL(l.valorpago, 0), 2), ".", "@"), ",", "."), "@", ",")) AS `valorPago`,
(SELECT COUNT(1) FROM UF_financeiro_lctofinan WHERE id_eventos_participante=p.id AND fl_excluido='N') AS NUM_PARCELAS
FROM UF_financeiro_lctofinan AS l
LEFT JOIN UF_eventos_participantes AS p ON l.id_eventos_participante=p.id
LEFT JOIN UF_eventos AS e ON e.id_evento=p.id_evento
LEFT JOIN UF_casas AS c ON p.idcasainscr = c.idcasa
LIMIT 150 -- retirar esse LIMIT depois, isso é apenas para debugar
|
|
|
|
|
Hello, May I kindly ask for some help please. I have limited knowledge with html contact forms and validation by php. The form as it is works fine and validates fine. I would like to add a "file upload" field to the form, but can't quite work out what I need to add to the mail.php file. Please disregard some of the content responses, they are example questions only. Thank you very much.
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// access
$secretKey = '6LdhAK8UAAAAAD3Uaj5ILNiO5EPYPtDr2Wmr3sRO';
$captcha = $_POST['g-recaptcha-response'];
if(!$captcha){
echo '<p class="alert alert-warning">Please check the the captcha form.</p>';
exit;
}
# FIX: Replace this email with recipient email
$mail_to = "dixie7@xtra.co.nz";
# Sender Data
$subject = trim($_POST["subject"]);
$name = str_replace(array("\r","\n"),array(" "," ") , strip_tags(trim($_POST["name"])));
$email = filter_var(trim($_POST["email"]), FILTER_SANITIZE_EMAIL);
$phone = trim($_POST["phone"]);
$address1 = trim($_POST["address1"]);
$address2 = trim($_POST["address2"]);
$bandname = trim($_POST["bandname"]);
$urlfacebook = trim($_POST["urlfacebook"]);
$urlinstagram = trim($_POST["urlinstagram"]);
$datepicker = trim($_POST["datepicker"]);
$row1 = trim($_POST["row1"]);
$row2 = trim($_POST["row2"]);
$row3 = trim($_POST["row3"]);
$row4 = trim($_POST["row4"]);
$bandmembers = trim($_POST["bandmembers"]);
$concertpreference = trim($_POST["concertpreference"]);
$gender = trim($_POST["gender"]);
$venue = trim($_POST["venue"]);
$comment1 = trim($_POST["comment1"]);
$ideas = trim($_POST["ideas"]);
$comment2 = trim($_POST["comment2"]);
$lunch = trim($_POST["lunch"]);
$additional_options = implode(' | ', $_POST["afternoontea"]);
$footwear = trim($_POST["footwear"]);
$option = trim($_POST["dropdown"]);
$message = trim($_POST["message"]);
$contact = trim($_POST["contact"]);
if ( empty($name) OR !filter_var($email, FILTER_VALIDATE_EMAIL) OR empty($message)) {
# Set a 400 (bad request) response code and exit.
http_response_code(400);
echo '<p class="alert alert-warning">Please complete the form and try again.</p>';
exit;
}
$ip = $_SERVER['REMOTE_ADDR'];
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha."&remoteip=".$ip);
$responseKeys = json_decode($response,true);
if(intval($responseKeys["success"]) !== 1) {
echo '<p class="alert alert-warning">Please check the the captcha form.</p>';
} else {
# Mail Content
$content = "Name: $name\n";
$content .= "Email: $email\n";
$content .= "Phone: $phone\n";
$content .= "Address 1: $address1\n";
$content .= "Address 2: $address2\n";
$content .= "Band Name: $bandname\n";
$content .= "Facebook Profile: $urlfacebook\n";
$content .= "Instagram Profile: $urlinstagram\n";
$content .= "Preferred Date: $datepicker\n";
$content .= "Snort Cocaine: $row1\n";
$content .= "Smoke Marijuana: $row2\n";
$content .= "Drink Bourbon: $row3\n";
$content .= "Smash Guitars: $row4\n";
$content .= "Band Members: $bandmembers\n";
$content .= "Concert Preference: $concertpreference\n";
$content .= "Gender: $gender\n";
$content .= "Venue: $venue\n";
$content .= "Venue Comments: $comment1\n";
$content .= "Ideas: $ideas\n";
$content .= "Ideas Comments: $comment2\n";
$content .= "Lunch: $lunch\n";
$content .= "Afternoon Tea: $additional_options\n";
$content .= "Footwear: $footwear\n";
$content .= "Option Selected: $option\n";
$content .= "Preferred Contact: $contact\n";
$content .= "Message: $message\n";
# email headers.
$headers = "From: $name <$email>";
# Send the email.
$success = mail($mail_to, $subject, $content, $headers);
if ($success) {
# Set a 200 (okay) response code.
http_response_code(200);
header('Location: https://www.mywebsitenz.com/test/thanks.html');
} else {
# Set a 500 (internal server error) response code.
http_response_code(500);
echo '<p class="alert alert-warning">Oops! Something went wrong, we couldnt send your message.</p>';
}
}
} else {
# Not a POST request, set a 403 (forbidden) response code.
http_response_code(403);
echo '<p class="alert alert-warning">There was a problem with your submission, please try again.</p>';
}
?>
|
|
|
|
|
|
That's excellent. Thanks so much for your kindness in helping. I will do just that.
|
|
|
|
|
index.php
<pre><pre><!DOCTYPE html>
<html>
<head>
<title>PHP MySQL Insert Tutorial</title>
<script src='https://code.jquery.com/jquery-2.1.3.min.js'></script>
</head>
<body>
<form action='insert.php' method='post' id='myform' >
<p>
<input type='text' name='username' placeholder='user name' id='username' />
</p>
<p>
<input type='text' name='password' placeholder='password' id='password' />
</p>
<p>
<input id = "minus" type="text" name="main" value="<?php echo $num1; ?>" autocomplete="off">
</p>
<button id='insert'>Insert</button>
<p id='result'></p>
</form>
</body>
</html>
2nd.php
<pre><?php
session_start();
if(isset($_POST['Submit']))
{
$num_2 = "";
$pass_num = $_POST['main'];
}
?>
<h2>minus</h2>
<br>
<form method="post" action="index.php">
<input type="text" name="state" value="<?php echo $num_2;?>" autocomplete="off">
<br>
<input type="hidden" name="rrr" value="<?php echo $pass_num;?>" autocomplete="off">
<br>
<br>
<input nam
js
$('#myform').submit(function(){
return false;
});
$('#insert').click(function(){
$.post(
$('#myform').attr('action'),
$('#myform :input').serializeArray(),
function(result){
$('#result').php(result);
}
);
});
|
|
|
|
|
|
I had a feeling I had already seen it, but his homepage shows a Messages count of 0. I think counting and adding has gone a bit awry here: Bugs and Suggestions[^]
|
|
|
|
|
Hi everyone.
I am a complete novice and need help on some coding
I have a database with 2 tables.
one table is called income and in this table i have a column called IAMOUNT (this represents income amount)
the other table is called expense and in this table i have a column called EAMOUNT (this represents expense amount)
I want to subtract the expense from income to show a profit if any.
For example if IAMOUNT was lets say 100 and EAMOUNT was lets say 50 then profit would be 50.
However if IAMOUNT was lets say 100 and EAMOUNT was lets say 110 then profit would be -10
I need help with the code and how do i echo the result.
I have tried copying code from other questions on this but i just cant understand the coding to adapt it to my use.
help would be much appreciated.
Thanks
|
|
|
|
|
Something like:
SELECT SUM(i.IAMOUNT) - SUM(e.EAMOUNT) from income AS i, expenses AS e;
where income and expenses are the table names in the database.
|
|
|
|
|
Thanks Richard but how do i display the result in my webpage ?
|
|
|
|
|