Print Page - Posting froms from an article

Title: Posting froms from an article
Post by: iceman11a on September 26, 2011, 05:56:08 PM

I created an article and I setup a PHP article. In this article I setup a form. a small one for users to add there name and email address in another table. called {$db_prefix}db_news

The peoblem I'm having is when I click the submit button. It seems to take me to the index page and doesn't submit the form. I was hoping some one would have some ideas on this. Please try and explain it as simple as you can so I can under stand what your doing. My code is below.

--->How to install
--> Create a new PHP article.
--> copy and paste the code below into your new article.
--> Save it.
----> Create a new menu item
--> Add this article to that new menu
--> Add the menu to a block.
---> Save every thing and go to the new block and click on the link.
It will create a new table called db_news.
When I add my name and email to the database. It should post to the database and well that's the part that doesn't work. Please any one have any ideas on why not and maybe a fix.

Joe

Code Select


global $user_info, $boardurl;

global $db_server, $db_name, $db_user, $db_passwd, $db_prefix;

$uname = $user_info['name'];
$uemail = $user_info['email'];
$userid = $user_info['id'];
$pagenum = 8; // This is the article number. 

$user_exists = UserExists($uname);

if(!$user_exists)
{
echo "<table border='0'>";
echo "<center><form action=index.php?page={$pagenum} method='post'>";
echo "<INPUT id='action' name='action' type='hidden' value='submit' />";
echo "<tr>";
echo "<tr><td>Your Name : </td><td><input id='name' name='name' type='textbox' value='$uname' /></td></tr>";
echo "<tr><td>Email Address : </td><td><input id='email' name='email' type='textbox' value='$uemail'  /></td></tr>";
echo "<tr><td><INPUT type='submit' value='Submit'></td></tr>";
echo "</tr>";
echo "</center></form>";
echo "</table>";
} else {
echo "Your all ready in the list<br />";
}

$con = mysql_connect($db_server,$db_user,$db_passwd);
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

// cteate Tables----------------------------------------------------------------

mysql_select_db($db_name, $con);


$sql = "CREATE TABLE {$db_prefix}db_data
(
Id int NOT NULL AUTO_INCREMENT,
PRIMARY key(Id),
username varchar(50),
useremail varchar(150),
userstatus varchar(50)
)";
$create_table = mysql_query($sql,$con);

if (!$create_table) {
//echo "Error : " . mysql_error() . "<br />";
} else {
echo "Table created.<br />";
}

//This is for admin section of the news letter, The Admin's users id has to be 1
if($user_info['id'] == 1)
{
echo '<h4>Admin Section</h4><br />';
echo 'Current News Letter subscribers<br />';

$result = mysql_query("SELECT * FROM {$eb_prefix}db_news");

if(mysql_num_rows($result) >= 1)
{
while($row = mysql_fetch_array($result))
  {
  echo $row['username'] . " " . $row['useremail'] . " " . $row['status'];
  echo "<br />";
  }
  } else {
  echo "No records at this time<br />";
  }
}

function UserExists($uname)
{

$result = mysql_query("SELECT username FROM {$db_prefix}db_news WHERE username='$uname' LIMIT 1");

   if(mysql_num_rows($result) == 1)
   {
   return true;
   } else {
   return false;
   }
}

if(isset($_POST['action']) == "submit"){

$sql="INSERT INTO {$db_prefix}db_news (username, useremail, status)  VALUES  ('$_POST[username]','$_POST[useremail]','Open')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Record added<br />";
$_POST['action'] = "";
header("Location: index.php?page={$pagenum}");

}

Title: Re: Posting froms from an article
Post by: Freddy on September 26, 2011, 06:17:14 PM

Getting any errors reported anywhere ?

One thought.... as far as I know in PHP it will default to the last connected database, so I think you could probably get away by not doing a database connect there.

Title: Re: Posting froms from an article
Post by: iceman11a on September 26, 2011, 06:43:52 PM

Ok, well I think that mite be an idea. any way, No. No errors at all. It just doesn't post. I will make that one change and see what happens

UPDATE:
I change that part of it. So I'm using the connection that's all ready there. So thanks. I just can't get it to post.

Title: Re: Posting froms from an article
Post by: IchBin on September 27, 2011, 03:55:31 AM

There was a lot of things I thought were wrong with this. First of all you are using $_POST['action'] which SMF already uses for all of it's handling. I've changed it to 'myaction' instead to make sure there are no conflicts. I changed the code to use SMF's connection (assuming your table is in the same database). I added a check to see if the table exists, if not it creates the table. Otherwise it doesn't try to create the table every time the page is hit. Instead of using $user_info['id'] == 1 to check for admin, $context['user']['is_admin'] allows any admin (even if they are not ID = 1).

I added some comments to the code at the bottom. Make sure you cleanse all data input by users, otherwise you will get hacked easily.

I'd test this on my setup, but it seems you are using 2 tables (db_news and db_data). Only one of those tables is created by this code. Maybe you mean everything to use the same table? I've changed the code to use db_news for everything.

I've also cleaned up the formatting and changed the code to use single quotes for better readability. Let me know if you have any errors or problems as I just threw this together with some quick editing.

Code Select

global $user_info, $db_prefix, $context, $scripturl;

$uname = $user_info['name'];
$uemail = $user_info['email'];
$userid = $user_info['id'];
$pagenum = 8; // This is the article number. 

$user_exists = UserExists($uname);

if(!$user_exists)
{
	echo '
	<center>
	<form action="'.$scripturl.'?page='.$pagenum.'" method="post">
	<input id="action" name="myaction" type="hidden" value="submit" />
	<table border="0">
		<tr><td>Your Name : </td><td><input id="name" name="name" type="textbox" value="'.$uname.'" /></td></tr>
		<tr><td>Email Address : </td><td><input id="email" name="email" type="textbox" value="'.$uemail.'"  /></td></tr>
		<tr><td><input type="submit" value="Submit" /></td></tr>
	</table>
	</form>
	</center>';
}
else
{
	// Echo a welcome message here instead?
	echo "Your all ready in the list<br />";
}

// If the table exists lets create it. If not we just move along
$table_exists = mysql_query("show tables like '{$db_prefix}db_news'");

if (mysql_num_rows($table_exists) == 0)
{
	$sql = "CREATE TABLE {$db_prefix}db_news
			(
			id int NOT NULL AUTO_INCREMENT,
			PRIMARY key(id),
			username varchar(50),
			useremail varchar(150),
			userstatus varchar(50)
			)";
			
	$create_table = mysql_query($sql);
	if ($create_table)
	{
		echo "Table created.<br />";
	}
	else
	{
		//mysql_error();
	}
}

//This is for admin section of the news letter, User must be admin to see it
if($context['user']['is_admin'])
{
	echo '<h4>Admin Section</h4><br /> Current News Letter subscribers<br />';

	$result = mysql_query("SELECT * FROM {$db_prefix}db_news");

	if(mysql_num_rows($result) > 0)
	{
		while($row = mysql_fetch_array($result))
		{
			echo $row['username'] . " " . $row['useremail'] . " " . $row['userstatus'] . "<br />";
		}
	} 
	else 
	{
		echo "No records at this time<br />";
	}
}

function UserExists($uname)
{
	global $db_prefix;
	$result = mysql_query("SELECT username FROM {$db_prefix}db_news WHERE username='".$uname."' LIMIT 1");
	$exists = false;
	if(mysql_num_rows($result) == 1)
	{
		$exists = true;
	} 
	return $exists;
}

if(isset($_POST['myaction']) && $_POST['myaction'] == "submit")
{
	// You need to do some cleaning here otherwise someone can insert some hacking stuff into your $_POST values
	// Always use mysql_real_escape_string(), and even consider validating using regex where necessary to make sure only certain characters are allowed. 
	// There are even regex's that will verify if the value being input is an email.
	// striptags() is good for stripping HTML from text
	$sql = "INSERT INTO {$db_prefix}db_news (username, useremail, userstatus)  VALUES  ('$_POST[name]','$_POST[email]','Open')";

	$insert_result = mysql_query($sql);
	if(!$insert_result)
	{
		die('Error: ' . mysql_error());
	}
	
	// This will only get echo'd very briefly before the page redirect happens. Maybe add
	// some code that displays on the page if the message is successfully recorded.
	echo "Record added<br />";
	redirectexit("page=".$pagenum);
}

Title: Re: Posting froms from an article
Post by: iceman11a on September 27, 2011, 04:18:19 AM

Cool, Thank you. How ever I did fix 2 bugs that I did find.

Code Select


//This
if (mysql_num_rows($table_exists) == 1)
//should read this
if (mysql_num_rows($table_exists) == 0)

It wouldn't create the table. and the 2nd bug is.

Code Select


//this is
$sql = "INSERT INTO {$db_prefix}db_news (username, useremail, status)  VALUES  ('$_POST[username]','$_POST[useremail]','Open')";
// and should read like this
$sql = "INSERT INTO {$db_prefix}db_news (username, useremail, userstatus)  VALUES  ('$_POST[username]','$_POST[useremail]','Open')";

and the last thing is that when you use the

Code Select


redirectexit("index.php?page={$pagenum}");

This is the url it sends me too. and it's wrong. It doesn't add me to the database.
http://www.df-barracks.com/index.php?index.php?page=8
I thing maybe the index.php needs to be removed. and let me try that, I tried to remove the index.php from the code and it keeps sending me to the forums index.php. and not back to the article. It's not adding me to the database...

Title: Re: Posting froms from an article
Post by: IchBin on September 27, 2011, 04:25:33 AM

You can use the full URL then I think.

redirectexit('http://yourdomain.com/index.php?page='.$pageenum);

Title: Re: Posting froms from an article
Post by: iceman11a on September 27, 2011, 04:31:11 AM

Quote from: IchBinâ,,¢ on September 27, 2011, 04:25:33 AM
You can use the full URL then I think.

redirectexit('http://yourdomain.com/index.php?page='.$pageenum);

Nope. That didn't work.

Title: Re: Posting froms from an article
Post by: iceman11a on September 27, 2011, 05:37:54 AM

I fount the problem and don't know how to fix it. The values in the form to submit the action are not being sent. This is why
I tried to print the values out and well you should see this

Code Select


echo '$scripturl?page=$pagenum<br />';

The problem is in the form.

Title: Re: Posting froms from an article
Post by: iceman11a on September 27, 2011, 02:38:40 PM

I have most if it working. The problem is that some of the values are not getting returned. Look at the image I added to this post. Look at what I circled. The circle on the bottom shows I was added to the database. How ever it you look at the one at the top. You see if I exists in the database. I shouldn't even see the form.as you can see it just returns a empty result.

Please any one have any ideas.

Ice

Title: Re: Posting froms from an article
Post by: IchBin on September 27, 2011, 03:44:17 PM

Don't forget to check the error log. All the answers are there pretty much. Your form had inputs for name and email (not username and useremail). You had an undefined $db_prefix error which means you needed to add that variable to the global for your user exists function. Fixed the redirect function to work properly too. Code is updated above. I also changed the Id column to have lower case name like all other SMF columns.

Title: Re: Posting froms from an article
Post by: iceman11a on September 27, 2011, 08:33:19 PM

That's why. I forgot to add the global to the function in the code. as soon as I did that. It worked. IchBin, Thank you very much

Ice

TinyPortal

Development => Support => Topic started by: iceman11a on September 26, 2011, 05:56:08 PM