form problem
Posted on
16th Feb 2014 07:03 pm by
admin
Hi all, I think this is going to be easy to resolve but for I have been looking at it to long and I cannot see my issue!
I hope this is in the right section as it uses modalbox, however I think its a php error not modalbox.
Did you know?Explore Trending and Topic pages for more stories like this.
Basically I have a registration form as follows:
Code: <form action="pages/reg_do.php" id="myform" onsubmit="return false;">
<fieldset>
<legend>Register New User</legend>
<table>
<tr>
<td><label for="name"><strong>Username </strong></label></td>
<td> </td>
<td><input type="text" size="30" id="username" name="username" /></td>
</tr>
<tr>
<td><label for="password"><strong>Password </strong></label></td>
<td> </td>
<td><input type="text" size="30" id="password" name="password" /></td>
</tr>
<tr>
<td><label for="email"><strong>Email</strong></label></td>
<td> </td>
<td><input type="text" size="30" id="email" name="email" /></td>
</tr>
<tr>
<td> <label for="first_name"><strong>First Name</strong></label></td>
<td> </td>
<td><input type="text" size="30" id="first_name" name="first_name" /></td>
</tr>
<tr>
<td><label for="last_name"><strong>Last Name</strong></label></td>
<td> </td>
<td><input type="text" size="30" id="last_name" name="last_name" /></td>
</tr>
<tr>
<td><label for="city"><strong>City</strong></label></td>
<td> </td>
<td><input type="text" size="30" id="city" name="city" /></td>
</tr>
<tr>
<td><label for="state"><strong>State</strong></label></td>
<td> </td>
<td><select name="state">
<option value="WA">Western Australia</option>
<option value="SA">Southern Australia</option>
<option value="VIC">Victoria</option>
<option value="NT">Nothern Territories</option>
<option value="TAS">Tasmania</option>
<option value="QLD">Queensland</option>
</select></td>
</tr>
</table>
</fieldset>
<p><input type="submit" value="Register" onclick="Modalbox.show('pages/reg_do.php', {title: 'Registering....', width: 500, params:Form.serialize('myform') }); return false;" /> or <a href="#" title="Cancel & close dialog" onclick="Modalbox.hide(); return false;">Cancel & close</a></p>
</form>
</body>
</html>
This is opened from the main page in a modalbox popup box, once the form is submitted it goes to red_do.php, which loads in a replacement modalbox:
Code: <?php
session_start();
include '../common/dbconnect.php';
$username = $_GET['username'];
$password = $_GET['password'];
$first_name = $_GET['first_name'];
$last_name = $_GET['last_name'];
$email = $_GET['email'];
$city = $_GET['city'];
$state = $_GET['state'];
$query = 'INSERT INTO users (user_id, username, password)
VALUES ("", "$username", "$password")';
$result = mysql_query($query, $conn) or die(mysql_error());
$user_id = mysql_insert_id($conn);
$query = 'INSERT INTO users_details
(user_id, username, first_name, last_name, email, city, state)
VALUES
("$user_id","$username", "$first_name", "$last_name", "$email", "$city", "$state") ';
$result = mysql_query($query, $conn) or die(mysql_error());
$_SESSION['logged'] = 1;
$_SESSION['username'] = $username;
echo "thankyou, working";
?>
I then get the thankyou message, however instead of submitting the actual values into the database it will physically submit $username as apposed to the value of $username.
What am I missing.
As a sidenote, i understand the importance of escaping strings and this is done in the database connect file using:
Code: foreach ($_POST as $key => $value) {
$_POST[$key] = mysql_real_escape_string($value);
}
foreach ($_GET as $key => $value) {
$_GET[$key] = mysql_real_escape_string($value);
}
as I know people like pointing this out
