...

View Full Version : PhP Form from DB callout



Valken
03-08-2010, 06:02 AM
Im trying to get the Char's id from a database, relative to what character they input to a feild. Need 2 buttons, One to retrive the ID and insert into empty feild and one to submit the form. If anyone could help it would be much appreceated. Thanks,

DataBase Structure

`account_name` VARCHAR(45) DEFAULT NULL,
`charId` INT UNSIGNED NOT NULL DEFAULT 0,
`char_name` VARCHAR(35) NOT NULL,
`level` TINYINT UNSIGNED DEFAULT NULL,


Form and Database Callout Structure

<?php
mysql_connect ("localhost", "root", "******") or die(mysql_error());
mysql_select_db ("characters") or die(mysql_error());


<script language='javascript'>
function verifyMe(){
var msg='';

if(document.getElementById('amount').value==''){
msg+='- Amount\n\n';}

if(document.getElementById('CharName').value==''){
msg+='- CharName\n\n';}

if(document.getElementById('authcode').value==''){
msg+='- Char Auth Code\n\n';}

if(msg!=''){
alert('The following fields are empty or invalid:\n\n'+msg);
return false
}else{
return true }

}
</script>
<form name='Donations' action='donations.html' method='POST' enctype='multipart/form-data' onsubmit='return verifyMe();'>
<table class='table_form_1' id='table_form_1' cellspacing='0'>
<tr>
<td class='ftbl_row_1' ><LABEL for='amount' ACCESSKEY='2' ><b style='color:red'>*</b>Amount
</td>
<td class='ftbl_row_1a' ><input type='text' name='amount' id='amount' size='45' value=''>
</td>
</tr>
<tr>
<td class='ftbl_row_2' ><LABEL for='CharName' ACCESSKEY='1' ><b style='color:red'>*</b>CharName
</td>
<td class='ftbl_row_2a' ><input type='text' name='CharName' id='CharName' size='45' value=''>
</td>
</tr>
<tr>
<td class='ftbl_row_1' ><LABEL for='authcode' ACCESSKEY='none' ><b style='color:red'>*</b>Char Auth Code
</td>
<td class='ftbl_row_1a' ><input type='password' name='authcode' id='authcode' size='45' value=''>
</td>
</tr>
<tr>
<td colspan='2' align='right'><input type='submit' name='submit' value='Get Auth Code'>&nbsp;<input type='reset' name='reset' value='Reset'><br />
</td>
</tr>
</table>
</form>


if(isset($_GET['submit'])) {
$ncharId=$_GET['authcode'];
$q = mysql_query("SELECT * FROM characters WHERE charId = $charId") or die(mysql_error());

while($r = mysql_fetch_array($q)) {
echo 'authcode= '.$r['charId'];
}
}
?>

Fou-Lu
03-08-2010, 08:47 PM
First and foremost, you need to fix this entire page. Javascript cannot be embedded into PHP code, you must escape it as text. Same goes for the html:


<?php
mysql_connect ("localhost", "root", "******") or die(mysql_error());
mysql_select_db ("characters") or die(mysql_error());

?>

<script language='javascript'>
function verifyMe(){
var msg='';

if(document.getElementById('amount').value==''){
msg+='- Amount\n\n';}

if(document.getElementById('CharName').value==''){
msg+='- CharName\n\n';}

if(document.getElementById('authcode').value==''){
msg+='- Char Auth Code\n\n';}

if(msg!=''){
alert('The following fields are empty or invalid:\n\n'+msg);
return false
}else{
return true }

}
</script>
<form name='Donations' action='donations.html' method='POST' enctype='multipart/form-data' onsubmit='return verifyMe();'>
<table class='table_form_1' id='table_form_1' cellspacing='0'>
<tr>
<td class='ftbl_row_1' ><LABEL for='amount' ACCESSKEY='2' ><b style='color:red'>*</b>Amount
</td>
<td class='ftbl_row_1a' ><input type='text' name='amount' id='amount' size='45' value=''>
</td>
</tr>
<tr>
<td class='ftbl_row_2' ><LABEL for='CharName' ACCESSKEY='1' ><b style='color:red'>*</b>CharName
</td>
<td class='ftbl_row_2a' ><input type='text' name='CharName' id='CharName' size='45' value=''>
</td>
</tr>
<tr>
<td class='ftbl_row_1' ><LABEL for='authcode' ACCESSKEY='none' ><b style='color:red'>*</b>Char Auth Code
</td>
<td class='ftbl_row_1a' ><input type='password' name='authcode' id='authcode' size='45' value=''>
</td>
</tr>
<tr>
<td colspan='2' align='right'><input type='submit' name='submit' value='Get Auth Code'>&nbsp;<input type='reset' name='reset' value='Reset'><br />
</td>
</tr>
</table>
</form>

<?php

if(isset($_GET['submit'])) {
$ncharId=$_GET['authcode'];
$q = mysql_query("SELECT * FROM characters WHERE charId = $charId") or die(mysql_error());

while($r = mysql_fetch_array($q)) {
echo 'authcode= '.$r['charId'];
}
}
?>


Next, the action on the form must be a processing page. HTML cannot process, so unless you're using mod_rewrite or have you're addtype set to process .html as another language, this needs to change:


<form name='Donations' action='donations.html' method='POST' enctype='multipart/form-data' onsubmit='return verifyMe();'>


As for the PHP code:


if(isset($_GET['submit'])) {
$ncharId=$_GET['authcode'];
$q = mysql_query("SELECT * FROM characters WHERE charId = $charId") or die(mysql_error());


There is no $charId defined. There is an $ncharId, but no clue what it represents. In any case, I don't understand what you need two buttons for. If you have the char_name provided to you, then just search with the char_name as you're criteria in you're where clause; there is no need to look up the id prior to that point. Throw an index on you're char_name if its searched with often though to help optimize the lookups.

Valken
03-08-2010, 10:50 PM
Ok i have edited a few things like you have said , I have gotten closer.
The reaseon i want 2 buttons is so when the form inputs it grabs the Characters id # and inserts it into a diff table inside the database.

I have replaced the php and form area like you have reconstructed and made the submit action goto a database import.


<?php

/// In order to use this script freely
/// you must leave the following copyright
/// information in this file:
/// Copyright 2006 www.turningturnip.co.uk
/// All rights reserved.

include("connect.php");
$charname = $_POST['charname'];
$charid = $_POST['charid'];
$amount = $_POST['amount'];


$query = "INSERT INTO donatins (charname, charid, amount)
VALUES ('$charname', '$charid', '$amount')";
$results = mysql_query($query);

if ($results)
{
echo "Details added.";
}
mysql_close();

?>


<?php
mysql_connect ("localhost", "root", "******") or die(mysql_error());
mysql_select_db ("l2jdb") or die(mysql_error());

?>

<script language='javascript'>
function verifyMe(){
var msg='';

if(document.getElementById('amount').value==''){
msg+='- Amount\n\n';}

if(document.getElementById('CharName').value==''){
msg+='- CharName\n\n';}

if(msg!=''){
alert('The following fields are empty or invalid:\n\n'+msg);
return false
}else{
return true }

}
</script>
<form name='Donations' action='added.php' method='POST' enctype='multipart/form-data' onsubmit='return verifyMe();'>
<table class='table_form_1' id='table_form_1' cellspacing='0'>
<tr>
<td class='ftbl_row_1' ><LABEL for='amount' ACCESSKEY='2' ><b style='color:red'>*</b>Amount
</td>
<td class='ftbl_row_1a' ><input type='text' name='amount' id='amount' size='7' value=''>
</td>
</tr>
<tr>
<td class='ftbl_row_2' ><LABEL for='CharName' ACCESSKEY='1' ><b style='color:red'>*</b>CharName
</td>
<td class='ftbl_row_2a' ><input type='text' name='CharName' id='CharName' size='20' value=''>
</td>
</tr>
<tr>
<td class='ftbl_row_1' ><LABEL for='authcode' ACCESSKEY='none' ><b style='color:red'>*</b>Char Auth Code
</td>
<td class='ftbl_row_1a' ><input type='password' name='authcode' id='authcode' size='30' value=''>
</td>
</tr>
<tr>
<td colspan='2' align='right'><input type='button' name='getcode' value='Get Auth Code'>&nbsp;<input type='submit' name='submit' value='Submit'><br />
</td>
</tr>
</table>
</form>

<?php

if(isset($_GET['getcode'])) {
$CharName=$_GET['CharName'];
$q = mysql_query("SELECT charId FROM characters WHERE CharName = $CharName") or die(mysql_error());

while($r = mysql_fetch_array($q)) {
echo 'getcode= '.$r['charId'];
}
}
?>

For some reason its not proccesing the info, Please keep in mind that this is my first attemp in building such array. Thanks for your help in advance. (Rodger)

Fou-Lu
03-08-2010, 11:29 PM
You still don't need to retrieve the id on a form itself. You can get it from the char_name when its submitted instead:


<?php

include("connect.php");
$charname = $_POST['charname'];
$amount = $_POST['amount'];

$q = mysql_query("SELECT charId FROM characters WHERE CharName = '$charname'") or die(mysql_error());

$charid = mysql_result($q, 0);

$query = "INSERT INTO donatins (charname, charid, amount)
VALUES ('$charname', '$charid', '$amount')";
$results = mysql_query($query);

if ($results)
{
echo "Details added.";
}
mysql_close();



So you can retrieve anything you want at any time as long as you have one piece of unique data to work with. I assumed that char_name is unique.

Also, look into this article about SQL Injection: http://us3.php.net/manual/en/security.database.sql-injection.php



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum