Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Mar 2010
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Post PhP Form from DB callout

    Im trying to get the Char's id from a database, relative to what character they input to a feild. Need 2 buttons, One to retrive the ID and insert into empty feild and one to submit the form. If anyone could help it would be much appreceated. Thanks,

    DataBase Structure
    Code:
     `account_name` VARCHAR(45) DEFAULT NULL,
      `charId` INT UNSIGNED NOT NULL DEFAULT 0,
      `char_name` VARCHAR(35) NOT NULL,
      `level` TINYINT UNSIGNED DEFAULT NULL,
    Form and Database Callout Structure
    PHP Code:
    <?php
    mysql_connect 
    ("localhost""root""******") or die(mysql_error()); 
    mysql_select_db ("characters") or die(mysql_error());


    <
    script language='javascript'>
    function 
    verifyMe(){
    var 
    msg='';

    if(
    document.getElementById('amount').value==''){
        
    msg+='- Amount\n\n';}

    if(
    document.getElementById('CharName').value==''){
        
    msg+='- CharName\n\n';}

    if(
    document.getElementById('authcode').value==''){
        
    msg+='- Char Auth Code\n\n';}

    if(
    msg!=''){
        
    alert('The following fields are empty or invalid:\n\n'+msg);
        return 
    false
    }else{
        return 
    true }

    }
    </script>
    <form name='Donations' action='donations.html' method='POST' enctype='multipart/form-data' onsubmit='return verifyMe();'>
    <table class='table_form_1' id='table_form_1' cellspacing='0'>
        <tr>
            <td class='ftbl_row_1' ><LABEL for='amount' ACCESSKEY='2' ><b style='color:red'>*</b>Amount
            </td>
            <td class='ftbl_row_1a' ><input type='text' name='amount' id='amount' size='45' value=''>
            </td>
        </tr>
        <tr>
            <td class='ftbl_row_2' ><LABEL for='CharName' ACCESSKEY='1' ><b style='color:red'>*</b>CharName
            </td>
            <td class='ftbl_row_2a' ><input type='text' name='CharName' id='CharName' size='45' value=''>
            </td>
        </tr>
        <tr>
            <td class='ftbl_row_1' ><LABEL for='authcode' ACCESSKEY='none' ><b style='color:red'>*</b>Char Auth Code
            </td>
            <td class='ftbl_row_1a' ><input type='password' name='authcode' id='authcode' size='45' value=''>
            </td>
        </tr>
        <tr>
            <td colspan='2' align='right'><input type='submit' name='submit' value='Get Auth Code'>&nbsp;<input type='reset' name='reset' value='Reset'><br />
            </td>
        </tr>
    </table>
    </form>


    if(isset($_GET['submit'])) {
      $ncharId=$_GET['authcode']; 
      $q = mysql_query("SELECT * FROM characters WHERE charId = $charId") or die(mysql_error());

      while($r = mysql_fetch_array($q)) {
        echo 'authcode= '.$r['charId']; 
      }
    }
    ?>

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    First and foremost, you need to fix this entire page. Javascript cannot be embedded into PHP code, you must escape it as text. Same goes for the html:
    PHP Code:
    <?php 
    mysql_connect 
    ("localhost""root""******") or die(mysql_error());  
    mysql_select_db ("characters") or die(mysql_error()); 

    ?>

    <script language='javascript'> 
    function verifyMe(){ 
    var msg=''; 

    if(document.getElementById('amount').value==''){ 
        msg+='- Amount\n\n';} 

    if(document.getElementById('CharName').value==''){ 
        msg+='- CharName\n\n';} 

    if(document.getElementById('authcode').value==''){ 
        msg+='- Char Auth Code\n\n';} 

    if(msg!=''){ 
        alert('The following fields are empty or invalid:\n\n'+msg); 
        return false 
    }else{ 
        return true } 


    </script> 
    <form name='Donations' action='donations.html' method='POST' enctype='multipart/form-data' onsubmit='return verifyMe();'> 
    <table class='table_form_1' id='table_form_1' cellspacing='0'> 
        <tr> 
            <td class='ftbl_row_1' ><LABEL for='amount' ACCESSKEY='2' ><b style='color:red'>*</b>Amount 
            </td> 
            <td class='ftbl_row_1a' ><input type='text' name='amount' id='amount' size='45' value=''> 
            </td> 
        </tr> 
        <tr> 
            <td class='ftbl_row_2' ><LABEL for='CharName' ACCESSKEY='1' ><b style='color:red'>*</b>CharName 
            </td> 
            <td class='ftbl_row_2a' ><input type='text' name='CharName' id='CharName' size='45' value=''> 
            </td> 
        </tr> 
        <tr> 
            <td class='ftbl_row_1' ><LABEL for='authcode' ACCESSKEY='none' ><b style='color:red'>*</b>Char Auth Code 
            </td> 
            <td class='ftbl_row_1a' ><input type='password' name='authcode' id='authcode' size='45' value=''> 
            </td> 
        </tr> 
        <tr> 
            <td colspan='2' align='right'><input type='submit' name='submit' value='Get Auth Code'>&nbsp;<input type='reset' name='reset' value='Reset'><br /> 
            </td> 
        </tr> 
    </table> 
    </form> 

    <?php

    if(isset($_GET['submit'])) { 
      
    $ncharId=$_GET['authcode'];  
      
    $q mysql_query("SELECT * FROM characters WHERE charId = $charId") or die(mysql_error()); 

      while(
    $r mysql_fetch_array($q)) { 
        echo 
    'authcode= '.$r['charId'];  
      } 

    ?>
    Next, the action on the form must be a processing page. HTML cannot process, so unless you're using mod_rewrite or have you're addtype set to process .html as another language, this needs to change:
    Code:
    <form name='Donations' action='donations.html' method='POST' enctype='multipart/form-data' onsubmit='return verifyMe();'>
    As for the PHP code:
    PHP Code:
    if(isset($_GET['submit'])) { 
      
    $ncharId=$_GET['authcode'];  
      
    $q mysql_query("SELECT * FROM characters WHERE charId = $charId") or die(mysql_error()); 
    There is no $charId defined. There is an $ncharId, but no clue what it represents. In any case, I don't understand what you need two buttons for. If you have the char_name provided to you, then just search with the char_name as you're criteria in you're where clause; there is no need to look up the id prior to that point. Throw an index on you're char_name if its searched with often though to help optimize the lookups.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    New to the CF scene
    Join Date
    Mar 2010
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Getting Closer :)

    Ok i have edited a few things like you have said , I have gotten closer.
    The reaseon i want 2 buttons is so when the form inputs it grabs the Characters id # and inserts it into a diff table inside the database.

    I have replaced the php and form area like you have reconstructed and made the submit action goto a database import.

    PHP Code:
    <?php    

    /// In order to use this script freely
    /// you must leave the following copyright
    /// information in this file:
    /// Copyright 2006 www.turningturnip.co.uk
    /// All rights reserved.

    include("connect.php");
    $charname $_POST['charname'];
    $charid $_POST['charid'];
    $amount $_POST['amount'];


    $query "INSERT INTO donatins (charname, charid, amount)
    VALUES ('$charname', '$charid', '$amount')"
    ;
    $results mysql_query($query);

    if (
    $results)
    {
    echo 
    "Details added.";
    }
    mysql_close();

    ?>
    PHP Code:
    <?php  
    mysql_connect 
    ("localhost""root""******") or die(mysql_error());   
    mysql_select_db ("l2jdb") or die(mysql_error());  

    ?> 

    <script language='javascript'>  
    function verifyMe(){  
    var msg='';  

    if(document.getElementById('amount').value==''){  
        msg+='- Amount\n\n';}  

    if(document.getElementById('CharName').value==''){  
        msg+='- CharName\n\n';}  

    if(msg!=''){  
        alert('The following fields are empty or invalid:\n\n'+msg);  
        return false  
    }else{  
        return true }  

    }  
    </script>  
    <form name='Donations' action='added.php' method='POST' enctype='multipart/form-data' onsubmit='return verifyMe();'>  
    <table class='table_form_1' id='table_form_1' cellspacing='0'>  
        <tr>  
            <td class='ftbl_row_1' ><LABEL for='amount' ACCESSKEY='2' ><b style='color:red'>*</b>Amount  
            </td>  
            <td class='ftbl_row_1a' ><input type='text' name='amount' id='amount' size='7' value=''>  
            </td>  
        </tr>  
        <tr>  
            <td class='ftbl_row_2' ><LABEL for='CharName' ACCESSKEY='1' ><b style='color:red'>*</b>CharName  
            </td>  
            <td class='ftbl_row_2a' ><input type='text' name='CharName' id='CharName' size='20' value=''>  
            </td>  
        </tr>  
        <tr>  
            <td class='ftbl_row_1' ><LABEL for='authcode' ACCESSKEY='none' ><b style='color:red'>*</b>Char Auth Code  
            </td>  
            <td class='ftbl_row_1a' ><input type='password' name='authcode' id='authcode' size='30' value=''>  
            </td>  
        </tr>  
        <tr>  
            <td colspan='2' align='right'><input type='button' name='getcode' value='Get Auth Code'>&nbsp;<input type='submit' name='submit' value='Submit'><br />  
            </td>  
        </tr>  
    </table>  
    </form>  

    <?php 

    if(isset($_GET['getcode'])) {  
      
    $CharName=$_GET['CharName'];   
      
    $q mysql_query("SELECT charId FROM characters WHERE CharName = $CharName") or die(mysql_error());  

      while(
    $r mysql_fetch_array($q)) {  
        echo 
    'getcode= '.$r['charId'];   
      }  
    }  
    ?>
    For some reason its not proccesing the info, Please keep in mind that this is my first attemp in building such array. Thanks for your help in advance. (Rodger)
    Last edited by Valken; 03-08-2010 at 09:53 PM.

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    You still don't need to retrieve the id on a form itself. You can get it from the char_name when its submitted instead:
    PHP Code:
    <?php

    include("connect.php"); 
    $charname $_POST['charname']; 
    $amount $_POST['amount']; 

    $q mysql_query("SELECT charId FROM characters WHERE CharName = '$charname'") or die(mysql_error());

    $charid mysql_result($q0);

    $query "INSERT INTO donatins (charname, charid, amount) 
    VALUES ('$charname', '$charid', '$amount')"

    $results mysql_query($query); 

    if (
    $results

    echo 
    "Details added."

    mysql_close();
    So you can retrieve anything you want at any time as long as you have one piece of unique data to work with. I assumed that char_name is unique.

    Also, look into this article about SQL Injection: http://us3.php.net/manual/en/securit...-injection.php
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    Valken (03-09-2010)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •