Insert to database when submit button is clicked

Artyboy2011 · 12-07-2011, 11:56 AM

I need to insert user session to a database when the submit button is clicked.
So far i have the insert query set up, i just need to know how to run that when the button is clicked.

Thanks

LSCare · 12-07-2011, 12:39 PM

On the page that is the action in the form (<form action="thispage.php">...) place your code.

If it is in the page in which the form is in then use the isset() function e.g.

PHP Code:


			
if(isset($_POST['fieldname']){script}

Otherwise it will only be triggered when the form calls the action so the need for that security is less.

If this doesn't make any sense... Please can you post your HTML and PHP script.

Artyboy2011 · 12-07-2011, 12:41 PM

ive got this so far. i just want an add button, not a whole form.

PHP Code:


			
<form name="freinds_request" method="post" action="friendrequest.php">

<input type="submit" name="Submit" id="'$username'" value="Login">

</form>



<?php

if(isset($friends_request)){

    $sendfriend = $mysql_fetch_assoc("INSERT INTO users(friend_request) WHERE name='$friends_name' VALUES('$username')");

    while(isset($friends_request)){

        echo 'Friends request sent!';

        }

    }

?>

i guess i could have a button that acts like a like to another page (say friendsrequest.php) and in friends request.php it automatically runs the query. That idea is open to vulnerabilitys thoyugh because then anyone could type in friendsrequest.php?id=whatever and add them as a friend.

any better ways?

BluePanther · 12-07-2011, 05:05 PM

To check if a form is submitted, you can check for empty($_POST).

Form items need to be named, as the names become indexes in the sent POST array.

PHP Code:


			
<?php
if(empty($_POST)){
?>
    <form name="freinds_request" method="post" action="friendrequest.php">
        <input type="text" name="username" /> 
        <input type="submit" name="Submit" id="'$username'" value="Login"> 
    </form>
<?php
}
else{
    $username = $_POST['username'];
    // IMPORTANT FUNCTION - secures user input in sql queries against SQL injection.
    $username = mysql_real_escape_string($username);
    // mysql_fetch_* functions are not for executing queries - they're for fetching results from a query
    // You need to use this instead. Or die will kill the script on error, and output the value in mysql_error().
    $result = mysql_query("INSERT INTO `table` (`username`) VALUES ('$username')") or die(mysql_error());
    echo 'Username inserted'; 
} 
?>

Artyboy2011 · 12-08-2011, 11:55 AM

i understand that, but i need to have 2 variables ($userid-created as a session and $friendid-the page will be friends.php?id=$friendid) posted from 1 submit button.
is there anyway to do this?

Quote:

Originally Posted by BluePanther

To check if a form is submitted, you can check for empty($_POST).

Form items need to be named, as the names become indexes in the sent POST array.

PHP Code:


			
<?php

if(empty($_POST)){

?>

    <form name="freinds_request" method="post" action="friendrequest.php">

        <input type="text" name="username" /> 

        <input type="submit" name="Submit" id="'$username'" value="Login"> 

    </form>

<?php

}

else{

    $username = $_POST['username'];

    // IMPORTANT FUNCTION - secures user input in sql queries against SQL injection.

    $username = mysql_real_escape_string($username);

    // mysql_fetch_* functions are not for executing queries - they're for fetching results from a query

    // You need to use this instead. Or die will kill the script on error, and output the value in mysql_error().

    $result = mysql_query("INSERT INTO `table` (`username`) VALUES ('$username')") or die(mysql_error());

    echo 'Username inserted'; 

} 

?>

LSCare · 12-08-2011, 11:57 AM

Yes.. Add another input to the form.

Code:

<form name="freinds_request" method="post" action="friendrequest.php"> 
  <input type="text" name="username" />
  <input type="..." name="..." />
  <input type="submit" name="Submit" id="'$username'" value="Login">  
</form>

Then both will be sent with the submit button (the names of each input must be different though).

Artyboy2011 · 12-08-2011, 06:33 PM

Quote:

Originally Posted by LSCare

Yes.. Add another input to the form.

Thats exactly my problem, i need it to all be sent in 1 form. At the moment i have it set up like this.

site.com/addfriend.php?id=FRIENDSIDHERE

PHP Code:


			
<?php
session_start();
$username = $_SESSION['myusername'];
$friendid = $_GET['friendid'];
   if(isset($_SESSION['$username']) && isset($_GET['friendid'])){
      $sendfriend = $mysql_query("INSERT INTO users(friend_request) WHERE id='$friendid' VALUES('$username')");
    while($row = mysql_fetch_assoc($sendfriend)){
        echo "'$username' has requested to be friends with '$friendid'";
}
}
?>

This doesn't seem to be working though.

NOTE: I WILL BE MAKING THE SCRIPT MORE SECURE ONCE IT IS ALL WORKING.