html - Php Contact Form Inserting into Mysql -


last edit : works post below working code , after clearing idealcastle said , fixed syntax errors works should javascript validation thank everyone

html code here : 

<form name = "contact " id="contact_form" action="postcontact.php" method="post" onsubmit="return validateform();">                 <div id ="boxc">                     <h3>porosia juaj ?</h3>                     <input name="orders" type="checkbox" value="veshje">veshje                     <input name="orders" type="checkbox" value="mbathje">mbathje                     <input name="orders" type="checkbox" value="stoli">stoli                 </div>                 <div class="row">                     <label class="required" for="name" >emri:</label><br />                     <input id="name" name="name" type="text" value="" size="30" placeholder = "emri"/><br />                     <span id="name_validation" class="error"></span>                 </div>                 <label class="required"  >country/state:</label><br />                 <div class = "row"id="statecmb"><select name = "state">                      <option value="chose" selected>[choose yours]</option>                     <option value="albania">albania</option>                     <option value="kosovo">kosovo</option>                     <option value="germany">germany</option>                     <option value="bangladesh">bangladesh</option>                  </select>                 <span id="state_validation" class="error"></span></div>                 <div class="row">                     <label class="required" for="email" >email:</label><br />                     <input id="email" name="email" type="text" value="" size="30"placeholder = "email" /><br />                     <span id="email_validation" class="error"></span>                 </div>                 <div class="row">                     <label class="required" for="message" >mesazhi:</label><br />                     <textarea id="message" name="message" rows="7" cols="30" placeholder = "mesazhi"></textarea><br />                     <span id="message_validation" class="error"></span>                 </div>                  <input name="submit" id = "sub"type="submit" value="submit" />                 <div class="rating">                     <h3>vlerso sherbimin :</h3>                     <input type="radio" name="rate" value="1">1                     <input type="radio" name="rate"value="2">2                     <input type="radio" name="rate" value="3">3                     <input type="radio"name="rate" value="4">4                     <input type="radio" name="rate" value="5">5                 </div>             </form>

javascript file : 

function validateform() {     var valid = 1;     var email = document.getelementbyid('email');     var email_validation = document.getelementbyid("email_validation");     var name = document.getelementbyid('name');     var name_validation = document.getelementbyid("name_validation");     var message_validation = document.getelementbyid("message_validation");     var filter = /^([a-za-z0-9_\.\-])+\@(([a-za-z0-9\-])+\.)+([a-za-z0-9]{2,4})+$/;      if (name.value === "") {         valid = 0;         name_validation.innerhtml = "ju lutem shenoni emrin tuaj";         name_validation.style.display = "block";         name_validation.parentnode.style.backgroundcolor = "#ffdfdf";     } else {         name_validation.style.display = "none";         name_validation.parentnode.style.backgroundcolor = "transparent";     }      if (message.value === "") {         valid = 0;         message_validation.innerhtml = "ju lutem plotesoni fushen e mesazhit";         message_validation.style.display = "block";         message_validation.parentnode.style.backgroundcolor = "#ffdfdf";     } else {         message_validation.style.display = "none";         message_validation.parentnode.style.backgroundcolor = "transparent";     }      if (email.value === "") {         valid = 0;         email_validation.innerhtml = "ju lutem shenoni email tuaj";         email_validation.style.display = "block";         email_validation.parentnode.style.backgroundcolor = "#ffdfdf";     } else {         email_validation.style.display = "none";         email_validation.parentnode.style.backgroundcolor = "transparent";     }      if (!filter.test(email.value)) {         valid = 0;         email_validation.innerhtml = "email juaj nuk eshte valid";         email_validation.style.display = "block";         email_validation.parentnode.style.backgroundcolor = "#ffdfdf";     } else {         email_validation.style.display = "none";         email_validation.parentnode.style.backgroundcolor = "transparent";     }     if (!valid)         alert("keni error : fushat duhen te plotesohen ");  }

php file :

<?php $host = 'localhost'; $user = 'root'; $pass = ''; $db = 'herdesigns'; $con = mysqli_connect($host, $user, $pass,$db) or die(mysqli_error()); /* mysqli_select_db($con , $db); */ ?>  <?php  if (isset($_post['submit'])) { $name = mysqli_real_escape_string($con, $_post['name']); $email = mysqli_real_escape_string($con, $_post['email']); $message = mysqli_real_escape_string($con, $_post['message']); $rate = mysqli_real_escape_string($con, $_post['rate']); $orders = mysqli_real_escape_string($con, $_post['orders']); $state = mysqli_real_escape_string($con, $_post['state']); /*$con = mysqli_connect($host, $user, $pass,$db) or die(mysqli_error());*/ /*mysqli_select_db($con , $db);*/ $sql = "insert contacts ( orders, name, state, email, message, rate ) values ( '$orders', '$name', '$state', '$email', '$message', '$rate' )"; if (!mysqli_query($con,$sql)) { die('error: ' . mysqli_error($con)); } echo "mesazhi juaj eshte postuar me sukses"; header('location:contact.php');  mysqli_query($con, $sql);  mysqli_close($con); } ?>

edit: field now() going too?

i remove if there no actual field send datetime. or add field that. try submitting mysql without now() 

$sql = "insert contacts (             name,             email,             message,             rate,             orders,             state         )         values (             '$name',             '$email',             '$message',             '$rate',             '$orders',              '$state'         )";

first thing notice php code being shown in browser. if being sent file:// not good, should using 

http//localhost/

(if testing locally) or of course using server url if live.

found here
browser showing php code instead of processing it

second, should sanitize mysql data being entered. if of values submits content single/double quote, mysql query fail.

since using old mysql function, here escape function should work

 mysql_real_escape_string()

i this,

 $sql = "insert contacts (             name,             email,             message,             rate,             orders,             state         )         values (             '".mysql_real_escape_string($name)."',             '".mysql_real_escape_string($email)."',             '".mysql_real_escape_string($message)."',             '".mysql_real_escape_string($rate)."',             '".mysql_real_escape_string($orders)."',              '".mysql_real_escape_string($state)."',             now()         )";

i not sure if of these cause, red flags have posted. should sanitize (escape) inputs crashing mysql queries.


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque...
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass...
Read more

jquery - Keeping Kendo Datepicker in min/max range -

when user types type in date outside of range, we're trying ensure date gets changed closest min/max. text displayed in date picker not change though thought script changing value() @(html.kendo() .datepickerfor(x => x.dob) .max(new datetime(datetime.now.addyears(-18).year, datetime.now.addyears(-18).month, datetime.now.addyears(-18).day)) .min(new datetime(datetime.now.addyears(-70).year, datetime.now.addyears(-70).month, datetime.now.addyears(-70).day)) .events(e=>e.change("ondobchange")) .htmlattributes(new { required = "required", ng_model = "model.dob" })) <p ng-show="validatestate.submitted && frmmain.dob.$invalid" class="help-block">please select</p> <script> function ondobchange(e) { var d...
Read more