0

I have an html form when i submit it it goes to a php page. i want to change the action so the php execution happens on the same page.

<form method ="POST" action = "user.php">
<table align="right" cellpadding="10" cellspacing="0">
<tr>
<td>EMail: </td>
<td><input type="text" name="email" /></td>
<tr>
<td>First Name: </td>
<td><input type="text" name="fname" /></td>
<tr>
<td>Last Name: </td>
<td><input type="text" name="lname" /></td>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
<tr>
<td><input type ="submit"></td>
</tr>
</table>
</form>

<?php
	//conection
	include('sqlconn.php');
	$mysql = new sqlConnection;
	
	//retrive data from POST form
	$email=$_POST['email'];
	$fname=$_POST['fname'];
	$lname=$_POST['lname'];
	$password=$_POST['password'];
	
	//insert data into DB
	$query = "INSERT INTO  `client_Info`.`users` (`email` ,`fname` ,`lname` ,`password`)
				VALUES (NULL , '$email', '$fname', '$lname', '$password')";			
	mysql_query($query) or die('Error, insert query failed');
	$last_Id = mysql_insert_id();
	
	$mysql->close();
	
	//redirect back to login page.
	header( 'Location: http://localhost/testsite' ) ;
?>
4
Contributors
5
Replies
9
Views
7 Years
Discussion Span
Last Post by diafol
1

You would be best to send the form to another page to avoid resending data when the page is refreshed/reloaded.

So

firstpage.php (containing form)

SENT TO

formhandler.php (validates, processes and decides on further action)

DEPENDING on data sent REDIRECT [using header()] TO

firstpage.php
secondpage.php
...(etc)...

You can do a send to same page by:

...action="<?php echo $_SERVER['PHP_SELF'];?>"...

Which means that the form will be sent to the same page even if you rename the file itself.

Your code will probably raise an error when you first show the page as there is no $_POST data to display. You can get around this by checking for $_POST data:

<?php

if(isset($_POST['sub])){
	//conection
	include('sqlconn.php');
	$mysql = new sqlConnection;
 
	//retrive data from POST form
	$email=$_POST['email'];
	$fname=$_POST['fname'];
	$lname=$_POST['lname'];
	$password=$_POST['password'];
 
	//insert data into DB
	$query = "INSERT INTO  `client_Info`.`users` (`email` ,`fname` ,`lname` ,`password`)
				VALUES (NULL , '$email', '$fname', '$lname', '$password')";			
	mysql_query($query) or die('Error, insert query failed');
	$last_Id = mysql_insert_id();
 
	$mysql->close();
 
	//redirect back to login page.
	header( 'Location: http://localhost/testsite' ) ;
}

?>

...DTD/HEAD/ETC...

<form method ="post" action = "<?php echo $_SERVER['PHP_SELF'];?>">
<table align="right" cellpadding="10" cellspacing="0">
<tr>
<td>EMail: </td>
<td><input type="text" name="email" id="email" /></td>
<tr>
<td>First Name: </td>
<td><input type="text" name="fname" id="fname" /></td>
<tr>
<td>Last Name: </td>
<td><input type="text" name="lname" id="lname" /></td>
<tr>
<td>Password:</td>
<td><input type="password" name="password" id="password" /></td>
<tr>
<td><input type ="submit" id="sub" name="sub" value = "Log In" /></td>
</tr>
</table>
</form>

I'm not quite sure what you're trying to do, but this will show the form every time the page is opened for the first time. The page however will fly to the login page after the form is sent if subsequent SQL doesn't kill the script. BTW, notice that I've placed the php before the DTD. You must not have any output to the page before header() is called or you'll get an error.

Edited by diafol: n/a

-1

if you're trying to give the page an ajax feel (without actually doing the ajax), i'd look into doing an iframe and setting it to not be visible via CSS. This way, you're technically sending the data to another page but it appears as if you aren't... there's lots of tutorials out there if you google iframes php form submission. i've done it before so i know it's possible. i haven't in a while though or i'd post some code. so the user knows they submitted the form, i'd have some javascript change something on the page to say thanks for submitting and disable all of the form's input fields. just trying to give you another option, hope it helps.

2

Hey.

Just thought I would point out that both the code examples above are wide open to SQL Injection.
You two are probably aware of this fact, but other readers may not be. (Safety first! :P)

Check out the mysql_real_escape_string function. Learn to love it! :)

0

Yes, good point Atli. Didn't mess with the code too much, just rearranged it.

@Mrjoli: if you don't follow what Atli's referring to - it's the $_POST variables - they need to be cleaned or 'sanitized' before being passed to an SQL query.

mysql_real_escape_string() is the usual method, e.g.

$lname= mysql_real_escape_string($_POST['lname']);

WRT iframes -although this used to be a popular ajax technique, there are other ajax techniques available which may be more suitable. JQuery and Prototype (as well as others) serve to simplify the creation of ajax objects and the transfer of client->server data.

when i hit submit it just refreshes the page

Are you referring to your original script or to the one I suggested? If mine, it may be due to this:

if(isset($_POST['sub])){

Should be

if(isset($_POST['sub'])){

Sorry - forgot the closing single quote. There may be other typos as my code isn't tested.

Edited by diafol: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.