0

I'm using int type in my database, what I should put in order to catch the input data by users? mysql_real_escape_string is not working because I think he can cater only the string values.

here is my codes.

<?php

/* 
 NEW.PHP
 Allows user to create a new entry in the database
*/
 
 // creates the new record form
 // since this form is used multiple times in this file, I have made it a function that is easily reusable
 function renderForm($receiptNumber, $paymentDate, $ammount, $ammountPaid, $studentId, $errorL)
 {

 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
 <head>
 <title>New Record</title>
 </head>
 <body>
 <?php 
 // if there are any errors, display them
 if ($errorL != '')
 {
 echo '<div style="padding:4px; border:1px solid red; color:red;">'.$errorL.'</div>';
 }
 ?> 
 
 <form action="" method="post">
 <div>

 <strong>Receipt Number: *</strong> <input type="text" name="oicId" value="<?php echo $receiptNumber; ?>" /><br/>
 <strong>Payment Date: *</strong> <input type="text" name="oicName" value="<?php echo $paymentDate; ?>" /><br/>
 <strong>Ammount: *</strong> <input type="text" name="gender" value="<?php echo $ammount; ?>" /><br/>
 <strong>Ammount Paid: *</strong> <input type="text" name="ssgposition" value="<?php echo $ammountPaid; ?>" /><br/>
 <strong>Student ID: *</strong> <input type="text" name="ssgposition" value="<?php echo $studentId; ?>" /><br/>
 <p>* required</p>
 <input type="submit" name="submit" value="Submit">
 
 </div>
 </form> 
 </body>
 </html>
 
 <?php 
 }
 
 
 

 // connect to the database
 include('connect-db.php');
 
 // check if the form has been submitted. If it has, start to process the form and save it to the database
 if (isset($_POST['submit']))
 { 
 // get form data, making sure it is valid
 
 $receiptNumber = ($_POST['receiptNumber']);
 $paymentDate = mysql_real_escape_string(htmlspecialchars($_POST['paymentDate']));
 $ammount = mysql_real_escape_string(htmlspecialchars($_POST['ammount']));
 $ammountPaid = mysql_real_escape_string(htmlspecialchars($_POST['ammountPaid']));
 $studentId = mysql_real_escape_string(htmlspecialchars($_POST['studentId']));

 
 
   
 // check to make sure both fields are entered
 if ($receiptNumber == '' || $paymentDate== ''  || $ammount == '' || $ammountPaid == '' || $studentId == '')
 {
 // generate error message
 $error = 'ERROR: Please fill in all required fields!';
 
 // if either field is blank, display the form again
 renderForm($receiptNumber, $paymentDate, $ammount, $ammountPaid, $studentId, $error);
 }
 else
 {
 // save the data to the database
 mysql_query("INSERT payments SET receiptNumber='$receiptNumber', paymentDate='$paymentDate', ammount='$ammount', ammountPaid='$ammountPaid', studentId='$studentId'")
 or die(mysql_error()); 
 
 // once saved, redirect back to the view page
 header("Location: view.php"); 
 }
 }
 else
 // if the form hasn't been submitted, display the form
 {
 renderForm('','','','','','');
 }
?>

it appears that Error! Notice: Undefined index: receiptNumber in C:\wamp\www\finals\payments\new.php on line 59 until line 63.
please help me guys.

3
Contributors
2
Replies
4
Views
5 Years
Discussion Span
Last Post by cyverge
0

change:

$receiptNumber = ($_POST['receiptNumber']);
 $paymentDate = mysql_real_escape_string(htmlspecialchars($_POST['paymentDate']));
 $ammount = mysql_real_escape_string(htmlspecialchars($_POST['ammount']));
 $ammountPaid = mysql_real_escape_string(htmlspecialchars($_POST['ammountPaid']));
 $studentId = mysql_real_escape_string(htmlspecialchars($_POST['studentId']));

to:

if(isset($_POST['receiptNumber'])){
 $receiptNumber = ($_POST['receiptNumber']);
}else{
 $receiptNumber = '';
}
if(isset($_POST['paymentDate'])){
 $paymentDate = mysql_real_escape_string(htmlspecialchars($_POST['paymentDate']));
}else{
 $paymentDate = '';
}

if(isset($_POST['ammount'])){
 $ammount = mysql_real_escape_string(htmlspecialchars($_POST['ammount']));
}else{
 $ammount = '';
}

if(isset($_POST['ammountPaid'])){
 $ammountPaid = mysql_real_escape_string(htmlspecialchars($_POST['ammountPaid']));
}else{
 $ammountPaid = '';
}
if(isset($_POST['studentId'])){
 $studentId = mysql_real_escape_string(htmlspecialchars($_POST['studentId']));
}else{
 $studentId = '';
}
1

'name' attribute is used in $_POST and everywhere else not the 'value' attribute. put all the 'name' attribute in line 58 to 62 in place of 'value' of input html tags. it will resolve the problem. Thanks


// get form data, making sure it is valid

$receiptNumber = ($_POST['oicId']);
 $paymentDate = mysql_real_escape_string(htmlspecialchars($_POST['oicName']));
 $ammount = mysql_real_escape_string(htmlspecialchars($_POST['gender']));
 $ammountPaid = mysql_real_escape_string(htmlspecialchars($_POST['ssgposition']));
 $studentId = mysql_real_escape_string(htmlspecialchars($_POST['ssgposition']));
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.