Hi

I have an 'edit_profile' form.
I'm having several issues with this form . There are some fields which are working fine and some aren't.

This 1st issue is regarding the textarea fields

When the user updates their profile, any field, the textarea adds characters which are

bye<br /><br /><br />\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\r\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\nbye<br /><br /><br />\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\r\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

This is the output field:

 <textarea name="reg_info" cols="45" rows="5" class="roundedfield" id="reg_info"><?php if (!empty($reg_info)) echo nl2br(htmlspecialchars($reg_info, ENT_NOQUOTES, 'UTF-8')); ?></textarea>

I'm using a parameterised query to insert to the datbase:

// $stmnt1 = $db->stmt_init();

  if ($stmnt1 = $dbc -> prepare("UPDATE tutor_reg SET ID=?,reg_name=?, reg_NRIC=?, reg_add_1=?,reg_add_2=?,reg_postcode=?, reg_contact_h=?, reg_contact_m=?, reg_email=?,reg_gender=?, reg_dob=?, reg_situation=?, reg_ethnic=?, reg_other=?, reg_nationality=?, screenpath=?, reg_image=?, pdfpath=?, pdf_main=?, reg_occupy=?, reg_edulevel=?, reg_institute=?, reg_course=?, reg_year=?, reg_qual=?, reg_achieve=?, reg_info=?, reg_exp=?, reg_level1=?, reg_level2=?, reg_level3=?, reg_sub1=?, reg_sub2=?, reg_sub3=?, reg_area=?, reg_rate=?, username=?, secQ=?,secA=?,reg_howhear=? WHERE ID=?")) {

  $stmnt1->bind_param("isssssiisssssssssssssssisssisssssssisissi", $ID, $reg_name, $reg_NRIC, $reg_add_1, $reg_add_2, $reg_postcode, $reg_contact_h, $reg_contact_m, $reg_email, $reg_gender, $reg_dob, $reg_situation, $reg_ethnic, $reg_other, $reg_nationality, $screenpath, $reg_image_name, $pdfpath, $pdf_main_name, $reg_occupy, $reg_edulevel, $reg_institute, $reg_course, $reg_year, $reg_qual, $reg_achieve, $reg_info, $reg_exp, $reg_level1, $reg_level2, $reg_level3, $reg_sub1, $reg_sub2, $reg_sub3, $reg_area, $reg_rate, $username, $secQ, $secA, $reg_howhear,$ID);
  $stmnt1->execute();
  $stmnt1->close();

Issue with Contact Number Fields

My second issue is regarding the contact fields: reg_contact_h & reg_contact_m
The are set as int in the database.
When the user edit their profile and submits the form, the original contact numbers are removed from the database.
If a user edits a contact number, it is also not uploaded to the database.
The issue must lie in the query, but I just can't see where it is.

The code is quite long with a pile of jquery client-side and php server side validation going on (some of which is working and some isn't which is also strange)....I can't work out where all the problems are.

<label for="rqst_contact_h"></label>
              <input type="text" name="rqst_contact_h" class="roundedfield" id="rqst_contact_h" value="<?php if (!empty($reg_contact_h)) echo htmlspecialchars($reg_contact_h, ENT_NOQUOTES, 'UTF-8'); ?>" size="20">
              <label for="rqst_contact_m"></label>
              <input type="text" name="rqst_contact_m" class="roundedfield" id="rqst_contact_m" value="<?php if (!empty($reg_contact_m)) echo htmlspecialchars($reg_contact_m, ENT_NOQUOTES, 'UTF-8'); ?>" size="20">

Recommended Answers

All 16 Replies

I'm trying to upload a .txt file of the page but seems I'm not allowed?

Try to zip it. By the way for me it works fine.

Regarding your first issue, this is probably caused by nl2br, everytime you print the code to the textarea it will translate the new lines to <br />, but it will not remove the new lines. If you remove strip_tags() from the below script, add few lines to the textarea and start to resubmit the form, you will see how the newlines will multiply.

Regarding your second issue, if those are integers then use trim() and intval() so you remove extraspaces and if the submitted datum is not an integer, it will return 0.

Here's an example:

<?php

    $reg_info = 'Hello World';
    $reg_contact_h = 12;
    $reg_contact_m = 17;

    if($_POST)
    {
        print_r($_POST);

        $reg_info = nl2br(strip_tags($_POST['reg_info']), true);
        $reg_contact_h = intval(trim($_POST['rqst_contact_h']));
        $reg_contact_m = intval(trim($_POST['rqst_contact_m']));
    }

?>
<html>
    <head>
        <title>Eban Bury Test Page</title>
    </head>
    <body>
        <form method="post" action="">
            <textarea name="reg_info" cols="45" rows="5" class="roundedfield" id="reg_info"><?php if (!empty($reg_info)) echo htmlspecialchars($reg_info, ENT_NOQUOTES, 'UTF-8'); ?></textarea>

            <label for="rqst_contact_h"></label>
            <input type="text" name="rqst_contact_h" class="roundedfield" id="rqst_contact_h" value="<?php if (!empty($reg_contact_h)) echo $reg_contact_h; ?>" size="20">

            <label for="rqst_contact_m"></label>
            <input type="text" name="rqst_contact_m" class="roundedfield" id="rqst_contact_m" value="<?php if (!empty($reg_contact_m)) echo $reg_contact_m; ?>" size="20">

            <input type="submit" name="submit" value="send" />
        </form>
    </body>
</html>

Hope it helps, bye! :)

Hi Yes thanks for that. I am still having problems with both areas though.

When a user first registers, the numbers go to the database fine. But as soon as they want to edit their profile anything that was there previously is wiped out and also any new number put in doesn't upload. Yes it shows as a 0 in the database. They are integers.

For the textarea I can see that by just having the strip_tags and no nl2br it works. However I still dont' seem to be able to apply it to my own form.

These are the fields bringing brought back for editing:

// Connect to the database
  require_once ('dbc.php');

  if ($row_rs_reg !=NULL) {
    // Grab the profile data from the POST
    $reg_contact_h = $row_rs_reg['reg_contact_h'];
    $reg_contact_m = $row_rs_reg['reg_contact_m'];
    $reg_achieve = $row_rs_reg['reg_achieve'];
    $reg_info = $row_rs_reg['reg_info'];

So the Post on Submitting the Form is:

if ($_POST['form_submitted'] == '1') 
{
    // Grab the profile data from the POST
    $reg_contact_h = mysqli_real_escape_string($dbc, intval(trim($_POST['reg_contact_h'])));
    $reg_contact_m = mysqli_real_escape_string($dbc, intval(trim($_POST['reg_contact_m'])));
    $reg_achieve = strip_tags(mysqli_real_escape_string($dbc, trim($_POST['reg_achieve'])));
    $reg_info = strip_tags(mysqli_real_escape_string($dbc, trim($_POST['reg_info'])));

And the fields are as follows:

<td>
              <label for="rqst_contact_h"></label>
              <input type="text" name="rqst_contact_h" class="roundedfield" id="rqst_contact_h" value="<?php if (!empty($reg_contact_h)) echo htmlspecialchars($reg_contact_h, ENT_NOQUOTES, 'UTF-8'); ?>" size="20">
              <label for="rqst_contact_m"></label>
              <input type="text" name="rqst_contact_m" class="roundedfield" id="rqst_contact_m" value="<?php if (!empty($reg_contact_m)) echo htmlspecialchars($reg_contact_m, ENT_NOQUOTES, 'UTF-8'); ?>" size="20">
             </td>

              <textarea name="reg_info" cols="45" rows="5" class="roundedfield" id="reg_info"><?php if (!empty($reg_info)) echo htmlspecialchars($reg_info, ENT_NOQUOTES, 'UTF-8'); ?></textarea>

Regarding the integers it seems all fine. Are you allowing negative integers?

Because if the integer column in the database is unsigned the negative value will be translated to 0, test:

> create table test(id int unsigned not null);
> insert into test (id) values(-200);
Query OK, 1 row affected, 1 warning (0.11 sec)

> show warnings;
+---------+------+---------------------------------------------+
| Level   | Code | Message                                     |
+---------+------+---------------------------------------------+
| Warning | 1264 | Out of range value for column 'id' at row 1 |
+---------+------+---------------------------------------------+

> select * from test;
+----+
| id |
+----+
|  0 |
+----+
1 row in set (0.01 sec)

As you see, in such case you will get a warning, but not an error and from PHP it will seem to work as expected.

Hi
Thanks so much for getting back to me.

I'm confused as I've never had an issue with numbers before. When a user registers in the 1st place their tel numbers store to the database fine. It is only in this edit form that whether the number is updated or not, what was orginally in their is wiped.

The only different between the original registration form and the edit form is that fact that the edit form brings the data back and for my update I'm using a parameterised query....
When I change the numbers back to varchar, no difference, just the 0 becomes a blank.

The strip_tags() is also doing nothing for the issues with the carriage returns. I feel like I've tried everything in the above 3 stages....

testing\\r\\n\\r\\ntesting

Hi
Textarea issue solved.
This is the change I made:

 $reg_achieve = strip_tags(mysqli_real_escape_string($dbc, trim($_POST['reg_achieve'])));

Became this:

 $reg_achieve = strip_tags($_POST['reg_achieve']);

It appears if you remove 'mysqli_real_escape_string' then it works.

No I'm just left with the contact numbers not getting updated to the database....

Ok try to do the same with the integer columns, since you're using prepared statements you can avoid mysqli_real_escape_string().

No still enters the 0 and wipes what I've entered. It is strange as I have another field in the table, also an integer, and that is fine. I've checked to see what differences in the fields and can't see anything at all....

Maybe I got it: the name in the input field is rqst_contact_h while the script searches for reg_contact_h in the POST array and the same happens with reg_contact_m. So this:

<input type="text" name="rqst_contact_h" class="roundedfield" id="rqst_contact_h" value="<?php if (!empty($reg_contact_h)) echo htmlspecialchars($reg_contact_h, ENT_NOQUOTES, 'UTF-8'); ?>" size="20">

Must be:

<input type="text" name="reg_contact_h" class="roundedfield" id="reg_contact_h" value="<?php if (!empty($reg_contact_h)) echo htmlspecialchars($reg_contact_h, ENT_NOQUOTES, 'UTF-8'); ?>" size="20">

Otherwise change the server-side part, i.e. this:

$reg_contact_h = intval(trim($_POST['reg_contact_h']));

Becomes:

$reg_contact_h = intval(trim($_POST['rqst_contact_h']));

If it does not work, try by printing all the POST array:

print_r($_POST);

So you can check if the values are correct. If still in doubt and if you can, then please share all the part of the code that receives the POST request. Hope it helps! :)

reg_exp is another field which is an integer. When a user edits the form the original data stays. Or if the user edits that particular field, it also submits to the database fine. However the 2 x contact numbers are behaving differently...for no apparent reason.

The validation (client or server side) isn't working either for those fields, but is for other fields like reg_postcode. The code seems consistent to me. I wrote it. But the fields are all behaving differently.....

Exactly, as I wrote in my last post, check line 796:

$reg_contact_h = mysqli_real_escape_string($dbc, trim($_POST['reg_contact_h']));
$reg_contact_m = mysqli_real_escape_string($dbc, trim($_POST['reg_contact_m']));

And then line 1018:

<tr>
    <td class="mainans">Contact Details*</td>
    <td>
        <label for="rqst_contact_h"></label>
        <input type="text" name="rqst_contact_h" class="roundedfield" id="rqst_contact_h" value="<?php if (!empty($reg_contact_h)) echo htmlspecialchars($reg_contact_h, ENT_NOQUOTES, 'UTF-8'); ?>" size="20">
        <label for="rqst_contact_m"></label>
        <input type="text" name="rqst_contact_m" class="roundedfield" id="rqst_contact_m" value="<?php if (!empty($reg_contact_m)) echo htmlspecialchars($reg_contact_m, ENT_NOQUOTES, 'UTF-8'); ?>" size="20">
    </td>
</tr>

If you try to print your POST request you will get:

Array
(
    [rqst_contact_h] => 12
    [rqst_contact_m] => 17
)

Instead it should print:

Array
(
    [reg_contact_h] => 12
    [reg_contact_m] => 17
)

Otherwise the variables at lines 796 & 797 will stay empty.

The issue is given by the name attribute in the input fields because it differs from all the others, in all your script it refers as reg_contact_h, inside the form, instead is named rqst_contact_h.

Thank you!! That is the simplest issue!! I've just been staring at it for so long.....Awesome! Many thanks.

commented: you're welcome :) +13

Remove nl2br();

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.