I'm currently attempting to create a test-website based on the "Secret Diary" project of a web developer course. I'm trying to create a page that saves all of the notes written into a textbox, and displays them when I log in again. Almost everything works - I can start a session and display the saved text when I log in, but the box is deleting the textbox's saved data when the page is loaded. I know that there are better ways of storing the info, I'm just looking for how to get this method to work. This should be all of the relevant code:
mainpage.php:
<?php include("updatediary.php"); ?>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
<form method="post">
<textarea class="form-control"><?php echo $diary; ?></textarea>
</form>
<script>
$("textarea").keyup(function() {
$.post("updatediary.php", function(){diaryInput:($("textarea").val());} );
});
</script>
updatediary.php:
<?php
include("connection.php");
$query = "SELECT content FROM users WHERE id='".$_SESSION['id']."' LIMIT 1";
$result = mysqli_query($dbCon,$query);
$row = mysqli_fetch_array($result);
$diary = $row['content'];
if ($_POST['diaryInput']!="") {
$updateQuery = "UPDATE `users` SET `content`='".mysqli_real_escape_string($dbCon, $_POST['diaryInput'])."' WHERE id='".$_SESSION['id']."' LIMIT 1";
if (mysqli_query($dbCon, $updateQuery)) {
echo "saved";
} else {
echo "not saved";
};
}
?>
connection.php:
$dbCon = mysqli_connect("localhost", "owenxwfg_admin", "(password)", "owenxwfg_users");
Any help would be awesome. I personally think that there's a problem with my $.post part.
Related
I have a program that brings an image from the database and displays it inside an image div in my website. The below code was working successfully on my local wamp server but when I moved it to an online server it did not work anymore.
<?php
session_start();
include 'dbConnector.php';
$uID = $_SESSION['loggedUserID'];
$sql = "SELECT photo FROM hostmeuser WHERE userID = '$uID'";
$result = $conn->query($sql);
if(!$row = mysqli_fetch_assoc($result))
{
$imgData = "Assets/man.jpg";
}
else
{
$imgData = $row['photo'];
}
header("content-type: image/jpg");
echo $imgData;
?>
I have noticed that all (header) functions are not working on the new server and I have no control over this server so I replaced every:
header("Location: example.php")
with:
?>
<script type="text/javascript">
window.location.replace("example.php");
</script>
<?php
it is working fine now on most cases but not this one!
header("content-type: image/jpg");
Can you suggest any solution for this? or at least do you know how to represent this command in javascript?
I currently have a ajax script to run a notiload.php file which runs every 5 seconds to check if theres a change in the database, if theres a change it then outputs "1 New" for a message. However as I will be introducing a notification sound in that file. It will chime every 5 secconds when the file is loaded. Of course this will piss people off. So I need the script to check if theres a change in the database. I have a time and date stamp of every message, with the message being viewed as 2 and not as 1. So if theres a change in the database I will need it to call that file or play a sound.
here is my ajax script inside the main page
<script type="text/javascript">
$(document).ready(function(){
refreshTable<?= $FriendName->id ?>();
});
function refreshTable<?= $FriendName->id ?>(){
$('#NotiLoad<?=$FriendName->id?>').load('elements/notiload.php?id=<?=$FriendName->id?>', function(){
setTimeout(refreshTable<?= $FriendName->id ?>, 5000);
});
}
</script>
<div id="NotiLoad<?= $FriendName->id ?>" style="display: inline-block;"></div>
And here is the php of notiload.php
<?php
session_start();
// redirect to index page if not superuser
$con = mysqli_connect('localhost','root','','');
if (!$con) {
die('Could not connect to Socialnetwk DB: ' . mysqli_error($con));
}
mysqli_select_db($con,"ajax_demo");
?>
<?php
$uid = $_GET['id'];
$mid = $_SESSION['user']['id'];
?>
<?php $usrload = $con->query("SELECT * FROM message WHERE sender = $uid AND recipient = $mid AND seen = '2' OR sender = $mid AND recipient = $uid AND seen = '2'"); ?>
<?php while($FriendName = $usrload->fetch_object()): ?>
<h6 style="display:inline-block;font-size: 10px;color:#37BC9B">1 New</h6>
<?php endwhile;?>
If I were to do a JavaScript prompt and allow a user to enter the information, how do I store this information into the database?
<?php
if(isset($_GET['cancel_req_id']))
{
echo "<script>var reason = prompt('Reason')</script>";
$res = "<script>document.write(reason)</script>";
$query="UPDATE booking SET status='Cancelled', s_approval='', s_authorize='', cancellation='$res' WHERE req_id='$id'";
$result=$conn->query($query);
echo "<script>alert('Booking cancelled!')</script>";
echo "<script>window.location=('status.php')</script>";
}
?>
this is my current code.
I have a form and I have been developing this website with my localhost and it is working perfect. But when I moved the files to my dedicated server it no longer gets any of the values when I submit the form. I have narrowed it down to two things. A either my server has restricted configurations on the form being submitted but I do not use global variables to get the values so that shouldnt be the problem or the php on the server is older and not allowing me to submit the values the server version i found out is <5.6. Here is my form code:
<form id="company-form" action="scripts/create-library.php" method="post" enctype="multipart/form-data">
<button id="hide-form"><img src="images/minus.png"/></button>
<h3>Add Library Item Form</h3>
<input class="c-name" type="text" name="file-display-name" placeholder="File Display Name"/>
<select class="companies-dd" name="companies">
<?php
require_once("../../scripts/connection.php");
// Select all companies and related data
$sql = "SELECT company_id, company FROM companies ORDER BY company_id";
$stmt = $conn->prepare($sql);
$stmt->execute();
$stmt->bind_result($c_id, $c);
while($stmt->fetch()){
echo "<option value='".$c_id."'>".$c."</option>";
}
?>
</select>
<select class="companies-dd" name="library-cats">
<?php
// Select all companies and related data
$sql = "SELECT library_category_id, library_category FROM library_categories ORDER BY library_category_id";
$stmt = $conn->prepare($sql);
$stmt->execute();
$stmt->bind_result($l_id, $l);
while($stmt->fetch()){
echo "<option value='".$l_id."'>".$l."</option>";
}
$conn->close();
?>
</select>
<input id="uploadFile" class="image-name" type="text" name="library-file-name" placeholder="No Logo File Chosen" disabled="disabled"/>
<input id="uploadBtn" type="file" name="library-file"/>
<input type="submit" value="Create Item"/>
</form>
This is added the page via ajax call on a button click.
Then the script that I run after the form is submitted is
<?php
session_start();
ini_set('display_errors',1);
error_reporting(-1);
$display = trim($_POST["file-display-name"]);
$company = trim($_POST["companies"]);
$lib_cat = trim($_POST["library-cats"]);
if(empty($display) || empty($company) || empty($lib_cat)){
$_SESSION["errormsg"] = "Required information is missing please fill out all required fields.";
header("Location: ../library.php");
}
else{
$file_name = $_FILES['library-file']['name'];
$tmp_name = $_FILES['library-file']['tmp_name'];
$file_size = $_FILES['library-file']['size'];
$file_type = $_FILES['library-file']['type'];
$fp = fopen($tmp_name, 'r');
$content = fread($fp, filesize($tmp_name));
$content = base64_encode($content);
fclose($fp);
if(!get_magic_quotes_gpc()){
$file_name = addslashes($file_name);
}
if(empty($content)){
$_SESSION["errormsg"] = "Required information is missing please fill out all required fields (File).";
header("Location: ../library.php");
}
else{
require_once("connection.php");
// Insert the logo into the companies photo table
$sql = "INSERT INTO library_items(filename, mime_type, file_size, file_item, display_name, company_id, library_category_id) VALUES(?,?,?,?,?,?,?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param('sssssss', $file_name, $file_type, $file_size, $content, $display, $company, $lib_cat);
if(!$stmt->execute()){
$_SESSION["errormsg"] = "Failed to add library item: ".mysqli_error();
header("Location: ../library.php");
}
}
unset($_SESSION["errormsg"]);
$_SESSION["successmsg"] = "Library Item successfully added into the database.";
header("Location: ../library.php");
}
?>
It gives me the errors with the variables saying that they are undefined index's for the form names.
I have read other posts but none of them has helped me. Is there something I am not seeing or I have to change on my server for me to use this?
Well it looks like the two files I had for testing the upload and display ended up corrupt when I downloaded them. This was causing the server to throw and error saying that the text was outside the US-ASCII range. Since this was not able to be display it didnt transfer any of the forms values. That was the weirdest bug I ever had I guess I will have to start testing my pdfs for errors also.
I want to make the result comes out in a popup window.
Code:
<?php
$con=mysqli_connect("localhost","root","1234","fyp");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT password FROM admin WHERE email = '$_POST[email]' AND Admin = '$_POST[admin]'");
while($row = mysqli_fetch_array($result))
echo "your password is : " . " $row['password']" ;
mysqli_close($con);
?>
Is it possible to make it echoed in popup window like javascript alert messages ??
I have tried this but still not working
echo "<script> alert ("<?php echo 'your password is: ' . '$row['password']'?>")</script>";
I found a maybe strange solution for this a while back.
echo "<style onload=\"jsfunc($row['password']);\"></style>";
//in your html or javascript add this function
<script type='text/javascript'>
function jsfunc(data){
alert(data);
}
</script>
the style tag is invisible and will run the function onload, so when its gets echoed. Also I use the style tag because its one of the few tags where the onload works when you echo it like this.
Its a strange solution but it works.
There are some serious flaws in your code, including it being open to SQL Injection. I'd recommend changing it to look more like this:
$con = new MySQLi("localhost","root","1234","fyp");
if($con->connect_errorno) {
echo "Failed to connect to MySQL: ".$sql->connect_error;
}
$email = $sql->real_escape_string($_POST['email']);
$admin = $sql->real_escape_string($_POST['admin']);
$query = "SELECT password FROM admin WHERE email = '$email' AND Admin = '$admin'";
$result = $sql->query($query);
if($result) {
$row = mysqli_fetch_assoc($result);
$pass = $row['password'];
echo '<script> alert("Your password is '.$pass.'");</script>';
} else {
//do some error handling
}
//the closing of a mysqli connection is not required but
mysqli_close($con);
Real escape string is not 100% proof against injection but is a good place to start with sanitising your inputs. Additionally I would strongly advise against storing your passwords in plain text. Please take a look at the PHP sha1() function or the SQL equivalent when storing the passwords initially.
Use this code
<?php
$alert='your password is: '.$row['password'];
?>
<script>
alert("<?php echo $alert; ?>");
</script>
It will work for sure.