0

I am trying to create two forms on a PHP file. The processing PHP code is on the same page, but I don't know how to connect form 1 to code 1 and form 2 to code 2. I know this is probably a very basic questions, but I don't know how to do it.. Thanks! Here is my code (I only post the important part, not the connecting etc)

    <div class="persinfo">

<?php

$bday = $_POST['bday']; 
$sex = $_POST['sex'];  
$flighttime = $_POST['flighttime'];
$country = $_POST['country'];

$sqlupdate = "SELECT * FROM users WHERE username='$u' AND activated='1'";
$user_query = mysqli_query($db_conx, $sqlupdate);

mysqli_query($db_conx,"UPDATE users SET country='$country', bday='$bday', sex='$sex', flighttime='$flighttime' WHERE username='$u' ");

?>

    <form method="post" /> 

        <p><span>Country: </span> <input type="text" name="country" id="country" value="<?php echo $country; ?>"></p>
        <p><span>Gender: </span>
            <select name="sex" id="sex">
                <option>Male</option>
                <option>Female</option>
            </select></p>
        <p><span>Birthday: </span><input type="date" name="bday" id="bday" value="<?php echo $bday; ?>"></p>
        <p><span>Flight experience: </span>
            <select name="flighttime" id="flighttime">
                 <option>0-500</option>
                 <option>500-1000</option>
                 <option>1000-5000</option> 
                 <option>5000 +</option>    
            </select></p>

         <p><input  name="submit_profile" type="submit" value="Save"></p>

    </form>


    </div>

<!-- ===== EDIT LICENSES ======= -->

    <div class="persinfo">

<?php

$glider = $_POST['glider'];
$commercial=$_POST['Commercial'];
$seaplane=$_POST['seaplane'];
$fixedwing=$_POST['fixedwing'];
$helicopter=$_POST['helicopter'];
$balloon=$_POST['balloon'];
$paraglider=$_POST['paraglider'];
$ultralight=$_POST['ultralight'];

$sqlupdate = "SELECT * FROM users WHERE username='$u' AND activated='1'";
$user_query = mysqli_query($db_conx, $sqlupdate);

mysqli_query($db_conx,"UPDATE users SET glider='$glider', commercial='$commercial', seaplane='$seaplane', fixedwing='$fixedwing', helicopter='$helicopter', balloon='$balloon', ultralight='ultralight', paraglider='$paraglider'  WHERE username='$u' ");

?>

    <form method="post"/> 

        <p><span>Helicopter: </span><input type="checkbox" name="helicopter"  id="helicopter" value="1" <?php echo ($helicopter==1 ? 'checked' : '');?>></p>
        <p><span>Fixed Wing: </span><input type="checkbox" name="fixedwing"  id="fixedwing" value="1" <?php echo ($fixedwing==1 ? 'checked' : '');?>></p>
        <p><span>Commercial: </span><input type="checkbox" name="commercial"  id="commercial" value="1" <?php echo ($commercial==1 ? 'checked' : '');?>></p>
        <p><span>Seaplane: </span><input type="checkbox" name="seaplaner"  id="seaplane" value="1" <?php echo ($seaplane==1 ? 'checked' : '');?>></p>
        <p><span>Glider: </span><input type="checkbox" name="glider"  id="glider" value="1" <?php echo ($glider==1 ? 'checked' : '');?>></p>
        <p><span>Para: </span><input type="checkbox" name="paraglider"  id="paraglider" value="1" <?php echo ($paraglider==1 ? 'checked' : '');?>></p>
        <p><span>Balloon: </span><input type="checkbox" name="balloon"  id="balloon" value="1" <?php echo ($balloon==1 ? 'checked' : '');?>></p>
        <p><span>Ultralight: </span><input type="checkbox" name="ultralight"  id="ultralight" value="1" <?php echo ($ultralight==1 ? 'checked' : '');?>></p>

         <p><input  name="submit_lic" type="submit" style="margin: 0 auto; width:100px;" value="Save"></p>

    </form>

    </div>
Senne Vandenputte
  • 551
  • 3
  • 20
  • You're closing your forms when you start them `
    `, should be `
    `. What is `$u`? You could check the submit button's name to see which form was submitted.
     – chris85 Jun 18 '15 at 16:39
  • Ok I'll change that, thanks! $u is username, I intilialized this at the top of my file (not copied here) – Senne Vandenputte Jun 18 '15 at 16:44
  • Does that come from user input? If so you are open to SQL injections. http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – chris85 Jun 18 '15 at 16:46
  • Yes I already heard that from another user. I am still learning PHP but I will be reading more about those SQL injections and making sure everything is secure. Thanks for the info! – Senne Vandenputte Jun 18 '15 at 16:51

1 Answers1

0

Generally the approach for this is to have a hidden input field that specifies what form each form is. For example:

<form id="Form1">
    <input type="text" name="formName" value="form1" hidden />
    <!-- add the rest of inputs for the form -->
</form>

<form id="Form2">
    <input type="text" name="formName" value="form2" hidden />
    <!-- add the rest of input for the form -->
</form>

Then in your PHP:

$formName = $_GET['formName'];

if($formName === 'form2'){
    // do something for form2
}else{
    // do something for form1
}

Note

Just something I noticed in your code, is that its fairly vulnerable to an attack type called "SQL Injection". Basically, by directly putting data from the $_POST into your SQL query, you're opening up the possibility for an attacker to insert a malicious script into an input field. Something to note, if this is eventually to be a live form.

More Information Here: SQL Injections

Aeolingamenfel
  • 2,399
  • 1
  • 15
  • 22
  • Thanks a lot, I am going to try this tonight, seems like a very good solution! Thank you for the advice. I am fairly new to PHP, so still learning, but I will definately read more about those SQL injections because I am building a forum and want to make sure everything is secure and protected. Thanks again! – Senne Vandenputte Jun 18 '15 at 16:43
  • Awesome. Let me know if you need any additional explanation. – Aeolingamenfel Jun 18 '15 at 16:44
  • Are you sure the first part of your code is correct? You gave the first input the name 'Formname' and value 'form 1', but I need to delete that and add my inputs. So my forms will look like this:
    inputs
    and
    inputs
    . Will the PHP code still work? I don't get where the $GET['formname'] comes from? And I don't need to use method="post"?     – Senne Vandenputte Jun 18 '15 at 16:59
  • Do not delete my input at the top, just put your inputs after that input. It won't be visible on the page. The formname input is a dummy input used to store data about the form it is in, that way you can get the data from the POST or GET variables. – Aeolingamenfel Jun 18 '15 at 17:01
  • Can you give me some example code from yours? Keep in mind mine used `GET` variables and the `$_GET` array, so you might need to change that. – Aeolingamenfel Jun 18 '15 at 17:28
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/80916/discussion-between-senne-vandenputte-and-aeolingamenfel). – Senne Vandenputte Jun 18 '15 at 17:31