-2

I have a php file (let's call it first) that stores names in a database. I now have a different php file with a html/php form (let's call it second). How can I make the form (second) input names into my database using my inital php (first) file?

Below is my php form:

<!DOCTYPE HTML>
<HTML>
    <head>
       <title>PHP FORM</title>
    </head>
    <body>
<h2>PHP FORM for Process Form</h2>

<form method="post" action="processForm.php">

    Name: <input type="text" name="names" required = "required"><br>
    <input type="submit" value="Create Users" onclick="formInputNames"><br>

    <input type="checkbox" name="activate" value="Activate">Activate

</form>

   </body>
   </html>

Below is 'php first':

$nameList = 'Obi One, Not Naw, Lent Over, Foo Bar';

$newerName = 'Green Sauce';
$nameList = newUse($newerName,$nameList);

$email = '@email.org';


$fullnames = explode(" ",$nameList);

 function newUse($nep, $nameList){
      if($nep == empty($nameSplit[0]) && empty($nameSplit[1]) || empty($newName)){
    return "$nameList, $nep";
   } 
  return $nameList;
 }

/*I open the database here*/

foreach ($fullnames as $fullname){
    $nameSplit = explode(" ", $fullname);

 if ($nameList == empty($nameSplit[0]) || empty($nameList)){
    echo 'No First Name Here Or No Name At All';
    echo '<br>';
    echo '<br>';
} elseif ($nameList == empty($nameSplit[1])){
    echo 'No Last Name Here';
    echo '<br>';
    echo '<br>';
} else{

    $firstName = $nameSplit[0];
    $lastName = $nameSplit[1];
    $emailUser = $nameSplit[0].$email;

echo 'First Name: ' . $firstName;
echo '<br>';
echo 'Last Name: ' . $lastName;
echo '<br>';
echo 'Email Address: ' . $firstName . $email;
echo '<br>';
echo '<br>';
}

 $queryString = "INSERT INTO `project`.`user` 
(`id`, `firstName`, `lastName`, `email`, `activated`, `date_created`) 
VALUES 
(NULL, '$firstName', '$lastName', '$emailUser', '0', NOW())";

$result = mysqli_query($conn, $queryString)
or die (mysqli_error($conn));
}

I'm new to php and I'm really at a lost here. I'm pretty sure I need to use POST but I don't really understand how. Please help me out. Thank You. Everything I have googled has not helped me and some of the similar questions on this site have not either. I need help.

Anthony
  • 11
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Jan 08 '16 at 18:04
  • 1
    $_POST['name-of-input']. So this is assigned in html as the attribute called `name` and that's what you post in the php code to get the input data. As for your case you used "names" as your name attribute value. So in your php code you would use $_POST['names']. If this doesn't make sense here is some links to help you grasp the concept of $_POST and $_GET. [HERE](http://www.tutorialspoint.com/php/php_get_post.htm) – RepeaterCreeper Jan 08 '16 at 18:05
  • Please show what you've googled and/or tried that hasn't worked. – showdev Jan 08 '16 at 18:07
  • I did that, however I think I'm confused as to where I would place $_POST['names']. In my first or second file? – Anthony Jan 08 '16 at 18:08
  • I still don't know where to place post. I know it's php, I know what it does (at least I'm pretty sure), I don't know where it goes. I placed it in dozens of spots in my first php file but I keep getting error (undefined value) or it simply does nothing. – Anthony Jan 08 '16 at 19:03
  • Because your form uses `POST` you don't need `onclick="formInputNames"` on your submit button - it will submit the form with its data to the page in your `action="...` where you can process them. Do look at mysqli and measures for preventing inject attack as soon as possible as per Jay Blanchard's comment - he has written loads about it well worth a Google. http://www.jayblanchard.net/ – Steve Jan 09 '16 at 00:52
  • This might be useful as a basic explanation https://stackoverflow.com/questions/34321429/validating-information-in-html-code-positioning/34323785#34323785 – Steve Jan 09 '16 at 00:56
  • @Anthony - what generates the values for $nameList? If your HTML form is supposed to be adding the new names to the list you need to put it in your second file where you have `$newerName =....` - in processform.php `$newerName = $_POST['names'];` but it is at this stage that cleaning up to prevent attack should be done, at the very least. – Steve Jan 09 '16 at 01:29
  • @Anthony $newName is used in the function - should that be `$newerName` ? `$nameSplit[0]` and `$nameSplit[1]` don't seem to have been defined and assigned any value before the function. – Steve Jan 09 '16 at 01:49

2 Answers2

1

If you put your function at the top of your processForm.php above where it is called it could be

  // I am assuming this comes from your database
  $nameList = 'Obi One, Not Naw, Lent Over, Foo Bar';

  $newerName = $_POST['names'];
  $email = '@email.org';

  function newUse($nep, $nameList){
  $nameSplit = array();
  $nameSplit = explode(" ", $nep);
      if(!empty($nameSplit[0]) && !empty($nameSplit[1]){
      return "$nameList, $nep";
      } 
  return $nameList;
  }

  $nameList = newUse($newerName,$nameList);

  // need to explode on comma into name pairs with spaces or there will be nothing to explode into $nameSplit later.
  $fullnames = explode(',', $nameList);

It might be worth making two text boxes - one for firstname name="firstname" and one for second name name="secondname", then putting the two together as in 

  $newerName = $_POST['firstname'] . " " . $_POST['secondname'];

This would ensure that you would reduce the risk of people putting two spaces or something else unwanted separating their names that would make your explode(); fail.

  $newerName = mysqli_real_escape_string($newerName);

Before you put it into the function will help eliminate some of the security problems but it is not infallible.

The HTML would be

  <form method="post" action="processForm.php">
      First Name: <input type="text" name="firstname" required /><br />
      Second Name: <input type="text" name="secondname" required /><br />
      <input type="submit" value="Create Users" /><br /> 
      <input type="checkbox" name="activate" value="Activate" />Activate
  </form>

You could give your checkbox a value of 1 and pick that up as $activate = intval($_POST['activate']); where the forcing to integer will have the effect of cleaning it up. You could then use that as a variable where you currently have '0' in your MySql.

Steve
  • 808
  • 1
  • 9
  • 14
1

You seem to have problem only with how to post the values, So your HTML file:

<form method="post" action="processForm.php">
   First Name: <input type="text" name="firstname">
   Second Name: <input type="text" name="lastname">
   <input type="submit" value="Submit">
</form>

Your PHP file:

$firstName = $_POST['firstname'];
$lastName = $_POST['lastname'];
$name = $firstName ." ". $lastName;

   //Code for adding the values to the database.
Asmat Ali
  • 335
  • 1
  • 11