-1

I created an attendance form and when I submit the form it redirects me to submit.php. However, when I check in phpmyadmin I get a blank row except for the timestamp. I asked Stackoverflow about entering multi-row queries . Also I looked at Submitting Form Returns Blank info

Submit.php

<?php
/*
Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password)
*/
$link = mysqli_connect("localhost", "root", "passowrd", "database");

// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

// Escape user inputs for security
$FName = mysqli_real_escape_string($link, $_POST['FName']);
$LName = mysqli_real_escape_string($link, $_POST['LName']);
$Mark = mysqli_real_escape_string($link, $_POST['Mark']);


// attempt insert query execution
$sql = "INSERT INTO database (FName,LName,Mark) VALUES ('$FName','$LName','$Mark')";


if(mysqli_query($link, $sql)){
    echo "Records added successfully.";
} else{
    echo "ERROR: Could not take attendence " . mysqli_error($link);
}

// close connection
mysqli_close($link);
?>

tester.php(form)

<html>

<head>
</head>

<body>
  <?php if(isset($_POST[ 'search'])) { $valueToSearch=$ _POST[ 'valueToSearch']; // search in all table columns // using concat mysql function $query="SELECT * FROM `students` WHERE CONCAT(`FName`, `LName`) LIKE '%" .$valueToSearch. "%'"; $search_result=f
  ilterTable($query); } else { $query="SELECT * FROM `students`" ; $search_result=f ilterTable($query); } // function to connect and execute the query function filterTable($query) { $connect=mysqli_connect( "host", "username",
  "password", "database"); $filter_Result=m ysqli_query($connect, $query); return $filter_Result; } ?>
  <form action="submit.php" method="post">
    <table border="1" align="center">
      <tr>
        <th>First Name</th>
        <th>Last Name</th>
        <th>Mark</th>

      </tr>
      <?php while($row=mysqli_fetch_array($search_result)):?>
      <tr>
        <!---<tdphp echo $row['FName'];></td>--->
        <td>
          <input type="text" name="FName" value="<?php echo $row['FName']?>" />
        </td>
        <!---<td><php echo $row['LName'];?></td>--->
        <td>
          <input type="text" name="LName" value="<?php echo $row['LName']?>" />
        </td>
        <td>
          <select name="Mark" id="Mark">
            <option value="Present">Present</option>
            <option value="Tardy">Tardy</option>
            <option value="Absent">Absent</option>
          </select>
        </td>




        <?php endwhile;?>
      </tr>
      <table align="center">
        <tr>
          <td>
            <input type="submit" value="Submit">
          </td>
        </tr>

      </table>

    </table>
    </table>
  </form>
</body>

</html>

This is The Database Structure, I thought it would help.

Sam Powers
  • 13
  • 6
  • 2
    The default method for a form is `GET` You don't have an element named 'Search'. [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! Several undefined variables. – Jay Blanchard Jun 23 '16 at 19:13
  • Also having `$` in your password is probably more trouble than it's worth, in PHP that could be interpolated. You'll also want to avoid posting your actual password to the internet. – tadman Jun 23 '16 at 19:15
  • You need to 1) validate your input to reshow the form with errors for the required fields. 2) You need to make the columns on your database table `NOT NULL` where something must be entered. – Ryan Vincent Jun 23 '16 at 19:16
  • @Ryan Vincent After changing the Database it is saying 'Current selection does not contain a unique column.' instead of using Varchar what selection should I use – Sam Powers Jun 23 '16 at 19:21

1 Answers1

0

There are several things wrong with this code.

  1. You have the submit button in a loop, which will end up with multiple submit buttons for the same form, that actually do the same thing. You should never have multiple submit buttons, unless you want to handle different scenarios on click on each of them. If you want to submit only one row on each button click, then you should also have separate forms for each. In that case, you should also move the opening/closing tags of the form inside the loop.

  2. You don't have the form method set, so it defaults to GET. You should set the form method to POST if you want to access the values using the global $_POST variable.

  3. The parameters you're trying to access through $_POST are not items of the form you're submitting. Based on what you have now, if you set the form method to POST you'll only have $_POST['name'] set. I am guessing you want to get the data for FName and LName as set in the $row variable and to do that, you need to add inputs with names FName and LName respectively and values set to the values in $row. It would be something like <input type="text" name="FName" value="<?php echo $row['FName']?>"/>. You can also have type="hidden" if you don't want them to be visible.

You should also consider using AJAX for the submission, so you don't need to reload the page on every update.

trajchevska
  • 942
  • 7
  • 13
  • I have created the inputs to allow the data to submit;however, when I do submit only the mark shows up in the database. Any ideas of how to fix it (I edited my question so the code blocks are current) Also how would I submit multiple entries. – Sam Powers Jun 26 '16 at 13:03