0

I have searched through fifty or so websites that mention posting radio buttons to a database. What I am trying to do I thought was simple enough. I want to have a user pick a winner for each game throughout the NFL season. I have searched through stack overflow for several days and also googled several variations of what I am looking for. W3Schools wasn't any help this time as their posting doesn't show how to connect it to a database. At least none that worked and most of the code I have found online is either incomplete or doesn't work. 

landingpage.php
<?php
ob_start();
session_start();
require_once 'dbconnect.php';

// select loggedin users detail
$res=mysql_query("SELECT * FROM users WHERE userId=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $userRow['userName']; ?>@mywebsite</title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type=
"text/css"  />
<link rel="stylesheet" href="home.css" type="text/css" />
    <script src="assets/jquery-1.11.3-jquery.min.js"></script>
    <script src="assets/js/bootstrap.min.js"></script>
</head>
<body>
    <!-- Navbar Beginning -->
    <nav class="navbar navbar-default navbar-fixed-top">
      <div class="container">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle collapsed"  
data-toggle="collapse" data-target="#navbar" aria-expanded="false" 
aria-controls="navbar">
            <span class="sr-only">Toggle navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand" href="mywebsite">mywebsite</a>
        </div>
<div id="navbar" class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li class="active"><a href="mywebsite">Message boards</a>
</li>&nbsp;
<li class="active"><a href="SBPicks.html">Superbowl Picks</a>
</li>
            </ul>

        <ul class="nav navbar-nav navbar-right">

            <li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" 
aria-haspopup="true" aria-expanded="false">
<span class="glyphicon glyphicon-user"></span>&nbsp;Hello  <?php echo 
$userRow['userName']; ?>&nbsp;<span class="caret"></span></a>
              <ul class="dropdown-menu">
<li><a href="logout.php?logout"><span class="glyphicon glyphicon-
log-out"></span>&nbsp;Sign Out</a></li>
              </ul>
            </li>
          </ul>
        </div><!--/ navbar collapse -->
      </div>
    </nav> 

    <div class="picks"
        <br><br>
        <br><br><br><br>
        <form action="weekly.php" method="post" enctype="text/plain">
            Game 1 <br> 
<input type="radio" name="game1" <?php if (isset($game1) && 

$game1=="Panthers") echo "checked";?> value="Panthers">Panthers
@ <input type="radio" name="game1" <?php if (isset($game1) && 
$game1=="Broncos") echo "checked";?> value="Broncos">Broncos
            <span class="error">* <?php echo $game1err;?></span>
            <br><br>
            <input type="submit" name="Submit" value="Submit Picks" />
        </form>
    </div>
</body>
</html>


pick.php
    <?php
    ob_start();
    session_start();
    require_once 'dbconnect.php';

    // select loggedin users detail
$res=mysql_query("SELECT * FROM users WHERE userId=".$_SESSION['user']);
    $userRow=mysql_fetch_array($res);

$user =$_SESSION['user'];
$game1 = $_POST['game1'];

$query = "INSERT INTO fbtest(usersid,game1)Values ('$user','$game1')";

if(mysql_query($query)){
echo "your picks have been submitted";}
else{
echo "fail";}
?>
<br><br>
<a href="home.php">back to landing page</a>
TDKong
  • 1
  • I apologize for the formatting of some of the lines of code. In order to move them all four paces over and still keep all of it together I had to break some of them into two lines. I would appreciate any help on why it fails to send the radio button to the database. It will send the usersid just fine. – TDKong Aug 31 '16 at 04:59
  • I could not find the code of weekly.php. Do you mean pick.php as weekly.php? Are the name of files correctly mentioned ? – Ish Aug 31 '16 at 05:14

1 Answers1

0

You are asking yourself for trouble with this line:

$query = "INSERT INTO fbtest(usersid,game1)Values ('$user','$game1')";

By injecting variables directly into queries you create huge vulnerability.

What is SQL Injection

How can I prevent SQL Injection?

But let's back to your problem.

Your problem is form's enctype. You have provided text/plain, which is not a valid value for a form, that is submitted using POST method.

According to this bug report:

Valid values for enctype in tag are:

application/x-www-form-urlencoded multipart/form-data

To process form in a correct way and get superglobals populated the form's enctype must be either application/x-www-form-urlencoded - which is the default value by the way - or multipart/form-data - if you want to upload files.

Community
  • 1
  • 1
Kamil Latosinski
  • 756
  • 5
  • 28