PHP code running without clicking the button

Question

I am working on a website that uses PHP, I am wanting to update a database when the button is clicked. But for some reason whenever the page is loaded the code runs anyway, I don't want this as it could really mess up the entire code. How can I stop the script running automatically?

<?php
    ob_start();
    session_start();
    include_once 'dbconnect.php';


    // if session is not set this will redirect to login page
    if( !isset($_SESSION['user']) ) {
        header("Location: index.php");
        exit;
    }

    $res=mysql_query("SELECT * FROM users WHERE userId=".$_SESSION['user']);
    $userRow=mysql_fetch_array($res);
    //Here is where the script is
    if ( isset($_POST['send']) ) {
        if ( ! empty($_POST['sender'])){
            $name = $_POST['sender'];
        }
        if ( ! empty($_POST['reciever'])){
            $name = $_POST['reciever'];
        }

        $query = "UPDATE users SET userCoins = userCoins + 1  WHERE userName='Morgan'";
        $res = mysql_query($query);
        if ($res) {
            $error = "Success!";
        } else {
            $error = "Something Went Wrong!";
        }
    }
?>
<!DOCTYPE html>
<html>
    <?php header("Access-Control-Allow-Origin: http://www.py69.esy.es"); ?>
    <head>
        <title>ServiceCoin</title>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css"  />
        <link rel="stylesheet" href="scripts/home/index.css" />
    </head>
    <body>
        <ul>
            <li><a href="#" class="a">ServiceCoin.com(image)</a></li>
            <li><a href="logout.php?logout" class="a">Sign Out</a></li>
            <li><a href="#" class="a">Contact</a></li>
            <li><a href="#" class="a">Get Service Coins</a></li>
            <li><a href="#" class="a">News</a></li>
            <li><a href="settings.php" class="a">Settings</a></li>
            <li><a href="#" class="a">Referrals</a></li>
            <li><a href="service.php" class="a">Services</a></li>
            <li><a href="home.php" class="a">Home</a></li>
        </ul>
        <br /><br />
        <center>
        <h3>Welcome, <?php echo $userRow['userName']; ?>. You Currently Have <span id="services"><?php echo $userRow['userCoins']; ?></span> Service Coins</h3>
        <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
            <div class="form-group">
                <div class="input-group">
                    <span class="input-group-addon"><span class="glyphicons glyphicons-lock"></span></span>
                    <input type="text" name="sender" class="form-control" placeholder="Enter Your Wallet Key" value="<?php echo $row['userCoins']; ?>" maxlength="15" />
                    <span class="text-danger"><?php echo $error; ?></span>
                </div>
                <div class="input-group">
                    <span class="input-group-addon"><span class="glyphicons glyphicons-lock"></span></span>
                    <input type="text" name="reciever" class="form-control" placeholder="Enter The Recievers Wallet Key" value="<?php echo $row['userCoins']; ?>" maxlength="15" />
                    <span class="text-danger"><?php echo $error; ?></span>
                </div>

            </div>
            <div class="form-group">
                <button type="submit" class="btn btn-block btn-primary" name="send">Sign Up</button>
            </div>
        </form>
        </center>
    </body>
</html>
<?php ob_end_flush(); ?>

UPDATE

My page is completely white now.

<?php
    ob_start();
    session_start();
    include_once 'dbconnect.php';

    if(!isset($_SESSION['user'])) {
        header("Location: index.php");
        exit;
    }

    $condition = empty($_POST['sender']) || empty($_POST['reciever']);
    if ($condition) {
        die; // if your post data is empty PHP will no longer be executed
    }

    $res= "SELECT * FROM users WHERE userId=".$_SESSION['user'];
    $mysqli->query($con, $res); // you are doing nothing with it in your code, why?
    $name = $_POST['sender'];       
    $name = $_POST['reciever'];

    $query = "UPDATE users SET userCoins = userCoins + 1  WHERE userName='Morgan'";
    $res = $mysqli->query($con, $query);
    if ($res) {
       $error = "Success!";
    } else {
       $error = "Something Went Wrong!";
    }
?>
<!DOCTYPE html>
<html>
    <?php header("Access-Control-Allow-Origin: http://www.py69.esy.es"); ?>
    <head>
        <title>ServiceCoin</title>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css"  />
        <link rel="stylesheet" href="scripts/home/index.css" />
    </head>
    <body>
        <ul>
            <li><a href="#" class="a">ServiceCoin.com(image)</a></li>
            <li><a href="logout.php?logout" class="a">Sign Out</a></li>
            <li><a href="#" class="a">Contact</a></li>
            <li><a href="#" class="a">Get Service Coins</a></li>
            <li><a href="#" class="a">News</a></li>
            <li><a href="settings.php" class="a">Settings</a></li>
            <li><a href="#" class="a">Referrals</a></li>
            <li><a href="service.php" class="a">Services</a></li>
            <li><a href="home.php" class="a">Home</a></li>
        </ul>
        <br /><br />
        <center>
        <h3>Welcome, <?php echo $userRow['userName']; ?>. You Currently Have <span id="services"><?php echo $userRow['userCoins']; ?></span> Service Coins</h3>
        <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
            <div class="form-group">
                <div class="input-group">
                    <span class="input-group-addon"><span class="glyphicons glyphicons-lock"></span></span>
                    <input type="text" name="sender" class="form-control" placeholder="Enter Your Wallet Key" value="<?php echo $row['userCoins']; ?>" maxlength="15" />
                    <span class="text-danger"><?php echo $error; ?></span>
                </div>
                <div class="input-group">
                    <span class="input-group-addon"><span class="glyphicons glyphicons-lock"></span></span>
                    <input type="text" name="reciever" class="form-control" placeholder="Enter The Recievers Wallet Key" value="<?php echo $row['userCoins']; ?>" maxlength="15" />
                    <span class="text-danger"><?php echo $error; ?></span>
                </div>

            </div>
            <div class="form-group">
                <button type="submit" class="btn btn-block btn-primary" name="send">Sign Up</button>
            </div>
        </form>
        </center>
    </body>
</html>
<?php ob_end_flush(); ?>

On a side note, I think `mysql_*` has the potential to really mess up your entire code... — Rasclatt, Nov 14 '16 at 18:20
@Rasclatt Do you have any improvements for it, anything's really appreciated as I am new with PHP — MCC, Nov 14 '16 at 18:21
Yes, you will want to switch to `PDO` using prepared statements when directly using user-based input. You can use `mysqli_` but I personally think `PDO` is better. — Rasclatt, Nov 14 '16 at 18:22
I cant spot any obvious reasons, but the way to fix it is basic debugging - set some breakpoints and step through the code. If you dont currently have a debugger, install Xdebug. Not an issue exactly, but `$error = "Success!";` made me laugh... — Steve, Nov 14 '16 at 18:24
Yeah I was just using that to test that it works xD And yes I do see the error is a success :D — MCC, Nov 14 '16 at 18:25
@Rasclatt Do you think you could help me in converting mysql_* to PDO please? — MCC, Nov 14 '16 at 18:28
There are lots of examples out there, here is an example on a previous [answer](http://stackoverflow.com/questions/39714064/php-login-system-not-working/39715645#39715645). The important portion is the `Database.php` class — Rasclatt, Nov 14 '16 at 18:34

score 1 · Accepted Answer · edited Jun 20 '20 at 09:12

1

You should use MySQLi. About why not mysql_* you can read here

Solution

Your code could look like follows:

$mysqli = new mysqli("localhost", "my_user", "my_password", "table_name"); // here you will need your connection data, you can store it in dbconnect.php.

// if session is not set this will redirect to login page    
if(!isset($_SESSION['user'])) {
    header("Location: index.php");
    exit;
}

$condition = empty($_POST['sender']) || empty($_POST['reciever']);
if (!$condition) {
    $res= "SELECT * FROM users WHERE userId=".$_SESSION['user'];
    $mysqli->query($res); // you are doing nothing with it in your code, why?
    $name = $_POST['sender'];       
    $reciever = $_POST['reciever'];

    $query = "UPDATE users SET userCoins = userCoins + 1  WHERE userName='Morgan'";
    $res = $mysqli->query($query);
    if ($res) {
        $error = "Success!";
    } else {
        $error = "Something Went Wrong!";
        echo "Error: ".$mysqli->error; // here you can check your errors
    }
}

Manual

More informations about MySQLi can be found in PHP Manual

edited Jun 20 '20 at 09:12

Community

1
1

answered Nov 14 '16 at 18:36

Karol Gasienica

2,825
24
36

I am getting an error on the $condition line it says there's an unexpected ';' – MCC Nov 14 '16 at 18:42
I am still getting the error on the same line, I don't know why it just looks like it hates it. – MCC Nov 14 '16 at 18:44
Now :D I have made some syntax, sorry ;) – Karol Gasienica Nov 14 '16 at 18:45
I have added some `echo` when query fails, you can use it for debug. – Karol Gasienica Nov 14 '16 at 18:48
Well... My page now is completely white. I will update the code in the question – MCC Nov 14 '16 at 18:56
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/128090/discussion-between-morgan-clarke-and-karol-gasienica). – MCC Nov 14 '16 at 18:58

PHP code running without clicking the button

1 Answers1