i am stucking when i submitt my contact form

Question

I have made a contact from... which is supposed to redirect a user to the "THANK YOU" page once the details of the same is submitted; However on submitting.. the user is not getting directed to the "THANK YOU PAGE". Can you please find out the mistake ? I would be really grateful.. THANK YOU SO MUCH!!

<?php 
include("company_profile/lib/data.config.php"); 
$btnsubmit  =isset($_POST['btnsubmit'])?$_POST['btnsubmit']:'';
if(isset($_POST['btnsubmit']))
{
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$cource = $_POST['cource'];
$message = $_POST['message'];
$created_date = date('Y-m-d');
$time = date('H:i:s');
$q="Insert INTO enquiry_form SET name='$name',email='$email',
contact='$phone',message='$message',cource='$cource',
created_date='$created_date',etime='$time'";

    $r = mysqli_query($conn,$q);

   if($r) 
    {
    //echo "Thankyou for Inquery";
    header("location:thanks.php");
    //echo "<script>alert('Message Send')</script>";



  }else
  {
    echo "there was a problem";
  }

  }

  ?>

Query syntaxe pb... and have a look on sql injection ...https://phpdelusions.net/sql_injection — Incognito, Apr 01 '17 at 11:09
For one thing `$btnsubmit =isset($_POST['btnsubmit'])?$_POST['btnsubmit']:''; if(isset($_POST['btnsubmit']))` you shouldn't do that, and second; where's the html form for this? — Funk Forty Niner, Apr 01 '17 at 13:28
You're wide open to SQL injection attacks, and **you will be hacked** if you haven't already. Never concatenate arbitrary data directly into the query. Use bound parameters with PDO or similar. — Brad, Feb 18 '18 at 04:35

Akashii · Answer 1 · 2017-04-01T11:18:21.873

1

You try sql below

      INSERT INTO enquiry_form(name,email,contact,message,courece,created_date,etime) VALUES (?,?,?,?,?,?,?)
if($stmt=$conn->prepare($q){
$stmt->bind_param('/dependent your datatype',$name,$email,$contact,...);
$stmt->execute();
echo "<script>
window.location.href='thank.php';
alert('Thank you');
</script>"

; }

edited Apr 01 '17 at 11:18

answered Apr 01 '17 at 11:05

Akashii

2,251
3
17
29

my code is working fine value succefully saved in a databse but the page not redirect – arif khan Apr 01 '17 at 11:11
you can try `` – Akashii Apr 01 '17 at 11:13
wait me a minute , i edit comment and help you avoid sql injection – Akashii Apr 01 '17 at 11:14
@arifkhan i edit it , you can try and if it helpful dont forget vote for me ^^ – Akashii Apr 01 '17 at 11:19
sir when i am using form action thanks.php then my code is redirect thanks.php but same time i am not getting submit details in my database – arif khan Apr 01 '17 at 11:23

Mario · Answer 2 · 2017-04-01T12:36:21.980

Try this with checking for last inserted id then it will redirect you to your destination script. And please post your html form. Maybe is error in there too. This must work 100%.

Php code in contact-page.php

<?php 

include("company_profile/lib/data.config.php");

if(isset($_POST['btnsubmit']))
{
    $name = mysqli_real_escape_string($conn, $_POST['name']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $phone = mysqli_real_escape_string($conn, $_POST['phone']);
    $cource = mysqli_real_escape_string($conn, $_POST['cource']);
    $message = mysqli_real_escape_string($conn, $_POST['message']);
    $created_date = date('Y-m-d');
    $time = date('H:i:s');

    $q = "INSERT INTO enquiry_form ( name, email, contact, message, cource, created_date, etime ) VALUES ( '$name', '$email', '$phone', '$message', '$cource', '$created_date', '$time' )";

    $r = mysqli_query($conn, $q);

    // if is returned last inserted id
    if(mysqli_insert_id($conn)) 
    {
        header("location:thanks.php");
    }
    else
    {
        echo "there was a problem";
    }

}

?>

Html form in contact-page.php

<form  action="contact-page.php" method="POST">
    <label>Name</label><br>
    <input type="text" name="name" required /><br>
    <label>Subject</label><br>
    <input type="text" name="cource" required /><br>
    <label>Email</label><br>
    <input type="text" name="email" pattern="[^ @]*@[^ @]*" required /><br>
    <label>Phone</label><br>
    <input type="tel" name="phone" maxlength="10" pattern="[0-9]{10,11}" pattern="[0-9]{10}" required /><br>
    <label>Message</label><br>
    <textarea cols="46" rows="3" name="message" required></textarea><br>
    <input class="button" type="submit" value="Sumbit" name="btnsubmit" />
</form>

ys mario u r right i will have to mantion action="contact-page.php" then every thing working fine thanks a lot mario and and saeed who saved my job — arif khan, Apr 01 '17 at 12:46

score 0 · Answer 3 · answered Apr 01 '17 at 11:39

use pdo again and filter your request

<?php
include("company_profile/lib/data.config.php"); 
$btnsubmit  =isset($_POST['btnsubmit'])?$_POST['btnsubmit']:'';
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['btnsubmit']))
{
$name = $_POST['name']; // filter string  number encode ......
$email = $_POST['email']; // filter string number encode ......
$phone = $_POST['phone']; // filter string number encode ......
$cource = $_POST['cource']; // filter string number encode ......
$message = $_POST['message']; // filter string number encode ......
$created_date = date('Y-m-d'); // filter string number encode ......
// we are in 2017 use pdo
$pdo = $con->prepare("Insert INTO enquiry_form SET name= :name,email=:email,contact=:phone,message=:message,cource=:cource,created_date= now()");
$pdo->execute(array('name' => $name,'email' => $email, 'phone' => $phone, 'message' => $message, 'cource' => $cource ));
   if($pdo) 
    {
    //echo "Thankyou for Inquery";
    header("location:thanks.php");
    //echo "<script>alert('Message Send')</script>";



  }else
  {
    echo "there was a problem";
  }

  }
}
 ?>`

see i would like to tell u my condition of code i have a three file first file name is contact-us.php and second file is contact-page .php and third file name is thanks.php and i m doing include contact-page.php file in contact-us.php and i did share my contact-page.php file.and one for thing i have given action="thanks.php" in contact-page.php — arif khan, Apr 01 '17 at 12:12

score -1 · Answer 4 · edited May 23 '17 at 11:46

-1

In php you need to write ob_start(); at the start of your code to get your headers to buffer. You can see this previous post on the importance of ob_start: What's the use of ob_start() in php? or check out the php manual: http://php.net/manual/en/function.ob-start.php .

If you don't have that snippit of code, your header won't work.

edited May 23 '17 at 11:46

Community

1
1

answered Apr 01 '17 at 11:44

The Interloper

150
11

can u edit the same code whatever u said please i stucking at my office – arif khan Apr 01 '17 at 11:48
I did not. Try adding ob_start(); after – The Interloper Apr 01 '17 at 12:12
see when i am remove form action="thanks.php" than my previous code working fine the value of form is succesfully save in database but the page is not redirect on thanks.php – arif khan Apr 01 '17 at 12:19
and when i give form action="thanks.php" then page is successfully redirect on thanks.php but the form values i am not getting in my database – arif khan Apr 01 '17 at 12:20
did you alter your insert as above to INTO enquiry_form ( name, email, contact, message, cource, created_date, etime ) VALUES ( '$name', '$email', '$phone', '$message', '$cource', '$created_date', '$time' )"; as suggested by Mario? – The Interloper Apr 01 '17 at 12:49
Another thing you could try is action =" $_SERVER['PHP_SELF'] " and putting the contents of contact-page at the start with if($_SERVER['REQUEST_METHOD'] == "POST") {... if you find the page jumping is causing errors – The Interloper Apr 01 '17 at 12:55
no i just onlu change my form action="contact-page.php" only accept this my previous code same which i post as a question – arif khan Apr 01 '17 at 13:00

i am stucking when i submitt my contact form

4 Answers4