-5

First sorry for my bad english Second: the problem is all in my form, when sumbit he doesn't post on the same page or in another page the inserted datas. I need it to post on the same page or on another pages when I fill the fields And need to have the possibility to show the posted things on different pages without the possibity to let others fill the fields, but view / read only.

<?php
    mysql_connect("sql.domain.com", "database", "password");
    mysql_select_db("database");
    $Username = $_POST['Username'];
    $Password = $_POST['Password'];
    $eMail = $_POST['eMail'];
    $eMailPw = $_POST['eMailPw'];
    $submit = $_POST['submit'];

    $dbLink = mysql_connect("sql.domain.com", "database", "password");
    mysql_query("SET character_set_client=utf8", $dbLink);
    mysql_query("SET character_set_connection=utf8", $dbLink);

    if($submit) {
        if($Username && $Password && $eMail && $eMailPw) {
            $insert = mysql_query("INSERT INTO commenttable (Username,Password,eMail,eMailPw) VALUES ('$Username','$Password','$eMail','$eMailPw') ");
            echo "<meta HTTP-EQUIV='REFRESH' content='0; url=TEST2.php'>";
        } else {
            echo "please fill out all fields";
        }
    }
?>

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>TEST 2</title>
    </head>

    <body>
        <center>
        <form action="TEST2.php" method="POST" >
            <table border="0" cellspacing="8" cellpadding="0" >
                <tr>
                    <td>Username</td>
                    <td><input type="text" name="Username" size="30" ></td>
                </tr>
                <tr>
                    <td>Password</td>
                    <td><input type="text" name="Password" ></td>
                </tr>
                <tr>
                    <td>eMail</td>
                    <td><input type="text" name="eMail" ></td>
                </tr>
                <tr>
                    <td>eMail Password</td>
                    <td><input type="text" name="eMailPw" ></td>
                </tr>
            </table>
            <input type="submit" value="Submit">
        </form>

        <?php
            $dbLink = mysql_connect("sql.domain.com", "database", "password");
            mysql_query("SET character_set_results=utf8", $dbLink);
            mb_language('uni');
            mb_internal_encoding('UTF-8');

            $getquery = mysql_query("SELECT * FROM commenttable ORDER BY id DESC");
            while($rows = mysql_fetch_assoc($getquery)) {
                $id = $rows['id'];
                $Username = $rows['Username'];
                $Password = $rows['Password'];
                $eMail = $rows['eMail'];
                $eMailPw = $rows['eMailPw'];
                echo $Username . '<br/>' . '<br/>' . $Password . '<br/>' . '<br/>' . $eMail . '<br/>' . '<br/>' . $eMailPw . '<br/>' . '<br/>' . '<hr size="1"/>';
            }
        ?>

    </body>
</html>
GrumpyCrouton
  • 8,486
  • 7
  • 32
  • 71
Deyan Nik
  • 15
  • 3
  • 6
    [Little Bobby](http://bobby-tables.com/) says **[you may be at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/)**. Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) with [parameterized queries](https://stackoverflow.com/a/4712113/5827005). I recommend `PDO`, which I [wrote a class for](https://github.com/GrumpyCrouton/GrumpyPDO) to make it extremely easy, clean, and more secure than using non-parameterized queries. Also, [This article](https://phpdelusions.net/pdo/mysqli_comparison) may help you choose between `MySQLi` and `PDO` – GrumpyCrouton Nov 30 '17 at 15:58
  • Please narrow down your code to the specific issue – ProEvilz Nov 30 '17 at 15:58
  • 2
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) that has been [removed](http://php.net/manual/en/mysql.php) from PHP. You should select a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Nov 30 '17 at 15:58
  • 2
    @GrumpyCrouton Do you guys write that out every time or are there copy/paste presets anywhere? – ProEvilz Nov 30 '17 at 15:59
  • How *specifically* is this failing? Your code is wide open to SQL injection *and* you're not checking for errors from the database. – David Nov 30 '17 at 15:59
  • @ProEvilz I have a copy+paste. https://anotepad.com/note/read/bbnjri – GrumpyCrouton Nov 30 '17 at 15:59
  • Can I have the access code so I can use that please? – ProEvilz Nov 30 '17 at 16:00
  • 1
    Besides being wide open to SQL injection and using the obsolete mysql functions. You might also want to check out [this](https://www.w3schools.com/tags/att_input_type.asp) Because seeing an input type "text" for a password hurts my eyes. – Shogunivar Nov 30 '17 at 16:02

1 Answers1

-2

First, your English is good. Second, there are a lot of things I would recommend working on before being concerned if it posts or not.

mysql vs mysqli

mysql extension depreciation warning

input type="password"

  • ...provide a way for the user to securely enter a password. The element is presented as a one-line plain text editor control in which the text is obscured so that it cannot be read, usually by replacing each character with a symbol such as the asterisk ("*") or a dot ("•"). This character will vary depending on the user agent and OS. -https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/password

Here's a handy link to get familiar with different input types

if...submit

redirect upon submit

  • It looks like you might want to redirect the user to a different page to view the data after submission. Below is an example of how to do that.

    # after your query and insertion into table       
$profile_url = 'http://' . $_SERVER['HTTP_HOST'] . '/profile.php';
$header('Location: ' . $profile_url);
lanadeltaco
  • 108
  • 8