-1

i am trying to build a wordpress plugin that will allow the admin to create user from the admin page after creating the form and the process php code, i refresed my wordpress but no error but then after filling the form and click on the register button it is showing me page not found and the i have placed the classifiedbr.php and demo.php on the same folder but it is still not working

this is my php code named classfiedbr.php

<?php
/**
* @package ClassifiedBr
*/
/*
Plugin Name: ClassifiedBr
Plugin URI: http://britchi.com/plugin
Description: This is my first Attempt on writting a custom plugin
Version: 1.0.0
Author: *Bright* C Godwin 
Author URI: http://britchi.com/plugin
License: GPLv2 or later
Text Domain: classifiedbr-plugin
*/
add_action('admin_menu', 'classifiedbr_setup_menu');


function classifiedbr_setup_menu(){
        add_menu_page( 'ClassifiedBr Page', 'ClassifiedBr', 'manage_options', 'classifiedbr', 'classifiedbr_init' );
}

function classifiedbr_init(){
    echo '<form action="demo.php" method="post" />';
    echo "<h1>Britchi Tracking</h1>";
    echo '<p>';
    echo 'Costumers Name (required) <br/>';
    echo '<input type="text" name="cname"/>';
    echo '</p>';
    echo '<p>';
    echo 'Tracking number (required) <br/>';
    echo '<input type="text" name="ctracking"/>';
    echo '</p>';
    echo '<p>';
    echo 'Email (required) <br/>';
    echo '<input type="email" name="cemail" />';
    echo '</p>';
    echo '<p>';
    echo 'Recived Port (required) <br/>';
    echo '<input type="text" name="crport" />';
    echo '</p>';
    echo '<p>';
    echo 'Delivered Port (required) <br/>';
    echo '<input type="text" name="cdport" />';
    echo '</p>';
    echo '<p>';
    echo 'Current Location (required) <br/>';
    echo '<input type="text" name="clocation" />';
    echo '</p>';
    echo '<p>';
    echo 'Destination (required) <br/>';
    echo '<input type="text" name="cdestination". />';
    echo '</p>';
    echo '<p><input type="submit" name="cregistered" value="Register"></p>';
    echo '</form>';




}

?>

then this is my demo.php

<?php

define('DB_NAME', 'class');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if (!$link) {
    die('Could not connect: ' . mysql_error());
}

$db_selected = mysql_selected_db(DB_NAME, $link);

if (!$db_selected) {
    die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}

$cname = $_POST['cname'];
$cemail = $_POST['cemail'];
$ctracking = $_POST['ctracking'];
$crport = $_POST['crport'];
$cdport = $_POST['cdport'];
$cname = $_POST['clocation'];
$cname = $_POST['cdestination'];

$sql = "INSERT INTO demo (cname, cemail, ctracking, erport, cdport, clocation, cdestination) VALUES ('$cname', 'cemail', 'ctracking', 'crport', 'cdport', 'clocation', 'cdestination')";

if (!mysql_query($sql)) {
    die('ERROR: ' . mysql_error());
}

mysql_close();
?>

this is the page

enter image description here

this is the error massage i get from the page

enter image description here

this is the folder where i saved the files

enter image description here

i have tried searching here but the question that is related to my own problem (my php form not insert to phpmyadmin) but it is not yet solved so i am hoping someone can help me out thanks

Britchi2
  • 37
  • 1
  • 7
  • the page demo.php is not where you say it is –  May 13 '18 at 00:31
  • @smith i just uploaded the screenshot of the files folder – Britchi2 May 13 '18 at 00:54
  • This is misspelled `mysql_selected_db()` should be `mysql_select_db()` and their may be other errors, not least of which is that the `mysql_*()` functions have been removed in PHP versions beginning with 7. New code should be written using PDO instead. Always when developing and testing code, enable error display. At the top of your script `error_reporting(E_ALL); ini_set('display_errors', 1);` and you will see PHP complain about an undefined function, maybe other errors too. – Michael Berkowski May 13 '18 at 00:58
  • I notice that most of your variables in the INSERT are missing their `$` as well. But the method you are using is insecure and may eventually result in your server and database being compromised. Using `prepare()/execute()` with parameters in PDO is the solution to that - see [How can I prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php#60496) Noting your database is named `class` perhaps this is a course assignment and PDO is not an option for you or your instructor prefers the old mysql_*() API... – Michael Berkowski May 13 '18 at 01:00
  • @MichaelBerkowski even after changing the mysql_selected_db() to mysql_select_db() it is still showing the same error – Britchi2 May 13 '18 at 01:12

1 Answers1

0

Just make the below changes in your demo.php and put both the files in wp-admin of Wordpress directory.

<?php

define('DB_NAME', 'class');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');

$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);



if (!$link) {
    die('Can\'t use ' . DB_NAME . ': ' . mysqli_error($link));
}

   $cname = $_POST['cname'];
   $cemail = $_POST['cemail'];
   $ctracking = $_POST['ctracking'];
   $crport = $_POST['crport'];
   $cdport = $_POST['cdport'];
   $clocation = $_POST['clocation'];
   $cdestination = $_POST['cdestination'];

   $sql = "INSERT INTO demo (cname, cemail, ctracking, crport, cdport,  clocation, cdestination) VALUES ('$cname', '$cemail', '$ctracking', '$crport', '$cdport', '$clocation', '$cdestination')";

if (!mysqli_query($link, $sql)) {
    die('ERROR: ' . mysqli_error($link));

}

   mysqli_close($link);
?>
Ajay Rajpurohit
  • 38
  • 5