Running multiple PHP scripts on one page with separate forms for user input

Question

I am learning PHP to run a very small server on a network at work. I am also new to mySQL. I know that people are going to say I am open to sql injection and I will cross that bridge when I get there.

Anyways, I am making an app for my employees to be able to submit paperwork over the network and store the data in a local server.

I am running XAMPP and have full access to everything. I can get data submitted when I remove the code for my second form. Here is all of my code.

I have two forms, the first one submits the Check and the second one submits the results of the check. I have a foreign key to connect each table in mySQl but I honestly don't even know if that is working. I want the users to be able to see a list of all the "Checks" then be able to go down and view the table of that "check's" results.

This first chunk of code is my index.php, and it holds the functions for adding and displaying data from the tables.

<?php

include 'connect.php';

// $user = 'damon';
// $password = '';

// $dbname = 'camera_check';

// $servername = 'localhost';
// $mysqli = new mysqli(
//     $servername,
//     $user,
//     $password,
//     $dbname
// );

// if ($mysqli->connect_error) {
//     die('Connect Error (' .
//         $mysqli->connect_errno . ') ' .
//         $mysqli->connect_error);
// }



// SQL query to select data from database
$sql = "SELECT * FROM all_checks ORDER BY check_id ";
$result = $mysqli->query($sql);
$mysqli->close();

// $server = "localhost";
// $username = "damon";
// $password = "";
// $dbname = "camera_check";


// $conn = mysqli_connect($server, $username, $password, $dbname);

if (isset($_POST['submit`'])) {

    if (!empty($_POST['date']) && !empty($_POST['camera_outage'])) {

        $date = $_POST['date'];
        $camera_outage = $_POST['camera_outage'];


        $query = "Insert into all_checks(date, camera_outage) values ('$date', '$camera_outage')";

        $run = mysqli_query($conn, $query) or die(mysqli_error($conn));
        echo "<meta http-equiv='refresh' content='0'>";

        if ($run) {
            echo '<script>alert("Device Submitted Successfully")"</script>';
        } else {
            echo " Form not Submitted";
        }
    } else {
        echo "  all fields required";
    }
}


if (isset($_POST['submit2'])) {
    if (!empty($_POST['shift']) && !empty($_POST['supervisor']) && !empty($_POST['outage_noted']) && !empty($_POST['audio_check_complete']) && !empty($_POST['rm_temp']) && !empty($_POST['server_IV1']) && !empty($_POST['server_IV2']) && !empty($_POST['server_IV3']) && !empty($_POST['server_IV4']) && !empty($_POST['server_IV5']) && !empty($_POST['server_IV6']) && !empty($_POST['server_IV7']) && !empty($_POST['server_IV8']) && !empty($_POST['server_IV9']) && !empty($_POST['server_IV10']) && !empty($_POST['server_IV11']) && !empty($_POST['server_IV12']) && !empty($_POST['server_nsm1']) && !empty($_POST['server_nsm2']) && !empty($_POST['server_nsm4']) && !empty($_POST['server_nsm5']) && !empty($_POST['server_nsm6']) && !empty($_POST['server_nsm7']) && !empty($_POST['all_checked']) && !empty($_POST['completed_by_id']) && !empty($_POST['start_time']) && !empty($_POST['end_time']) && !empty($_POST['completed_on']) && !empty($_POST['print_name']) && !empty($_POST['initials'])) {

        $shift = $_POST['shift'];
        $supervisor = $_POST['supervisor'];
        $outage_noted = $_POST['outage_noted'];
        $audio_check_complete = $_POST['audio_test_complete'];
        $rm_temp = $_POST['rm_temp'];
        $server_IV1 = $_POST['server_IV1'];
        $server_IV2 = $_POST['server_IV2'];
        $server_IV3 = $_POST['server_IV3'];
        $server_IV4 = $_POST['server_IV4'];
        $server_IV5 = $_POST['server_IV5'];
        $server_IV6 = $_POST['server_IV6'];
        $server_IV7 = $_POST['server_IV7'];
        $server_IV8 = $_POST['server_IV8'];
        $server_IV9 = $_POST['server_IV9'];
        $server_IV10 = $_POST['server_IV10'];
        $server_IV11 = $_POST['server_IV11'];
        $server_IV12 = $_POST['server_IV12'];
        $server_nsm1 = $_POST['server_nsm1'];
        $server_nsm2 = $_POST['server_nsm2'];
        $server_nsm = $_POST['server_nsm4'];
        $server_nsm = $_POST['server_nsm5'];
        $server_nsm = $_POST['server_nsm6'];
        $server_nsm = $_POST['server_nsm7'];
        $all_checked = $_POST['all_checked'];
        $completed_by_id = $_POST['completed_by_id'];
        $start_time = $_POST['start_time'];
        $end_time = $_POST['end_time'];
        $completed_on = $_POST['completed_on'];
        $print_name = $_POST['print_name'];
        $initials = $_POST['initials'];



        $query = "Insert into check_results(shift, supervisor, outage_noted, audio_check_complete, rm_temp, server_IV1,server_IV2,server_IV3,server_IV4,server_IV5,server_IV6,server_IV7,server_IV8,server_IV9,server_IV10,server_IV11,server_IV12, server_nsm1,server_nsm2,server_nsm4,server_nsm5,server_nsm6,server_nsm7,) placeholders('$shift', '$supervisor', '$outage_noted','$audio_check_completed', '$rm_temp', '$server_IV1', '$server_IV2', '$server_IV3', '$server_IV4', '$server_IV5', '$server_IV6', '$server_IV7', '$server_IV8', '$server_IV9', '$server_IV10', '$server_IV11', '$server_IV12', '$server_nsm1', '$server_nsm2', '$server_nsm4', '$server_nsm5', '$server_nsm6', '$server_nsm7', '$all_checked', '$completed_by_id', '$start_time', '$end_time', '$completed_on', '$completed_by', '$initials')";

        $run = mysqli_query($conn, $query) or die(mysqli_error($conn));
        echo "<meta http-equiv='refresh' content='0'>";

        if ($run) {
            echo '<script>alert("Device Submitted Successfully")"</script>';
        } else {
            echo " Form not Submitted";
        }
    } else {
        echo "  all fields required";
    }
}


?>


<!-- php for camera check results -->

<html>

<body>

    <div class="row" style="justify-self:center">
        <h2 style="padding-top:5%">Camera Checks</h2>
    </div>

    <div class="row">

        <div class="container col-3" style="display:grid">
            <form action="index.php" method="POST" enctype="multipart/form-data">
                <h4>Add Check</h4>
                <div class="form_group">
                    <label>Date:</label>
                    <input type="text" name="date" />
                </div>
                <div class="form_group">
                    <label>Camera Outage:</label>
                    <input type="text" name="camera_outage" />
                </div>

                <input type="submit" name="submit1" placeholder="Add Check">
            </form>
        </div>

        <div class="container col-9">
            <table style="height:fit-content">
                <tr style="text-align:center; margin:2px;height:fit-content">
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">ID</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Date</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Camera Outage</th>
                </tr>
                <!-- PHP CODE TO FETCH DATA FROM ROWS-->
                <?php   // LOOP TILL END OF DATA 
                while ($rows = $result->fetch_assoc()) {
                ?>
                    <tr>
                        <!--FETCHING DATA FROM EACH 
                    ROW OF EVERY COLUMN-->
                        <td style="padding:10px"> <?php echo $rows['check_id']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['date']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['camera_outage']; ?></td>
                    </tr>
                <?php
                }
                ?>
            </table>
        </div>
    </div>

    <div class="container">
        <form action="index.php" method="POST" enctype="multipart/form-data">
            <h4>Add Check Results</h4>
            <div class="form_group">
                <label>Shift:</label>
                <input type="text" name="shift" placeholder="Day. Swing, Grave" />
            </div>
            <div class="form_group">
                <label>Logged in as Supervisor:</label>
                <input type="text" name="supervisor" placeholder="Yes/No" />
            </div>
            <div class="form_group">
                <label>Outage Noted:</label>
                <input type="text" name="outage_notedr" placeholder="Yes/No" />
            </div>
            <div class="form_group">
                <label>Audio Check Completed:</label>
                <input type="text" name="audio_check" placeholder="Yes/No" />
            </div>
            <div class="form_group">
                <label>Room Temperature:</label>
                <input type="text" name="rm_temp" placeholder=" degrees" />
            </div>
            <div class="form_group">
                <label>Server IV-1 Retention Time:</label>
                <input type="text" name="server_IV1" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-2 Retention Time:</label>
                <input type="text" name="server_IV2" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-3 Retention Time:</label>
                <input type="text" name="server_IV3" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-4 Retention Time:</label>
                <input type="text" name="server_IV4" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-5 Retention Time:</label>
                <input type="text" name="server_IV5" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-6 Retention Time:</label>
                <input type="text" name="server_IV6" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-6 Retention Time:</label>
                <input type="text" name="server_IV6" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-7 Retention Time:</label>
                <input type="text" name="server_IV7" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-8 Retention Time:</label>
                <input type="text" name="server_IV8" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-9 Retention Time:</label>
                <input type="text" name="server_IV9" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-10 Retention Time:</label>
                <input type="text" name="server_IV10" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-11 Retention Time:</label>
                <input type="text" name="server_IV11" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server IV-12 Retention Time:</label>
                <input type="text" name="server_IV12" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server NSM-1 Retention Time:</label>
                <input type="text" name="server_nsm1" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server NSM-2 Retention Time:</label>
                <input type="text" name="server_nsm2" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server NSM-4 Retention Time:</label>
                <input type="text" name="server_nsm4" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server NSM-5 Retention Time:</label>
                <input type="text" name="server_nsm5" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server NSM-6 Retention Time:</label>
                <input type="text" name="server_nsm6" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>Server NSM-7 Retention Time:</label>
                <input type="text" name="server_nsm7" placeholder=" days" />
            </div>
            <div class="form_group">
                <label>All Cameras Checked:</label>
                <input type="text" name="all_checked" placeholder="Yes or No" />
            </div>
            <div class="form_group">
                <label>Completed by- ID: </label>
                <input type="text" name="completed_by_id" placeholder="Your Employee ID" />
            </div>
            <div class="form_group">
                <label>Start Time:</label>
                <input type="text" name="start_time" placeholder="" />
            </div>
            <div class="form_group">
                <label>End Time:</label>
                <input type="text" name="end_time" placeholder="" />
            </div>
            <div class="form_group">
                <label>Completed On:</label>
                <input type="text" name="completed_on" placeholder="" />
            </div>
            <div class="form_group">
                <label>Completed By:</label>
                <input type="text" name="print_name" placeholder="Your Name" />
            </div>
            <div class="form_group">
                <label>Initials:</label>
                <input type="text" name="initials" placeholder="" />
            </div>
            <input type="submit" name="submit2" value="Add Results">
        </form>
    </div>
    <div class="container col-9">
            <table style="height:fit-content">
                <tr style="text-align:center; margin:2px;height:fit-content">
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">ID</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Shift</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Logged In as Supervisor</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Outage Noted</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Audio Check Completed</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Room Temp</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-1 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-2 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-3 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-4 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-5 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-6 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-7 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-7 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-9 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-10 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-11 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server IV-12 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server NSM-1 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server NSM-2 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server NSM-4 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server NSM-5 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server NSM-6 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Server NSM-7 Retention Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">All Cameras Checked</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Completed By ID</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Start Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">End Time</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Completed On</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Completed By</th>
                    <th style="border-bottom:2px; border-top:1px; border-right:1px;border-left:1px;border-style:solid; border-color:black">Initials</th>
                </tr>
                <!-- PHP CODE TO FETCH DATA FROM ROWS-->
                <?php   // LOOP TILL END OF DATA 
                while ($rows = $result->fetch_assoc()) {
                ?>
                    <tr>
                        <!--FETCHING DATA FROM EACH 
                    ROW OF EVERY COLUMN-->
                        <td style="padding:10px"> <?php echo $rows['result_id']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['shift']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['audio_check_completed']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['rm_temp']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV1']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV2']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV3']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV4']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV5']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV6']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV7']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV8']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV9']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV10']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV11']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_IV12']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_nsm1']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_nsm2']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_nsm4']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_nsm5']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_nsm6']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['server_nsm7']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['all_checked']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['completed_by_id']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['start_time']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['end_time']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['completed_on']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['print_name']; ?></td>
                        <td style="padding:10px"> <?php echo $rows['initials']; ?></td>
                    </tr>
                <?php
                }
                ?>
            </table>
        </div>

</body>

</html>

This is my NEW connect.php for accessing the database:

<?php

$user = 'damon';
$password = '';

// Database name 
$database = 'camera_check';

// Server is localhost with
$server = 'localhost';
$mysqli = new mysqli(
    $server,
    $username,
    $password,
    $dbname
);

// Checking for connections
if ($mysqli->connect_error) {
    die('Connect Error (' .
        $mysqli->connect_errno . ') ' .
        $mysqli->connect_error);
}

$conn = mysqli_connect($server, $username, $password, $dbname);
?>

Currently when I load the page,I get the response "All Fields Required all fields required" although I have all fields filled out correctly. It actually seems like I am getting the response from the first form.

Does anyone have any advice or instructions on how to make this code work? Let me know what other info I can add that will help answer this question.

**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Dec 03 '21 at 15:38

score 0 · Answer 1 · edited Dec 04 '21 at 11:25

0

I am not sure I understand correctly because I am also a beginner, but at first sight I can see you have 2 SQL queries in the same php bracket. Just try to close the first (?>) and open a new one (<?php) before running the 2nd SQL.

edited Dec 04 '21 at 11:25

marc_s

732,580
175
1,330
1,459

answered Dec 03 '21 at 15:19

Scissors38th

127
10

Do i need to add the DB Connection code to each script? – dschulz1227 Dec 03 '21 at 15:21
Yes but you can create a file and add all the db connection code in there and then all you need is an (ex. include 'config.php'; ) – Scissors38th Dec 03 '21 at 15:26
Ok I will work on that. – dschulz1227 Dec 03 '21 at 15:27
ok let me know if it works – Scissors38th Dec 03 '21 at 15:40
So i did that and now I am getting "Access Denied" I am going to upload new code – dschulz1227 Dec 03 '21 at 17:35
let me clear this out again. i see your new code and you still have 2 queries in the same php bracket. $sql and $query. So just close php and instantly open a new one before the ifs maybe. Dont forget to include connect again. – Scissors38th Dec 04 '21 at 10:49

score -1 · Answer 2 · answered Dec 03 '21 at 15:13

-1

First of all, Congratulations on starting out with PHP. It's my primary programming language and you an not go wrong especially after learning concepts such as OOP and going further into frameworks such as Laravel.

You have done great with your code so far...but maybe changing the names of the submit inputs will help and then match them with the corresponding $_POST[]tags.

For example: For the first form...

<input type="submit" name="submit1">

and the corresponding fields:

if(isset($_POST['submit1']))

Make sure that the forms have different submit names.

I haven't tested it out but it's highly likely the solution.

answered Dec 03 '21 at 15:13

KingStevenNOS

119
1
4

thank you! I will try that solution now and get back to you! – dschulz1227 Dec 03 '21 at 15:15
do I need to also edit the
– dschulz1227 Dec 03 '21 at 15:18
I don't even think I would have a name attribute in the form tag. Although make sure that it's the same with the input:submit name attribute that corresponds with it just to be safe – KingStevenNOS Dec 03 '21 at 15:20
Ok I removed the name attributes and changed the "submits" I no longer receive the "all fields required" from the first form, but the data is not posting to the DB. However, I still do receive "All fields required" when submitting the second form – dschulz1227 Dec 03 '21 at 15:23
I updated my code if you can take a look. Right now I am unable to access the Database. I tried adding the connection code to an external page and importing it to the index.php so my functions can access the DB but itisn't working – dschulz1227 Dec 03 '21 at 17:40
normally I wouldn't use the new MySQLi instantiation. – KingStevenNOS Dec 04 '21 at 01:08
just try run the mysqli_connect with the values of your credentials – KingStevenNOS Dec 04 '21 at 01:09

Running multiple PHP scripts on one page with separate forms for user input

2 Answers2