-2

Currently, I want the alert message to pop up after I click on the button but it doesn't work. The data is saved in the database but the alert message won't pop up.

if (isset($_POST['add_reminder']))
{
  $user_id = $_SESSION['user_id'];
  $email = $_POST['email'];
  $reminder_name = $_POST['reminder_name'];
  $reminder_date = $_POST['reminder_date'];
  $reminder_amount = $_POST['reminder_amount'];
  $add_notes = $_POST['add_notes'];

  $rmd = "INSERT INTO reminder (user_id, email, reminder_name,reminder_date,reminder_amount,add_notes) VALUES ('$user_id', '$email', '$reminder_name','$reminder_date','$reminder_amount','$add_notes') ";

if(mysqli_query($con,$rmd))
{
    echo"<script>alert('Your reminder has been saved!');</script>";   
    header('location:add_reminder.php'); 
}

else{
    die("Something went wrong");
}
Dharman
  • 30,962
  • 25
  • 85
  • 135
Anynomous
  • 5
  • 3
  • Where is the html button? – Balaji Nov 06 '22 at 08:56
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Nov 07 '22 at 11:32

1 Answers1

0

There is a bracket missing at the end and the separation of Javascript and PHP code is not correct. Due to security reasons use prepared statements in your SQL query.

I don't know the structure of your table so in the line with "bind_param" maybe "i" for integer must be entered instead of "s" for string. The definition of your DB connection in the line with "$conn = ..." must be adjusted by your values.

<FORM  action=''  method='POST' enctype='multipart/form-data'>
<button type='submit' name='add_reminder'>click</button>

<?php
if (isset($_POST['add_reminder']))
{
$user_id = $_SESSION['user_id'];
$email = $_POST['email'];
$reminder_name = $_POST['reminder_name'];
$reminder_date = $_POST['reminder_date'];
$reminder_amount = $_POST['reminder_amount'];
$add_notes = $_POST['add_notes'];

$conn = new mysqli($host, $muser, $mpass, $db);
$stmt = $conn->prepare("INSERT INTO `reminder` VALUES(?,?,?,?,?,?)");
$stmt->bind_param("ssssss",$user_id, $email, $reminder_name, $reminder_date, $reminder_amount,$add_notes );
$stmt->execute();
$stmt->insert_id;
$stmt->close();
$conn->close(); 

if ($stmt->execute()) {   
?>
<script>
alert('Your reminder has been saved!');
window.setTimeout(function() {
window.location = 'add_reminder.php';
}, 1000);
</script>";   
<?php
}
else{
die("Something went wrong");
}
}
?>
</form>
rauwitt
  • 312
  • 2
  • 4