php form onsubmit event loading new page with value of 0_问答_开发者

php form onsubmit event loading new page with value of 0

开发者 https://www.devze.com 2023-04-11 21:57 出处：网络

I am totally new to all things php but I have managed to piece meal together the below form. But for some reason that I don\'t understand, everytime I hit the submit button it goes to a new page with

I am totally new to all things php but I have managed to piece meal together the below form. But for some reason that I don't understand, everytime I hit the submit button it goes to a new page with a value of 0 on it. Here is the page

http://upcycledonline.com/test/Site/myform2.php

开发者_开发问答<?php
    if($_POST['formSubmit'] == "Submit"){
        $errorMessage = "";

        if(empty($_POST['formEmail'])){
            $errorMessage .= "<li>You forgot to enter your email</li>";
        }

        $varEmail = ($_POST['formEmail'].mysql_real_escape_string);

        //$varEmail = $_POST['formEmail'];

        if(empty($errorMessage)){

            $db = mysql_connect("server","id","password");
            if(!$db)
                die("Error connecting to MySQL database.");
            mysql_select_db("tableName" ,$db);

            $sql = "INSERT INTO emails(email) VALUES ('$varEmail')";
            mysql_query($sql);


            //$sql = ("INSERT INTO emails(email) VALUES ('%s')".mysql_real_escape_string($varEmail));
            //$results = mysql_query($sql);
            //$sql = "INSERT INTO emails (emails)" 
                   //. "VALUES ('{$varEmail}');
            //mysql_query($sql);

            // echo "Details added";
            // $_SESSION['status'] = 'success';
        }

        //header("Location: thankyou.html");
        exit();
    }


    function PrepSQL($value){
        // Stripslashes
        if(get_magic_quotes_gpc()){
            $value = stripslashes($value);
        }

        // Quote
        //this is how I should be doing the escape thing
        $value = "'" . mysql_real_escape_string($value) . "'";

        return($value);
    }
?>

and here is the form

<?php
   if(!empty($errorMessage)){
       echo("<p>There was an error with your form:</p>\n");
       echo("<ul>" . $errorMessage . "</ul>\n");
   }
?>

<form id="emailForm" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" 
      method="post" onSubmit="alert('Thank you. Your email has been added.')">
    <label for='formEmail'>Sign up to be notified when we go live!</label><br/>
    <input type="text" name="formEmail" maxlength="50" value="<?=$varEmail;?>" />
    <input type="submit" name="formSubmit" value="Submit" />
</form>

If they are in one file, it still has a few issues.

Instead of:
$varEmail = ($_POST['formEmail'].mysql_real_escape_string);

Try:
$varEmail = mysql_real_escape_string($_POST['formEmail']);

This should bring the code to the mysql part, and then it will just exit.

The header command can be used to redirect to a "thank you" page, or just echo if success or fail.

Then look for data in your database. :)

BTW:
You almost had it in the PrepSql function, but it is not used.
So you could do: $varEmail = PrepSql($_POST['formEmail']);
Mind the extra '' though.

And cheers for learning to escape data early on! :)

Edit:

You might get an error on the input line in the form where it says <?$varEmail;?>...
There you are using "short tag", meaning you skip the "php" in: <?php echo $myVar;?>. Also missing "echo".

You can just remove that part - since you get the value from user input.

This echoes my input on my machine (commented out sql for the test):

<?php

if($_POST['formSubmit'] == "Submit") 
{
    $errorMessage = "";

    if(empty($_POST['formEmail'])) 
    {
        $errorMessage .= "<li>You forgot to enter your email</li>";
    }

    $varEmail = PrepSql($_POST['formEmail']);


    //$varEmail = $_POST['formEmail'];

    if(empty($errorMessage)) 
    {

        /*$db= mysql_connect("server","id","password");
        if(!$db) die("Error connecting to MySQL database.");
        mysql_select_db("tableName" ,$db);*/

        echo $varEmail;

        //$sql = "INSERT INTO emails(email) VALUES ('$varEmail')";
        //mysql_query($sql);


        //$sql = ("INSERT INTO emails(email) VALUES ('%s')".mysql_real_escape_string($varEmail));
        //$results = mysql_query($sql);

        //$sql = "INSERT INTO emails (emails)" 
        //. "VALUES ('{$varEmail}');
        //mysql_query($sql);

        // echo "Details added";
        // $_SESSION['status'] = 'success';
    }

    //header("Location: thankyou.html");
    exit();

}


function PrepSQL($value)
{
    // Stripslashes
    if(get_magic_quotes_gpc()) 
    {
        $value = stripslashes($value);
    }

    // Quote
    //this is how I should be doing the escape thing
    //$value = "'" . mysql_real_escape_string($value) . "'";
    $value = mysql_real_escape_string($value);

    return($value);
}




if(!empty($errorMessage)) 
{
   echo("<p>There was an error with your form:</p>\n");
   echo("<ul>" . $errorMessage . "</ul>\n");
}
?>

<form id="emailForm" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"     method="post" onSubmit="alert('Thank you. Your email has been added.')">

            <label for='formEmail'>Sign up to be notified when we go live!</label><br/>
            <input type="text" name="formEmail" maxlength="50" />

        <input type="submit" name="formSubmit" value="Submit" />

</form>