0

Kindly check the code,where i am wrong in this.Form is not submitting the values.Page is refreshing but not posting the values.I don't know what is happening.Pls check the code and identify the mistake.i had also used this code on another application as well.it is working there but not here 

<?php
    if ($username && $userid) {
        echo "you are already logged in as $dbuser.<a href='w-post.php'> Click here to go to Post area</a>";
    }

    else {
        $form = "<form method=post action=123.php autocomplete=off enctype=multipart/form-data>

    <table width=759 border=1>
        <tr>
            <td width=749>
                <table width=756 border=1>
                    <tr>
                        <td colspan=3 bgcolor=#d9d9d9>
                            <div align=center class=style1><font color=#003366>PERSONAL INFORMATION</font></div>
                        </td>
                    </tr>
                    <tr>
                        <td width=196>
                            <div class=label-text>Email Address</div>
                        </td>
                        <td width=297>
                            <div class=accountboxes><input type=text class=accounttextboxes id=txtemail name=txtemail
                                                           size=50/>
                            </div>
                        </td>
                        <td width=241>&nbsp;</td>
                    </tr>
                    <tr>
                        <td width=196>
                            <div class=label-text>Password</div>
                        </td>
                        <td width=297>
                            <div class=accountboxes><input type=password class=accounttextboxes id=txtpass name=txtpass
                                                           size=50/>
                            </div>
                        </td>
                        <td width=241>&nbsp;</td>
                    </tr>
                    <tr>
                        <td width=196></td>
                        <td width=297><input name=submit type=submit id=submit value=submit/>

                        <td width=241>&nbsp;</td>
                    </tr>
                </table>
            </td>
        </tr>
    </table>
    </td>
    </tr>
    </table>
</form>";

        if (isset($_POST['submit'])) {
            $user = $_POST['txtemail'];
            $pass = $_POST['txtpass'];
            if ($user) {
                if ($password) {
                    $password = md5($pass);
                    //echo $epassword;
                    $query   = mysql_query("SELECT * from users where email='$user'");
                    $numrows = mysql_num_rows($query);
                    if ($numrows == 1) {
                        $row      = mysql_fetch_assoc($query);
                        $id       = $row['id'];
                        $dbuser   = $row['name'];
                        $dbpass   = $row['password'];
                        $activate = $row['activation'];
                        if ($password == $dbpass) {
                            if ($activate == '1') {
                                $_SESSION['name']  = $dbuser;
                                $_SESSION['id']    = $id;
                                $_SESSION['email'] = $email;
                                header('location:forms.php');
                                exit();
                            }
                            else {
                                $error_account = 'Your Account is not activated yet';
                            }
                            echo $form;
                        }
                        else {
                            $error_pass = 'You entered an incorrect password';
                        }
                        echo $form;
                    }

                    else {
                        $error_email = 'Email Address not found';
                        echo $form;
                    }

                }

                else {
                    $enter_pass = 'Enter your password';
                    echo $form;
                }

            }
            else {
                $enter_email = 'Enter email address';
                echo $form;
            }

        }

        else {
            echo $form;
        }

    }
?>
Improve this question
8
  • php.net/manual/en/… Commented Jul 29, 2012 at 16:00
  • 4
    Some tips: 1.) Use quotes around HTML attributes! 2.) Don't use $_POST variables directly in your query, better use mysql_real_escape_string() or/and even more better: use PDO or MySQLi! 3.) Where are $username and $userid coming from? Commented Jul 29, 2012 at 16:02
  • $username and $userid are in sessions Commented Jul 29, 2012 at 16:03
  • 1
    But they aren't global! Use $_SESSION['variable-name'] Commented Jul 29, 2012 at 16:11
  • 1
    Please don't use mysql_* functions in new code. They were removed from PHP 7.0.0 in 2015. Instead, use prepared statements via PDO or MySQLi. See Why shouldn't I use mysql_* functions in PHP? for more information. Commented Jul 29, 2012 at 16:15

2 Answers 2

Reset to default
2

You should quote all the attribute values such as post, 123.php etc. throughout your HTML to be safe. Otherwise (assuming you are using HTML and not XHTML - where quoted strings are mandatory) any invalid characters will invalidate the HTML and your code might break, which is certainly one thing that could be happening with your code.

Using HEREDOC syntax:

$form = <<<EOD
<form method="post" action="123.php" autocomplete="off" enctype="multipart/form-data">
<table width="759" border="1">
  <tr>

<!-- Rest of HTML code -->

EOD;
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

That answer is incorrect. The HTML5 specs allows for authors to omit quotes entirely in attribute names. You only need it if you have a space or an = inside of your attribute.
@Truth You mean, "omit quotes around attribute values". Which is why I state "Otherwise ... any invalid characters will invalidate the HTML". Invalid characters being characters that need to be quoted. Browsers will break on slashes etc. also.
@FAIQNASEEM: THIS ISN'T A GIMME TEH KODEZ SITE HE'S HELPING YOU HELP YOURSELF. ALSO, PLEASE DON'T WRITE IN CAPITAL LETTERS, IT'S ANNOYING.
You appear to be using an XHTML DOCTYPE. In this case quoted attribute values are mandatory in order to validate. I assume that since you have accepted an answer, your immediate probelm is now resolved?
no no i didnt pls explain XHTML DOCTYPE thing.Explain more pls
|
0

YOur code would be much simpler if you do it like this:

if (isset($_POST['submit'])) {
 $error = 0;
 $errorMessages = array();
 $user = $_POST['txtemail'];
 $pass = $_POST['txtpass'];
 if (!$user) {
  $errors++;
  $errorMessages[] = "Please enter your email address";
 }
 ...//rest of the form check
 if($errors == 0) {
  //do what you want with the data
 }
}

So you don't have that many brackets and else.

Improve this answer

1 Comment

You could also leave out the $errors variable and in the end check for the size of $errorMessages like so: if( count($errorMessages) === 0 ) { ... }

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.