I created two forms, one is registration form the other is picking the dates the user will come and leave. I called the user's username in the 2nd page.. and although i receive it, i get a message "error" and nothing gets updated on my database. Here is my 2nd page file.. What am i doing wrong?
<?php
session_start();
$EntryError=$ExitError="";
if (isset($_POST['submit'])){
$entrydate = $exitdate = "";
$errorOccured = false;
if (isset($_POST['tsmdate'])){
$entrydate = trim($_POST['tsmdate']);
if (strlen($entrydate) == 0){
$EntryError = "date is missing";
$errorOccured = true;
}
}
else{
$EntryError = "date is missing";
}
// checking for last name
if (isset($_POST['tsmexit'])){
$exitdate = trim($_POST['tsmexit']);
if (strlen($exitdate) == 0){
$ExitError = "First Name is missing";
$errorOccured = true;
}
}
else{
$ExitError = "last Name is missing";
}
$ids=$_SESSION['tsmUserName'];
var_dump($_SESSION);
if(!$errorOccured){
require_once("connection.php");
$my_query="INSERT INTO timing (No, Entry Date and Time, Exit Date and Time, user_id) VALUES (NULL,'$EntryError','$exitdate','$ids')";
$result=mysqli_query($connection,$my_query);
if($result)
{
echo 'thank you';
}
else
{
echo 'error';
}
mysqli_close($connection);
}
}
?>
<html>
<head>
</head>
<body>
<form name="dates" id="dates" method="POST" action="">
<table cellpadding="5" border="0" width="100%">
<tr>
<td colspan="3" align="center">
<h1> select dates </h1>
</td>
</tr>
<tr>
<td width="30%" align="right">
<label for="tsmdate">Entry date and time</label>
</td>
<td align="left">
<input type="text" name="tsmdate" id="tsmdate" required="required">
</td>
</tr>
<tr>
<td width="30%" align="right">
<label for="tsmexit">Exit date and time</label>
</td>
<td align="left">
<input type="text" name="tsmexit" id="tsmexit" required="required">
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="submit" value="dates">
</td>
</tr>
</table>
</form>
</body>
</html>
Change INSERT query to this
$my_query="INSERT INTO timing (`No`, `Entry Date and Time`, `Exit Date and Time`, `user_id`) VALUES (NULL,'$EntryError','$exitdate','$ids')";
Make sure if any database field name has space in name, then it should be within ` (back tic)
Your insert query isn't a valid query because of the spaces in your column names, I suggest your change the spaces into '_' characters so you won't walk into more trouble. If you like to keep the spaces you have to escape the column names with the "`" character.
Example
$query="INSERT INTO timing (`No`, `Entry Date and Time`, `Exit Date and Time`, `user_id`) VALUES (NULL, '$EntryError', '$exitdate', '$ids')";
Your form is very vulnerable to SQL injection, to prevent this you have to escape your variables with the mysqli::real_escape_string
function.
Example
$EntryError = mysqli_real_escape_string($connection, $EntryError);
$exitdate = mysqli_real_escape_string($connection, $exitdate);
$query="INSERT INTO timing (`No`, `Entry Date and Time`, `Exit Date and Time`, `user_id`) VALUES (NULL, '$EntryError', '$exitdate', '$ids')";
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.