Databases
StackOverflow2013
Postsdbo
POValidating my PHP form and submitting to database
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POValidating my PHP form and submitting to database
    primarykey
    data
    text
    <p>Basically I am working on a review form in which users fill out items about a specific product and when submitting the form it calls process.php which validates the form and will email me when one is submitted without error. It then returns the user to the form page and either display the errors that were committed or says it was submitted successfully, this all works great but what I need to do now is when the form is filled out correctly I still want the email and to be returned to the form's page, but also insert data to my db. My form's validation works great until I try and pop some code in to insert into the database and then I get these errors...</p> <pre><code>Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/XZXZ/support/database.inc:16) in /home/XZXZ/public_html/Reviews/process.php on line 113 Warning: Cannot modify header information - headers already sent by (output started at /home/XZXZ/support/database.inc:16) in /home/XZXZ/public_html/Reviews/process.php on line 117 </code></pre> <p>I just need to know where I can pop this in at to avoid these errors and still have everything work okay. Here is a look at the process.php file:</p> <pre><code>&lt;?php if( isset($_POST) ){ //form validation vars $formok = true; $errors = array(); //sumbission data $ipaddress = $_SERVER['REMOTE_ADDR']; $sub_date = date('d/m/Y'); $sub_time = date('H:i:s'); //form data $sub_date = $_POST['sub_date']; $sub_time = $_POST['sub_time']; $review_title = $_POST['review_title']; $rating = $_POST['rating']; $pros = $_POST['pros']; $cons = $_POST['cons']; $best_uses = $_POST['best_uses']; $comments = $_POST['comments']; $upload = $_POST['upload']; $recommend = $_POST['recommend']; $reviewer_name = $_POST['reviewer_name']; $reviewer_desc = $_POST['reviewer_desc']; $reviewer_loc = $_POST['reviewer_loc']; //form validation to go here.... } //validate review title is not empty if(empty($review_title)){ $formok = false; $errors[] = "You have not entered a title for this review"; } //validate rating is selected if (isset ($_POST['rating']) &amp;&amp; ($_POST['rating'] == '' )) { $formok = FALSE; $errors[] = "You have not selected a rating for the product"; } //validate pros is not empty if(empty($pros)){ $formok = false; $errors[] = "You have not entered any pros"; } //validate cons is not empty if(empty($cons)){ $formok = false; $errors[] = "You have not entered any cons"; } //validate name is not empty if(empty($reviewer_name)){ $formok = false; $errors[] = "You have not entered your name"; } //validate desc is not empty if(empty($reviewer_desc)){ $formok = false; $errors[] = "You have not entered your description"; } //validate location is not empty if(empty($reviewer_loc)){ $formok = false; $errors[] = "You have not entered your location"; } //send email if all is ok if($formok){ $headers = "From: reviews@XZXZ.com" . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $emailbody = "&lt;p&gt;You have received a new product review pending approval from XZXZ.com&lt;/p&gt; &lt;p&gt;&lt;strong&gt;Review Title: &lt;/strong&gt; {$review_title} &lt;/p&gt; &lt;p&gt;&lt;strong&gt;Rating: &lt;/strong&gt; {rating} &lt;/p&gt; &lt;p&gt;&lt;strong&gt;Pros: &lt;/strong&gt; {$pros} &lt;/p&gt; &lt;p&gt;&lt;strong&gt;Cons: &lt;/strong&gt; {$cons} &lt;/p&gt; &lt;p&gt;&lt;strong&gt;Best Uses: &lt;/strong&gt; {$best_uses} &lt;/p&gt; &lt;p&gt;&lt;strong&gt;Comments: &lt;/strong&gt; {$comments} &lt;/p&gt; &lt;p&gt;&lt;strong&gt;Upload: &lt;/strong&gt; {$upload} &lt;/p&gt; &lt;p&gt;&lt;strong&gt;Recommend: &lt;/strong&gt; {$recommend} &lt;/p&gt; &lt;p&gt;&lt;strong&gt;Name: &lt;/strong&gt; {$reviewer_name} &lt;/p&gt; &lt;p&gt;&lt;strong&gt;Description: &lt;/strong&gt; {$reviewer_desc} &lt;/p&gt; &lt;p&gt;&lt;strong&gt;Location: &lt;/strong&gt; {$reviewer_loc} &lt;/p&gt; &lt;p&gt;This message was sent from the IP Address: {$ipaddress} on {$date} at {$time}&lt;/p&gt;"; mail("XX@XZXZ.com","New Pending Review",$emailbody,$headers); //insert to database require("/home/XZXZ/support/database.inc"); $SQL="INSERT INTO 'XZXZ_rvs'.'reviews_prod' (sub_date, sub_time, review_title, rating, pros, cons, best_uses, comments, upload, recommend, reviewer_name, reviewer_desc, reviewer_loc) VALUES ('$_POST[$sub_date]','$_POST[$sub_time]','$_POST[$review_title]','$_POST[$rating]','$_POST[$pros]','$_POST[$cons]','$_POST[$best_uses]','$_POST[$comments]','$_POST[$upload]','$_POST[$recommend]','$_POST[$reviewer_name]','$_POST[$reviewer_desc]','$_POST[$reviewer_loc]')"; } //what we need to return back to our form $returndata = array( 'posted_form_data' =&gt; array( 'review_title' =&gt; $review_title, 'rating' =&gt; $rating, 'pros' =&gt; $pros, 'cons' =&gt; $cons, 'best_uses' =&gt; $best_uses, 'comments' =&gt; $comments, 'upload' =&gt; $upload, 'recommend' =&gt; $recommend, 'reviewer_name' =&gt; $reviewer_name, 'reviewer_desc' =&gt; $reviewer_desc, 'reviewer_loc' =&gt; $reviewer_loc ), 'form_ok' =&gt; $formok, 'errors' =&gt; $errors ); //if this is not an ajax request if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) &amp;&amp; strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'){ //set session variables session_start(); $_SESSION['cf_returndata'] = $returndata; //redirect back to form header('location: ' . $_SERVER['HTTP_REFERER']); } </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USGlen Solsberry
    1. USforevermetal02
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POValidating my PHP form and submitting to database
      1. This table or related slice is empty.
      1. VTUpMod
    1. COPlease please please consider adding the extension `.php` to your database.inc file, if someone navigates to that file in their browser it will output as plan text exposing all you database connection parameters!!
      singulars
      1. POValidating my PHP form and submitting to database
      1. USDale
    2. COJust did that, thank you for the tip, I've inherited this project and typically when working with DBs just coded everything into the same php file instead of using a require
      singulars
      1. POValidating my PHP form and submitting to database
      1. USforevermetal02
    3. CO@Dale, that isn't necessarily true. It's very easy to set `.inc` files to be processed as PHP (and not show the source to visitors). It is, however, good practice to keep the extension as the default (`.php`) in case you ever move to a server that doesn't support `.htaccess` (or the `.htaccess` file doesn't get transferred when using FTP, due to it being hidden by default).
      singulars
      1. POValidating my PHP form and submitting to database
      1. US0b10011
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload