2

LAST EDIT : Everything works now will post below the working code , after clearing up like idealcastle said and fixed some syntax errors everything works as it should together with the javascript validation thank you everyone

HTML Code here : 

<form name = "contact " id="contact_form" action="postcontact.php" method="post" onsubmit="return validateForm();">
                <div id ="boxc">
                    <h3>Porosia juaj ?</h3>
                    <input name="orders" type="checkbox" value="veshje">Veshje
                    <input name="orders" type="checkbox" value="mbathje">Mbathje
                    <input name="orders" type="checkbox" value="stoli">Stoli
                </div>
                <div class="row">
                    <label class="required" for="name" >Emri:</label><br />
                    <input id="name" name="name" type="text" value="" size="30" placeholder = "Emri"/><br />
                    <span id="name_validation" class="error"></span>
                </div>
                <label class="required"  >Country/State:</label><br />
                <div class = "row"id="statecmb"><select name = "state">
                     <option value="chose" selected>[choose yours]</option>
                    <option value="albania">Albania</option>
                    <option value="kosovo">Kosovo</option>
                    <option value="germany">Germany</option>
                    <option value="bangladesh">Bangladesh</option>

                </select>
                <span id="state_validation" class="error"></span></div>
                <div class="row">
                    <label class="required" for="email" >Email:</label><br />
                    <input id="email" name="email" type="text" value="" size="30"placeholder = "Email" /><br />
                    <span id="email_validation" class="error"></span>
                </div>
                <div class="row">
                    <label class="required" for="message" >Mesazhi:</label><br />
                    <textarea id="message" name="message" rows="7" cols="30" placeholder = "Mesazhi"></textarea><br />
                    <span id="message_validation" class="error"></span>
                </div>

                <input name="submit" id = "sub"type="submit" value="Submit" />
                <div class="rating">
                    <h3>Vlerso Sherbimin :</h3>
                    <input type="radio" name="rate" value="1">1
                    <input type="radio" name="rate"value="2">2
                    <input type="radio" name="rate" value="3">3
                    <input type="radio"name="rate" value="4">4
                    <input type="radio" name="rate" value="5">5
                </div>
            </form>

Javascript file : 

function validateForm() {
    var valid = 1;
    var email = document.getElementById('email');
    var email_validation = document.getElementById("email_validation");
    var name = document.getElementById('name');
    var name_validation = document.getElementById("name_validation");
    var message_validation = document.getElementById("message_validation");
    var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;

    if (name.value === "") {
        valid = 0;
        name_validation.innerHTML = "Ju lutem shenoni emrin tuaj";
        name_validation.style.display = "block";
        name_validation.parentNode.style.backgroundColor = "#FFDFDF";
    } else {
        name_validation.style.display = "none";
        name_validation.parentNode.style.backgroundColor = "transparent";
    }

    if (message.value === "") {
        valid = 0;
        message_validation.innerHTML = "Ju lutem plotesoni fushen e mesazhit";
        message_validation.style.display = "block";
        message_validation.parentNode.style.backgroundColor = "#FFDFDF";
    } else {
        message_validation.style.display = "none";
        message_validation.parentNode.style.backgroundColor = "transparent";
    }

    if (email.value === "") {
        valid = 0;
        email_validation.innerHTML = "Ju lutem shenoni email tuaj";
        email_validation.style.display = "block";
        email_validation.parentNode.style.backgroundColor = "#FFDFDF";
    } else {
        email_validation.style.display = "none";
        email_validation.parentNode.style.backgroundColor = "transparent";
    }

    if (!filter.test(email.value)) {
        valid = 0;
        email_validation.innerHTML = "Email juaj nuk eshte valid";
        email_validation.style.display = "block";
        email_validation.parentNode.style.backgroundColor = "#FFDFDF";
    } else {
        email_validation.style.display = "none";
        email_validation.parentNode.style.backgroundColor = "transparent";
    }
    if (!valid)
        alert("KENI ERROR : Fushat duhen te plotesohen ");

}

PHP FIle :

<?php
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'herdesigns';
$con = mysqli_connect($host, $user, $pass,$db) or die(mysqli_error());
/* mysqli_select_db($con , $db); */
?>

<?php

if (isset($_POST['submit']))
{
$name = mysqli_real_escape_string($con, $_POST['name']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$message = mysqli_real_escape_string($con, $_POST['message']);
$rate = mysqli_real_escape_string($con, $_POST['rate']);
$orders = mysqli_real_escape_string($con, $_POST['orders']);
$state = mysqli_real_escape_string($con, $_POST['state']);
/*$con = mysqli_connect($host, $user, $pass,$db) or die(mysqli_error());*/
/*mysqli_select_db($con , $db);*/
$sql = "INSERT INTO contacts (
orders,
name,
state,
email,
message,
rate
)
VALUES (
'$orders',
'$name',
'$state',
'$email',
'$message',
'$rate'
)";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "Mesazhi juaj eshte postuar me sukses";
header('Location:contact.php');

mysqli_query($con, $sql);

mysqli_close($con);
}
?>
Improve this question
6
  • What's the code for validateForm()? It may be preventing the form from posting. Also, use prepared statements for your SQL to prevent SQL injection. Commented Jun 27, 2014 at 22:12
  • 1
    Danger: You are using an obsolete database API and should use a modern replacement. You are also vulnerable to SQL injection attacks that a modern API would make it easier to defend yourself from. Commented Jun 27, 2014 at 22:21
  • $sql = "INSERT INTO contacts SET name = 'test' "; (run a test first, and see if you can insert anything manually into mysql) Commented Jun 29, 2014 at 14:21
  • From what those undefined index warnings are, it looks like your POST variables are not filling in. They are blank, and that is causing mysql to reject the query. Commented Jun 29, 2014 at 14:24
  • Make sure when you submit everything has a value (all your POST inputs. for instance, name is undefined) Commented Jun 29, 2014 at 14:31

2 Answers 2

Reset to default
0

EDIT: What field is NOW() going too?

I would remove that if there is no actual field to send that datetime. Or add a field for that. Try submitting Mysql without NOW() It would look like 

$sql = "INSERT INTO contacts (
            name,
            email,
            message,
            rate,
            orders,
            state
        )
        VALUES (
            '$name',
            '$email',
            '$message',
            '$rate',
            '$orders', 
            '$state'
        )";

First thing I notice is the PHP code is being shown in the browser. If you are being sent to file:// that is not good, you should be using 

http//localhost/

(if you are testing locally) or of course using the server url if live.

found here
Browser is showing PHP code instead of processing it

Second, you should sanitize your mysql data being entered. If anyone of those values submits content with a single/double quote, mysql query will fail.

Since you are using an old mysql function, here is the escape function that should work

 mysql_real_escape_string()

I would do this,

 $sql = "INSERT INTO contacts (
            name,
            email,
            message,
            rate,
            orders,
            state
        )
        VALUES (
            '".mysql_real_escape_string($name)."',
            '".mysql_real_escape_string($email)."',
            '".mysql_real_escape_string($message)."',
            '".mysql_real_escape_string($rate)."',
            '".mysql_real_escape_string($orders)."', 
            '".mysql_real_escape_string($state)."',
            NOW()
        )";

I am not sure if anyone of these are the cause, but they are red flags from what you have posted. You should always sanitize (escape) any inputs from crashing mysql queries.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Just tried it , when i click the submit button it just sends me to the postcontact.php on a blank page and yes i am doing this via "localhost/contact.php"
The blank page is fine, that means php is processing. Anything send to mysql? add this to the top of that php page inside the <?PHP error_reporting(E_ALL); now click the submit again, and what errors do you see.
I edited the post, let me know if that resolved the mysql issue. If not see my comment above about errors.
0

It could be an error code 500 on validform.php.

please install firefug on firefox, it will save you lots of time. type [F12] reload the page and the network tab will show you the code of error.

also, you need to get this page by the web server: http://localhost/dir/file instead c://shittyos_amp/dir/thing.php

Plus, You should use the PDO's API for conection and every request with DB as pdo->prepare will secure the request easily for you.

Don't worry it's easy! see PHP: Is mysql_real_escape_string sufficient for cleaning user input?

Don't say you don't need security: this input form could erase your database if an user type a sql command in it!

Anymore, If the file is client-side executed, it will never protect anythings as JS can be disabled by user.

note: I still consider myself as a noob (it's my first answer here!), never forget that web's moving everday, as security. back-end and and front-end are server-side it's an application point of view: front end= friendly-interface(code) back end=api(hard/or low level code)

PS: flash is ugly and obsolete, Adobe product's aren't free as freedom and their cloud sucks^^ (troll off)

Is it yours? http://www.her-design.com/

Improve this answer

1 Comment

Like i said this is a university project , our professor gave us some psd files to slice them up after the slicing we should add some php that's why i said there is no need for security measueres

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.