Home/ Questions/Q 7668649
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T15:24:54+00:00

I’m sure i’ve badly written this. I have a simple form which you enters

  • 0

I’m sure i’ve badly written this. I have a simple form which you enters bits into, which sends the info onto a process page and inserts a row into a table on the database. My problem is that the insert part works fine. But my template class within the page or anything else is shown. Just a blank page. Its driving me nuts.

The function 

     Public function UpdateReason($reason, $bundlereference) {
      error_reporting(E_ALL ^ E_NOTICE);
      $db_selected = mysql_select_db(DB_DATABASE_NAME, $this->conn);

     if (!$db_selected) {
     die("Can't use db : " . mysql_error());
      }

     $_reason = mysql_real_escape_string($reason,$this->conn);
     $_bundlereference = mysql_real_escape_string($bundlereference,$this->conn);

     $sql = "UPDATE `ArchiveBundle`
        SET `Issue` = '" . $_reason . "'
        WHERE `BundleReference` = '" . $_bundlereference . "'";

    mysql_query($sql, $this->conn);

     die(mysql_error());
     exit;
  }

The form 

         <table>
                    <form method='post' action='addissue.php'>
                    <p>Reason: <input type='text' name='reason' /></p><br/>
                    <p><input type='hidden' name='bundlereference' id='Username'  
          value='" . $x['Reference'] . "' /></p>
                    <input type='submit' name ='add'/>
                </form>
            </table>

The process page 

    <?php

// First of all initialise the user and check for permissions
require_once "/var/www/users/user.php";
$user = new CHUser(2);


// Initialise the template
require_once "/var/www/template/template.php";
$template = new CHTemplate();

// And create a cid object
    require_once "/var/www/Testing/DisplayWIPOnLocation.php";
$BundleProgress= new CHWIPProgress();

    $reason = $_POST['reason'];
    $reference = $_POST['bundlereference'];



    $issue = $BundleProgress->UpdateReason($_POST['reason'],$_POST['bundlereference']);
    Print "Your information has been successfully added to the database."; 


  $template->SetTag("content", $content);
  echo $template->Display();


    ?>

I also want to know/learn what the best practices are for forms in php

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The reason you aren’t getting output is the following two lines. This is killing your script in place. Just remove these.

     die(mysql_error());
 exit;

    Overall, it’s not terrible. You’re using objects, and you’re sanitizing your user input before inserting into the db. I do have a couple suggestions.

    • Don’t use die() in a production script. Handle errors and exceptions properly.
    • Look into prepared statements (PDO) or stored procedures for mysql.
    • Instead of the print "Your information has been added..." line, can you create a field in your template and pass in that value through your template class?
    • You set $reason and $reference then pass in the value from $_POST, making those unused variables. Maybe this is just due to testing code though?
    • Depending on your needs, you may want to consider checking that the data the form has received is valid before running an update query. What if $reason or $bundlereference aren’t valid values?
    • 0