0

Id like to make a simple login form for a website 

    <form action="ContactFormHandler.php" method="post">
        <table>
            <tr>
                <td>
                    Username:
                </td>
                <td>
                    <input type="text" id="username" name="username" />
                </td>
            </tr>
            <tr>
                <td>
                    Password:
                </td>
                <td>
                    <input type="text" id="password" name="password" />
                </td>
            </tr>
            <tr>
                <td>
                    Your Email:
                </td>
                <td>
                    <input type="text" id="Email" name="Email" />
                </td>
            </tr>
            <tr>
                <td colspan="2" style="text-align: center;">
                    <input type="submit" id="submit" value="Submit" />
                    <input type="reset" id="reset" value="Reset" />
                </td>
            </tr>
        </table>
    </form>
</body>

You see where it says contact form handler? I would like the form, and the file handling the form to be the same file. 2 in 1.

how do I include this contact handler in the same file of the contact form?

<?php
$contactName = $_POST["ContactName"];
$contactEmail = $_POST["ContactEmail"];
$contactPassword = $_POST["ContactLeastFavoriteColor"];
$sql_connection = mysql_connect("localhost", "root", "root");
mysql_select_db("MyRadContactForm", $sql_connection);
$sql = "INSERT INTO MyRadContacts (
            ContactName,
            ContactEmail,
            ContactPassword,
            ContactDateCreated
        )
        VALUES (
            '$contactName',
            '$contactEmail',
            '$contactPassword',
            NOW()
        )";

mysql_query($sql, $sql_connection);
mysql_close($sql_connection);
?>
Improve this question
1
  • 1
    You are open to SQLInjection Commented Nov 24, 2012 at 10:39

4 Answers 4

Reset to default
1

you need to use .php extension to your file to include all your code in 1 file cause:

login.php can contain both html and php

login.html can contain html but not php code

so you can do all in once by creating a login.php file :

<?php
$contactName = $_POST["ContactName"];
$contactEmail = $_POST["ContactEmail"];
$contactPassword = $_POST["ContactLeastFavoriteColor"];
$sql_connection = mysql_connect("localhost", "root", "root");
mysql_select_db("MyRadContactForm", $sql_connection);
$sql = "INSERT INTO MyRadContacts (
            ContactName,
            ContactEmail,
            ContactPassword,
            ContactDateCreated
        )
        VALUES (
            '$contactName',
            '$contactEmail',
            '$contactPassword',
            NOW()
        )";

mysql_query($sql, $sql_connection);
mysql_close($sql_connection);
?>


<!--your html code here -->

also please check your code to be safe on SQLinjection, google for that if you want to have some tips to follow, and sorry for my bad english

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

All of you guys really helped me. I want to 1 up everyone. Someone down-voted me so I lost the 15 points. I can't vote up.
1

Name your submit button so you can check if it was present in the request or not. If not, show the form, if it is in request, then you were invoked from the form - store your data in DB.

More/less your code should look like this:

<?php

if( isset( $_POST['submit'] ) ) {

   $contactName = $_POST["ContactName"];
   $contactEmail = $_POST["ContactEmail"];
   $contactPassword = $_POST["ContactLeastFavoriteColor"];
   $sql_connection = mysql_connect("localhost", "root", "root");
   mysql_select_db("MyRadContactForm", $sql_connection);
   $sql = "INSERT INTO MyRadContacts (
               ContactName,
               ContactEmail,
               ContactPassword,
               ContactDateCreated
           )
           VALUES (
               '$contactName',
               '$contactEmail',
               '$contactPassword',
               NOW()
           )";

   mysql_query($sql, $sql_connection);
   mysql_close($sql_connection);

} else {

?>

   <form action="ContactFormHandler.php" method="post">
     <table>
         <tr>
             <td>Username:</td>
             <td><input type="text" id="username" name="username" /></td>
         </tr>
         <tr>
             <td>Password:</td>
             <td><input type="text" id="password" name="password" /></td>
         </tr>
         <tr>
             <td>Your Email:</td>
             <td><input type="text" id="Email" name="Email" /></td>
         </tr>
         <tr>
             <td colspan="2" style="text-align: center;">
                 <input name="submit" type="submit" id="submit" value="Submit" />
                 <input type="reset" id="reset" value="Reset" />
             </td>
         </tr>
     </table>
   </form>

<?php

} // end of else

?>

You are still open to SQL Injection and your code does not seem to handle any errors (neither lack of data from form like empty fields nor code failures) but that's outside the scope of your question.

Improve this answer

Comments

0

Make the form submit to its own page

Change the form's action to action="<?php echo $_SERVER['PHP_SELF'] ?>" to make the form submit to the same page

Process the form within the page

Put a check around your PHP code to see whether or not the form was submitted:

if (isset($_POST['submit'])) {
    [your processing code here]
} else {
    [display form]
}

(be sure to add name="submit" to your submit button)

Improve this answer

4 Comments

but he is asking about how to use 1 file instead of 2 files, he is not asking anything else
@ispu it is irrelevant. teaching wrong techniques have to be avoided.
@WebnetMobile.com that is sure but no one is answering his question first of all :)
-1 This code is vulnerable to xss and the OP's code is vulnerable to SQLi.
0

Use this approach

Check for form submit

<?php
if($_POST['login_submit'] ==1){
    //process your logic here
}
?>

Modify your form

<form action="" method="post">
<input type="hidden" name="login_submit" value="1">
....
.....
</form>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.