Help! PHP and HTML

joseavalos · December 27, 2018, 9:57pm

Hello, I need some help. My problem: I working on a form to submit a registration user. Everything works but I’m trying to pass the name of the user type and insert it into a table called users together with he user type ID. I’m able to get the ID into the table but I’m not sure how to get the user type as well. I’m learning php so be patient with me :).

FORM

  <p>User Type: <select name="type_id">
 <?php

foreach ($types as $type) 
{
    echo "<option value=\"" . $type['user_type_id']. "\">" . $type['type_name'] . "</option>\n";
	
	
}
?> 
    </select></p> 		
<p>First Name: <input type="normal" class="form-control" placeholder="Your first name" required autofocus name="first_name" maxlength="40" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /></p>
<p>Last Name: <input type="normal" class="form-control" placeholder="Your last name" required name="last_name" maxlength="40" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>" /></p>
<p>Email Address: <input type="normal" class="form-control" placeholder="Email address" required name="email" maxlength="80" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"  /> </p>
<p>Password: <input type="password" class="form-control" placeholder="Password" required name="pass1" maxlength="20" /></p>
<p>Confirm Password: <input type="password" class="form-control" placeholder="Password" required name="pass2" maxlength="20" /></p>
<p><button type="submit" name="submit" class="btn btn-sm btn-primary" />Register</button></p>
<input type="hidden" name="submitted" value="TRUE" />

PHP

$t = ($_POST[‘type_id’]);

    // Register the user in the database...

    // Make the query: newMsgCount
			$q = "INSERT INTO users (user_type_id, first_name, last_name, email, pass, registration_date) VALUES ('$t','$fn', '$ln', '$e', SHA1('$p'), NOW())";		
    $r = @mysqli_query ($dbc, $q); // Run the query.
    if ($r) { // If it ran OK.

            // Print a message:
            echo '<h1>Thank you!</h1>
    <p>You are now registered!</p><p><br /></p>';

thinsoldier · December 27, 2018, 10:25pm

Don’t use @ to silence warrnings.

Use prepared statements to put your form data safely into your sql string.

Instead of making new vars like $t = ($_POST[‘type_id’]); you could just use the $_POST array directly or if feels painful to type all those underscores and quotes and brackets you could do $p = (object) $_POST; and then use $p->first_name.

You didnt paste all the relevant code. Where are definitions of $fn $ln $e ... etc?

var_dump ($_POST[‘type_id’]); what does that show?

joseavalos · December 27, 2018, 11:34pm

Ok. I tried pasting the whole register.php file but didn’t go well. I created a link of the file…

register php file

The whole idea that is driving me crazy … it is to be able to have a list of users (first name and last name, user type, and registration date). So, I can pull it up and see the users. Right now I can get the list of register users (first name and last name, and registration date). This information is coming from a table called Users. This table also contains an user type ID which comes from a table called user_types. This table contains the user type id and user type (Administrator, Customer, and Agent).

The current register.php file has a html form which contains a dropdown list. This dropdown list only shows Customer as an option because I don’t want everyone getting to this page be able to register as an Administrator. If I am login as Administrator then I will see all options in the dropdown list. All of that works but I would like to have the option to pull up a page where I have a list of all register users and the type of users they are.

Hopefully, this can be a little bit more helpful in getting what I am trying to do. Thanks a lot!

phdr · December 28, 2018, 12:03am

To display the type_name for a user(s), you would use a JOIN query between the users table with the user_types table.

However, in the registration process, do NOT have a select/option menu for the user type. Anyone can submit any value for any form field and you will have a bunch of Administrators created by the current code.

The registration form processing code should insert the literal type_id value for a customer. The only way this value should be changeable is if an Administrator edits/updates it to one of the other choices.

Any Administrator only form and form processing code must both check if the current user is an Administrator before doing anything.

You should NOT store the user type id in a session variable. This will prevent you from changing the user type and have it take effect without having the user log out and back in again. What you should do is query on each page request to get the user type id and store it in a non-session variable.

joseavalos · December 28, 2018, 12:56am

Thank a lot for the suggestions phdr!

This is my view_users.php file that handles the display of the registered users. I guess I should do the join query in this file right?

View Users File

joseavalos · December 28, 2018, 4:31am

Guys -

I was able to get it to work using the join table option. I did this on the view_users.php page. Thanks phdr! I registered a bunch of users (Administrators and Customers) just to test it. I will do your suggestions now… better code… Thanks a lot guys.