I need help, how to Redirect to a "thank you" page after submitting a form?

N0_One · March 29, 2017, 9:58am

I have a register page where if someone clicks submit,the data is send to my database (everything works)… But after submission I want to redirect to another page that says thank you.

<?php
 error_reporting(0); 


$con = mysqli_connect("localhost","root",'',"bwl_db");

if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$dbhost = 'localhost';
$user = 'root';
$password = 'root123';
$database = 'bwl_db';


$Name =  $_POST['Name'];
$Surname =  $_POST['Surname'];
$Email =  $_POST['Email'];
$Telephone = $_POST['Telephone']; 
$ID_Number = $_POST['ID_Number']; 


$sql="INSERT INTO reg_db (Name,Surname,Email,Telephone,ID_Number) 
VALUES ('$Name','$Surname','$Email','$Telephone','$ID_Number')";



if (!mysqli_query($con,$sql)) {
  die('Error: ' . mysqli_error($con));
}

if(empty($_POST['Name']))
{
    $errors['Name'] = "Please enter your name";
}
if(empty($_POST['Surname']))
{
    $errors['Surname'] = "Please enter your surname";
}
if(empty($_POST['Email']))
{
    $errors['Email'] = "Please enter your email";
}
if(empty($_POST['Telephone']))
{
    $errors['Telephone'] = "Please enter your telephone number";
}
if(empty($_POST['ID_Number']))
{
    $errors['ID_Number'] = "Please enter your ID number";
}
//  To redirect form on a particular page
header("Location: verify.html");


mysqli_close($con);

error_reporting(0);
ini_set('display_errors', 0)

?>


<!DOCTYPE html>
<html lang="en">

<head>
    <title>BWL | Registration </title>
    <meta charset="utf-8">
    <meta name="description" content="Simple, clean, responsive website built with html5, CSS3, Js, jQuery and Bootstrap">
    <meta name="keywords" content="web, design, html, css, html5, css3, javascript, jquery, bootstrap, development">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <!-- Google Fonts -->
    <link href='https://fonts.googleapis.com/css?family=Raleway:500italic,600italic,600,700,700italic,300italic,300,400,400italic,800,900' rel='stylesheet' type='text/css'>
    <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,300,300italic,400italic,600italic,700,900' rel='stylesheet' type='text/css'>
    <!-- favicon -->
    <link rel="icon" type="image/png" href="images/favicon.png">
    <!-- CSS -->
    <link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
    <link rel="stylesheet" type="text/css" href="css/style.css">
    <!-- Fontawesome  -->
    <link rel="stylesheet" href="css/font-awesome.min.css">
    <!-- responsive css -->
    <link rel="stylesheet" type="text/css" href="css/responsive.css"> </head>

<body>

    <div class="registaration-logo">
        <div class="row">
            <div class="col-xs-12 col-sm-12 col-md-12 col-lg-12">
                <img src="images/translogo.png" alt=" ">
            </div>
        </div>
    </div>

    <form class="form-registration" action="" method="post">
        <h2> Registration </h2>
        <div class="form-group-row">
            <label for="Name" class="col-2 col-form-label">Name</label>
            <div class="col-10">
                <input class="form-control" required name="Name" type="text" id="Name" placeholder="Enter Name"> </div>
        </div>
        <div class="form-group-row">
            <label for="Surname" class="col-2 col-form-label">Surname</label>
            <div class="col-10">
                <input class="form-control" required name="Surname"  type="text" id="Surname" placeholder="Enter Surname"> </div>
        </div>
        <div class="form-group-row">
            <label for="Email" class="col-2 col-form-label">Email</label>
            <div class="col-10">
                <input class="form-control" required name="Email"  type="email" id="Email" placeholder="Enter email"> </div>
        </div>
        <div class="form-group-row">
            <label for="Confirm Email" class="col-2 col-form-label"> Confirm Email</label>
            <div class="col-10">
                <input class="form-control" required  type="email" id="Confirm Email" placeholder="Confirm email"> </div>
        </div>
        <div class="form-group-row">
            <label for="Telephone" class="col-2 col-form-label">Telephone Number</label>
            <div class="col-10">
                <input class="form-control" required name="Telephone"  type="tel" id="telephone" placeholder="Enter Telephone Number"> </div>
        </div>
        <div class="form-group-row">
            <label for="ID_Number" class="col-2 col-form-label">ID Number</label>
            <div class="col-10">
                <input class="form-control" required name="ID_Number"  type="text" id="id-number" placeholder="Enter ID Number"> </div>
        </div>
        <div class="form-group-row">
            <div class="col-sm-10">
                <input class="btn btn-default1" role="button" type="submit" name="submit" value="Submit">
            </div>
        </div>

        <div class="panel panel-default">
            <div class="panel-body">
                <h3> Disclaimer</h3>
                <p>"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum."</p>
            </div>
        </div>
    </form>

</body>

</html>

Pepster64 · March 29, 2017, 10:06am

I doubt that you have your code working, for you have error reporting turned off.

/* Turn on error reporting */
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
if (filter_input(INPUT_SERVER, 'SERVER_NAME', FILTER_SANITIZE_URL) == "localhost") {
    error_reporting(-1); // -1 = on || 0 = off
} else {
    error_reporting(0); // -1 = on || 0 = off
}

and you code is vulnerable.

Gandalf · March 29, 2017, 10:15am

You don’t even check that a form has been submitted. Usually, that will be

if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
.
.
} else {
.
.
}

droopsnoot · March 29, 2017, 10:25am

The layout is weird. When the code first opens, you write the posted data into a database table (and as @Gandalf said, without checking whether the form has been submitted or not, so you either have blank rows, or ignore errors for missing data), and then after you’ve stored the data, you do some basic validation to see whether any form fields have been left blank, build up an errors array, and then do a header redirect to another page which will lose the errors array.

Once those errors have been fixed, it’s just a case of surrounding your header redirects with an if/then clause - if there’s nothing in the error message array, it all must have worked so you can redirect to your ‘thankyou’ page, otherwise show the errors and re-draw the form.

SamA74 · March 29, 2017, 10:25am

Yes, there is a lot wrong with that script. Like you insert into the database before validating the input , among the other things mentioned.

N0_One · March 29, 2017, 11:07am

Thank you for the help, I am a newbie and don’t know php

spaceshiptrooper · March 29, 2017, 11:28am

Probably found all this from a tutorial or maybe copy-pasta time from random sources from the Internet.

The first thing you should be using is prepare statements. You leave yourself completely vulnerable to SQL Injections. Regardless of which database API you use, if you are ignoring basic standards, you will eventually fall victim to exploits.

The best thing one can do is get a well up-to-date book or start from the beginning and learn basic PHP. Jumping right into database calls when you are a PHP beginner makes it really hard for you to learn simple functions. I learned that the hard way when I found out how hard it was to comprehend how foreach loops work until I kept testing on them until I finally understood.

ahundiak · March 29, 2017, 2:08pm

Even a “simple” registration system has a lot going on and it can be very difficult trying to get started. Here is a simplified version that might help point you in the right direction:

<?php
// register.php
error_reporting(E_ALL);

$data = [ 'name' => null, 'email' => null];
$errors = [];

// Deal with posted form
if ($_SERVER['REQUEST_METHOD'] === 'POST') {

    // Extract values
    $data['name' ] = filter_input(INPUT_POST,'name', FILTER_SANITIZE_STRING);
    $data['email'] = filter_input(INPUT_POST,'email',FILTER_SANITIZE_EMAIL);

    // Verify
    if (strlen($data['name']) < 1) {
        $errors[] = 'Name cannot be blank';
    }
    if (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) {
        $errors[] = 'Invalid Email';
    }
    // Insert if no errors
    if (!count($errors)) {

        $con = mysqli_connect("localhost","root",'',"register");
        if (mysqli_connect_errno()) {
            echo "Failed to connect to MySQL: " . mysqli_connect_error();
        }
        $stmt = mysqli_prepare($con,'INSERT INTO users VALUES(?,?)');
        mysqli_stmt_bind_param($stmt,'ss',$data['name'],$data['email']);
        $stmt->execute();

        // Redirect
        header("Location: verify.html");
    }
}
?>
<html>
<head><title>Register</title></head>
<body>
<?php foreach($errors as $error) {
    echo $error;
} ?>
<form action="register.php" method="POST">
    Name <input type="text" name="name" />
    Email <input type="email" name="email" />
    <input type="submit" value="Submit" />
</form>
</body>
</html>

If you plan on doing more php programming then I would strongly suggest switching to PDO for your database stuff.

system · June 28, 2017, 9:16pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.