Morgan Clarke Morgan Clarke - 21 days ago 4
PHP Question

PHP code running without clicking the button

I am working on a website that uses PHP, I am wanting to update a database when the button is clicked. But for some reason whenever the page is loaded the code runs anyway, I don't want this as it could really mess up the entire code. How can I stop the script running automatically?

<?php
ob_start();
session_start();
include_once 'dbconnect.php';


// if session is not set this will redirect to login page
if( !isset($_SESSION['user']) ) {
header("Location: index.php");
exit;
}

$res=mysql_query("SELECT * FROM users WHERE userId=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);
//Here is where the script is
if ( isset($_POST['send']) ) {
if ( ! empty($_POST['sender'])){
$name = $_POST['sender'];
}
if ( ! empty($_POST['reciever'])){
$name = $_POST['reciever'];
}

$query = "UPDATE users SET userCoins = userCoins + 1 WHERE userName='Morgan'";
$res = mysql_query($query);
if ($res) {
$error = "Success!";
} else {
$error = "Something Went Wrong!";
}
}
?>
<!DOCTYPE html>
<html>
<?php header("Access-Control-Allow-Origin: http://www.py69.esy.es"); ?>
<head>
<title>ServiceCoin</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css" />
<link rel="stylesheet" href="scripts/home/index.css" />
</head>
<body>
<ul>
<li><a href="#" class="a">ServiceCoin.com(image)</a></li>
<li><a href="logout.php?logout" class="a">Sign Out</a></li>
<li><a href="#" class="a">Contact</a></li>
<li><a href="#" class="a">Get Service Coins</a></li>
<li><a href="#" class="a">News</a></li>
<li><a href="settings.php" class="a">Settings</a></li>
<li><a href="#" class="a">Referrals</a></li>
<li><a href="service.php" class="a">Services</a></li>
<li><a href="home.php" class="a">Home</a></li>
</ul>
<br /><br />
<center>
<h3>Welcome, <?php echo $userRow['userName']; ?>. You Currently Have <span id="services"><?php echo $userRow['userCoins']; ?></span> Service Coins</h3>
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicons glyphicons-lock"></span></span>
<input type="text" name="sender" class="form-control" placeholder="Enter Your Wallet Key" value="<?php echo $row['userCoins']; ?>" maxlength="15" />
<span class="text-danger"><?php echo $error; ?></span>
</div>
<div class="input-group">
<span class="input-group-addon"><span class="glyphicons glyphicons-lock"></span></span>
<input type="text" name="reciever" class="form-control" placeholder="Enter The Recievers Wallet Key" value="<?php echo $row['userCoins']; ?>" maxlength="15" />
<span class="text-danger"><?php echo $error; ?></span>
</div>

</div>
<div class="form-group">
<button type="submit" class="btn btn-block btn-primary" name="send">Sign Up</button>
</div>
</form>
</center>
</body>
</html>
<?php ob_end_flush(); ?>


UPDATE

My page is completely white now.

<?php
ob_start();
session_start();
include_once 'dbconnect.php';

if(!isset($_SESSION['user'])) {
header("Location: index.php");
exit;
}

$condition = empty($_POST['sender']) || empty($_POST['reciever']);
if ($condition) {
die; // if your post data is empty PHP will no longer be executed
}

$res= "SELECT * FROM users WHERE userId=".$_SESSION['user'];
$mysqli->query($con, $res); // you are doing nothing with it in your code, why?
$name = $_POST['sender'];
$name = $_POST['reciever'];

$query = "UPDATE users SET userCoins = userCoins + 1 WHERE userName='Morgan'";
$res = $mysqli->query($con, $query);
if ($res) {
$error = "Success!";
} else {
$error = "Something Went Wrong!";
}
?>
<!DOCTYPE html>
<html>
<?php header("Access-Control-Allow-Origin: http://www.py69.esy.es"); ?>
<head>
<title>ServiceCoin</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css" />
<link rel="stylesheet" href="scripts/home/index.css" />
</head>
<body>
<ul>
<li><a href="#" class="a">ServiceCoin.com(image)</a></li>
<li><a href="logout.php?logout" class="a">Sign Out</a></li>
<li><a href="#" class="a">Contact</a></li>
<li><a href="#" class="a">Get Service Coins</a></li>
<li><a href="#" class="a">News</a></li>
<li><a href="settings.php" class="a">Settings</a></li>
<li><a href="#" class="a">Referrals</a></li>
<li><a href="service.php" class="a">Services</a></li>
<li><a href="home.php" class="a">Home</a></li>
</ul>
<br /><br />
<center>
<h3>Welcome, <?php echo $userRow['userName']; ?>. You Currently Have <span id="services"><?php echo $userRow['userCoins']; ?></span> Service Coins</h3>
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicons glyphicons-lock"></span></span>
<input type="text" name="sender" class="form-control" placeholder="Enter Your Wallet Key" value="<?php echo $row['userCoins']; ?>" maxlength="15" />
<span class="text-danger"><?php echo $error; ?></span>
</div>
<div class="input-group">
<span class="input-group-addon"><span class="glyphicons glyphicons-lock"></span></span>
<input type="text" name="reciever" class="form-control" placeholder="Enter The Recievers Wallet Key" value="<?php echo $row['userCoins']; ?>" maxlength="15" />
<span class="text-danger"><?php echo $error; ?></span>
</div>

</div>
<div class="form-group">
<button type="submit" class="btn btn-block btn-primary" name="send">Sign Up</button>
</div>
</form>
</center>
</body>
</html>
<?php ob_end_flush(); ?>

Answer

You should use MySQLi. About why not mysql_* you can read here

Solution

Your code could look like follows:

$mysqli = new mysqli("localhost", "my_user", "my_password", "table_name"); // here you will need your connection data, you can store it in dbconnect.php.

// if session is not set this will redirect to login page    
if(!isset($_SESSION['user'])) {
    header("Location: index.php");
    exit;
}

$condition = empty($_POST['sender']) || empty($_POST['reciever']);
if (!$condition) {
    $res= "SELECT * FROM users WHERE userId=".$_SESSION['user'];
    $mysqli->query($res); // you are doing nothing with it in your code, why?
    $name = $_POST['sender'];       
    $reciever = $_POST['reciever'];

    $query = "UPDATE users SET userCoins = userCoins + 1  WHERE userName='Morgan'";
    $res = $mysqli->query($query);
    if ($res) {
        $error = "Success!";
    } else {
        $error = "Something Went Wrong!";
        echo "Error: ".$mysqli->error; // here you can check your errors
    }
}

Manual

More informations about MySQLi can be found in PHP Manual

Comments