filter_input GET

Asked

Viewed 365 times

-1

I need to recover the value of GET to perform an insertion in the bank through the post method, but when calling the function through Submit, "Call Stack".

Code

<?php
    session_start();
    if(empty($_SESSION['id'])){
        $_SESSION['msg'] = "Área restrita. Faça login" ;
        header("Location: index.php");
    }
    include_once("include/config.php");

    $btnOrca = filter_input(INPUT_GET, 'btnOrca', FILTER_SANITIZE_STRING);

    if($btnOrca){
        echo "Entrou na função";

            //Query Insert
            $query = "INSERT INTO orcamento (num_orcamento, produto, qtde,valor_unitario,valor_total) VALUES ('".$_GET['num_orc']."', '".$_GET['produto']."', '".$_GET['qtde']."', '".$_GET['valor_unit']."','".$_GET['total']."')";

            //Connection BD
            $result = mysqli_query($conn, $query);

            if($result){
                $_SESSION['msg'] = "Orçamento Gravado com Sucesso.";
            }else{
                $_SESSION['msg'] = "Problema ao Gera Orçamento";
            }
        }
?>
<!DOCTYPE html>
<html lang="pt-br">
<head>
    <title>Compra</title>
    <meta charset="utf-8">
    <link rel="stylesheet" href="css/stylo.css">
</head>
<body>
    <script src="js/menu.js"></script>
    <br><br><br>
    <?php
        if(isset($_SESSION['msg'])){
            echo "<p style='color: red;'>".$_SESSION['msg']."</p>";
            unset($_SESSION['msg']);
        }
    ?>
    <p class="title">Orçamentos</p>
    <form method="get" action="" class="container" style="width: 400px;">
    <label for="orcamento">Numero do Orçamento:</label>
        <input type="number" id="num_orc" name="num_orc" min="1" value="1" class="form-control"/>   
        <br>    
        <label for="produto">Produto</label>
        <select id="produto" name="produto" class="form-control">
            <?php
                $query = "SELECT id,descricao FROM produto";
                $resultado = mysqli_query($conn,$query);
                if($resultado){
                    while($linha = mysqli_fetch_assoc($resultado)){
                        echo "<option value='".$linha['id']."'>".$linha['descricao']."</option>";
                    }
                }
            ?>
        </select>
        <br>
        <label for="qtde">Quantidade: </label>
        <input type="number" id="qtde" name="qtde" min="1" value="1" class="form-control"/>
        <br>
        <label for="valor_unit">Valor unitário: </label>
        <input type="number" id="valor_unit" name="valor_unit" step="0.01" value="0.01" class="form-control" onblur="calcular()" />
        <br>
        <label for="total">Valor Total: </label>
        <input type="number" id="total" name="total" class="form-control" disabled/>
        <br>
        <input type="submit" class="btn btn-primary" name="btnOrca" value="Gravar" />
    </form>
<!-- Javascript calcuclar Campo -->
<script>
function calcular() {
  var n1 = parseInt(document.getElementById('valor_unit').value, 10);
  var n2 = parseInt(document.getElementById('qtde').value, 10);
  var mone = (n1 * n2);
  document.getElementById('total').value = mone;
}
</script>    
</body>
</html>

Error

inserir a descrição da imagem aqui

2 answers

0

It seems that is giving problem in Mysql Insert, all fields are string even? If they try to give a filter for each GET, maybe for sure. Now if any field is integer, you need to pass the data as number and not as text.

In Mysql when you put the values in quotes you insert as text. Example '1' is inserted as text (string) and 1 no quotes is inserted as number (integer).

Maybe these filters will help:

$num_orc = trim(filter_var($_GET['num_orc'], FILTER_SANITIZE_STRING));
$produto = trim(filter_var($_GET['produto'], FILTER_SANITIZE_STRING));
$qtde = trim(filter_var($_GET['qtde'], FILTER_SANITIZE_STRING));
$valor_unit = trim(filter_var($_GET['valor_unit'], FILTER_SANITIZE_STRING));
$total = trim(filter_var($_GET['total'], FILTER_SANITIZE_STRING));

$query = "INSERT INTO orcamento (num_orcamento, produto, qtde, valor_unitario, valor_total) VALUES ('{$num_orc}', '{$produto}', '{$qtde}', '{$valor_unit}','{$total}')";

If they are of the integer type, try to change FILTER_SANITIZE_STRING for FILTER_SANITIZE_NUMBER_INT

example:

$num_orc = filter_var($_GET['num_orc'], FILTER_SANITIZE_NUMBER_INT);

And in mysql Insert take the quotes like this:

... valor_total) VALUES ({$num_orc}, ...

I hope this helps to solve your problem. If you keep making a mistake, please update the question with a new print of the errors that appear.

0

Change here:

 $btnOrca = filter_input(INPUT_GET, 'btnOrca', FILTER_SANITIZE_STRING);

if($btnOrca){
    echo "Entrou na função";

To:

i$btnOrca = filter_input_array(INPUT_GET, FILTER_DEFAULT);

if($btnOrca['btnOrca']){
// aqui vai o contudo do if.
}

your query will look like this:

    $query = "INSERT INTO orcamento (num_orcamento, produto, qtde,valor_unitario,valor_total) VALUES ('".$btnOrca['num_orc']."', '".$btnOrca['produto']."', '".$btnOrca['qtde']."', '".$btnOrca['valor_unit']."','".$btnOrca['total']."')";

The shuttles coming from GET can be picked up like this: $btnOrca['field name'], so you can use them as needed.

I hope I’ve helped.

  • I made suggestions for the changes, error persists.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.