|
PHP - Form Tokens
I have noticed that many websites and php software generate a random token and put it in a hidden form field to be sent to the php page that gets the form. I was just wondering, if anyone knows how this makes a php script more secure? And is it worth it to put this in my application?
I have read up a few tutorials on this, but it doesn't specifically say why this is more secure than not having it. The only reason I could find is that it helps making sure you don't make duplicate form submissions, however, I have always gone around this through by redirecting the user to a page saying the form was submitted successfully. Cheers for your help. Similar TutorialsIm creating a token system where if a user uploads notes they get tokens and can download other peoples notes. My problem is I am not sure where to store the information for who has bought the note for future download. Should I store the information in the database under the table that looks after the notes, in its own table, or in a file that has arrays of the Note names and the users who are allowed to download it. I figured the best way would to have it in the db table that looks after the users but im not sure how I would get about making it so that every time the user bought another note I didnt have to add a new field. I am using JWT for an API authentication and like them. Previously, I would query both some GUID and the user's ID (which wasn't their PK but a unique key per GUID), but now I just include both the account and user's DB PK in the token. Also, including something regarding the user's permissions, however, I still haven't bought into this approach as I don't know how to deal with changing permissions and still having some JWT with different permissions floating around. I suppose I could save the JWT's timestamp in the DB, but that seems to eliminate the benefit of token expirations... Sorry, back to the question at hand. I now have a need to provide emails with a reduced subset of endpoints to either view some resource or update some status. I don't want to make the user first go to some website and then include the JWT in the header, but instead just a single click action. Problem is now I have their JWT which is effectively their password in some email which isn't ideal, and their is no way to ensure that the specific user was the individual that viewed the resource or performed some action. Then I thought maybe I would make some common low access JWT and use the exact same GET routes as I would do so normally and create some new GET routes to emulate main application POST/PUT/PATCH routes. Before going down that path, I would like to investigate other solutions. Often single use tokens are used to reset passwords and other actions which should only performed once and this is not my need but maybe close. I am thinking of creating a token that includes the actual resource path with URL parameters along with the HTTP method. Since everything is in the token, I wouldn't need a typical REST path to identify the resource but would have a single endpoint to retrieve them. I searched for related information and didn't find anything which makes me concerned I am going down a rabbit hole. Any thoughts on how to implement this? Thanks Hi Is it necessary to hash stored access and refresh tokens that are stored in a database. Both these tokens have limited lifespan (access token - 20 minutes but refresh token is 14 days). The reason I ask is I have hashed the tokens using the password_hash function but a user can have multiple active sessions if they want (so there is a sessions table with user id (not username), access token, token expiry date/time, refresh token and refresh token expiry date/time. So in order to refresh the access token I have to do a look up to see which session it relates to, what I have found is that I must retrieve all rows where the refresh token hasn't expired and then run password_verify against the tokens stored with the tokens provided to check each session to see if they match. What I have found is that it takes a while to run the password_verify function (by design I think) for each row (could be many if the users has been silly and logged in lots of time) which would cause an unacceptable delay when calling an API with an access token that needs refreshing (my tests resulted in times upwards of 30 seconds for a user who has around 10 active sessions). If both tokens were not hashed the same action to refresh a token for a user who has 10 active sessions takes less than a second which is much more acceptable. Edited December 15, 2018 by mds1256i want to make virtual money (credits, tokens) whatever you want to call it but make no mistake this is not for profit at this point but i like the concept of visitors having something to do with other members of site for example to kill bordom and create a reason to play games, compete in competetions, it will have to conversion to real money at this point but i wish to do this script using php and mysql and have very basic coding skills in these areas anyone please help me make this script... reply and let me know if you like this idea please help me as this is achievable as fb has it and more sites are moving toward these same ideas, even tho fb is real money it is more to do with fun at this point until we do this stage another stage canot proceed it. I'm getting the dreaded " Invalid parameter number: number of bound variables does not match number of tokens" error and I've looked at this for days. Here is what my table looks like:
| id | int(4) | NO | PRI | NULL | auto_increment | | user_id | int(4) | NO | | NULL | | | recipient | varchar(30) | NO | | NULL | | | subject | varchar(25) | YES | | NULL | | | cc_email | varchar(30) | YES | | NULL | | | reply | varchar(20) | YES | | NULL | | | location | varchar(50) | YES | | NULL | | | stationery | varchar(40) | YES | | NULL | | | ink_color | varchar(12) | YES | | NULL | | | fontchosen | varchar(30) | YES | | NULL | | | message | varchar(500) | NO | | NULL | | | attachment | varchar(40) | YES | | NULL | | | messageDate | datetime | YES | | NULL |Here are my params:
$params = array(
':user_id' => $userid,
':recipient' => $this->message_vars['recipient'],
':subject' => $this->message_vars['subject'],
':cc_email' => $this->message_vars['cc_email'],
':reply' => $this->message_vars['reply'],
':location' => $this->message_vars['location'],
':stationery' => $this->message_vars['stationery'],
':ink_color' => $this->message_vars['ink_color'],
':fontchosen' => $this->message_vars['fontchosen'],
':message' => $messageInput,
':attachment' => $this->message_vars['attachment'],
':messageDate' => $date );
Here is my sql:
$sql = "INSERT INTO messages (user_id,recipient, subject, cc_email, reply, location,stationery, ink_color, fontchosen, message,attachment) VALUES( $userid, :recipient, :subject, :cc_email, :reply, :location, :stationery, :ink_color, :fontchosen, $messageInput, :attachment, $date);";
And lastly, here is how I am calling it:
$dbh = parent::$dbh;
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
if (empty($dbh)) return false;
$stmt = $dbh->prepare($sql);
$stmt->execute($params) or die(print_r($stmt->errorInfo(), true));
if (!$stmt) { print_r($dbh->errorInfo()); }
I know my userid is valid and and the date is set above (I've echo'd these out to make sure). Since the id is auto_increment, I do not put that in my sql (though I've tried that too), nor in my params (tried that too). What am I missing? I feel certain it is something small, but I have spent days checking commas, semi-colons and spelling. Can anyone see what I'm doing wrong?
Hello, I have coded a contact form in PHP and I want to know, if according to you, it is secure! I am new in PHP, so I want some feedback from you. Moreover, I have also two problems based on the contact form. It is a bit complicated to explain, thus, I will break each of my problem one by one. FIRST:The first thing I want to know, is if my contact form secure according to you: The HTML with the PHP codes: Code: [Select] <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { //Assigning variables to elements $first = htmlentities($_POST['first']); $last = htmlentities($_POST['last']); $sub = htmlentities($_POST['subject']); $email = htmlentities($_POST['email']); $web = htmlentities($_POST['website']); $heard = htmlentities($_POST['heard']); $comment = htmlentities($_POST['message']); $cap = htmlentities($_POST['captcha']); //Declaring the email address with body content $to = 'alithebestofall2010@gmail.com'; $body ="First name: '$first' \n\n Last name: '$last' \n\n Subject: '$sub' \n\n Email: '$email' \n\n Website: '$web' \n\n Heard from us: '$heard' \n\n Comments: '$comment'"; //Validate the forms if (empty($first) || empty($last) || empty($sub) || empty($email) || empty($comment) || empty($cap)) { echo '<p class="error">Required fields must be filled!</p>'; header ('refresh= 3; url= index.php'); return false; } elseif (filter_var($first, FILTER_VALIDATE_INT) || filter_var($last, FILTER_VALIDATE_INT)) { echo '<p class="error">You cannot enter a number as either the first or last name!</p>'; return false; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo '<p class="error">Incorrect email address!</p>'; return false; } elseif (!($cap === '12')){ echo '<p class="error">Invalid captcha, try again!</p>'; return false; } else { mail ($to, $sub, $body); echo '<p class="success">Thank you for contacting us!</p>'; } } ?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <p>Your first name: <span class="required">*</span></p> <p><input type="text" name="first" size="40" placeholder="Ex: Paul"/></p> <p>Your last name: <span class="required">*</span></p> <p><input type="text" name="last" size="40" placeholder="Ex: Smith"/></p> <p>Subject: <span class="required">*</span></p> <p><input type="text" name="subject" size="40" placeholder="Ex: Contact"/></p> <p>Your email address: <span class="required">*</span></p> <p><input type="text" name="email" size="40" placeholder="Ex: example@xxx.com"/></p> <p>Website:</p> <p><input type="text" name="website" size="40" placeholder="Ex: http//:google.com"/></p> <p>Where you have heard us?: <span class="required">*</span></p> <p><select name="heard"> <option>Internet</option> <option>Newspapers</option> <option>Friends or relatives</option> <option>Others</option> </select></p> <p>Your message: <span class="required">*</span></p> <p><textarea cols="75" rows="20" name="message"></textarea></p> <p>Are you human? Sum this please: 5 + 7 = ?: <span class="required">*</span></p></p> <p><input type="text" name="captcha" size="10"/></p> <p><input type="submit" name="submit" value="Send" class="button"/> <input type="reset" value="Reset" class="button"/></p> </form> SECOND PROBLEM:If a user has made a mistake, he gets the error message so that he can correct! However, when a mistake in the form occurs, all the data the user has entered are disappeared! I want the data to keep appearing so that the user does not start over again to fill the form. THIRD: When the erro message is displayed to notify the user that he made a mistake when submitting the form, the message is displaying on the top of the page. I want it to appear below each respective field. How to do that? In JQuery it is simple, but in PHP, I am confusing! Stumped! I have a client who has a form where they upload files to their server: title, two password fields, and the file
They have been unable to upload anything over 10m
Small (under 10mb) files work.
Larger doesn’t
I’ve tracked it down, I think, that the processing page appears to be dropping the form values when the file takes a bit to upload.
I echo’ed the values that are grabbed from the form, and they return empty strings if it takes a while for the file to upload (a large file) - they pass fine if the file is smaller.
I think I've got the php info set correctly, but cannot for the life of me figure out how to adjust the timing out issue, or even where to troubleshoot.
Here's my phpinfo:
Max Requests
Per Child: 750 - Keep Alive: off - Max Per Connection: 100
Timeouts
Connection: 120 - Keep-Alive: 5
Directive
Local Value
Master Value
allow_call_time_pass_reference
Off
Off
allow_url_fopen
On
On
allow_url_include
Off
Off
always_populate_raw_post_data
Off
Off
arg_separator.input
&
&
arg_separator.output
&
&
asp_tags
Off
Off
auto_append_file
no value
no value
auto_globals_jit
On
On
auto_prepend_file
no value
no value
browscap
/etc/browscap.ini
/etc/browscap.ini
default_charset
no value
no value
default_mimetype
text/html
text/html
define_syslog_variables
Off
Off
disable_classes
no value
no value
disable_functions
leak,posix_getpwuid,posix_getpwnam,posix_getgrid,posix_getgrnam,posix_getgroups
leak,posix_getpwuid,posix_getpwnam,posix_getgrid,posix_getgrnam,posix_getgroups
display_errors
Off
Off
display_startup_errors
Off
Off
doc_root
no value
no value
docref_ext
no value
no value
docref_root
no value
no value
enable_dl
Off
Off
error_append_string
no value
no value
error_log
/mnt/Target01/337846/945285/www.dermerrealestate.com/logs/php_errors.log
no value
error_prepend_string
no value
no value
error_reporting
30711
30711
exit_on_timeout
Off
Off
expose_php
Off
Off
extension_dir
/usr/lib64/php/modules
/usr/lib64/php/modules
file_uploads
On
On
highlight.bg
#FFFFFF
#FFFFFF
highlight.comment
#FF8000
#FF8000
highlight.default
#0000BB
#0000BB
highlight.html
#000000
#000000
highlight.keyword
#007700
#007700
highlight.string
#DD0000
#DD0000
html_errors
On
On
ignore_repeated_errors
Off
Off
ignore_repeated_source
Off
Off
ignore_user_abort
Off
Off
implicit_flush
Off
Off
include_path
.:/usr/share/pear:/usr/share/php
.:/usr/share/pear:/usr/share/php
log_errors
On
On
log_errors_max_len
1024
1024
magic_quotes_gpc
On
On
magic_quotes_runtime
Off
Off
magic_quotes_sybase
Off
Off
mail.add_x_header
On
On
mail.force_extra_parameters
no value
no value
mail.log
no value
no value
max_execution_time
30
30
max_file_uploads
20
20
max_input_nesting_level
64
64
max_input_time
60
60
max_input_vars
1000
1000
memory_limit
128M
128M
open_basedir
no value
no value
output_buffering
no value
no value
output_handler
no value
no value
post_max_size
8M
8M
precision
14
14
realpath_cache_size
4M
4M
realpath_cache_ttl
120
120
register_argc_argv
On
On
register_globals
Off
Off
register_long_arrays
On
On
report_memleaks
On
On
report_zend_debug
On
On
request_order
no value
no value
safe_mode
Off
Off
safe_mode_exec_dir
no value
no value
safe_mode_gid
Off
Off
safe_mode_include_dir
no value
no value
sendmail_from
no value
no value
sendmail_path
/usr/sbin/sendmail -t -i
/usr/sbin/sendmail -t -i
serialize_precision
100
100
short_open_tag
On
On
SMTP
localhost
localhost
smtp_port
25
25
sql.safe_mode
Off
Off
track_errors
Off
Off
unserialize_callback_func
no value
no value
upload_max_filesize
8M
8M
upload_tmp_dir
/tmp
/tmp
user_dir
no value
no value
user_ini.cache_ttl
300
300
user_ini.filename
.user.ini
.user.ini
variables_order
EGPCS
EGPCS
xmlrpc_error_number
0
0
xmlrpc_errors
Off
Off
y2k_compliance
On
On
zend.enable_gc
On
On
Hello, first time poster.. I've looked the web over for a long time and can't figure this one out. - Below is basic code that successfully checks MySQL for a match and displays result. I was debugging and forced the "height" and "width" to be 24 and 36 to make sure that wasn't the problem. That's good.. - I'd like to give the user ability to select width and height from a form.. and have it do an onchange this.form.submit so the form can be changing as fields are altered (thus the onchange interaction) - In a normal coding environment I've done this numerous times with no "Page cannot be displayed" problems. It would simply change one select-option value at a time til they get down the form and click submit... but in WordPress I'm having trouble making even ONE single onchange work! - I've implemented the plugins they offer which allows you to "copy+paste" your php code directly into their wysiwyg editor. That works with basic tests like my first bullet point above. - I've copied and pasted the wordpress url (including the little ?page_id=123) into the form "action" url... that didn't work... tried forcing it into an <option value=""> tag.. didn't work. I'm just not sure. I've obviously put xx's in place of private info.. Why does this form give me Page Cannot Be Displayed in WordPress every time? It won't do anything no matter how simple.. using onchange.. Code.. $con = mysql_connect("xxxx.xxxxxxx.com","xxxxxx","xxxxx"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("xxxxxx", $con); $myprodwidth=24; $myprodheight=36; $result = mysql_query("SELECT * FROM product_sizes WHERE prodwidth='$myprodwidth' and prodheight='$myprodheight'"); while($row = mysql_fetch_array($result)) { echo $row['prodprice']; } mysql_close($con); <form method="post" action=""> <select name="myheight" onchange="this.form.submit();"> <option selected="selected" value="">select height</option> <option value="xxxxxxxxx.com/wordpress/?page_id=199&height=36">36</option> <option value="xxxxxxxxx.com/wordpress/?page_id=199&height=36">48</option> </select> I have read around and can't seem to find the right coding for what I need on this forum and some other other forums. I have a contact form (as listed below) and I need 2 locations (Print Name and Title) fields to auto-populate on a separate form (can be a doc, pdf, etc. any form of document which is easiest) and this form can be totally back end and the individual using the form never is going to see the form. It's going on a contract form, that we would like to auto-populate. Also is there a simple attachment code so individuals can attach documents to the code? <p style: align="center"><form action="mailtest.php" method="POST"> <?php $ipi = getenv("REMOTE_ADDR"); $httprefi = getenv ("HTTP_REFERER"); $httpagenti = getenv ("HTTP_USER_AGENT"); ?> <input type="hidden" name="ip" value="<?php echo $ipi ?>" /> <input type="hidden" name="httpref" value="<?php echo $httprefi ?>" /> <input type="hidden" name="httpagent" value="<?php echo $httpagenti ?>" /> <div align="center"> <p class="style1">Name</p> <input type="text" name="name"> <p class="style1">Address</p> <input type="text" name="address"> <p class="style1">Email</p> <input type="text" name="email"> <p class="style1">Phone</p> <input type="text" name="phone"> <p class="style1">Debtor</p> <input type="text" name="debtor"> <p class="style1">Debtor Address</p> <input type="text" name="debtora"> <br /> <br /> <a href="authoforms.php" target="_blank" style="color:#ffcb00" vlink="#ffcb00">Click here to view Assignment Agreement and Contract Agreement</a> <p class="style1"><input type='checkbox' name='chk' value='I Have read and Agree to the terms.'> I have read and agree to the Assignment and Contract Agreement <br></p> <p class="style1">Print Name</p> <input type="text" name="pname"> <p class="style1">Title</p> <input type="text" name="title"> <p class="style1">I hear by agree that the information I have provided is true, accurate and the information I am submitting is <br /> not fraudulent. Please click the agree button that you adhere to Commercial Recovery Authority Inc.'s terms:</p> <select name="agree" size="1"> <option value="Agree">Agree</option> <option value="Disagree">Disagree</option> </select> <br /> <br /> <p class="style1">Employee ID:</p> <input type="text" name="employee"> <br /> <input type="submit" value="Send"><input type="reset" value="Clear"> </div> </form> </p> The mailtest php is this ?php $ip = $_POST['ip']; $httpref = $_POST['httpref']; $httpagent = $_POST['httpagent']; $name = $_POST['name']; $address = $_POST['address']; $email = $_POST['email']; $phone = $_POST['phone']; $debtor = $_POST['debtor']; $debtora = $_POST['debtora']; $value = $_POST['chk']; $pname = $_POST['pname']; $title = $_POST['title']; $agree = $_POST['agree']; $employee = $_POST['employee']; $formcontent=" From: $name \n Address: $address \n Email: $email \n Phone: $phone \n Debtor: $debtor \n Debtor's Address: $debtora \n 'Client' has read Assignment and Contract Agreement: $value \n Print Name: $pname \n Title: $title \n I hear by agree that the information I have provided is true, accurate and the information I am submitting is not fraudulent. Please click the agree button that you adhere to Commercial Recovery Authority Inc.'s terms: $agree \n \n Employee ID: $employee \n IP: $ip"; $recipient = "mail@crapower.com"; $subject = "Online Authorization Form 33.3%"; $mailheader = "From: $email \r\n"; mail($recipient, $subject, $formcontent, $mailheader) or die("Error!"); echo "Thank You!" . " -" . "<a href='index.php' style='text-decoration:none;color:#ffcb00;'> Return Home</a>"; $ip = $_POST['visitoraddress'] ?> There are two pieces to this- The HTML Form and the resulting php. I can't seem to make the leap, from the code to having the form produce the php page so others can view it until the form is again submitted overwriting the php, thus generating new content. The environment I am working in is limited to IIs 5.1 and php 5.2.17 without mySQL or other DB I'm new to php, this isn't homework,or commercialization, it's for children. I am thinking perhaps fwrite / fread but can't get my head around it. Code snipets below. Any help, please use portions of this code in hopes I can understand it Thanks Code snipet from Output.php Code: [Select] <?php $t1image = $_POST["t1image"]; $t1title = $_POST["t1title"]; $t1info = $_POST["t1info"]; $t2image = $_POST["t2image"]; $t2title = $_POST["t2title"]; $t2info = $_POST["t2info"]; ?> ... <tbody> <tr><!--Headers--> <td style="vertical-align: top; text-align: center; background-color: rgb(204, 255, 255);">Animal</td> <td style="vertical-align: top; text-align: center; background-color: rgb(204, 255, 255);">Image thumb<br> </td> <td style="vertical-align: top; text-align: center; background-color: rgb(204, 255, 255);">Date<br> </td> <td style="vertical-align: top; text-align: center; background-color: rgb(204, 255, 255);">Information<br> </td> </tr> <tr> <td style="vertical-align: top; text-align: center;">Monkey </td> <td style="vertical-align: top; text-align: center;"><img src="<?php echo $t1image.'.gif'; ?>"><!--single image presented selected from radio buttons--> </td> <td style="vertical-align: top; text-align: center;"><?php echo date("m/d/Yh:i A"); ?><!--time stamp generated when submitted form populates all fields at once--> </td> <td style="vertical-align: top; text-align: center;"><a href="#monkey" rel="facebox"><?php echo $t1title ?></a><!--Link name provided by "Title 1", that links to hidden Div generated page with content from "Info1" field--> <div id="Monkey" style="display:none"> <?php echo $t1info; ?> </div> </td> </tr> <tr> <td style="vertical-align: top; text-align: center;">Cat<br> </td> <td style="vertical-align: top; text-align: center;"><img src="<?php echo $t2image.'.gif'?>"></td> <td style="vertical-align: top; text-align: center;"><?php echo date("m/d/Yh:i A"); ?></td> <td style="vertical-align: top; text-align: center;"><a href="#Cat" rel="facebox"><?php echo $t2title ?></a> <div id="Cat" style="display:none"> <?php echo $t2info; ?> </div> </td> </tr> <tr> This replicates several times down the page around 15-20 times ( t1### - t20###) Code Snipet from HTML Form Code: [Select] <form action="animals.php" method="post"> <div style="text-align: left;"><big style="font-family: Garamond; font-weight: bold; color: rgb(51, 51, 255);"><big><big><span>Monkey</span></big></big></big><br> <table style="text-align: left; width: 110px;" border="0" cellpadding="2" cellspacing="0"> <tbody><tr> <td style="vertical-align: top;">Image thumb<br> <input type="radio" name="t1image" value="No opinion" checked><img src="eh.gif" alt="Eh"> <input type="radio" name="t1image" value="Ok"><img src="ok.gif" alt="ok"> <input type="radio" name="t1image" value="Like"><img src="like.gif" alt="Like"> <input type="radio" name="t1image" value="Dont"><img src="dont.gif" alt="Don't Like"> <input type="radio" name="t1image" value="Hate"><img src="hate.gif" alt="Hate"> <input type="radio" name="t1image" value="Other"><img src="other.gif" alt="Other"> <br> Why Title:<input type="text" name="t1title" size="45" value="..."/></td> <td style="vertical-align: top;"> Explain:<br> <textarea name="t1info" cols=45 rows=3 value="..."></textarea> </td></tr></table> <br> <!--Next--> How do I get the Form data to save to the php page for others to view? Hi- the code below lets me upload a CSV file to my database if I have 1 field in my database and 1 column in my CSV. I need to add to my db "player_id" from the CVS file and "event_name" and "event_type" from the form... any ideas??? here's the code: Code: [Select] <?php $hoststring =""; $database = ""; $username = ""; $password = ""; $makeconnection = mysql_pconnect($hoststring, $username, $password); ?> <?php ob_start(); mysql_select_db($database, $makeconnection); $sql_get_players=" SELECT * FROM tabel ORDER BY player_id ASC"; // $get_players = mysql_query($sql_get_players, $makeconnection) or die(mysql_error()); $row_get_players = mysql_fetch_assoc($get_players); // $message = null; $allowed_extensions = array('csv'); $upload_path = '.'; //same directory if (!empty($_FILES['file'])) { if ($_FILES['file']['error'] == 0) { // check extension $file = explode(".", $_FILES['file']['name']); $extension = array_pop($file); if (in_array($extension, $allowed_extensions)) { if (move_uploaded_file($_FILES['file']['tmp_name'], $upload_path.'/'.$_FILES['file']['name'])) { if (($handle = fopen($upload_path.'/'.$_FILES['file']['name'], "r")) !== false) { $keys = array(); $out = array(); $insert = array(); $line = 1; while (($row = fgetcsv($handle, 0, ',', '"')) !== FALSE) { foreach($row as $key => $value) { if ($line === 1) { $keys[$key] = $value; } else { $out[$line][$key] = $value; } } $line++; } fclose($handle); if (!empty($keys) && !empty($out)) { $db = new PDO( 'mysql:host=host;dbname=db', 'user', 'pw'); $db->exec("SET CHARACTER SET utf8"); foreach($out as $key => $value) { $sql = "INSERT INTO `table` (`"; $sql .= implode("`player_id`", $keys); $sql .= "`) VALUES ("; $sql .= implode(", ", array_fill(0, count($keys), "?")); $sql .= ")"; $statement = $db->prepare($sql); $statement->execute($value); } $message = '<span>File has been uploaded successfully</span>'; } } } } else { $message = '<span>Only .csv file format is allowed</span>'; } } else { $message = '<span>There was a problem with your file</span>'; } } ob_flush();?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>CSV File Upload</title> </head> <body> <form class="form" action="" method="post" enctype="multipart/form-data"> <h3>Select Your File</h3> <p><?php echo $message; ?></p> <input type="file" name="file" id="file" size="30" /> <br/> <label>Event Name:</label><input name="event_name" type="text" value="" /> <br/> <label>Event Type:</label><input name="event_type" type="text" value="" /> <br/> <input type="submit" id="btn" class="button" value="Submit" /> </form> <br/> <h3>Results:</h3> <?php do { ?> <p><?php echo $row_get_players['player_id'];?></p> <?php } while ($row_get_players = mysql_fetch_assoc($get_players)); ?> </body> </html> Hi all, What I am trying to achieve is, I thought quite simple! Basically, a user signs up and chooses a package, form is submitted, details added to the database, email sent to customer, then I want to direct them to a paypal payment screen, this is where I am having issues! Is their any way in php to submit a form without user interaction? Here is my code for the form process page Code: [Select] <?php include('config.php'); require('scripts/class.phpmailer.php'); $package = $_POST['select1']; $name = $_POST['name']; $email = $_POST['email']; $password = md5($_POST['password']); $domain = $_POST['domain']; $a_username = $_POST['a_username']; $a_password = $_POST['a_password']; $query=mysql_query("INSERT INTO orders (package, name, email, password, domain, a_username, a_password) VALUES ('$package', '$name', '$email', '$password', '$domain', '$a_username', '$a_password')"); if (!$query) { echo "fail<br>"; echo mysql_error(); } else { $id = mysql_insert_id(); $query1=mysql_query("INSERT INTO customers (id, name, email, password) values ('$id', '$name', '$email', '$password')"); if (!$query1) { echo "fail<br>"; echo mysql_error(); } if($package=="Reseller Hosting") { //email stuff here - all works - just cutting it to keep the code short if(!$mail->Send()) { echo "Message could not be sent. <p>"; echo "Mailer Error: " . $mail->ErrorInfo; exit; } ?> <form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick-subscriptions"> <input type="hidden" name="business" value="subscription@jollyhosting.com"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="item_name" value="Jolly Hosting Reseller Packages"> <input type="hidden" name="no_shipping" value="1"> <!--1st month --> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="a3" value="3.00"> <input type="hidden" name="p3" value="1"> <input type="hidden" name="t3" value="M"> <input type="hidden" name="src" value="1"> <input type="hidden" name="sra" value="1"> </form>'; <?php } //last } //end ?> Hi i am trying to change the query to sort by desc or asc I am using the switch method but the form is not calling the switch statment can someone help me out please? this is the swicth script Code: [Select] switch ($sortby) { case "ASC": $args = array( 's' => $_GET['s'], 'post_type' => 'deals', 'orderby' => 'title', 'order' => 'ASC', 'paged' => get_query_var('paged') ); break; case "DESC": $args = array( 's' => $_GET['s'], 'post_type' => 'deals', 'orderby' => 'title', 'order' => 'DESC', 'paged' => get_query_var('paged') ); break; }This is the form Code: [Select] <form name="myForm"> <select id="sortby" > <option value="ASC">ASC</option> <option value="DESC">DESC</option> </select> </form> I intend to use a onchange so that when depending on the option they select it will change the order? I'm not sure why, but once I added a search form in my nav menu, it made my other forms on the website such as login and signup form take them to where the search button would take them. any ideas??? This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=347360.0 Which one is better for standards practices in PHP. 1. Using the same form for everything. (Add and edit). Meaning setting up one form to handle adding new records, as well as editing existing records. Or 2. Using two different forms for both actions. Use one form/area to handle Adding, and one form/area to handle editing. Which one of these are better from a standards/practice point of a view. Which one better fits into the MVC platform (a framework like Codeignitor, or Cake). Should their be separate controller functions/views for add and edit or should they all be in the same controller function/form. Thanks for the feedback. Is jquery/Ajax better than real/raw PHP for form validation ?! What if JavaScript is turned off on the browser?! why after someone refreshing a page on the browser, the variables used to echo error after invalid data is being submitted will return the undefined variables error?! And how to handle form validation including an empty form field, maximum amount of value entered and so on Hi, how can i create a form within a form with the click of a button? so that when i click add new item, it brings form fields under the current one. hope my explanation helps thanks Code: [Select] <form id="form1" name="form1" method="post" action=""> <table width="100%" border="0" cellspacing="2" cellpadding="0"> <tr> <td width="22%">Invoice Number </td> <td width="78%"> </td> </tr> <tr> <td>Date Issued </td> <td> </td> </tr> <tr> <td colspan="2"> </td> </tr> <tr> <td colspan="2"><table width="100%" border="0" cellspacing="2" cellpadding="0"> <tr> <td width="10%">Quantity</td> <td width="70%">Description</td> <td width="9%">Taxable</td> <td width="11%">Amnount</td> </tr> <tr> <td valign="top"><input name="textfield" type="text" size="7" /></td> <td valign="top"><textarea name="textfield2" cols="80"></textarea></td> <td valign="top"><input type="checkbox" name="checkbox" value="checkbox" /></td> <td valign="top"><input name="textfield3" type="text" size="12" /></td> </tr> <tr> <td colspan="4"><input type="submit" name="Submit" value="Add New Item" /></td> </tr> </table></td> </tr> <tr> <td colspan="2"> </td> </tr> <tr> <td colspan="2"> </td> </tr> <tr> <td colspan="2"> </td> </tr> </table> </form> As the topis says, I need help with an email form. You must have valid email address to go further, so lets say you write asdada as email, you won't be able to register the account, you must have asdada@hotmai.com or something like that. If anyone knows it would be awesome! This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=326600.0 |
|||||||