|
PHP - How Do I Stop This Simple Form From Submitting If A Field Is Blank?
How do I stop the below form from submitting if any field or atleast if field Weight is blank?
also an error echo would be great. I have been trying to figure this out but cant do it. Code: [Select] <table width="500" border="0" align="center" cellpadding="10" cellspacing="0"> <tr> <td> <form action="insert.php" method="post"> <input name="Date" type="hidden" value="<?php PRINT "$today"; ?>" /> First Name: <input type="text" name="Firstname" /><br><br> Last Name: <input type="text" name="Lastname" /><br><br> Weight: <input type="text" name="Weight" /><br><br> <input type="submit" value="Submit Profile" /> </form> </td> </tr> </table> Similar Tutorialspeople on my forum (speakwhatsreal.com) submitting blank spaces Code: [Select] like they just copy/paste the blank space in the textarea and how do I check input on that, does strlen work? Hi Guys, Im trying to create a registration form so users can sign up to my website, however i have noticed that when the page is refreshed the form automatically submits. Please could somebody help me stop this? Thanks <body> <form name="registration_form" method="post" onsubmit="return Validate();"> First Name: <input type="text" name="first_name"><br /> Last Name: <input type="text" name="last_name"><br /> Email: <input type="text" name="email"><br /> Confirm Email: <input type="text" name="confirm_email"><br /> Username: <input type="text" name="username"><br /> Password: <input type="password" name="password"><br /> Confirm Password: <input type="password" name="confirm_password"><br /> <input type="submit" value="Register"> </form> <?php $connect=mysql_connect("localhost","leemp5_admin","p7031521"); mysql_select_db("leemp5_database",$connect) or die (mysql_errno().":<b> ".mysql_error()."</b>"); $insert_query = 'insert into users (username,first_name,last_name,email,password) values ( "' . $_POST['username'] . '", "' . $_POST['first_name'] . '", "' . $_POST['last_name'] . '", "' . $_POST['email'] . '", "' . $_POST['password'] . '" )'; mysql_query($insert_query); ?> </body> I have a webpage in php which contains many fiields.But when i enter data into one particular field(say the first field),i need the form to get submitted and do certain task.How can i achieve this? I have a form with a gender control made up of two radio buttons. If the user doesn't fill out this form, nothing gets submitted (i.e name='gender') in the $_POST array. So how ae you supposed to verify that the form field was left blank, and use that information to say display an error message on the form? Edited February 16 by SaranacLakeI have a basicc form that takes users info and when they submit it it show on a new web page in the proper order. I need to know how do I skip a blank field. This form takes a users First, Middle, and Last name but many times they leave the middle name blank so I would want to skip this field from showing up when the form is posted. Here is what I have for the basic php script ..Would like to know how to skip a field if it is left blank on the form. echo $_POST["First"], print "."; ?><?php echo $_POST["Middle"], print "."; ?><?php echo $_POST["Last"], print "."; ?><?php echo $_POST["Persona1"], print ".";<br /> This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=318486.0 I must be using the wrong search terms in google cause I cant find out how to update a field to a blank spot. trying to make name blank. I thought it was just " " hope someone can please help me with this Code: [Select] mysql_query("UPDATE users SET name = '".mysql_real_escape_string "."' WHERE id = '".mysql_real_escape_string($_SESSION['user_id']))."'"; I have a form that allows my client to update some products. Now the products are simple just basic info and 1 picture. I have set this up so they can edit the products and change the information, having done this many times in the past, but now hit a puzzling block that I am baffled. The client when editing is presented with the form with the information pulled from the database and the form fields loaded with that data ready to edit. The image can either be left alone or they can choose to upload a new image. They are shown the image they currently have stored in the database. The problem I have is EVEN if they decide not to upload an image and change other information, when the submit the form it must be sending a blank value for the image somewhere as it is updating the database and removing the image reference as if it has been removed. I have an if/else statement based on the form to perform 2 different queries for the update in mysql. Here is the code for the form update, as you can see the image should not update?? Please help?? if ($_SERVER['REQUEST_METHOD'] =='POST') { //This stops SQL Injection in POST vars foreach ($_POST as $key => $value) { $_POST[$key] = mysql_real_escape_string($value); } // **************************** THIS IS FOR NO NEW IMAGE ******************************** if ($_SERVER['REQUEST_METHOD'] =='POST' && empty($_FILES['product_image']['name'])) { # setup SQL statement for no new image $SQL = " UPDATE products SET product_title = '{$_POST['product_title']}', product_description = '{$_POST['product_description']}', standard_price = '{$_POST['standard_price']}', deluxe_price = '{$_POST['deluxe_price']}' WHERE product_id = '{$_REQUEST['product_id']}' "; } // **************************** THIS IS FOR A NEW IMAGE ******************************** else { // Check the image type is a jpeg or gif for the image. if (($_FILES['product_image']['type'] != "image/gif") && ($_FILES['product_image']['type'] != "image/jpeg") && ($_FILES['product_image']['type'] != "image/pjpeg")) { echo "<FONT FACE=\"Verdana\"><SPAN CLASS=\"content\">You have chosen not to upload a <b>Product Image</b>.<BR></SPAN>" ; } elseif ($_FILES['product_image']['size'] > 100000) { echo "<FONT FACE=\"Verdana\"><SPAN CLASS=\"content\">The file size is bigger than 300kb.<BR></SPAN>" ; } else { move_uploaded_file($_FILES['product_image']['tmp_name'], "/httpdocs/product_images/".$_FILES['product_image']['name']) ; echo "<FONT FACE=\"Verdana\"><SPAN CLASS=\"content\"><B>Your front image has successfully uploaded.</B><BR></SPAN>" ; } } # setup SQL statement for update $SQL = " UPDATE products SET product_title = '{$_POST['product_title']}', product_description = '{$_POST['product_description']}', standard_price = '{$_POST['standard_price']}', deluxe_price = '{$_POST['deluxe_price']}', product_image = '{$_FILES['product_image']['name']}' WHERE product_id = '{$_REQUEST['product_id']}' "; } #execute SQL statement $result = mysql_db_query( *****,"$SQL",$connection ); # check for error if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n"); } Hi i have this simple update form and scrip but somehow it doesnt seem to be update the field on the database can someone help out please. The html form is the second form bellow where the action send to status_update.php HTML FORM Code: [Select] <?php include("../header.html"); ?> <?php include("header_news.html"); extract($_REQUEST,EXTR_SKIP); ?><?php /* print("sfilm_refnum = $sfilm_refnum<BR>"); print("sfilm_addr01 = $sfilm_addr01<BR>"); print("sfilm_postcode = $sfilm_postcode<BR>"); print("Film Client = $fclient<BR>"); */ ?> <form id="search" action="list.php" method="post" name="search"> <table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#eeeeee"> <tr> <td align="right" width="140"></td> <td width="320"><span class="hofblack10"> </span> </td> <td align="center" width="100"><input type="hidden" name="lstart" value="<?php print("$lstart"); ?>" /><input type="hidden" name="lend" value="<?php print("$lend"); ?>" /><input type="hidden" name="lamount" value="<?php print("$lamount"); ?>" /></td> <td align="center" width="100"></td> <td align="right"></td> </tr> </table> </form> <table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#4050c4"> <tr> <td width="60" class="hofwhite10">action</td> <td width="140"><span class="hofwhite14">DATE</span></td> <td width="80"><span class="hofwhite14">ID</span></td> <td><span class="hofwhite14">News Titile</span></td> <td width="100"><span class="hofwhite14">Status</span></td> </tr> <tr height="0"> <td bgcolor="white" width="60"></td> <td bgcolor="white" width="140" height="0"></td> <td bgcolor="white" width="80" height="0"></td> <td bgcolor="white" height="0"></td> <td bgcolor="white" width="100" height="0"></td> </tr> </table><table width="780" border="0" cellspacing="0" cellpadding="4"><tr> <td width="60"></td> <td width="80"></td> <td><a class="blueullrg" href="add.php">Add News</a></td> <td align="right" width="120"></td> </tr> <tr height="0"> <td width="60" height="0"></td> <td width="80" height="0"></td> <td height="0"></td> <td align="right" width="120" height="0"></td> </tr> </table> <?php //get the DB connection variables include("../../../includes/config.php"); //connect to DB $connection = @mysql_connect($db_address,$db_username,$db_password) or die("Couldn't CONNECT."); $db = @mysql_select_db($db_name, $connection) or die("Couldn't select DATABASE."); $query2="SELECT * FROM news WHERE !(news_status='deleted')"; $result2 = mysql_query($query2) or die("Couldn't execute QUERY - Select NEWS Qty"); $fqty = mysql_num_rows($result2); //SELECT or FIND the same USERNAME $query3="SELECT * FROM news WHERE !(news_status='deleted') ORDER BY news_id DESC"; $result3 = mysql_query($query3) or die("Couldn't execute QUERY - Select NEWS"); while ($row = mysql_fetch_array($result3)) { $news_id = $row['news_id']; $news_title = $row['news_title']; $news_story = $row['news_story']; $news_image = $row['news_image']; $news_image_caption = $row['news_image_caption']; $news_image_link = $row['news_image_link']; $news_date_day = $row['news_date_day']; $news_date_month = $row['news_date_month']; $news_date_year = $row['news_date_year']; $news_status = $row['news_status']; $news_website = $row['news_website']; $news_date_created = $row['news_date_created']; $news_date_modified = $row['news_date_modified']; ?> <table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#eeeeee"> <tr> <td width="60"><span class="hofblack10"> <?php if($news_status=="deleted"){ print("<a class='hifblack10'>deleted</span>"); }ELSE{ print("<a class='blueul' href='edit.php?id=$news_id'>edit</a>"); } ?> </span></td> <td width="140"><span class="titlegrey12"> <?php if(!$news_date_day) { echo "00"; } else{ echo $news_date_day; } echo "/"; if(!$news_date_month) { echo "00"; }else{ echo $news_date_month; } echo "/"; if(!$news_date_year) { echo "0000"; }else{ echo $news_date_year; } ?> </span></td> <td width="80"><span class="titlegrey12"><?php print("$news_id"); ?></span> </td> <td><?php if($news_status=="deleted") { print("<class='hofblack10'>$news_title</span>"); }ELSE{ print("<a class='blueul' href='edit.php?id=$news_id'>$news_title</a>"); } ?></td> <td width="100"> <form id="list_update" action="status_update.php" method="post" name="list_update"> <select name="newnstatus" size="1"> <option <?php if($row['news_status'] == "") { print("selected"); } ?> selected="selected" value="">Status...</option> <option <?php if($row['news_status'] == "on") { print("selected"); } ?> value="on">On</option> <option <?php if($row['news_status'] == "off") { print("selected"); } ?> value="off">Off</option> <option <?php if($row['news_status'] == "deleted") { print("selected"); } ?> value="deleted">Delete</option> </select> <input type="hidden" name="nstatus" value="<?php echo $row[news_status]; ?>" /> <input type="hidden" name="id" value="<?php echo $row[news_id]; ?>" /> <input type="submit" name="update" value="update" /> </form> </td> </tr> <tr height="0"> <td bgcolor="white" width="60"></td> <td bgcolor="white" width="140" height="0"></td> <td bgcolor="white" width="80" height="0"></td> <td bgcolor="white" height="0"></td> <td bgcolor="white" width="100" height="0"></td> </tr> </table> <?php } mysql_close($connection);//}?> <table width="780" border="0" cellspacing="0" cellpadding="4"> <tr> <td width="60"></td> <td width="80"></td> <td><a class="blueullrg" href="add.php">Add News</a></td> <td align="right" width="120"></td> </tr> </table><?php // include("list_navigation.html"); ?> <?php include("../footer.html"); ?> </div></body></html> The action script php Code: [Select] <?php /* echo "fstatus: ".$fstatus."<BR>"; echo "id: ".$id."<BR>"; echo "fclient: ".$fclient."<BR>"; echo "newfstatus: ".$newfstatus."<BR>";*/ //set the date of agreement $timestamp = date('l jS \of F Y h:i:s A'); //get the DB connection variables include("../../../includes/config.php"); //connect to DB $connection = @mysql_connect($db_address,$db_username,$db_password) or die("Couldn't CONNECT."); $db = @mysql_select_db($db_name, $connection) or die("Couldn't select FILMS DATABASE."); // All appears well, so enter into database $query= "UPDATE news SET news_status = '$newnstatus' WHERE news_id='$id'"; $result = mysql_query($query) or die("could not execute query - Update FILMS Record to DB"); //setup an email to the Admin @ hof, w/o attachment $emailto="xx@xxx.co.uk"; $emailfrom="no-reply@xxxx.co.uk"; $emailsubject="xx Record Updated"; $emailmessage="Hello Registrar\n\n"; $emailmessage.="News ID: ".$id."\n"; $emailmessage.="Updated on: ".$timestamp."\n\n"; $emailmessage.="Status was: ".$nstatus."\n"; $emailmessage.="Status now: ".$newfnstatus."\n"; $emailmessage.="Thank you,\n\n"; $emailmessage.="Web Site ROBOT\n"; $emailmessage.="(Administrator)\n"; $emailmessage.="xxx.co.uk | xxx.biz\n"; $emailmessage.="----------------------------------------------\n"; $emailmessage.="e. http://www.xxx.co.uk/contact.php\n"; $emailmessage.="w. http://www.xxx.co.uk\n"; $emailheader="From: xxx.co.uk<$emailfrom>"; $emailheader .= 'Cc: xxx@xxx.co.uk'."\r\n"; $emailheader .= 'Bcc: xxx@xxxxx.co.uk'."\r\n"; $ok=mail($emailto,$emailsubject,$emailmessage,$emailheader); mysql_close($connection); if ($ok) { header("Location: list.php"); /* Redirect browser */ exit; } else { $errmsg="There was a problem, please try later or telephone us direct."; $errsta="1"; include("edit_error.html"); //echo "<p>Mail could not be sent. Sorry!</p>"; exit; } ?> Thanks in advance Hey guys, need some help real quick. I'm using this walkthrough over at css-tricks, some might be familiar with it by now? Anyway, I've followed the instructions exactly. It's supposed to display a simple form that you fill out and submit, which then updates the MYSQL database. However, whenever i load display.php in my browser, all i get is a blank page, and there are no notifications or errors to be in seen in the console. Any help is greatly appreciated. Thanks! Here's my code: SimpleCMS.zip 3.7KB 0 downloads display.php <!DOCTYPE html> <html lang="en"> I have a firm that post to my database. When I tested it always posted my information correctly. I require the user to be logged in before they can access the page with the form. I do I ensure that each php variable has a value in it before the data is posted? Any help would be appreciated. I can post my code if needed. i have a php script and i want it to submit to itself having the php script on the same page, the problem is when i do it it tries to upload the file without waiting for the form resaulting in format you tried to upload was not allowed" (its an image uploader) heres my code Code: [Select] <?php // Configuration - Your Options $allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation. $max_filesize = 1524288; // Maximum filesize in BYTES (currently 1.5MB). $upload_path = './files/'; // The place the files will be uploaded to (currently a 'files' directory). $filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension). $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename. // Check if the filetype is allowed, if not DIE and inform the user. if(!in_array($ext,$allowed_filetypes)) die('<font size="4"><font color="red">The file you attempted to upload is not allowed.</font></font>'); // Now check the filesize, if it is too large then DIE and inform the user. if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize) die('The file you attempted to upload is too large.'); // Check if we can upload to the specified path, if not DIE and inform the user. if(!is_writable($upload_path)) die('You cannot upload to the specified directory, please CHMOD it to 777.'); // Upload the file to your specified path. if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename)) echo '<font size="4"><span style="color: white; text-shadow: lime 0px 0px 3px;"><h2>Upload Successful!</h2><br> <img src="' . $upload_path . $filename . '"><br> <p id="codes"><label for="codedirect">Direct Link:</label><br /> <input type="text" id="codebb" value="http://imageplanet.site90.net/' . $upload_path . $filename . '" onclick="javascript:this.focus();this.select();" readonly="true" /><br /> <label for="codehtml">HTML code:</label><br /> <input type="text" id="codehtml" value="<img src="http://imageplanet.site90.net/' . $upload_path . $filename . '">" onclick="javascript:this.focus();this.select();" readonly="true" /><br /> <label for="codebb">IMG code:</label><br /> <input type="text" id="codebb" value="[IMG]http://imageplanet.site90.net.info/' . $upload_path . $filename . '[/IMG]" onclick="javascript:this.focus();this.select();" readonly="true" /></p></div> </span></font>'; // It worked. else echo '<font size="4"><font color="red">There was an error during the file upload. Please try again.</font</font>'; // It failed :(. ?> <form action="upload.php" method="post" enctype="multipart/form-data"> <p> <label for="file"><font color="white">Select a image:</font></label> <br><br> <input type="file" name="userfile" id="file"> <br /> <button>Click Here To Upload</button> <p> <br> <br> <font color="#006FFF"><span style="font-family: Criovision; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15pt;">Max File Upload Size: 1.5MB<br></span></font> </div> </span> i just want it so it doesn't display that error I have this HTML form that isn't doing anything when the submit button pressed, I am using PHP to validate it. I know I am missing something, can you help me? :/ Thanks in advance! Code: [Select] <?php require("styles/top.php");?> <div id="head_reg"> <div id="head_cen_reg"> <div id="head_sup_reg" class="head_height_reg"> <p class="search"> <label>SEARCH</label> <input name="search" type="text" class="txt" /> <input name="search-btn" type="submit" class="btn" value="SEARCH" /> </p> <h1 class="logo"></h1> <?php require("scripts/links.php"); ?> </div> </div> </div> <div id="content"> <br /> <div id="register_form"> <form action="register.php" method="post" enctype="multipart/form-data"> <center> <table> <tr> <td>Desired Username </td> <td><input type="text" name="username" class="textbox" /></td> </tr> <tr> <td>E-Mail </td> <td><input type="text" name="email" class="textbox" /></td> </tr> <tr> <td>Password </td> <td><input type="text" name="pass" class="textbox" /></td> </tr> <tr> <td>Confirm Password </td> <td><input type="text" name="repass" class="textbox" /></td> </tr> <tr> <td><p class="register"> <input name="reg-btn" type="submit" class="btn" value="REGISTER" /> </p></td> </tr> </table> </center> </form> </div> <center><a href="#" id="showreg">Why register? Click here</a></center> <div id="content_cen"> <div id="content_sup"> <div id="welcom_pan"> <h3><span>Why</span> Register?</h3> <p>Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nulla vitae diam magna, eget fringilla tellus. Curabitur est velit, suscipit eu faucibus eget, aliquam ac enim. per inceptos himenaeos. Nulla vitae diam magna, eget fringilla tellus.</p> </div> </div> </div> </div> <div id="foot"> <div id="foot_cen"> <ul> </ul> <p></p> </div> </div> <?php if(isset($_POST['reg_btn'])){ $username = $_POST['username']; $email = $_POST['email']; $password = $_POST['pass']; $repassword = $_POST['repass']; if ($username && $password && $repassword && $email){ if ($password == $repassword){ if (strstr($email, "@") && strstr($email, ".") && (strlen($email) >= 6)){ $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $query = mysql_query("SELECT * FROM users WHERE email='$email'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $pass = md5(md5($password)); $ip = $_SERVER['REMOTE_ADDR']; $date = date("F,d,Y:g:i:s A"); mysql_query("INSERT INTO users VALUES ('', '$username', '$pass', '$email','Member', '$date', '', '$ip', '0')"); } else echo"That email is already in use!"; } else echo"That username is already taken!"; } else echo"That email is too short!"; } else echo"Those passwords do not match!"; } else echo"<script type='text/javascript'>alert('You did not fill out the entire form!')</script>"; } ?> Got this page, a player clicks the "accept challenge" button, then it is recorded in the database that the challenge as been started and once the form has been self submitted, the button is disabled. It does what I expect, but I have to refresh the page again for the button to be displayed as disabled. How can I do it so the page is changed once the form has been submitted? Code: [Select] <?php session_start();what but after clicking a button I have to refresh the page again, before the button is displayed as disabled include('functions.php'); connect(); ?> <!DOCTYPE html> <html> <head> <title>University Crusade</title> <link rel="stylesheet" href="css/style.css" type="text/css" media="screen"> <meta name="viewport" content="width=device-width, minimum-scale=1,maximum-scale=1, user-scalable=no"> </head> <body> <?php if (isset($_SESSION['userid'])) { include('safe.php'); if (isset($_POST['start1'])) { mysql_query("UPDATE chal1 SET start1=1 WHERE userid='".$_SESSION['userid']."'") or die ("Could not update start1"); } if (isset($_POST['start2'])) { mysql_query("UPDATE chal1 SET start2=1 WHERE userid='".$_SESSION['userid']."'") or die ("Could not update start2"); } if (isset($_POST['start3'])) { mysql_query("UPDATE chal1 SET start3=1 WHERE userid='".$_SESSION['userid']."'") or die ("Could not update start3"); } ?> <ul id="tab-nav"> <li><a href="stats.php" id="tab-character">Character</a></li> <li><a href="games.php" class="active" id="tab-games">Games</a></li> <li><a href="account.php" id="tab-account">Account</a></li> </ul> <div id="wrapper"> <h2 id="name">Select a Challenge</h2> <ul id="table-view"> <li> <fieldset> <legend>"Easter Egg" Challenge</legend> <div id="rewards"> <p class="instructions"> Find each of the 4 "Easter Egg" barcodes around the university campus. </p> <p> Rewards: Every egg is worth <span class="stat">50</span> XP and <span class="stat">35</span> gold coins. </p> </div> <form action="games.php" method="POST"> <?php if ($start1 == 1) { echo "<br />The value is 1"; echo "<button class=\"buttons\" type=\"submit\" name=\"start1\" disabled=\"disabled\">Accept challenge</button>"; } elseif ($start1 == 0) { echo "<br />The value is 0"; echo "<button class=\"buttons\" type=\"submit\" name=\"start1\">Accept challenge</button>"; } ?> </form> </fieldset> </li> <li class="even"> <fieldset> <legend>Increase Strength</legend> <div id="rewards"> <p class="instructions"> You'll find the barcode in the Sports Centre. </p> <p> Rewards: Every time you visit the Sports Centre you'll receive <span class="stat">2</span> Str. points. </p> </div> <form action="games.php" method="POST"> <?php if ($start2 == 1) { echo "<br />The value is 1"; echo "<button class=\"buttons\" type=\"submit\" name=\"start2\" disabled=\"disabled\">Accept challenge</button>"; } elseif ($start2 == 0) { echo "<br />The value is 0"; echo "<button class=\"buttons\" type=\"submit\" name=\"start2\">Accept challenge</button>"; } ?> </form> </fieldset> </li> <li> <fieldset> <legend>Increase Intelligence</legend> <div id="rewards"> <p class="instructions"> You'll find the barcode in the university Library. </p> <p> Rewards: Every time you visit the Library you'll receive <span class="stat">2</span> Int. points. </p> </div> <form action="games.php" method="POST"> <?php if ($start3 == 1) { echo "<br />The value is 1"; echo "<button class=\"buttons\" type=\"submit\" name=\"start3\" disabled=\"disabled\">Accept challenge</button>"; } elseif ($start3 == 0) { echo "<br />The value is 0"; echo "<button class=\"buttons\" type=\"submit\" name=\"start3\">Accept challenge</button>"; } ?> </form> </fieldset> </li> </ul> </div> <div id="footer"> <a class="buttons" href="logout.php">log me out</a> </div> <?php } else { die (" <div id=\"wrapper\"> <p>Opps! You don't seem to be logged in...</p> <a class=\"buttons\" href=\"index.php\">login now</a><br /> <p>Don't have an account? No worries, just <a class=\"buttons\" href=\"register.php\">register for one.</a></p> </div> "); } ?> Thanks Hi - I have a form which is populated with values from a DB. This is done by looping through the DB values using a foreach. It works fine. I populate my form with those values. However, I want to be able to amend those values, and then submit the new values back to the DB with 1 single submit button. I don't want a separate submit button for each row of my form. The problem is that because the form is built with a foreach, as the it loops through the variables on each pass of the DB, only the final row of DB are present in the form variables. Question: My 'foreach' approach must be faulty. What is the mechanism or approach I need to use to update the values from the whole form ?? MANY THANKS for all your help !! This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=316807.0 I am trying to learn how to program in PHP. For a long time i was using WAMP and my localhost. When i ran into trouble i searched the web, watched videos and eventually find a solution.
Trying to upload my scripts into a shared hosting web server i had some difficulties in basic things, like using $_SESSION superglobal variable.
What i want to do is to use a hidden field with a value inside a form, and after submitting the form, to compare the $_SESSION variable to the $_POST variable in order to check for CSRF.
<?php
//call all custom functions
require_once('Custom_Functions/functions.php');
//session must be send before HTML headers
secure_session_start();
?>
<!DOCTYPE html>
<html lang="en">
<body>
<?php
if(isset($_POST['submit']))
{
$postvalue = $_POST['input1'];
$sessionvalue = $_SESSION['hashed_token'];
echo '<br />==========================<br />';
echo '<br />AFTER PRESSING SUBMIT<br />';
echo '<br />==========================<br />';
echo 'Value of $_POST["hashed_token"] = '.$postvalue.'<br />';
echo 'Value of $_SESSION["hashed_token"] = '.$sessionvalue.'<br />';
}
$hashed_token = hash('sha256', uniqid(mt_rand(), TRUE));
$_SESSION['hashed_token'] = $hashed_token;
echo '<br />==========================<br />';
echo '<br />BEFORE PRESSING SUBMIT<br />';
echo '<br />==========================<br />';
echo '<br />Value of $_SESSION["hashed_token"] = '.$hashed_token.'<br />';
?>
<form action="" method="POST">
<input type="hidden" name="input1" value="<?php echo $hashed_token; ?>" />
<p><input type="submit" name="submit" /></p>
</form>
</body>
</html>
In this script i have 1 custom function:
a) secure_session_start()
function secure_session_start(){
//Set a custom session name
$session_name = 'TESTSESSID';
ini_set('session.use_only_cookies', 1);
ini_set('session.entropy_file', '/dev/urandom');
if (in_array('sha512', hash_algos())) {
ini_set('session.hash_function', 'sha256');
}
ini_set('session.use_trans_sid', 0);
ini_set('session.hash_bits_per_character', 5);
ini_set('session.cookie_secure', 1);
$secure = TRUE;
$httponly = TRUE;
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $secure, $httponly);
session_name($session_name);
ini_set("session.save_path", "/home/SESSIONS");
session_start();
}
The procedure goes as follows:
FIRST COMMUNICATION WITH THE SERVER:
The superglobal variable $_SESSION['hashed_token'] is assigned the random hash value, which is then passed to the hidden input field. I then echo it.
RESULT:
==========================BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = 93438a1b9b72085ce9430291acebdc4cfdee9d001b91a26207aebc22e04689fc SECOND COMMUNICATION WITH THE SERVER: The user press the submit button, the script then checks if the submit button is pressed, and gets in the if statement(because is TRUE). Then i collect the $_POST and $_SESSION values and echo them. New random hash is assigned to the $_SESSION superglobal variable. RESULT: ========================== AFTER PRESSING SUBMIT ========================== Value of $_POST["hashed_token"] = 93438a1b9b72085ce9430291acebdc4cfdee9d001b91a26207aebc22e04689fc Value of $_SESSION["hashed_token"] = 8f176aeb3a09a1b30e0ea862c78625d7c11743da933d366cface3fa238388e57 ========================== BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = c3442382b146f03394ad86911018247c57fa19d4a653d0bf6bb9bc7506e88ca0 For me this is very weird. The random hash is assigned to the $_SESSION variable, but when i try to call it after the submit is pressed its giving me a complete different value. If i remove the function secure_session_start() and just use session_start() it works: RESULT (using session_start() ) ========================== AFTER PRESSING SUBMIT ========================== Value of $_POST["hashed_token"] = a5eaaaa38c428af623a599e664ea9c64a2ff0674e18e9250c54e52bbc586b614 Value of $_SESSION["hashed_token"] = a5eaaaa38c428af623a599e664ea9c64a2ff0674e18e9250c54e52bbc586b614 ========================== BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = e2d4acc239a747217860d71a80553abd41142dbeb8f6fafab511caff8a081fc4 Any ideas why this is happening? The problem is inside the secure_session_start() function but i cant find out why. Also, when i use the secure_session_start() function and more specifically the ini_set("session.save_path", "/home/SESSIONS"); i am forcing the session to be stored inside the /home/SESSIONS folder. But when i only use the session_start() the session i still gets stored inside that path. I checked my .htaccess and there is nothing storing the sessions in that folder. Why is that? One last thing: When using FIREBUG-->Cookies is see 2 names: the custom one (TESTSESSID) and PHPSESSID(which is the default). Shouldnt i only see the custom session name only? Thanks in advance. Hi there, If a form was submitted without any proper method , how can we grab that particular information on the other side ? For example : index.php Code: [Select] <form action="process.php" method=""> Userame: <input type="text" name="userName" /> Password: <input type="password" name="pass" /> <input type="submit" name="submit" value="submit" </form> process.php $userName = $_REQUEST['userName']; $password = $_REQUEST['pass']; echo ("Welcome " . $username . " to our page."); Now what if a user deliberately alters the method, and uses "$_POST or $_GET or Leaves it blank. How can I can make it fool proof on the server side without using the $_REQUEST Global Variable? Is there any other way to grab that submitted information like in $_SERVER Global Variable ? *For those who think the form will not submit without disclosing the method, then they must try this after disabling their Java-script. I hope you understand my question and would reply me in as detail as possible. Thanks |
|||||||