Learn VBA & Macros in 1 Week!

PHP - Pass Values Array Into Form

Full Excel VBA Course - Beginner to Expert

Pass Values Array Into Form	View Content

Hi,
I'm trying to pass values from an array into a form. As a newbie, I've came up with the code underneath, but I want to pinpoint all the first values toward 1 selection list in the form. Any suggestions how to accomplish this?
Thanks in advance.

Ruud
<html>
<head>
<title>Test formulier</title>
</head>
<body>
<h2>Test formulier</h2>
<form action="test.php" method="post">

<p>
<?php
$prijzen = array(
array("01", "125","150", "A" => true,"B" => true),
array("02", "125","150", "A" => true,"B" => true),
array("03", "125","150", "A" => true,"B" => false),
array("04", "125","150", "A" => true,"B" => true)
);
?>

</P>
<select name="prijzen[]" id="prijzen" multiple="multiple" size="7" class="none">

<?php
while(list($key, $val) = each($prijzen)){
while(list($key2, $val2) = each($val)){
echo '<option value="'.$key2.'">'.$val2.'</option>'.PHP_EOL;

}
}
?>

</select>
</body>
</html>

Full Excel VBA Course - Beginner to Expert

Similar Tutorials

How To Pass Array To New Window Without Form

Array Values And Form Elements

Retrieving Form Values From Multi Dimensional Array

Insert The Form Values From An Array Into A Database As One String

Pass Values Through Url

How To Pass All Three Php Values From One Window To Another

How To Pass Session Values To Table ?

Pass Html Field Values To Php Script

Pass Checkbox Values In Url To Download Page

How To Get Values From Check Boxes And Pass It To A Php Controller Action?

Json_encode() Is *not* A Security Feature (or: How To Pass Php Values To Javascript)

Html Php 3 Submit Button To Pass Values To 3 Different Pages

Moved: In Magento Shoping Cart How To Pass The Variable Values To A Jsp Page?

Searching Multidimensional For Values, Then Outputting Other Values In Array

Pass Array To Mysql_fetch_row()

Moved: Pass Variables, In Post Form Or Get Form???

Pass An Array As Function Element

Pass Randomized Array To Other Users

Pass Json Array To Mysql Help

How To Pass Array From Html To Jquery ?

Learn VBA & Macros for Excel in 1 Week!

How To Pass Array To New Window Without Form

Similar Tutorials

I am working on search result page where all the thumbnail will display and its working fine.

but what my boss wants is when user click on any thumbnail a new window will open with the product image and next and prev button

so that user will navigate search result through new window

so how i can pass all the ID to new window so that this funtionality can be done

thanks in advance..

Array Values And Form Elements

Similar Tutorials

Hey everyone. I have a project I'm working on and am having some issues. I'm trying to build a web-based FTP program for a client. I have all the ftp stuff down packed, but I'm having issues with connecting to a local computer. I can get the directories an a local disk viewing and changing just fine, my problem is I'm wondering how I might pass each value of the array generated by the scandir() function into a form element value such as a checkbox. The furthest I've been able to get with this is displaying the last object in the array. Here is some code:

<?php

foreach ($d as $key => $val)
{
echo "<table width=auto height=auto border=0>
<tr>
<td><img src=".$icon." width=16 height=16></td>
<td>".$val."</td>
<td><input name=selection type=checkbox value=".$val."></td>
</tr>
</table>";
?>

All I get is the last item in the array. any help is appreciated.

Retrieving Form Values From Multi Dimensional Array

Similar Tutorials

Hi,

I'm having problems retrieving the values from a form posting without getting a warning

My form records playername, hours played and minutes played

Code: [Select]
<li id="input1" style="margin-bottom:4px;" class="clonedInput">
Name:
<select name="player[1][userid]" id="player[1][userid]" class="playerInput" style="width: 7em;" >
<option value=""></option>
<?php
while($row = mysql_fetch_array($sql)) {
echo '<option value="'.stripslashes($row['userid']).'">'.stripslashes($row['name']).'</option>';
}
mysql_data_seek($sql,0);
?>
</select>
<select name="player[1][hours]" id="player[1][hours]">
<option value="">Hours</option>
<option value=""></option>
<?php
for($x = 0; $x <= 23; $x++ ) {
             echo '<option value="'.$x.'">'.$x.'</option>';
}
?>
</select>
<select name="player[1][minutes]" id="player[1][minutes]">
<option value="">Minutes</option>
<option value=""></option>
<?php
for($y = 15;  $y <= 59; $y+=15) {
             echo '<option value="'.$y.'">'.$y.'</option>';
}
?>
</select>
</li>

I use some javascript to create new players as necessary so every player has a userid, hours, minutes played...
After posting the query string looks like this

/cLeagueHandler.php?player[1][userid]=1&player[1][hours]=3&player[1][minutes]=15&player[2][userid]=3&player[2][hours]=6&player[2][minutes]=45&submit=Save+Points

player1
userid = 1
hours = 3
minutes = 15

player2.......

The code i'm using to access the values is

Code: [Select]
print_r ($_GET); // test display form values

foreach ($_GET as $key => $value) {
echo '<br/>'.$key.'<br/> ';
foreach ($value as $iKey => $iValue) { // Line 72
foreach ($iValue as $xKey => $xValue) {
echo " The $xKey for Player $iValue is $xValue <br/>";
}
}
}

The above code displays

Array ( [player] => Array ( [1] => Array ( [userid] => 1 [hours] => 3 [minutes] => 15 ) [2] => Array ( [userid] => 3 [hours] => 6 [minutes] => 45 ) ) [submit] => Save Points )
player
The userid for Player Array is 1
The hours for Player Array is 3
The minutes for Player Array is 15
The userid for Player Array is 3
The hours for Player Array is 6
The minutes for Player Array is 45

submit

Warning: Invalid argument supplied for foreach() in .................cLeagueHandler.php on line 72

Line 72 is foreach ($value as $iKey => $iValue) {

If anyone could help me with this it would be great appreciated.......I want to be able to build and sql string to Insert a players id, hours, minutes into a database......(obviously not incl the submit value!)
Maybe this is not even the best way of approaching this.....I'm quiet new to PHP so apologies if this is long winded...I'm trying to give as much info as possible....

thanks in advance

tmfl

Insert The Form Values From An Array Into A Database As One String

Similar Tutorials

Hi everyone,

I'm new to this group and new to php. I have created a multi-part form that allows the user the option to add multiple input fields to a form to upload images. Here is the form structu

Code: [Select]
<form action="Scripts/processreports2.php" method="post" enctype="multipart/form-data" name="report_form" target="uploader" class="reportfrm">
<fieldset>
<legend>Upload your images</legend>
<ol id="add_images">
<li>
<input type="file" class="input" name="files[]" />
</li>
<li>
<input type="file" class="input" name="files[]" />
</li>
<li>
<input type="file" class="input" name="files[]" />
</li>
</ol>
<input type="button" name="addFile" id="addFile" value="Add Another Image" onclick="window.addFile(this);"/>
</fieldset>
<p>* indicates a required field.</p>
<input name="submit" type="submit" id="submit" value="Send Info!" />
</form>

Through php a maximum of three input fields are fed into an array that checks to make sure that the uploaded files are images and not some other type of file. The uploading porition of this script works.

Now I am trying to get the values of the input fields as a string and insert them into the database as one record.

Let's say the user has three files they want to upload. I have managed to get the files as a string ie; file1.jpg, file2.jpg, file3.jpg but what is happening is that I am getting three separate records with file1.jpg, file2.jpg, file3.jpg in them. If the user has only two files to upload then I get two separate records with file1.jpg and file2.jpg in them. (Hope that makes sense). I want one record.

I have been struggling with this since Monnday and while every day I get closer, this is as close as I can get. Below is the php code.

#connect to the database

mysql_connect("localhost", "root", "");

mysql_select_db("masscic");

//Upload Handler to check image types

function is_image($file) {

$file_types = array('jpeg', 'gif', 'bmp'); //acceptable file types

if ($img = getimagesize($file)){

//echo '<pre>';

//print_r($_FILES); used for testing

//print_r($img); used for testing

if(in_array(str_replace('image/', '', $img['mime']), $file_types))

return $img;

}

return false;
}

//form submission handling

if(isset($_POST['submit'])) {

//file variables

$fname = $_FILES['files']['name'];

$ftype = $_FILES['files']['type'];

$fsize = $_FILES['files']['size'];

$tname = $_FILES['files']['tmp_name'];

$ferror = $_FILES['files']['error'];

$newDir = '../uploads/'; //relative to where this script file resides

for($i = 0; $i < count($fname); $i++) {
//echo 'File name ' . $fname[$i] . ' has size ' . $fsize[$i]; used for testing

if ($ferror[$i] =='UPLOAD ERR OK' || $ferror[$i] ==0)

{

if(is_image($tname[$i]))

{

//append the tmp_name($tname) to the file name ($fname) and upload to the server

move_uploaded_file($tname[$i], ($newDir.time().$fname[$i]));

echo '<li><span class="success">'.$fname[$i].' -- image has been accepted<br></span></li>';

}else

echo '<li><span class="error">'.$fname[$i].' -- is not an accepted file type<br></span></li>';

}

if (is_array($fname))

$files = implode(', ',$fname);

//else $files = $fname;

$sqlInsert = mysql_query("INSERT INTO files (file_names) VALUES('$files')") or die (mysql_error());

}
}

Pass Values Through Url

Similar Tutorials

Hello there, I have 2 questions: 1) Look he http://www.hellastra...ooking/taxi.php I have a form and i want to pass values from URL to fields. So, for example to pass a value to Prefered driver ID field you write this: http://www.hellastra...?drivercode-123 and the value 123 is passed to that field. I did this with this code:

<?php $sDriverCode = $_REQUEST['drivercode']; ?>
             <input style="width:100px;" name="drivercode" id="drivercode" value="<?=$sDriverCode?>" data-mini="true" />

At the same form i have some radio-type fields. Its the one you see at Type of Vehicle (Standard, Premium etc). When i try to do the same, i cannot get this to work. What i am trying to do is this:

How To Pass All Three Php Values From One Window To Another

Similar Tutorials

hey guys,i'm back with a new prob..
i have an image here that when clicked using onclick, will open a window and sort of pass the php values to the window.
okay,it's confusing but perhaps this will help you understand. let me break it down.
this is what the image code looks like. i have placed this inside the php echo.

Code: [Select]
<img src="images/edit.png" alt="Edit rooms" width="16" height="16" onclick="window.open(\'edit.php?course='.$row['c_name'].'&year='.$row['year'].'&block='.$row['block'].'\',\'width=300, height=200, menubar=yes\')"/>
now my problem is i can't seem to get all three of the values, c_name,year and block to be posted on the window..
here's the code on edit.php:
Code: [Select]
<?php
include("dbcon.php");
$course = $_GET['c_name'];
$year = $_GET['year'];
$block = $_GET['block'];
?>
<html>
<body>
Course:<input type="text" name="course" value="<?php echo $course;?>"><br>
Year:<input type="text" name="year" value="<?php echo $year;?>"><br>
Block:<input type="text" name="block" value="<?php echo $block;?>"><br></html>

i have already used $_GET as you can see but only year and block appear on the form. i get a notice saying that c_name is an undefined index. i am really confused and i don't know what the problem is. i hope you guys can help me..

How To Pass Session Values To Table ?

Similar Tutorials

I am under developing PHP add to cart without DB, so that i am using SESSION, actually get data from fetch_data.php data to my_cart.php using the POST method, successfully retun the values,

After receiving the post data how can i convert to display like a table.

workout:

fetch_data.php return values.

https://snag.gy/IASCMZ.jpg

& values received

https://snag.gy/ojWxHe.jpg

Here is my my_cart.php :

// FYI -> Here i am using only two fields :  voice_sku & voice_name 

<table width="100%" cellpadding="6" cellspacing="0">
 <thead>
 <tr>
 <th>Voice Sku</th>
 <th>Voice Name</th>
 <th>Remove</th>
 </tr>
 </thead>

 <tbody>

 <?php
 session_start();
 $voice_sku = '';
 $voice_name = '';

 if(isset($_POST['voice_sku'])&& isset($_POST['voice_name']))
            {
 // print_r($_POST);
 // die();
 
 $voice_sku = $_POST['voice_sku'];
 $voice_name = $_POST['voice_name'];
 $_SESSION['voice_sku'] = $voice_sku;
 $_SESSION['voice_name'] = $voice_name;
 
 
            }   
 var_dump($_SESSION);    
 ?>

 <tr>
 <td colspan="5">
 <span style="float:right;text-align: right;">
 <!--  -->
 </span>
 </td>
 </tr>
 <tr>
 <td colspan="5">
 <a href="index.php" class="button">Add More Items</a>
 <button type="submit">Update</button>
 </td>
 </tr>

 </tbody>
</table>

Pass Html Field Values To Php Script

Similar Tutorials

Pass Checkbox Values In Url To Download Page

Similar Tutorials

First,
I will select checkbox then click generate report then it displays the items with download link

Then i click download link to download the selected checkbox values in pdf

I want to download the selected checkbox items by clicking download link

Now i am getting all check box items in the pdf download

How to download only the selected check box items

Code: [Select]
<?php
session_start();
$_SESSION['pidd'] = 2;
$sessvar = $_SESSION['pidd'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled Document</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
<style type="text/css" media="print">
DIV#noprint{visibility:hidden;}
INPUT#printbutt{visibility:hidden;}
#downloadlink{visibility:hidden;}
</style>
<script type="text/javascript">
function gen() {

var st1=document.getElementById("ckbox1").checked;

var st2=document.getElementById("ckbox2").checked;

var st3=document.getElementById("ckbox3").checked;

var st4=document.getElementById("ckbox4").checked;

if(st1 == true) {
document.getElementById('g1').style.display = 'block';

}

if(st2 == true) {

document.getElementById('g2').style.display = 'block';

}

if(st3 == true) {

document.getElementById('g3').style.display = 'block';

}

if(st4 == true) {
document.getElementById('g4').style.display = 'block';

}

document.getElementById('p_info').style.display = 'none';

document.getElementById('histree').style.display = 'none';

document.getElementById('insurence').style.display = 'none';
document.getElementById('billin').style.display = 'none';
}

function showuser() {

document.getElementById('g1').style.display = 'none';

document.getElementById('g2').style.display = 'none';

document.getElementById('g3').style.display = 'none';

document.getElementById('g4').style.display = 'none';

var str1=document.getElementById("ckbox1").checked;

var str2=document.getElementById("ckbox2").checked;

var str3=document.getElementById("ckbox3").checked;

var str4=document.getElementById("ckbox4").checked;

if(str1 == true) {

document.getElementById('p_info').style.display = 'block';

}

else

document.getElementById('p_info').style.display = 'none';

if(str2 == true) {

document.getElementById('histree').style.display = 'block';

}

else

document.getElementById('histree').style.display = 'none';

if(str3 == true) {

document.getElementById('insurence').style.display = 'block';

}

else

document.getElementById('insurence').style.display = 'none';

if(str4 == true) {

document.getElementById('billin').style.display = 'block';

}

else

document.getElementById('billin').style.display = 'none';

}

function checkByParent(aId, aChecked) {
var collection = document.getElementById(aId).getElementsByTagName('INPUT');
for (var x=0; x<collection.length; x++) {
if (collection[x].type.toUpperCase()=='CHECKBOX')
collection[x].checked = aChecked;
}
}
</script>
</head>
<body>
<div id="main_content">
<div id="left">
<div id="noprint">
<h4>Patient Report</h4>
<a id="check_all" href="#" style="text-decoration:none" onClick="checkByParent('checkboxes', true); return false;">check all</a>     <a id="uncheckall" href="#" style="text-decoration:none" onClick="checkByParent('checkboxes', false); return false;">uncheck all</a> <br>
<br>
<form method="post" name="myform" action="">
<div id="checkboxes">
<div id="cb_id1">
<input id="ckbox1" name="cbox1" type="checkbox" <? if(isset($_REQUEST['cbox1'])) echo 'checked="checked"' ; ?> value="p_info" />
Patient Info </div>
<div id="cb_id2">
<input id="ckbox2" name="cbox2" type="checkbox" <?php if(isset($_REQUEST['cbox2'])) echo 'checked="checked"' ; ?> value="histree" />
History </div>
<div id="cb_id3">
<input id="ckbox3" name="cbox3" type="checkbox" <?php if(isset($_REQUEST['cbox3'])) echo 'checked="checked"' ; ?> value="insurance" />
Insurence </div>
<div id="cb_id4">
<input id="ckbox4" name="cbox4" type="checkbox" <?php if(isset($_REQUEST['cbox4'])) echo 'checked="checked"' ; ?> value="billin" />
Billing </div>
</div>

<br>
<input id="vuprint" name="view" type="button" value="View" onClick="showuser();">
<hr/>
<label for="docs"> Documents:<br>
<br>
</label>
<input name="sub" type="button" value="Generate report" onclick="gen();">
<hr/>
</form>
<input id="printbutt" name="prt" type="button" value="Print" onClick="javascript:window.print();">
</div>

</div>

<div id="side">
<div id="p_info">
<?php require("db_conn.php");
$pinfo = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='".$sessvar."' ");
while($fet = mysqli_fetch_array($pinfo)) {
echo "<h4>Patient Info</h4>";
echo "<b>Name: </b>" . $fet["P_Fname"] . " " . $fet["P_Lname"]. "<br>";
echo "<b>Dob:</b> " . date("d-m-Y",strtotime($fet["P_Dob"]))."<br>";
echo "<b>Age:</b> " . $fet["P_Age"]."<br>";
echo "<b>Gender:</b> " . $fet["P_Gender"]."<br>";
echo "<b>Marital Status:</b> " . $fet["P_Mstatus"]."<br>";
echo "<b>Blood: </b>" . $fet["P_Blood"]."<br>";
echo "<b>Height: </b>" . $fet["P_Height"] . $fet["P_Hval"]."<br>";
echo "<b>Weight: </b>" . $fet["P_Weight"] . $fet["P_Wval"];
}
?>
</div>
<div id="histree">
<?php
$his = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='".$sessvar."' ");
while($hisrow = mysqli_fetch_array($his,MYSQLI_ASSOC)) {
echo "<h4>Patient Histroy</h4>";
echo "<b>P_Idate: </b>" . date("d-m-Y",strtotime($hisrow["P_Idate"]))."<br>";
echo "<b>P_Edate: </b>" . date("d-m-Y",strtotime($hisrow["P_Edate"]))."<br>";
echo "<b>D_Ddate: </b>" . date("d-m-Y",strtotime($hisrow["D_Ddate"]));
} ?>
</div>

<div id="insurence">
<?php
$insu = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='".$sessvar."' ");
while($insrow = mysqli_fetch_array($insu,MYSQLI_ASSOC)) { ?>
<?php
echo "<h4>Insurence</h4>";
echo "<b>P_Isname: </b>" . $insrow["P_Isname"]."<br>";
// echo $insow[""];
} ?>
</div>
<div id="billin">
<?php
$bilrow = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' ");
while($bill = mysqli_fetch_array($bilrow,MYSQLI_ASSOC)) { ?>
<?php
echo "<h4>Billing</h4>";
echo "<b>P_Fbill: </b>" . $bill["P_Fbill"]."<br>";
echo "<b>Fees: </b>" . $bill["fees"];
} ?>
</div>
</div>

<div id="generatereport">
<div id="g1" style="display:none; clear:both;">
<label for="Gen_reports">Generaterd reports</label>
<br />
<br />
<?php
$pinfo = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' ");
while($fet = mysqli_fetch_array($pinfo,MYSQLI_ASSOC)) {

$new_dob = date("d-m-Y",strtotime($fet["P_Dob"])); ?>
<?php echo "<h4>Patient Info</h4>";

echo "<b>Patient Id:</b> ". $fet["P_Id"]."<br>";

echo "<b>Name:</b> " . $fet["P_Fname"] . " " . $fet["P_Lname"]."<br>";

echo "<b>Dob:</b> " . $new_dob ."<br>";

echo "<b>Age:</b> " .$fet["P_Age"]."<br>";

echo "<b>Gender:</b> " . $fet["P_Gender"]."<br>";

echo "<b>Marital Status:</b> " . $fet["P_Mstatus"]. "<br>";

echo "<b>Blood:</b> " . $fet["P_Blood"] . "<br>";

echo "<b>Height:</b> " . $fet["P_Height"] . $fet["P_Hval"]. "<br>";

echo "<b>Weight:</b> " . $fet["P_Weight"] . $fet["P_Wval"]. "<br>";

}
echo "*************************************************************************************************************************";

?> </div>
<div id="g2" style="display:none">
<?php

$his = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' ");

while($secrow = mysqli_fetch_array($his,MYSQLI_ASSOC)) {

echo "<h4>Patient Histroy</h4>";

echo "<b>P_Idate:</b> " . date("d-m-Y",strtotime($secrow["P_Idate"])) ."<br>";

echo "<b>P_Edate:</b> " . date("d-m-Y",strtotime($secrow["P_Edate"])) ."<br>";

echo "<b>D_Ddate:</b> " . date("d-m-Y",strtotime($secrow["D_Ddate"])) ."<br>";

}
echo "*************************************************************************************************************************";
?>
</div>
<div id="g3" style="display:none">
<?php

$insu = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' ");

while($insrow = mysqli_fetch_array($insu,MYSQLI_ASSOC)) {

echo "<h4>Insurence</h4>";

echo "<b>P_Isname:</b>" . $insrow["P_Isname"]."<br>";

}
echo "*************************************************************************************************************************";
?>
</div>
<div id="g4" style="display:none">
<?php

$bilrow = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' ");

while($bill = mysqli_fetch_array($bilrow,MYSQLI_ASSOC)) {

echo "<h4>Billing</h4>";

echo "<b>P_Fbill:</b> " . $bill["P_Fbill"]."<br>";

echo "<b>Fees:</b> " . $bill["fees"];
}

?>
</div>
<?php
$infochk = 'p_info';
$hischk = 'histree';
$insuchk = 'insurance';
$billchk = 'billin';
?>
<a id="downloadlink" href="download_pdf2.php?info=<?php if(isset($infochk)) echo $infochk; ?>&hist=<?php if(isset($hischk)) echo $hischk; ?>&insu=<?php if(isset($insuchk)) echo $insuchk; ?>&billin=<?php if(isset($billchk)) echo $billchk; ?>">Download</a> </div>

</div>

</body>
</html>

How To Get Values From Check Boxes And Pass It To A Php Controller Action?

Similar Tutorials

I have a list of checkboxes, like e.g each checkbox has a value as ResumeID,
now question is/are;

1) how to get the values of the checkboxes using jQuery ?
2) when I got the values of the checkboxes using jQuery, how to pass those values to a PHP Controller action ?

Json_encode() Is not A Security Feature (or: How To Pass Php Values To Javascript)

Similar Tutorials

Since there have been some debates about how to safely pass PHP values to JavaScript, I hope I can clarify a few things. One suggestion that kept recurring was to simply run the value through json_encode() and then inject the result into a script element. The JSON-encoding is supposed to (magically?) prevent cross-site scripting vulnerabilities. And indeed it seemingly works, because naïve attacks like trying to inject a double quote will fail. Unfortunately, this approach doesn't work at all and is fundamentally wrong for several reasons: json_encode() was never intended to be a security function. It simply builds a JSON object from a value. And the JSON specification doesn't make any security promises either. So even if the function happens to prevent some attack, this is implementation-specific and may change at any time. JSON doesn't know anything about HTML entities. The encoder leaves entities like " untouched, not realizing that this represents a double quote which is dangerous in a JavaScript context. The json_encode() function is not encoding-aware, which makes it extremely fragile and unsuitable for any security purposes. Some of you may know this problem from SQL-escaping: There used to be a function called mysql_escape_string() which was based on a fixed character encoding instead of the actual encoding of the database connection. This quickly turned out to be a very bad idea, because a mismatch could render the function useless (e. g. the infamous GBK vulnerability). So back in 2002(!), the function was abandoned in favor of mysql_real_escape_string(). Well, json_encode() is like the old mysql_escape_string() and suffers from the exact same issues. Any of those issues can be fatal and enable attackers to perform cross-site scripting, as demonstrated below. 1) The entire “security” of json_encode() is based on side-effects. For example, the current implementation happens to escape forward slashes. But the JSON standard doesn't mandate this in any way, so this feature could be removed at any time (it can also be disabled at runtime). If it does get disabled, then your application is suddenly wide open to even the most trivial cross-site scripting attacks:

<?php

header('Content-Type: text/html; charset=UTF-8');

$input = '</script><script>alert(String.fromCharCode(88, 83, 83));</script><script>';

?>
<!DOCTYPE HTML>
<html>
    <head>
        <meta charset="utf-8">
        <title>XSS</title>
    </head>
    <body>
        <script>
            var x = <?= json_encode($input, JSON_UNESCAPED_SLASHES) ?>;
        </script>
    </body>
</html>

2) In XHTML, a script element works like any other element, so HTML entities like " are replaced with their actual characters (in this case a double quote). But JSON does not recognize HTML entities, so an attacker can use them to bypass json_encode() and inject arbitrary characters:

<?php

header('Content-Type: application/xhtml+xml; charset=UTF-8');

$input = "&quot;;alert('XSS');&quot;";

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <title>XSS</title>
        <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
    </head>
    <body>
        <script type="text/javascript">
            var x = <?= json_encode($input) ?>;
        </script>
    </body>
</html>

3) json_encode() blindly assumes that the input and the output should always be UTF-8. If you happen to use a different encoding, or if an attacker manages to trigger a specific encoding, you're again left with no protection at all:

<?php

header('Content-Type: text/html; charset=UTF-7');

$input = '+ACIAOw-alert(+ACI-XSS+ACI)+ADsAIg-';

?>
<!DOCTYPE HTML>
<html>
    <head>
        <meta charset="utf-7">
        <title>XSS</title>
    </head>
    <body>
        <script>
            var x = <?= json_encode($input) ?>;
        </script>
    </body>
</html>

(This particular example only works in Internet Explorer.) I hope this makes it very clear that json_encode() is not a security feature in any way. Relying on it is conceptually wrong and simply a very bad idea. It's generally not recommended to inject code directly into a script element, because any mistake or bug will immediately lead to a cross-site scripting vulnerability. It's also very difficult to do it correctly, because there are special parsing rules and differences between the various flavors of HTML. If you try it, you're asking for trouble. So how should one pass PHP values to JavaScript? By far the most secure and robust approach is to simply use Ajax: Since Ajax cleanly separates the data from the application logic, the value can't just “leak” into a script context. This is essentially like a prepared statement. If you're into micro-optimization and cannot live with the fact that Ajax may need an extra request, there's an alternative approach by the OWASP: You can JSON-encode the data, HTML-escape the result, put the escaped content into a hidden div element and then parse it with JSON.parse():

<?php

header('Content-Type: text/html; charset=UTF-8');

$input = 'bar';

?>
<!DOCTYPE HTML>
<html>
    <head>
        <meta charset="utf-8">
        <title>XSS</title>
        <style>
            .hidden {
                display: none;
            }
        </style>
    </head>
    <body>
        <div id="my-data" class="hidden">
            <?php
                $json_object = json_encode(array(
                    'foo' => $input,
                ));

                // HTML-escape the JSON object
                echo htmlspecialchars($json_object, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8');
            ?>
        </div>
        <script>
            var data = JSON.parse(document.getElementById('my-data').innerHTML);
            
            alert('The following value has been safely passed to JavaScript: ' + data.foo);
        </script>
    </body>
</html>

Html Php 3 Submit Button To Pass Values To 3 Different Pages

Similar Tutorials

I have a page that contains a List box containing a list of categories taken from a mysql database, 4 iframe elements and 4 submit button (code to follow) When an item is selected from the List box the onchange event submits the page to jobs.php and loads it into the joblist iframe. Once the iframe is loaded and visible it makes the "Add Job To Category" submit button visible. This all works great When I click the "Add Job To Category" Submit button it loads Jobnew.php into the jobed iframe this is working but I can not seem to figure out how to pass the selected item from the List box using this submit button I hope I am clear in my question if not please advise any help is very much appreciated.... Jobtask.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Job Configuration</title>
<head>
</head>
<body>
<div style="position:absolute;left:5px;top:0px;width:1345px;height:50px;z-index:0;">
<img src="images/img0001.png" id="Shape1" alt="" style="border-width:0;width:1345px;height:50px;"></div>
<span style='position:fixed;left:525px;top:8px;font-family:Arial;font-size:32px;width:275px;'>Job Configuration</span>
<form action='index.html' target='' method='post'>
 <div style="position:absolute;left:205px;top:55px;width:1345px;height:50px;z-index:0;">
  <Input type="submit" action="index.html" Target="_top" method='post'Value="Main Menu">
 </div>
</form>
<form style=position:fixed;left:200px;top:82px;>    
 <iframe name='joblist' id='joblist' style=position:fixed;left:200px;top:px;visibility:hidden;z-index:10 src='' height="475" width="1150" scrolling='yes' frameBorder='0' ></iframe>    
 <iframe name='job' id='job' style=absolute:fixed;left:200px;top:0px;visibility:hidden;z-index:0 src='' height="475" width="1150" scrolling='yes' frameBorder='0' ></iframe>    
 <iframe name='jobed' id='jobed' style=position:fixed;left:460px;top:150px;visibility:hidden;z-index:10 src='' height="217" width="350" scrolling='no' frameBorder='0' ></iframe>   
 <iframe name='newcat' id='newcat' style=position:fixed;left:460px;top:150px;visibility:hidden;z-index:10 src='' height="125" width="350" scrolling='no' frameBorder='0' ></iframe> 
</form>
<?php
error_reporting(E_ALL);
include('dbcon/dbconnect.php');
$con=mysqli_connect($host,$user,$password,$db);
// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if (isset($_POST['id'])) {
  $insql= "INSERT INTO catagory (Catagory) VALUES ('$_REQUEST[newcat]')";
  $con->query($insql);
  }
$Catresult = mysqli_query($con, "SELECT CatID, Catagory FROM catagory");

echo "<div id='wb_CatSel' style='position:absolute;z-index:0;text-align:center;'bgcolor='#00b0e6';>";
echo "<span style='position:fixed;left:10px;top:82px;font-family:Arial;font-size:15px;background-color:#00b0e6;width:175px;'>Select Category</span></div>";
echo "<form action='jobs.php' target='joblist' style='position:fixed;left:10px;top:101px;'></td>";

echo "<select name='cat' size='11' style='width: 175px;' onchange='this.form.submit()'>";

while($row = mysqli_fetch_array($Catresult))
{ 
  echo "<option value=\"".$row['CatID']."\">".$row['Catagory']."</option>\n  ";
}

echo "</select>";

echo "</form>";

echo "<form action='Jobnew.php' target='jobed' method='post'>";
echo "<div style='position:absolute;left:10px;top:285px;width:1345px;height:50px;z-index:0;'>";
echo "<Input type='hidden' id='id1'><Input type='submit' id='sbtn' style='width:175px;visibility:hidden;'   Value='Add Job To Category'></div></form>";

echo "<form action='Jobtask.php' target='' method='post'>";
echo "<div style='position:absolute;left:10px;top:310px;width:1345px;height:50px;z-index:0;'>";
echo "<Input type='submit' style='width:175px;' action='Jobtask.php' Target='_top' method='post'  Value='Reset Form'></div></form>";

echo "<form action='newcat.php' target='newcat' method='post'>";
echo "<div style='position:absolute;left:10px;top:335px;width:1345px;height:50px;z-index:0;''>";
echo "<Input type='submit' style='width:175px;'' action='newcat.php' Target='newcat' method='post'  Value='Add New Category'></div></form>";

?>

</body>
</html>

Moved: In Magento Shoping Cart How To Pass The Variable Values To A Jsp Page?

Similar Tutorials

This topic has been moved to PHP Applications.

http://www.phpfreaks.com/forums/index.php?topic=357747.0

Searching Multidimensional For Values, Then Outputting Other Values In Array

Similar Tutorials

Hi all,

I'm a first time poster here and I would really appreciate some guidance with my latest php challenge! I've spent the entire day googling and reading and to be honest I think I'm really over my head and need the assistance of someone experienced to advise the best way to go!

I have a multi dimensional array that looks like (see below); the array is created by CodeIgniter's database library (the rows returned from a select query) but I think this is a generic PHP question as opposed to having anything to do with CI because it related to working with arrays.

I'm wondering how I might go about searching the array below for the key problem_id and a value equal to a variable which I would provide. Then, when it finds an array with a the matching key and variable, it outputs the other values in that part of the array too.

For example, using the sample data below. How would you recommend that I search the array for all the arrays that have the key problem_id and the value 3 and then have it output the value of the key problem_update_date and the value of the key problem_update_text. Then keep searching to find the next occurrence?

Thanks in advance, as above, I've been searching really hard for the answer and believe i'm over my head!

Output of print_r($updates);

CI_DB_mysql_result Object
(
    [conn_id] => Resource id #30
    [result_id] => Resource id #35
    [result_array] => Array
        (
        )

    [result_object] => Array
        (
        )

    [current_row] => 0
    [num_rows] => 5
    [row_data] =>
)

Output of print_r($updates->result_array());

Array
(
    [0] => Array
        (
            [problem_update_id] => 1
            [problem_id] => 3
            [problem_update_date] => 2010-10-01
            [problem_update_text] => Some details about a paricular issue
            [problem_update_active] => 1
        )

    [1] => Array
        (
            [problem_update_id] => 4
            [problem_id] => 3
            [problem_update_date] => 2010-10-01
            [problem_update_text] => Another update about the problem with an ID of 3
            [problem_update_active] => 1
        )

    [2] => Array
        (
            [problem_update_id] => 5
            [problem_id] => 4
            [problem_update_date] => 2010-10-12
            [problem_update_text] => An update about the problem with an ID of four
            [problem_update_active] => 1
        )

    [3] => Array
        (
            [problem_update_id] => 6
            [problem_id] => 4
            [problem_update_date] => 2010-10-12
            [problem_update_text] => An update about the problem with an ID of 6
            [problem_update_active] => 1
        )

    [4] => Array
        (
            [problem_update_id] => 7
            [problem_id] => 3
            [problem_update_date] => 2010-10-12
            [problem_update_text] => Some new update about the problem with the ID of 3
            [problem_update_active] => 1
        )

)

Pass Array To Mysql_fetch_row()

Similar Tutorials

Hi

I am looking to be able to pass an array to mysql_fetch_row() not sure where i am going wrong.

works fine like this.

Code: [Select]
mysql_select_db($DB_NAME);

$new = mysql_query("SELECT * FROM {$DB_TABLE}");

if (!$new) {
echo 'MySQL Error: ' . mysql_error();
exit;
}

$row = mysql_fetch_array($new);

while ($row = mysql_fetch_array($new)) {

echo $row['username'] . $DELIMITER . $row['firstname'] . $DELIMITER . $row['lastname'] . $DELIMITER . $row['password'] . $DELIMITER. "example@gmail.com" . $DELIMITER . "author";
echo "<br />";

}

But really need too be able to do it this way.

Code: [Select]
mysql_select_db($DB_NAME);

$new = mysql_query("SELECT * FROM {$DB_TABLE}");

if (!$new) {
echo 'MySQL Error: ' . mysql_error();
exit;
}

$row = mysql_fetch_array($new);

echo "<pre>";
//print_r($row);
echo "</pre>";

$sam = array('username','firstname','lastname');

while ($row = mysql_fetch_row($new)) {

echo $row[$sam] . $DELIMITER;
echo "<br />";

}
So it will just loop through the array so i can keep adding to it by just adding an extra parameter to the array.

Any Help Stuck????

Moved: Pass Variables, In Post Form Or Get Form???

Similar Tutorials

This topic has been moved to JavaScript Help.

http://www.phpfreaks.com/forums/index.php?topic=347360.0

Pass An Array As Function Element

Similar Tutorials

Hello All,

I have used a function to collect a users information from the database. This is then returned as an array.

Using this returned array, I wish to pass it into another function.

Here is the code:

The array is created in the collect() function and needs to be passed to the ipn_data function

Code: [Select]
/*

This script is responsible for handling all subscription payments. It will collect all information, insert data into the relevant databases and then forward the user to PayPal with the relevant transaction ID. On return, the IPN listener will
deal with all account changes whilst the user is held in a queue.

*/

/* ------------------------------------- */
/* DATABASE CONFIGURATION */
/* ------------------------------------- */

include_once "../config/config.php";

/* ------------------------------------- */
/* COLLECT SESSION INFORMATION */
/* ------------------------------------- */

session_start();
$id = "100000002"; // ID of logged in user
$next_year = date("Y-m-d", strtotime("+365 day", time())); //Date next year

/* ------------------------------------- */
/* SET VARIABLES */
/* ------------------------------------- */

$reason = $_GET["reason"];

/* ----------------------------------------- */
/* COLLECT USERS INFORMATION FROM DATABASE */
/* ----------------------------------------- */

function collect($id) {

//Select the subscriber from the database
$query = "SELECT * FROM subscribers WHERE id='$id'";
$query = mysql_query($query);
//Collect the subscribers first name, last name and email address
while($row=mysql_fetch_array($query)) {
$fname = $row["fname"];
$lname = $row["lname"];
$email = $row["email"];
}

//Collate subscribers information into an array
return array('fname' => "$fname", 'lname' => "$lname", 'email' => "$email");

}

/* ----------------------------------------- */
/* CREATE TIMESTAMP OF CURRENT TIME */
/* ----------------------------------------- */

function mktimestamp() {

//Set date variables
$day = date("d");
$month = date("m");
$year = date("Y");

//Make timestamp
return mktime(0, 0, 0, $month, $day, $year);

}

/* ----------------------------------------- */
/* INSERT USERS DATA INTO ipn_data */
/* ----------------------------------------- */

//Create random identifier
$ident = rand("1", "10000");

function ipn_data($info, $reason, $timestamp) {

//WANT THE ARRAY TO BE PASSED INTO HERE!!
//I TRIED PASSING THE $info VARIABLE INTO THE FUNCTION, WHICH IS WHAT I ASSIGNED TO THE COLLECT FUNCTION LATER IN THE SCRIPT

}

/* ----------------------------------------- */
/* Get ID of inserted ipn_data row */
/* ----------------------------------------- */

function get_id($ident, $timestamp) {

//Setup Query to find ID
$query = "SELECT * FROM subscribers WHERE timestamp='$timestamp' AND identifier='$ident'";

//Run Query
$query = mysql_query($query) or mysql_error();

//Using query find ID
while($row=mysql_fetch_array($query)) {
$ltj_txn_id = $row["id"];
}

return $ltj_txn_id or mysql_error();

}

/* ------------------------------------- */
/* SWITCH REASON */
/* ------------------------------------- */

switch($reason) {

case "subscribe":
break;

case "renew":

//Collect array from user information array function
$info = collect($id);

//Get timestamp from our mktimestamp function
$timestamp = mktimestamp();

//Insert users data into ipn_data table
$run_ipn = ipn_data($reason, $timestamp, $ident);

//Collect ID of record just inserted
$get_id = get_id($ident, $timestamp);

echo "$run_ipn";

break;

case "upgrade":
break;

default:
break;

}

Any ideas?

Pass Randomized Array To Other Users

Similar Tutorials

I want the quiz questions a teacher loads to be randomized so that each time the teacher gives it (different class, different day, whatever …) the order of questions will be randomized. I'm loading the data into an array and then shuffling it. Problem solved. BUT … students on their smart devices need to load the same quiz with the same question order. I can solve this by: - teacher stores question and answer data and order temporarily in a dB table - students load that information - problem solved But I was hoping to do this without using a table. Is there a way to pass a randomized array from the teacher to the students without going through a dB table? Thanks.

Pass Json Array To Mysql Help

Similar Tutorials

I have a simple ajax that passes data to a php script using jquery serialize. This is working good but where I am getting stuck is trying to pass json array into mysql. The json is outputting the correct data, but when I insert into db, it just says Array in the field. How can I convert(if that is the right term) json array to use in mysql. In the code I have posted, $box is an array from jquery which I normally use foreach to loop through array. What I need to do is convert $box after is has been encoded. Thanks

Code: [Select]
$box = $_POST['BRVbrtrv_boxnumber'];

$list = array("activity" => $activity, "mobile" => $mobile, "company" =>
$company, "authorised" => $authorised, "service" => $service, "department" =>
$department, "address" => $address, "boxcount" => $boxcount, "box" => $box);

$c = json_encode($list);

echo $c;

How To Pass Array From Html To Jquery ?

Similar Tutorials

Hi,