PHP - Ensuring There Is Input In At Least 1 Of 2 Fields
I have 2 fields, one for Mother's mobile, the other for Father's mobile. I want to ensure that at least one of the 2 fields contains a number. This is what I have:
Code: [Select] <?php if(!isset($_POST['guardian1_mobile']) && !isset($_POST['guardian2_mobile'])) { // no number entered in either field $errors[] = 'You must enter a mobile number in at least one of the Guardian1 or Guardian2 Mobile fields.'; } else { // if Mother mobile if(!is_numeric($_POST['guardian1_mobile']) || strlen(trim($_POST['guardian1_mobile'])) != 7) { // number must be numeric and exactly 7 digits $errors[] = '<strong>Guardian1 mobile</strong>: please enter a 7-digit number without spaces or dashes.'; } else { $_SESSION['guardian1_mobile'] = $_POST['guardian1_mobile']; } // if Father mobile if(!is_numeric($_POST['guardian2_mobile']) || strlen($_POST['guardian2_mobile']) != 7) { $errors[] = '<strong>Guardian2 mobile</strong>: please enter a 7-digit number without spaces or dashes.'; } else { $_SESSION['guardian2_mobile'] = $_POST['guardian2_mobile']; } } However, when I leave both fields blank, errors for the 'else' part of the condition are returned ('Please enter a 7-digit number...'). But it should never get as far as the 'else'.... Can anyone tell me what's wrong with my logic in the first line?... Thanks in advance. Similar TutorialsHey guys,
Thank you in advance... here is my situation, I have a form with three (3) fields in it, the 'student name' is unlimited textfield with an "add more" button to it and I have two select fields ('number of shirts' and 'trophies') that depend on the number of entries for 'student name'...
I want to create the select fields based on this math, for as many 'student name' entries:
1- i want to have the select form for 'number of shirts' to be 0 up to that number... so if there are 6 'student name' entries, the select options will be 0,1,3,4,5,6,7
2- I want to have the select form for 'trophies' to be 5 'student name' entries to 1 'trophies', for example if there are 6 'student name' entries, the select options will be 0,1... if there are 13 entries, options will be 0,1,2... So if there are less than 5 'student name' entries, the select field will not show (hidden)
of course if there are no 'student name' entries, these two fields won't show up (hidden)
let me know if that make sense and ANY help or directions will be GREATLY APPRECIATED.
Thanks guys!
I have a calendar select date function for my form that returns the date in the calendar format for USA: 02/16/2012. I need to have this appear as is for the form and in the db for the 'record_date' column, but I need to format this date in mysql DATE format (2012-02-16) and submit it at the same time with another column name 'new_date' in the database in a hidden input field. Is there a way to do this possibly with a temporary table or something? Any ideas would be welcome. Doug I have a website with a variable number of inputs in various categories. I want to allow the user to add rows to the table with the input lines in every category. The table looks like this:
<tr><th>Working Capital Changes</th></tr><tr><td><input type="hidden" name="category_code[]" value="WORK"><input type="text" name="description[]" value="Increase (decrease) in working capital" size="60"></td> <td><input type="text" name="amount[1][]" value="" onblur="this.value = formatNumber2Comma(this.value);" ></td></tr> <tr><td><input type="hidden" name="category_code[]" value="WORK"><input type="text" name="description[]" value="" size="60"></td> <td><input type="text" name="amount[1][]" onblur="this.value = formatNumber2Comma(this.value);" ></td></tr> <tr><th>Depreciation and Amortization</th></tr><tr><td><input type="hidden" name="category_code[]" value="DEPR"><input type="text" name="description[]" value="Depreciation and Amortization (for taxes)" size="60"></td> <td><input type="text" name="amount[1][]" value="" onblur="this.value = formatNumber2Comma(this.value);" ></td></tr> <tr><td><input type="hidden" name="category_code[]" value="DEPR"><input type="text" name="description[]" value="" size="60"></td><td><input type="text" name="amount[1][]" onblur="this.value = formatNumber2Comma(this.value);" ></td></tr>I tried adding the following near the top of the page: <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script> <script type="text/javascript"> var count = 0; $(function(){ alert ('wow'); $('tr#add_field').click(function(){ alert ('whee'); count += 1; $('#container').append('<table><tr><td><input id="field_' + count + 'type="hidden" name="category_code[]" value="DEPR"><input type="text" name="description[]" value="" size="60"></td><td><input type="text" name="amount[1][]" onblur="this.value = formatNumber2Comma(this.value);" ></td></tr></table>' ); }); });I get the wow alert on page load and whee when I click the link: <tr id="add_field"><th><a href="#">Click to add another line</a></th></tr>that I added to the bottom of the table before the </table> but I do not get an additional line I have tried moving the add_field line outside of the table and changing the <tr></tr> to a <p></p> but that does not help. Hello, i need to validate 200 input fields if they are not empty, i have the following code where i'm stuck and i'm missing something any help is appreciated Code: [Select] if($_SERVER['REQUEST_METHOD'] == 'POST') { //print_r($_POST); foreach ($_POST as $value) { if (empty($value)){ echo 'empty'; } else { echo 'notempty'; } } } I'm certain this has been done a hundred times before, but I have been unable to find any information on an efficient way of doing this: I'm creating a membership system, and the password for new users needs to contains both numbers and letters. How do I go about checking this? The key is not that it contains only numbers and letters, but that it contains both. The password cannot be all letters or all numbers. Know what I mean? Cheers guys and gals. can someone tell me why this won't work? I just want to key in the amtpaid and have fields inserted. I get no errors but the only field inserted is the datepaid . <html><head> <script> function $_(IDS) { return document.getElementById(IDS); } function calculate_paid() { var amtpaid = parseInt($_("amtpaid").value); var rentdue = parseInt($_("rentdue").value); var prevbal = parseInt($_("prevbal").value); var secdep = parseInt($_("secdep").value); var latechg = parseInt($_("latechg").value); var damage = parseInt($_("damage").value); var courtcost = parseInt($_("courtcost").value); var nsf = parseInt($_("nsf").value); var hudpay = parseInt($_("hudpay").value); var late = ($_("late").value); var paidsum = parseInt($_("paidsum").value); var dateNow = new Date(); var dayNow = dateNow.getDate(); var datePaid = (dateNow.getMonth()+1)+"/"+dateNow.getDate()+"/"+dateNow.getFullYear(); $_('datePaid').value = datePaid; if(dayNow > 5) { late = "L"; prevbal = prevbal + 10; } paidsum = paidsum + amtpaid var tentpay = amtpaid - hudpay; var totOwed = rentdue + prevbal - hudpay; var left = totOwed - amtpaid; if (amtpaid <= totOwed) { prevbal = left; } left = amtpaid - totOwed; if (left <= secdep) { secdep = secdep - left; } left = left - secdep; if (left <= damage) { damage = damage - left; } left = left - damage; if (left <= latechg) { latechg = latechg - left; } left = left - latechg; if (left <= courtcost) { courtcost = courtcost - left; } left = left - courtcost; if (left <= nsf) { nsf = nsf - left; } prevbal = left - nsf; } </script> </head><body> <?php mysql_connect(localhost,root,""); mysql_select_db(test) or die( "Unable to select database"); if(!empty($_POST["submit"])) { $apt = $_POST['apt']; $query="SELECT * FROM testdata Where apt='$apt'"; $result=mysql_query($query); if(mysql_num_rows($result)) { echo "<form action='#' method='post'><b>Rent Payment :<br /><br /> <table cellspacing=0 cellpadding=0 border=1> <tr> <th>Name</th> <th>Apt</th> <th>Paid</th> <th>Due</th> <th>Prev Bal</th> <th>Sec Dep</th> <th>Late Chg</th> <th>Dmg</th> <th>Court Cost</th> <th>NSF</th> <th>Tent Pay</th> <th>Hud Pay</th> <th>Date Paid</th> <th>Late</th> <th>Comments</th> <th>Paidsum</th> </tr>"; while($row = mysql_fetch_assoc($result)) { echo "<tr> <td><input type='text' size=25 name='name' value='" . $row['name'] . "'></td> <td><input type='text' size=2 name='apt' value='" . $row['apt'] . "' ></td> <td><input type='text' size=4 id='amtpaid' name='amtpaid' value='" . $row['amtpaid'] ."' onBlur='calculate_paid(this)'></td> <td><input type='text' size=4 id='rentdue' name='rentdue' value='" . $row['rentdue'] . "'></td> <td><input type='text' size=4 id='prevbal' name='prevbal' value='" . $row['prevbal'] ."'></td> <td><input type='text' size=4 id='secdep' name='secdep' value='" . $row['secdep'] ."'></td> <td><input type='text' size=4 id='latechg' name='latechg' value='" . $row['latechg'] ."'></td> <td><input type='text' size=4 id='damage' name='damage' value='" . $row['damage'] ."'></td> <td><input type='text' size=4 id='courtcost' name='courtcost' value='" . $row['courtcost'] ."'></td> <td><input type='text' size=4 id='nsf' name='nsf' value='" . $row['nsf'] ."'></td> <td><input type='text' size=4 id='tentpay' name='tentpay' value='" . $row['tentpay'] . "'></td> <td><input type='text' size=4 id='hudpay' name='hudpay' value='" . $row['hudpay'] ."'></td> <td><input type='text' size=10 id='datepaid' name='datepaid' value='" . $row['datepaid'] . "'></td> <td><input type='text' size=1 id='late' name='late' value='" . $row['late'] . "'></td> <td><input type='text' size=25 name='comments' value='" . $row['comments'] . "'></td> <td><input type='text' size=4 id='paidsum' name='paidsum' value='" . $row['paidsum'] . "'></td> </tr>"; } echo "</table> <input type='submit' name='update' value='Make Payment' /> </form>"; } else{echo "No listing for apartment $apt.<br />Please select another.<br />";} } if(!empty($_POST["update"])) { $sql = "UPDATE testdata SET name = '" . mysql_real_escape_string($_POST['name']) . "', amtpaid = '" . mysql_real_escape_string($_POST['amtpaid']) . "', rentdue = '" . mysql_real_escape_string($_POST['rentdue']) . "', prevbal = '" . mysql_real_escape_string($_POST['prevbal']) . "', secdep = '" . mysql_real_escape_string($_POST['secdep']) . "', latechg = '" . mysql_real_escape_string($_POST['latechg']) . "', nsf = '" . mysql_real_escape_string($_POST['nsf']) . "', damage = '" . mysql_real_escape_string($_POST['damage']) . "', courtcost = '" . mysql_real_escape_string($_POST['costcost']) . "', tentpay = '" . mysql_real_escape_string($_POST['tentpay']) . "', hudpay = '" . mysql_real_escape_string($_POST['hudpay']) . "', datepaid = '" . mysql_real_escape_string($_POST['datepaid']) . "', late = '" . mysql_real_escape_string($_POST['late']) . "', comments = '" . mysql_real_escape_string($_POST['comments']) . "', paidsum = '" . mysql_real_escape_string($_POST['paidsum']) . "' WHERE apt='".$_POST["apt"]."'"; mysql_query($sql) or die("Update query failed."); echo "Record for apartment ".$_POST["apt"]." has been updated"; } ?><form method="post" action="#"> <br /> <input type="text" name="apt"/> <p> <input type="submit" name="submit" value="select apartment"/> </form> </body></html> Hello people, thank you to everyone that has helped me on this forum. You have been terrific. I am submitting a form to a database and am having a small problem with the validation scripts. Basically if the user doesn't put something into one of the fields they get an error message. However, I am keeping the information already submitted in the input box with the following code Code: [Select] <input type='text' name='username' size = '40' maxlength='30' value = '<?php echo $username; ?>'> This is so that the user doesn't have to input the same data again if he forgot one box. How do I do the same for "drop down" boxes? Here is the code from the form for the "ppr" (aviation terms 'Prior Permission Required') Code: [Select] <select name = "ppr"> <option value = "Yes">Yes </option> <option value="No">No </option> </select> The problem I have is that there are quite a number of these drop down boxes on the form I have created. And it always goes back to the first "option value" when there is an error. I do have a variable for $ppr, please could someone tell me how to incorporate it so that the user doesn't have to select the correct option value all over again. Hope my explanation is clear. Thanks in advance. I have an email form that is sending to an email address. There are five fields where the person sending can input their Name, Address, City, State, and Zip. Everything is working, except I want the input from these fields to be the the headers in the PHP email. For instance it submits and send the letter, but I want the senders Name, Address, City, State, and Zip to be posted after the "Sincerely" in the letter sent. Here is what the input boxes of the form looks like: Code: [Select] <p>Sincerely,<br /> <label for="from">Name:</label> <input type="text" name="from" id="name" value="<?php echo $_POST['from'];?>"/><br /> <label for="street">Street:</label> <input type="text" name="street" id="street" value="<?php echo $_POST['street'];?>"/><br /> <label for="city">City:</label> <input type="text" name="city" id="city" value="<?php echo $_POST['city'];?>"/><br /> <label for="zip">Zip:</label> <input type="text" name="zip" id="zip" value="<?php echo $_POST['zip'];?>"/><br /> <label for="email">E-mail:</label> <input type="text" name="email" id="email" value="<?php echo $_POST['email'];?>"/></p> <input type="submit" class="button" value="Submit" /> How do I go about posting the PHP headers in the email upon submission? Hey all, Another question for you. How does one make it so that the selections (choices) a user selects for dynamic selection boxes remain after the form is posted, which does post back to itself? I've tried JavaScript using the "name" of the selection box as the id but I must be doing something wrong because it's not working..as usual lol. The values in the selection boxes are populated dynamically so I'm not sure how to do this. Thank you. Hey Guys. I have a quick question. Should i "prep" input values coming from a radio or checkbox input field? Can an SQL injection occur through those 2 input fields, or is it only text fields?
Hi all, I'm working on this site which I'll soon ask the guys in the testing forum to have a peek at. It's essentially an online community that was a uni project that has spiraled and grown exponetially. I've spent many many hours in front of books and tutorals etc to put it together and as far as scripting goes, it seems to be fine. The problem i'm having...The tut's that I read / watched were using eregi_replace to protect text fields and this is now unsuported. I want my site to be as secure as it can be, within reason. I've tried using preg_replace instead and have searched for the syntax but i keep getting strang results. I'm working on the "bio" field at the moment and then when that works I can move on and a-ply the same idea to the other fields. This si what I have and what I've changed. if ($_POST['parse_var'] == "bio"){ $bio_body = $_POST['bio_body']; //$bio_body = str_replace("'", "'", $bio_body); (WAS TESTING THIS BUT NO JOY) //$bio_body = str_replace("`", "'", $bio_body); $bio_body = mysql_real_escape_string($bio_body); $bio_body = nl2br(htmlspecialchars($bio_body)); $bio = $_POST['bio']; $bio = eregi_replace("'", "'", $bio); (This works but is not as secure) $bio = eregi_replace("`", "'", $bio); $bio = mysql_real_escape_string($bio); $bio = nl2br(htmlspecialchars($_POST['bio'])); $sqlUpdate = mysql_query("UPDATE members SET bio='$bio' WHERE id='$id'"); and so on....} When I change it to str_replace if I type in don't the whole word is deleted. when I type in preg I get an error. Can someone please give me the correct code / syntax for getting the result I want. I just want to make sure that every single field that has a user input is protected against any malicious attacks. Thanks. Hi I have a form that is to input data from input fields to a table. The form is as follows: $query = $DB->query("SELECT country_code, country_id, IF(country_code = '".$country_code."', '', '') AS sel FROM exp_sme_countries WHERE site_id='".$this->settings['site_id']."' ORDER BY country_name ASC"); foreach ($query->result as $row) { $options .= '<label>' . 'Phrase for ' . $this->settings['countries'][$row['country_code']] . '</label>' . '<br />'; $options .= '<input style="width: 100%; height: 5%;" id="country_data" type="text" name="country_id[]" />' . '<br /><br />'; $options .= '<input type="hidden" name="country_data[' . $row['country_id'] . ']" value="'.$row['country_id'].'" />'; } This outputs: Code: [Select] <input style="width: 100%; height: 5%;" id="country_data" type="text" name="country_id[]" /> <input type="hidden" name="country_data[68]" value="68" /> <input style="width: 100%; height: 5%;" id="country_data" type="text" name="country_id[]" /> <input type="hidden" name="country_data[28]" value="28" /> What I need to do, is get the values from the input fields and then match them with the correct hidden field value So if in the first input field, I typed in 'Test data' and the second input, i typed 'This is great' On the POST, I need to find the the value ('Test data') and also the value from the hidden field. So something like: Quote The text you entered is: Test data with hidden value of 68 The text you entered is: This is great with hidden value of 28 I'd rather not use $_GET as this is a form that inserts data into a database. Could someone point my in the right direction or provide an example? I would like to split the field specific location on a page into two fields. ( This is how it looks now: http://qwikad.com/?view=post&cityid=269&lang=en&catid=3&subcatid=27&shortcutregion= ) I want keep the same MySQL table for that field but make it possible for visitors to enter 2 separate texts. This is how the code looks right now: <input name="area" type="text" size="40" class="input" maxlength="50" value="<?php echo $data['area']; ?>"> I am not strong in PHP programming at all, so I tried to copy and paste that field twice, but it only posts one entry out of the two. Can this be done? I built a basic form with certain fields required. When a required field isn't filled, the errors are echoed but not in the best area. I'd like for each error message to be displayed underneath their respected input fields. What do I need to look into? <?php if(!empty($_POST['submit'])) { // set variables $name = mysql_real_escape_string($_POST['name']); $email = mysql_real_escape_string($_POST['email']); $email2 = mysql_real_escape_string($_POST['email2']); $age = mysql_real_escape_string($_POST['age']); $city = mysql_real_escape_string($_POST['city']); $state = mysql_real_escape_string($_POST['state']); // 1A. REQUIRED FIELDS VERIFICATION if(!empty($name) && !empty($email) && !empty($email2) && !empty($city) && !empty($state)) { // 1B. END REQUIRED FIELDS VERIFICATION } else { echo '<img src="images/icon_error.png" alt="" title="" /> Please fill out the required fields.<br />'; if (empty($name)) { echo 'Whats your name?!<br />'; } if (empty($email)) { echo 'No email given.<br />'; } if (empty($email2)) { echo 'Please verify your email<br />'; } if (empty($city)) { echo 'What city are you from?<br />'; } if (empty($state)) { echo 'What State!<br />'; } echo '<br /><br />'; } // 1B. END REQUIRED FIELDS ERROR CODES } ?> <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post"> <div class="formSec"><label for="name" class="required">Full Name:</label> <input type="text" name="name" id="name" value="" /></div> <div class="formSec"><label for="email" class="required">Email:</label> <input type="text" name="email" id="email" value="" /></div> <div class="formSec"><label for="email2" class="required">Confirm Email:</label> <input type="text" name="email2" id="email2" value="" /></div> <div class="formSec"><label for="age" class="required">Age:</label> <input type="text" name="age" id="age" value="" /></div> <div class="formSec"><label for="city" class="required">City:</label> <input type="text" name="city" id="city" value="" /></div> <input class="submit" type="submit" name="submit" value="Submit" /> </form> I have a problem w/ a widely used password protect php code. I use a business directory program that allows custom input fields. I'm using this code to password protect a business listing page in my directory code. I created custom fields for the username & password so a listing can enter their own user/pass but when I test it it won't work when I'm calling/echoing the fields. When I hardcode it w/ a user/pass it works. Any ideas on how I should recode this?: Quote <?php // Define your username and password $username = "<?php echo $custom_74; ?>"; $password = "<?php echo $custom_16; ?>"; if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) { ?> <h1>Login</h1> <form name="form" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <p><label for="txtUsername">Username:</label> <br /><input type="text" title="Enter your Username" name="txtUsername" /></p> <p><label for="txtpassword">Password:</label> <br /><input type="password" title="Enter your password" name="txtPassword" /></p> <p><input type="submit" name="Submit" value="Login" /></p> </form> <?php } else { ?> I close the code correctly. <?php echo $custom_74; ?> & <?php echo $custom_16; ?> are just incidently my custom field echo codes. I have over 150 custom fields working fine for user/listee options. The password protect code won't accept echos it seems as coded above. Thanks, Gene On all my forms, after I send an empty string to one field, it will stop accepting values when I resubmit. My code passes through the W3C validator Any ideas?? Hello All: Trying to work with PHP on a contact form with a jQuery Validation to make certain that the visitors fill out the required information. I'll try to show everything that I have, and then the error I am getting when the visitor hits "submit." I don't know PHP all that well, and trying to learn my way through it. I used a couple of tutorials to add the features I needed and did my own styling on the live site. Here is the PHP that is currently in the header of my markup: <?php //If the form is submitted if(isset($_POST['submit'])) { //Check to make sure that the First name field is not empty if(trim($_POST['firstname']) == '') { $hasError = true; } else { $firstname = trim($_POST['firstname']); } //Check to make sure that the Last name field is not empty if(trim($_POST['lastname']) == '') { $hasError = true; } else { $lastname = trim($_POST['lastname']); } //Check to make sure that the Street Address 01 field is not empty if(trim($_POST['street01']) == '') { $hasError = true; } else { $street01 = trim($_POST['street01']); } //If Street02 is filled out, give it a value $street02 = $_POST['street02']; //Check to make sure that the City field is not empty if(trim($_POST['city']) == '') { $hasError = true; } else { $city = trim($_POST['city']); } //Check to make sure that the State field is not empty if(trim($_POST['state']) == '') { $hasError = true; } else { $state = trim($_POST['state']); } //Check to make sure that the Zip field is not empty if(trim($_POST['zip']) == '') { $hasError = true; } else { $zip = trim($_POST['zip']); } //If Email is filled out, give it a value $email = $_POST['email']; //If Telephone is filled out, give it a value $telephone = $_POST['telephone']; //Default Subject Value $subject = "VMC Inquiry"; //Check checkboxes foreach($_POST['check'] as $value) { $check_msg = "Checked: $value\n"; } //If Message is filled out, give it a value $comment = $_POST['comment']; //If there is no error, send the email if(!isset($hasError)) { $emailTo = 'xxxx.xxxx@gmail.com'; //Put your own email address here $body = "Name: $firstname $lastname \n\nStreet Address: $street01 \n\nStreet Address*: $street02 \n\nCity: $city \n\nState: $state \n\nZip: $zip \n\nEmail*: $email \n\nTelephone*: $telephone \n\nCheck Box: $check_msg \n\nMessage:\n $comment"; $headers = 'From: XXXXX <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email; mail($emailTo, $subject, $body, $headers); $emailSent = true; } } ?> So basically I am using classes to say whether or not something is required, which ties into the jQuery validation. If it isn't required, whatever the visitor types into the box is put into something like "$telephone" which is then printed in the e-mail. The markup for the forms in the body is the following: Code: [Select] <p class="contact-text-right">For more information, or to have a list of our properties mailed to you, please fill out the form below.</p> <div id="contact-wrapper"> <?php if(isset($hasError)) { //If errors are found ?> <p class="error">Please check if you've filled all the fields with valid information. Thank you.</p> <?php } ?> <?php if(isset($emailSent) && $emailSent == true) { //If email is sent ?> <p class="accept"><strong><?php echo $firstname;?>,Your Email Successfully Sent!</strong></p> <?php } ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform"> <div id="names"> <label for="firstname"><strong>First Name:</strong></label> <input type="text" name="firstname" id="firstname" value="" class="required" /> <label for="lastname"><strong>Last Name:</strong></label> <input type="text" name="lastname" id="lastname" value="" class="required" /> </div> <div id="address01"> <label for="street01"><strong>Street Address:</strong></label> <input type="text" name="street01" id="street01" value="" class="required" /> </div> <div id="address02"> <label for="street02"><strong>Street Address*:</strong></label> <input type="text" name="street02" id="street02" value="" /> </div> <div id="city"> <label for="city"><strong>City:</strong></label> <input type="text" name="city" id="city" value="" class="required city" /> <label for="state"><strong>State:</strong></label> <input type="text" name="state" id="state" value="" class="required state" /> <label for="zip"><strong>Zip Code:</strong></label> <input type="text" name="zip" id="zip" value="" class="required zip" /> </div> <div id="email"> <label for="email"><strong>E-mail*:</strong></label> <input type="text" name="email" id="email" value="" class="email"/> <label for="telephone"><strong>Telephone*:</strong></label> <input type="text" name="telephone" id="telephone" value="" class="telephone" /> <p class="bottom">*Optional fields.</p> </div> <div class="checkbox"> <p><input type="checkbox" name="check[]" value="properties">XXX</p> <p><input type="checkbox" name="check[]" value="contact-regarding">XXXX</p> <p class="indent">(Please list properties or ask specific questions in the space below.)</p> </div> <div id="comment"> <label for="comment"></label> <textarea name="comment" id="comment" ></textarea> </div> <div id="button"> <input type="submit" value="Send Message" name="submit" /> </div> </form> All seems well until I hit submit on the live site. I think get this error returned to me: Warning: Invalid argument supplied for foreach() in ......./html/development/contact.php on line 64 The e-mail goes through, with all the information, no problems! I just can't get this error message to go away. Line 64 of contact.php is where the checkbox coding is: //Check checkboxes foreach($_POST['check'] as $value) { $check_msg = "Checked: $value\n"; } I know I've submitted a lot of code here, and tried to narrow you down to the exact spot I think the problem is, but hopefully some of you PHP gurus can pick out the flaw in a heartbeat. I really appreciate all the help. B First, Happy X-Mas to all! I want to do a form for entering dog-show results. On first site of form the user is able to enter how many dogs for each class (there are youth and open class for example) he want to insert. So on second site there will be formfields for every dog in every class, created with php. User should be able to take dogname from jquery autocomplete - this works for multiple fields. But i need the according id to the dogname - and actual only one id is given - the first one is changing by choosing from autocomplete in next fields... Data came from a json array like 0: {dogidindatabase: "9892", value: "Excalibur Khali des Gardiens de la Cour ",…} dogidindatabase: "9892" label: "<img src='../main/img/female.png' height='20'>Excalibur Khali des Gardiens de la Cour " value: "Excalibur Khali des Gardiens de la Cour " 1: {dogidindatabase: "15942", value: "Excalibur from Bandit's World Kalli",…} dogidindatabase: "15942" label: "<img src='../main/img/male.png' height='20'>Excalibur from Bandit's World Kalli" value: "Excalibur from Bandit's World Kalli"all i need is inside ... the script in form is <script type='text/javascript'> //<![CDATA[ $(function() { $(".dog").autocomplete({ source: "xxx.php", minLength: 3, select: function(event, ui) { $('#dogidindatabase').val(ui.item.dogidindatabase); } }); $["ui"]["autocomplete"].prototype["_renderItem"] = function( ul, item) { return $( "<li></li>" ) .data( "item.autocomplete", item ) .append( $( "<a></a>" ).html( item.label ) ) .appendTo( ul ); }; }); //]]> </script>and the form looked like <input type='text' name='dog' class='dog' value='".strip_tags(${'dogname' .($countbabymale+1)})."' size='35' data-required='true' /><br> <input class='readonly' readonly='readonly' type='text' id='dogidindatabase' name='dogidindatabase' size='5' />I changed in script and form id='dogidindatabase' to class, but it doesn´t work. Testsite is under http://www.wolfdog-d...how.php?lang=de (only german at first) - Insert a number (higher than 1) under baby 3-6 (first box, the others are not working for testing); submit to get to page 2; you see all post-variables (for testing). Try to insert a dogname in first input-field (choose "exc") and insert first one - the id is under dogname. In second dogname inputfield you can choose second dog - the id for the first one changes to id of seond one .... How can i get both for every dog? I am writing a script that will parse my PHP classes and check for things like coupling, visualize my objects and connections, dependencies, check for convention usage, etc.
So, I have a simple file upload. I'm never saving the files, just get contents and dump the file and work with the string version.
I'm writing it for me, but I figure I might want to open it for others to use in the future, so I may as well write it that way to begin with -- so I need to validate user input. Problem is, the user input is supposed to be valid PHP code. I'm thinking that, as long as I'm careful, I shouldn't be executing any code contained in strings, but I'm no security expert and I want a warm fuzzy that my thought on this is correct. What kinds of things do I need to look out for? Is it possible to inject when working with strings?
My initial thought is to regex the entire file and replace key portions with known replacements. So ( and ) would become !* and !^ or $ would become @~ (combinations that -- I think -- don't make sense to php?) But that may be completely unnecessary processing time if I'm not in any danger, here. Thanks ahead of time for any help.
PS - as a side question -- what's the best way to verify a file is a php file? I know of getimagesize for images, but should I just check for <? to verify it's php? That seems like it would be too easy to fool -- then again, it might not matter much.
-Adam
|