|
PHP - Form Validation : Showing Errors Without Passing Inputs
Hello,
I am doing a php registration form, file name is register.php Code: [Select] <?php include("config.php"); $submit = strip_tags($_POST['submit']); $username = strip_tags($_POST['user_box']); $password = md5(strip_tags($_POST['pass_box'])); $cpassword = md5(strip_tags($_POST['c_pass_box'])); $email = strip_tags($_POST['email_box']); $mobile = $_POST['mobile_box']; $ip = $_SERVER['REMOTE_ADDR']; $date = date('Y-m-d'); $time = date('h-i-s'); $i = 0; $checkusername = mysql_num_rows(mysql_query("SELECT * FROM members WHERE username='$username'")); $checkemail = mysql_num_rows(mysql_query("SELECT * FROM members WHERE email='$email'")); /* Validating username field */ if($username != NULL) { if (strlen($username) > 15 || strlen($username) < 6) { echo "<p>Username must be in range of 6 to 15 Characters.</p>"; } else { //check in DB if ($checkusername == 1) { echo "<p>Username already exist in database.</p>"; } else { $i++; } } } else { echo "<p>Username cannot be Blank</p>"; } /* ----------validating password field---------- */ if ($password != "d41d8cd98f00b204e9800998ecf8427e" || $cpassword != "d41d8cd98f00b204e9800998ecf8427e") { if ($password == $cpassword) { if (strlen($password) > 16 && strlen($password) < 4) { echo "<p>password must be in range of 4 to 16 Characters.</p>"; } else { $i++; } } else { echo "<p>Passwords do not match.</p>"; } } else { echo "<p>Password cannot be empty</p>"; } /* ----------Validating Passwords End---------- */ /* ----------Validating Email field Starts---------- */ if($email != NULL) { if($checkemail == 1) { echo "<p>Email already exist.</p>"; } else { $i++; } } else { echo "<p>Email field cannot be empty.</p>"; } /* ----------Validating Email fiend ends---------- */ /* ----------Validating Email field Starts---------- */ if($mobile != NULL) { if(strlen($mobile) >10) { echo "<p>Mobile cannot be more than 10 digits long</p>"; } else { $i++; } } else { echo "<p>Mobile field cannot be empty.</p>"; } /* ----------Validating Email fiend ends---------- */ if ($i == 4) { mysql_query("INSERT INTO members (username, password, email, mobile, ip, date, time) VALUES ('$username', '$cpassword', '$email', '$mobile', '$ip', '$date', '$time')"); echo "<p>Successful Registration Done !</p>"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <form id="form1" name="form1" method="post" action=""> <table width="576" height="229" border="0"> <tr> <td width="139">Username :</td> <td colspan="2"><label for="user_box"></label> <input type="text" name="user_box" id="user_box" size="30" height="30" /> (Between 6 to 15 Characters)</td> </tr> <tr> <td>Password :</td> <td colspan="2"><label for="pass_box"></label> <input type="password" name="pass_box" id="pass_box" size="30" height="30" /> (Between 4 to 16 Characters)</td> </tr> <tr> <td>Confirm Password :</td> <td colspan="2"><label for="c_pass_box"></label> <input type="password" name="c_pass_box" id="c_pass_box" size="30" height="30" /></td> </tr> <tr> <td>Email Address :</td> <td colspan="2"><label for="email_box"></label> <input type="text" name="email_box" id="email_box" size="30" height="30" /></td> </tr> <tr> <td>Mobile No. :</td> <td colspan="2"><label for="mobile_box"></label> <input type="text" name="mobile_box" id="mobile_box" size="30" height="30" /> (10 Characters)</td> </tr> <tr> <td> </td> <td width="171"><input type="submit" name="submit" id="submit" value="Submit" /></td> <td width="252"><input type="reset" name="button2" id="button2" value="Reset" /></td> </tr> </table> </form> </body> </html> When I load page, it shows following errors before Username cannot be Blank Password cannot be empty Email field cannot be empty. Mobile field cannot be empty. What I want is on loading page i.e. before giving any inputs, it should not show any errors. Need help Similar TutorialsI have a html for that posts to a form processing script which is fully functional atm, in the processing script i have if statements, if the condition is met it updates tables in database, if there not met i echo a "not met" statment. problem is my form processing script just goes straight back to the index.php page using the following code; header('Location: index.php'); here is the form processing script: <?php session_start(); header('Location: index.php'); include "connect.php"; $id = $_SESSION['id']; $user = $_SESSION['user']; $ticketNumber = $_POST[ticketNumber]; //echo $_POST[ticketNumber]; $today = date('Y-m-d H:i:s', time() - 3600); // Query "Ticket" Table to check if user has purchased a "regular" ticket within the last 24 hours $query24hour = mysql_query("SELECT * FROM tickets WHERE username = '$user' AND HOUR(TIMEDIFF(NOW() , purchaseDate)) < 24;") or die(mysql_error()); // Query "promoTickets" table to grab information of previous tickets bought to the "promotional" auction and LIMIT tickets to 1 per user for "promotional" auctions. $querySold = mysql_query("SELECT * FROM promoTickets WHERE promoID='$_POST[promoID]' AND (ticketNumber='$ticketNumber' OR username = '$user');") or die(mysql_error()); //echo $querySold; $sold = mysql_fetch_assoc($querySold); //print_r($sold); //echo $sold; //echo query24hour; $querycount24hour = mysql_num_rows($query24hour); //echo $querycount24hour; //check if ticket is sold and if user has purchased a "regular" ticket within 24 hours if(empty($sold)!=FALSE and $querycount24hour >= 1){ //Checks users balance to see if they have enough for the ticket $queryBal = mysql_query("SELECT user_iskbalance FROM users WHERE username = '$user';") or die(mysql_error()); //echo $querySold; //echo $user; //echo $queryBal; $balArray = mysql_fetch_assoc($queryBal); $bal = $balArray[user_iskbalance]; $newBal = $bal-$_POST[ticketPrice]; //check if he has the money to buy the ticket if($bal>=$_POST[ticketPrice]){ //remove the money $queryBalRemoveal = mysql_query("UPDATE `users` SET `user_iskbalance`='$newBal' WHERE `username`='$user';") or die(mysql_error()); //buy ticket & insert data into "promoTickets" table $query = mysql_query("INSERT INTO promoTickets(promoID, username, charID, ticketNumber, ticketPrice, purchaseDate) VALUES ('$_POST[promoID]', '$user', '$id', '$_POST[ticketNumber]', '$_POST[ticketPrice]', '$today');") or die(mysql_error()); } else{ die("Insufficent balance. Please add more ISK") ; } } else{ die("Ticket has already been Sold or you have already bought a ticket to this promotion..!"); } ?> any way i can get the errors to be passed onto the index.php (with the form) and echo them there? as it stands errors arnt shown to the users and its confusing people Been screwing around on Google for about 3 hours trying to find a tutorial on what I am trying to do with absolutely no luck! I am simply trying to get my test script to echo errors from an array when a form criteria does not validate. This is my final revision which is still not working! Can someone please tell me what I am doing wrong? No matter what I do, I can't get away from this error: Notice: Undefined variable: error in C:\wamp\www\php\form_validation.php on line 13 <?php $o = $error[]; // test echo $o; // test if(!preg_match('/[^0-9A-Za-z]/',$_POST['first_name'])) { $error[] = "Please enter a valid First Name"; ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> First Name:<br /> <input name="first_name" type="text" size="50" maxlength="50" /><br /><br /> <input type="submit" /><br /><br /> </form> Hi Guys, I have built a contact form recently and with help from you guys I managed to add a file upload facility to it, however I am now stuck on something else. The form validation that I have written is always showing the form as not valid when it should be. I'm not sure if it is related to the javascript I have attached to the fields, I have never combined the two things this way before and I am not sure how to fix it. I would be most appreciative of any help you can give me. Here is my code: <?php // BEGIN SOCKET IMPLEMENTATION require_once($_SERVER['DOCUMENT_ROOT'] . '/socket/globals.php'); //Sets the static pageID if ($_GET['article']) { if ($_GET['revision']) { // If viewing a revision from SOCKET $dblookup = "SELECT articleID, datePosted, articleTitle, permaLink, articleBody, sideBody, parent FROM core_pages_revisions WHERE(revisionID ='".$_GET['revision']."') LIMIT 1"; } else { $dblookup = "SELECT articleID, datePosted, articleTitle, permaLink, articleBody, sideBody, parent FROM core_pages WHERE(articleID ='".$_GET['article']."') OR (permaLink ='".$_GET['article']."'"; if($_GET['parent']) { $dblookup .= " AND parent ='".$_GET['parent']."'"; } $dblookup .= ") LIMIT 1"; } $data = mysql_query($dblookup) or die('Failed to return data: ' . mysql_error()); if (mysql_num_rows($data) == 0) { redirect_to('/404');exit;} /* sorts the data into variables and puts them in an array ready to be called when needed */ while(list($articleID, $datePosted, $articleTitle, $permaLink, $articleBody, $sideBody, $parent) = mysql_fetch_array($data, MYSQL_BOTH)) { $meta_title = html_entity_decode(stripslashes("$articleTitle")); $module_ID = 2; $theH1 = '<h1>' . stripslashes(html_entity_decode($articleTitle)) . '</h1>'; $theParent = $parent; $parentUrl = $_SERVER['HTTP_REFERER']; require_once('' . $serverroot . '/style/standard/head.php'); require_once('' . $serverroot . '/style/standard/head2.php'); require_once('style/standard/header.php'); if(isset($_POST['submit'])) { // form validation if($_POST['first_name'] == 'First Name'||$_POST['last_name'] == 'Last Name'||$_POST['your_company'] == 'Company'||$_POST['your_email'] == 'Email'||$_POST['your_telephone'] = 'Telephone') { $errors = "please ensure all mandatory fields are completed"; } else { /* Deals with file uploading */ if (($_FILES["ttt"]["size"] < 500000)) { if ($_FILES["ttt"]["error"] > 0) { echo "Return Code: " . $_FILES["ttt"]["error"] . "<br />"; } else { move_uploaded_file($_FILES["ttt"]["tmp_name"], "upload/" . $_FILES["ttt"]["name"]); $fileLink = $siteroot. "/upload/" . $_FILES["ttt"]["name"]; } } else { echo "Invalid file"; } $to = str_replace('info', 'sales', $sc_email); $subject = "Quotation request from website"; $body = "From: ".$_POST['first_name']." ".$_POST['last_name']."\n"; if ($_POST['job_title']) { $body .= "(".$_POST['job_title']." at ".$_POST['your_company'].")\n"; } $body .= "E-Mail: ".$_POST['your_email']."\n"; $body .= "Telephone: ".$_POST['your_telephone']."\n"; $body .= "Address:\n ".$_POST['your_address']." ,".$_POST['your_country']."\n\n"; $body .= "Project: ".$_POST['project_details']."\n"; $body .= "Translate to: ".$_POST['lang_target']." from ".$_POST['lang_source']."\n"; $body .= "by: ".$_POST['project_deadline']; $body .= "The text: ".$_POST['text_to_translate']; $body .= "Link to attachment: <a href=".$fileLink."> Link </a>"; } if (!$errors) { echo '<h1> Email Sent! </h1>'; echo '<p>Thank you for your enquiry.</p> <p>If it is required a representative will contact you as soon as possible</p><p><strong>Please note:</strong></p> <p>We endeavour to respond to all requests within ' . $sc_response_time . ' however during busy or holiday periods this may increase. </p>'; mail($to, $subject, $body); } else { echo $errors; } } //Main content starts here /****************************/ /* Page starts here */ /****************************/ //echo '<img class="hidden" src="'.$siteroot.'/Scripts/phpThumb/phpThumb.php?src='.$siteroot.'/Scripts/phpThumb/phpThumb.php?w=100&h=100&zc='.$articleImagePos.'&src='.$articleImage.'" />'; if ($_SESSION['access_lvl'] <= 1) { // if a user with appropriate access levels is logged in, allow them to edit this page // to add } echo stripslashes($articleBody); ?> <form id="quote_form" name="quote_form" enctype="multipart/form-data" method="post" action="<?php $_SERVER['SCRIPT_NAME']?>"> <fieldset> <legend> Your Details </legend> <table border="0" cellpadding="0" cellspacing="5"> <tr> <td class="colOne"> Name </td> <td class="colTwo"><label for="first_name">First Name</label> <input type="text" name="first_name" id="first_name" value="<?php if ($_POST['submit']) { echo $_POST['first_name']; } else { echo 'First Name'; } ?>" onfocus="this.value=''" onblur="if (this.value = "") {this.value='First Name'}" /></td> <td><label for="last_name">Last Name</label> <input type="text" name="last_name" id="last_name" value="<?php if ($_POST['submit']) { echo $_POST['last_name']; } else { echo 'Last Name'; } ?>" onfocus="this.value=''" onblur="if (this.value = "") {this.value='Last Name'}" /></td> </tr> <tr> <td class="colOne"></td> <td class="colTwo"><label for="job_title">Job Title</label> <input type="text" name="job_title" id="job_title" value="<?php if ($_POST['submit']) { echo $_POST['job_title']; } else { echo 'Job Title'; } ?>" onfocus="this.value=''" onblur="if (this.value = "") {this.value='Job Title'}"/></td> <td><label for="your_company">Company</label> <input type="text" name="your_company" id="your_company" value="<?php if ($_POST['submit']) { echo $_POST['your_company']; } else { echo 'Company'; } ?>" onfocus="this.value=''" onblur="if (this.value = "") {this.value='Company'}"/></td> </tr> <tr> <td class="colOne"> Contact </td> <td class="colTwo"><label for="your_telephone">Telephone</label> <input type="text" name="your_telephone" id="your_telephone" value="<?php if ($_POST['submit']) { echo $_POST['your_telephone']; } else { echo 'Telephone'; } ?>" onfocus="this.value=''" onblur="if (this.value = "") {this.value='Telephone'}" /></td> <td><label for="your_email">Email Address</label> <input type="text" name="your_email" id="your_email" value="<?php if ($_POST['submit']) { echo $_POST['your_email']; } else { echo 'Email'; } ?>" onfocus="this.value=''" onblur="if (this.value = "") {this.value='Email'}"/></td> </tr> <tr> <td class="colOne"> Address </td> <td class="colTwo" valign="top"><label for="your_address">Address</label> <textarea name="your_address" id="your_address" cols="45" rows="5" ><?php echo $_POST['your_address']; ?></textarea></td> <td></td> </tr> <tr> <td class="colOne"> Country </td> <td class="colTwo"><label for="your_country">Country</label> <select name="your_country" id="your_country"> <option value="" <?php if (!$_POST['submit']) { echo 'selected="selected'; } ?>>Select your country</option> <?php $countries = mysql_query("SELECT * FROM custom_countries") or die ("Could not get countries list".mysql_error()); while($option = mysql_fetch_array($countries)) { if ($_POST['your_country'] == $option['country_name']) { $selected = 'selected="selected'; } echo '<option '.$selected.' value="' . $option['country_name'].'">' .$option['country_name'].'</option>'; } ?> </select></td> <td></td> </tr> </table> </fieldset> <fieldset> <legend> Your Quote </legend> <table border="0" cellpadding="0" cellspacing="5"> <tr> <td class="colOne"> Languages </td> <td class="colTwo"><label for="lang_source">Source Language</label> <select name="lang_source" id="lang_source"> <option value="" selected="selected">Translate from</option> <?php $languages = mysql_query("SELECT * FROM custom_languages") or die ("Could not get languages list".mysql_error()); while($option = mysql_fetch_array($languages)) { if ($_POST['lang_source'] == $option['language_name']) { $selected = 'selected="selected'; } echo '<option '.$selected.' value="' . $option['language_name'].'">' .$option['language_name'].'</option>'; } ?> </select> <label for="lang_target[]">Target Language</label></td> <td>(hold CTRL to select multiple languages)<select name="lang_target[]" size="6" multiple="multiple" id="lang_target[]"> <option value="" selected="selected">Translate to</option> <?php $languages = mysql_query("SELECT * FROM custom_languages") or die ("Could not get languages list".mysql_error()); while($option = mysql_fetch_array($languages)) { if ($_POST['lang_target'] == $option['language_name']) { $selected = 'selected="selected'; } echo '<option '.$selected.' value="' . $option['language_name'].'">' .$option['language_name'].'</option>'; } ?> </select></td> </tr> <tr> <td class="colOne"> Project</td> <td class="colTwo"><label for="project_details">Project Details</label> <input type="text" name="project_details" id="project_details" value="<?php if ($_POST['submit']) { echo $_POST['project_details']; } else { echo 'Reference'; } ?>" onfocus="this.value=''" onblur="if (this.value = "") {this.value='Reference'}" /></td> <td><label for="project_deadline">Project Deadline</label> <input type="text" name="project_deadline" id="project_deadline" value="<?php if ($_POST['submit']) { echo $_POST['project_deadline']; } else { echo 'Deadline'; } ?>" onfocus="this.value=''" onblur="if (this.value = "") {this.value='Deadline'}" /></td> </tr> <tr> <td class="colOne"> Text to translate</td> <td colspan="2"><label for="ttt">Text to translate</label> <input type="file" name="ttt" id="ttt" value="" /> </tr> <tr> <td> </td> <td><input class="form_button" type="submit" name="submit" id="submit" value="Submit" /><p class="red size10font"><?php echo $error ?></p></td> </tr> </table> </fieldset> </form> </div> <?php //Main content ends here require_once('style/standard/footer.php'); } } ?> I have a field like this <p>Price:</p> $<input type="text" name="price" size="5" disabled="disabled" value="<?= $price;?>"> Im using POST but if I try to echo $_POST['price'] nothing shows up... is it because its disabled? how can I do this if so? So, I have a checkbox, like so: (uci is an ID number) <input type='checkbox' name='cars[]' value='".$row['uci']."' /> That is passed to the next page via the form. However I need to pass the id numbers again, through to a third and final page. Currently I'm trying to do it through hidden inputs, but all I get returned to me is the word, "Array". This is the second page, displaying the data it recieves from the checkbox on the first page and attempting to send it through to the third page via a hidden input. $ids = $_POST['cars']; ... Displays data here... ... <form action='step_3.php' method='POST'> <input type='hidden' name='cars' value='$ids' /> <input type='submit' name='submit' value='Final Step' /> </form> I also tried <input type='hidden' name='cars' value='".$_POST['cars']."' /> but that didn't work either. This is what I'm using to display the data on the final page, as a check to make sure it's working (this is where I'm just getting the word, "Array"): echo"Car Id's: ".$_POST['cars']."<br />"; So, I guess my question is how do I pass the multiple options checked on the first page through more than one page? It works fine displaying the data on the second page, however when I try to display it again on the third page via the hidden input, it doesn't work. How is it possible, in PHP, to display an error message next to a form input text field if a user is attempting to submit a form with empty fields? Moreover, how is it possible to remove the same error message when the user fills in the input field with the required data and/or refreshes the page? I have 2 files that I am working with: application.php and process.php.
application.php mainly has the HTML of the form. I am very new to learning PHP (I started learning it last week) and I have been searching for hours for a clear answer. I have already tried different methods for generating the error message including: using empty(), !isset, $_POST["name"] = "", etc, and have tried using session_start();, $row, echo, print, and other variables to try and display error message on the page, and I have tried using unset();, and = null, to try and remove the error message once the input field has been filled but all to no avail. Either the method I try only half works, or nothing works, and I cannot pinpoint which is the part that is not working. I only have 2 files to work with, and as an example of what I want to do is:
1. If the first name field is empty when the user clicks submit, an error message should appear next to the input. Is this possible with PHP? Okay heres the problem. I have a form which displays items that sit within a packet. (In this case its called Wireless Package 1). Each item has its own specific value, which can be any string, hench why there is an 'input type= text' in the value column in the table. Each of these values is stored in a table, with the primary key 'piid', (show as a hidden field within 3rd column). The problem is when im posting the array 'values[]' I cant distinguish between what value needs to be referenced againist a piid, how do i obtain these individual ID's and Values in a loop so they can turned into a MySql Strings????? I tried using an explode function but got no where, any help is very much apprieciated! This is the code for the form displayed. <table border="1" cellpadding="5" cellspacing="5"> <tr> <th>Item ID</th> <th>Item</th> <th>Value</th> <th>Remove</th> </tr> <form action="edit_packet.php" method="post"> <?php foreach($packages as $packet):?> <tr> <td> <?php echo $packet['piid'] ;?> </td> <td> <?php echo $packet['desc'] ;?> </td> <td> <input type="hidden" name="values[]" value="<?php echo $packet['piid'];?>,," /> <input type="text" name="values[]" value="<?php echo $packet['value']; ?>" /> <input type="hidden" name="values[]" value="///" /> </td> <td> <form action="delete.php" method="post"> <input type="hidden" name="pid" value="<?php echo $packet['piid'];?>"/> <input type="submit" value="Delete Packet"> </td> </tr> <?php endforeach; ?> </table> <input type="submit" value="Submit" /> </form> Hello, Recently I put my websites up, but since then it constantly records entrys from domains which are trying to reach strange paths. 103.19.87.175 - - [18/Jun/2014:12:07:12 -0400] "CONNECT www.walmart.com:443 HTTP/1.1" 405 307 "-" "-" 198.100.98.214 - - [18/Jun/2014:12:07:23 -0400] "CONNECT www.amazon.com:443 HTTP/1.1" 405 306 "-" "-" 168.63.216.55 - - [18/Jun/2014:12:07:30 -0400] "GET http://luongson.servegame.com/ HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" 31.6.71.243 - - [18/Jun/2014:12:07:34 -0400] "GET http://www.proxy-listen.de/azenv.php HTTP/1.1" 404 1402 "http://www.google.de...roxy-listen.de" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) (Prevx 3.0.5)" 168.63.216.55 - - [18/Jun/2014:12:07:39 -0400] "GET http://luongson.servegame.com/ HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" 192.155.106.104 - - [18/Jun/2014:12:07:39 -0400] "GET http://pm.5188bh.com/header53621.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; FunWebProducts)" 192.155.106.116 - - [18/Jun/2014:12:07:48 -0400] "GET http://121.199.31.193/proxyheader.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; SV1)" 80.138.67.164 - - [18/Jun/2014:12:08:00 -0400] "GET http://www.proxy-listen.de/azenv.php HTTP/1.1" 404 1402 "http://www.google.co...roxy-listen.de" "Opera/9.20 (Windows NT 6.0; U; en)" 192.155.106.109 - - [18/Jun/2014:12:08:03 -0400] "GET http://121.199.31.193/proxyheader.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; SV1; HbTools 4.7.0)" 98.126.248.250 - - [18/Jun/2014:12:08:06 -0400] "GET http://121.199.31.193/proxyheader.php HTTP/1.1" 404 1402 "-" "Mozilla/5.0 (Windows; U; Win 9x 4.90; de-DE; rv:1.8.1.21) Gecko/20090331 K-Meleon/1.5.3" 61.228.20.235 - - [18/Jun/2014:12:08:07 -0400] "CONNECT mx0.mail2000.com.tw:25 HTTP/1.0" 405 310 "-" "-" 192.155.106.106 - - [18/Jun/2014:12:08:09 -0400] "GET http://pm.5188bh.com/judgelife.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)" 61.228.24.110 - - [18/Jun/2014:12:08:10 -0400] "CONNECT mx2.mail2000.com.tw:25 HTTP/1.0" 405 310 "-" "-" 61.228.88.55 - - [18/Jun/2014:12:08:21 -0400] "CONNECT mx3.mail2000.com.tw:25 HTTP/1.0" 405 310 "-" "-" 192.155.106.124 - - [18/Jun/2014:12:08:24 -0400] "GET http://pm.5188bh.com/judgelife.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Acoo Browser; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" 204.44.65.54 - - [18/Jun/2014:12:08:35 -0400] "CONNECT www.walmart.com:443 HTTP/1.1" 405 307 "-" "-" 192.155.106.105 - - [18/Jun/2014:12:08:36 -0400] "GET http://pm.5188bh.com/header53621.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Acoo Browser; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; InfoPath.2)" [Wed Jun 18 12:07:30 2014] [error] [client 168.63.216.55] Directory index forbidden by Options directive: /var/www/html/ [Wed Jun 18 12:07:30 2014] [error] [client 168.63.216.55] File does not exist: /var/www/html/error/noindex.html [Wed Jun 18 12:07:34 2014] [error] [client 31.6.71.243] script '/var/www/html/azenv.php' not found or unable to stat, referer: http://www.google.de...proxy-listen.de [Wed Jun 18 12:07:39 2014] [error] [client 168.63.216.55] Directory index forbidden by Options directive: /var/www/html/ [Wed Jun 18 12:07:39 2014] [error] [client 168.63.216.55] File does not exist: /var/www/html/error/noindex.html [Wed Jun 18 12:07:39 2014] [error] [client 192.155.106.104] script '/var/www/html/header53621.php' not found or unable to stat [Wed Jun 18 12:07:48 2014] [error] [client 192.155.106.116] script '/var/www/html/proxyheader.php' not found or unable to stat [Wed Jun 18 12:08:00 2014] [error] [client 80.138.67.164] script '/var/www/html/azenv.php' not found or unable to stat, referer: http://www.google.co...proxy-listen.de [Wed Jun 18 12:08:03 2014] [error] [client 192.155.106.109] script '/var/www/html/proxyheader.php' not found or unable to stat [Wed Jun 18 12:08:06 2014] [error] [client 98.126.248.250] script '/var/www/html/proxyheader.php' not found or unable to stat [Wed Jun 18 12:08:09 2014] [error] [client 192.155.106.106] script '/var/www/html/judgelife.php' not found or unable to stat [Wed Jun 18 12:08:24 2014] [error] [client 192.155.106.124] script '/var/www/html/judgelife.php' not found or unable to stat [Wed Jun 18 12:08:36 2014] [error] [client 192.155.106.105] script '/var/www/html/header53621.php' not found or unable to stat Is there away to stop those fail path reach logs and only records what's else ? Or even completely stop it ? My operation system is CentOS 32bit. Ok I'm setting the error. I debugged my code and it's catching the phrase in the set_error() function. But it's returning NULL when I try to display it from the display_error() function. These functions are in the form class. I create a new instance of it on the register.php and I'm trying to grab the values. Here is my Form class (only showing the part you need to see): Code: [Select] class Form { private $error; public function set_error($errmsg){ $this->error = $errmsg; return; } public function display_error() { $error = "<p style='color:red;'>".$this->error."</p>"; return $error; } } Then here is my register process: Code: [Select] if(isset($_POST['submit'])) { if(isset($_POST['name']) && isset($_POST['username']) && isset($_POST['password']) && isset($_POST['password2']) && isset($_POST['email']) && isset($_POST['email2']) && isset($_POST['dob']) && isset($_POST['gender']) && isset($_POST['security'])) { if ($user->register_user($_POST['name'], $_POST['username'], $_POST['password'], $_POST['password2'], $_POST['email'], $_POST['email2'], $_POST['dob'], $_POST['gender'], $_POST['security'])) { $message = "User has been registered successfully."; } else { $message = $form->display_error(); } } else { $message = "Please fill out all parts of the form!"; } } It display the $message just fine when I call isset($message), but it won't display it when I assign it the form->display_error() value because it returns NULL. Thank you! I'm working on an online php program that can have a few hundred form inputs. Mainly just numbers from 1 to 50,000 depending on the field. I wanted to use cookies so the user can keep the data entered on their browser but i found out the hard way that the browsers have a limitation that I've exceeded. Does anyone have any ideas? What is the best way to force a user to input numeric value into a form, with the following condition: Either the number is an integer (positive or negative or zero), or non integer but limited to the one digit behind the dot (e.g. 1.2 is valid, but 1.21 is not)? I know I can test it in the server side, but I prefer it to be on the form side. Can it be in the HTML level? I don't have any PHP skills at all. In fact I'm probably looking for a script that can help accomplish what I'm asking about. Regardless, I'm having a hard time getting any answers or solutions to this. I would like to make a web form that collects cc#'s from my customers that is PCI Compliant in as simple a manner as possible. 99% of the time my clients are not being charged at all, and the cc is used simply to ensure a service is confirmed. If they were to be charged, I would have to do that manually as no payment gateways currently deposit into banks in the country I am in. One thought I had would be if I could have the cc# either split, or broken up into separate fields and emailed separately. I am told this is PCI Compliant. I would also be fine with the cc# being split between database and email. I know this is possible w/ zen cart, but I have been unable to find any scripts that do this and don't have a need for a shopping cart addition to my site. But, I am aware that zen cart and other shopping cart add ons have options for X's to cover a bunch of numbers in the middle of the string and write that directly to the database. One thing that is a necessity is that the majority of the data input to the form be emailed. So, I'm basically hoping to protect the cc data in the simplest way possible, which I thought would be to break it up. I'll be trashing the cc #'s once I get them. I have no need to file them. I do have a SSL on my server. I am completely open to other suggestions. Is something like this, or another option a possibility? My skills are rudimentary. I taught myself to write some html and also use Dreamweaver to subsidize for what I can't code myself. I apologize if this should be in one of the other forums. Hi, I'm putting together a database that once logged in, a user is able to insert, update and delete records via html forms. The login is secured using mysql_real_escape_string, but I'm wondering should I do the same for all form elements that pass data to the db? There are a wide range of inputs, from numeric, alphanumeric, dates and more. I'd appreciate your feedback. Regards, James I generated a table from the database, and at the end of each row there are two submits, one for save and another for delete. The values are generated as either text and select box input. Right now, I have all the submits named differently (ends a number), so I can loop through all available submits based on the number to check which row needs to be updated, and to retrieve the values during form processing, then only perform the query. I have also hidden input in each row to send the "primary key" that is used during query. Is there a better approach than to have so many different names for the buttons, not having to loop through all of them each time, and still keep a similar layout? I'm trying to avoid anything else than PHP. The table looks something like: col1____| col2_______| col3____|__________________ txt input | select input | txt input |save bttn | delete bttn txt input | select input | txt input |save bttn | delete bttn Hello, I am very very new to PHP and have created a form that changes depending on a selection option. The website is here http://www.rmdesignstudio.com.au/wraptinprint/quotes.php and the PHP is all on the quotes.php page. The form sends to the email but when you fill in one form (example: Business Cards) the form sends, but along with all the entered fields the email also includes all the fields in all the hidden forms that werent filled in. I believe it is because they are drop down boxes and it is sending the first option in the list which happens to be "-----Please Select-----" Is there something I should be doing to my selection input field for this not to show up? Otherwise is there something I need to add to my PHP so it checks for the fields being filled in? I dont know how to add my code to this post, so if you could either show me or view my code via view source that would be awesome. Hello,
I'm developing one website for a real-estate agency. I have a html form that is used to submit property details, There is multiple form inputs and also I need to upload multiple property images using Dropzone JS multiple image upload. Here I'm validating form inputs using jQuery Validation library. Validation works perfect and data Is being to posted to php file called submit_property_data.php. But when I implement the Dropzone JS image upload its not working.
JS File (property-submit.js)
$('document').ready(function() {
$("#notification-property").hide();
/* handling form validation */
$("#property-form").validate({
rules: {
prop_title: "required",
prop_price: {
required: true,
digits: true
},
prop_area: {
required: true,
digits: true
},
prop_address: "required",
prop_message: {
required: true,
minlength: 10,
maxlength: 2000
},
prop_owner_name: "required",
prop_owner_email: {
required: true,
email: true
},
prop_owner_phone: {
required: true,
digits: true
},
},
messages: {
'prop_title': {
required: "Please enter title for your property"
},
prop_price: {
required: "Please enter price of your property",
digits: "Please enter price in digits (AED)"
},
prop_area: "Please enter Sqft of your property",
prop_address: "Please enter address of your property",
prop_message: {
required: "Please enter detailed Information",
minlength: "Please enter something about your property in 50 - 20000 characters",
maxlength: "Please enter something about your property in 50 - 20000 characters"
},
prop_owner_name: "Please enter your name",
prop_owner_email: {
required: "Please enter your email address",
email: "Please enter valid email address"
},
prop_owner_phone: {
required: "Please enter your phone number",
digits: "Please enter valid phone number"
},
},
submitHandler: submitPropertyForm
});
/* Handling login functionality */
function submitPropertyForm() {
var data = $("#property-form").serialize();
$.ajax({
type: 'POST',
url: 'submit_property_data.php',
data: data,
beforeSend: function() {
$("#submit-button").html('<span class="glyphicon glyphicon-transfer"></span> Submiting ...');
},
success: function(response) {
if (response == "ok") {
console.log(1);
document.getElementById("property-form").reset();
$("#notification-property").html('<b> ' + response + ' !</b>').show();
//setTimeout(' window.location.href = "dashboard.php"; ',4000);
} else {
$("#notification-property").fadeIn(1000, function() {
$("#notification-property").html('<b>' + response + ' !</b>').fadeOut();
$("#submit-button").html(' Send');
});
}
},
complete:function(){
$('body, html').animate({scrollTop:$('form').offset().top}, 'slow');
}
});
return false;
}
$("#submit-button").bind('click', function() {
if ( $("#property-form").valid() ) {
submitPropertyForm();
} else {
console.log('form invalid');
}
})
Dropzone.autoDiscover = false;
$(function () {
$("div#myDropzone").dropzone({
url: 'submit_property_data.php',
addRemoveLinks: true,
maxFiles:11,
uploadMultiple: true,
autoProcessQueue: false,
parallelUploads: 10,
init: function () {
var myDropzone = this;
// Update selector to match your button
$("#submit-button").click(function (e) {
e.preventDefault();
myDropzone.processQueue();
});
this.on('sending', function(file, xhr, formData) {
// Append all form inputs to the formData Dropzone will POST
var data = $('#property-form').serializeArray();
$.each(data, function(key, el) {
formData.append(el.name, el.value);
});
});
this.on("success", function(file, responseText) {
alert(responseText);
});
},
});
});
});
HTML File (submit-property.php)
<html>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
<script src="https://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.min.js"></script>
!-- Submit Property start -->
<div class="content-area-7 submit-property">
<div class="container">
<div class="row">
<div class="col-md-12">
<!-- <div id="error_message" class="notification-box"></div> -->
</div>
<div id="notification-property" class="notification-box">sd</div>
<div class="col-md-12">
<div class="submit-address">
<form name = "property-form" method="post" id="property-form">
<div class="main-title-2">
<h1><span>Tell Me</span> Something About Your Property</h1>
</div>
<div class="search-contents-sidebar mb-30">
<div class="form-group">
<label>Property Title</label>
<input class="input-text" name="prop_title" id="prop_title" placeholder="Property Title">
</div>
<div class="row">
<div class="col-md-6 col-sm-6">
<div class="form-group">
<label>Status</label>
<select class="selectpicker search-fields" id="prop_status" name="prop_status">
<option value="Sale">For Sale</option>
<option value="Rent">For Rent</option>
</select>
</div>
</div>
<div class="col-md-6 col-sm-6">
<div class="form-group">
<label>Type</label>
<select class="selectpicker search-fields" id="prop_title" name="prop_type">
<option value="Modern">Modern</option>
<option value="Traditional">Traditional</option>
<option value="Arabic">Arabic</option>
</select>
</div>
</div>
</div>
<div class="row">
<div class="col-md-3 col-sm-6">
<div class="form-group">
<label>Price (Dirham)</label>
<input class="input-text" name="prop_price" id="prop_price" placeholder="AED">
</div>
</div>
<div class="col-md-3 col-sm-6">
<div class="form-group">
<label>Sqft</label>
<input class="input-text" name="prop_area" id="prop_area" placeholder="SqFt">
</div>
</div>
<div class="col-md-3 col-sm-6">
<div class="form-group">
<label>Bed Rooms</label>
<select class="selectpicker search-fields" name="prop_rooms" id="prop_rooms">
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
</div>
</div>
<!-- <div class="col-md-3 col-sm-6">
<div class="form-group">
<label>Bathroom</label>
<select class="selectpicker search-fields" name="1">
<option>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
<option>5</option>
<option>6</option>
</select>
</div>
</div> -->
</div>
</div>
<div class="main-title-2">
<h1><span>Location</span></h1>
</div>
<div class="row mb-30 ">
<div class="col-md-6 col-sm-6">
<div class="form-group">
<label>Address</label>
<input class="input-text" id="prop_address" name="prop_address" placeholder="Address">
</div>
</div>
</div>
<div class="main-title-2">
<h1><span>Upload</span> Photos Of Villa </h1>
</div>
<div id="myDropzone" class="dropzone dropzone-design mb-10">
<div class="dz-default dz-message" data=""><span>Drop files here to upload</span></div>
</div>
<div class="main-title-2">
<h1><span>Detailed</span> Information</h1>
</div>
<div class="row mb-30">
<div class="col-md-12">
<div class="form-group">
<textarea class="input-text" id="prop_message" name="prop_message" placeholder="Detailed Information"></textarea>
</div>
</div>
</div>
<!--<div class="row mb-30">
<div class="col-md-4 col-sm-4">
<div class="form-group">
<label>Building Age <span>(optional)</span></label>
<select class="selectpicker search-fields" name="years">
<option>0-1 Years</option>
<option>0-5 Years</option>
<option>0-10 Years</option>
<option>0-20 Years</option>
<option>0-40 Years</option>
<option>40+Years</option>
</select>
</div>
</div>
<div class="col-md-4 col-sm-4">
<div class="form-group">
<label>Bedrooms (optional)</label>
<select class="selectpicker search-fields" name="1">
<option>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
<option>5</option>
<option>6</option>
</select>
</div>
</div>
<div class="col-md-4 col-sm-4">
<div class="form-group">
<label>Bathrooms (optional)</label>
<select class="selectpicker search-fields" name="1">
<option>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
<option>5</option>
<option>6</option>
</select>
</div>
</div>
<div class="col-lg-12">
<label class="margin-t-10">Features (optional)</label>
<div class="row">
<div class="col-lg-4 col-sm-4 col-xs-12">
<div class="checkbox checkbox-theme checkbox-circle">
<input id="opt_parking" name="opt_parking" value="1" type="checkbox">
<label for="checkbox1">
Free Parking
</label>
</div>
<div class="checkbox checkbox-theme checkbox-circle">
<input id="opt_air_condition" name="opt_air_condition" value="1" type="checkbox">
<label for="checkbox2">
Air Condition
</label>
</div>
<div class="checkbox checkbox-theme checkbox-circle">
<input id="opt_seat" name="opt_seat" value="1" type="checkbox">
<label for="checkbox3">
Places to seat
</label>
</div>
</div>
<div class="col-lg-4 col-sm-4 col-xs-12">
<div class="checkbox checkbox-theme checkbox-circle">
<input id="opt_swimming" name="opt_swimming" value="1" type="checkbox">
<label for="checkbox4">
Swimming Pool
</label>
</div>
<div class="checkbox checkbox-theme checkbox-circle">
<input id="opt_laundary" name="opt_laundary" value="1" type="checkbox">
<label for="checkbox5">
Laundry Room
</label>
</div>
<div class="checkbox checkbox-theme checkbox-circle">
<input id="opt_window_covering" name="opt_window_covering" value="1" type="checkbox">
<label for="checkbox6">
Window Covering
</label>
</div>
</div>
<div class="col-lg-4 col-sm-4 col-xs-12">
<div class="checkbox checkbox-theme checkbox-circle">
<input id="opt_parking" name="opt_parking" value="1" type="checkbox">
<label for="checkbox7">
Central Heating
</label>
</div>
<div class="checkbox checkbox-theme checkbox-circle">
<input id="checkbox8" type="checkbox">
<label for="checkbox8">
Alarm
</label>
</div>
</div>
</div>
</div>
</div>-->
<div class="main-title-2">
<h1><span>Contact</span> Details</h1>
</div>
<div class="row">
<div class="col-md-4 col-sm-4">
<div class="form-group">
<label>Name</label>
<input class="input-text" name="prop_owner_name" id="prop_owner_name" placeholder="Name">
</div>
</div>
<div class="col-md-4 col-sm-4">
<div class="form-group">
<label>Email</label>
<input class="input-text" name="prop_owner_email" id="prop_owner_email" placeholder="Email">
</div>
</div>
<div class="col-md-4 col-sm-4">
<div class="form-group">
<label>Contact No</label>
<input class="input-text" name="prop_owner_phone" id="prop_owner_phone" placeholder="Phone">
</div>
</div>
</div>
<div class="col-md-12">
<button type="button" name="submit-button" id="submit-button">Submit</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<script src="property-submit.js"></script>
<script src="js/dropzone.js"></script>
</html>
PHP File (submit_property_data.php)
<?php
echo "ok";
require_once("functions.php");
$ds = DIRECTORY_SEPARATOR; //1
$storeFolder = 'villas-images';
$encpt_data = rand(1000,5000);
if (!empty($_FILES)) {
$tempFile = $_FILES['file']['tmp_name']; //3
$targetPath = dirname( __FILE__ ) . $ds. $storeFolder . $ds; //4
$targetFile = $targetPath.$_FILES['file']['name']; //5
if(move_uploaded_file($tempFile,$targetFile))
{
echo '<b>Success</b>';
}
}
?>
What I actually need ?
I need to validate the form inputs first & upload the images once the form is valid also I need to post all the inputs to my php file called submit_property_data.php Also I need the image inputs to store into my database.
I read ages ago (and checked to see if it's true, it was and given how it works, it must still be) the end user can alter the value of any form field, using Firebug or similar, before submitting it. Two things I've figured out today: 1) a form input doesn't need a value - doesn't even need the attribute - if you're only checking whether the POST var isset and the actual value isn't important 2) Although it appears not to matter in the example I'm working on now, if the script doesn't check what the value is, and potentially sanitise it, the user could submit the form with any value, true, false, malicious, idk... So my question is: is this one of the ways malicious bad things can happen and do I *have to* specify a value, not because the script won't work without it, it does, but because in the real world it opens a security door if I don't check for malicious script by saying "if value not as expected, script has to die". Having formulated the question properly and thought about it I can't imagine simply making a form, without obvious connections to anything important, could be a problem in the way I'm asking about but I asked it now so Edited by appobs, 03 July 2014 - 12:08 PM. |
|||||||