|
PHP - Form Sanitize
For some reason I commented out mysql_real_escape_string on my sanitize function, and I don't remember why I did it. Is it something that is vital and I should un-comment it out?
function sanitize($formValue){ if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $formValue = stripslashes($formValue); } //$formValue = mysql_real_escape_string($formValue); return $formValue; } Similar TutorialsFolks,
Someone suggested I sanitize user inputs.
$primary_website_domain_confirmation = trim($_POST["primary_website_domain_confirmation"]);
if (!filter_var($primary_website_email,FILTER_VALIDATE_EMAIL)) {
echo "You entered an Invalid Email Address!";
Now, got to add sanitation part. So, where to add it ?
Latter tutorial looks simpler. Let's try copying that.
// Remove all illegal characters from email
$primary_website_email = filter_var(trim($email, FILTER_SANITIZE_EMAIL));
//Validate Email
if (!filter_var($primary_website_email,FILTER_VALIDATE_EMAIL)) {
echo "You entered an Invalid Email Address!";
Did I fit in the SANITIZER at the right place or not ? Cheers! Hi guys, do you have any idea on how to sanitize this code? using FILTER_SANITIZE_STRING; FILTER_VALIDATE_IP and ect? Thanks Code: [Select] <form action="rnrequest.php" method="POST"> <table class="txt2"> <tr><td >Song title: </td><td><input type="text" name="song" value="" class=".texta"></td></tr> <tr><td>Artist: </td><td><input type="text" name="artist" value=""></td></tr> <tr><td>Your name: </td><td><input type="text" name="name" value=""></td></tr> <tr><td>Greetings: </td><td><textarea name="greetings"></textarea></td></tr> </table> <input type="submit" name="submit" value="Send"> </form> </div> <?php if (isset($_POST['submit'])) { if (empty($_POST['name'])) { echo "Sorry, you haven't supplied your name<br />"; $reg = "no"; } $sql = "SELECT COUNT(*) FROM request_song WHERE ip='{$ip}'"; $result = mysql_query($sql); if (mysql_result($result, 0) > 0) { echo "Sorry, You already wished for one song, you cannot request for another until the DJ's have seen your request..<br />"; $reg = "no"; } if ($reg == "yes") { $dt2=date("Y-m-d H:i:s"); $sql = "INSERT INTO request_song(song, artist, name, greetings, ip, date) VALUES('{$_POST['song']}', '{$_POST['artist']}', '{$_POST['name']}', '{$_POST['greetings']}','{$ip}', '$dt2')"; mysql_query($sql); } } ?> II have been told that I should sanitize my inputs, what does that mean? Isn't that what trim does? I would like to sanitize input from users so when it's pulled out of the database and stuck into the page, they can't add malicous code to my page. I have heard of striptags but wonder if there is anything better. thanks Folks this one line and any other variations I have tried just nulls my variable Code: [Select] function check_input($value) { echo '<pre>'; echo "Value before = "; echo $value; echo '</pre>'; // Stripslashes //if (get_magic_quotes_gpc()) // { // $value = stripslashes($value); // } // Quote if not a number //if (!is_numeric($value)) // { $value = "'" . mysql_real_escape_string($value) . "'"; <----- //$value = mysql_real_escape_string($value); //$value = mysql_real_escape_string($value); echo '<pre>'; echo "Value after = "; echo $value; echo '</pre>'; // } return $value; } ... // Make a safe SQL $iso_code = check_input($iso_code); $country_name = check_input($country_name); $query = "select * from countries where iso_code = '".$iso_code."' or country like '%".$country_name."%'"; mysql_query($query); echo '<pre>'; echo $iso_code; echo $country_name; echo $query; echo '</pre>'; The result is:- Code: [Select] Value before = UK Value after = '' Value before = United Kingdom Value after = '' ''''select * from countries where iso_code = '''' or country like '%''%' with no mysql_real_escape statement the app work fine. I'm now trying to make my code more robust. Any help would be appreciated. jamie Hi all, I just stumbled upon the 'new' filter function of php and i was wondering if someone could maybe recommend me which to use. for instance if i have a script: <?php $_evilstring = "<script> alert('justin bieber is ruining your sound system')</script>"; $_clean1 = htmlspecialchars($_evilstring); echo 'clean string one = '.$_clean1.'<br />'; $_clean2 = filter_var($_evilstring, FILTER_SANITIZE_SPECIAL_CHARS); echo 'clean string two = '.$_clean2.'<br />'; ?> Both output exactly the same. Now i was wondering if there might be differences in them. For some reason I would like to use the filter function because the name sounds better, but that of course is not very scientific. Anyone with ideas maybe performance, speed, wickedness?? Hi everyone I am trying to secure some of my code using a sanitize function function sanitize($data) { $cdata = strip_tags(addslashes($data)); $cdata = mysql_real_escape_string($cdata); return $cdata; } If I post a form value such as Code: [Select] 'Apple iPod' to a SQL INSERT QUERY using `title` = sanitize($_POST['title']); then my database value looks like Code: [Select] \\\'the ipod\\\' this is odd because there is 3 slashes if I then print that value on a PHP page using print stripslashes($row['title']); it outputs Code: [Select] \'the ipod\' Why can I not get rid of the slashes and why would it be outputting 3 slashes? I have tried all the magic quote ideas and suggestions, but still cannot sort this out. Thanks John I have never looked into sanitizing before, Is using htmlentities() good enough to protect against sql injection ? Thanks. This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=346794.0 Hey all, While the filter itself is functioning properly, the flag doesn't seem to be. Here's how I have it set up: Code: [Select] $UserInput = filter_var($UserInput , FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); // Test Format 1 $UserInput = filter_input(INPUT_POST, 'UserInput', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); // Test Format 2 As you can see, I have set up to test methods however, each one fails regarding the flag..or so it's seeming to me. FILTER_FLAG_STRIP_LOW is supposed to strip out anything > 32 in ascii, but it isn't. '&' (38) is greater than 32 but it still displays in the browser. Am I missing something here? Hey Guys! I would really like some feedback on the following: I have a site in Portuguese. Php retrieves a lot of POST's with Special Characters and Portuguese Accents (which are expected). With my sanatize function I am having some real problems with the 'htmlentities' for XSS Injection Prevention. htmlentities is changing the accents to strange characters and messes up my database. sanitize( &$_GET ); sanitize( &$_POST ); sanitize( &$_COOKIE ); function sanitize( &$some) { $some = array_map('htmlentities', $some); //XSS Prevention foreach( $some as $key => $value ) { $value = str_replace( '--', '', $value ); $value = str_replace( '/*', '', $value ); $value = str_replace( '"', '', $value ); $value = str_replace( "'", '', $value ); $value = ereg_replace( '[\( ]+0x', '', $value ); if ($value != $some[$key]) { $some[$key] = $value; } } } The only solution I can think of is to take out the 'htmlentities' function, but I would really like to have this as a prevention against XSS, is there any way around this to have both things working? Any ideas, suggestions? Thanks in advance! Hello, I have coded a contact form in PHP and I want to know, if according to you, it is secure! I am new in PHP, so I want some feedback from you. Moreover, I have also two problems based on the contact form. It is a bit complicated to explain, thus, I will break each of my problem one by one. FIRST:The first thing I want to know, is if my contact form secure according to you: The HTML with the PHP codes: Code: [Select] <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { //Assigning variables to elements $first = htmlentities($_POST['first']); $last = htmlentities($_POST['last']); $sub = htmlentities($_POST['subject']); $email = htmlentities($_POST['email']); $web = htmlentities($_POST['website']); $heard = htmlentities($_POST['heard']); $comment = htmlentities($_POST['message']); $cap = htmlentities($_POST['captcha']); //Declaring the email address with body content $to = 'alithebestofall2010@gmail.com'; $body ="First name: '$first' \n\n Last name: '$last' \n\n Subject: '$sub' \n\n Email: '$email' \n\n Website: '$web' \n\n Heard from us: '$heard' \n\n Comments: '$comment'"; //Validate the forms if (empty($first) || empty($last) || empty($sub) || empty($email) || empty($comment) || empty($cap)) { echo '<p class="error">Required fields must be filled!</p>'; header ('refresh= 3; url= index.php'); return false; } elseif (filter_var($first, FILTER_VALIDATE_INT) || filter_var($last, FILTER_VALIDATE_INT)) { echo '<p class="error">You cannot enter a number as either the first or last name!</p>'; return false; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo '<p class="error">Incorrect email address!</p>'; return false; } elseif (!($cap === '12')){ echo '<p class="error">Invalid captcha, try again!</p>'; return false; } else { mail ($to, $sub, $body); echo '<p class="success">Thank you for contacting us!</p>'; } } ?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <p>Your first name: <span class="required">*</span></p> <p><input type="text" name="first" size="40" placeholder="Ex: Paul"/></p> <p>Your last name: <span class="required">*</span></p> <p><input type="text" name="last" size="40" placeholder="Ex: Smith"/></p> <p>Subject: <span class="required">*</span></p> <p><input type="text" name="subject" size="40" placeholder="Ex: Contact"/></p> <p>Your email address: <span class="required">*</span></p> <p><input type="text" name="email" size="40" placeholder="Ex: example@xxx.com"/></p> <p>Website:</p> <p><input type="text" name="website" size="40" placeholder="Ex: http//:google.com"/></p> <p>Where you have heard us?: <span class="required">*</span></p> <p><select name="heard"> <option>Internet</option> <option>Newspapers</option> <option>Friends or relatives</option> <option>Others</option> </select></p> <p>Your message: <span class="required">*</span></p> <p><textarea cols="75" rows="20" name="message"></textarea></p> <p>Are you human? Sum this please: 5 + 7 = ?: <span class="required">*</span></p></p> <p><input type="text" name="captcha" size="10"/></p> <p><input type="submit" name="submit" value="Send" class="button"/> <input type="reset" value="Reset" class="button"/></p> </form> SECOND PROBLEM:If a user has made a mistake, he gets the error message so that he can correct! However, when a mistake in the form occurs, all the data the user has entered are disappeared! I want the data to keep appearing so that the user does not start over again to fill the form. THIRD: When the erro message is displayed to notify the user that he made a mistake when submitting the form, the message is displaying on the top of the page. I want it to appear below each respective field. How to do that? In JQuery it is simple, but in PHP, I am confusing! Stumped! I have a client who has a form where they upload files to their server: title, two password fields, and the file
They have been unable to upload anything over 10m
Small (under 10mb) files work.
Larger doesn’t
I’ve tracked it down, I think, that the processing page appears to be dropping the form values when the file takes a bit to upload.
I echo’ed the values that are grabbed from the form, and they return empty strings if it takes a while for the file to upload (a large file) - they pass fine if the file is smaller.
I think I've got the php info set correctly, but cannot for the life of me figure out how to adjust the timing out issue, or even where to troubleshoot.
Here's my phpinfo:
Max Requests
Per Child: 750 - Keep Alive: off - Max Per Connection: 100
Timeouts
Connection: 120 - Keep-Alive: 5
Directive
Local Value
Master Value
allow_call_time_pass_reference
Off
Off
allow_url_fopen
On
On
allow_url_include
Off
Off
always_populate_raw_post_data
Off
Off
arg_separator.input
&
&
arg_separator.output
&
&
asp_tags
Off
Off
auto_append_file
no value
no value
auto_globals_jit
On
On
auto_prepend_file
no value
no value
browscap
/etc/browscap.ini
/etc/browscap.ini
default_charset
no value
no value
default_mimetype
text/html
text/html
define_syslog_variables
Off
Off
disable_classes
no value
no value
disable_functions
leak,posix_getpwuid,posix_getpwnam,posix_getgrid,posix_getgrnam,posix_getgroups
leak,posix_getpwuid,posix_getpwnam,posix_getgrid,posix_getgrnam,posix_getgroups
display_errors
Off
Off
display_startup_errors
Off
Off
doc_root
no value
no value
docref_ext
no value
no value
docref_root
no value
no value
enable_dl
Off
Off
error_append_string
no value
no value
error_log
/mnt/Target01/337846/945285/www.dermerrealestate.com/logs/php_errors.log
no value
error_prepend_string
no value
no value
error_reporting
30711
30711
exit_on_timeout
Off
Off
expose_php
Off
Off
extension_dir
/usr/lib64/php/modules
/usr/lib64/php/modules
file_uploads
On
On
highlight.bg
#FFFFFF
#FFFFFF
highlight.comment
#FF8000
#FF8000
highlight.default
#0000BB
#0000BB
highlight.html
#000000
#000000
highlight.keyword
#007700
#007700
highlight.string
#DD0000
#DD0000
html_errors
On
On
ignore_repeated_errors
Off
Off
ignore_repeated_source
Off
Off
ignore_user_abort
Off
Off
implicit_flush
Off
Off
include_path
.:/usr/share/pear:/usr/share/php
.:/usr/share/pear:/usr/share/php
log_errors
On
On
log_errors_max_len
1024
1024
magic_quotes_gpc
On
On
magic_quotes_runtime
Off
Off
magic_quotes_sybase
Off
Off
mail.add_x_header
On
On
mail.force_extra_parameters
no value
no value
mail.log
no value
no value
max_execution_time
30
30
max_file_uploads
20
20
max_input_nesting_level
64
64
max_input_time
60
60
max_input_vars
1000
1000
memory_limit
128M
128M
open_basedir
no value
no value
output_buffering
no value
no value
output_handler
no value
no value
post_max_size
8M
8M
precision
14
14
realpath_cache_size
4M
4M
realpath_cache_ttl
120
120
register_argc_argv
On
On
register_globals
Off
Off
register_long_arrays
On
On
report_memleaks
On
On
report_zend_debug
On
On
request_order
no value
no value
safe_mode
Off
Off
safe_mode_exec_dir
no value
no value
safe_mode_gid
Off
Off
safe_mode_include_dir
no value
no value
sendmail_from
no value
no value
sendmail_path
/usr/sbin/sendmail -t -i
/usr/sbin/sendmail -t -i
serialize_precision
100
100
short_open_tag
On
On
SMTP
localhost
localhost
smtp_port
25
25
sql.safe_mode
Off
Off
track_errors
Off
Off
unserialize_callback_func
no value
no value
upload_max_filesize
8M
8M
upload_tmp_dir
/tmp
/tmp
user_dir
no value
no value
user_ini.cache_ttl
300
300
user_ini.filename
.user.ini
.user.ini
variables_order
EGPCS
EGPCS
xmlrpc_error_number
0
0
xmlrpc_errors
Off
Off
y2k_compliance
On
On
zend.enable_gc
On
On
I have read around and can't seem to find the right coding for what I need on this forum and some other other forums. I have a contact form (as listed below) and I need 2 locations (Print Name and Title) fields to auto-populate on a separate form (can be a doc, pdf, etc. any form of document which is easiest) and this form can be totally back end and the individual using the form never is going to see the form. It's going on a contract form, that we would like to auto-populate. Also is there a simple attachment code so individuals can attach documents to the code? <p style: align="center"><form action="mailtest.php" method="POST"> <?php $ipi = getenv("REMOTE_ADDR"); $httprefi = getenv ("HTTP_REFERER"); $httpagenti = getenv ("HTTP_USER_AGENT"); ?> <input type="hidden" name="ip" value="<?php echo $ipi ?>" /> <input type="hidden" name="httpref" value="<?php echo $httprefi ?>" /> <input type="hidden" name="httpagent" value="<?php echo $httpagenti ?>" /> <div align="center"> <p class="style1">Name</p> <input type="text" name="name"> <p class="style1">Address</p> <input type="text" name="address"> <p class="style1">Email</p> <input type="text" name="email"> <p class="style1">Phone</p> <input type="text" name="phone"> <p class="style1">Debtor</p> <input type="text" name="debtor"> <p class="style1">Debtor Address</p> <input type="text" name="debtora"> <br /> <br /> <a href="authoforms.php" target="_blank" style="color:#ffcb00" vlink="#ffcb00">Click here to view Assignment Agreement and Contract Agreement</a> <p class="style1"><input type='checkbox' name='chk' value='I Have read and Agree to the terms.'> I have read and agree to the Assignment and Contract Agreement <br></p> <p class="style1">Print Name</p> <input type="text" name="pname"> <p class="style1">Title</p> <input type="text" name="title"> <p class="style1">I hear by agree that the information I have provided is true, accurate and the information I am submitting is <br /> not fraudulent. Please click the agree button that you adhere to Commercial Recovery Authority Inc.'s terms:</p> <select name="agree" size="1"> <option value="Agree">Agree</option> <option value="Disagree">Disagree</option> </select> <br /> <br /> <p class="style1">Employee ID:</p> <input type="text" name="employee"> <br /> <input type="submit" value="Send"><input type="reset" value="Clear"> </div> </form> </p> The mailtest php is this ?php $ip = $_POST['ip']; $httpref = $_POST['httpref']; $httpagent = $_POST['httpagent']; $name = $_POST['name']; $address = $_POST['address']; $email = $_POST['email']; $phone = $_POST['phone']; $debtor = $_POST['debtor']; $debtora = $_POST['debtora']; $value = $_POST['chk']; $pname = $_POST['pname']; $title = $_POST['title']; $agree = $_POST['agree']; $employee = $_POST['employee']; $formcontent=" From: $name \n Address: $address \n Email: $email \n Phone: $phone \n Debtor: $debtor \n Debtor's Address: $debtora \n 'Client' has read Assignment and Contract Agreement: $value \n Print Name: $pname \n Title: $title \n I hear by agree that the information I have provided is true, accurate and the information I am submitting is not fraudulent. Please click the agree button that you adhere to Commercial Recovery Authority Inc.'s terms: $agree \n \n Employee ID: $employee \n IP: $ip"; $recipient = "mail@crapower.com"; $subject = "Online Authorization Form 33.3%"; $mailheader = "From: $email \r\n"; mail($recipient, $subject, $formcontent, $mailheader) or die("Error!"); echo "Thank You!" . " -" . "<a href='index.php' style='text-decoration:none;color:#ffcb00;'> Return Home</a>"; $ip = $_POST['visitoraddress'] ?> Hello, first time poster.. I've looked the web over for a long time and can't figure this one out. - Below is basic code that successfully checks MySQL for a match and displays result. I was debugging and forced the "height" and "width" to be 24 and 36 to make sure that wasn't the problem. That's good.. - I'd like to give the user ability to select width and height from a form.. and have it do an onchange this.form.submit so the form can be changing as fields are altered (thus the onchange interaction) - In a normal coding environment I've done this numerous times with no "Page cannot be displayed" problems. It would simply change one select-option value at a time til they get down the form and click submit... but in WordPress I'm having trouble making even ONE single onchange work! - I've implemented the plugins they offer which allows you to "copy+paste" your php code directly into their wysiwyg editor. That works with basic tests like my first bullet point above. - I've copied and pasted the wordpress url (including the little ?page_id=123) into the form "action" url... that didn't work... tried forcing it into an <option value=""> tag.. didn't work. I'm just not sure. I've obviously put xx's in place of private info.. Why does this form give me Page Cannot Be Displayed in WordPress every time? It won't do anything no matter how simple.. using onchange.. Code.. $con = mysql_connect("xxxx.xxxxxxx.com","xxxxxx","xxxxx"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("xxxxxx", $con); $myprodwidth=24; $myprodheight=36; $result = mysql_query("SELECT * FROM product_sizes WHERE prodwidth='$myprodwidth' and prodheight='$myprodheight'"); while($row = mysql_fetch_array($result)) { echo $row['prodprice']; } mysql_close($con); <form method="post" action=""> <select name="myheight" onchange="this.form.submit();"> <option selected="selected" value="">select height</option> <option value="xxxxxxxxx.com/wordpress/?page_id=199&height=36">36</option> <option value="xxxxxxxxx.com/wordpress/?page_id=199&height=36">48</option> </select> There are two pieces to this- The HTML Form and the resulting php. I can't seem to make the leap, from the code to having the form produce the php page so others can view it until the form is again submitted overwriting the php, thus generating new content. The environment I am working in is limited to IIs 5.1 and php 5.2.17 without mySQL or other DB I'm new to php, this isn't homework,or commercialization, it's for children. I am thinking perhaps fwrite / fread but can't get my head around it. Code snipets below. Any help, please use portions of this code in hopes I can understand it Thanks Code snipet from Output.php Code: [Select] <?php $t1image = $_POST["t1image"]; $t1title = $_POST["t1title"]; $t1info = $_POST["t1info"]; $t2image = $_POST["t2image"]; $t2title = $_POST["t2title"]; $t2info = $_POST["t2info"]; ?> ... <tbody> <tr><!--Headers--> <td style="vertical-align: top; text-align: center; background-color: rgb(204, 255, 255);">Animal</td> <td style="vertical-align: top; text-align: center; background-color: rgb(204, 255, 255);">Image thumb<br> </td> <td style="vertical-align: top; text-align: center; background-color: rgb(204, 255, 255);">Date<br> </td> <td style="vertical-align: top; text-align: center; background-color: rgb(204, 255, 255);">Information<br> </td> </tr> <tr> <td style="vertical-align: top; text-align: center;">Monkey </td> <td style="vertical-align: top; text-align: center;"><img src="<?php echo $t1image.'.gif'; ?>"><!--single image presented selected from radio buttons--> </td> <td style="vertical-align: top; text-align: center;"><?php echo date("m/d/Yh:i A"); ?><!--time stamp generated when submitted form populates all fields at once--> </td> <td style="vertical-align: top; text-align: center;"><a href="#monkey" rel="facebox"><?php echo $t1title ?></a><!--Link name provided by "Title 1", that links to hidden Div generated page with content from "Info1" field--> <div id="Monkey" style="display:none"> <?php echo $t1info; ?> </div> </td> </tr> <tr> <td style="vertical-align: top; text-align: center;">Cat<br> </td> <td style="vertical-align: top; text-align: center;"><img src="<?php echo $t2image.'.gif'?>"></td> <td style="vertical-align: top; text-align: center;"><?php echo date("m/d/Yh:i A"); ?></td> <td style="vertical-align: top; text-align: center;"><a href="#Cat" rel="facebox"><?php echo $t2title ?></a> <div id="Cat" style="display:none"> <?php echo $t2info; ?> </div> </td> </tr> <tr> This replicates several times down the page around 15-20 times ( t1### - t20###) Code Snipet from HTML Form Code: [Select] <form action="animals.php" method="post"> <div style="text-align: left;"><big style="font-family: Garamond; font-weight: bold; color: rgb(51, 51, 255);"><big><big><span>Monkey</span></big></big></big><br> <table style="text-align: left; width: 110px;" border="0" cellpadding="2" cellspacing="0"> <tbody><tr> <td style="vertical-align: top;">Image thumb<br> <input type="radio" name="t1image" value="No opinion" checked><img src="eh.gif" alt="Eh"> <input type="radio" name="t1image" value="Ok"><img src="ok.gif" alt="ok"> <input type="radio" name="t1image" value="Like"><img src="like.gif" alt="Like"> <input type="radio" name="t1image" value="Dont"><img src="dont.gif" alt="Don't Like"> <input type="radio" name="t1image" value="Hate"><img src="hate.gif" alt="Hate"> <input type="radio" name="t1image" value="Other"><img src="other.gif" alt="Other"> <br> Why Title:<input type="text" name="t1title" size="45" value="..."/></td> <td style="vertical-align: top;"> Explain:<br> <textarea name="t1info" cols=45 rows=3 value="..."></textarea> </td></tr></table> <br> <!--Next--> How do I get the Form data to save to the php page for others to view? Hi i am trying to change the query to sort by desc or asc I am using the switch method but the form is not calling the switch statment can someone help me out please? this is the swicth script Code: [Select] switch ($sortby) { case "ASC": $args = array( 's' => $_GET['s'], 'post_type' => 'deals', 'orderby' => 'title', 'order' => 'ASC', 'paged' => get_query_var('paged') ); break; case "DESC": $args = array( 's' => $_GET['s'], 'post_type' => 'deals', 'orderby' => 'title', 'order' => 'DESC', 'paged' => get_query_var('paged') ); break; }This is the form Code: [Select] <form name="myForm"> <select id="sortby" > <option value="ASC">ASC</option> <option value="DESC">DESC</option> </select> </form> I intend to use a onchange so that when depending on the option they select it will change the order? I'm not sure why, but once I added a search form in my nav menu, it made my other forms on the website such as login and signup form take them to where the search button would take them. any ideas??? Hi all, What I am trying to achieve is, I thought quite simple! Basically, a user signs up and chooses a package, form is submitted, details added to the database, email sent to customer, then I want to direct them to a paypal payment screen, this is where I am having issues! Is their any way in php to submit a form without user interaction? Here is my code for the form process page Code: [Select] <?php include('config.php'); require('scripts/class.phpmailer.php'); $package = $_POST['select1']; $name = $_POST['name']; $email = $_POST['email']; $password = md5($_POST['password']); $domain = $_POST['domain']; $a_username = $_POST['a_username']; $a_password = $_POST['a_password']; $query=mysql_query("INSERT INTO orders (package, name, email, password, domain, a_username, a_password) VALUES ('$package', '$name', '$email', '$password', '$domain', '$a_username', '$a_password')"); if (!$query) { echo "fail<br>"; echo mysql_error(); } else { $id = mysql_insert_id(); $query1=mysql_query("INSERT INTO customers (id, name, email, password) values ('$id', '$name', '$email', '$password')"); if (!$query1) { echo "fail<br>"; echo mysql_error(); } if($package=="Reseller Hosting") { //email stuff here - all works - just cutting it to keep the code short if(!$mail->Send()) { echo "Message could not be sent. <p>"; echo "Mailer Error: " . $mail->ErrorInfo; exit; } ?> <form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick-subscriptions"> <input type="hidden" name="business" value="subscription@jollyhosting.com"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="item_name" value="Jolly Hosting Reseller Packages"> <input type="hidden" name="no_shipping" value="1"> <!--1st month --> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="a3" value="3.00"> <input type="hidden" name="p3" value="1"> <input type="hidden" name="t3" value="M"> <input type="hidden" name="src" value="1"> <input type="hidden" name="sra" value="1"> </form>'; <?php } //last } //end ?> This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=347360.0 |
|||||||