|
PHP - Html Php 3 Submit Button To Pass Values To 3 Different Pages
I have a page that contains a List box containing a list of categories taken from a mysql database, 4 iframe elements and 4 submit button (code to follow)
When an item is selected from the List box the onchange event submits the page to jobs.php and loads it into the joblist iframe. Once the iframe is loaded and visible it makes the "Add Job To Category" submit button visible. This all works great
When I click the "Add Job To Category" Submit button it loads Jobnew.php into the jobed iframe this is working but I can not seem to figure out how to pass the selected item from the List box using this submit button
I hope I am clear in my question if not please advise any help is very much appreciated....
Jobtask.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Job Configuration</title>
<head>
</head>
<body>
<div style="position:absolute;left:5px;top:0px;width:1345px;height:50px;z-index:0;">
<img src="images/img0001.png" id="Shape1" alt="" style="border-width:0;width:1345px;height:50px;"></div>
<span style='position:fixed;left:525px;top:8px;font-family:Arial;font-size:32px;width:275px;'>Job Configuration</span>
<form action='index.html' target='' method='post'>
<div style="position:absolute;left:205px;top:55px;width:1345px;height:50px;z-index:0;">
<Input type="submit" action="index.html" Target="_top" method='post'Value="Main Menu">
</div>
</form>
<form style=position:fixed;left:200px;top:82px;>
<iframe name='joblist' id='joblist' style=position:fixed;left:200px;top:px;visibility:hidden;z-index:10 src='' height="475" width="1150" scrolling='yes' frameBorder='0' ></iframe>
<iframe name='job' id='job' style=absolute:fixed;left:200px;top:0px;visibility:hidden;z-index:0 src='' height="475" width="1150" scrolling='yes' frameBorder='0' ></iframe>
<iframe name='jobed' id='jobed' style=position:fixed;left:460px;top:150px;visibility:hidden;z-index:10 src='' height="217" width="350" scrolling='no' frameBorder='0' ></iframe>
<iframe name='newcat' id='newcat' style=position:fixed;left:460px;top:150px;visibility:hidden;z-index:10 src='' height="125" width="350" scrolling='no' frameBorder='0' ></iframe>
</form>
<?php
error_reporting(E_ALL);
include('dbcon/dbconnect.php');
$con=mysqli_connect($host,$user,$password,$db);
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if (isset($_POST['id'])) {
$insql= "INSERT INTO catagory (Catagory) VALUES ('$_REQUEST[newcat]')";
$con->query($insql);
}
$Catresult = mysqli_query($con, "SELECT CatID, Catagory FROM catagory");
echo "<div id='wb_CatSel' style='position:absolute;z-index:0;text-align:center;'bgcolor='#00b0e6';>";
echo "<span style='position:fixed;left:10px;top:82px;font-family:Arial;font-size:15px;background-color:#00b0e6;width:175px;'>Select Category</span></div>";
echo "<form action='jobs.php' target='joblist' style='position:fixed;left:10px;top:101px;'></td>";
echo "<select name='cat' size='11' style='width: 175px;' onchange='this.form.submit()'>";
while($row = mysqli_fetch_array($Catresult))
{
echo "<option value=\"".$row['CatID']."\">".$row['Catagory']."</option>\n ";
}
echo "</select>";
echo "</form>";
echo "<form action='Jobnew.php' target='jobed' method='post'>";
echo "<div style='position:absolute;left:10px;top:285px;width:1345px;height:50px;z-index:0;'>";
echo "<Input type='hidden' id='id1'><Input type='submit' id='sbtn' style='width:175px;visibility:hidden;' Value='Add Job To Category'></div></form>";
echo "<form action='Jobtask.php' target='' method='post'>";
echo "<div style='position:absolute;left:10px;top:310px;width:1345px;height:50px;z-index:0;'>";
echo "<Input type='submit' style='width:175px;' action='Jobtask.php' Target='_top' method='post' Value='Reset Form'></div></form>";
echo "<form action='newcat.php' target='newcat' method='post'>";
echo "<div style='position:absolute;left:10px;top:335px;width:1345px;height:50px;z-index:0;''>";
echo "<Input type='submit' style='width:175px;'' action='newcat.php' Target='newcat' method='post' Value='Add New Category'></div></form>";
?>
</body>
</html>
Similar TutorialsPlease tell me how can i do it ??
Hello World, I need some tips on how to make a button that does something like the code below. .......echo '<tr><td align="left"><a href="add_cart.php?pid=' . $row1['item_id'] . '">Add to Cart</a></td>........ I've been messing with html form and button type with no success. This code does the job but I prefer a button. Thanks Hello. Basically I've created a login script. Works great. It sends users to different locations depending on what type of user they are. Now I have also created a Members account. Upon logging in this user should go to the members area. That all works fine! In the login script i stored a few session variable like username, access_level and so on. Now in the members area I am trying to make the page echo the name of the current user. I have been stairing at my code too long and can no longer see why nothing is echo'ing. Any ideas. I thought that the session_start() would continue the session in the next page and throughout the site until the person logs off and runs the session_destroy()! Is this not correct. First ill post the login script <?php include('database.php'); session_start(); if(isset($_POST['submit3'])) { $email = stripslashes($_POST['email3']); $password = stripslashes($_POST['password3']); $email = mysql_real_escape_string($_POST['email3']); $password = md5($password); $CheckUser = "SELECT * FROM Members WHERE email='".$email."' AND password='".$password."'"; $userDetails2 = mysql_query($CheckUser); $userInfo = mysql_fetch_array($userDetails2); $count = mysql_num_rows($userDetails2); if($count != 0) { $_SESSION['username'] = $userInfo['username']; $_SESSION['usertype'] = $userInfo['usertype']; $_SESSION['access_level']= $userInfo['access_level']; if($userInfo['usertype']== 'Member') { header('Location: members/index.php'); } else if($userInfo['usertype'] == 'Owner') { header('Location: owner/index.php'); } else if($userInfo['usertype'] == 'Corporation') { header('Location: corporation/index.php'); } else if($userInfo['usertype'] == 'Administrator') { header('Location: owner/admin/index.php'); } else if($userInfo['usertype'] == 'Staff') { header('Location: owner/staff/index.php'); } } else { $message = "incorrect login details"; } } ?> now ill post the members page <?php include('../database.php'); session_start(); ?> <head> <link href="stylz.css" rel="stylesheet" type="text/css" /> <link href="reset.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> WELCOME TO THE MEMBERS AREA <?php $_SESSION['username']; ?> <?php include('../title.php');?> <?php include('../nav.php');?> <div id="test"></div> <?php include('../footer.php');?> </div> </body> </html> i have to pass a variable to so many pages i mean variable post from index.html to page1.php and it has to pass to other pages like page2.php, page3.php and so on, i tried session_start() but i am getting the below error so please tell me how it is possible to Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by and Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent the info posts beautifully i just canst seem to get the button to auto click or submit, tried numerous ways! help Code: [Select] <?php require_once "../store/paypal/utility.php"; require_once "../store/paypal/constants.php"; $url = "https://www.".DEFAULT_ENV.".paypal.com/cgi-bin/webscr"; $postFields = "cmd=".urlencode("_notify-synch"). "&tx=".urlencode(htmlspecialchars($_GET["tx"])). "&at=".urlencode(DEFAULT_IDENTITY_TOKEN); $ppResponseAr = Utils::PPHttpPost($url, $postFields, true); if(!$ppResponseAr["status"]) { Utils::PPError($ppResponseAr["error_msg"], $ppResponseAr["error_no"]); exit; } $httpParsedResponseAr = $ppResponseAr["httpParsedResponseAr"]; // assign posted variables to local variables $item_name = $httpParsedResponseAr['item_name']; $item_number = $httpParsedResponseAr['item_number']; $receiver_email = $httpParsedResponseAr['receiver_email']; $receiver_id = $httpParsedResponseAr['receiver_id']; $quantity = $httpParsedResponseAr['quantity']; $first_name = $httpParsedResponseAr['first_name']; $last_name = $httpParsedResponseAr['last_name']; $payer_email = $httpParsedResponseAr['payer_email']; $txn_type = $httpParsedResponseAr['txn_type']; $address_street = $httpParsedResponseAr['address_street']; $address_city = $httpParsedResponseAr['address_city']; $address_state = $httpParsedResponseAr['address_state']; $address_zip = $httpParsedResponseAr['address_zip']; $item_number = $httpParsedResponseAr['item_number']; $option_name1 = $httpParsedResponseAr['option_name1']; $option_selection1 = $httpParsedResponseAr['option_selection1']; $option_name2 = $httpParsedResponseAr['option_name2']; $option_selection2 = $httpParsedResponseAr['option_selection2']; $invoice = $httpParsedResponseAr['invoice']; $custom = $httpParsedResponseAr['custom']; $payer_id =$httpParsedResponseAr['payer_id']; ?> <html lang="en"> <head> <title>Rec</title> <link REL="stylesheet" href="include/style.css" type="text/css"> <!--[if IE]> <link REL="stylesheet" href="include/styleIE.css" type="text/css"> <![endif]--> <style> #center_block {width:50%;margin:0 auto;min-width:500px;} #contents_block {text-align:center;} #header_block {white-space:nowrap;height:25px;padding:0 10px 5px;text-align:center;} #fields_block {width:100%;margin:0;padding:10px} #header_block span {margin:0 5px} #buttons_block {padding:10px 10px 5px} #buttons_block div {padding:3px} #delimiter {margin:2px} #fields_block td {padding:3px 14px} #username_block td {padding-top:13px;white-space:nowrap;} #remember_block td {padding-bottom:13px;white-space:nowrap;} #required_block {text-align:left;padding:5px} </style> <!--[if IE]> <style> #main_block {width:100%} </style> <![endif]--> </head> <body> <script language="JavaScript" src="include/jquery.js"></script> <script language="JavaScript" src="include/jsfunctions.js"></script> <script language="JavaScript" src="include/runnerJS/RunnerBase.js"></script> <form action="rec.php" method="post" id="rec" name="rec.php"> <table id="center_block" align="center"> <tr><td id="contents_block"> <div class="main_table_border2 loginshade" id="main_block"> <table cellpadding=0 cellspacing=0 border=0 id="fields_block" class="loginshade"> <tr id="email_fieldblock"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_email_1">Email:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_email_0" style="white-space: nowrap;"><input id="value_email_1" style="" type="text" name="value_email_1" maxlength=50 value="<?php echo urldecode($httpParsedResponseAr["payer_email"]) ?>"> <font color="red">*</font></span> <div class="error"></div> </td> </tr> <tr id="pass_fieldblock"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_pass_1">Pass:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_pass_0" style=""><input style="" id="value_pass_1" type="Password" name="value_pass_1" maxlength=50 value="1234"> <font color="red">*</font></span> <div class="error"></div> </td> </tr> <tr id="confirm_block"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_confirm_1">Re-enter password:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_confirm_0" style=""><input style="" id="value_confirm_1" type="Password" name="value_confirm_1" value="1234"> <font color="red">*</font></span> <div class="error"></div> </td> </tr> <tr id="fname_fieldblock"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_fname_1">First Name:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_fname_0" style="white-space: nowrap;"><input id="value_fname_1" style="" type="text" name="value_fname_1" maxlength=50 value="<?php echo urldecode($httpParsedResponseAr["first_name"]) ?>"> <font color="red">*</font></span> </td> </tr> <tr id="lname_fieldblock"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_lname_1">Last Name:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_lname_0" style="white-space: nowrap;"><input id="value_lname_1" style="" type="text" name="value_lname_1" maxlength=50 value="<?php echo urldecode($httpParsedResponseAr["last_name"]) ?>"> <font color="red">*</font></span> </td> </tr> <tr id="address_fieldblock"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_address_1">Address:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_address_0" style="white-space: nowrap;"><input id="value_address_1" style="" type="text" name="value_address_1" maxlength=50 value="<?php echo urldecode($httpParsedResponseAr["address_street"]) ?>"> <font color="red">*</font></span> </td> </tr> <tr id="city_fieldblock"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_city_1">City:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_city_0" style="white-space: nowrap;"><input id="value_city_1" style="" type="text" name="value_city_1" maxlength=50 value="<?php echo urldecode($httpParsedResponseAr["address_city"]) ?>"> <font color="red">*</font></span> </td> </tr> <tr id="state_fieldblock"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_state_1">State:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_state_0" style="white-space: nowrap;"><input id="value_state_1" style="" type="text" name="value_state_1" maxlength=50 value="<?php echo urldecode($httpParsedResponseAr["address_state"]) ?>"> <font color="red">*</font></span> </td> </tr> <tr id="zip_fieldblock"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_zip_1">Zip:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_zip_0" style="white-space: nowrap;"><input id="value_zip_1" style="" type="text" name="value_zip_1" maxlength=50 value="<?php echo urldecode($httpParsedResponseAr["address_zip"]) ?>"> <font color="red">*</font></span> </td> </tr> <tr id="cosponsor_fieldblock"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_cosponsor_1">Cosponsor:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_cosponsor_0" style=""><input id="type_cosponsor_1" type="hidden" name="type_cosponsor_1" value="checkbox"><input id="value_cosponsor_1" type="Checkbox" name="value_cosponsor_1" ></span> </td> </tr> <tr id="recipients_fieldblock"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_recipients_1">Recipients:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_recipients_0" style="white-space: nowrap;"><input id="value_recipients_1" style="" type="text" name="value_recipients_1" maxlength=50 value="<?php echo urldecode($httpParsedResponseAr["quantity"]) ?>"> <font color="red">*</font></span> </td> </tr> <tr id="clients_fieldblock"> <td align=left width=50% class=loginshade> <div align="left"><label for="value_clients_1">Clients:</label></div> </td> <td width=50% class=loginshade> <span id="edit1_clients_0" style=""><input id="type_clients_1" type="hidden" name="type_clients_1" value="checkbox"><input id="value_clients_1" type="Checkbox" name="value_clients_1" ></span> </td> </tr> <tr id="space_block"></tr> </table> </div> </td></tr> </table> <input type=submit value="Submit" class=button id="saveButton1" onload="Submit"></form> </body> </html> Hello there,
I have 2 questions:
1) Look he http://www.hellastra...ooking/taxi.php
I have a form and i want to pass values from URL to fields.
So, for example to pass a value to Prefered driver ID field you write this:
http://www.hellastra...?drivercode-123 and the value 123 is passed to that field. I did this with this code:
<?php $sDriverCode = $_REQUEST['drivercode']; ?> <input style="width:100px;" name="drivercode" id="drivercode" value="<?=$sDriverCode?>" data-mini="true" />At the same form i have some radio-type fields. Its the one you see at Type of Vehicle (Standard, Premium etc). When i try to do the same, i cannot get this to work. What i am trying to do is this: hey guys,i'm back with a new prob.. i have an image here that when clicked using onclick, will open a window and sort of pass the php values to the window. okay,it's confusing but perhaps this will help you understand. let me break it down. this is what the image code looks like. i have placed this inside the php echo. Code: [Select] <img src="images/edit.png" alt="Edit rooms" width="16" height="16" onclick="window.open(\'edit.php?course='.$row['c_name'].'&year='.$row['year'].'&block='.$row['block'].'\',\'width=300, height=200, menubar=yes\')"/> now my problem is i can't seem to get all three of the values, c_name,year and block to be posted on the window.. here's the code on edit.php: Code: [Select] <?php include("dbcon.php"); $course = $_GET['c_name']; $year = $_GET['year']; $block = $_GET['block']; ?> <html> <body> Course:<input type="text" name="course" value="<?php echo $course;?>"><br> Year:<input type="text" name="year" value="<?php echo $year;?>"><br> Block:<input type="text" name="block" value="<?php echo $block;?>"><br></html> i have already used $_GET as you can see but only year and block appear on the form. i get a notice saying that c_name is an undefined index. i am really confused and i don't know what the problem is. i hope you guys can help me.. Friends I am new to php and i have to submit my coursework in php by 3rd dec, I stuck at one place where i have to upload multiple photo and one can see all the photo he has uploaded and can edit or delete that photo so i have done uploading now i am showing those pics in table by running loop and generating tr and td but now i have two buttons with each row edit and delete now when i clicked on one delete or edit that pic should be delete or give text box to edit description of pic, Please help me how to do that....... Hi, I'm trying to pass values from an array into a form. As a newbie, I've came up with the code underneath, but I want to pinpoint all the first values toward 1 selection list in the form. Any suggestions how to accomplish this? Thanks in advance. Ruud <html> <head> <title>Test formulier</title> </head> <body> <h2>Test formulier</h2> <form action="test.php" method="post"> <p> <?php $prijzen = array( array("01", "125","150", "A" => true,"B" => true), array("02", "125","150", "A" => true,"B" => true), array("03", "125","150", "A" => true,"B" => false), array("04", "125","150", "A" => true,"B" => true) ); ?> </P> <select name="prijzen[]" id="prijzen" multiple="multiple" size="7" class="none"> <?php while(list($key, $val) = each($prijzen)){ while(list($key2, $val2) = each($val)){ echo '<option value="'.$key2.'">'.$val2.'</option>'.PHP_EOL; } } ?> </select> </body> </html> I am under developing PHP add to cart without DB, so that i am using SESSION, actually get data from fetch_data.php data to my_cart.php using the POST method, successfully retun the values, After receiving the post data how can i convert to display like a table. workout: fetch_data.php return values. https://snag.gy/IASCMZ.jpg & values received https://snag.gy/ojWxHe.jpg Here is my my_cart.php :
// FYI -> Here i am using only two fields : voice_sku & voice_name
<table width="100%" cellpadding="6" cellspacing="0">
<thead>
<tr>
<th>Voice Sku</th>
<th>Voice Name</th>
<th>Remove</th>
</tr>
</thead>
<tbody>
<?php
session_start();
$voice_sku = '';
$voice_name = '';
if(isset($_POST['voice_sku'])&& isset($_POST['voice_name']))
{
// print_r($_POST);
// die();
$voice_sku = $_POST['voice_sku'];
$voice_name = $_POST['voice_name'];
$_SESSION['voice_sku'] = $voice_sku;
$_SESSION['voice_name'] = $voice_name;
}
var_dump($_SESSION);
?>
<tr>
<td colspan="5">
<span style="float:right;text-align: right;">
<!-- -->
</span>
</td>
</tr>
<tr>
<td colspan="5">
<a href="index.php" class="button">Add More Items</a>
<button type="submit">Update</button>
</td>
</tr>
</tbody>
</table>
First, I will select checkbox then click generate report then it displays the items with download link Then i click download link to download the selected checkbox values in pdf I want to download the selected checkbox items by clicking download link Now i am getting all check box items in the pdf download How to download only the selected check box items Code: [Select] <?php session_start(); $_SESSION['pidd'] = 2; $sessvar = $_SESSION['pidd']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Untitled Document</title> <link rel="stylesheet" type="text/css" href="css/style.css" /> <style type="text/css" media="print"> DIV#noprint{visibility:hidden;} INPUT#printbutt{visibility:hidden;} #downloadlink{visibility:hidden;} </style> <script type="text/javascript"> function gen() { var st1=document.getElementById("ckbox1").checked; var st2=document.getElementById("ckbox2").checked; var st3=document.getElementById("ckbox3").checked; var st4=document.getElementById("ckbox4").checked; if(st1 == true) { document.getElementById('g1').style.display = 'block'; } if(st2 == true) { document.getElementById('g2').style.display = 'block'; } if(st3 == true) { document.getElementById('g3').style.display = 'block'; } if(st4 == true) { document.getElementById('g4').style.display = 'block'; } document.getElementById('p_info').style.display = 'none'; document.getElementById('histree').style.display = 'none'; document.getElementById('insurence').style.display = 'none'; document.getElementById('billin').style.display = 'none'; } function showuser() { document.getElementById('g1').style.display = 'none'; document.getElementById('g2').style.display = 'none'; document.getElementById('g3').style.display = 'none'; document.getElementById('g4').style.display = 'none'; var str1=document.getElementById("ckbox1").checked; var str2=document.getElementById("ckbox2").checked; var str3=document.getElementById("ckbox3").checked; var str4=document.getElementById("ckbox4").checked; if(str1 == true) { document.getElementById('p_info').style.display = 'block'; } else document.getElementById('p_info').style.display = 'none'; if(str2 == true) { document.getElementById('histree').style.display = 'block'; } else document.getElementById('histree').style.display = 'none'; if(str3 == true) { document.getElementById('insurence').style.display = 'block'; } else document.getElementById('insurence').style.display = 'none'; if(str4 == true) { document.getElementById('billin').style.display = 'block'; } else document.getElementById('billin').style.display = 'none'; } function checkByParent(aId, aChecked) { var collection = document.getElementById(aId).getElementsByTagName('INPUT'); for (var x=0; x<collection.length; x++) { if (collection[x].type.toUpperCase()=='CHECKBOX') collection[x].checked = aChecked; } } </script> </head> <body> <div id="main_content"> <div id="left"> <div id="noprint"> <h4>Patient Report</h4> <a id="check_all" href="#" style="text-decoration:none" onClick="checkByParent('checkboxes', true); return false;">check all</a> <a id="uncheckall" href="#" style="text-decoration:none" onClick="checkByParent('checkboxes', false); return false;">uncheck all</a> <br> <br> <form method="post" name="myform" action=""> <div id="checkboxes"> <div id="cb_id1"> <input id="ckbox1" name="cbox1" type="checkbox" <? if(isset($_REQUEST['cbox1'])) echo 'checked="checked"' ; ?> value="p_info" /> Patient Info </div> <div id="cb_id2"> <input id="ckbox2" name="cbox2" type="checkbox" <?php if(isset($_REQUEST['cbox2'])) echo 'checked="checked"' ; ?> value="histree" /> History </div> <div id="cb_id3"> <input id="ckbox3" name="cbox3" type="checkbox" <?php if(isset($_REQUEST['cbox3'])) echo 'checked="checked"' ; ?> value="insurance" /> Insurence </div> <div id="cb_id4"> <input id="ckbox4" name="cbox4" type="checkbox" <?php if(isset($_REQUEST['cbox4'])) echo 'checked="checked"' ; ?> value="billin" /> Billing </div> </div> <!--checkboxes div --> <br> <input id="vuprint" name="view" type="button" value="View" onClick="showuser();"> <hr/> <label for="docs"> Documents:<br> <br> </label> <input name="sub" type="button" value="Generate report" onclick="gen();"> <hr/> </form> <input id="printbutt" name="prt" type="button" value="Print" onClick="javascript:window.print();"> </div> <!--No print --> </div> <!--Left div --> <div id="side"> <div id="p_info"> <?php require("db_conn.php"); $pinfo = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='".$sessvar."' "); while($fet = mysqli_fetch_array($pinfo)) { echo "<h4>Patient Info</h4>"; echo "<b>Name: </b>" . $fet["P_Fname"] . " " . $fet["P_Lname"]. "<br>"; echo "<b>Dob:</b> " . date("d-m-Y",strtotime($fet["P_Dob"]))."<br>"; echo "<b>Age:</b> " . $fet["P_Age"]."<br>"; echo "<b>Gender:</b> " . $fet["P_Gender"]."<br>"; echo "<b>Marital Status:</b> " . $fet["P_Mstatus"]."<br>"; echo "<b>Blood: </b>" . $fet["P_Blood"]."<br>"; echo "<b>Height: </b>" . $fet["P_Height"] . $fet["P_Hval"]."<br>"; echo "<b>Weight: </b>" . $fet["P_Weight"] . $fet["P_Wval"]; } ?> </div> <div id="histree"> <?php $his = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='".$sessvar."' "); while($hisrow = mysqli_fetch_array($his,MYSQLI_ASSOC)) { echo "<h4>Patient Histroy</h4>"; echo "<b>P_Idate: </b>" . date("d-m-Y",strtotime($hisrow["P_Idate"]))."<br>"; echo "<b>P_Edate: </b>" . date("d-m-Y",strtotime($hisrow["P_Edate"]))."<br>"; echo "<b>D_Ddate: </b>" . date("d-m-Y",strtotime($hisrow["D_Ddate"])); } ?> </div> <!-- Insurence --> <div id="insurence"> <?php $insu = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='".$sessvar."' "); while($insrow = mysqli_fetch_array($insu,MYSQLI_ASSOC)) { ?> <?php echo "<h4>Insurence</h4>"; echo "<b>P_Isname: </b>" . $insrow["P_Isname"]."<br>"; // echo $insow[""]; } ?> </div> <div id="billin"> <?php $bilrow = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' "); while($bill = mysqli_fetch_array($bilrow,MYSQLI_ASSOC)) { ?> <?php echo "<h4>Billing</h4>"; echo "<b>P_Fbill: </b>" . $bill["P_Fbill"]."<br>"; echo "<b>Fees: </b>" . $bill["fees"]; } ?> </div> </div> <!--/side div --> <div id="generatereport"> <div id="g1" style="display:none; clear:both;"> <label for="Gen_reports">Generaterd reports</label> <br /> <br /> <?php $pinfo = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' "); while($fet = mysqli_fetch_array($pinfo,MYSQLI_ASSOC)) { $new_dob = date("d-m-Y",strtotime($fet["P_Dob"])); ?> <?php echo "<h4>Patient Info</h4>"; echo "<b>Patient Id:</b> ". $fet["P_Id"]."<br>"; echo "<b>Name:</b> " . $fet["P_Fname"] . " " . $fet["P_Lname"]."<br>"; echo "<b>Dob:</b> " . $new_dob ."<br>"; echo "<b>Age:</b> " .$fet["P_Age"]."<br>"; echo "<b>Gender:</b> " . $fet["P_Gender"]."<br>"; echo "<b>Marital Status:</b> " . $fet["P_Mstatus"]. "<br>"; echo "<b>Blood:</b> " . $fet["P_Blood"] . "<br>"; echo "<b>Height:</b> " . $fet["P_Height"] . $fet["P_Hval"]. "<br>"; echo "<b>Weight:</b> " . $fet["P_Weight"] . $fet["P_Wval"]. "<br>"; } echo "*************************************************************************************************************************"; ?> </div> <div id="g2" style="display:none"> <?php $his = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' "); while($secrow = mysqli_fetch_array($his,MYSQLI_ASSOC)) { echo "<h4>Patient Histroy</h4>"; echo "<b>P_Idate:</b> " . date("d-m-Y",strtotime($secrow["P_Idate"])) ."<br>"; echo "<b>P_Edate:</b> " . date("d-m-Y",strtotime($secrow["P_Edate"])) ."<br>"; echo "<b>D_Ddate:</b> " . date("d-m-Y",strtotime($secrow["D_Ddate"])) ."<br>"; } echo "*************************************************************************************************************************"; ?> </div> <div id="g3" style="display:none"> <?php $insu = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' "); while($insrow = mysqli_fetch_array($insu,MYSQLI_ASSOC)) { echo "<h4>Insurence</h4>"; echo "<b>P_Isname:</b>" . $insrow["P_Isname"]."<br>"; } echo "*************************************************************************************************************************"; ?> </div> <div id="g4" style="display:none"> <?php $bilrow = mysqli_query($mysqli,"SELECT * FROM patient_datas WHERE P_Id='1' "); while($bill = mysqli_fetch_array($bilrow,MYSQLI_ASSOC)) { echo "<h4>Billing</h4>"; echo "<b>P_Fbill:</b> " . $bill["P_Fbill"]."<br>"; echo "<b>Fees:</b> " . $bill["fees"]; } ?> </div> <?php $infochk = 'p_info'; $hischk = 'histree'; $insuchk = 'insurance'; $billchk = 'billin'; ?> <a id="downloadlink" href="download_pdf2.php?info=<?php if(isset($infochk)) echo $infochk; ?>&hist=<?php if(isset($hischk)) echo $hischk; ?>&insu=<?php if(isset($insuchk)) echo $insuchk; ?>&billin=<?php if(isset($billchk)) echo $billchk; ?>">Download</a> </div> <!--generate report --> </div> <!--/main_coontent --> </body> </html> Since there have been some debates about how to safely pass PHP values to JavaScript, I hope I can clarify a few things.
One suggestion that kept recurring was to simply run the value through json_encode() and then inject the result into a script element. The JSON-encoding is supposed to (magically?) prevent cross-site scripting vulnerabilities. And indeed it seemingly works, because naïve attacks like trying to inject a double quote will fail.
Unfortunately, this approach doesn't work at all and is fundamentally wrong for several reasons:
json_encode() was never intended to be a security function. It simply builds a JSON object from a value. And the JSON specification doesn't make any security promises either. So even if the function happens to prevent some attack, this is implementation-specific and may change at any time.
JSON doesn't know anything about HTML entities. The encoder leaves entities like " untouched, not realizing that this represents a double quote which is dangerous in a JavaScript context.
The json_encode() function is not encoding-aware, which makes it extremely fragile and unsuitable for any security purposes. Some of you may know this problem from SQL-escaping: There used to be a function called mysql_escape_string() which was based on a fixed character encoding instead of the actual encoding of the database connection. This quickly turned out to be a very bad idea, because a mismatch could render the function useless (e. g. the infamous GBK vulnerability). So back in 2002(!), the function was abandoned in favor of mysql_real_escape_string(). Well, json_encode() is like the old mysql_escape_string() and suffers from the exact same issues.
Any of those issues can be fatal and enable attackers to perform cross-site scripting, as demonstrated below.
1)
The entire “security” of json_encode() is based on side-effects. For example, the current implementation happens to escape forward slashes. But the JSON standard doesn't mandate this in any way, so this feature could be removed at any time (it can also be disabled at runtime). If it does get disabled, then your application is suddenly wide open to even the most trivial cross-site scripting attacks:
<?php
header('Content-Type: text/html; charset=UTF-8');
$input = '</script><script>alert(String.fromCharCode(88, 83, 83));</script><script>';
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>XSS</title>
</head>
<body>
<script>
var x = <?= json_encode($input, JSON_UNESCAPED_SLASHES) ?>;
</script>
</body>
</html>
2)
In XHTML, a script element works like any other element, so HTML entities like " are replaced with their actual characters (in this case a double quote). But JSON does not recognize HTML entities, so an attacker can use them to bypass json_encode() and inject arbitrary characters:
<?php
header('Content-Type: application/xhtml+xml; charset=UTF-8');
$input = "";alert('XSS');"";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>XSS</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
</head>
<body>
<script type="text/javascript">
var x = <?= json_encode($input) ?>;
</script>
</body>
</html>
3)
json_encode() blindly assumes that the input and the output should always be UTF-8. If you happen to use a different encoding, or if an attacker manages to trigger a specific encoding, you're again left with no protection at all:
<?php
header('Content-Type: text/html; charset=UTF-7');
$input = '+ACIAOw-alert(+ACI-XSS+ACI)+ADsAIg-';
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-7">
<title>XSS</title>
</head>
<body>
<script>
var x = <?= json_encode($input) ?>;
</script>
</body>
</html>
(This particular example only works in Internet Explorer.)
I hope this makes it very clear that json_encode() is not a security feature in any way. Relying on it is conceptually wrong and simply a very bad idea.
It's generally not recommended to inject code directly into a script element, because any mistake or bug will immediately lead to a cross-site scripting vulnerability. It's also very difficult to do it correctly, because there are special parsing rules and differences between the various flavors of HTML. If you try it, you're asking for trouble.
So how should one pass PHP values to JavaScript? By far the most secure and robust approach is to simply use Ajax: Since Ajax cleanly separates the data from the application logic, the value can't just “leak” into a script context. This is essentially like a prepared statement.
If you're into micro-optimization and cannot live with the fact that Ajax may need an extra request, there's an alternative approach by the OWASP: You can JSON-encode the data, HTML-escape the result, put the escaped content into a hidden div element and then parse it with JSON.parse():
<?php
header('Content-Type: text/html; charset=UTF-8');
$input = 'bar';
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>XSS</title>
<style>
.hidden {
display: none;
}
</style>
</head>
<body>
<div id="my-data" class="hidden">
<?php
$json_object = json_encode(array(
'foo' => $input,
));
// HTML-escape the JSON object
echo htmlspecialchars($json_object, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8');
?>
</div>
<script>
var data = JSON.parse(document.getElementById('my-data').innerHTML);
alert('The following value has been safely passed to JavaScript: ' + data.foo);
</script>
</body>
</html>
I have a list of checkboxes, like e.g each checkbox has a value as ResumeID, now question is/are; 1) how to get the values of the checkboxes using jQuery ? 2) when I got the values of the checkboxes using jQuery, how to pass those values to a PHP Controller action ? This topic has been moved to PHP Applications. http://www.phpfreaks.com/forums/index.php?topic=357747.0 Is it correct that in order to pass values from web page to web page that you either have to... 1.) Use a Cookie 2.) Use a Session 3.) Write/Read to a Database Record Debbie Hello everyone, I'm trying to code a section of the site which is like an advertising website (i.e, gumtree) where people can post an Ad on the site and have any responses sent to them via email. The thing is that I have a form where they can enter their details and need to POST the information to the following page which is a preview page of their Ad. I have the form action returning to the same page for validation but I need the $_POST vaules to populate the following page without sending information to the database (in an effort to keep the database clean should they decide not to publish their Ad. There are 3 pages in total CREATE AD > PREVIEW AD (where they can go back and edit if they need to) > Publish AD (where they confirm terms and send to database). I do have session variables already set after login in and a seperate table to hold the details after they have confirmed the Ad & terms. Any ideas would be greatly appreciated. Thanks, L-plate I have a script that was written and tested on another server, but now when I transferred it to the live server, session values are not being passed. I made a couple test pages to check and confirmed that the only issue is the session variables. Here is the test I performed. Please tell me what I'm missing: page1.php <? session_start(); $_SESSION['var1'] = 'testing'; print_r($_SESSION); ?> Returns: Array ( [var1] => testing ) page2.php <? session_start(); print_r($_SESSION); ?> Returns: Array () I've got a form that submits values to itself and the user input values are saved into the database in a table with an auto incrementing ID. After SUBMIT is clicked, it reloads the page and all the values are gone, I'm wondering how I can get it to keep the values so that the user can make a single change and resubmit again. I know I can save all the values into the session or in the URL or pass them through $_POST in an array but I'm wondering what is the proper way to do this. Thanks. I'm simply trying to set up a form where, if when a user clicks 'Submit', and then 'Back', the values from the form are preserved. My question is, how do I preserve the values of drop down menus. The following is a snippet of my code: Code: [Select] <select name="dropdown_dept" id="dept_list"> <option value=0><?php echo "Please select one..."?></option> <?php $dropdown_dept = "select dept_name from departments"; $result_dept = $db_conn->query($dropdown_dept); if (!$result_dept) { echo '<p>Unable to get department data.</p>'; return false; } for($i=0; $i<$result_dept->num_rows; $i++) { $app_name_row = $result_dept -> fetch_array(); ?> <option><?php echo($app_name_row[0]); ?></option> <? } ?> </select> Above is where I have set up a drop down menu of departments. Given that code, how can I preserve the department name after a user clicks 'Submit'? |
|||||||