PHP - Req: Check Input And Deny

Code: [Select]
if ($ibforums->input['display1'] == "1"){
//

}else{
$std->Error2("You're being Nawty!");
}
Ok, this works fine.  If they submit anything other then "1" for that input it shows "you're being nawty" but I want it to beable to be anything besides 1 or 0

so I added

Code: [Select]
if ($ibforums->input['display1'] == "0" OR "1"){
//
}else{
$std->Error2("You're being Nawty!");
}
and it still let's me submit anything...... i only want my $ibforums->input['display1'] to accept 1 or 0 as a input!!!! I don't want any hackers submitting other input values for this field! any help?!

I have a register script, and I am wanting to make it so that if the username field contains, lets say "mod", "ass", and more, then it'll return an error and wont let them register.

I can't seem to figure this out.  The queries seem to need to be in the foreach loop.  The queries will then work but they update every blog post in my table.  I only want it to update the 1 that has the button associated with it.  So for instance... only delete the blog post where post_id = ${post['id']}

Do I make the queries be outside of the foreach?  If I do that then MySQL fails because my foreach is using the $post variable.

Code: [Select]
<?php

if (isset($_POST['approve']))
{
$sql = "
UPDATE `blog_posts` SET
`approved` = 1
WHERE `post_id` = '${post['id']}'
";

mysql_query($sql) or die(mysql_error());
}
else if (isset($_POST['deny']))
{
$sql = "
UPDATE `blog_posts` SET
`approved` = -1
WHERE `post_id` = '${post['id']}'
";
}
else if (isset($_POST['delete']))
{
mysql_query("DELETE FROM `blog_posts` WHERE `post_id` = {$post['id']}") or die(mysql_error());
}

foreach ($posts as $post)
{
?>
<div class="post" id="post<?php echo $post['id']; ?>">
<form action="blog.php" method="post" id="blogform" class="man">
<fieldset class="mvs buttonfield">
<span class="button">
<label>
<input type="submit" id="starttop" name="approve" class="invis dark_grey" value="Approve" />
</label>
</span>
<span id="smarktop" class="button disabled">
<label>
<input type="button" id="marktop" name="deny" class="invis dark_grey" value="Deny" disabled="disabled" />
</label>
</span>
<span id="sdeletetop" class="button disabled">
<label>
<input type="submit" id="deletetop" name="delete" class="invis dark_grey" value="Delete" disabled="disabled" />
</label>
</span>
</fieldset>
</form>
</div>
<?php
}

?>

Hello All:

Trying to work with PHP on a contact form with a jQuery Validation to make certain that the visitors fill out the required information. I'll try to show everything that I have, and then the error I am getting when the visitor hits "submit."

I don't know PHP all that well, and trying to learn my way through it. I used a couple of tutorials to add the features I needed and did my own styling on the live site.  Here is the PHP that is currently in the header of my markup:


<?php
//If the form is submitted
if(isset($_POST['submit'])) {

//Check to make sure that the First name field is not empty
if(trim($_POST['firstname']) == '') {
$hasError = true;
} else {
$firstname = trim($_POST['firstname']);
}
    
    //Check to make sure that the Last name field is not empty
if(trim($_POST['lastname']) == '') {
$hasError = true;
} else {
$lastname = trim($_POST['lastname']);
}
    
    //Check to make sure that the Street Address 01 field is not empty
if(trim($_POST['street01']) == '') {
$hasError = true;
} else {
$street01 = trim($_POST['street01']);
}
    
    //If Street02 is filled out, give it a value
    
    $street02  = $_POST['street02'];
    
    //Check to make sure that the City field is not empty
if(trim($_POST['city']) == '') {
$hasError = true;
} else {
$city = trim($_POST['city']);
}
    
    //Check to make sure that the State field is not empty
if(trim($_POST['state']) == '') {
$hasError = true;
} else {
$state = trim($_POST['state']);
}
    
    //Check to make sure that the Zip field is not empty
if(trim($_POST['zip']) == '') {
$hasError = true;
} else {
$zip = trim($_POST['zip']);
}
    
    //If Email is filled out, give it a value 
    
    $email  = $_POST['email'];
    
    //If Telephone is filled out, give it a value 
    
    $telephone  = $_POST['telephone'];
    
    //Default Subject Value 
    
    $subject  = "VMC Inquiry";
    
    //Check checkboxes 
    foreach($_POST['check']  as  $value)  {

$check_msg = "Checked: $value\n";

} 

    //If Message is filled out, give it a value 
    
    $comment  = $_POST['comment'];


//If there is no error, send the email
if(!isset($hasError)) {
$emailTo = 'xxxx.xxxx@gmail.com'; //Put your own email address here
$body = "Name: $firstname $lastname \n\nStreet Address: $street01 \n\nStreet Address*: $street02 \n\nCity: $city \n\nState: $state \n\nZip: $zip \n\nEmail*: $email \n\nTelephone*: $telephone \n\nCheck Box: $check_msg \n\nMessage:\n $comment";
$headers = 'From: XXXXX <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email;

mail($emailTo, $subject, $body, $headers);
$emailSent = true;
}
}
?>

So basically I am using classes to say whether or not something is required, which ties into the jQuery validation. If it isn't required, whatever the visitor types into the box is put into something like "$telephone" which is then printed in the e-mail.

The markup for the forms in the body is the following:

Code: [Select]
<p class="contact-text-right">For more information, or to have a list of our properties mailed to you, please fill out the form below.</p>
    <div id="contact-wrapper">
            <?php if(isset($hasError)) { //If errors are found ?>
        <p class="error">Please check if you've filled all the fields with valid information. Thank you.</p>
            <?php } ?>
            <?php if(isset($emailSent) && $emailSent == true) { //If email is sent ?>
            <p class="accept"><strong><?php echo $firstname;?>,Your Email Successfully Sent!</strong></p> <?php } ?>
    <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform">
        <div id="names">
            <label for="firstname"><strong>First Name:</strong></label>
            <input type="text" name="firstname" id="firstname" value="" class="required" />
            <label for="lastname"><strong>Last Name:</strong></label>
            <input type="text" name="lastname" id="lastname" value="" class="required" />
        </div>
        <div id="address01">
            <label for="street01"><strong>Street Address:</strong></label>
            <input type="text" name="street01" id="street01" value="" class="required" />
        </div>
        <div id="address02">
            <label for="street02"><strong>Street Address*:</strong></label>
            <input type="text" name="street02" id="street02" value="" />
        </div>
        <div id="city">
            <label for="city"><strong>City:</strong></label>
            <input type="text" name="city" id="city" value="" class="required city" />
            <label for="state"><strong>State:</strong></label>
            <input type="text" name="state" id="state" value="" class="required state" />
            <label for="zip"><strong>Zip Code:</strong></label>
            <input type="text" name="zip" id="zip" value="" class="required zip" />
        </div>
        <div id="email">
            <label for="email"><strong>E-mail*:</strong></label>
            <input type="text" name="email" id="email" value="" class="email"/>
            <label for="telephone"><strong>Telephone*:</strong></label>
            <input type="text" name="telephone" id="telephone" value="" class="telephone" />
            <p class="bottom">*Optional fields.</p>
        </div>
        <div class="checkbox">
            <p><input  type="checkbox"  name="check[]"  value="properties">XXX</p> 
            <p><input  type="checkbox"  name="check[]"  value="contact-regarding">XXXX</p>
            <p class="indent">(Please list properties or ask specific questions in the space below.)</p>       
        </div>
        <div id="comment">
            <label for="comment"></label>
            <textarea name="comment" id="comment" ></textarea>
        </div>
        <div id="button">
        <input type="submit" value="Send Message" name="submit" />
        </div>
    </form>

All seems well until I hit submit on the live site. I think get this error returned to me:

Warning: Invalid argument supplied for foreach() in ......./html/development/contact.php on line 64

The e-mail goes through, with all the information, no problems! I just can't get this error message to go away.
Line 64 of contact.php is where the checkbox coding is:


    //Check checkboxes 
    foreach($_POST['check']  as  $value)  {

$check_msg = "Checked: $value\n";

} 


I know I've submitted a lot of code here, and tried to narrow you down to the exact spot I think the problem is, but hopefully some of you PHP gurus can pick out the flaw in a heartbeat.

I really appreciate all the help.

B

I hope I can explain what is happening.  I have created two forms in PHP.  The first 'almost' works, i.e. it shows the data.  But I have two problems - 1) the second pulldown menu is always empty and 2) $value from the first pulldown menu ALWAYS equals the last entry thus the last 'if' in the function subdomains ($domains) is always called (but still empty).  The code may explain this better than me:

<!DOCTYPE html>
<html>
<body>
   <!-- processDomains.php is this file - it calls itself (for testing purposes so I can see what is happening) -->
   <form action="processDomains.php" method="post">
   <?php
       // create the domains array (there are actually several entries in the array but I cut it down for testing)
       $domains = array (1 => 'Decommission', 'Migration');
    
       echo "Select Domain:";
       echo "<br>";
    
       // Make the domain pull-down menu - this displays correctly
       echo '<select name="domain">';
       foreach ($domains as $key => $value) {
          echo "<option value=\"$key\">$value</option>\n";
       }
       echo '</select>';

       // input doesn't matter what is 'submitted', always goes to last $value
       echo '<input type="submit" name="submit" value="Submit">';

       // call function subdomains
       subdomains ($value);
    
       function subdomains ($domains) {
           // define values for each array - each array contains available choices for the subdomain pulldown menu
           $migration = array (1 => 'Application Migration', 'Application Patch', 'Application Upgrade');
           $decommission = array (1 => 'Applications', 'Servers', 'Storage');
    
           if ($domains === 'Migration') {
              echo "Select subdomain:";
              echo "<br>";
              // Make the Migration pull-down menu
              echo '<select name="migration">';
              foreach ($migration as $key => $value) {
                  echo "<option value=\"$key\">$value</option>\n";
              }
              echo '</select>';
           } else if ($domains === 'Decommission') {

              /* ===
               * since 'Decommission' is the last entry in the 'Domains' pulldown list, $value ALWAYS equals
               * 'Decommission' and $domains equals $value. So this menu SHOULD work but is always
               * empty.  Thus, two problems - the pulldown menu is always empty and $value isn't based
               * upon user input.
              */
              echo "Select subdomain:";  // this prints so I know I'm in 'Decommission (I eliminated the echo "$domain" to show I'm always coming here)'
              echo "<br>";
              // Make the 'Decommission' pull-down menu
              echo '<select name="decommission">';
              foreach ($decommission as $key => $value) {
                  echo "<option value=\"$key\">$value</option>\n";
              }
              echo '</select>';
              echo '<input type="submit" name="submit" value="Submit">'
           ) // end of 'if-else'
    } // end of function 'subdomain'
     
?>
</form>
</body>
</html>

Let me say thank you in advance and I appreciate the help!  I know I'm doing something (or more than one thing) wrong and I hope someone can tell me what it is.    Best Regards!
Edited by mac_gyver, 19 January 2015 - 09:37 PM.
code tags around posted code please

I am writing a script that will parse my PHP classes and check for things like coupling, visualize my objects and connections, dependencies, check for convention usage, etc.   So, I have a simple file upload.  I'm never saving the files, just get contents and dump the file and work with the string version.   I'm writing it for me, but I figure I might want to open it for others to use in the future, so I may as well write it that way to begin with -- so I need to validate user input.  Problem is, the user input is supposed to be valid PHP code.  I'm thinking that, as long as I'm careful, I shouldn't be executing any code contained in strings, but I'm no security expert and I want a warm fuzzy that my thought on this is correct.  What kinds of things do I need to look out for?  Is it possible to inject when working with strings?   My initial thought is to regex the entire file and replace key portions with known replacements.  So ( and ) would become !* and !^ or $ would become @~ (combinations that -- I think -- don't make sense to php?)  But that may be completely unnecessary processing time if I'm not in any danger, here.  Thanks ahead of time for any help.   PS - as a side question -- what's the best way to verify a file is a php file?  I know of getimagesize for images, but should I just check for <? to verify it's php?  That seems like it would be too easy to fool -- then again, it might not matter much.   -Adam

I have a calendar select date function for my form that returns the date in the calendar format for USA: 02/16/2012.  I need to have this appear as is for the form and in the db for the 'record_date' column, but I need to format this date in mysql DATE format (2012-02-16) and submit it at the same time with another column name 'new_date' in the database in a hidden input field.  Is there a way to do this possibly with a temporary table or something?

Any ideas would be welcome.

Doug

Hi people, I really hope you guys can help me out today. I'm just a newbe at php and i'm having real trouble.

Bassically all I want to do is have a user type in a company name in a html form.

If what the user types in the form matches the company name in my php script i want the user to be sent to another page on my site.

If what the user types in the form doesnt match the company name in my php script i want the user to be sent to a differnt page like an error page for example.

this is my html form:

Code: [Select]
<form id="form1" name="form1" method="post" action="form_test.php">
  <p>company name:
    <input type="text" name="company_name" id="company_name" />
  </p>
  <p>
    <input type="submit" name="button" id="button" value="Submit" />
  </p>
</form>
And this is the php code I'm trying to process the information on:

Code: [Select]
<?php

$comp_name = abc;

if(isset ($_POST["company_name"])){
 if($_POST["company_name"] == $comp_name){

     header("Location: http://www.hotmail.com");
exit();
 }

else{
   header("Location: http://www.yahoo.com");
exit();   
 }
}
?>
The thing is i'm getting this error when i test it:
Warning: Cannot modify header information - headers already sent by (output started at D:\Sites\killerphp.com\form_test.php:10) in D:\Sites\killerphp.com\form_test.php on line 17

Please can some one help me out, i'm sure this is just basic stuff but i just cant get it to work 

Cheers.

Hello their,

I'm wanting to use PHP to check to see if a username and password match a remote RDP server. The reason I ask is because I want to verify that the information the user is giving is correct.

I'm looking though LDAP but I have no idea what I'm looking for.

To recap, I would like to login to a RDP server and return a result based on if it completed.

Thank-you for reading
Paul
P.S Sorry for the bad English, I seemed to forgot how to spell some words and have had to replace them with longer sentences

Suppose i have a table with around 10 entries in which one column contains the id and the second column contains a checkbox...

If a checkbox a selected and the button (below the table) is pressed then i want to delete the columns corresponding the checked checkboxes....

I am not getting how sgould i pass the get variable on the link of the button???

-Pranshu Agrawal
pranshu.a.11@gmail.com

ok so i can get this to work

so i want to check if there is a video on inside my db if there is no video and nothing happens but if there is i want it to echo video

Code: [Select]

<?php

if($video == ""){

}else{

echo "VIDEO";

}

?>

I am unable to execute mysql_num_rows properly in this program.
Code: [Select]
<?php
$link=mysql_connect("localhost","root","");
$db = mysql_select_db("myDB",$link);
$result = mysql_query("SELECT * FROM jobs WHERE jobType=abc"); 
$num = mysql_num_rows($result);
echo "Found $num records";
?>
error is mysql_num_rows() expects parameter 1 to be resource

Hello,

I have created a little voting script for my site. The insertion code into the MySQL databse when they vote is very simple:

$ipaddress = addslashes($_POST['ipaddress']);
$theid = addslashes($_POST['theid']);
$gamert = addslashes($_POST['gamert']);
$serveron = addslashes($_POST['serveron']);

$db = mysql_connect("localhost", "username", "password");

mysql_select_db("thedb",$db);

mysql_query ("INSERT INTO voting (theid,ipaddress,gamert,serveron2) 
                VALUES
('$theid','$ipaddress','$gamert','$serveron')
");

Obviously I only want them to be able to vote once. What is the best way to do a check of the IPs already in the database and check against theirs before submitting?

Thanks.

Hi,

I'd like to know what the most efficient code is for checking the first 2 digits of a string.

eg a strings first 2 digits must  equal '07'

thanks,

how do i echo "checked=checked" for a checkbox?  here is what i have:

Code: [Select]
<input type='checkbox' name='ip_automatic_login' id='ip_automatic_login' value='1' if($IPCheck == true) {/"checked=checked/" } />
this code will be echoed!