|
PHP - A Question About Csrf Token In Login Form Submission
Someone parses the html login form and gets the csrf token from hidden field. Now can he request with that csrf token to login through jquery ajax? Similar TutorialsI know, csrf token is like a random string. Does every form need a csrf token? Does every form need to have a different csrf token or all forms have a same csrf token for one logged in user? When an user logged in, I set $_SESSION['key']=$useremail; is it ok to set email for a logged in session? Do I have to set or add another $_SESSION with csrf token? How does csrf token add security for form submission? After form submission, what would PHP do with the hidden input field or with the csrf token? Hi all, I'm writing my own MVC framework purely to improve my oo php skills and I've created a CSRF token validation class to help prevent CSRF attacks. I just need some feedback on it really, is it insecure, is there a better way to validate tokens, etc. Code: [Select] <?php // Security measure. if (!defined('BASE_PATH')) { exit(); } class CSRF { private static $tokens = array(); private static $session_name = 'csrf_data'; /** * Loads CSRF token data from session into $tokens array. * * This is called before the controller is loaded. * * @return void */ public static function init() { $session_name = self::$session_name; // Move CSRF token data from session to class field. if (isset($_SESSION[$session_name])) { self::$tokens = unserialize($_SESSION[$session_name]); unset($_SESSION[$session_name]); } } /** * Saves the CSRF data to a session. * * @static * @return void */ private static function save() { $session_name = self::$session_name; unset($_SESSION[$session_name]); $_SESSION[$session_name] = serialize(self::$tokens); } /** * Creates a new token. * * @static * @param string $name * @return string */ private static function generateToken($name) { $token = md5(uniqid(rand(), true)); self::$tokens[$name] = $token; self::save(); return $token; } /** * Validate a token by its name. * * @static * @param string $name * @param string $token The CSRF token included with the form data. * @return bool */ public static function validateToken($name, $token) { if (!isset(self::$tokens[$name])) { return false; } return ($token == self::$tokens[$name]); } } // End of CSRF class. Hi everybody ! I have this current problem .. I need to login into a website via cUrl .. website : www.v-tac [dot] ro/ Now based on the headers and based on the input fields I wrote a php function, but I hit a wall with the token . HEADERS : username=username&password=password&Submit=Conectare&option=com_users&task=user.login&return=aW5kZXgucGhwP0l0ZW1pZD0yMTY%3D&0dbf64fe20e2395a7d72ed5b64b3cf7c=1FORM FIELDS - copy paste - this is the login form <fieldset class="userdata"> <p id="form-login-username"> <label for="modlgn-username">Nume Utilizator</label> <input id="modlgn-username" type="text" name="username" class="inputbox" size="18"> </p> <p id="form-login-password"> <label for="modlgn-passwd">Parola</label> <input id="modlgn-passwd" type="password" name="password" class="inputbox" size="18"> </p> <p id="form-login-remember"> <label for="modlgn-remember">Retine utilizator</label> <input id="modlgn-remember" type="checkbox" name="remember" class="inputbox" value="yes"> </p> <input type="submit" name="Submit" class="button" value="Conectare"> <input type="hidden" name="option" value="com_users"> <input type="hidden" name="task" value="user.login"> <input type="hidden" name="return" value="aW5kZXgucGhwP0l0ZW1pZD0yMTY="> <input type="hidden" name="11b09608b3184e6258012d44846c81ed" value="1"> </fieldset>And this is the function I wrote to do the cUrl login :
function login_to_website($targetURL){
global $browser_user_agent;
if(empty($targetURL)) { return; }
if(empty($login_url)) { $login_url = $targetURL; }
$url = $login_url;
$login_user = "loginusername";
$login_password = "loginpassword";
$thetoken = "this-is-my-problem-the-token-from-the-hidden-input";
$post_data = array();
$post_data['username'] = "$login_user";
$post_data['password'] = "$login_password";
$post_data['Submit'] = "Conectare";
$post_data['option'] = "com_users";
$post_data['task'] = "user.login";
$post_data['return'] = "aW5kZXgucGhwP0l0ZW1pZD0yMTY%3D";
$post_data[$thetoken] = "1";
$postthis = http_build_query($post_data);
$login = curl_init();
curl_setopt($login, CURLOPT_COOKIEJAR, dirname(__FILE__) . "/cookie.tmpz");
curl_setopt($login, CURLOPT_COOKIEFILE, dirname(__FILE__) . "/cookie.tmpz");
curl_setopt($login, CURLOPT_VERBOSE, true);
curl_setopt($login, CURLOPT_URL, $url);
curl_setopt($login, CURLOPT_USERAGENT, random_user_agent());
curl_setopt($login, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($login, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($login, CURLOPT_POST, TRUE);
$timeout = 5;
curl_setopt( $login, CURLOPT_CONNECTTIMEOUT, $timeout );
curl_setopt( $login, CURLOPT_TIMEOUT, $timeout );
curl_setopt( $login, CURLOPT_MAXREDIRS, 10 );
curl_setopt($login, CURLOPT_POSTFIELDS, $postthis); // POST vars
curl_setopt($login, CURLOPT_HEADER, 0); // debug headers sent - 1
$data = curl_exec ($login);
curl_setopt($login, CURLOPT_URL, $targetURL);
$datax = curl_exec ($login);
return $datax;
// close cURL resource, and free up system resources
curl_close($login);
}
The problem is this the last array input.
the token is generated each time the page is loaded, located on the page as an input hidden field .So the question is how do I get a fresh token that will work ? Also I have tried to get the token with a xpath extract like this :
$htmlx = file_get_contents('http://www.v-tac.ro');
$htmlx = mb_convert_encoding($htmlx, 'UTF-8', mb_detect_encoding($htmlx)); //make sure this is utf8
if(!strlen($htmlx)) {echo "No HTML here . stoping execution ."; return;}
$doc = new DomDocument;
@$doc->loadHTML($htmlx);
$xpath = new DOMXPath($doc);
echo $xpath->query('//fieldset[@class="userdata"]/input[5]')->item(0)->getAttribute("name");
$thetoken = $xpath->query('//fieldset[@class="userdata"]/input[5]')->item(0)->getAttribute("name");
Help !?
Hi All,
## First Document
if(!empty($_FILES["dc1"])){
$fileName1 = htmlspecialchars_decode((basename($_FILES["dc1"]["name"])));
$fileTypeA1 = pathinfo($fileName1, PATHINFO_EXTENSION);
$targetFilePath1 = $uploadDir . $uID . '-' . $randnum . '.' .$fileTypeA1;
if(move_uploaded_file($_FILES["dc1"]["tmp_name"], $targetFilePath1)){
$uploadedFile1 = $targetFilePath1;
}
}
## Second Document
if(!empty($_FILES["dc2"])){
$fileName2 = htmlspecialchars_decode((basename($_FILES["dc2"]["name"])));
$fileTypeA2 = pathinfo($fileName2, PATHINFO_EXTENSION);
$targetFilePath2 = $uploadDir . $uID . '-' . $randnum . '.' .$fileTypeA2;
if(move_uploaded_file($_FILES["dc2"]["tmp_name"], $targetFilePath2)){
$uploadedFile2 = $targetFilePath2;
}
}
Edited October 13, 2020 by SH1989 Clean code up Where should my Form go once it is submitted? I am reading through some old code, and I was using some pretty convoluted programming to get everything (e.g. error and success messages after form submittal) to work. Basically what I would do was... Code: [Select] HTML to Open Page PHP to Handle Form If Data Okay... Success Message (e.g. "Your account was created!") HTML to close out Page If Data Invalid... Failure Message (e.g. "A System Error occurred. Please contact the Administrator.") HTML to close out Page HTML Form HTML to Close Page I have heard that you should always put your PHP first in the script and then follow it up with your HTML Page and Form. But where should you go once the form is submitted? My second attempt at things - to fix the mess above - was to REDIRECT the user to a "Handling Page" which basically was a large case statement that would read a "processing code" and display the right message. But that seems kind of hokey too?! Can someone help me come up with a more professional and scalable solution?? Thanks, Debbie I'm trying to figure out where my problem is. Its not submitting my form. I'm getting the alert but when it submits it does the url?variables=whatever deal. Code: [Select] <?php require ('php/eventnames.php'); ?> <script type="text/javascript" src="forms/addnew/js/eventnames.js"></script> <!-- Form --> <form action="#" id="eventNameForm" > <fieldset> <legend>Add New Event Name</legend> <div class="field required"> <label for="eventName">Event Name</label> <input type="text" class="text" name="eventName" id="eventName" title="Event Name"/> <span class="required-icon tooltip" title="Required field - This field is required, it cannot be blank, and must contain something that is different from emptyness in order to be filled in. ">Required</span> </div> <div class="field required"> <label for="shortName">Event Short Name</label> <input type="text" class="text" name="shortName" id="shortName" title="Event Short Name"/> <span class="required-icon tooltip" title="Required field - This field is required, it cannot be blank, and must contain something that is different from emptyness in order to be filled in. ">Required</span> </div> <div class="field required"> <label for="eventType">Event Type</label> <select class="dropdown" name="eventType" id="eventType" title="Event Type"> <option value="">- Select -</option> <?php $eventTypes = array('Singular', 'Recurring', 'Pay Per View'); foreach($eventTypes as $et): ?> <option value="<?php echo $et; ?>"><?php echo $et; ?></option> <?php endforeach; ?> </select> <span class="required-icon tooltip" title="Required field - This field is required, it cannot be blank, and must contain something that is different from emptyness in order to be filled in. ">Required</span> </div> <input type="hidden" name="userID" id="userID" value="<?php echo $userID; ?>" /> <input type="submit" class="submit" name="submitEventName" id="submitEventName" title="Submit Event Name" value="Submit Event Name"/> </fieldset> </form> <!-- /Form --> <!-- Messages --> <div class="message message-error"> <h6>Required field missing</h6> <p>Please fill in all required fields. </p> </div> <div class="message message-success"> <h6>Operation succesful</h6> <p>Content Page was added to the database.</p> </div> Code: [Select] $(document).ready(function() { $('div.message-error').hide(); $('div.message-success').hide(); alert("Test Alert!"); ("#eventNameForm").validate({ rules: { eventName: { required: true }, shortName: { required: true }, eventType: { required: true, rangelength: [1] } }, messages: { eventName: "Please enter the event name!", shortName: "Please enter the event's short name!", eventType: "Please enter the event type!" }, submitHandler: function(form) { var userID = $("input#userID").val(); var eventName = $("input#eventName").val(); var shortName = $("input#shortName").val(); var eventType = $("select#eventType").val(); var dataString = 'userID=' + userID + '&eventName=' + eventName + '&shortName=' + shortName + '&eventType=' + eventType + '&submitEventName=True'; $.ajax({ type: "POST", url: "processes/eventnames.php", data: dataString, success: function(myNewVar) { if (myNewVar == 'good') { $('div.message-error').hide(); $("div.message-success").html("<h6>Operation successful</h6><p>" + eventName + " Page saved successfully.</p>"); $("div.message-success").show().delay(10000).hide("slow"); $(':input','#eventNameForm') .not(':submit, :hidden') .val(''); } else if (myNewVar == 'bad1') { $('div.message-success').hide(); $("div.message-error").html("<h6>Operation unsuccessful</h6><p>" + eventName + " already exists in the database.</p>"); $("div.message-error").show(); } else if (myNewVar == 'bad2') { $('div.message-success').hide(); $("div.message-error").html("<h6>Operation unsuccessful</h6><p>" + shortName + " already exists in the database.</p>"); $("div.message-error").show(); } else if (myNewVar == 'bad3') { $('div.message-success').hide(); $("div.message-error").html("<h6>Operation unsuccessful</h6><p>" + eventName + " and " + shortName + " already exists in the database.</p>"); $("div.message-error").show(); } } }); return false; } }); }); hi i have the following contact us form which works fine. i need lil more tweaking. Right now when i submit the form it displays the information "blah blah", "the form has been submitted successfully" and also the form. What i want to do is if the form has been submitted successfully i need not display the form again. I need to display the data before the form field: "Blah Blah"(information before the form code) "the form has been submitted successfully" I do not need to display the form if it has been a successful submission. here is my code: Code: [Select] <?php include($headerpath); //change this to use mysql count function $totalentriesrow = mysql_query("SELECT DISTINCT userid FROM user", $con); $totalentriesrow = mysql_num_rows($totalentriesrow); ?> <title><?PHP echo $site_name; ?> Advertising</title> <BR><BR> <table cellpadding="5" cellspacing="1" bgcolor="white" border="0" width="900" align="center" style='border-top: 1px; border-right: 1px; border-left: 1px; border-bottom: 1px; border-color: black; border-style: solid;'> <tr> <td bgcolor='<?PHP echo $head; ?>' align='left'><b><font color='<?PHP echo $head_font_color; ?>' size='2' face='verdana'><?PHP echo $site_name; ?> Advertising</font></b> Blah Blah Blah Blah </td> </tr> <? //echo '<center><h4><font color="blue"><br>CONTACT US<br></font></h4></center>'; // Create an empty array to hold the error messages. $arrErrors = array(); //Only validate if the Submit button was clicked. if (!empty($_POST['submit'])) { // Each time theres an error, add an error message to the error array // using the field name as the key. if (empty($_POST['first_name'])) $arrErrors['first_name'] = '<br><font color="red">Please provide your first name.</font>'; if (empty($_POST['last_name'])) $arrErrors['last_name'] = '<br><font color="red">Please provide your last name.</font>'; if (empty($_POST['business_name'])) $arrErrors['business_name'] = '<br><font color="red">Please provide your business name.</font>'; if (empty($_POST['website_url'])) $arrErrors['website_url'] = '<br><font color="red">Please provide a website url.</font>'; if (empty($_POST['street_address'])) $arrErrors['street_address'] = '<br><font color="red">Please provide your street address.</font>'; if (empty($_POST['city'])) $arrErrors['city'] = '<br><font color="red">Please provide your city name.</font>'; if (empty($_POST['state'])) $arrErrors['state'] = '<br><font color="red">Please provide your state.</font>'; if (empty($_POST['zip'])) $arrErrors['zip'] = '<br><font color="red">Please provide your zip.</font>'; if (empty($_POST['country'])) $arrErrors['country'] = '<br><font color="red">Please provide your country.</font>'; if (empty($_POST['email_address'])) $arrErrors['email_address'] = '<br><font color="red">A valid email address is required.</font>'; if (empty($_POST['phone']) || (!is_numeric($_POST['phone']))) $arrErrors['phone'] = '<br><font color="red">Phone number cannot be empty and has to be numeric.</font>'; if (empty($_POST['description'])) $arrErrors['description'] = '<br><font color="red">Description cannot be empty.</font>'; // If the error array is empty, there were no errors. // Insert form processing here. if (count($arrErrors) == 0) { $first_name=cleaninput($_POST['first_name']); $last_name=cleaninput($_POST['last_name']); $business_name=cleaninput($_POST['business_name']); $website_url=cleaninput($_POST['website_url']); $street_address=cleaninput($_POST['street_address']); $city=cleaninput($_POST['city']); $state=cleaninput($_POST['state']); $zip=cleaninput($_POST['zip']); $country=cleaninput($_POST['country']); $email_address=cleaninput($_POST['email_address']); $phone=cleaninput($_POST['phone']); $description=cleaninput($_POST['description']); $to = $advertising_contacts; $subject = "Advertisement Contact"; $message="You have a new advertising contact<br>"; $message.="<b>First name:</b> ".stripslashes($first_name)."<br><b>Last Name:</b> ".stripslashes($last_name); $message.="<br><b>Business Name:</b> ".stripslashes($business_name)."<br><b>Business Description: </b>".stripslashes($description)."<br><b>Business URL:</b> ".stripslashes($website_url); $message.="<br><b>Street Address:</b> ".stripslashes($street_address)."<br><b>City:</b> ".stripslashes($city); $message.="<br><b>State:</b> ".stripslashes($state)."<br><b>Zip:</b> ".stripslashes($zip)."<br><b>Country:</b> ".stripslashes($country); $message.="<br><b>Email:</b> ".stripslashes($email_address)."<br><b>Phone:</b> ".stripslashes($phone); $from = "webmaster@example.com"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From: Admin <Admin@groupbuilder.com>' . "\r\n"; // Send email mail($to,$subject,$message,$headers); //escapeinput for inserting into database $first_name=escapeinput($first_name); $last_name=escapeinput($last_name); $website_url=escapeinput($website_url); $street_address=escapeinput($street_address); $city=escapeinput($city); $state=escapeinput($state); $zip=escapeinput($zip); $country=escapeinput($country); $email=escapeinput($email); $phone=escapeinput($phone); $description=escapeinput($description); $dateline=time(); //Insert the details into database $insert_contacts=mysql_query("INSERT INTO adcontacts(first_name,last_name,email_address,phone,business_name,description,website_url,street_address,city,state,zip,country,dateline) VALUES('$first_name','$last_name','$email_address','$phone','$business_name','$description','$website_url','$street_address','$city','$state','$zip','$country','$dateline')") or die(mysql_error()); echo "<center>Form Submitted Successfully</center><br>"; } else { // The error array had something in it. There was an error. // Start adding error text to an error string. echo "<center>There was an error in the form<br></center>"; $strError=""; foreach ($arrErrors as $error) { $strError .= $error; } } } ?> <tr> <td> <? echo "<table align= 'center' width='50%' style='border-top: 1px; border-right: 1px; border-left: 1px; border-bottom: 1px; border-color: black; border-style: solid;'>"; ?> <tr> <td> <form action="<?php echo $PHP_SELF;?>" method="post"> <tr height='40'> <td> <font color="black"><B> First Name: </B></font> </td> <td><input type="text" size ="40" name="first_name" value="<? if(!empty($strError)) {echo cleaninput($_POST['first_name']);}?>" /> <?php if (!empty($arrErrors['first_name'])) echo $arrErrors['first_name']; ?> </td> </tr> <tr height='40'> <td><font color="black"><B> Last Name: </B></font></td> <td><input type="text" size ="40" name="last_name" value="<? if(!empty($strError)) { echo cleaninput($_POST['last_name']);}?>"/> <?php if (!empty($arrErrors['last_name'])) echo $arrErrors['last_name']; ?> </td> </tr> <tr height='40'> <td><font color="black"><B> Email Address: </B></font></td> <td><input type="text" size ="40" name="email_address" value="<? if(!empty($strError)) { echo cleaninput($_POST['email_address']);}?>"/> <?php if (!empty($arrErrors['email_address'])) echo $arrErrors['email_address']; ?> </td> </tr> <tr height='35'> <td><font color="black"><B> Business Name: </B></font></td> <td><input type="text" size ="40" name="business_name" value="<? if(!empty($strError)) { echo cleaninput($_POST['business_name']);}?>" /> <?php if (!empty($arrErrors['business_name'])) echo $arrErrors['business_name']; ?> </td> </tr> <tr> <td><font color="black"><B> Business Description: </B></font></td> <td ><textarea rows=7 cols=31 name="description"><? if(!empty($strError)) { echo cleaninput($_POST['description']);}?></textarea> <?php if (!empty($arrErrors['description'])) echo $arrErrors['description']; ?> </td> </tr> <tr height='40'> <td><font color="black"><B> Business URL: </B></font></td> <td><input type="text" size ="40" name="website_url" value="<? if(!empty($strError)) { echo cleaninput($_POST['website_url']);}?>" /> <?php if (!empty($arrErrors['website_url'])) echo $arrErrors['website_url']; ?> </td> </tr> <tr height='40'> <td><font color="black"><B> Business Phone: </B></font></td> <td><input type="text" size ="40" name="phone" value="<? if(!empty($strError)) { echo cleaninput($_POST['phone']);}?>"/> <?php if (!empty($arrErrors['phone'])) echo $arrErrors['phone']; ?> </td> </tr> <tr height='40'> <td><font color="black"><B> Street Address: </B></font></td> <td><input type="text" size ="40" name="street_address" value="<? if(!empty($strError)) { echo cleaninput($_POST['street_address']);}?>" /> <?php if (!empty($arrErrors['street_address'])) echo $arrErrors['street_address']; ?> </td> </tr> <tr height='40'> <td><font color="black"><B> City: </B></font></td> <td><input type="text" size ="40" name="city" value="<? if(!empty($strError)) { echo cleaninput($_POST['city']);}?>" /> <?php if (!empty($arrErrors['city'])) echo $arrErrors['city']; ?> </td> </tr> <tr height='40'> <td><font color="black"><B> State: </B></font></td> <td><input type="text" size ="40" name="state" value="<? if(!empty($strError)) { echo cleaninput($_POST['state']);}?>"/> <?php if (!empty($arrErrors['state'])) echo $arrErrors['state']; ?> </td> </tr> <tr height='40'> <td><font color="black"><B> Zip: </B></font></td> <td><input type="text" size ="40" name="zip" value="<? if(!empty($strError)) { echo cleaninput($_POST['zip']);}?>"/> <?php if (!empty($arrErrors['zip'])) echo $arrErrors['zip']; ?> </td> </tr> <tr height='40'> <td><font color="black"><B> Country: </B></font></td> <td> <select name="country"> <option value="<? if(!empty($strError)) { echo $_POST['country'];}?>"><?echo cleaninput($_POST['country']);?></option> <?php foreach($array as $key=>$value){ ?> <option value="<?php echo $value; ?>"><?php echo $value; ?></option> <?php }?> </select> <?php if (!empty($arrErrors['country'])) echo $arrErrors['country']; ?> </td> </tr> <tr height='35'> <td></td> <td><input type="submit" name="submit" value="submit" /></td> </tr> </form> </tr> </td> </table> </td> </tr> </table> Hi Guys, I have a form on a website http://www.wewillbuyyourcar.ie/sellyourcar.html. This form has several fields and all fields need to be submitted to a designated email address on submission. To be honest im not sure where im at with it i cant get it to submit so i need some help to validate it and submit and then maybe display a html page to the user like thankyou.html. Heres the code needed. This is the form Code: [Select] <div id="contact_form"> <form id="contact" action="process.php"> <fieldset> <TR><TD><TABLE BORDER="0" CELLPADDING="3" CELLSPACING="0" WIDTH="50%"> <FORM ACTION="" METHOD="post" name="sellcarform" onsubmit="" > <TR><TD CLASS="tableBlueBody" ALIGN="right">* <B>First Name</B></TD><TD CLASS="tableBlueBody" STYLE="border-right : 1px solid #CCCCCC;" ALIGN="left"><INPUT TYPE="Text" NAME="firstname" MAXLENGTH="150"></TD><TD CLASS="tableBlueBody" ALIGN="right">* <B>Last Name</B></TD><TD CLASS="tableBlueBody" ALIGN="center"><INPUT TYPE="Text" NAME="lastname" MAXLENGTH="150"></TD></TR> <TR><TD CLASS="tableBlueBody" ALIGN="right"><B>Address</B></TD><TD CLASS="tableBlueBody" STYLE="border-right : 1px solid #CCCCCC;" ALIGN="left"><INPUT TYPE="Text" NAME="AddressLine1" MAXLENGTH="150"></TD><TD CLASS="tableBlueBody" ALIGN="right">* <B>Email</B></TD><TD CLASS="tableBlueBody" ALIGN="center"><INPUT TYPE="Text" NAME="email" MAXLENGTH="150"></TD></TR> <TR><TD CLASS="tableBlueBody" ALIGN="right"><B>City</B></TD><TD CLASS="tableBlueBody" STYLE="border-right : 1px solid #CCCCCC;" ALIGN="left"><INPUT TYPE="Text" NAME="City" MAXLENGTH="150"></TD><TD CLASS="tableBlueBody" ALIGN="right">* <B>Phone</B></TD><TD CLASS="tableBlueBody" ALIGN="center"><INPUT TYPE="Text" NAME="phone" MAXLENGTH="150"></TD></TR> <TR><TD CLASS="tableBlueBody" ALIGN="right"><B>Country</B></TD><TD CLASS="tableBlueBody" STYLE="border-right : 1px solid #CCCCCC;" ALIGN="left"> <select name="CountryID"> <option value="1" >Albania</option> <option value="2" >Algeria</option> <option value="3" >American Samoa</option> <option value="4" >Andorra</option> <option value="5" >Anguilla</option> <option value="6" >Antartica</option> <option value="7" >Antigua & Barbuda</option> <option value="8" >Argentina</option> <option value="9" >Armenia</option> <option value="10" >Aruba</option> <option value="11" >Australia</option> <option value="12" >Austria</option> <option value="13" >Azerbaijan</option> <option value="14" >Bahamas</option> <option value="15" >Bahrain</option> <option value="16" >Bangladesh</option> <option value="17" >Barbados</option> <option value="18" >Belarus</option> <option value="19" >Belgium</option> <option value="20" >Belize</option> <option value="21" >Benin</option> <option value="22" >Bermuda</option> <option value="23" >Bhutan</option> <option value="24" >Bolivia</option> <option value="25" >Botswana</option> <option value="26" >Bouvet Island</option> <option value="27" >Brazil</option> <option value="28" >British Indian Ocean Terr.</option> <option value="29" >Brunei Darussalam</option> <option value="30" >Bulgaria</option> <option value="31" >Burkina Faso</option> <option value="32" >Burundi</option> <option value="33" >Cambodia</option> <option value="34" >Cameroon</option> <option value="35" >Canada</option> <option value="36" >Cape Verde</option> <option value="37" >Cayman Islands</option> <option value="38" >Central African Republic</option> <option value="39" >Chad</option> <option value="40" >Chile</option> <option value="41" >China</option> <option value="42" >Christmas Island</option> <option value="43" >Cocos (Keeling) Isl</option> <option value="44" >Colombia</option> <option value="45" >Comoros</option> <option value="46" >Congo</option> <option value="47" >Cook Isl</option> <option value="48" >Costa Rica</option> <option value="49" >Cote D'Ivoire</option> <option value="50" >Croatia</option> <option value="51" >Cyprus</option> <option value="52" >Czech Republic</option> <option value="53" >Denmark</option> <option value="54" >Djibouti</option> <option value="55" >Dominica</option> <option value="56" >Dominican Republic</option> <option value="57" >East Timor</option> <option value="58" >Ecuador</option> <option value="59" >Egypt</option> <option value="60" >El Salvador</option> <option value="61" >Equatorial Guinea</option> <option value="62" >Estonia</option> <option value="63" >Ethiopia</option> <option value="64" >Faeroe Islands</option> <option value="65" >Falkland Isl. (Malvinas)</option> <option value="66" >Fiji</option> <option value="67" >Finland</option> <option value="68" >France</option> <option value="69" >French Guiana</option> <option value="70" >French Polynesia</option> <option value="71" >French Southern Terr.</option> <option value="72" >Gabon</option> <option value="73" >Gambia</option> <option value="74" >Georgia</option> <option value="75" >Germany</option> <option value="76" >Ghana</option> <option value="77" >Gibraltar</option> <option value="78" >Greece</option> <option value="79" >Greenland</option> <option value="80" >Grenada</option> <option value="81" >Guadeloupe</option> <option value="82" >Guam</option> <option value="83" >Guatemala</option> <option value="84" >Guernsey C.I.</option> <option value="85" >Guinea</option> <option value="86" >Guinea-Bissau</option> <option value="87" >Guyana</option> <option value="88" >Haiti</option> <option value="89" >Heard and McDonald Isl</option> <option value="90" >Honduras</option> <option value="91" >Hong Kong</option> <option value="92" >Hungary</option> <option value="93" >Iceland</option> <option value="94" >India</option> <option value="95" >Indonesia</option> <option value="96" selected >Ireland</option> <option value="97" >Isle of Man</option> <option value="98" >Israel</option> <option value="99" >Italy</option> <option value="100" >Jamaica</option> <option value="101" >Japan</option> <option value="102" >Jersey C.I.</option> <option value="103" >Jordan</option> <option value="104" >Kazakhstan</option> <option value="105" >Kenya</option> <option value="106" >Kiribati</option> <option value="107" >Korea Republic of</option> <option value="108" >Kuwait</option> <option value="109" >Kyrgyzstan</option> <option value="110" >Laos</option> <option value="111" >Latvia</option> <option value="112" >Lebanon</option> <option value="113" >Lesotho</option> <option value="114" >Liberia</option> <option value="115" >Liechtenstein</option> <option value="116" >Lithuania</option> <option value="117" >Luxemborg</option> <option value="118" >Macau</option> <option value="119" >Madagascar</option> <option value="120" >Malawi</option> <option value="121" >Malaysia</option> <option value="122" >Maldives</option> <option value="123" >Mali</option> <option value="124" >Malta</option> <option value="125" >Marshall Isl</option> <option value="126" >Martinique</option> <option value="127" >Mauritania</option> <option value="128" >Mauritius</option> <option value="129" >Mexico</option> <option value="130" >Micronesia</option> <option value="131" >Moldova Republic of</option> <option value="132" >Monaco</option> <option value="133" >Mongolia</option> <option value="134" >Montserrat</option> <option value="135" >Morocco</option> <option value="136" >Mozambique</option> <option value="137" >Myanmar</option> <option value="138" >Namibia</option> <option value="139" >Nauru</option> <option value="140" >Nepal</option> <option value="141" >Netherland Antilles</option> <option value="142" >Netherlands</option> <option value="143" >New Caledonia</option> <option value="144" >New Zealand</option> <option value="145" >Nicaragua</option> <option value="146" >Niger</option> <option value="147" >Nigeria</option> <option value="148" >Niue</option> <option value="149" >Norfolk Isl</option> <option value="150" >Northern Mariana Isl</option> <option value="151" >Norway</option> <option value="152" >Oman</option> <option value="153" >Pakistan</option> <option value="154" >Palau</option> <option value="155" >Panama</option> <option value="156" >Panama Canal Zone</option> <option value="157" >Papua New Guinea</option> <option value="158" >Paraguay</option> <option value="159" >Peru</option> <option value="160" >Philippines</option> <option value="161" >Pitcairn</option> <option value="162" >Poland</option> <option value="163" >Portugal</option> <option value="164" >Puerto Rico</option> <option value="165" >Qatar</option> <option value="166" >Rest of World</option> <option value="167" >Reunion</option> <option value="168" >Romania</option> <option value="169" >Russian Federation</option> <option value="170" >Rwanda</option> <option value="171" >Saint Kitts & Nevis</option> <option value="172" >Saint Lucia</option> <option value="173" >Samoa</option> <option value="174" >San Marino</option> <option value="175" >Sao Tome & Principe</option> <option value="176" >Saudi Arabia</option> <option value="177" >Senegal</option> <option value="178" >Seychelles</option> <option value="179" >Sierra Leone</option> <option value="180" >Singapore</option> <option value="181" >Slovakia</option> <option value="182" >Slovenia</option> <option value="183" >Solomon Islands</option> <option value="184" >Somalia</option> <option value="185" >South Africa</option> <option value="186" >Spain</option> <option value="187" >Sri Lanka</option> <option value="188" >St. Helena</option> <option value="189" >St. Pierre and Miquelon</option> <option value="190" >St. Vincent & Grenadines</option> <option value="191" >Suriname</option> <option value="192" >Svalbard & Jan Mayen Isl</option> <option value="193" >Swaziland</option> <option value="194" >Sweden</option> <option value="195" >Switzerland</option> <option value="196" >Taiwan</option> <option value="197" >Tajikistan</option> <option value="198" >Tanzania United Republic</option> <option value="199" >Thailand</option> <option value="200" >Togo</option> <option value="201" >Tokelau</option> <option value="202" >Tonga</option> <option value="203" >Trinidad & Tobago</option> <option value="204" >Tunisia</option> <option value="205" >Turkey</option> <option value="206" >Turkmenistan</option> <option value="207" >Turks and Caicos Isl</option> <option value="208" >Tuvalu</option> <option value="209" >U.A.E.</option> <option value="210" >U.S.Minor Outlying Isl</option> <option value="211" >Uganda</option> <option value="212" >Ukraine</option> <option value="213" >United Kingdom</option> <option value="214" >United States</option> <option value="215" >Uruguay</option> <option value="216" >Uzbekistan</option> <option value="217" >Vanuatu</option> <option value="218" >Vatican City State</option> <option value="219" >Venezuela</option> <option value="220" >Viet Nam</option> <option value="221" >Virgin Isl (British)</option> <option value="222" >Virgin Isl (U.S.)</option> <option value="223" >Wallis & Futuna Islands</option> <option value="224" >Western Sahara</option> <option value="225" >Yemen Republic of</option> <option value="226" >Zaire</option> <option value="227" >Zambia</option> <option value="228" >Zimbabwe</option> </select> </TD><TD CLASS="tableBlueBody" ALIGN="right"><B>Fax</B></TD><TD CLASS="tableBlueBody" ALIGN="center"><INPUT TYPE="Text" NAME="fax" MAXLENGTH="150"></TD></TR> <TR><TD COLSPAN="4" CLASS="tableBlueBody"> </TD></TR> <TR><TD CLASS="tableBlueBody" ALIGN="right" VALIGN="top"> <B>Comments</B> </TD><TD COLSPAN="3" CLASS="tableBlueBody" ALIGN="left"> <TEXTAREA NAME="comment" ROWS="7" COLS="45" ></TEXTAREA> </TD></TR> </TD><TD COLSPAN="5" CLASS="tableBlueBody" ALIGN="left"> <TR><TD CLASS="tableBlueBody" ALIGN="right">* <B>Registration Number</B></TD><TD CLASS="tableBlueBody" STYLE="border-right : 1px solid #CCCCCC;" ALIGN="left"><INPUT TYPE="Text" NAME="regnumber" MAXLENGTH="150"></TD><TD CLASS="tableBlueBody" ALIGN="right">* <B>Colour</B></TD><TD CLASS="tableBlueBody" ALIGN="center"><INPUT TYPE="Text" NAME="colour" MAXLENGTH="150"></TD></TR> <TR><TD CLASS="tableBlueBody" ALIGN="right">* <B>Car Make</B></TD><TD CLASS="tableBlueBody" STYLE="border-right : 1px solid #CCCCCC;" ALIGN="left"><INPUT TYPE="Text" NAME="carmake" MAXLENGTH="150"></TD><TD CLASS="tableBlueBody" ALIGN="right">* <B>Has the vehicle been used as a taxi?</B></TD><TD CLASS="tableBlueBody" ALIGN="center"><input type='radio' value="Yes" name='question1' /> Yes <input name='question1' type="radio" value="No" checked /> No</TD></TR> <TR><TD CLASS="tableBlueBody" ALIGN="right">* <B>Model</B></TD><TD CLASS="tableBlueBody" STYLE="border-right : 1px solid #CCCCCC;" ALIGN="left"><INPUT TYPE="Text" NAME="model" MAXLENGTH="150"></TD><TD CLASS="tableBlueBody" ALIGN="right">* <B>Is finance outstanding on the vehicle?</B></TD><TD CLASS="tableBlueBody" ALIGN="center"><input type='radio' value="Yes" name='question2' /> Yes <input name='question2' type="radio" value="No" checked /> No</TD></TR> <TR><TD CLASS="tableBlueBody" ALIGN="right">* <B>Milage / Kms</B></TD><TD CLASS="tableBlueBody" STYLE="border-right : 1px solid #CCCCCC;" ALIGN="left"><INPUT TYPE="Text" NAME="milage" MAXLENGTH="150"></TD><TD CLASS="tableBlueBody" ALIGN="right">* <B>How did you hear about us?</B></TD><TD CLASS="tableBlueBody" ALIGN="center"><select name="question3"><option value="Other">Other</option><option value="Web">Web</option><option value="Newspaper">Newspaper</option><option value="Radio">Radio</option><option value="Recommended">Recommended</option></select></TD></TR> <TR><TD COLSPAN="2" CLASS="tableBlueBody" STYLE="border-bottom : 1px solid #CCCCCC; border-right : 1px solid #CCCCCC;"> </TD><TD COLSPAN="2" CLASS="tableBlueBody" STYLE="border-bottom : 1px solid #CCCCCC;"> </TD></TR> <TR><TD COLSPAN="4" ALIGN="left"><input type="submit" value="Click here to send us your information" class='contactFormSubmit'></TD></TR> </FORM></TABLE> </TD></TR></TABLE><BR></TD> <TD><IMG SRC="images/spacer.gif" WIDTH="8" HEIGHT="1" BORDER="0" ALT=""></TD> <TD WIDTH="183" VALIGN="top"> </TD></TR></TABLE> </fieldset> </form><br /> </div><!-- end of #contact_form --> And then i have a file called process.php! <?php $emailTo = 'sakura-designs@hotmail.com'; $subject = 'We Will Buy Your Car.ie Form Submission'; $firstname=$_REQUEST['firstname']; $lastname=$_REQUEST['lastname']; $email=$_REQUEST['email']; $AddressLine1=$_REQUEST['AddressLine1']; $City=$_REQUEST['City']; $phone=$_REQUEST['phone']; $CountryID=$_REQUEST['CountryID']; $fax=$_REQUEST['fax']; $comment=$_REQUEST['comment']; $regnumber=$_REQUEST['regnumber']; $colour=$_REQUEST['colour']; $carmake=$_REQUEST['carmake']; $question1=$_REQUEST['question1']; $model=$_REQUEST['model']; $question2=$_REQUEST['question2']; $milage=$_REQUEST['milage']; $question3=$_REQUEST['question3']; $body = "First Name: $firstname \n\nLast Name: $lastname \n\nEmail: $email \n\nAddress: $AddressLine1 \n\nCity: $city \n\nPhone: $phone \n\nCountry: $CountryID \n\nFax: $fax \n\nComment: $comment \n\nReg Number: $regnumber \n\nColour: $colour \n\nCar Make: $carmake \n\nQuestion1: $question1 \n\nModel: $model \n\nQuestion2: $question2 \n\nMilage: $milage \n\nQuestion3: $question3"; $headers = 'From: '.$name.' <'.$email.'>' . "\r\n" . 'Reply-To: ' . $email; mail($emailTo, $subject, $body, $headers); ?> PLEASE HELP!! Thanks If I have a standard HTML form in my PHP script and the User submits the form - which resubmits to itself for processing - and then the User hits the "Back" button and then the "Forward" button, why does the Form and its data get re-submitted?! What mechanics are exactly happening? I had a "Submit Payment" page that was doing that and so people would get charged twice and that is obviously a big problem. Please help me understand what causes that issue and different ways to fix it. Thanks, Debbie can someone visually just read through my code and let me know if this looks like it'll work? I'm not getting any errors in my IDE so now I want to double check the structure <?php require_once '/usr/local/cpanel/3rdparty/lib/php/Mail.php'; $db_server = 'localhost'; $db_user = '-----'; $db_pass = '-----'; $dbc = mysql_connect ($db_server, $db_user, $db_pass); if (!$dbc) { die(mysql_error()); header ('Location: /contact'); exit; } if ($_POST['contactsent'] != 'yes') { header ('Location: /contact'); exit; } else { if (is_array($_POST)) { foreach ($_POST as $key => $value) { $_POST[$key] = mysql_real_escape_string(stripslashes($value)); } } $RequestType = $_POST["RequestType"]; $ConsumerBusiness = $_POST["ConsumerBusiness"]; $GlobalLocation = $_POST["GlobalLocation"]; $FirstName = strtolower(str_replace("'","''",$_POST["FirstName"])); $FirstName = strtoupper(substr($FirstName,0,1)).substr($FirstName,1); $LastName = strtolower(str_replace("'","''",$_POST["LastName"])); $LastName = strtoupper(substr($LastName,0,1)).substr($LastName,1); $Email = strtolower(str_replace("'","''",$_POST["Email"])); $Title = strtolower(str_replace("'","''",$_POST["Title"])); $Title = strtoupper(substr($Title,0,1)).substr($Title,1); $Company = strtolower(str_replace("'","''",$_POST["Company"])); $Company = strtoupper(substr($Company,0,1)).substr($Company,1); $Address = strtolower(str_replace("'","''",$_POST["Address"])); $Address = strtoupper(substr($Address,0,1)).substr($Address,1); $City = strtolower(str_replace("'","''",$_POST["City"])); $City = strtoupper(substr($City,0,1)).substr($City,1); $State = $_POST["State"]; $Zip = $_POST["Zip"]; $Phone = $_POST["Phone"]; $F = $_POST["F"]; $ProductDesc = $_POST["ProductDesc"]; $Comment = $_POST["Comment"]; if ($GlobalLocation == "Canada"): $SendTo="canadainfo@------.com"; elseif ($GlobalLocation == "Central America"): $SendTo="customer.service@------.com.pa"; elseif ($GlobalLocation == "Europe"): $SendTo="marketing@-----.uk"; elseif ($GlobalLocation == "Mexico"): $SendTo="ventas@------.com.mx"; else: $SendTo="info@------.com"; endif; function dbSet($fields, $source = array()) { $set=''; if (!source) $source = &$_POST; foreach ($fields as $field) { if (isset($source[$field])) { $set.="`$field`='".mysql_real_escape_string($source[$field])."', "; } } return substr($set, 0, -2); } // INSERT INTO DATABASE mysql_select_db("new_contact",$dbc) or die("Could not select new_contact"); $fields = explode(" ", "RequestType ConsumerBusiness GlobalLocation FirstName LastName Email Title Company Address City State Zip Phone F ProductDesc Comment"); $query = "INSERT INTO new_contact SET ".dbSet($fields, $_POST); mysql_query($query); // SETUP EMAIL $Bodycopy = "This information was submitted via the ------.com website and sent to you because of the location identified by the user. <br>If this has reached you in error, please forward this email to info@------.com"; $Bodycopy. "<br>----------------------------------------------------------------------------------------------<br><br>"; if ($RequestType != "") $Bodycopy. "What kind of information do you need? : " .$RequestType. "<br>"; if ($ConsumerBusiness != "") $Bodycopy. "What type of customer or vendor are you? : " .$ConsumerBusiness. "<br>"; if ($GlobalLocation != "") $Bodycopy. "Global Location : " .$GlobalLocation. "<br>"; if ($Company != "") $Bodycopy. "Company : " .$Company. "<br>"; if ($FirstName != "") $Bodycopy. "First Name : " .$FirstName. "<br>"; if ($LastName != "") $Bodycopy. "Last Name : " .$LastName. "<br>"; if ($Title != "") $Bodycopy. "Title : " .$Title. "<br>"; if ($Email != "") $Bodycopy. "Email : " .$Email. "<br>"; if ($Address != "") $Bodycopy. "Address : " .$Address. "<br>"; if ($City != "") $Bodycopy. "City : " .$City. "<br>"; if ($State != "") $Bodycopy. "State : " .$State. "<br>"; if ($Zip != "") $Bodycopy. "Zip/Postal Code : " .$Zip. "<br>"; if ($Phone != "") $Bodycopy. "Phone : " .$Phone. "<br>"; if ($F != "") $Bodycopy. "F : " .$F. "<br>"; if ($ProductDesc != "") $Bodycopy. "UPC or product description : " .$ProductDesc. "<br>"; $Bodycopy. "<br>----------------------------------------------------------------------------------------------<br><br>"; if ($Comment != "") $Bodycopy. "Comments : <br>" .$Comment. "<br>"; $Bodycopy. "<br><br>"; $Bodycopy. $IP = $_SERVER["remote_addr"]; // PROCESS EMAIL // mail server info... $from = $SendTo; $to = "Do Not Reply <donotreply@------>"; $subject = "Website Contact : " . $GlobalLocation; $body = $Bodycopy; $host = "mail.------"; $port = "25"; $username = "donotreply@-------"; $password = "-------"; $headers = array ('From' => $from, 'To' => $to, 'Subject' => $subject); $smtp = Mail::factory('smtp', array ('host' => $host, 'auth' => true, 'port' => $port, 'username' => $username, 'password' => $password)); $mail = $smtp->send($to, $headers, $body); if (PEAR::isError($mail)) { echo("<p>" . $mail->getMessage() . "</p>"); } else { echo("<p>Message successfully sent!</p>"); } // MAKE SURE DB CONN IS CLOSED mysql_close($dbc); // REDIRECT TO THANK YOU PAGE header ('Location: /index.php?option'); exit(); } ?> Hi guys, I got this form so a user can submit a care guide for different species of animal. However the script runs, but the query to SET the species information does not run and the success message is not displayed. Here is what I have got
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', '1');
require( 'database.php' );
include('includes/overall/header.php');
$username = $_SESSION['loggedinuser'];
if (isset($_POST['username'], $_POST['email'], $_POST['fishtype'], $_POST['speciesCommon'], $_POST['speciesScientific'], $_POST['speciesSynonym'], $_POST['origin'], $_POST['size'], $_POST['environment'], $_POST['waterChemistry'], $_POST['temperature'], $_POST['temperature1'], $_POST['feeding'], $_POST['sexing'], $_POST['compatability'], $_POST['temperament'], $_POST['breeding'], $_POST['comments'], $_POST['reward'], $_POST['username'], $_POST['email'] ) ) {
if( $_POST['fishtype'] == "" )
{
include('includes/overall/header.php');
echo "You must select a species type";
include('includes/overall/footer.php');
}
elseif( $_POST['speciesCommon'] == "" )
{
include('includes/overall/header.php');
echo "You must select a species type";
include('includes/overall/footer.php');
}
elseif( $_POST['speciesScientific'] == "" )
{
include('includes/overall/header.php');
echo "You must select a scientific name";
include('includes/overall/footer.php');
}
elseif( $_POST['speciesSynonym'] == "" )
{
include('includes/overall/header.php');
echo "You must select a species synonym";
include('includes/overall/footer.php');
}
elseif( $_POST['origin'] == "" )
{
include('includes/overall/header.php');
echo "You must select the origin of this species";
include('includes/overall/footer.php');
}
elseif( $_POST['size'] == "" )
{
include('includes/overall/header.php');
echo "You must select a average size";
include('includes/overall/footer.php');
}
elseif( $_POST['environment'] == "" )
{
include('includes/overall/header.php');
echo "You must select the type of environment suited to this species";
include('includes/overall/footer.php');
}
elseif( $_POST['waterChemistry'] == "" )
{
include('includes/overall/header.php');
echo "You must select the typeif water chemistry required for this species";
include('includes/overall/footer.php');
}
elseif( $_POST['temperature'] == "" )
{
include('includes/overall/header.php');
echo "You must select a minimum temperature for this species";
include('includes/overall/footer.php');
}
elseif( $_POST['temperature1'] == "" )
{
include('includes/overall/header.php');
echo "You must select a maximum temperature for this species";
include('includes/overall/footer.php');
}
elseif( $_POST['feeding'] == "" )
{
include('includes/overall/header.php');
echo "You must enter feeding information for this species";
include('includes/overall/footer.php');
}
elseif( $_POST['sexing'] == "" )
{
include('includes/overall/header.php');
echo "You must enter sexing information for this species";
include('includes/overall/footer.php');
}
elseif( $_POST['compatibility'] == "" )
{
include('includes/overall/header.php');
echo "You must enter compatibility information for this species";
include('includes/overall/footer.php');
}
elseif( $_POST['temperament'] == "" )
{
include('includes/overall/header.php');
echo "You must enter temperament information for this species";
include('includes/overall/footer.php');
}
elseif( $_POST['breeding'] == "" )
{
include('includes/overall/header.php');
echo "You must enter breeding information for this species";
include('includes/overall/footer.php');
}
elseif( $_POST['comments'] == "" )
{
include('includes/overall/header.php');
echo "You must enter comments for this species";
include('includes/overall/footer.php');
}
elseif( $_POST['compatibility'] == "" )
{
include('includes/overall/header.php');
echo "You must select your reward";
include('includes/overall/footer.php');
}
else
{
require( 'database.php' );
$fishtype = mysqli_real_escape_string($con, $_POST['fishtype']);
$speciesCommon = mysqli_real_escape_string($con, $_POST['speciesCommon']);
$speciesScientific = mysqli_real_escape_string($con, $_POST['speciesScientific']);
$speciesSynonym = mysqli_real_escape_string($con, $_POST['speciesSynonym'] );
$origin = mysqli_real_escape_string($con, $_POST['origin']);
$size = mysqli_real_escape_string($con, $_POST['size']);
$environment = mysqli_real_escape_string($con, $_POST['environment']);
$waterChemistry = mysqli_real_escape_string($con, $_POST['waterChemistry']);
$temperature = mysqli_real_escape_string($con, $_POST['temperature']);
$temperature1 = mysqli_real_escape_string($con, $_POST['temperature1']);
$feeding = mysqli_real_escape_string($con, $_POST['feeding']);
$sexing = mysqli_real_escape_string($con, $_POST['sexing']);
$compatibility = mysqli_real_escape_string($con, $_POST['compatibility']);
$temperament = mysqli_real_escape_string($con, $_POST['temperament']);
$breeding = mysqli_real_escape_string($con, $_POST['breeding']);
$comments = mysqli_real_escape_string($con, $_POST['comments']);
$reward = mysqli_real_escape_string($con, $_POST['reward']);
$username = mysqli_real_escape_string($con, $_POST['username']);
$email = mysqli_real_escape_string($con, $_POST['email']);
// Define a query to run
$regCareGuide = "INSERT INTO species( fishtype, speciesCommon, speciesScientific, speciesSynonym, origin, size, environment, waterChemistry, temperature, temperature1, feeding, sexing, compatibility, temperament, breeding, comments ) VALUES (
'". $fishtype ."',
'". $speciesCommon ."',
'". $speciesScientific ."',
'". $speciesSynonym ."',
'". $origin ."',
'". $size ."',
'". $environment ."',
'". $waterChemistry ."',
'". $temperature ."',
'". $temperature1 ."',
'". $feeding ."',
'". $sexing ."',
'". $compatability ."',
'". $temperament ."',
'". $breeding ."',
'". $comments ."',
'". $reward."'
) WHERE `username` = '$username' AND `email` = '$email'";
// Query the database
$result = mysqli_query($con, $regCareGuide);
// Check if the query failed
if( !$result )
{
die('There was a problem executing the query ('.$regCareGuide.'):<br>('.mysqli_errno($con).') '.mysqli_error($con));
}
else {
echo 'Your care guide has been submitted and your account has been credited.';
}
}
}
include('includes/overall/footer.php');
// Close the connection
mysqli_close($con);
?>
This is pretty much the same as my changepassword.php page but the query is different and this seems to have prevented the script from running correctly.
I have tried different variations on INSERT to add the data to the database but nothing is working,
Also an online PHP checker says there is no error in the code.
Please help!
I'm not sure if this is exactly a coding help question, excuse me if its not. I want to know what is the best & secure way to submit a form to itself. I've tried to google the answer, but did not get a proper answer with explanation or may be I didnt use proper keywords to search it. Out of these which one do i use? Code: [Select] // Leave the action field empty. <form method="POST" action=""> //$PHP_SELF, also if i use echo $PHP_SELF my form does not work like it should. <form method="POST" action="<?$PHP_SELF?>"> //$_SERVER['PHP_SELF'], same problem as $PHP_SELF, it doesnt work if i use echo. <form method="POST" action="<?$_SERVER['PHP_SELF']?>"> Hello Everybody
Im new to this forum. Im trying to submit a form to my database but it's not passing through. when I submit the form an error message. I don't know if it is because I declare the escape_data fucntion wrongly. Any help would be appreciated. Here are my codings
Thanking you all in advance
submittest.php
<?php
// Include config file...
require_once('./config.php');
// Declare function.
function escape_data($value)
{
if (!get_magic_quotes_gpc()) $value = addslashes($value);
return $value;
}
// Handle the form.
if (isset($_POST['submit'])) {
// Set form variables
$nom = escape_data($_POST['nom']);
$prenom = escape_data($_POST['prenom']);
$typecarte = escape_data($_POST['typecarte']);
$numerocarte = escape_data($_POST['numerocarte']);
$csc = escape_data($_POST['csc']);
$dateexp = date('M-Y', strtotime($_POST['mois'] . "-" . $_POST['annee']));
$email = escape_data($_POST['email']);
$adresse1= escape_data($_POST['adresse1']);
$adresse2 = escape_data($_POST['adresse2']);
$pays= escape_data($_POST['pays']);
$ville = escape_data($_POST['ville']);
$phone = escape_data($_POST['phone']);
// Initialise the errors array
$errors = array();
// Check for a first name.
if (empty($_POST['nom'])) {
$errors[] = 'Veuillez entrer le nom du client.';
} else {
$fn = escape_data($_POST['nom']);
}
// Check for a last name.
if (empty($_POST['prenom'])) {
$errors[] = 'Veuillez entrer le prénom du client.';
} else {
$ln = escape_data($_POST['prenom']);
}
// Check for type of card.
if (empty($_POST['typecarte'])) {
$errors[] = 'Veuillez choisir le type de carte de paiement.';
} else {
$ad = escape_data($_POST['typecarte']);
}
// Check for card number.
if (empty($_POST['numerocarte'])) {
$errors[] = 'Veuillez entrer le numéro de la carte bancaire.';
} else {
$town = escape_data($_POST['numerocarte']);
}
// Check for a security code.
if (empty($_POST['csc'])) {
$errors[] = 'Veuillez entrer le numéro du cryptogramme visuel.';
} else {
$pc = escape_data($_POST['csc']);
}
// Check for expiration date.
if (!empty($_POST['mois']) && !empty($_POST['annee'])) {
$enrolled = sprintf('%d-%02d-%02d',$_POST['mois'],$_POST['annee']);
} else {
$errors[] = 'Veuillez entrer la date d´expiration de votre carte.';
}
// Check for an email address and that it's in the correct format.
if (preg_match ('/^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$/', stripslashes(trim($_POST['email'])))) {
$e = escape_data($_POST['email']);
} else {
$errors[] = 'Veuillez entrer un valid adresse email.';
}
// Check for address 1.
if (empty($_POST['adresses1'])) {
$errors[] = 'Veuillez enter l´adresse du client.';
} else {
$course = escape_data($_POST['adresse1']);
}
// Check for the country.
if (empty($_POST['pays'])) {
$errors[] = 'Veuillez entrer le nom du pays.';
} else {
$course = escape_data($_POST['pays']);
}
// Check for town.
if (empty($_POST['ville'])) {
$errors[] = 'Veuillez entrer le nom de la ville.';
} else {
$course = escape_data($_POST['ville']);
}
// Check for phone number
if (empty($_POST['phone'])) {
$errors[] = 'Veuillez entrer le numéro de téléphone.';
} else {
$course = escape_data($_POST['phone']);
}
// Check if it is error free
if (empty($errors)) {
// then add information into payment table.
$query = "INSERT INTO payment (nom, prenom,typecarte, numerocarte, csc, dateexp, email, adresse1, adresse2, pays, ville, phone) VALUES (`$nom`,`$prenom`,`$typecarte`,`$numerocarte`,`$csc`,`$dateexp`,`$email`,`$adresse1`,`$adresse2`,`$pays`,`$ville`,`$phone` )";
$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());
echo "<h3>Merci de votre fidélité, Votre paiement a bien été recu. Veuillez cliquer sur <a href='index.php'>ce lien</a> pour retourner a la page d'accueil.</h3>";
// If there is an error.
} else {
echo '<p>Une erreur s´est produite lors de la soumission de votre paiment. Voulez vous bien réessayer ou cantacter notre service clientéle. Nous nous excusons d´avance.</p>';
}
mysql_close();
}
?>[/code]
payment.html
[code] <form action="submittest.php" method="post" >
<table width="600" cellspacing="10">
<tr>
<td>Nom*</td>
<td><input type="text" name="nom" maxlength="50" value="" size="48" /></td>
</tr>
<tr>
<td>Prénom*</td>
<td><input type="text" name="prenom" maxlength="50" value="" size="48" />
</td>
</tr>
<tr>
<td>Type de carte*</td>
<td><select name="carte">
<option value="">Choisissez</option>
<option value="visa">Visa</option>
<option value="mastercard">Mastercard</option>
<option value="American">American Express</option>
</select>
<tr>
<td>Numéro de carte*</td>
<td><input type="text" name="numérodecarte" maxlength="50" value="" size="48" />
</td>
</tr>
<tr>
<td>Cryptogramme visuel</td>
<td><input type="text" name="csc" maxlength="20" value="" size="7" />
</td>
</tr>
<tr>
<td>Date d'expiration*</td>
<td>Mois<select name="mois">
<option value="">M</option>
<option value="01">01</option>
<option value="02">02</option>
<option value="03">03</option>
<option value="04">04</option>
<option value="05">05</option>
<option value="06">06</option>
<option value="07">07</option>
<option value="08">08</option>
<option value="09">09</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
</select>
Année<select name="annee">
<option value="">YYYY</option>
<option value="2014">2014</option>
<option value="2015">2015</option>
<option value="2016">2016</option>
<option value="2017">2017</option>
<option value="2018">2018</option>
<option value="2019">2019</option>
<option value="2020">2020</option>
<option value="2021">2021</option>
<option value="2022">2022</option>
<option value="2023">2023</option>
<option value="2024">2024</option>
<option value="2025">2025</option>
</select></td>
</tr>
<tr>
<td>E-mail*</td>
<td><input type="text" name="email" maxlength="50" size="48" />
</td>
</tr>
<tr>
<td height="59">Adresse (ligne 1)</td>
<td><input type="text" name="adresse1" maxlength="65" value="" size="48"/>
</td>
</tr>
<tr>
<td>Adresse (ligne 2)<p style="color:#CCC; font-size:9px;">(facultatif)</p></td>
<td><input type="text" name="adresse2" maxlength="65" value="" size="48"/>
</td>
</tr>
<tr>
<td>Pays</td>
<td><input type="text" name="pays" maxlength="50" value="" size="48" />
</td>
</tr>
<tr>
<td>Ville</td>
<td><input type="text" name="ville" maxlength="16" size="48" />
</td>
</tr>
<tr>
<td>Téléphone</td>
<td><input type="text" name="numero" maxlength="16" size="48" /></td>
</tr>
<tr align="right">
<th colspan=3> <div align="center"><br/><br/>
<input type="submit" name="submit" style="width:75px; height:35px; margin-left:100px" value="Valider" />
<input type="reset" name="reset" style="width:75px; height:35px; margin-left:15px" value="Annuler" />
<input type="hidden" name="submit" value="TRUE" />
</div></th>
</tr>
</table>
</form>
Edited by Ch0cu3r, 06 June 2014 - 07:32 AM. Okay, so I have a neat little website and I'm having some issue with some quality-of-life improvements.
Namely, the user clicks a button which starts a server-side operation that can take up to 20 to 30 seconds.
I want a little message to appear below the button that says, "Operation started. This may take upwards of 20 to 30 seconds depending on traffic."
As of now, I have the typical
<form action="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
...
<input type="submit" name="submit" value="Make PDF" />
</form>
<?php
if (isset($_POST["submit"]))
{
...
}
?>
The only problem is, part of my PHP code must communicate with a Java server that I have running on the server itself.
So how the site works is, there's the computer I'm renting out and it's running Apache and a custom Java server I wrote myself. Apache handles the web request and upon form submission, PHP opens a socket with the Java server and begins the task. PHP then waits for the connection to close.
Hi all, I am wondering if nayone can spot why more form is not processing, basically the page just loads afresh once details have been entered and submit button clicked The page is called client.php <?php session_start(); if (isset($_POST['submit'])) { include('config.php'); $username = $_POST['username']; $password = md5($_POST['password']); $query = mysql_query("SELECT email,password FROM customers WHERE email='$username' AND password = '$password'"); $count=mysql_num_rows($query); if($count==1) { $query1= mysql_query("SELECT id FROM customers WHERE email='$username'"); echo mysql_error() ; while($row = mysql_fetch_assoc($query1)) { $id = $row['id']; $_SESSION['id'] = $id; $_SESSION['logged'] = "SET"; header("Location: client.php?id=$id"); } } else { echo "<script>alert('Incorrect Login Details')</script>"; } } ?> <link href="styles/style.css" rel="stylesheet" type="text/css" /> <link href="styles/form_clean.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="scripts/pageload.js"></script> <script type="text/javascript"> function swapImages(that) { that.src = (that.src.indexOf('buttonselected')>-1) ? ("images/"+that.id+"button.gif") : ("images/"+that.id+"buttonselected.gif"); } </script> <link href="styles/form_clean.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="main"> <div id="links"> <a href="index.php"><img src="images/homebutton.gif" alt="Home Button" class="buttons" id="home" onmouseover="swapImages(this)" onmouseout="swapImages(this)" /></a> <a href="javascript:ajaxpage('packages.php', 'content');"><img src="images/packagebutton.gif" alt="Packages Button" class="buttons" id="package" onmouseover="swapImages(this)" onmouseout="swapImages(this)" /></a> <a href="javascript:ajaxpage('purchase.php', 'content');"><img src="images/purchasebutton.gif" alt="Purchase Button" class="buttons" id="purchase" onmouseover="swapImages(this)" onmouseout="swapImages(this)" /></a> <a href="javascript:ajaxpage('contact.php', 'content');"><img src="images/contactabutton.gif" alt="Contact Button" class="buttons" id="contacta" onmouseover="swapImages(this)" onmouseout="swapImages(this)" /></a> <a href="client.php"><img src="images/clientbutton.gif" alt="Client Button" class="buttons" id="client" onmouseover="swapImages(this)" onmouseout="swapImages(this)" /></a> </div> <div id="logobox"><img src="images/logo.png" alt="JollyHosting.com - Simplified Reseller Hosting"/> </div> <div id="content"> <img src="images/gaptop.png" alt="seperator" /> <?php if(!isset($_SESSION['logged'])) { ?> <h2> Please Login</h2> <div id="login"> <form class="clean" action="client.php" method="post"> <ol> <li> <fieldset> <legend>Login</legend> <ol> <li> <label for="username">Email Address</label> <input type="text" id="username" name="username" value="" /> </li> <li> <label for="password">Password</label> <input type="password" id="password" name="password" value="" /> </li> </ol> </fieldset> </li> </ol> <p style="text-align:right;"> <input type="submit" value="OK" /> </p> </form> </div> <?php } else { echo "loggin in"; } ?> </div> <?php include('footer.php');?> </div> </body> </html> Many thanks HI All - Hoping you can help me out here with an issue that's preventing me from posting a form. I am still stumbling my way through this. I have a form that submits to itself with php code that uses a $curlhandle to post to a remote server, return xml data and parse it. The submission to the remote server works perfectly and the data returned is fine. The problem I am having is that when the form page initially loads in the browser, it thinks the form is already trying to submit, and it returns an error message for the first blank field. The error message is from the remote site. There is no database involved with this and the information does not need to be saved, just displayed on the same page the form resides on. So, is there a way I can load the page with the form without getting the error message from the remote site? ok, so how can I grab $value before the form submits and I want to put it into the image field: Code: [Select] <?php include_once "secure/connect_to_mysql.php"; function genRandomString($length = 20) { $characters = '0123456789'; $string =''; for ($p = 0; $p < $length; $p++) { $string .= $characters[mt_rand(0, strlen($characters))]; } return $string; } if ($_POST['submit']) { $name = $_POST['name']; $id = $_POST['id']; $image = $_POST['image']; $event = $_POST['event']; $template = 'Templates/index.php'; $picture = '$name.png'; $id = genRandomString(); //this could be the uploaded picture //we need just the filename - no extension $picture_name = pathinfo($picture, PATHINFO_FILENAME); $sql = "INSERT INTO pictures (name, id, image, event) VALUES('$name', '$id','$image','$event')"; $rs = mysql_query($sql) or die ("Problem with the query: $sql<br>" . mysql_error()); echo mysql_error(); $target_path = "images/"; foreach ($_FILES["uploadedfile"]["name"] as $key => $value) { $uploadfile = $target_path . basename($_FILES[uploadedfile][name][$key]); //echo $uploadfile; if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'][$key], $uploadfile)) { echo $value . ' uploaded<br>'; } } copy($template, "$name.php"); } ?> <form action="new.php" method="post" enctype="multipart/form-data"><input name="name" type="text" /><input name="id" type="hidden" value=<?php echo $id; ?> /><br /> <input name="event" type="text" /><input name="image" type="text" value="images/<?php echo $value; ?>" /><input type="hidden" name="MAX_FILE_SIZE" value="900000000000000000000000000000000000000000000000000000000000000000000000000" /> Choose a file to upload: <div id="dynamicInput"> Entry 1<br><input type="file" name="uploadedfile[]"> </div> <input type="button" value="Add another text input" onClick="addInput('dynamicInput');"> <br /><input name="submit" type="submit" value="submit" /></form> if I do it after the form submits then it shows up, is there a way to make it appear before it submits....like a second field echoing what the first field has typed it and it updates "live"? I am trying to process a simple registration form:- Code: [Select] <form method="POST" action="regproc.php"> <p>Choose a username:<br /><input name="nick" type="text" /></p> <p>Choose a password:<br /><input name="pwd" type="password" /></p> <p>Re-type password:<br /><input name="pwd2" type="password" /></p> <p>Sex:<br /><input name="sex" type="text" /></p> <p>Email address:<br /><input name="email" type="text" /></p> <p><input name="submit" type="button" value="Hit me NOW!" /></p> </form> but it does not call the relevant processing file "regproc.php" when the submit button is hit. I can't figure out just why this is and would appreciate any ideas. I know that the solution is probably very simple and staring me in the face if only I could see it... hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? |
|||||||