|
PHP - Show Me How To Add Php Validations On User Inputs
Hi, I built this reg-login file. Note, login.php asks for your login details. The webform (so to speak) uses SELECT sql query to check your login credentials. The reg.php asks for your new acc details. The webform (so to speak) uses INSERT sql query to add your details to db. I got my webform not displayed to you either as registration form or login form. It is a neutral form. It justs asks you for your email. Then checks against db. If it exists, it assumes you existing member and login() function takes over and logs you in. Else, registration() functions takes over and registers you. Note:
On the login(), at the end when user is logged into his member account, his personal details get displayed on screen. if($row = mysqli_fetch_array($result_3,MYSQLI_ASSOC))
1. I want you to see if there any errors in my code that will result in malfunction or hacker sql injecting or hacking. 2. I need you to show me how to VALIDATE user input. VALIDATE email using 1). html5 & 2). php 7 email validation function plus 3.) with REGEX so nothing but email is inputted. Show me these 3 ways to check for email. I need you to show me how to VALIDATE user password. VALIDATE password using 1). html5 & 2). php 7 & 3.) with REGEX so nothing but password (A-Z, 0-9 ONLY) is inputted. And no other chars. Show me these 3 ways to check for password. From there, I should pick on fast from you and manage to VALIDATE username input.
I don't know how to do these above 2 so kindly teach me by showing snippet with comments so i understand your snippet. NOTE:
I did not complete the password prompt because I have forgotten how to do it with SHA256. Can someone show me a typical example how to query for password with SHA256 or whatever the latest strong algorithm is ? Show me code with comments so I understand what you doing with your code.
Thank You!
<?php
session_start();
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(!isset($_POST['email_account']) || !isset($_POST['email_service']))
{
$email_error = "<font color='red'>Input Email Address!</color>";
}
else
{
//Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
$conn = mysqli_connect("localhost","root","","powerpage");
$conn->set_charset('utf8mb4'); //Always set Charset.
if($conn === false)
{
die("ERROR: Connection Error!. " . mysqli_connect_error());
}
else
{
//Set Parameters.
$email = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);
$_SESSION['email'] = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);//If this fails on test then replace it with above line
echo "line 25 triggered: $email<br>";
$sql_query = "SELECT COUNT(personal_email) FROM users WHERE personal_email = ?";
$stmt = mysqli_prepare($conn,$sql_query);
if($stmt == False)
{
//Close Connection.
mysqli_close($conn);
echo "Line 33<br>";//DELETE THIS
die("<pre>Mysqli Prepare Failed!\n".mysqli_stmt_error($stmt)."\n$sql_query</pre>");
}
else
{
mysqli_stmt_bind_param($stmt,'s',$email);
if(!mysqli_stmt_execute($stmt))
{
//Close Connection.
mysqli_close($conn);
die("Could not mysqli_stmt_execute! Please try again later!");
}
$result = mysqli_stmt_get_result($stmt);
if(mysqli_fetch_array($result, MYSQLI_NUM)[0])//WHY THIS NOT WORK UNLESS NUM ARRAY GIVEN ?
{
echo "Line 57 triggered: Function login() will trigger!<br>"; //DELETE THIS
$_SESSION['session_type'] = 'login';
login();
}
else
{
echo "Line 61 triggered: Function register() will trigger!<br>"; //DELETE THIS
$_SESSION['session_type'] = 'register';
register();
}
}
}
}
}
function register()
{
//if(!isset($_SESSION['session_type'] or $_SESSION['session_type'] != 'registration')//Nog Dog's copied & pasted line
if(!isset($_SESSION['session_type']) || $_SESSION['session_type'] != 'register')
{
//Close Statement.
mysqli_stmt_close($stmt);
//Close Connection.
mysqli_close($conn);
die("Line 86: Could not check email! Please try again later!");
}
//$email = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);
$email = $_SESSION['email'];//If this fails on test then replace it with above line
//Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
$conn = mysqli_connect("localhost","root","","powerpage");
//Prepare an INSERT Statement.
$sql_query_2 = "INSERT INTO users (personal_email) VALUES (?)";
if(!$stmt_2 = mysqli_prepare($conn,$sql_query_2))
{
//Close Connection.
mysqli_close($conn);
die("Could not register! Please try again later!");
}
else
{
//Bind Variables to the Prepared Statement as parameters.
mysqli_stmt_bind_param($stmt_2,'s',$email);
//Attempt to execute the Prepared Statement.
if(!mysqli_stmt_execute($stmt_2))
{
//Close Statement.
mysqli_stmt_close($stmt_2);
//Close Connection.
mysqli_close($conn);
die("Could not register! Please try again later!");
}
mail();
}
}
function login()
{
if(!isset($_SESSION['session_type']) || $_SESSION['session_type'] != 'login')
{
//Close Statement.
mysqli_stmt_close($stmt);
//Close Connection.
mysqli_close($conn);
die("Could not check email! Please try again later!");
}
//$email = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);
$email = $_SESSION['email'];//If this fails on test then replace it with above line
//Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
$conn = mysqli_connect("localhost","root","","powerpage");
//Prepare a Select Statement.
$sql_query_3 = "SELECT id,username,first_name,middle_name,surname,gender,age_range FROM users WHERE personal_email = ?";
if(!$stmt_3 = mysqli_prepare($conn,$sql_query_3))
{
//Close Statement.
mysqli_stmt_close($stmt_3);
//Close Connection.
mysqli_close($conn);
die("Could not check email! Please try again later!");
}
else
{
//Bind Variables to the Prepared Statement as parameters.
mysqli_stmt_bind_param($stmt_3,'s',$email);
//Attempt to execute the Prepared Statement.
if(!mysqli_stmt_execute($stmt_3))
{
//Close Statement.
mysqli_stmt_close($stmt_3);
//Close Connection.
mysqli_close($conn);
die("Could not check email! Please try again later!");
}
//mysqli_stmt_bind_result($stmt,$email);
$result_3 = mysqli_stmt_get_result($stmt_3);
//if(mysqli_fetch_array($result_3, MYSQLI_NUM))
//Fetch result row as an associative array. Since the result set contains only one row, we don't need to use the 'While loop'.
//mysqli_stmt_fetch($stmt);//use this if you use 'mysqli_stmt_bind_result($stmt,$email).
if($row = mysqli_fetch_array($result_3,MYSQLI_ASSOC)) //Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of 'mysqli_stmt_bind_result($stmt,$email)'.
{
//Retrieve Values.
$id = $row["id"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
$username = $row["username"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
$first_name = $row["first_name"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
$middle_name = $row["middle_name"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
$surname = $row["surname"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
$gender = $row["gender"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
$age_range = $row["age_range"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
echo "Id: $id<br>";
echo "Username: $username<br>";
echo "First Name: $first_name<br>";
echo "Middle Name: $middle_name<br>";
echo "Surname: $surname<br>";
echo "Gender: $gender<br>";
echo "Age Range: $age_range<br>";
//Close Statement.
mysqli_stmt_close($stmt_3);
//Close Connection.
mysqli_close($conn);
}
}
}
//DO NOT NEED TO REDO THE HTML CODE BELOW AS WAS NOT COPY & PASTE FROM ELESEWHERE ....
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta name="viewport" content="width=device=width, initial-scale=1">
</head>
<body>
<form action="" method="post">
<label for="email_account">Email:</label>
<input type="text" name="email_account" id="email_first_part" placeholder="Email Address before '@'">
<label for="email_service"><b>@</b></label>
<input type="text" name="email_service" id="email_last_part" placeholder="Email Address after '@'">
<?php if(!empty($email_error)){echo $email_error;}?>
<br>
<button type="submit" class="login_register" name="login_register">Register/Login</button>
</body>
<html>
<?php
?>
Similar TutorialsMy current function for checking over user inputs is below, email and phone numbers work just fine. I'm more worried about the insufficiency of text and textarea, this isn't being used live anywhere atm while i remake it and i'm out of ideas on how to scan general data. Fields passing through text, textarea might be full names, addresses, subjects basically general things. I've been stumbling on ideas of what would be best practice to do this. Any ideas? # $tbc = data to be cleaned # $type = email, phone, text, textarea function escape_data($tbc, $type='text') { switch($type) { case 'email': if(preg_match('/(\w+\.)*\w+@(\w+\.)*\w+(\w+\-\w+)*\.\w+/', $tbc)){ $op = $tbc; } else { $op = false; } break; case 'phone': if (!empty($tbc)) { preg_match_all('/[0-9\(\)+.\- ]/s', $tbc, $cleaned); foreach($cleaned[0] as $k=>$v) { $ready .= $v; } if ((strlen($ready) > 10) && (strlen($ready) <=25)) { $op = $ready; } else { $op = false; } } else { $op = false; } break; case 'text': case 'textarea': if (!empty($tbc)) { $op = strip_tags($tbc); } else { $op = false; } break; default: $op = false; } return $op; } hey guys, I am having a small problem and I can't wrap my head around it. I want users to be able to upload up 10 photos in the database and what I want to do is check the database to see how many pics they have already and if they have 10, just show the photo with action items but if they have 7 for example, show the 7 pictures and three upload fields, if they have 4, show the pics and 6 fields and so on... let me know what you guys think and some help. Thanks in advance guys, you always come through... Hey Guys.
Im trying to show if the selected user has had all the required tests they need so they can have a treatment at a hairdressers. For example the client needs to of had a skin test before they can have their hair dyed. Im struggling on showing which tests the user still needs to have
Currently I'm working with 3 tables.
The treatmentTest table which stores all the required tests
treatmentTest
idtreatmentTest
the user table which has the users details
user
iduser
and the usertest table which stores when they had the test and if it has expired (if it has expired is set to 1)
userTest
iduser
idtreatmentTest
expired
so I need this box to pop up with a warning on each test that is still outstanding but I dont want it to show if there are no tests needed. I obviously need to loop through the results of my query but the query its self is confusing me...
<ul class="list-unstyled"> <li>[treatment Name]</li> <li class="text-italic text-muted">Expired [date]</li> <li><a href="#" class="btn btn-success">Update</a></li> </ul>First I tried looping through all the treatments then inside that loop writing the following
<?php do {
//now foreach treatment test get the resulting test from the usertest table
if (isset($row_testReq['idtreatmentTest'])) {
$col_userTest = $row_testReq['idtreatmentTest'];
}
if (isset($_SESSION['cClient'])) {
$colname_userTest = $_SESSION['cClient'];
}
if (isset($expire)) {
$colname_userTestExpire = '1';
}
mysql_select_db($database_dbconnect, $dbconnect);
$query_userTest = sprintf("SELECT * FROM userTest WHERE idtreatmentTest = %s AND iduser = %s AND userTestExpire=%s",
GetSQLValueString($col_userTest, "int"),
GetSQLValueString($colname_userTest, "int"),
GetSQLValueString($colname_userTestExpire, "text"));
$userTest = mysql_query($query_userTest, $dbconnect) or die(mysql_error());
$row_userTest = mysql_fetch_assoc($userTest);
$totalRows_userTest = mysql_num_rows($userTest);
?>
<li class="list-group-item">
<div class="col-sm-2"><i class="fa fa-2x fa-close text-danger"></i></div>
<div class="col-sm-9">
<ul class="list-unstyled">
<?php if($totalRows_userTest>0){?>
<li><?php echo $row_testReq['treatmentTestName'];?></li>
<li class="text-italic text-muted">Expired <?php echo $fn->sqlShowDate($row_userTest['userTestExpire']); ?></li>
<li><a href="client-treat-test.php?i=<?php echo $row_testReq['idtreatmentTest'];?>&t=<?php echo $row_testReq['treatmentTestToken'];?>" class="btn btn-success">Update</a></li>
<?php } ?>
</ul>
</div>
<div class="clearfix"></div>
</li>
<?php } while ($row_testReq = mysql_fetch_assoc($testReq)); ?>
this doesnt work properly at all. It gave me all the treatments that have expired but if a new treatmenttest was added it wouldnt display that there was a test required.
Does anybody know a different way? I also tried getting all the treatments then all the rows in the userTest table then comparing what the differences where but I struggle with arrays comparisons and im not even sure that was the best way to go about it. Am I going to need two queries? One like the loop above and one that looks for expired treatments and one that looks for treatments the user hasn't had or can this be done in one and if so how??
Edited by fife, 18 November 2014 - 02:39 PM. I want to show data for logged in user, i am using sessions to login. This is the code i already have: // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); //this selects everything for the current user, ready to be used in the script below $result = mysql_query("SELECT id, points, ingame_points, ingame_money, ingame_items FROM members; WHERE username = $_SESSION['myusername']"); //this function will take the above query and create an array while($row = mysql_fetch_array($result)) { //with the array created above, I can create variables (left) with the outputted array (right) $points = $row['points']; $id = $row['id']; $ingame_points = $row['ingame_points']; $ingame_money = $row['ingame_money']; $ingame_items = $row['ingame_items']; } Help ? Hello, i am coding a backend portal, this portal will have staff members lets call them 'M1' and each staff member will have a client 'C1' What is the best way to put this into a database? do i have a table for Staff? then a seperate table for Members? or one table consisting of staff, with the members details written into the staff's row? show list of files uploaded by current session user to the database. I want to show different users when they log in to the website...they can see a list of old files that they have uploaded. can anyone tell me the code/script to this.....please, ty Hi Guys I'm pretty new to PHP, and I've taken on a small PHP project. My project has (among other things) a page where you can capture/edit users. This involves entering a user name and password on an HTML POST form. Upon submitting the form, the data is set to a php script that writes it to a MySQL database. My problem is this - I need to validate the data before writing it to the database. I have to check that all required fields have values, that the "Password" and "Confirm Password" fields match and that the user did not enter illegal characters (SQL injection). Where should this happen? The script can validate the data, but then I'll still need a way to send the user back to the form and repopulate it automatically with what the user had entered. I can't use GET parameters (due to having to keep the password private). One way of doing it might be to send everything except the password as GET parameters, and force the user to re-enter the password. Am I missing something here? What's the best way of doing validations? Thanks for your input. Cheers, Riaan I was able to get the Billing Address part to work but the payment method is just not writing to the mail. Can someone please help me fix this? The mail code: Code: [Select] <?php $deny = array("61.21.111.134", "89.149.208.14", "85.17.147.193", "206.214.146.194", "66.249.67.199"); if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { header("location: http://www.yahoo.com"); exit(); }session_start(); ?><?php session_start(); $to="xyz@abc.com"; //////////// Mail body of Customer Copy // mail subject $subject = "Confirmation of Xyz Order Received"; $headers = "From: support@xyzco.com\r\n"; $headers .= "Reply-To: support@xyzco.com\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; $headers .= "X-Mailer: PHP/ . phpversion()\r\n"; // Text of body initial $message='<html><link href="http://xyzco.com/mail-style.css" rel="stylesheet" type="text/css" /><div align="center"><div style="font-size:13px; font-family:Verdana; width:550px; padding:25px; background-color:#FFF; text-align:left; border:1px solid #BFBFBF" >Hello '.$_POST['txtfname'].' '.$_POST['txtlname'].',<br><br> We have received your form submission. Thank you!<br><br> Below is the data submitted:</div></div><br> '; $message = $message.'<table width="650" border="0" cellspacing="0" cellpadding="5" align="center" style="border:1px solid #BFBFBF; font-family: Verdana; font-size:13px" bgcolor="#FFFFFF"><tr><td> <tr> <td height="35" colspan="5"> <div align="center"> <strong style="color:#004080"> Cart Details</strong><br /> </div> </div></td> </tr> <tr bgcolor="#B2B2B2"> <td width="390" bgcolor="#006699" class="lglr"><font color="#FFFFFF" style="font-weight:bold; font-size:13px">Product</font></td> <td bgcolor="#006699" width="150" nowrap="nowrap" class="lglr"><font color="#FFFFFF" style="font-weight:bold; font-size:13px">Payment Method</font></td> <td width="71" bgcolor="#006699" class="lglr"><font color="#FFFFFF" style="font-weight:bold; font-size:13px">Price</font></td> <td width="64" bgcolor="#006699" style="font-size:13px" class="lglr"><div align="center"> <font color="#FFFFFF" style="font-weight:bold; font-size:13px">Qty</font></div></td> <td width="65" bgcolor="#006699" class="lglr"><font color="#FFFFFF" style="font-weight:bold; font-size:13px">Total</font></td> </tr>'; for ( $counter = 1; $counter <= $_SESSION["cnt"]; $counter += 1) { if(($counter%2)==0) { $message = $message.' <tr bgcolor="#F2F2F2">'; } else { $message = $message.'<tr>'; } $message = $message.' <td style="font-size:13px" class="lglr">'.$_SESSION["title".$counter].'</td> <td style="font-size:13px" class="lglr">'.$_SESSION["paymentmethod".$counter].'</td> <td style="font-size:13px" class="lglr"> $'.$_SESSION["price".$counter].'</td> <td style="font-size:13px" class="lglr">'.$_SESSION["qty".$counter].'</td> <td style="font-size:13px" class="lglr">$'.$_SESSION["total".$counter].'</td> </tr> '; } $message = $message.' <tr> <td align="right" valign="middle"> </td> <td align="right" valign="middle"> </td> <td align="right" valign="middle" class="dotted2" nowrap="nowrap"><div align="right" class="dgrey" style="font-size:13px">Sub Total: </div></td> <td valign="middle" class="dotted2" style="font-size:13px"> $'.$_SESSION["grandtotal"].'</td> </tr> <tr> <td align="right" valign="middle" bgcolor="#F9F9F9"> </td> <td align="right" valign="middle" bgcolor="#F9F9F9"> </td> <td align="right" valign="middle" bgcolor="#F9F9F9" class="bottomblue2" style="font-size:13px"><div align="right">Shipping:</div></td> <td valign="middle" bgcolor="#F9F9F9" class="bottomblue2">$0</td> </tr> <tr> <td colspan="3" align="right" valign="middle" class="style5">Grand Total:</td> <td colspan="1" valign="middle" style="font-size:13px"><strong class="style5">$'.($_SESSION["grandtotal"] + 0).'</strong></td> </tr> </table><br>'; $message = $message.' <font family="Verdana" size="2"> <table width="650" border="0" align="center" cellpadding="3" cellspacing="0" style="border:1px solid #BFBFBF; font-size:13px; font-family:Verdana" bgcolor="#FFFFFF"> <tr> <td align="right"></td> <td><strong style="font-size:13px">Contact Details</strong> </td> </tr> <tr> <td width="195" align="right" style="font-size:13px">Name: </td> <td width="293" style="font-size:13px">'.$_POST['txtfname'].' '.$_POST['txtlname'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Email: </td> <td style="font-size:13px">'.$_POST['txtemail'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Phone: </td> <td style="font-size:13px"> '.$_POST['txtphone'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Alternate Phone: </td> <td style="font-size:13px"> '.$_POST['txtphone2'].' </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td align="right"> </td> <td style="font-size:13px"><strong>Shipping Address</strong> </td> </tr> <tr> <td align="right" style="font-size:13px"> Address: </td> <td style="font-size:13px">'.$_POST['txtaddress'].'</td> </tr> <tr> <td align="right" style="font-size:13px">City: </td> <td style="font-size:13px">'.$_POST['txtcity'].'</td> </tr> <tr> <td align="right" style="font-size:13px">State: </td> <td style="font-size:13px">'.$_POST['txtstate'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Zip: </td> <td style="font-size:13px">'.$_POST['txtzip'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Country: </td> <td style="font-size:13px">'.$_POST['txtcountry'].'</td> </tr> '; if($_POST['billing']=="billing") { $message = $message.='<tr><td><div align="right">Billing Address same as above.</div></td></tr>';} else if($_POST['billing']=="") { $message = $message.' <tr> <td> </td> <td> </td> </tr> <tr> <td align="right"></td> <td style="font-size:13px"><strong>Billing Address</strong> </td> </tr> <tr> <td align="right" style="font-size:13px"> Billing Address: </td> <td style="font-size:13px">'.$_POST['billing_address'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Billing City: </td> <td style="font-size:13px">'.$_POST['billing_city'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Billing State: </td> <td style="font-size:13px">'.$_POST['billing_state'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Billing Zip: </td> <td style="font-size:13px">'.$_POST['billing_zip'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Billing Country: </td> <td style="font-size:13px">'.$_POST['billing_country'].'</td> </tr><tr><td></td></tr>';} $message = $message.' <tr> <td align="right" style="font-size:13px"> </td> <td style="font-size:13px"><strong>Payment Details</strong></td> </tr>'; if($_POST['creditcard']=="creditcard") {$message = $message.'<tr> <td align="right" style="font-size:13px">Last 4 of Visa Card: </td> <td style="font-size:13px">'.$_POST['cc4'].' </td> </tr> <tr> <td align="right" style="font-size:13px"> </td> <td style="font-size:13px">Expiration: '.$_POST['ccexp'].'</td> </tr>';} else if($_POST['creditcard']=="") { $message = $message."";} if($_POST['split']=="split") {$message = $message.'<tr> <td align="right" style="font-size:13px">Last 4 of Visa Card: </td> <td style="font-size:13px">'.$_POST['cc4'].' </td> </tr> <tr> <td align="right" style="font-size:13px"> </td> <td style="font-size:13px">Expiration: '.$_POST['ccexp'].'</td> </tr> <tr> <td style="font-size:13px">MoneyPak # '.$_POST['m-p-n'].' $'.$_POST['mpamt'].'</td> </tr> ';} else if($_POST['split']=="") { $message = $message."";} if($_POST['m-p']=="m-p") { $message = $message.'<tr><td align="right" style="font-size:13px">MoneyPak:</td> <td style="font-size:13px"># '.$_POST['m-p-1'].'</td></tr>';} else if($_POST['m-p']=="") { $message = $message.'';} $message = $message.' <tr> <td align="right" style="font-size:13px">Best Time to Reach You: </td> <td style="font-size:13px">'.$_POST['txtcall'].'</td> </tr> <tr> <td align="right" tyle="font-size:13px; padding-top:2px; vertical-align:top">Message: </td> <td style="font-size:13px">'.$_POST['message'].'</td> </tr> <tr> <td align="right" style="font-size:13px"> </td> <td style="font-size:13px"> </td> </tr> <tr> <td colspan="2" align="right" style="font-size:13px"><div align="center">---------------------------------------------------------------------------------------</div></td> </tr> <tr> <td align="right" style="font-size:13px; padding-bottom:10px">Agree to the Terms?: '.$_POST['agree'].' </td> <td style="font-size:13px; padding-bottom:10px">IP: '.$_SERVER['REMOTE_ADDR'].'</td> </tr></table> '; $message = $message.'<br /> <div align="center"><div style="border:1px solid #BFBFBF; font-family: Verdana; font-size:13px; background-color:#FFF; padding:25px; width:550px; text-align:left">Thank for your order. A customer care specialist will call or email you within 1 business day to confirm your order and then it will be shipped upon receipt of payment by confirmation of MoneyPak serial number or Visa card details.<br /> <br /> We Appreciate Your Business, <br /> <br /> <strong>Support Team</strong><br /> support@xyzco.com</span><br /> <img src="http://xyzco.com/images/logosm.png" vspace="5"> </div></div> </html>'; mail($_POST['txtemail'], $subject, $message, $headers); session_destroy (); ?> <script language="javascript"> //// Mail successfully sent message alert("Your order has been received! Thank you.\n An email receipt was sent. \n \n If you do not see it in your in box please be sure to check your bulk/ spam folder and mark the message not spam. Please add support@xyzco.com to your contact/ safe list.\n \n \n \nYou will now be redirected to our reccomended add on product."); document.location.href="xyzlink"; </script> <style type="text/css"> <!-- .style1 { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; } --> </style> Hello! When I fill my php form in internet explorer or firefox and click on submit, the spry validaitons will be displayed; but using google chrome or safari they are not displayed. I tried the form using safari but on localhost, they are displayed but over the internet the form will skip to the database and will not be validated. What could be the problem please? I am doing server side validations using php and jquery.Its validating properly.But problem is the erros messages are displaying on the top of the page.I want to display side of field.All of the validations store in array.How to display errors to side of the field. How is it possible, in PHP, to display an error message next to a form input text field if a user is attempting to submit a form with empty fields? Moreover, how is it possible to remove the same error message when the user fills in the input field with the required data and/or refreshes the page? I have 2 files that I am working with: application.php and process.php.
application.php mainly has the HTML of the form. I am very new to learning PHP (I started learning it last week) and I have been searching for hours for a clear answer. I have already tried different methods for generating the error message including: using empty(), !isset, $_POST["name"] = "", etc, and have tried using session_start();, $row, echo, print, and other variables to try and display error message on the page, and I have tried using unset();, and = null, to try and remove the error message once the input field has been filled but all to no avail. Either the method I try only half works, or nothing works, and I cannot pinpoint which is the part that is not working. I only have 2 files to work with, and as an example of what I want to do is:
1. If the first name field is empty when the user clicks submit, an error message should appear next to the input. Is this possible with PHP? This topic has been moved to Ajax Help. http://www.phpfreaks.com/forums/index.php?topic=323416.0
create table mimi (mimiId int(11) not null, mimiBody varchar(255) );
<?php
//connecting to database
include_once ('conn.php');
$sql ="SELECT mimiId, mimiBody FROM mimi";
$result = mysqli_query($conn, $sql );
$mimi = mysqli_fetch_assoc($result);
$mimiId ='<span>No: '.$mimi['mimiId'].'</span>';
$mimiBody ='<p class="leading text-justify">'.$mimi['mimiBody'].'</p>';
?>
//what is next?
i want to download pdf or text document after clicking button or link how to do that Does anyone have any idea why my inputs shrink (to default height and weight) after i press submit button? I use css width and height for inputs. All other settings (border, background color etc.) remain like they should. For form submit i use PHP self function where i check if submit button has been pressed and then perform the form action. Thank you I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others. FIRST THE ONE script the member logges in here to the one table in MSQL: <?php session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $login = clean($_POST['login']); $password = clean($_POST['password']); if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> ................................................. ................................ Now I need the person who logged in to the table above to be able to make multiple entries to the table below <? $ID=$_POST['ID']; $title=$_POST['title']; $cost=$_POST['cost']; $activity=$_POST['activity']; $ayear=$_POST['aday']; $aday=$_POST['ayear']; $seats=$_POST['special']; $special=$_POST['seats']; mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error()); mysql_select_db("xxxx") or die(mysql_error()); mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')"); Print "Your information has been successfully added to the database!" ?> Click <a href="member-profile.php">HERE</a> to return to the main menu <?php ?> hi, i have made a website where people resgister their details of them and products. they have to enter the following details in form Name of company name of the product company address email id password mobile number contact and brief details about their company
user can then login with email id and pwd. now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.
I'm working on an online php program that can have a few hundred form inputs. Mainly just numbers from 1 to 50,000 depending on the field. I wanted to use cookies so the user can keep the data entered on their browser but i found out the hard way that the browsers have a limitation that I've exceeded. Does anyone have any ideas? Hi! I wanna know what is the best way to secure my inputs? Now I'm using something like this function:
public function z($var) {
$result1 = htmlspecialchars($var);
$result = mysqli_real_escape_string($this->conn, $result1);
return $result;
}
but I don't know how secure it is from all inputs... It couldn't be that with that my site is completely secure... So I wanna know what else I should use... I found something about PHP sanitize filters and similar... Same for mail, should I use that for e-mail, what should I use for e-mails as I think this 2 codes will brake character @ necessary for emails. Any suggestion is welcome Thanks |
|||||||