|
PHP - See If Something Submitted (best Practices 2019)
To execute code on successfully submitting text input, is this "bare minimum" code secure enough?
if(!empty($_POST["textfield_input"])) { ...or is it best to make sure all 4 of these are confirmed:
if (
The html portion is simply: I've searched on the net about this several times, and see different answers, and it looks like each PHP expert has their favorite.... but I would rather know the "best practices" answer to this. Thank you!!
Edited November 5, 2019 by StevenOliver Similar TutorialsHi, I am developing a large management/CRM system for my company. I would like to hear your thoughts on what is the best way to organise functions and files. I know of a few ways: 1. having all your PHP at the start of each page which fetches all the data from the DB and then echo it out into the right places in that page, e.g. fetching a list of options then later echoing out the option data into a 'select' tag, creating a dynamic list. 2. Have the majority of the PHP completely seperate from the page in a seperate page, and you INCLUDE that at the start of your html page. 3. Have many seperate PHP files that do different bits for that page, e.g. one php file is for fetching a list of sales contacts, another for fetching enquiries numbers etc and have it all injecting into the correct containers on your page using Jquery and AJAX, which lets you have dynamic updates if you stick them in a setInterval loop. 4. This is the one I most fancy. You have one PHP file that has several 'modes'. Now when you call it in an AJAX statement, you pass a mode variable to it which is the condition for one of the IFs in your PHP files. So if I wanted to fetch an up to date contact list every x seconds, I would also pass a variable like 'FETCH_CONTACTS' i.e.: $.post('record-control.php', {targetCustomer:thidId, mode:'FETCH_CONTACTS'}, function(data){$('#targetDiv').html(data)}) ; Which way would you prefer if it was you? Hi guys, I am using Domdocument for parsing xml, i am concerned about the impact of the performance on using this Domdocument. what are the best practices to reduce the impact performance using Domdocument ? Please share your ideas. Thanks I had general question about security in php. Suppose i have a value submitted from a form called $form that would go to the database. What functions would good to clean it before it goes to the database. Suppose I want to display the $form variable in the browser, what would i use to display to prevent javascript or html injection other than strip_tags. On another note, what security practice should i follow when dealing with sessions? I'm developing a REST API for a website. As far as I know, the rules for RESTfulness are sort of broad. I'm just wondering if there are any good resources with tighter guidelines to developing a good, useable API. What are the common practices etc. Some of the things I'm unclear on a Should it use GET and POST, or just one of them? From what I've read about HTTP, GET is a "safe method" and shouldn't allow data to be changed on the server. Should we use GET to retrieve data off the server, and POST to save data to the server? Or is it common practice to use POST for getting and storing data? Should we utilize the HTTP status codes? Should the HTTP status change when things go wrong? Should it be 400 if something doesn't work properly? Or 404 if the method doesn't exist? If the request is successful, and there's no data to return, should it be 204 No Data or 200 with JSON/XML that shows it was successful? I want to add a search feature to my site so that users can search for videos. Let's say that a user conducts a search and I GET their search query: $squery = isset($_GET['query']) ? $_GET['query'] : '';Now what should I do? What are the best practices to ensure the security of my database and to provide the most relevant results to the user? Here's what I've got so far.
// Make sure a search query was entered.
if($squery == '') {
echo "<p>You didn't enter a search query.</p>";
}
// Strip HTML tags.
$squery = strip_tags($squery);
// Trim white space.
$squery = trim($squery);
// Set minimum query length.
$min_length = 3;
// Make sure query length is more than minimum.
if(strlen($squery) < $min_length) {
echo "<p>The search query you entered is too short. The minimum number of characters is ".$min_length.".</p>";
}
// Connect to MySQL.
// Select database.
// Escape search query.
$squery = mysql_real_escape_string($squery);
// Break query into keywords.
$keywords = explode(' ', $squery);
// Count number of keywords.
$no_of_keywords = count($keywords);
// If just one keyword, then build statement.
if($no_of_keywords == 1) {
$sql = "SELECT whatever
FROM `video_table`
WHERE (col1 LIKE '%.$squery.%' OR col2 LIKE '%.$squery.%')";
}
// If multiple keywords, then build statement.
else {
$sql = "SELECT whatever
FROM `video_table`
WHERE ";
for($i = 0; $i < $no_of_keywords; $i++) {
$sql .= "(col1 LIKE '%.$keywords[$i].%' OR col2 LIKE '%.$keywords[$i].%')";
if($i < $no_of_keywords) {
$sql .= " OR ";
}
}
}
// Run mysql query.
$raw_results = mysql_query($sql, $con);
// Put results into an array for later use.
$results = mysql_fetch_array($raw_results);
Can this code's security be improved?
How can it be altered to provide more relevant results?
Should I omit words such as "to" and "the" from the query? If so, how do I do it?
Should I remove punctuation?
As always, I appreciate your help. You guys have taught me LOADS!
Edited by Fluoresce, 06 November 2014 - 05:21 PM. Scenario: My page generates several PHP variables. Some of those variables get posted to another page. Question: If a variable is to be assigned to a Session, is there any reason to assign this value to a regular PHP variable? Example: When an API generates a "shipping label tracking number, which is better, "A" or "B" or subtle variation "C":
A.) ... and then use $_SESSION["trackingNumber"] throughout the rest of my script (like this: echo "Hello, here's your tracking number: ".$_SESSION["trackingNumber"]).
B.) ... and then use "$trackingNumber" throughout the rest of my script (like this: echo "Hello, here's your tracking number: ".$trackingNumber).
C.) ... and then use "$trackingNumber" throughout the rest of my script (like this: echo "Hello, here's your tracking number: ".$trackingNumber). Thank you! I've always wondered about this. Which is best?
This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=351660.0 Hello all. I'm looking to build a website in php that will be large in scope and I'm looking for some direction as to how to go about coding it. What I'm referring to exactly is the programming model. I'm new to the language, but not to programming, and I've read up on it and familiarized myself with the syntax over the past few days. Normally when I go about building a project I like to plan ahead how I'm going to build It so I don't run into tedious issues later on and this is what I need help with.
My concerns:
I am looking to use the alternative syntax for control structures as to make the php code inside my html readable and easier to manage but in terms of OOP when is it best for me to use classes vs functions?
I am leaning towards using both classes and functions. Classes to handle polling data, sanitizing it and storing it while the functions will be used , with the alternative syntax, to display the data.
How should I go about properly setting my project assuming I will have many concurrent users using the website at once?
Is using xml / INI files as a directory to look up information a good practice? Is it better to declare constant variables instead?
When working with multiple includes is there an easier way to include a file than having to explicity write "dirname( dirname(__FILE__) )" everytime?
I'm essentially looking for guidance / tips as to good programming practices with this language Advanced practices are welcomed as well.
Development Tools:
XAMPP ( Windows 7 Pro )
PHPStorm
Current directory structure plan:
Here is what I currently have:
The API class is a collection of functions that returns an object to be used at a later data.
<?php
/*
* Development API Key
* @since 1.0
*
* Rate Limit(s):
* 10 request(s) every 10 second(s)
* 500 request(s) every 10 minute(s)
*/
define( "__API_KEY__" , "---------------------------------" );
require_once dirname( dirname(__FILE__) ) . "\\settings.php";
class API
{
// If successfull it returns an object from the url that's passed to this function.
private function api_call($url)
{
$result = null; // end result
// Create a new curl handle.
$ch = curl_init();
curl_setopt($ch , CURLOPT_URL, "https://" . $url . "?api_key=" . __RIOT_API_KEY__); // set the URL
curl_setopt($ch , CURLOPT_RETURNTRANSFER , true ); // return the transfer as a string of the return value
curl_setopt($ch , CURLOPT_SSL_VERIFYPEER , false ); // turn off ssl certificate verification
// Execute the api call
$response = curl_exec($ch);
// Get info to analyze the result
$ci = curl_getinfo($ch);
$httpcode = $ci["http_code"];
// If a curl error occured
if(curl_errno($ch) || ($httpcode != "200"))
{
$die = "Curl Error Code: " . $httpcode . "<br/>";
$die .= "Curl Error Message: " . curl_errno($ch) . "<br/>";
$die .= "Curl URL: " . $ci["url"] . "<br/>";
die($die);
} else {
// Check if the api call we made was valid
$response = json_decode($response, true);
// If our response is an array check if it's an error response
if(is_array($response))
{
$error_key = "status";
if(array_key_exists($error_key, $response))
{
$er = $response[$error_key];
$die = "API Error Message: " . $er["message"] . "<br/>";
$die .= "API Error Code: " . $er["status_code"] . "<br/>";
die($die);
}
}
// Our response is a valid object
$result = $response;
}
private function sanitize_url($url)
{
// removes all whitespaces
return trim(preg_replace( '/\s+/','',$url));
}
private function regional_endpoints()
{
static $regionini;
if(is_null($regionini))
$regionini = parse_ini_file(INI_REGIONAL_ENDPOINTS, true);
return $regionini;
}
private function region_host($shortcode)
{
/*
* regionalendpoints.ini
* @since 1.0
*
* [SHORTCODE]
* Description=<region_description>
* Host=<host_url>
*/
return $this->regional_endpoints()[strtoupper($shortcode)]["Host"];
}
public function region_description($shortcode)
{
/*
* regionalendpoints.ini
* @since 1.0
*
* [SHORTCODE]
* Description=<region_description>
* Host=<host_url>
*/
return $this->regional_endpoints()[strtoupper($shortcode)]["Description"];
}
public function api_object_by_name($name, $region)
{
/*
* @Description: Get summoner objects mapped by standardized summoner name for a given list of summoner names.
*
*
* @Returns: Map[string, SummonerDto]
*
* Object
* ------------------------------------------------------------------------------------------------------
* Name Data Type Description
* ------------------------------------------------------------------------------------------------------
* id long ID.
* name string Name.
* profileIconId int ID of the summoner icon associated with the summoner.
* revisionDate long Date summoner was last modified specified as epoch milliseconds.
* Level long Level associated with the summoner.
*/
$api_url = "%s/api/col/%s/v1.4/obj/by-name/%s";
return $this->api_call(sprintf($api_url,
$this->region_host($region),
strtolower($region),
$this->sanitize_url($name)));
}
}
Class that acts as the middle man between the api and the front end. Currently how it is set up it handles an internal queue.
<?php
include dirname(__FILE__) . "\\class-riotapi.php";
define( "SUMMONER_NAME" , 0 );
define( "SUMMONER_ID" , 1 );
class Summoner
{
private $riotapi = null;
private $summoner = null;
private $arr_summoners = null;
private $region = null;
public function __construct()
{
// Create our riot api object
$this->riotapi = new RiotAPI();
}
public function summoner_exists($summoners, $region, $type = SUMMONER_NAME)
{
static $eoa; // end of array
// If our array of summoners is empty or we have reached the end of the array.
if( empty($this->arr_summoners) || $eoa )
{
// Get an array of summoner information from the riot api based on the type of information
// supplied.
switch($type)
{
case SUMMONER_NAME :
$this->arr_summoners = $this->riotapi->api_summoner_by_name($summoners, $this->region = $region);
break;
case SUMMONER_ID :
$this->arr_summoners = $this->riotapi->api_summoner_by_id($summoners, $this->region = $region);
break;
}
// If our array of summoners isn't empty.
if( !empty($this->arr_summoners) )
{
// Set our current summoner the first element in the array.
$this->summoner = reset($this->arr_summoners);
} else {
// We failed to acquire any summoner information so return false.
return false;
}
$eoa = false;
} else {
// If we have not reached the end of the summoners array set our current
// summoner to the next element.
$next = next($this->arr_summoners);
// Have we reached the end of the array?
if( $next ) {
// No. Set our current summoner to the next element.
$this->summoner = $next;
} else {
// Yes. Set our end of array variable to true.
$eoa = true;
// End the loop
return false;
}
}
return true;
}
public function summoner_id()
{
return $this->summoner["id"];
}
public function summoner_name()
{
return $this->summoner["name"];
}
public function summoner_profile_icon_id()
{
return $this->summoner["profileIconId"];
}
public function summoner_last_updated()
{
return $this->summoner["revisionDate"];
}
public function summoner_level()
{
return $this->summoner["summonerLevel"];
}
public function summoner_mastery_pages()
{
return $this->riotapi->api_summoner_masteries($this->summoner_id(),
$this->region)[$this->summoner_id()]["pages"];
}
}
Functions.php file that is a collection of functions that echo out information.
<?php
require_once "settings.php";
include DIR_INCLUDE . "class-summoner.php";
function summoner_exists($summoners, $region = "NA", $type = SUMMONER_NAME)
{
global $cs;
if(!isset($cs)){
$cs = new Summoner();
}
return $cs->summoner_exists($summoners, $region, $type);
}
function summoner_name()
{
global $cs;
if(isset($cs)){
echo $cs->summoner_name();
}
}
?>
index.php - Example of how I'm currently using the functions.php file.
<?php include "functions.php"; ?>
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<?php while(summoner_exists("cyllo")) : ?>
<div>Summoner Name: <?php summoner_name(); ?></div>
<div>Summoner ID: <?php summoner_id(); ?></div>
<div>Summoner Profile icon ID: <?php summoner_profile_icon_id(); ?></div>
<div>Last Updated: <?php summoner_last_updated(); ?></div>
<div>Summoner Level: <?php summoner_level(); ?></div>
<div>
<?php mastery_pages(); ?>
</div>
<?php endwhile; ?>
</body>
</html>
Hello, Basically, What I'm looking for would be for a method of blocking certain email addresses from being submitted in a form, I need it to block certain emails that are on the list. I think the best way to describe it would be a form submission blacklist that is checked before it gets submitted. Many thanks Up until now, I have been writing Forms that submit back to themselves. Now I want to break up my code. I usually have this PHP at the top of my forms... Code: [Select] <?php // ******************************************** // HANDLE FORM. * // ******************************************** if ($_SERVER['REQUEST_METHOD']=='POST'){ // Form was Submitted (Post). If I change my Form Action to point to another script, will this code work in that new script?? (In other words, will Script_B be able to detect $_SERVER['REQUEST_METHOD']=='POST' ??) Thanks, Debbie I now know how to append GET over normal hyperlinks, but I don't know how to do it with form submissions. Here's the problem: I have a form like this one: <form method="GET" action=""> <?php require_once ('sort_category_func.php'); $switch = 1; sort_category ($switch); ?> + Most Liked <input type='checkbox' value='mostLiked' name='mostLiked' /> <br /> <input type="submit" name="sortSubmit" value='Go' /> <br /><br /> </form> And the variables: // DROP DOWN MENU VARIABLES $select_category = $_REQUEST['sort_category']; $most_liked = $_GET['mostLiked']; I'm using a while loop to list user submission, you can also sort them by category which works over GET, this works as long as there is no GET data already in the URL, but as soon as there is GET data it won't work anymore. Here's an example: If I have a user profile page opened like this: profile.php?user=konopkov And a category has been chosen to sort the user's submissions the URL will change to: profile.php?sort_category=Logos INSTEAD it should be: profile.php?user=konopkov&sort_category=Logos As I said I know how to achieve this with hyperlinks now, but I have no clue how do it with form submissions. Any suggestions? Thanks. I'd like to edit specific parts of a submitted text what is the best way to do this? For example I get the following text: [name country] is very cold this time of year. Because I like the cold I would love to live there [end of line 2] whole lot more text here until [name country] if this text here exists, blabla [but Germany] is blabla [end of line] in some cases some more text here [summary] bla bla The text in the brackets are words that I already know before it has been submitted. Getting the words out has been part of my previous script, using preg_match and put them in variables. I want to put the first portion of the text in a row, if 2nd, 3rd and 4th portion exist, put them in a row too. Any ideas? [edited] I prefer to have these portions cut out and put in a variable. So I end up having a few variables and can later echo that out in rows Edited by dde, 18 January 2015 - 04:01 AM. Hi there, I have a newsletter sign up form which just puts the data (id and email) into a mysql table. To stop people hacking the site, is there a way to make sure the only thing being submitted in the input is an email address? Here's my current form and submit php: Code: [Select] <?php $mailer = $_GET['mailer']; if ($mailer == 'added') { $email=$_POST['email']; if($email == '') { echo '<div class="daily_not_submitted"><span style="padding-right:6px;"><img src="https://store.huhmagazine.co.uk/images/cross.jpg"></span>Please fill in all the fields.</div>'; }else { $sql="INSERT INTO `dailymailer` (`email`) VALUES ('$email');"; $result=mysql_query($sql) or die(mysql_error()); if($result){ echo "<div class='daily_submitted'><span style='padding-right:6px;'><img src='http://www.huhmagazine.co.uk/images/uploaded/checkboxtick.jpg'></span>Thank you.</div>"; } else { echo "Error\n"; } } } ?> <div id="sidebarnewsletter"> <form name="mailinglist" method="post" action="?mailer=added"> <input type="text" name="email" class="sidebarnewsletter" placeholder="Enter Your Email Address" /> <input type="submit" class="sidebarnewsletter_button" value="Sign Up"> </form> <div class="clear"></div> </div> I've got a BIG problem... When a user submits my form it works fine, displays a "Transaction Success/Failed", and e-mails me a confirmation. However, if the user then navigates to another page (e.g. "Home"), and then clicks their browser's "Back" button, my form gets re-submitted?! This is on a VPS, but I just chatted with server support and they are saying, Quote register_globals = Off So what is going wrong?! Debbie I am trying to filter characters that get submitted into forms and than database. I have been paying with trim function $string = $_POST[name]; $newstring = trim($string,"W"); echo "$newstring"; but it does not seem to do what I really need. If I enter name World I do get "orld" back, but what if I want to filter out W (or w) and L (or l) to get "ord". I am mainly going after removing ' " ; : . > , < - _ ( ) * & ^ % $ # @ ! \ | / ? I know there is a different way to do it, but it has been long tome since I have seen it, and I do not know where. Thanks for your help hey guys im having trouble showing the news by the date it was submitted, I want to also seperate it into 3 seperate parts, first section will have the Main news which is only 1 row, it will have the value 1 in the column named type (is this news main or recent). The date on it doesn't matter because i want to show it even tho there might be news that is ahead of it. The next section will have 3 rows of recent news parts. I want to show the 3 most recent news that there are in the database with the value 2 in the column named type. I want it to show the recent news by the date submitted. Okay the last part will have the old news. There I want to show 3 rows of news that is after the 3 rows of news in recent news. That value will be 2 in the column named type. Here is my current code. <?php session_start(); if(isset($_SESSION['username'])) { mysql_connect("localhost","root",""); mysql_select_db("chat"); $result = mysql_query("SELECT * FROM `news` WHERE `type`='1' ORDER BY `news`.`newsid` DESC LIMIT 1"); $query = mysql_query("SELECT * FROM news WHERE `type`='1' "); //$ifadmin_result = mysql_query("SELECT * FROM users WHERE `username`='$loggedin' "); if(mysql_num_rows($query)!=0) { $loggedin = $_SESSION['username']; $myrow = mysql_fetch_array($result); echo "<b>Title: "; echo $myrow['title']; echo "</b><br>On: <i>"; echo $myrow['dtime']; echo "</i><hr align=left width=160>"; echo $myrow['text1']; //check if admin $ifadmin_result = mysql_query("SELECT * FROM users WHERE `username`='$loggedin'"); $ifadmin = mysql_fetch_array($ifadmin_result); if ($ifadmin['admin'] == 1) { echo "<br><a href=\"read_more.php?newsid=$myrow[newsid]\">Read More...</a> || <a href=\"edit_news.php?newsid=$myrow[newsid]\">Edit</a> || <a href=\"delete_news.php?newsid=$myrow[newsid]\">Delete</a><BR><BR>"; } else { echo "<br><a href=\"read_more.php?newsid=$myrow[newsid]\">Read More...</a><BR>"; } //check if admin echo "<hr align=left width=500>"; } else { echo "no rows<br>"; } $iCount=0; $var=false; //RECENT $result = mysql_query("SELECT * FROM `news` WHERE `type`='2' ORDER BY `news`.`newsid` DESC LIMIT 6"); //lets make a loop and get all news from the database while($myrow = mysql_fetch_array($result)) {//begin of loop //now print the results: $iCount = $iCount+1; if($iCount >= 4) { if($var == false) { $var=true; echo "<hr align=left width=500>"; echo '<div> More News</div'; } //Generate your refcent news here echo the title etc.ma echo "<div><b>Title: "; echo $myrow['title']; echo "</b> <i>On:" . $myrow['dtime'] . '</i></div>'; echo "<a href=\"read_more.php?newsid=$myrow[newsid]\">Read More...</a>"; } else { echo "<b>Title: "; echo $myrow['title']; echo "</b><br>On: <i>"; echo $myrow['dtime']; echo "</i><br>"; //echo "<hr align=left width=160>"; echo $myrow['text1']; // Now print the options to (Read,Edit & Delete the news) $ifadmin_result = mysql_query("SELECT * FROM users WHERE `username`='$loggedin'"); $ifadmin = mysql_fetch_array($ifadmin_result); if ($ifadmin['admin'] == 1) { echo "<br><a href=\"read_more.php?newsid=$myrow[newsid]\">Read More...</a> || <a href=\"edit_news.php?newsid=$myrow[newsid]\">Edit</a> || <a href=\"delete_news.php?newsid=$myrow[newsid]\">Delete</a><BR><hr align=\"left\" width=\"160\">"; } else { echo "<br><a href=\"read_more.php?newsid=$myrow[newsid]\">Read More...</a><hr align=\"left\" width=\"160\">"; } /* echo "<br><a href=\"read_more.php?newsid=$myrow[newsid]\">Read More...</a> || <a href=\"edit_news.php?newsid=$myrow[newsid]\">Edit</a> || <a href=\"delete_news.php?newsid=$myrow[newsid]\">Delete</a><br><hr align=\"left\" width=\"160\">"; */ } }//end of loop } else { mysql_connect("localhost","root",""); mysql_select_db("chat"); $result = mysql_query("SELECT * FROM `news` WHERE `type`='1' ORDER BY `news`.`newsid` DESC LIMIT 1"); $query = mysql_query("SELECT * FROM news WHERE `type`='1' "); if(mysql_num_rows($query)!=0) { $myrow = mysql_fetch_array($result); echo "<b>Title: "; echo $myrow['title']; echo "</b><br>On: <i>"; echo $myrow['dtime']; echo "</i><hr align=left width=160>"; echo $myrow['text1']; echo "<br><a href=\"read_more.php?newsid=$myrow[newsid]\">Read More...</a><BR>"; echo "<hr align=left width=500>"; } else { echo "no rows<br>"; } $iCount=0; $var=false; //RECENT $result = mysql_query("SELECT * FROM `news` WHERE `type`='2' ORDER BY `news`.`newsid` DESC LIMIT 6"); //lets make a loop and get all news from the database while($myrow = mysql_fetch_array($result)) { //begin of loop //now print the results: $iCount = $iCount+1; if($iCount >= 4) { if($var == false) { $var=true; echo "<hr align=left width=500>"; echo '<div> More News</div'; } //Generate your refcent news here echo the title etc.ma echo "<div><b>Title: "; echo $myrow['title']; echo "</b> <i>On:" . $myrow['dtime'] . '</i></div>'; echo "<a href=\"read_more.php?newsid=$myrow[newsid]\">Read More...</a>"; } else { echo "<b>Title: "; echo $myrow['title']; echo "</b><br>On: <i>"; echo $myrow['dtime']; echo "</i><br>"; //echo "<hr align=left width=160>"; echo $myrow['text1']; // Now print the options to (Read,Edit & Delete the news) echo "<br><a href=\"read_more.php?newsid=$myrow[newsid]\">Read More...</a><hr align=left width=160>"; } }//end of loop } ?> <br> <hr align=left width=500> <!-- <hr align=left width=500> <br><br> <a href=index.php>Home</a> <a href=add_news.php>Add News</a> --> Here is how my database table looks like Dont mind the number of rows it is, I want it to show the first I guess 7 rows of news that is dated to the earliest time from present. There soon will be hundreds of rows. Here is how I made it fill in the row with the most recent time it was posted. NOW() in $result = mysql_query("INSERT INTO news (title, dtime, text1, text2, type) VALUES ('$title',NOW(),'$text1','$text2','$type')"); Basically I want it to show the most recent rows based on the time they were posted. Also, incase you need more information please post and il give me information. Hello everyone, I'm having a difficult time figuring out what my problem is here. I'm trying to submit a couple of strings (to the user they are messages to be sent to other users) and I am having trouble with the string being cut off at quotation marks. Here is the code that I'm using: Code: [Select] <?php if (isset($_POST['submit'])) { $staffmessage = $_POST['staffmessage']; $studentmessage = $_POST['studentmessage']; echo "$staffmessage<br /> <br />$studentmessage"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <?php $message1="This is a test message. It does not get cut off here when the \"quotation marks\" are added."; $message2="This is a test message. It DOES get cut off here when the \"quotation marks\" are added."; ?> <form name="form" method="post" action="test.php"> <textarea class="textarea" name="staffmessage" rows="12"> <?php echo $message1; ?> </textarea></p> <input name="studentmessage" type="hidden" value="<?php echo $message2; ?>" /> <input class="submit2" type="submit" name="submit" value="Send Message" /> </form> </body> </html> The result that I'm getting is that when $staffmessage is echoed, I get the full message. When $studentmessage is echoed, the message gets cut off at the first quotation mark. The only thing that is different when creating these two variables is that $staffmessage is submitted using a "textarea" field in the form, and $studentmessage is submitted using a "hidden" field in the form. Other than that, they are handled the exact same way. Can anyone please help me figure out how to remedy this so that $studentmessage is not cut off at the quotation mark? Thanks in advance for your help! Hi: I am using this code for my contact us feedback form: Code: [Select] <?php $error = NULL; $myDate = NULL; $FullName = NULL; $Address = NULL; $City = NULL; $State = NULL; $Zip = NULL; $Phone = NULL; $Email = NULL; $Website = NULL; $Comments = NULL; if(isset($_POST['submit'])) { $myDate = $_POST['myDate']; $FullName = $_POST['FullName']; $Address = $_POST['Address']; $City = $_POST['City']; $State = $_POST['State']; $Zip = $_POST['Zip']; $Phone = $_POST['Phone']; $Email = $_POST['Email']; $Website = $_POST['Website']; $Comments = $_POST['Comments']; if(empty($FullName)) { $error .= '-- Enter your Full Name. <br />'; } if(empty($Email)) { $error .= '-- Enter your Email. <br />'; } if($error == NULL) { $sql = sprintf("INSERT INTO myContactData(myDate,FullName,Address,City,State,Zip,Phone,Email,Website,Comments) VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", mysql_real_escape_string($myDate), mysql_real_escape_string($FullName), mysql_real_escape_string($Address), mysql_real_escape_string($City), mysql_real_escape_string($State), mysql_real_escape_string($Zip), mysql_real_escape_string($Phone), mysql_real_escape_string($Email), mysql_real_escape_string($Website), mysql_real_escape_string($Comments)); if(mysql_query($sql)) { $error .= 'Thank you for contacting us.'; mail( "d@direct.com", "Contact Request", "Date Sent: $myDate\n Full Name: $FullName\n Address: $Address\n City: $City\n State: $State\n Zip: $Zip\n Phone: $Phone\n Email: $Email\n Website: $Website\n Comments: $Comments\n", "From: $Email" ); } else { $error .= 'There was an error in our Database, please Try again!'; } } } echo '<span class="textError">' . $error . '</span>'; ?> <form name="myform" action="" method="post"> <input type="hidden" name="myDate" size="45" maxlength="50" value="<?php echo date("F j, Y"); ?>" /> <div id="tableFormDiv"> <fieldset><span class="floatLeftFormWidth"><span class="textErrorItalic">* - Required</span></span> <span class="floatFormLeft"> </span></fieldset> <fieldset><span class="floatLeftFormWidth"><span class="textErrorItalic">*</span> Full Name:</span> <span class="floatFormLeft"><input type="text" name="FullName" size="45" maxlength="50" value="<?php echo $FullName; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">Address:</span> <span class="floatFormLeft"><input type="text" name="Address" size="45" maxlength="50" value="<?php echo $Address; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">City:</span> <span class="floatFormLeft"><input type="text" name="City" size="45" maxlength="50" value="<?php echo $City; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">State:</span> <span class="floatFormLeft"><input type="text" name="State" size="45" maxlength="50" value="<?php echo $State; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">Zip:</span> <span class="floatFormLeft"><input type="text" name="Zip" size="45" maxlength="50" value="<?php echo $Zip; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">Phone:</span> <span class="floatFormLeft"><input type="text" name="Phone" size="45" maxlength="50" value="<?php echo $Phone; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth"><span class="textErrorItalic">*</span> Email:</span> <span class="floatFormLeft"><input type="text" name="Email" size="45" maxlength="50" value="<?php echo $Email; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">Website:</span> <span class="floatFormLeft"><input type="text" name="Website" size="45" maxlength="50" value="<?php echo $Website; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">Comments:</span> <span class="floatFormLeft"><textarea name="Comments" cols="40" rows="10"><?php echo $Comments; ?></textarea></span></fieldset> </div> <input type="submit" name="submit" value="Submit" class="submitButton" /><br /> </form> I the only thing I can't figure out is, how do I clear the form fields AFTER the form has been submitted and the message "Thank you for contacting us." appears ?? I haven't been able to figure it out with JavaScript/PHP, so I posted my original code in hopes that someone will have an idea. Anyone? Thanks! I have been using an inventory application built on PHP/MySQL. Since this morning I could submit the data and they were perfectly reflected on the MySQL Table. However, for a few hours I cannot save the submitted data to the table and it doesn't show any error message. Please note no change have been made since it was successfully running. The developer of this application is not available right now.
PLEASR HELP I AM A NOVICE IN PHP/MYSQL.
|
|||||||