|
PHP - Need Some Input On How To Do This
i'm not sure how to ask this question on google, so i'm going to ask for your help.
here's the code that i have the question about <form action='findMovie.php' method='post'> <table> <?php $result = mysql_query ("SELECT genre FROM genres ORDER BY genre"); while ($row = mysql_fetch_array($result)) { $genre = $row['genre']; echo "<tr><td>" .$genre ."</td><td><input type='hidden' name='" .$genre ."' value='" .$genre ."'><input type='submit' name='listMovies'></td></tr>"; } ?> </table> </form> so i have this form that creates a list of submits from a table that i have created. the form works perfectly fine (i realize the design is not that great... i'm just going for functionality now) what i need is to turn the value of the hidden field (which is dynamically created by a variable) into a variable in the handler so that I can search my movie table and get the movies by genre. does this make sense? and any help is greatly appreciated. i'm not a great programmer, but i do it in my spare time as a hobby. so go easy on my coding, it works and that's the most i'm concerned with at the moment. thanks ahead of time Similar TutorialsI am writing a script that will parse my PHP classes and check for things like coupling, visualize my objects and connections, dependencies, check for convention usage, etc.
So, I have a simple file upload. I'm never saving the files, just get contents and dump the file and work with the string version.
I'm writing it for me, but I figure I might want to open it for others to use in the future, so I may as well write it that way to begin with -- so I need to validate user input. Problem is, the user input is supposed to be valid PHP code. I'm thinking that, as long as I'm careful, I shouldn't be executing any code contained in strings, but I'm no security expert and I want a warm fuzzy that my thought on this is correct. What kinds of things do I need to look out for? Is it possible to inject when working with strings?
My initial thought is to regex the entire file and replace key portions with known replacements. So ( and ) would become !* and !^ or $ would become @~ (combinations that -- I think -- don't make sense to php?) But that may be completely unnecessary processing time if I'm not in any danger, here. Thanks ahead of time for any help.
PS - as a side question -- what's the best way to verify a file is a php file? I know of getimagesize for images, but should I just check for <? to verify it's php? That seems like it would be too easy to fool -- then again, it might not matter much.
-Adam
I hope I can explain what is happening. I have created two forms in PHP. The first 'almost' works, i.e. it shows the data. But I have two problems - 1) the second pulldown menu is always empty and 2) $value from the first pulldown menu ALWAYS equals the last entry thus the last 'if' in the function subdomains ($domains) is always called (but still empty). The code may explain this better than me:
<!DOCTYPE html>
<html>
<body>
<!-- processDomains.php is this file - it calls itself (for testing purposes so I can see what is happening) -->
<form action="processDomains.php" method="post">
<?php
// create the domains array (there are actually several entries in the array but I cut it down for testing)
$domains = array (1 => 'Decommission', 'Migration');
echo "Select Domain:";
echo "<br>";
// Make the domain pull-down menu - this displays correctly
echo '<select name="domain">';
foreach ($domains as $key => $value) {
echo "<option value=\"$key\">$value</option>\n";
}
echo '</select>';
// input doesn't matter what is 'submitted', always goes to last $value
echo '<input type="submit" name="submit" value="Submit">';
// call function subdomains
subdomains ($value);
function subdomains ($domains) {
// define values for each array - each array contains available choices for the subdomain pulldown menu
$migration = array (1 => 'Application Migration', 'Application Patch', 'Application Upgrade');
$decommission = array (1 => 'Applications', 'Servers', 'Storage');
if ($domains === 'Migration') {
echo "Select subdomain:";
echo "<br>";
// Make the Migration pull-down menu
echo '<select name="migration">';
foreach ($migration as $key => $value) {
echo "<option value=\"$key\">$value</option>\n";
}
echo '</select>';
} else if ($domains === 'Decommission') {
/* ===
* since 'Decommission' is the last entry in the 'Domains' pulldown list, $value ALWAYS equals
* 'Decommission' and $domains equals $value. So this menu SHOULD work but is always
* empty. Thus, two problems - the pulldown menu is always empty and $value isn't based
* upon user input.
*/
echo "Select subdomain:"; // this prints so I know I'm in 'Decommission (I eliminated the echo "$domain" to show I'm always coming here)'
echo "<br>";
// Make the 'Decommission' pull-down menu
echo '<select name="decommission">';
foreach ($decommission as $key => $value) {
echo "<option value=\"$key\">$value</option>\n";
}
echo '</select>';
echo '<input type="submit" name="submit" value="Submit">'
) // end of 'if-else'
} // end of function 'subdomain'
?>
</form>
</body>
</html>
Let me say thank you in advance and I appreciate the help! I know I'm doing something (or more than one thing) wrong and I hope someone can tell me what it is.
Best Regards!
Edited by mac_gyver, 19 January 2015 - 09:37 PM. code tags around posted code please I have a calendar select date function for my form that returns the date in the calendar format for USA: 02/16/2012. I need to have this appear as is for the form and in the db for the 'record_date' column, but I need to format this date in mysql DATE format (2012-02-16) and submit it at the same time with another column name 'new_date' in the database in a hidden input field. Is there a way to do this possibly with a temporary table or something? Any ideas would be welcome. Doug Hi people, I really hope you guys can help me out today. I'm just a newbe at php and i'm having real trouble. Bassically all I want to do is have a user type in a company name in a html form. If what the user types in the form matches the company name in my php script i want the user to be sent to another page on my site. If what the user types in the form doesnt match the company name in my php script i want the user to be sent to a differnt page like an error page for example. this is my html form: Code: [Select] <form id="form1" name="form1" method="post" action="form_test.php"> <p>company name: <input type="text" name="company_name" id="company_name" /> </p> <p> <input type="submit" name="button" id="button" value="Submit" /> </p> </form> And this is the php code I'm trying to process the information on: Code: [Select] <?php $comp_name = abc; if(isset ($_POST["company_name"])){ if($_POST["company_name"] == $comp_name){ header("Location: http://www.hotmail.com"); exit(); } else{ header("Location: http://www.yahoo.com"); exit(); } } ?> The thing is i'm getting this error when i test it: Warning: Cannot modify header information - headers already sent by (output started at D:\Sites\killerphp.com\form_test.php:10) in D:\Sites\killerphp.com\form_test.php on line 17 Please can some one help me out, i'm sure this is just basic stuff but i just cant get it to work Cheers. Hi, everyone. I need help with a PHP project on which I'm currently working. I need to create a form which does the following: 1) When you insert a negative number, it echoes: "Please insert a positive number." 2) When you insert a number greater than 1000, it echoes: "Please insert a number less than 1000." 3) When you insert anything else that's not a number (ie: a letter), it echoes: "Please insert a valid number." 4) If it doesn't do any of the above, it'll take the number that you entered and loop "Hello World" as many times as that number. The code that I have so far looks something like below. (I had to type it from the top of my head.) <?php <form action="hwpositive.php" method="post"> Enter number: <input type="text" name="number" /> </form> $input = $_POST["number"]; if ($input<0) { echo "Please insert a positive number."; } else if ($input>1000) { echo "Please insert a number less than 1000."; } else if ($input!=is_numeric) { echo "Please insert a valid number."; } else { for {$i; $i<=$_POST["number"]; $i++;} } ?> I can get this code to do the first three tasks listed above, but not the last. I'm a high school Programming 12 student, and this is my first year of learning PHP coding. Please help me out. Would it be better to use the case-switch option? I'm not too familiar on how to use it. Thank you in advance! I appreciate your help greatly. I would like to sanitize input from users so when it's pulled out of the database and stuck into the page, they can't add malicous code to my page. I have heard of striptags but wonder if there is anything better. thanks So basically I have a site, and on that site, I have a page that submits a form and updates a database. I have it set up so that someone can enter in Multiple values into a textarea, one on each line, and it will submit each of those values as a new row in the database, but for the life of me, I cannot figure out how to check those values against the actual users. It is basically a point system, where the staff can award points users of the site. But at the moment, a Staff member could enter in Jibberish, and it would insert that into the database, but I want it to check my users table to make sure the user exists before it inserts it into the database. here is my code: <?php include 'global.php'; echo $headersidebar; if ($_COOKIE['access'] == $accessstaff) { if(count($_POST)) { $array = preg_split('/(\r?\n)+/', $_POST['studentname']); foreach($array as $students) { $statusmsg = '<center><span style="background: #A6FF9E;">You have successfully submitted points to the database.</span></center>'; mysql_query("INSERT INTO points (giver, receiver, points, category, reason, date, status) VALUES ('{$_COOKIE['username']}', '{$students}', '{$_POST['pointamt']}', '{$_POST['pointcat']}', '{$_POST['pointreason']}', '{$date}', 'Validating')"); } } $addpointspage = $statusmsg . ' <form action="submit_points.php" method="post"> <table class="table" > <tr> <td colspan="10"> <h1><strong><center>Submit Points</center></strong></h1> </td> </tr> <tr> <td colspan="10" rowspan="100"> <center>Please remember to follow the house point limits when submitting house points.</center> </td> </tr> </table> <table class="table"> <tr> <td style="width: 15%;" valign="top"> Student Name:<br> <span style="font-size: 60%;">(List as many as you want; One per Line)</span> </td> <td colspan="10"> <center><textarea name="studentname" cols="60" rows="10"></textarea></center> </td> </tr> <tr> <td style="width: 15%;" valign="top"> Amount of Points: </td> <td> <input style="position: relative; left: 16px;" type="text" size="15" name="pointamt" /> </td> <td> Do not put anything that is not a number into this box. </td> </tr> <tr> <td style="width: 15%;" valign="top"> Point Category: </td> <td colspan="10"> <select name="pointcat" style="position: relative; left: 16px;"> <option SELECTED value="">-------</option> <option>Class Work</option> <option>Class Exam</option> <option>Extra Work</option> <option>Contests</option> <option>Teacher\'s Assistant</option> <option>Negative Points</option> </select> </td> </tr> <tr> <td style="width: 15%;" valign="top"> Reason: </td> <td colspan="10"> <input style="position: relative; left: 16px;" name="pointreason" type="text" size="80" /> </td> </tr> <tr> <td> </td> <td colspan="10"> <input style="position: relative; left: 16px;" type="submit" value="Submit Points" /> </td> </tr> </table </form> '; } elseif (1==1) { $addpointspage = $accessdenied; } echo ' <!-- start content --> <div id="content"> <div class="post"> <div class="entry"> <p><strong>' . $addpointspage . '</p> <p class="links">' . $addpointslink . '</p> </div> </div> </div> <!-- end content --> <div style="clear: both;"> </div> </div> <!-- end page --> </div>'; echo $footer; ?> I am fairly new to PHP, so I would appreciate any help someone could give me; I am not too good with arrays and such, so this one has got me stumped. need to add Code: [Select] $ibforums->input['[u'] != "") something like that i need to add $_GET['']; but it's not working when i use &= do ineed to use html entities? Good day, I have 2 questions about that. Here is the context. I have a list of items that i query from a database and insert in a table. The last field of the table is a input box to typpe in the quantity ("qty"). My first question, how can I associate the inputbox to product_id from the database for that item. Code: [Select] //database connecting is working <? while($row = mysql_fetch_array($result)) { echo "<tr><td>" . $row['product_code'] . "</td><td>" . $row['product_name'] . "</td><td><input type='text' maxlength = '3' value='0'></td></tr>"; } And my second question (any tutorial reference) about how to select only the items that the qty is not = 0 and pass it to another page either by sessions or other means. Thank you Hey guys! I'm pretty new to php and starting work on a project, the first part I'm working on is a html page with text fields like this: Quote URL: Dropdown box: Submit when the submit happens I want it to post to a php page, parse whatever is inside a set of <h2> tags and print it to to the php page, also the user selects four options from the dropdown box and I need to print the string contained in the selection to the next page as well, As I said I'm pretty new but here's what i threw together so far based on references I found, but it doesn't work correctly: parse.html: Code: [Select] <html> <body> <form action="parse.php" method="post"> URL: <input type="text" name="turl" /> <br> Option: <select name="selectskill"> <option value="1">Low</option> <option value="2">Mid</option> <option value="3">High</option> <option value="4">Known</option> </select> <br> <br> <input type="submit" /> </form> </body> </html> parse.php: Code: [Select] <html> <head></head> <body> <?php $lol = $_POST["turl"]; $str = file_get_contents($lol); $DOM = new DOMDocument; $DOM->loadHTML($str); // Grab text inside the heading 2 tags $items = $DOM->getElementsByTagName('h2'); echo "option: " . $lol; // Display the content inside the second set of H2 tags echo $items->item(1)->nodeValue . "<br/>"; ?> </body> </head> </html> Thanks for all the help in advance! Hi, I'm inserting data into database. which is going fine. but i want to make sure how to insert secure data into database to avoid sql injection. what function should i use to insert secure data into database. can any one guide me please??? Thanks I have something like this on one of my pages: $name = 'Bob'; Code: [Select] if ((isset($_POST['name'])) || ($_POST['name'] == '')) { $name = $_POST['name']; //update database } echo '<form action='' method='POST'>'; echo '<table><tr><td width="125">Name: </td><td><input type="text" name="signature" style="width: 270px;" value="' . $name . '" /></td></tr></table>'; echo '</form>'; Here's the problem: Initially, because the form data has not been sent the input box says: 'Bob'. If I remove the name Bob from the input box by manually clicking in it and deleting the name, and I submit the form, it keeps showing 'Bob', whereas I would like it to be empty. What am I doing wrong? am I missing anymore input attacks to pass not having 2 of the same balls? Code: [Select] $numbers = "19|20|19"; $numArray = explode("|", $numbers); if ($numArray['0'] == $numArray['1'] OR $numArray['0'] == $numArray['2'] ){ $std->Error2("You cannot pick 2 numbers with the same ticket"); } The if function will see if 19 = 20, or 19 = 20 then I would it need to do $numArray['1'] == $numArray['2'] and so on right to get all possible ways? If so, is there a easier way instead of just using all OR Statements and not manually thinking about what possible way, isn't there just a way to check if 2 arrays are the same? (or 3) <INPUT TYPE = "Text" VALUE ="0" ID = "username2" NAME = "username2"> <?php $value1 = $_POST['username2']; $nine=$value1; $codx =$characters[$nine]->name; ?> Im tring to get '0' in username2 inputbox readit in php $nine $codx =$characters[$nine]->name;
It only works like this <?php $nine='0' $codx =$characters[$nine]->name; ?>
What i need is to get the users
the $nine will hold the number
How do I read the user input my textbox post pulls the input $nine = $_POST['username2']; $codx =$characters[$nine]->name; i noticed it wouldn't work it only works this way
$nine='0';
Let me know how to read in user input
sorry to repeat i needed to explain none Hello people. I am very new to PHP and have a website for microlight pilots where you can add an airfield. It is a Joomla based site and the input form can be seen here. http://microlight.co/index.php/New-Airfield I am quite prepared to re-write the whole input form again if I have to. Now here's my question. I would like the output of the form to be in an HTML table like it is on this page http://microlight.co/index.php/billaricay This is because at the moment people fill out the form, I get an e-mail with the info, and then have to put it into the airfield card manually myself. Sorry, If my explanation isn't very clear. But basically want users input into a table. Hello
I have a PHP page that sends text entered by a user to our database which we use to display news. This system supports various languages but occasionally we get issues with odd characters being entered...
For example, the premade glyph for ellipsis which is normally represented by 3 .'s broke our system today
How can I check that each character is valid and within range?
These are our character ranges
ExtendedLatin_c_iLowerAlphaChar = 0x00C0;
ExtendedLatin_c_iUpperAlphaChar = 0x01FF;
Arabic_c_iLowerChar = 0x600;
Arabic_c_iUpperChar = 0x6FF;
Arabic_c_iLowerAlphaChar = 0x621;
Arabic_c_iUpperAlphaChar = 0x64A;
Arabic_c_iLowerNumericChar = 0x660;
Arabic_c_iUpperNumericChar = 0x669;
So each character must fall within one of these ranges... but I have no idea how to get the hex value of a character in PHP
Thanks
Haven't been here in a while but I have stumped myself at the moment or maybe I've looked at it too much LOL I thought I'd done this a hundred times before... but I am lost. Even after running mysql_real_escape_string, strip_tags and addslashes etc, I can still enter SQL into my input and it screws with the query. I can't simply use regex to check for valid characters since it's an input that lets the user format a post with BBcode and characters they want. What's the proper way to 'clean' the input, then? Thanks in advance I need to allow a user to input a CSV file and to display what they've got, possibly for corrections. I'm thinking of limitations for filesize, what happens if the columns overlap the page, and realtime. What seems to be a good way of providing this functionality? Any suggestions? Thanks! Mark What is the best way to santize a user input What covers it all without leaving the text with slashes Do i just need to escape my variables, or no i need to sanitize my queries as well? Whats the whole kitten kaboodle, anyone? |
|||||||