I have an old project that I realized has a security flaw. When paginating I assigned the users id to a hidden input value. You can see it when looking at the source. Does any one have a quick solution? I can only think of using an associative array that would put the assigned value as the hidden value and keep it from view or searching using their emails, but I would like to keep those hidden as well.
echo '
<div class="col-sm-6">
<div class="card h-100">
<img class="card-img-top" src="/uploads/'.$userPic['Link1'].'" height="400" width="400" alt="anotherOne"/>
<div class="card-body">
<h5 class="card-title ">'.$row['first'].' '.$row['last'].'<span style="float:right;">'.$row['r'].'</span></h5>
<p class="card-text">'.$row['briefDesc'].'</p>
<form action="setting.php" method="GET">
<input type="hidden" name="time" value='.$tSelected.'>
<input type="hidden" name="date" value='.$dSelected.'>
<input type="hidden" name="idNumber" value='.$P_id.'>
<button type="submit" class="btn btn-primary" name="buttonSearch">See Profile</button>
</form>
</div>
</div>
</div>';
Related
i have a searchbox in my website like below:
<div style="" class="col-sm-8">
<div class="wrapda">
<div class="searchda">
<a href="https://google.com">
<input type="text" class="searchTermda" placeholder="Search Image">
<button type="submit" class="searchButtonda">
<i class="fa fa-search">Search</i>
</button>
</a>
</div>
</div>
</div>
am trying to pass the user entered keyword in the input box to next page , is there anyway to do this using anchor tags, please help. thanks in advance
Instead of using anchor tag, the more standard way is to use form.
<div style="" class="col-sm-8">
<div class="wrapda">
<div class="searchda">
<form method="POST" action="your target url">
<input type="text" name="searchInput" class="searchTermda" placeholder="Search Image">
<button type="submit" class="searchButtonda">
<i class="fa fa-search">Search</i>
</button>
</form>
</div>
</div>
</div>
You have to specify the action attribute in the form tag which will be your target url.
You also have to specify the name attribute in the input tag.
This way your input will be sent to your target url.
You can use form for this purpose.
<form action="https://www.google.com/search" method="GET" />
<input type="text" placeholder="Search Image" name="q" />
<input type="submit" value="Search Image" />
</form>
I have made an application using codeigniter, and everything was working fine few day ago. But suddenly, yesterday, when I ran the application, I am getting error, when I am submitting data from the forms which contain enctype="multipart/form-data". Null data is received at the controller. When I remove enctype, than everything goes fine, but due to image upload, I have to keep enctype in some form tags.
<form action="<?= site_url('nasty_v2/dashboard/uploadPaid?key=').$this->my_func->scpro_encrypt("betul"); ?>" method="POST" role="form" enctype="multipart/form-data">
<div class="portlet box purple-sharp">
<div class="portlet-title">
<div class="caption">
<i class="fa fa-image"></i>Upload Payment Proof For
</div>
</div>
<div class="portlet-body flip-scroll" align="center">
<span style = "color : #b706d6;"><h2><strong>#<?= (120000+$orid); ?></strong></h2></span>
<div class="form-group">
<div class="fileinput fileinput-new" align="center" data-provides="fileinput">
<div class="fileinput-preview thumbnail" data-trigger="fileinput" style="width: 200px; height: 150px; line-height: 150px;"></div>
<div>
<span class="btn red btn-outline btn-file">
<span class="fileinput-new"> Select image </span>
<span class="fileinput-exists"> Change </span>
<input type="hidden" value="" name="title"><input type="file" name="fileImg"> </span>
Remove
</div><div class="clearfix"> </div><button type="submit" class="btn btn-primary btn-circle"><i class="fa fa-upload"> Submit</i></button>
</div>
</div>
</div>
<input type="hidden" name="or_id" id="inputOr_id" class="form-control" value="<?= $or_id; ?>">
</div>
</form>
I checked the HTTP request using Telerik Fiddler 2, and the found that form is successfully submitting data in request, but that data is not reaching controller. What should be the issue?
It may cause by the file upload. Try setting followings
ini_set('max_file_uploads',1000);
ini_set('post_max_size','5000M');
ini_set('upload_max_filesize','5000M');
//or php.ini file
I have 8 buttons, each button can be clicked, when you made your selection you go search, after you searched I need to show pictures based on what buttons are clicked before searching. I already have button that has be choosen in a array in PHP, but I dont know how to show the picture that has to be showed of depending on what buttons are used.
<form id="search" action="programmer.php" method="get">
<div data-toggle="buttons">
<div class="container">
<div class="row">
<div class="col-sm-4">
<label class="btn btn-primary btn-block btn-lg-lg">
<input type="checkbox"style="display: none;" name="lang[]" value="html" autocomplete="off">HTML
</label>
</div>
<div class="col-sm-4">
<label class="btn btn-primary btn-block btn-lg-lg">
<input type="checkbox" style="display: none;" name="lang[]" value="css" autocomplete="off">CSS
</label>
</div>
<div class="col-sm-4">
<label class="btn btn-primary btn-block btn-lg-lg">
<input type="checkbox" style="display: none;" name="lang[]" value="javascript" autocomplete="off">Javascript
</label>
</div>
</div>
</div>
<div class="container">
<input type="submit" value="Search" class="btn btn-primary btn-lg btn-block" >
</div>
This is the PHP only showing off that I got the arrays:
<?php
print_r($_GET["lang"]);
?>
Remove style="display: none;" so that checkbox are visible in the web page.Insert the name of your images in value attribute of the checkbox. When you will click on search button all the images selected in checkbox list will be displayed on the next web page.
Add following code to the programmer.php
<?php
$path_to_img_dir="path1/";
$arr=$_GET['lang'];
foreach($arr as $val){
echo sprintf("<img src='%s%s.jpg' /><br>",$path_to_img_dir,$val);
}
?>
You can save the path in a variable in php and the use it in the html code <img src='<?php echo $path;?>'>
<form method="post" class=" clearfix no-mar payment-form" action="checkout.php" id="checkoutRevisionProcess">
<input type="hidden" name="joborderno" id="postsecondrevieworderno" value="%%GLOBAL_postsecondrevisionorderno%%"/>
<div class="clearfix action-btn-submit">
<div class="pull-right">
<a title="Yes" class="btn btn-primary postsecondrevisionyes">PAY</a>
</div>
</div>
</form>
I want to write an if condition to check if this form has been called or not in php. How do I do this please help.
You can add an input with type="hidden" to each form and set it's value to the id/name you want to have for that form:
<input type="hidden" value="checkout" name="form-id" />
But be informed that you shouldn't use that for safety validations since the user would be able to just change the value using a debugger.
So I'm working on a social networking Facebook type proof of concept project for college and I'm trying to get a Bootstrap, multi-button input group to display properly for a comment box.
I would like to have the text area, with a Comment and Like button on the right hand side, with the whole input group filling the width of the panel as seen below.
Trying to achieve this!
The problem is when I add in my <form> tags, the formatting of the entire group within <div class="row"> goes crazy and forms a little box on the left hand side (screenshot below).
If I take out the <form> tags formats properly, but I'm just not sure how to manage the <form> tags/where to put them to achieve this multi-button group.
How it displays currently
The code below is a few undos later to when the forms weren't broken, just so you know this isn't how I originally went about achieving it, but what i've succumbed to for now.
If anyone knows how to achieve this I'd be so grateful!
while($row = mysqli_fetch_assoc($result)) {
//Get relative timestamp for current post
$timestamp = strtotime($row['StatusTimestamp']);
$stampRelative = CheckTimestamp($timestamp);
echo '<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">'.$row['UserName'].'<small class="postTimestamp"> '.$stampRelative.'</small></h3>
</div>
<div class="panel-body">
'.$row['StatusContent'].'
</div>
<div class="panel-footer clearfix">';
echo ' <div class="row">
<div class="col-lg-11">
<div class="input-group">
<form action="'.CommentOnStatus($row['StatusID']).'" method="post">
<input type="text" class="form-control" name="comment" placeholder="Post a comment...">
<span class="input-group-btn">
<button class="btn btn-default" type="submit">Comment</button>
<input type="hidden" name="statusId" value="'.$row['StatusID'].'">
</span>
</form>
</div>
</div>
<div class="col-lg-1">
<form action="'.LikeStatus($row['StatusID']).'" method="post">
<button type="submit" id="like" name="'.$row['StatusID'].'" class="btn btn-primary pull-right">Like</button>
</form>
</div>
</div>
</div>
</div>';
}
I checked your code. This should work fine. Let me know if this does not work. THere are minor problems of placing the elements. Please Use this in your row :
<div class="col-lg-11">
<form method="post">
<div class="input-group">
<input type="text" class="form-control" name="comment" placeholder="Post a comment...">
<span class="input-group-btn">
<button class="btn btn-default" style="border-width: 1px 0 1px 0;border-radius: 0;" type="submit">Comment</button>
<button type="submit" id="like" name="'" class="btn btn-primary" style="border-radius: 0 5px 5px 0;">Like</button>
</span>
<input type="hidden" name="statusId" value="">
</div>
</form>
</div>
This is my output
Use the classnavbar-form in your form. It should work fine now.
So form will look like <form action="'.CommentOnStatus($row['StatusID']).'" method="post" class="navbar-form">