User Input from HTML form being cut off - php

We have an HTML form that takes in user input for an application, and uses PHP to process and send it to HR. The issue is it cutting off the text in the final result (picture below). There are no text limits set anywhere. Any help or ideas would be greatly appreciated.
Parts being cut off:
Cut Off
The form declaration and code for the fields being cut off:
<form id="application" name="application" method="post" action="sendresults.php" align="left">
<p>Work Performed<br />
<label>
<textarea name="workperform1" id="workperform1" tabindex="62" cols="50" rows="3"></textarea>
</label>
</p>
<p>Reason for Leaving<br />
<label>
<input name="reasonleaving1" type="text" onkeypress="return noenter()" id="reasonleaving1" tabindex="63"size="66" />
</label>
<br />
</p>
The PHP code:
<?php session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Results</title>
</head>
<body>
<?php
//--------------------------Set these paramaters--------------------------
$subject = 'Application for Employment';
$emailadd = 'blahblah#randomemail.org';
// Where to redirect after form is processed.
$url = 'http://www.randomwebsitename/random.html';
// Makes all fields required. If set to '1' no field can not be empty. If set to '0' any or all fields can be empty.
$req = '0';
// --------------------------Do not edit below this line--------------------------
$text = "Results from form:\n\n";
$space = ' ';
$line = '
';
include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
die('The code you entered was incorrect. Go back and try again.');
}
foreach( $_POST as $key => $value ){
if ($req == '1'){
if( $value == '' ){
echo "$key is empty";
die;
}
}
$j = strlen($key);
if( $j >= 20 ) {
echo "Name of form element $key cannot be longer than 20 characters";
die;
}
$j = 20 - $j;
for ($i = 1; $i <= $j; $i++){
$space .= ' ';
}
$value = str_replace('\n', "$line", $value);
$conc = "{$key}:$space{$value}$line";
$text .= $conc;
$space = ' ';
}
mail($emailadd, $subject, $text, 'From: '.$emailadd.'');
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
?>
</body>
</html>

Related

Why do I have all these errors?

In two pages I have there problem. The first problem is before I submitted I get this alert:
(Notice: Undefined index: submit in C:\xampp\htdocs\art-legend\12\admin\add.php on line 15)
and the line 15 in this page is
(if ($_POST['submit'] && !empty($_FILES)){)
The second problem is before I put any image they put that I have an image on the top but I still don't put any image and I have this picture
And the third error is when I upload an image I can't see it and I have a screen like the last screen .
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256" />
<title>Untitled Document</title>
<title>Untitled Document</title>
</head>
<body>
<?
if ($_POST['submit'] && !empty($_FILES)){
$formok = TRUE;
$title = $_POST['title'];
$thread = $_POST['elm1'];
$date = date("d/m/y h;i:s");
$path = $_FILES['upload']['tmp_name'];
$name = $_FILES['upload']['name'];
$size = $_FILES['upload']['size'];
$type = $_FILES['upload']['type'];
$error = $_FILES['upload']['error'];
if (!is_uploaded_file($path)){
$formok = FALSE;
echo "there is no file uploaded try again";
}
if (!in_array($type,array('image/png','image/jpg','image/jpeg'))){
$formok = FALSE ;
echo "the file is not image try again ";
}
if (filesize($path)>800000){
$formok = FALSE ;
echo "the file is bigger ";
}
if ($formok){
if ($connect = mysqli_connect('localhost','root','adminpass','flip')){
$content = file_get_contents($path);
$safetitle = mysqli_real_escape_string($connect,$title);
$safethread = mysqli_real_escape_string($connect,$thread);
$safeimage = mysqli_real_escape_string($connect,$thread);
$sqltitle ="insert into title(title) values ('$safetitle')";
$sqlthread = "insert into threads (topic,date) values ('$safethread','$date')";
$sqlimge ="insert into images (name,size,type,content) values ('$name','$size','$type','$safeimage')";
$querytitle = mysqli_query($connect,$sqltitle);
$querythread = mysqli_query($connect,$sqlthread);
$queryimage = mysqli_query($connect,$sqlimge);
if ($querytitle && $querythread && $queryimage){
$imageid = mysqli_insert_id($connect);
}
mysqli_close($connect);
}
else {
echo "There is error in database connect";
}
echo "insert done all ";
}
}
?>
<img src="image.php?id=<?=$imageid; ?>" />
<hr />
<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="post" enctype="multipart/form-data">
<p>
title :
<input type="text" name="title" />
</p>
<div>
<textarea id="elm1" name="elm1" rows="15" cols="80" style="width: 80%">
</textarea>
</div>
<input type="hidden" name="MAX_FILE_SIZE" value="800000" />
<p>
<input type="file" name="upload" />
</p>
<p>
<input type="submit" name="submit" value="process" />
</p>
</form>
</body>
</html>
--
<?
$imageid = $_GET['id'];
if ( mysqli_connect('localhost','root','adminpass','flip')){
$escape = mysqli_real_escape_string($connect,$content);
$sql = "select type,content from images where id =$imageid";
$query = mysqli_query($connect, $sql);
$fetch = mysqli_fetch_array($query,MYSQLI_ASSOC);
mysqli_free_result($query);
mysqli_close($connect);
}
else {
echo"ther is no connection 2";
}
if (!empty($fetch)){
header("Content-type:{$fetch['type']}");
echo $fetch['content'];
}
?>

Use isset
isset — Determine if a variable is set and is not NULL
<?
if (isset($_POST['submit']) && !empty($_FILES)){

Hiding a paragraph if input is empty

I have a small function that grabs the input values from my html page and puts them through a php function that will display them in a list. My goal is that if a field is left blank, the PHP script doesn't echo anything so that it would skip that instance entirely. It's probably better to show you than just talk of course:
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
</head>
<body>
<form method="POST" action="test3.php" name="form">
<p>Please enter your name:</p>
<input type="text" name="1"></input>
<br />
<input type="text" name="2"></input>
<br />
<input type="text" name="3"></input>
<br />
<input type="text" name="4"></input>
<br />
<input type="text" name="5"></input>
<br />
<input type="submit" value="Submit" name="subButton" tabindex="50"></input>
</form>
</body>
</html>
PHP
function callNames(){
$body;
for($name = 1; $name <= 6; $name++){
if($name <= 5){
echo "Your name is " . $_POST[$name] . ".<br />";
}
elseif($name =? ){
?;
}
else {
echo "Your out of names!";
}
};
}
callNames();
I left the elseif function blank, as I thought that is where my solution would go. In other words, if you put in a name for everything but field 3, it would only echo "Your name is " 4 times but not leave an extra break where it would have been. Would I not use an elseif to solve this?

First off, as Fred -ii pointed out in the comments, in PHP field names cannot start with a number, but if they could here is how you would do it:
function callNames(){
$body;
for($name = 1; $name < 6; $name++){
if(isset($_POST[$name])){
echo "Your name is " . $_POST[$name] . ".<br />";
}
}
echo 'You are out of names!';
}
However, this assumes that the post variables go up sequentially until there are no more names.
If you explain what this is for, maybe someone can provide a better way to tackle the problem all together.
P.s the body variable seems unused?

Have you tried adding a condition that looks for $_POST[$name] length > 0 or that looks for $_POST[$name] != '';
function callNames(){
$body;
for($name = 1; $name <= 6; $name++){
if($name <= 5){
if ( $_POST[$name] != '' ) {
echo "Your name is " . $_POST[$name] . ".<br />";
}
}
elseif($name =? ){
?;
}
else {
echo "Your out of names!";
}
};
}
callNames();
You can even merge the two conditions in one with &&

function callNames(){
if ($_POST['name'] != ""){
echo "Your name is " . $_POST[$name] . ".<br />";
}
elseif($_POST['name'] == "?"){
echo "?";
}
else {
echo "Your out of names!";
}
}

preg_match help from an input box [duplicate]

This question already has answers here:
php date validation
(13 answers)
Closed 9 years ago.
I need to validate a Date from an input box.
The regular expression is fine but that is about it.
First where in the scope does it go, and second can you help make this work?
When it validates I dont want it to echo anything and when it doesnt I would like it to
tell the user that they must enter it in mm/dd/yyyy format. If you can do this in an alert box that would be even better! Thank you fellow developers!!! The COMPLETE code follows the tag. Youll see my preg_match is commented out. Thank you fellow developers!!!
$input = '<input value="Date" type="text" name="date">';
if (preg_match('/^(|(0[1-9])|(1[0-2]))\/((0… $input)) {
echo "";
} else {
echo "You must Re-enter date in mm/dd/yyyy format.";
}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<embed src="Songs/nature.mp3" width=10 height=10 autostart=true repeat=true loop=true></embed>
<title>Post Song</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>Post New Song</h1>
<hr />
<br />
<body background="Songs/back.jpg">
<form action= "Postsong.php" method="POST">
<span style="font-weight:bold">Song:</span>
<input value="" type="text" name="song" />
<span style="font-weight:bold">Artist Name:</span>
<input value="" type="text" name="name" />
<span style="font-weight:bold">Date:</span>
<input value="" type="text" name="date" /><br />
<br />
<br />
<input type="submit" name="submit"
value="Post Song" />
</form>
<hr />
<p>
View Songs
</p>
<?php
/*
$input = '<input value="Date" type="text" name="date">';
if (preg_match('/^(|(0[1-9])|(1[0-2]))\/((0[1-9])|(1\d)|(2\d)|(3[0-1]))\/((\d{4}))$/', $input)) {
echo "";
} else {
echo "You must Re-enter date in mm/dd/yyyy format.";
}
*/
if (isset($_POST['submit'])) {
$Song = stripslashes($_POST['song']);
$Name = stripslashes($_POST['name']);
$Date = stripslashes($_POST['date']);
$Song= str_replace("~", "-", $Song);
$Name = str_replace("~", "-", $Name);
$Date = str_replace("~", "-", $Date);
$ExistingSubjects = array();
if (file_exists(
"Songs/songs.txt") &&
filesize("Songs/songs.txt")
> 0) {
$SongArray = file(
"Songs/songs.txt");
$count = count($SongArray);
for ($i = 0; $i < $count; ++$i) {
$CurrSong = explode("~",
$SongArray[$i]);
$ExistingSubjects[] = $CurrSong[0];
}
}
if (in_array($Song, $ExistingSubjects)) {
echo "<p>The song you entered
already exists!<br />\n";
echo "Please enter a new song and
try again.<br />\n"; // Do I need another if statement saying if empty echo you need to enter something?...
echo "Your song was not saved.</p.";
$Song = "";
}
else {
$SongRecord =
"$Song~$Name~$Date~\n";
$SongFile = fopen(
"Songs/songs.txt",
"ab");
if ($SongFile === FALSE)
echo "There was an error saving your
song!\n";
else {
fwrite($SongFile,
$SongRecord);
fclose($SongFile);
echo "Your song has been
saved.\n";
$Song = "";
$Name = "";
$Date = "";
}
}
}
else {
$Song = "";
$Name = "";
$Date = "";
}
?>
</body>

The following regex matches for mm/dd/yyyy
(0[1-9]|1[0-2])/(0[1-9]|1[0-9]|2[0-9]|3(0|1))/\d{4}
The first part i.e. (0[1-9]|1[0-2]) checks for two digits ranging from 01 to 12.
Next part i.e. (0[1-9]|1[0-9]|2[0-9]|3(0|1)) checks for two digits ranging from 01 to 31.
Next part i.e. \d{4} checks for 4 digits.
/ between the parts checks for / as separator.

Skipping empty records in mysql with php

I am trying to make a survey but when I have an empty record in my msql database he just shows an empty question is there a possibility to skip empty records?
<?php
session_start();
include "config.php";
connDB();
$some_questions = mysql_num_rows(mysql_query("SELECT id FROM question"));
if($_POST['next'] && $_SESSION['qnumber'] != '' && $_POST['question'.$_SESSION['qnumber']] != '')
{
if($_POST['question1']){
$_SESSION['antwoordjes'] = $_POST['question1'];
}else{
$_SESSION['antwoordjes'] .= '|'.$_POST['question'.$_SESSION['qnumber']];
}
$_SESSION['qnumber']++;
$questionnumber = $_SESSION['qnumber']++;
$sql = "SELECT id, question FROM question WHERE id = '$questionnumber'";
$result = mysql_query($sql);
while ($count = mysql_fetch_array($result)){
if($count['question'] == null)
{
$_SESSION['qnumber']++;
}
}
}
if($_POST['question'.$some_questions] != '' && $_SESSION['qnumber'] >= ($some_questions + 1))
{
mysql_query("INSERT INTO answers (ip,answers,datum) VALUES ('".$_SERVER['REMOTE_ADDR']."','".$_SESSION['antwoordjes']."',NOW())");
session_destroy();
header("Location: outro.php");
}
if($_SESSION['qnumber'] == '' || $_SESSION['qnumber'] >= ($some_questions + 1))
{
$quest = 1;
$_SESSION['qnumber'] = $quest;
}
else{
$quest = $_SESSION['qnumber'];
}
$data = mysql_fetch_array(mysql_query("SELECT question,answers FROM question WHERE id='".$quest."'"));
$answers = explode('|',$data['answers']);
$quest = stripslashes($data['question']);
if(empty($_POST['atext']))
{
}else{
$quest = $_POST['hsvraag'];
$commentary = $_POST['atext'];
toevoegenOverig($commentary, $quest);
}
?>
<script type="text/javascript">
function disablefield(){
if (document.getElementById('yes_radio').checked == 1){
document.getElementById('textbox_A').disabled='disabled';
document.getElementById('textbox_A').value='';
}else{
document.getElementById('textbox_A').disabled='';
document.getElementById('textbox_A').value=''; }
}
</script>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- <script type="text/javascript" src="abc.js"></script> -->
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Internet onderzoek</title>
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<table align="left">
</table>
<div class="centrum">
<div class="header">Internetsurvey</div>
<div class="content" id="content">
<div class="balk">Introductie | <span style="color:#000033;">question</span> | end</div>
<br/>
<form method="post" action="vragenv.php">
<?php
$nummer = 1;
foreach($answers as $answer)
{
echo '<input id="yes_radio" type="radio" name="question'.$_SESSION['qnumber'].'" value="'.$nummer.'" id="answer'.$nummer.'" onChange="disablefield();"/><label for="answer'.$nummer.'">'.$answer.'</label><br />';
echo '<input type="hidden" name="hsvraag" value="'.$quest.'"/>';
$nummer++;
}
?>
</br>
<br/><input type="text" id="textbox_A" required name="atext"/><br />
<input type="submit" name="next" value="next" class="knop" />
</form>
</div>
</div>
</body>
</html>

Tweak your query.
SELECT
`id`,
`question`
FROM
`question`
WHERE
`id` = '$questionnumber'
AND
`question` IS NOT NULL
AND
LENGTH(TRIM(`question`))>1

Problems with guess a number game

Hey, I am so close to fininshing my guess a number game, very simple in PHP, but for some reason I am stuck. I am storing the variable in a hidden form, but obviously each time the page is sent it resets the number so you can never get the right one.
Any ideas? My code is below.
<?php
// generate a random number for user to guess
$number = rand(1,100);
if($_POST["guess"]){
// grab the user input guess
$guess = $_POST['guess'];
$numbe = $_POST['number'];
if ($guess < $number){
echo "Guess Higher";
}elseif($guess > $number){
echo "Guess Lower";
}elseif($guess == $number){
echo "You got it!";
}
echo "<br />Random Number:".$number."<br />";
echo $guess;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Guess A Number</title>
</head>
<body>
<form action="<?=$_SERVER['PHP_SELF'] ?>" method="post" name="guess-a-number">
<label for="guess">Guess A Number:</label><br/ >
<input type="text" name="guess" />
<input name="number" type="hidden" value="<?= $number ?>" />
<input name="submit" type="submit" />
</form>
</body>
</html>

Change:
// generate a random number for user to guess
$number = rand(1,100);
To:
if(isset($_POST['number'])) {
$number = $_POST['number'];
} else {
$number = rand(1,100);
}

Is it because of this typo?
$numbe = $_POST['number'];
//numbe -> number

I realise you're probably just starting out but the earlier you learn this stuff, the better:
echo "<br />Random Number:".$number."<br />";
This is leaving you open to an XSS attack - I could send $_POST['number'] as <script> doSomethingBad(); </script>
You should either cast it to an integer ($number = (int)$_POST['number']) or escape your output (echo htmlspecialchars($_POST['number']);)
The same goes for $guess of course.
Interestingly, if you're using mod_rewrite, $_SERVER['PHP_SELF'] could also be manipulated to do the same thing.

Do something like:
$number = $_POST['number'];
if ($number == null) {
$number = rand(1,100);
}

Categories