I've made two files php, one of the has the validation php code and another has the form where I input some data, but looks something is wrong with Switch command, look many time to find the problem but unfortunately I did not get true.
Here is my code;
First file where I've FORM
<form action="Validation_search_02.php" method="post">
<label>Your favourite fruit:<input type="text" name="t_Opst" id="t_Opst"></label>
<input type="submit" name="G_mby" id="G_mby">
</form>
The second file where I've the validation file(php)
<?php
if(isset($_P0ST["G_mby"])){
$L_ings=$_POST["t_Opst"];
switch($L_ings){
case "Apple":
echo "Your favourite fruit is $L_ings";
break;
case "Pear":
echo "Your favourite fruit is $L_ings";
break;
case "Banana":
echo "Your favourite fruit is $L_ings";
break;
case "Mango":
echo "Your favourite fruit is $L_ings";
break;
default:
echo "You should eat some fruit";
}
}
?>
In your php file you can verify if there is a POST request, when it comes to your code there is no need for a switch because there is a repetition of the same code several times, you can use an if and or clauses instead. Try this:
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST"){
$L_ings = $_POST["t_Opst"];
echo "hola";
if($L_ings == "Pear" or $L_ings == "Banana" or $L_ings == "Mango" or $L_ings == "Apple")
echo "Your favourite fruit is $L_ings";
else
echo "You should eat some fruit";
}
?>
Related
I'm trying to understand what's went wrong with my code. it's a login proccess to cp. you do get the right outcome when writing the correct username (only username yet, just for that test). but you get nothing at all when you don't - nothing I've programmed it to do.
I'm REALLY desperate, tried to solve this the whole night. please help me.
here's the code.
calculations:
if (isset($_POST['connection_made'])) { // is a connection been made? using a hidden input
$form_user = forms_filter($_POST['form_user']); // filter any tags or any unwanted actions first
$form_pass = forms_filter($_POST['form_pass']); // filter any tags or any unwanted actions first
if (strlen($form_user) > 5 AND strlen($form_user) < 16 AND strlen($form_pass) > 5 AND strlen($form_pass) < 16) {
if (login_blank_filter($form_user, $form_pass) == true) { // are those values length shorter than the minimal value or longer?
$user_name = $form_user;
$raw_password = $form_pass;
$user_pass = password_hash($raw_password, PASSWORD_DEFAULT); // generating a hashed and salted password
$cp_validate_login = mysqli_query($data_connection, "SELECT * FROM `admins` WHERE `username` = '$user_name' ");
if (!$cp_validate_login) { die('error: ' . mysql_error()); }
while ($admin_row = mysqli_fetch_array($cp_validate_login)) {
if (mysqli_num_rows($cp_validate_login) == 1) {
echo "you made it.";
echo mysqli_num_rows($cp_validate_login);
}
else {
echo "not yet there.";
echo mysqli_num_rows($cp_validate_login);
}
}
}
else {
header('Location: index.php?login_status=2');
}
}
}
Form:
<?php
if (isset($_GET['login_status'])) {
switch ($_GET['login_status']) {
case 1:
echo "wrong username or password";
break;
case 2:
echo "the inputs has to be filled";
break;
case 3:
echo "username\passwords are too short or too long";
break;
default:
echo "unknown error";
}
}
else {
echo "welcome. log in to the control panel please";
}
?>
</div>
<form name="loginform" method="post" action="index.php" onSubmit="return validateBlank()">
<input type="hidden" name="connection_made" value="">
<div class="login_layout">
<div class="login_right_layout">
user:
</div>
<div class="login_left_layout">
<input class="login_input" name="form_user" type="text">
</div>
<div class="login_right_layout">
password:
</div>
<div class="login_left_layout">
<input class="login_input" name="form_pass" type="password">
</div>
</div>
<input type="submit" value="כניסה" class="login_submit">
</form>
</center>
PLEASE help me. thank you.
First, you are wide open to SQL injection. You need to use prepared statements, rather than concatenating variables into your query. See How can I prevent SQL injection in PHP?.
Second, your code fails because you never make it into the while loop if the username is invalid. That is, if you type a bogus username, this condition is never satisfied:
while ($admin_row = mysqli_fetch_array($cp_validate_login))
So, your if/else logic is never executed.
The solution here is not to try to improve your existing code. It's to stop what you're doing and use an existing authentication (login) library. Security is hard, and proper authentication and authorization is no exception. You should not roll your own security code.
As questioned above I'm trying to get user input in my PHP script to do further tasks. Is there any method in PHP to get user input like 'scanf()' used in C
<?php
echo "Swapping Numbers </br> Please select the method: </br>";
echo "1. Using 3rd variable </br> 2. Using add/sub </br> 3. Using mul/div";
//read user input $choice
switch($choice)
{
case 1:
break;
case 2:
break;
case 3:
break;
default:
echo "</br>You entered wrong choice";
}
?>
the STDIN constant is pre-defined and available for you to use immediately.
You can get user input using fgets and fscanf
<?php
$line = trim(fgets(STDIN)); // reads one line from STDIN
fscanf(STDIN, "%d\n", $number); // reads number from STDIN
For example
<?php
echo "Enter a number: ";
fscanf(STDIN, "%d\n", $number);
switch ($number) {
case 1: echo "one\n"; break;
case 2: echo "two\n"; break;
case 3: echo "three\n"; break;
default: echo "I can't count that high\n";
}
Check out the I/O docs for more detailed information
You should use readline() :
var_dump(readline('Enter number: '));
You can handle user input from form element or from url.
in your case you can use like this.
$choice = $_GET['choise'];
User will type like this
http://localhost/your_file_name.php?choise=option
than you should use your switch
switch($choice)
{
case 1:
break;
case 2:
break;
case 3:
break;
default:
echo "</br>You entered wrong choice";
}
?>
I want to use PHP to check if $_POST["pass"] is set, and do something if it's not, and do something else if it is.... But I can't get it working, I'm sure my logic is wrong.
I have a php code that looks something like this...
if (!isset($_POST["pass"])) {
...some form with an input type text here...
if (...wrote the wrong thing in input type text...) {
echo "something is wrong....";
}
else {
$pass_var = "Pass";
$pass_var = $_POST["pass"];
}
}
else {
echo "This thing is working...";
}
If I type the right thing in my input type text, I wan't to get to "This thing is working", and if not I wan't to echo "something is wrong....".
It works almost fine, except that if I type the right thing in my form, I never get to "This thing is working...".
The page just does nothing..
I'm sure it's the
$pass_var = "Pass";
$pass_var = $_POST["pass"];
that I'm doing wrong.
I know that I could set this up in another way to make it work, but I have a large script that is set up like this, and I really want it to work...
You test in the form against the $_POST NOT being set (See the !). You want however the post to be set!
if(isset($_POST["pass"]))
{
print_r($_POST); // basic debugging -> Test the post array
echo "The form was submitted";
// ...some form with an input type text here...
if(...wrote the wrong thing in input type text...)
{
echo "something is wrong with the input....";
}
else
{
// Valid user input, process form
echo "Valid input byy the user";
$pass_var = "Pass";
$pass_var = $_POST["pass"];
}
}
else
{
echo "The form was not submitted...";
}
You can use the empty() function of php
if(!empty($_POST['pass'])){
// do something
}else{
// do something else
}
Hope this will work for you .
Make sure you have "method='POST'" in your html form else $_POST isn't accessible in php, and logic was a bit screwy, try this?
e.g.
if (!isset($_POST["pass"])) {
//no POST so echo form
echo "<form action='".$_SERVER['PHP_SELF']."' method='POST'>
<input type='text' name='txtInput' />
<input type='submit' name='pass' />
</form>";
} elseif (isset($_POST["pass"])) {
//have POST check txtInput for "right thing"
if ($_POST["txtInput"] == "wrong thing") {
echo "something is wrong....";
} elseif ($_POST["txtInput"] == "right thing") {
//$pass_var = "Pass";
$pass_var = $_POST["pass"];
echo "This thing is working...";
}
}
Well, if (!isset($_POST["pass"])) means if $_POST["pass"] is not set, so you might want to remove the '!' which stands for not.
I'm giving this simple html form with password and with php I'm giving to do this
The only valid password shall be "testing" (without the quotes). If the user did not type a password, give them a warning to "Please type a password" and do no more processing on the data at all. If the user did not type the valid password "testing" (without the quotes), then tell the user "Invalid password, sorry" and do no more processing on the data at all. (Use an “if” statement to find out if they entered a password, etc…)
but I just can't seem to figure out
can someone give me a hand?
the html coding is
<form action = "lab.php" method = "post" name = "lab_form">
what is your last name: <input type = "text" name = "last"><br />
what is your student number (password): <input type = "password" name = "number">
</form>
what I did with my php is this....but didn't work at all...and all I've learned is $_POST and isset for now. I wonder how I can get this done with $_POST, isset and with if statement...
<?php
echo $_POST["last"] . "<br/>";
if (isset($_POST["number"]))
{
echo "The variable $_POST[number] exists.";
}
else if (!(isset($_POST["number"])))
{
echo "Please enter a password.";
}
else
{
echo "No variable called $_POST[number]";
}
?>
I know what I'm doing wouldn't make must sense....but...ya :(
Thanks in advance though ^_^
P.S. I know in the php code I should add something like
if($_POST["number"] == testing)
and continuing on but the thing is I couldn't even make it show the other parts so i didn't bother try the "testing" as password yet.
Small mistake. Use empty() too.
<?php
echo $_POST["last"] . "<br/>";
if (isset($_POST["number"]))
{
echo "The variable $_POST[number] exists.";
}
elseif (empty($_POST["number"]))
{
echo "Please enter a password.";
}
elseif (!isset($_POST["number"]))
{
echo "No variable called $_POST[number]";
}
?>
I have a form on my website that takes input from a text area and processes it one way if it is empty (strlen = 0) and another if it has text in it.
Here is part of the form:
<form name='contact' action='contact.php' method='post'>
...
Message*<br />
<textarea name='msg' rows='10' cols='70' maxlength='2048'><?php echo $msg ?></textarea><br />
...
<input type='submit' value='Send!' id='subby' name='fatk' style='height:60px; width:300px;' />
</form>
Now the PHP code:
$msg = isset($_POST['msg'])?safeString($_POST['msg']):'';
$msg = substr($msg,0,2048);
if (strlen($msg) == 0)
echo "<h1>Test failed</h1>";
else { ... }
Here's the safestring(str) method:
function safeString($str) {
htmlentities($str);
htmlspecialchars($str);
}
Every time I submit the form, no matter how much or how little I put in the msg textarea, it always says it's empty (by echoing TEST FAILED). Also, do you know anything else I should add to my safestring() function to make my forms more secure?
You are not returning anything from safeString.
Apart from that, what safeString does is redundant (htmlentities is a superset of htmlspecialchars, and the latter does the job of protecting against XSS).
Finally, you should really not be doing this sanitization when accepting input but only when you are producing output.
Put toghether, your code should look more like
$msg = isset($_POST['msg']) ? $_POST['msg'] :'';
if ($msg == '')
echo "<h1>Test failed</h1>";
else {
echo "Received value: ".htmlspecialchars($msg);
}
You should also definitely specify the input's encoding (see third parameter of htmlspecialchars).