I'm trying to combine two input with same name. One part will be disable but user can see the random value and other part will be given by user.
[<div class="form-group col-md-6">
<label for="ProductCode">Product Code</label>
<input name="prid" type="text\[\]" class="form-control" id="prid" placeholder="Product Code" value="value">
</div>][1]
https://i.imgur.com/CqBHqBk.png
Not sure I understand your question correctly, but it seems to be simple. You can combine two input with same name using "class" html element.
Related
I have an easy HTML form
<form method="post" action="process.php">
<label>First Name</label>
<input type="text" name="first_name" />
<br />
<label>Last Name</label>
<input type="text" name="last_name" />
<br />
<label>Department</label>
<input type="text" name="department" />
<br />
<label>Email</label>
<input type="text" name="email" />
<br />
<input type="submit" value="Add Employee">
</form>
When I click submit this will write the input to the DB.
I was always testing with very short names (a few letters). It works so now I tried some longer strings and it fails. I don't see an error but no data is written to my DB.
I can write 25 characters inside the box. So everything till 25 chars is inside the DB, all what is longer isn't.
This is not a HTML problem, as HTML does not behave like that (well, unless you use maxlength for the input).
This has to be a database issue. Your table probally has a VARCHAR(25) in it's structure. When you enter a longer string than it can contain, it truncates the remainder of the string. Thats why you do see the first 25 chars.
You can check this via your database management, like PHPmyAdmin. Go to the matching table, click 'structure'. You can also edit it here to a more appropriate length.
It's not a problem from HTML. Please check your php code and database table structure.
Might be there is input length defined for the field i.e. 25.
I have a web app which include a questionnaire editor. There can be many questions; each can have many answers; and each question has two sets of radio buttons for setting various question options.
I'm using the following style of IDs:
id="Q-$questionNumber"
id="Q-$questionNumber-A-$answerNumber"
...where '$questionNumber' and '$answerNumber' are replaced with the appropriate numbers.
The ID numbering scheme has two functions:
When an element is clicked, my javascript can examine the ID number to find out which question/answer it belongs to.
Input elements have names which follow this same numbering scheme. When the form is submitted, my PHP code can determine which question number/answer number the submitted value is associated with, by examining the name.
Naturally, when I drag and drop a question, all these IDs and names need to be renumbered. I've written javascript/jQuery that successfully renumbers everything and works correctly. But it feels kludgy.
It seems like I could remove the numbering scheme from all the IDs and just figure out what question number/answer number everything is by examining its placement in the DOM using jQuery. But it seems I would still need to use the numbering scheme on input element names so that my PHP code on the server could tell what question number/answer number the various submitted form elements belong to.
Is there a better way?
UPDATE per request from Bankzilla. Here is some sample HTML. This is one question. Each document can have many questions, each of which can have many answers.
<div id="Q-1" class="QuestionGroup ui-draggable">
<br>
<h2 id="QuestionText-Q-1">
Question #1
<input type="text" name="questionText-Q-1" value="" id="questionText-Q-1" class="questionText" maxlength="256" size="70">
</h2>
<div class="containerForAnswers">
<p class="answerPar">
<span class="answerLabel answerLabelinEditView">#1:</span>
<input type="text" name="Q-1-A-1" value="" id="Q-1-A-1" class="answer answer-Q-1" maxlength="256" size="70">
</p>
<p class="answerPar">
<span class="answerLabel answerLabelinEditView">#2:</span>
<input type="text" name="Q-1-A-2" value="" id="Q-1-A-2" class="answer answer-Q-1" maxlength="256" size="70">
</p>
<p class="answerPar">
<span class="answerLabel answerLabelinEditView">#3:</span>
<input type="text" name="Q-1-A-3" value="" id="Q-1-A-3" class="answer answer-Q-1" maxlength="256" size="70">
</p>
</div>
</div>
Not sure if this will help but you can actually use arrays in inputs. Makes structuring questions/ answers in your case much easier and you don't have to worry about numbering.
<input name="Q[1][text]"/>
<input name="Q[1][answers][]" value="number 1"/>
<input name="Q[1][answers][]" value="number 2"/>
When you have multiple Q[1][answers][] it will stack them like an array index, 0,1,2,3,4.
If you were to dump the above out it would look like
var_dump($_POST);
array(
'Q' => array(
1 => (
'text' => '',
answers => array(
0 => 'number 1'
1 => 'number 2'
)
)
)
)
Now when you drag an drop you only need to find what the question id is, instead of the order of answers.
After studying this some more, I think I might try something like this next time: leave question number/answer number identifiers completely out of all form element names and IDs. When the form is submitted, question number/answer number identifiers would be added via jQuery to all form elements. This way I wouldn't have to deal with renumbering any question number/answer number identifiers during drag and drop, insert, cut/paste, etc.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
What are the best practices for avoiding xss attacks in a PHP site
I have a form that user can fill in their personal information. The user submits the form and A web service will process these information and store the information in mysql database.
But what if users enter html tag, php code, or javascript in the input field. I would like to prevent that. I know in javascript there's a method call escapehtml, in php it's strip_tags.
I just want to know the correct way of disabling the abilities to type html, php, script from input field. Do I use strip_tags for all input I received?If I use strip_tags, how to disable script? Or there is away to do it in mysql?
Thank you
This is the form:
<div>
<label class='info-title whitetext' for="name">Full Name: </label>
<input type="text" name="name" id="name" size='25' maxlength="100" required />
</div>
<div>
<label class='info-title whitetext' for="phone">Phone: </label>
<input type='text' pattern='\d+' name='phone' id='phone' size='25' maxlength='12' />
</div>
<div>
<label class='info-title' for="email">Email: </label>
<input type="email" name="email" id="email" size='35' maxlength="60" required />
</div>
<div>
<label class='info-title' for="address">Address: </label>
<input type="text" name="address" id="address" size='45' maxlength="50" required />
</div>
Try htmlspecialchars($string);
That will encode all the HTML tags to character codes (<div> would become <div>, which will be displayed without being parsed as html) This way, script tags cannot be created as well.
Be sure to clean the content before supplying it to a database though, for example by escaping with mysqli_escape_string() (others will probably advice you to use prepare statements).
It is most likely not best practice to put HTML character encoded strings into the database, as it simply increases the string size unnecessarily. (And it doesn't provide protection against SQL injection on its own)
Personally, I just like to do $out = str_replace("<","<",$in). It provides the least possible disruption for the user, and they are most likely to get out what they typed in.
If the user input may end up in an HTML attribute (for whatever reason), you should also replace " with ".
Never put user-supplied content into a <script> tag, and never save it to a file without first performing the replacements.
You cannot disable "the abilities to type html, php, script from input field", unless you check users' input in real time and specifically block them when you detect that a tag is entered. Yet I don't see a reason why anyone would want that, the proper way is to properly process users' input when submitted.
For html tags or php codes or things like that you can definitely use escapehtml or strip_tags, but if you are later putting the content into mysql, I have to remind you of sql injection attack.
If you are not familiar with the term, users can type in mysql queries that interfere with your sql queries. If we blindly insert user provided content into our "INSERT" statements, those statements might be altered by sql keywords in user's input.
For ways to prevent sql injection attack, you can take a look at wiki's page for a good start: http://en.wikipedia.org/wiki/SQL_injection#Mitigation
Good day!
I am having a problem in showing the data that I need to Update.
For example: I have a field - NAME. And user input "John Travolta" on it and enter to save it in SQL. Then to update it, he will click the update and a textbox will appear with the name "John Travolta" with it.
The problem is I am only getting "John" and the "Travolta" does not appear on the text box.
My code is as follows:
<input name="event" type="text" id="event" size="69" value=<?php print stripslashes($row_array['event'])?>>
What can i do in order for the whole name to appear in the textbox?
Thank you in advance.
You need to put quotes before and after the PHP line so HTML can parse it as a string.
otherwise you will end with value=John Travolta when you want value="John Travolta"
Use that code:
<input name="event" type="text" id="event" size="69" value="<?php print stripslashes($row_array['event']);?>">
I have one input (type radio) that I want to insert it 2 values, something like that:
<input type="radio" name="name" value1="value1" value2="value2" />
And after draw each value seperated with PHP.
There is a way to do it? (And no.. I dont want to insert input with type="hidden")
Thank you.
Well, not the way I would do it, but you could use a delimiter for your value(s)
<input type="radio" value="Value1|Value2" name="two_values" />
Then, in PHP, just list($value1,$value2) = explode('|', $_POST['two_values']);
EDIT
As #user387302 said, you would obviously be limited to not having any values containing your delimiter, for example value="One|PipedVariable|andAnother" would not work to extract two values of "One|PipedValue" and "andAnother"
Why not do:
<input type="radio" name="name" value="value1#value2" />
and then split on "#" (or any other symbol) server-side?
If I understand your question correctly, can you set the value of your radio to something like "value1-value2" and then in your php just seperate value1 from value2 with explode(). You could use any other seperator other than '-' too.
Edit
based on your exmaple:
<input type="radio" name="name" value="value1-value2"/>
Can't do it.
You need either a hidden input (which you say you don't want) or use value="value1,value2" and then explode in the PHP script.
Use this :
<input type="radio" name="name[]" value1="value1" />
<input type="radio" name="name[]" value1="value2" />
returns array