The page gets executed by clicking on the submit button of the form but I can't get the data insered into the form.
The php and the html code work if they are uploaded on the server like a file outside Joomla, but the code doesn't work if the html code gets uploaded on the Joomla articles (inside the database).
if i write something random with echo it gets displayed correctly
Php code
<php
$codice = $_GET["sblocca"];
echo $codice;
?>
Html code
<form action="/home/arioxurl/public_html/scriptPHP/ChiusuraPrestazione/generaFattura.php" class="form-horizontal" method="get">
<fieldset>
<!-- Form Name -->
<legend>Chiusura prestazione</legend>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="sblocca">inserisci il codice a sei cifre per sbloccare il pagamento</label>
<div class="col-md-4">
<input name="sblocca" type="text" placeholder="XXXXXX" class="form-control input-md" required="">
<>
<>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="NumFatt">inserisci il numero della fattura, deve essere incrementato di uno rispetto all'ultima generata (anche all'esterno di dashup)</label>
<div class="col-md-4">
<input id="NumFatt" name="NumFatt" type="text" placeholder="numero fattura es: 312" class="form-control input-md">
<>
<>
<!-- Multiple Checkboxes -->
<div class="form-group">
<label class="col-md-4 control-label" for="Conferma"></label>
<div class="col-md-4">
<div class="checkbox">
<label for="Conferma-0">
<input type="checkbox" name="Conferma" id="Conferma-0" value="1">
Conferma numero fattura
</label>
<>
<>
<>
<!-- Button -->
<div class="form-group">
<label class="col-md-4 control-label" for="Download"></label>
<div class="col-md-4">
<button name="annulla" class="btn btn-info">Annulla</button>
<input type="submit" value="Sblocca pagamento e scarica fattura" class="btn btn-primary">
<>
<>
</fieldset>
</form>
Directly accessing data with either $_GET and $_POST is not safe and data needs to be filtered before you insert into database. Leaving aside that we have to understand that Joomla has its own way of retrieving data from a form. You have to use JInput to access your data. First you have to call the JInput class this way
$jinput = JFactory::getApplication()->input;
This is the way to get any variable
$variable = $jinput->get('varname', 'default_value', 'filter');
Filter is necessary to make your code safe so that in Alhanumeric input none by mistake enters special characters or do any sql injection. There are several filters and the list you can get here https://docs.joomla.org/Retrieving_request_data_using_JInput.
You also have to understand how forms are created and submitted in Joomla. You can go through this link to know more https://docs.joomla.org/J3.x:Developing_an_MVC_Component/Adding_a_front-end_form.
$_GET should always work, regardless - if you can't see the values, then this means that the page that you are checking the $_GET array is a different page (which is typically what happens when you check the $_GET array on the submitted page). $_POST should also always work, but, in most cases, the form submissions are stored in a nested array of $_POST.
As others have mentioned, you should use Joomla's function to retrieve $_GET and $_POST values, mainly because these functions are more secure.
Related
It's probably something incredibly simple, however I feel like my brain is fried from staring at a computer screen for so long, so any pointers would be appreciated...
I cannot seem to get $_POST to work on my form. When I switch the method to GET - it works fine, but I don't want to have to repeatedly pull form data from the URL as it's quite a lengthy form and would take extra steps etc.
My form data:
<form action="<?= site_url() ?>shop/mock/form/<?= esc($first['gtin']); ?>" name="myForm" method="post">
<div class="p-3 p-lg-5 border">
<div class="form-group row">
<div class="col-md-12">
<label for="brand_name" class="text-black">Brand Name </label>
<input type="text" value="<?= esc($_POST['brand_name']); ?>" class="form-control" id="brand_name" name="brand_name">
</div>
</div>
<?php if (isset($_POST['brand_name'])): ?>
<div class="form-group row">
<div class="col-md-12">
<label for="subbrand_name" class="text-black">Subbrand Name </label>
<input type="email" value="<?= esc($_POST['subbrand_name']); ?>" class="form-control" id="subbrand_name" name="subbrand_name" placeholder="">
</div>
</div>
<?php endif; ?>
</div>
</form>
The only thing I can think of is that I'm sending the form back to the same address everytime, and trying to grab the $_POST data from the latest submission, and repopulate the input values so that the form builds with every submission and reveals the next input etc. var_dump($_POST) shows an empty array every time.
Where am I going wrong?
If you want to receive otp in the form then action empty, if you want to receive from other action, you must put the value into $_SESSION
Good day all,
I have a question I looked it up everywhere and I still seem stuck
If I submit a form via post -> variable -> database and then redirect to another
page using header(location:page.php); in the time it takes to redirect and I
click on the submit button it still inserts duplicate data into the database
how do I prevent that from happening? as I read on tokens but I can't see how it
will work without processing my form data on another page and I don't want to
do that any help please ??
please see below html :
<form name="frmall"class="col s12" action="" method="post">
<!--basic info------------------------------------------------------------------------------------------------------------->
<div class="divider"></div>
<div class="section">
<h5>Basic Member Information</h5>
<div class="row">
<div class="input-field col s6">
<input id="first_name" name="txt_name" type="text" class="validate" value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_name']; } ?>">
<label for="first_name">First Name</label>
</div>
<div class="input-field col s6">
<input id="last_name" type="text" name="txt_surname" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_surname']; } ?>">
<label for="last_name">Last Name</label>
</div>
<div class="input-field col s6">
<input id="icon_telephone" type="tel" name="txt_number" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_number']; } ?>">
<label>Telephone</label>
</div>
<div class="input-field col s6">
<input id="email" type="email" name="txt_email" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_email']; } ?>">
<label for="email" data-error="wrong" data-success="right">Email</label>
</div>
<div class="input-field col s6">
<input id="idnumber" type="text" name ="txt_idnumber" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_idnumber']; } ?>">
<label>ID Number</label>
</div>
</div>
<button class="btn waves-effect waves-light" type="submit" name="btnCancel">Cancel</button>
<button class="btn waves-effect waves-light" type="submit" name="btnContinue">Continue</button>
</div>
</Form>
PHP (please not its just for en example):
if (isset($_POST['btnContinue'])) {
$Conn->insert_main_member($name, $surname, $number, $idnumber, $email);
header(location:page.php);
}
So how do I prevent double submit without disabling the button ? please assist
Clear the post variable and place the header(...) in the right place (right after the db query execution).
The question is not very clear...
If you have problems with submitting the form multiple times and inserting the same values, you can do a check - either in your script (connect to database and check) or create a UNIQUE index in your database table - then the record will not be inserted, if it already exists.
If you have problems with too many people on the site and some data is inserted while it shouldn't and it should wait until something else is completed, then you can use LOCK TABLES command to send to your database.
If you have problems with uniquely identifying transactions, you can also use a token (e.g. a random hash generated before your form is submitted), for example as a hidden form field to send along with the data.
1st quick solution :
You could disable your submit button with javascript after 1st form submit to prevent any other submit before redirection...
2nd solution :
Add a token (generated server side) to your HTML form in a hidden input.
On form submit your token will be sent with other POST data.
Check your token server side before insert data into your database
Edit: Perhaps a sample of your code (server side + html form) could help us to give you a more appropriate answer.
after many days of trying to get a previously working php form converted to submitting the variables inside a new div I realized that I'm missing something. Other posts show javascript, but Iv'e never used that before and don't understand the need. The new page draws correctly, but the php variables are not being received on the destination page.
HTML for the submit,
<form action="entrance2.php">
<div class="medium-12 columns m-b20"><h4 class="heading">Existing users log-in here :-</h4></div>
</div>
<div class="row">
<div class="user medium-12 columns text-center m-b15"><img src="images/user-img.png" alt=""/></div>
</div>
<div class="row">
<div class="medium-10 columns medium-offset-1"><label for="User Name"></label>
<input id="OwnerEmaili" type="text" placeholder="User Name" name="UserName"></div>
</div>
<div class="row">
<div class="medium-10 columns medium-offset-1"><label for="Password"></label>
<input id="OwnerPasswordi" type="password" placeholder="Password" name="Password"></div>
</div>
<div class="row">
<div class="medium-12 columns text-center"><button class="grd-button">Log In</button></div>
<input type="submit" id="save" name="save" value = "Submit"/>//simple submit for testing
<div class="grd-button1" onClick="document.forms['submit-form'].submit();"></div>
</form></div>
</div>
</div>
Receiving page,
<?php
$p_OwnerEmaili=$_POST["OwnerEmaili"];
$p_OwnerPasswordi=$_POST["OwnerPasswordi"];
echo "$p_OwnerEmaili;$p_OwnerPasswordi";
Only shows the ;.
Is javascript required to submit from inside a div?
You're accessing the wrong items.
You'll need to set your forms input name attributes to this if you want to access them the way you currently have in your php script:
<input id="OwnerEmaili" type="text" placeholder="User Name" name="OwnerEmaili">
And
<input id="OwnerPasswordi" type="password" placeholder="Password" name="OwnerPasswordi">
That will allow you to access them as you do in your PHP script.
You can always check what values have been sent to your php script by using var_dump() or print_r().
<?php print_r($_POST); ?>
Would've shown you that you had UserName & Password set instead of what you wanted.
As Ghost pointed out in the comments, your form will always send user input via GET if you dont specify a method in it. So set this in your form tag:
<form action="entrance2.php" method="post">
I've made a html form using Bootstrap. I've used "required" to ensure data is populated in certain fields for the form to be submitted. This form goes to a php script that opens a database connection, inputs the values as per form submitted, directs to a thank you page and closes the connection.
Its my first hand coded form and my concern is security. How do I keep hackers/spammers at bay?
Can you point out, please, issues with my code so I can address them before I put this live. Please be gentle, Im a newbie with about 3 months of coding experience.
Please note the original form actually has 9 fields but I've omitted it presuming those details wont be necessary for this discussion.
HTML Code
<form class="form-horizontal" method="post" action="vacancy.php">
<div class="form-group">
<label for="company" class="col-sm-3 control-label">Company Name *</label>
<div class="col-sm-6">
<input type="text" name="company" class="form-control" placeholder="Enter Company Name" required />
</div>
</div>
<div class="form-group">
<label for="contactperson" class="col-sm-3 control-label">Contact Person *</label>
<div class="col-sm-6">
<input type="text" name="contactperson" class="form-control" placeholder="Enter Full Name" required />
</div>
</div>
<div class="form-group">
<label for="designation" class="col-sm-3 control-label">Designation *</label>
<div class="col-sm-6">
<input type="text" name="designation" class="form-control" placeholder="Enter Designation" required />
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-6">
<button type="submit" class="btn btn-primary">Submit</button>
<button type="reset" class="btn btn-default">Clear</button>
</div>
</div>
</form>
PHP Code
<?php
$con=mysqli_connect("localhost","db2u","password","db2");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO vacancy (Company, ContactPerson, Designation)
VALUES
('$_POST[company]','$_POST[contactperson]','$_POST[designation]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
header("Location: thankyou.html");
mysqli_close($con);
?>
EDIT : So it seems I need validation. Im looking at jqBootstrapValidation. Even considering htmlspecialchars (which ever is easier). I believe both would do an equally good job right? PDO is a bit too much for me at the moment.
Your code could be compromised by SQL injection http://en.wikipedia.org/wiki/SQL_injection.
Try use htmlspecialchars or better use PDO instead of OLD and DANGEROUS mysql_* functions.
You have not validated any field in your php code,
you should put validation in php file too, any user can remove "required" from input and can post the data.
Never trust the user input. You should escape the strings with mysqli_real_escape_string() function.
http://www.php.net/manual/en/mysqli.real-escape-string.php
$company = mysqli_real_escape_string($_POST[company]);
$contactperson = mysqli_real_escape_string($_POST[contactperson]);
$designation = mysqli_real_escape_string($_POST[designation]);
$sql="INSERT INTO vacancy (Company, ContactPerson, Designation) VALUES ('$company','$contactperson','$designation')";
I'm making a tool to pull eve API data and I use a GET form to take the data and get access to the key ID and code to access the data. This then pulls the first character ID on the key and grabs all that character data.
for example the url is:
whatever.com/APIChecker/?keyID=123456&code=ABCDEFGHIJKL
I pull these variables out via the session variables that they create.
What I'm now trying to do is now have a for loop which puts up buttons for each character on the key so you can flick between characters, I'm trying and have tried get and post methods hidden in the button but can't seem to get my desired result. It seems to not be taking out the variable that i'm trying to pass and adding it into the $_SESSION array or the $_POST or the $_GET - i've tried print_r on all these variables but I can't get any output.
Here is my primary form thats on my main page:
<form method="get" action="APIChecker/" >
<legend> Submit an API Key</legend>
<div class="control-group">
<label class="control-label">Key ID:</label>
<div class="controls">
<input type="text"
class="input-small"
name="keyID""/>
</div>
</div>
<div class="control-group">
<label class="control-label">Verification Code:</label>
<div class="controls">
<input type="text"
class="input-xxlarge"
name="vCode"
/>
<p class="help-block"></p>
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn">Submit API</button>
</div>
</div>
What I'm trying to do now is get another session variable from another page - which updates a variable and refreshes the page with the keyID and code unaltered.
As in:
whatever.com/APIChecker/?keyID=123456&code=ABCDEFGHIJKL **&charID=654321**
so $_SESSION['keyID'] = 123456
& $_SESSION['code'] = ABCDEFGHIJKL
& $_SESSION['charID'] = 654321
what I've tried is:
<form method="get" action="" >
<div class="control-group">
<div class="controls">
<button type="submit" class="btn">
<input type="hidden"
name="charID"
value="$charID"
/>
</button>
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn">Submit API</button>
</div>
</div>
</form>
You can't output PHP values directly in HTML like this: value="$charID"
Try this instead:
value="<?php echo $charID; ?>"