Let us consider the following html :
<!doctype html>
<html>
<body>
<form method="POST" action="submit.php">
<input name="name" placeholder="Enter your name">
<button type="submit">Submit</button>
</form>
</body>
Now to my understanding this code passes a list of arguments to a the php file which is mentioned in the action attribute of the method .
I understand that the code file is in the server system .
Now let us consider the code for submit.php as follow :
<?php
$name = $_REQUEST['name'];
?>
<!doctype html>
<html>
<body>
Hello <?php echo $name;?>
</body>
</html>
These codes are taken from an answer to my last question .
Now after the submit button is clicked . The client requests for a new page from the server .
I wanted to know what exactly is happening here . Does the server sends this code file to the browser and the php code is executed in the browser or submit.php , generates an html file according to the php code in it and that html file is sent to the client ?
Where is the code getting executed in the browser or in the server . With what I have read till now gives a feel that the code is being executed in the server but to be just sure .
Further , if the case is like the latter , i.e., the inputs are sent to server and the server based on the php code generates an html file that is sent back to the browser , then isn't it a bit inefficient in sending requests the server even for smaller changes ?
So what exactly is happening and where is the code getting executed ?
The PHP source is on the server and remains there. It is executed there, and the result (which is typically HTML, but can be anything else too), is sent as a response to the browser, so you got that right.
The advantage is that the PHP code itself is hidden to to user, and it can do advanced stuff like accessing files and databases which are hidden, and usually unaccessible directly for your website visitor.
The PHP code may be accidentally exposed when PHP is not set up properly. In that case, the code won't run but may be returned as plain text by accident. If you ever see PHP code in your browser, it's almost certainly due to an incorrect server set-up.
Even a small change should usually be done by the server. Theoretically it's inefficient to do those requests all the time, but in reality a request is not a big deal. If you only want to update the page itself, without doing anything special to the server, you could use JavaScript which can run in the browser as part of your page, and which can manipulate the loaded HTML document.
The whole process or execution life cycle can be explained in the following two steps:
Step-1:
Server-side PHP blocks enclosed in <?php ?> tags are executed and removed from the code base on the server on every request.
Step-2:
Client-side script and HTML tags left in step-1 are send for execution and display in the browser.
I hope the explanation is easily understandable now.
Related
I am collecting data in a form which calls on a php file to put the data into mysql. It works fine, but after the data gets into the database, the browser just shows a blank page and in the browser input bar is the line
http://nameofmyste.net/mfb1.php
It is as though the HTML sent me to the php code where runs fine on the server then it just gets stuck, and stays there. How do I "get back" to my html script?
The call form action command looks like:
<form class="form-horizontal" role="form" action="mfb1.php" method="post" >
The php code exists in the file mfb1.php and works fine and just terminates with the standard closing "?> " at the end.
Thanks for your help.
Sorry for the delay in getting back to the question, and very sorry for my incorrect use of the forum, I am new and learning...
I have done some work since the original question and have created a very simple AJAX example that should work fine, but it doesn't. Here is the HTML file with the js function localform. It uses a synchronous AJAX call (3rd parameter set to "false") to invoke my php code, which is below as well.
It runs fine, I see the phrase "we made it" which replaces the "replace here" text on the html page, just like it is supposed to. But, within half a second, the "we made it" goes away and the "replace here" text shows up again.
It is as though the html code were running again form the top. The address in the browser bar, after the submit now reads
http://bruwptest.netne.net/Test%20Files/ajaxtester.html?
The question mark at the end is new.
Here is the code:
ajaxtester.php:
<?php
echo "we made it";
?>
ajaxtester.html:
<!DOCTYPE HTML>
<html>
<body>
<h1>AJAX Tester</h1>
<p>Echo here from the server: <span id="text">replace here</span></p>
<form onclick="localform()">
<button type="submit" >Submit</button>
</form>
<script>
function localform() {
var xhttp = new XMLHttpRequest();
xhttp.open("GET", "ajaxtester.php",false);
xhttp.send();
document.getElementById("text").innerHTML = xhttp.responseText;
}
</script>
</body>
</html>
My question is why the html page is refreshing and overwriting the "we made it" that I just wrote there from the php?
It is as though the HTML sent me to the php code
Well, yes. That's what you specified:
<form class="form-horizontal" role="form" action="mfb1.php" method="post" >
<!-- right here ----^ -->
then it just gets stuck
Well, what does mfb1.php do? What output does it generate? If it doesn't render any HTML to the browser, then no HTML is rendered to the browser.
Or if there's an error and error reporting isn't turned on, there may be no valid output to render to the browser. Turn on error reporting during debugging, check your logs, etc.
You can, within that script, output any HTML that you like. Anything outside of <?php ?> tags is just sent directly to the client, so put any HTML that you want there.
Alternatively, at the logical completion of the script you could also redirect the user to another page:
header('Location: somePage.html');
This would return a response to the user's browser indicating that it should make a new request for somePage.html.
You have to send to client a redirect location to your original HTML page; at the end of your php script, write:
header( "Location: YourHtmlFileUrlHere" );
exit;
The exit command is not mandatory, if the command is at the end of script.
Please note: The header command fails if before in page there are ANY OUTPUT
Sorry, this question must be repeated, it already asked the following link, but the answer is not cleared.. So can anyone please solve this problem???
exe not giving output in php
I am trying to call a Qt generated executable file through PHP code which fails to run the exe.. The same exe runs on double-click and through command line..
Below is my code
<?php
$exec_cmd = exec('"./myEXE"');
?>
<html>
<body>
<form>
<input type="submit" value="RUN" onclick="$exec_cmd"/>
</form>
</body>
<html>
Thank You...
PHP is a server side language. It means that the php code is compiled and executed in the server and the output is sent to the client.
What you are trying to do is to use PHP as client-side language, like JavaScript.
The porgram is executed when the page is displayed and you want it to be displayed once the user clicks on the button, for that you must use JavaScript.
I would use AJAX to make the request to the server so it can execute the program but if you don't want to use javascript you can set the form to redirect the page with a GET or POST parameter and check in PHP if that parameter is set
I have a quick question about PHP, say I am creating a form and there is a code snippet as follows:
<?php
if($_POST){
do something here
}else{
do something else
}
?>
When does this script run? I am more familiar with python and java, where code runs line by line, a brief explanation would be appreciated,
Thanks!
The script runs whenever the browser sends a request to the server with the URL scriptname.php. This is no different from if you use python or java to implement your server-side coding.
If the user simply goes to the URL via a link or entering it into the browser's address bar, there will not be any POST parameters. $_POST will be empty, and the do something here block of code will be executed.
But if the script is used as the action URL of an HTML form, the inputs will be in $_POST, and the do something else block will be executed.
This allows the same script to be used to display a form and also process the form data when the user submits it. This is a pretty common idiom in PHP webpage design.
One of the unique things about PHP is that it's embedded within a page of ordinary text (usually HTML, but it can actually be anything). When PHP is processing the file, anything that's outside <?php ... ?> is simply sent directly to the client. When it encounters <?php, it starts executing it as a script, until it reaches ?>. So if you have a PHP file like this:
<html>
<body>
<?php echo "This is some text"; ?>
</body>
</html>
it will put This is some text in the body of the resulting HTML document.
On my web site I have a TEXTAREA form tag which is intended to accept some HTML content and store it in MySQL database. Everything works fine except when there's script inside <SCRIPT></SCRIPT> tags. If I try to store such a script I get some strange message that I don't have a permission for accessing my php file (containing this TEXTAREA). I can store <SCRIPT> tag sontent in my database through cPanel (mySqlAmin console) but not through web form (POST method used). It seems to me that POST method on ISP's Apache server checks POST methods contents. Can somebody explain to me what's going on here and what could be the solution?
This is the exact error message:
Forbidden
You don't have permission to access /para-actions.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
para-actions.php is the PHP with code that receives POST content from FORM and stores it into database. (As I said, it works fine with all other content except when there's <SCRIPT>...</SCRIPT> inside it!)
Even more, the same PHP code works fine on one hosting server and not on another one (the same web hosting provider). The only difference I noticed is that hosting server where I can store <SCRIPT> into database uses PHP v5.2.17 while other one which does not allow <SCRIPT> uses PHP v5.4.32.
In this recent question: Http 406 error on javascript ajax post. Accept header set to accept all one OP had the exact same problem. And Usually mod_security provides some rule for detection of <script in POSTed content.
It's quite certainly your problem. And you cannot alter the ISP mod_security rules.
The only thing you can do, as stated in the previous linked answer is to encode your POST so that mod_security will not detect the strings inside. Using Base64 encoding is usually the simpliest way of managing it.
I just did a simple test on localhost and it worked using this code
<html>
<head>
<title>Untitled Document</title>
<?php
if ($_POST['data'])
{
$con=mysqli_connect("localhost","root","password","abkarino");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql = "INSERT INTO `abkarino`.`test` (`script`) VALUES ('".mysqli_real_escape_string($con,$_POST['data'])."');";
mysqli_query($con,$sql);
}
?>
</head>
<body>
<form action="script.php" method="post">
<textarea name="data" cols="10" rows="5"></textarea>
<input name="submit" type="submit" value="submit" />
</form>
</body>
</html>
and it worked with no error.
which means: 1) you have something wrong with your code.
or 2) mod_security is preventing it to get rid of injecting scripts to your page just like what Nikhil Mohan said.
I'm not sure what you're trying to do, but if you're allowing your users to upload a script, or something, but can't have them type the tags tell them to write the script without the tags. When you post the script add the tags yourself.
a robust method would be allow them to do what they want. If they type the script with tags parse the content and remove the scripts tags before putting it in the DB. There must be a regex function that will allow you to search their entered content for <script> and replace it with ' '. Then search for </script> and replace it with ' '. Then you'll have tagless content to put in your db, or on your page.
try
mixed preg_replace ( mixed $pattern , mixed $replacement , mixed $subject [, int $limit = -1 [, int &$count ]] )
Hope that's at least somewhere in the ballpark of what you're trying to do, lol.
Please do encoding and decoding before POST by using base64_encode and base64_decode the result.
I'm developing a website and in my attempt to make friendly URLs without recurring to mod_rewrite (because chances are my client's server doesent allow it), I came up with this system:
index.php expects a variable called $seccion, which should contain a relative path to a second file with a particular section. That way I keep the static stuff (header, footer, sidebars) all in index.php, and the only thing that changes is what's in the middle.
Then, if you go to /signup there is only an index.php which has:
<? $seccion = 'signup.php'; #include '../index.php'; ?>
The URL will be www.root.com/signup but it will actually be including www.root.com/index.php and loading www.root.com/signup.php in the center area.
This arrangement also means that everytime I need to link to a file, I have to use an absolute URL.
The problem is that now for some reason POST doesen't seem to be working. Suppose I've got a form in www.root.com/signup and the action is www.root.com/welcome, and it's supposed to send input through POST. Well, the information never gets through. PHP returns $_POST = Array( )
Any ideas?
edit: I forgot to mention that I had already come across the same problem previously in the development, and my solution back then was using ajax, and sending a POST request via jQuery. It's an elegant solution, but not what I always want.
It sounds like something else is going on like a redirect somewhere - do you have any mod_rewrite rules in play that might be redirecting "path/" to "path" or anything like that? Firebug for Firefox will show any redirects in the NET tab.
Anyway, I would recommend that you drop this method and instead use a router to handle your requests. If you look at MicroMVC, CodeIgniter, or most other MVC frameworks you will find that they use a single index.php file which is passed a URL (/blog/read/45) and from there uses a routing file to know to load the "blog.php" file and call "read(45)" or (blog->read(45)).
Try this. This will allow you to have one page as your template. Setup all your other pages including your template to them. Then allow you to do POST within the pages.
File: _design.php
<html>
<head>
<title>Site</title>
</head>
<body>
<?php include $file; ?>
</body>
</html>
File: index.php
<?php
$file = 'pg/index.php'; // this gets content
include $file;
?>
File: pg/index.php
<?php
if(isset($_POST)){
echo '<pre>';
print_r($_POST);
echo '</pre>';
}
?>
<form action="?" method="post">
Name: <input type="text" name="name" />
<input type="submit" value="Send" />
</form>
I ran into a similar problem the other night with a friend who had setup PHP on his windows machine.
For some reason his simple form wasn't passing either post or get data through to his PHP script. There was nothing wrong with his code it was something to do with the PHP or Apache setup. After he installed Aptana and used it's internal server the form worked correctly.
Try testing a simple form first and make sure the _POST data is actually being picked up by PHP.