How can I secure data from being change if user used inspect element in chrome to change id, price..etc, I know I can't prevent users from using inspect element and do changes but I dont want these changes to have effect
I used this in blade to pass data from button using ajax
<button id="Item_root" data-id="{{$product->product_id}}" data-detailsfield="{{$product->product_details}}" data-titlefield="{{$product->product_title}}" data-pricefield="{{$product->product_price}}" data-photofield="{{ asset('images/' . $product->product_image) }}" class="Item_root Button_root">
and from inspect element user can see it like this:
<button id="Item_root" data-id="19" data-detailsfield="Serves 6-8 People" data-titlefield="Package # 8U" data-pricefield="105.99" data-photofield="http://localhost/crisp/public/images/Chicken-Fajitas.jpg" class="Item_root Button_root">
<div class="Item_image" style="background-image:url('http://localhost/crisp/public/images/Chicken-Fajitas.jpg');"></div>
<div class="Item_itemContent">
<div class="Item_topSection">
<span class="Item_name styles_just-right styles_base styles_spacing-base">Package # 8U</span>
<span class="Item_price styles_just-right styles_base styles_spacing-base styles_semibold">$105.99</span>
</div>
<div class="Item_description styles_small styles_base styles_spacing-base styles_line-default">Serves 6-8 People</div>
</div>
</button>
To preventing change values by users in inspect element and send it again to controller, you should use CSRF_TOKEN in input fields,
Take a look at here:
In laravel 5.6
<form method="POST" action="/profile">
#csrf
...
</form>
And also Laravel has Validation for check all input type that you defined.
Here is the documerntation :
Laravel Validation
Related
I am using Laravel 8. I have the following search box in my blade file:
<form name="searchForm" class="col-12 col-lg-auto mb-3 mb-lg-0 me-lg-3" method="POST" action="{{ url('search') }}">
#csrf
<input name="searchField" type="search" class="form-control form-control-dark" style="width: 426px; " placeholder="Search for news, symbols, tickers or companies">
</form>
I route this to my SearchController:
public function showSearchPage(Request $request) {
$field = $request->searchField;
$name = Input::get('searchField');
.
.
.
However, $request->searchField is null. My $request object looks like the following:
Besides the token, my input field is not within the request.
Any suggestions on what I am doing wrong?
I appreciate your replies!
Change the form attribute of your form to id and try the form attribute on the input field.
Normally you shouldn't have to define either of those, you might try removing the id from your form and also the form from the input field.
It is possible that the initial form attribute on your form caused some trouble.
Let me know if the second approach also worked.
What I know is that, use form id when you need to perform a validation for a script or you have multiple forms in a single page, try changing your form attribute to id, or better if you completely remove it
for search form its better to use GET method instead of POST
and instead of
type="search"
used
type="text" (for test)
added id="searchField" to your input and changed type to text form search. should work
<form name="searchForm" class="col-12 col-lg-auto mb-3 mb-lg-0 me-lg-3" method="POST" action="{{ url('search') }}">
#csrf
<input name="searchField" id="searchField" type="text" class="form-control form-control-dark" style="width: 426px; " placeholder="Search for news, symbols, tickers or companies">
</form>
Sorta basic Twig question here, I'm trying to place an iframe inside a Twig PHP form. The form works with normal text "Yellow dog, blue bunny", but it doesn't see the form as being filled out when I put an iframe code inside the form.
videos.php
'embed-code' => 'required|min:100',
VideosController.php
'embed-code' => $this->purify($this->request->getPost("embed-code")),
HtmlForm
<form method="post" action="{{ url('videos/add') }}" id="postform">
<div class="form-row form-group">
<div class="col-sm-12 col-lg-12">
<label>YouTube Embed Code*</label>
<input type="text" class="form-control {{ errors['embed-code'] is defined ? 'border-danger' : '' }}" name="embed-code">
</div>
</div>
Again, the form works 100% WITH NORMAL TEXT, but it doesn't recognize iframe code, it will just say "embed-code is required"
i have a laravel page which contains a reserve form i redirect my user after selecting date now for number of people and counting the price i use vuejs but i want to pass the data to the laravel form and submit that from laravel with all the other data so here is a part of my code :
your final price
<input type="number" style=" background-color:#fff; border:none" v-model="finalPrice" disabled/>
and here is js part i cuted out code for better reading :
<script>
this.epic_price = this.sum_price + (this.total_price * this.sum_day)
this.$emit('input', this.epic_price)
</script>
although this form is not complete yet but i want to use it here in this page so i just paste it consider the form is not complete at all :
<form class="m-form m-form--fit m-form--label-align-right m-form--group-seperator-dashed"
action="/properties/savereserve/" method="post">
<div class="row">
#foreach($price as $key => $prices)
<div class="col-lg-2 text-center">
{{$date[$key]}}
<hr>
{{$prices}}
</div>
#endforeach
</div>
</form>
//exacly on the same page i use my vue component so they are on the same page
<reserve
:sum_price="{{$sumprice}}"
:sum_day="{{$sumday}}"
:base_price="{{$property->base_price}}"
:property_id="{{$property->id}}"
:user_id="{{Auth::user()->id}}"
></reserve>
I have set a route in my Laravel project, if it was with href I would have done it like this {{route('destination'),$country_from,$country_to}} but now I want to pass in the form data as the $country_from and $country_to please how can I do this
<form action="{{route('destination')}}">
#csrf
<input type="text"
class="search-form flexdatalist"
name="origin"
placeholder="country_from"
data-search-in='name'
data-min-length='1'
/>
<img src="{{URL::asset('img/location.svg')}}" class="search-icon origin" width="28px" height="21px"/>
</div>
<div class=" col-md-3 mx-0 px-0">
<input type="text"
class="search-form flexdatalist"
name="country_to"
data-search-in='name'
data-min-length='1'
placeholder="Travelling to"
/>
<img src="{{URL::asset('img/location.svg')}}" class="search-icon destination" width="28px" height="21px"/>
</div>
<div class="col-md-3 mx-0 px-0">
<input type="text"
class="search-form flexdatalist"
name="residence"
data-search-in='name'
data-min-length='1'
placeholder="Residing In"
/>
<img src="{{URL::asset('img/location.svg')}}" class="search-icon residence" width="28px" height="21px"/>
</div>
<div class="col-md-3 px-0">
<input type="submit" value="Search Visas" class="btn btn-primary search-btn"/>
</form>
Route
Route::get('/{country_from}/{country_to}', 'DestinationCountriesController#index')->name('destination');
I don't understand exactly what you want to do:
You want to redirect the user to the URL after form submit, and use form values in the redirection URL?
In your form POST controller, retrieve inputs from $request and return a return redirect()->route('route_name', ['country_from' => $request->country_from, 'country_to' => $request->country_to])
You want to use URL values as input values, so on page load, inputs are filled with URL values?
Your "destination" route controller method accepts as parameter $country_from and $country_to as you declared those variables with your route. You so have those variables in your controller, you can sanitize them, bind them to the returned view (eg: return view('view', $data) or return view('view', compact('country_from', 'country_to'))), and accessed it as usual in your blade.
You can also access URL values using \Request::route('country_from'). You should sanitize this values before using it as input.
use those variables in your blade as input value attributes, or placeholder, anywhere {{$country_to}}.
I've just started on using Symfony (version 2.2.1) and have ran into a little problem.
I have a plain HTML form (non-Symfony) in IntraController->indexAction and I want it to post to AuthController->loginAction. When I want to check in loginAction to see if the POST is getting passed to it, it just shows me an empty object.
My HTML form is as follows:
<form class="form-signin" action="auth/login" method="post">
<h2 class="form-signin-heading">Admin Access</h2>
<div class="input-prepend">
<span class="add-on" style="padding: 7px 9px;"><i class="icon-user"></i></span>
<input type="text" name="a_username" class="input-block-level" placeholder="Username...">
</div>
<div class="input-prepend">
<span class="add-on" style="padding: 7px 9px;"><i class="icon-lock"></i></span>
<input type="password" name="a_password" class="input-block-level" placeholder="Password...">
</div>
<button class="btn btn-success" name="post_auth" type="submit">Authenticate</button>
<a class="btn" href="../">Return to Homepage</a>
</form>
And this is how I'm trying to get the POST request in loginAction:
public function loginAction(){
return new Response(serialize($this->getRequest()->request->all()));
}
I've also tried getting a single POST item using:
return new Response(serialize($this->getRequest()->request->get('a_username')));
Sadly I'm getting an empty POST so I'm guessing that it gets emptied when it goes to auth/login. How could I preserve the POST data so it doesn't get emptied?
You are missing the CSRF key. You won't be able to use static forms like this unless you explicitly disable CSRF protection.