How to manage custom error message with php - php

How can I put a custom error message with php? The x-moz-errormessage works great but not so the oninvalid="this.setCustomValidity.
// Formular erstellen
$Formular = $javascript . '
<br><p class="button_center"><a class="btn btn-primary" href="feedback_en.php">to the feedbacks</a></p>
<form name="Form" action="feedback_en.php?eintragen" method="post" accept-charset="UTF-8">
<p><br>
<label class="form-control-label">Your name
<input required="" oninvalid="this.setCustomValidity('Please fill this field.');" onchange="try{setCustomValidity('')}catch(e){};" x-moz-errormessage="Please fill the field!" type="text" class="form-control" name="name" value="' . $name . '" size="35" maxlength="35">
</label>
</p>
'


Escape the surrounding apostrophs in setCustomValidity('Please fill this field.'), so that they can be treated by PHP as literal characters, not as closing/opening characters of a PHP string.
Read Escape sequences.
So, correct is:
$Formular = $javascript . '... oninvalid="this.setCustomValidity(\'Please fill this field.\');" ...';
If, for example, you are writing this simple PHP code in an test.php page:
<?php
$myName = 'My name is 'Julie'.';
echo $myName;
then you'll receive the following error:
Parse error: syntax error, unexpected 'Julie' (T_STRING) in
[path-to]/test.php on line 3
Whereas the following code with escaped apostrophes will work:
<?php
$myName = 'My name is \'Julie\'.';
echo $myName;

Related

PHP code inside HTML value attribute

there!
I want to do a database search and display the result back to the user in a pre-populated HTML form.
I located the exact part in the code that is not working but I can't understand why PHP is not picked by the server. I'm using UwAMP.
To illustrate the problem here is my short snippet of code that I need help with:
<form id="st_reg" action="" method="POST">
Student Number:
<input type="number" name="s_num" min="1000000" max="3000000" > </br>
<input type="Submit" value="Search">
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['s_num'])){
$errors[] = "You forgot to enter the Student No!";
}
else{
$st_no = trim($_POST['s_num']);
}
if(empty($errors)){
//Open database connection
require('../../connect_to_database/mysql_connect.php');
//Check if the student is already in the database
$query = "SELECT * FROM student WHERE student_no = $st_no";
//Run the query
$result = mysqli_query($db_connection,$query);
if(!$result){
echo "The student does not exist!";
echo"Please <a href='index.html'>go back</a> and choose another action!";
}
elseif($result){
echo "<h2>Student Details:</h2>";
while($row = mysqli_fetch_array($result)){
echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="<?php if(isset(\$row[\'student_no\'])) echo \$row[\'student_no\']; ?> ">
AND the PHP code inside VALUE ATTRIBUTE is not executing when it should in reality. Don't bother about GLOBAL php tags not being closed 'cause they are in the file (I'm not that dump).
Please note all this code is inside a .php file with HTML code. This is a just the processing part after the form is submitted. I saved my time by using single-quotes for echo and escaped the sigle-quotes along the way where DB access was required. I tried curly brackets around variables, echo with double-quotes escaping double-qoutes within it but none of these attempts were successful. This is strange because I can perfectly echo $row['student_no'] outside of this context and is running fine.
I also looked at similar questions on this website. They were close but none of them had nearly to this context. I am open to any suggestions and better than that solutions.

echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="<?php if(isset(\$row[\'student_no\'])) echo \$row[\'student_no\']; ?> ">
should look like this:
echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="' . (isset($row['student_no']) ? $row['student_no'] : '') . '">
CONTINUATION OF STRING...

The following will do what you want.
value="<?= (isset($row["student_no"]) ? $row["student_no"] : "") ?>"
You don't need to worry about all of the escaping when you're inside the PHP chunk already.

I have troubles with php readfile to insert txt files with varying names into html

I am creating a web page where the user select a number via a form.
HTML:
<form method="POST" style="font-size: 30px">
<input type="number" id="idname" name = "na" value=168 />
<label for="idname" >Number< /label>
<p><input type = "submit" name = "gesendet" value="Submit" />
<input type = "reset" /> </p>
</form>
using php I want to insert a txt file according to the number, such as 12_.txt or 166_.txt
<?php
$txtfile='"txt/' . $_POST["na"] . '_.txt"';
readfile($txtfile);
?>
The $txtfile string is O.K when "echoing" and the readfile function works with me when I read a file without the $_POST variable, but this simple code is just not working for me !!

Change:
$txtfile='"txt/' . $_POST["na"] . '_.txt"';
To:
$txtfile = 'txt/' . $_POST["na"] . '_.txt';
(Notice the extra double quotes)

php file showing syntax error when using null values

I am getting the following error message:
Parse error: syntax error, unexpected ''.$E_phone_No."'' (T_CONSTANT_ENCAPSED_STRING) in E:\Xamp\htdocs\CreateEmployee.php on line 28
What is the error, I am facing a problem and I can't find the error.
<?php
$conn=oci_connect("system","123","localhost/orcl");
ob_start();
$current_file=$_SERVER['SCRIPT_NAME'];
$massage= "";
if(isset($_POST['E_First_Name'])&&
isset($_POST['E_Last_Name'])&&isset($_POST['E_Gender'])&&
isset($_POST['E_address'])&&isset($_POST['E_phone_No'])&&
isset($_POST['E_category'])&&isset($_POST['EMP_salary'])&&
isset($_POST['work_hour'])&&isset($_POST['Date_Of_Join']) )
{
$E_First_Name= $_POST['E_First_Name'];
$E_Last_Name = $_POST['E_Last_Name'];
$E_Gender = $_POST['E_Gender'];
$E_address = $_POST['E_address'];
$E_phone_No = $_POST['E_phone_No'];
$E_category = $_POST['E_category'];
$EMP_salary = $_POST['EMP_salary'];
$work_hour =$_POST['work_hour'];
$Date_Of_Join=$_POST['Date_Of_Join'];
if(!empty($E_First_Name)&&!empty($E_Last_Name)&&
!empty($E_Gender)&&!empty($E_address)&&!empty($E_phone_No)&&
!empty($E_category)&&!empty($EMP_salary)&&!empty( $work_hour)&&!empty($Date_Of_Join))
{
$sql = "insert into Employee (E_First_Name,E_Last_Name,user_name,password,E_Gender,E_address,E_phone_No,E_category,EMP_salary,work_hour,Date_Of_Join) values('".$E_First_Name."','".$E_Last_Name."',NULL,NULL,'".$E_Gender."','".$E_address."',"'.$E_phone_No."','".$E_category .'",'".$EMP_salary.'",'". $work_hour.'","'.$Date_Of_Join.'")";
$stid = oci_parse($conn,$sql);
$r = #oci_execute($stid);
if($r)
{
echo ' data is inserted...<br>';
}
else
{
echo 'data was not inserted...<br>';
}
}
else
{
$massage = "please fill up all the form correctly<br>";
}
}
?>
<html>
<head>
<title>Create FoodItem Table</title>
<style>
body
{
background:orange;
}
</style>
<head>
<body>
fill all the forms for inserting data:<br><br>
<?php echo $massage;?>
<hr color="green">
<form action="<?php echo $current_file;?>" method="POST">
E_First_Name:<br> <input type="text" name ="E_First_Name" ><br><br>
E_Last_Name:<br> <input type="text" name="E_Last_Name" ><br><br>
E_Gender:<br> <input type="text" name="E_Gender" ><br><br>
E_address:<br> <input type="text" name ="E_address"><br><br>
E_phone_No:<br> <input type= "text" name="E_phone_No" ><br><br>
E_category:<br><input type="text" name="E_category"><br><br>
EMP_salary:<br><input type="text" name="EMP_salary" ><br><br>
work_hour:<br><input type="text"name="work_hour"><br><br>
Date_Of_Join:<br><input type="text"name="Date_Of_Join"><br><br>
<input type ="submit" value="Create employee "><br><br>
Show Employee Table
</form>
</body>

The error is caused by the quotes mismatches for the four following variables in your VALUES:
$E_phone_No $E_category $work_hour $Date_Of_Join
"'.$E_phone_No."','".$E_category .'"
To be changed to:
'".$E_phone_No."','".$E_category ."'
as well as:
'". $work_hour.'","'.$Date_Of_Join.'"
To be changed to:
'". $work_hour."','".$Date_Of_Join."'
VALUES rewrite:
('".$E_First_Name."','".$E_Last_Name."',NULL,NULL,'".$E_Gender."','".$E_address."','".$E_phone_No."','".$E_category ."','".$EMP_salary."','".$work_hour."','".$Date_Of_Join."')
You may also want to add spacing between "text" and "name=... (for clarity):
<input type="text"name="Date_Of_Join">
to:
<input type="text" name="Date_Of_Join">
It has already been addressed in a comment, that your code is vulnerable to SQL injections.

The syntax highlighter shows your error. You have a quotes issue:
$EMP_salary.'",'". $work_hour.'","'.$Date_Of_Join.'")";
^^^^^^
HERE
Change it to:
$EMP_salary.'","'. $work_hour.'","'.$Date_Of_Join.'")";

There is a wrong concatenation of your query and your variables the correct way to insert string in the query is
'".$variable."'
Somewhere you place the closing single quote before the double while you should do the opposite. So change this part
NULL,'".$E_Gender."','".$E_address."','".$E_phone_No."','".$E_category ."','".$EMP_salary."','". $work_hour."','".$Date_Of_Join."')";

Separating HTML inside PHP to avoid errors

I've just started to study PHP at university and we've been given 10 exercises to do without any real aid we just have to figure it out for ourselves but I can't figure out how to make this work.
I've got a php page with a html table inside that has 10 boxes, in box 5 I have to make a form that allows you to input a four digit integer number or a four letter string and store it in a variable "$x". A user will put the numbers/letters in a box and click on a button labelled "submit" in order to enter the number/letter into the variable.
I made a form from a tutorial in a blank php page as a test and it worked but when I put it inside the HTML code (which is inside the php) I get this error:
Parse error: syntax error, unexpected T_IF, expecting ',' or ';' in Y:\xampp\htdocs\laboneformtest.php on line 33
Below is the code:
<tr>
<td><b>Rectangle 5: input field four digit integer number or four letter string and
store in variable x</b><br /><br />
"if (isset($_POST['name'])) $name = $_POST['name'];
else $name = "(Not Entered)";
echo "
Your name is: $name<br />
<form method="post" action="formtest.php">
What is your name?
<input type="text" name="name" />
<input type="submit" />
</form>
</td>
I realise the form isn't for variable $x yet I just wanted to get this working before I started on that.

PHP code blocks must be delimited with <?php and ?> (if you've got short_tags turned on, <? will work as well.
There is no such thing as a PHP script - there are only files that have PHP code blocks within them, and <?PHP ?> is how you tell the PHP interpreter where it should start executing instead of just outputting.
<?php
if (isset($_POST['name'])) {
$name = $_POST[\"name"\];
} else {
$name = '(Not Entered)';
}
echo "Your name is: $name<br />";
?>
<form>etc......</form>

<?php
if( $_POST['name'] && $_POST['name'] != ""){
$name = urldecode( $_POST['name'] );
}else{
$name = "not set";
}
?>
<table>
<tr>
<td>
<?=$name?>
</td>
</tr>
</table>
<form here>

PHP Array'd POST Variable Name

Using the following code I am attempting to:
Test to see if one of the dynamically assigned field names has been submitted;
Use the "Actionable Code" to process the submitted information.
My problem lies in I am incapable of retrieving the appropriate dynamic variable name. $this->get_field_name('email_to') will output a name variable such as widget-mywidget[3][email_to]; but to access this value via PHP I need it in the form of $_POST['widget-mywidget'][3]['email_to'].
How can I go about solving this dilemma?
OUTPUTTED HTML:
<form id="widget-mywidget-3-osiris_contact" method="post" action="">
<fieldset>
<input type="text" name="widget-mywidget[3][user_name]">
<input type="text" name="widget-mywidget[3][user_email]">
<textarea name="widget-mywidget[3][user_message]"></textarea>
</fieldset>
<fieldset>
<input type="hidden" name="widget-mywidget[3][email_to]" value="">
<input type="hidden" name="widget-mywidget[3][email_subject]" value="">
<button type="submit" name="widget-mywidget[3][email_send]">Send</button>
</fieldset>
</form>
PROCESSING PHP:
if(in_array($this->get_field_name('email_to'), $_POST)){ // <--- Where I need help.
// Actionable Code
}

This is what $this->get_field_name does:
function get_field_name($field_name) {
return 'widget-' . $this->id_base . '[' . $this->number . '][' . $field_name . ']';
}
I suggest that you print_r($_POST) and compare it visually for better debugging...
(Or use a debugger...)

$thing = "widget-mywidget[3][email_to]";
$exp = explode("[", $thing);
$get_it = $_POST['".$exp[0]."[".$exp[1]."[".$exp[2]."'];
Try, if it works.

Categories