I got this code and I want to modify it a bit. It is a form that shows the number of words in a text. I want to change the input (
I have tried many things to use a textarea but either there is no output or the original text disappears. Changing the name into id didn't work, same for the 'normal way of using a textarea'.
Is there a way of doing of replacing the input with textarea? One thing that has to stay is that after a submit the text in the textarea needs to be visible.
I appreciate any help.
<?php
error_reporting(0);
$inputtext = $_POST['ipt'];
if ($_POST['clear']) {
$inputtext = "";
$output1 = "";
}
if ($_POST['send']) {
$output1 = "Number of words in this text: " . str_word_count($inputtext);
}
?>
<html>
<head>
<style>
body {
font-family:arial;
font-size:12px
}
.bigtextarea {
width:100%;
height:40%;
min-height:200px
}
textarea {
font-family:monospace;
border-color:#a9a9a9
}
</style>
</head>
<title>Form results on one page after submit</title>
<body>
<form action="" method="POST">
<h1>Form results on one page after submit</h1>
<h3>Copy and Paste text:</h3>
<input class="bigtextarea" wrap="hard" type= textarea name=ipt value="<?php echo $inputtext;?>" height="100px" size="100%">
<input type="submit" name="send" value="Ok" title="Click here to display values.">
<input type="submit" name="clear" value="Clear" title="Click here to clear text boxes.">
</form>
<?php
echo "<br><br>";
echo "<font size='4'>";
echo $output1;
echo "</font>";
?>
</body>
</html>
<input class="bigtextarea" wrap="hard" type= textarea name=ipt
value="<?php echo $inputtext;?>" height="100px" size="100%">
Replace with
<textarea name="ipt" class="bigtextarea" wrap="hard"><?php echo $inputtext ?></textarea>
Related
First of all sorry for the title.
This is the code I have written but there is a problem, So decided to come here.
What I want actually that Whatever I type in the value parameter it should be reflected back in the value parameter( for XSS ). But I didn't succeed. Can anyone suggest me something?
<style>body {
background-color: #000000;
}
</style>
<center><title> </title>
<h1 style="color:blue;"><u></u></h1><br>
<center><form style="color:red"; action="xss3.php" method="POST"><center>
<b>Advance search:</b> <input type="text" name="q" id="test" value="<?php echo ($_POST['test']);?>">
<input type="submit" name="search" value="search"><br><br>
This might be you want:
<style>body {
background-color: #000000;
}
</style>
<center><title> </title>
<h1 style="color:blue;"><u></u></h1><br>
<center>
// Redirect on same page with action="#". you can change
<form style="color:red"; action="#" method="POST">
<center>
<b>Advance search:</b>
<input type="text" name="q" id="test" value="
// Check btn submit
<?php if (isset($_REQUEST['search'])) {
# use name of field instead of id
echo $_POST['q'];
} ?>">
<input type="submit" name="search" value="search"><br><br>
Make sure, you cant access posted value with the ID. you must need to use name instead of id. Here, i used same file for recieve requested data. you can copy the same file namely xss.php and put the logic there.
Hope this will help you! Greetings!
I hope your php file name is also xss.php (which includes this code).
Assuming that, you need to do a few modifications.
PHP would accept the 'name' attribute in HTML input fields as the variable(associative array index) identifiers of $_POST, $_GET, $_REQUEST arrays.
There for you should change
<?php echo ($_POST['test']);?>
to
<?php echo ($_POST['q']);?>
There are a few methods to get rid of that error message:
1st Method
And to avoid the error (Undefined Index) at the initial page load, you may use the '#' symbol before the beginning of $_POST to suppresses error messages.
Then it would be: <?php echo (#$_POST['q']);?>
If you use this method, at the end, your code may look like:
<html>
<style>body {
background-color: #000000;
}
</style>
<body>
<center><title> </title>
<h1 style="color:blue;"><u></u></h1><br>
<center><form style="color:red"; action="xss.php" method="POST"><center>
<b>Advance search:</b> <input type="text" name="q" id="test" value="<?php echo (#$_POST['q']);?>">
<input type="submit" name="search" value="search"><br><br>
</body>
</html>
2nd Method
Check if the submit button was pressed before displaying the result in the input box. We could use the isset() function to check whether the variable has been set. In this case isset($_POST['submit']) Here you can use two alternatives.
Using the short hand if operator <input type="text" name="q" id="test" value="<?php echo isset($_POST['search'])?($_POST['q']):'';?>">
If you use this approach, your final code would look like this:
<html>
<style>body {
background-color: #000000;
}
</style>
<body>
<center><title> </title>
<h1 style="color:blue;"><u></u></h1><br>
<center><form style="color:red"; action="value.php" method="POST"><center>
<b>Advance search:</b> <input type="text" name="q" id="test" value="<?php echo isset($_POST['search'])?($_POST['q']):'';?>">
<input type="submit" name="search" value="search"><br><br>
</body>
</html>
Using if statements <?php if(isset($_POST['search'])){ echo ($_POST['q']); } ?>
And, if you use this approach, your final code would look like this
<html>
<style>body {
background-color: #000000;
}
</style>
<body>
<center><title> </title>
<h1 style="color:blue;"><u></u></h1><br>
<center><form style="color:red"; action="value.php" method="POST"><center>
<b>Advance search:</b> <input type="text" name="q" id="test" value="<?php
if(isset($_POST['search'])){
echo ($_POST['q']);
}?>">
<input type="submit" name="search" value="search"><br><br>
</body>
</html>
I am trying to figure out the problem in this code but no luck. When I click on the form submission it doesn't generate any alert even its not echo anything. Please have a look on the code and let me know if there is anything I am missing`
<form action="" method="post">
<textarea rows="6" cols="70" name="notes" placeholder="Enter Notes"></textarea><br>
<input type="submit" name="submit1" id="submit1" class="upload-button" style="margin-left:40%" value="Post" />
</form>
<?php
if(isset($_POST['submit1'])) {
echo '<script type="text/javascript">';
echo 'alert("This is alert");';
echo '</script>';
echo 'ewuifbhfiueruigriug';
}`
?>
You have a backtick at the end of your php. Just remove it. The code works as expected once the backtick is removed.
<?php
if(isset($_POST['submit1'])) {
echo '<script type="text/javascript">';
echo 'alert("This is alert");';
echo '</script>';
echo 'ewuifbhfiueruigriug';
}` <=== right HERE
?>
<?php
if(isset($_POST['submit1'])) {
echo '<script type="text/javascript">';
echo 'alert("This is alert");';
echo '</script>';
echo 'ewuifbhfiueruigriug';
}
echo '<form action="" method="post">';
echo '<textarea rows="6" cols="70" name="notes" placeholder="Enter Notes"></textarea><br>';
echo '<input type="submit" name="submit1" id="submit1" class="upload-button" style="margin-left:40%" value="Post" />';
echo '</form>';
?>
If you look at the end of the code for the php submit, there's a ' that shouldn't be there in the OP.
Something like this should very well work (which is not so far from what you did).
<?php
if(isset($_POST['submit1'])) {
echo '<script type="text/javascript">';
echo 'alert("This is alert");';
echo '</script>';
echo 'ewuifbhfiueruigriug';
}
?>
<section>
<form action="" method="post">
<textarea rows="6" cols="70" name="notes"
placeholder="Enter Notes"></textarea><br>
<input type="submit" name="submit1"
id="submit1" class="upload-button"
style="margin-left:40%" value="Post" />
</form>
</section>
Side-Note: If your intent is not to submit the Form but to see an Alert Message once the button is clicked, you may do something like this:
<section>
<form action="" method="post">
<textarea rows="6" cols="70" name="notes"
placeholder="Enter Notes"></textarea><br>
<input type="submit" name="submit1"
id="submit1" class="upload-button"
style="margin-left:40%" value="Post" />
</form>
</section>
<?php
// ECHO OUT RAW JAVASCRIPT
// TO PREVENT DEFAULT SUBMIT-BUTTON BEHAVIOUR WHEN CLICKED.
echo '<script type="text/javascript">';
echo "function stopBehaviour(evt) {";
echo "evt.preventDefault();";
echo 'alert("This is alert");';
echo "}";
echo "document.getElementById('submit1').addEventListener( 'click', stopBehaviour, false );";
echo '</script>';
?>
Notice the Placement of the PHP Code in both instances... especially the latter... However, be clear that your Form will never get submitted as you are preventing the Button's Default behaviour... and there would also be no need to check if the form was submitted or not (using PHP)... The earlier Approach above would submit the Form but once the Form gets Submitted, PHP automatically adds a Javascript code which will stall the entire Form-Submission Trip till the Alert message gets run and your ewuifbhfiueruigriug gets written to the Stream...
I have some data in a session and I want to save it in text box value, using PHP. But the problem is when saving, just first token of string will be saved, like below example:
<?php session_start();?>
<html >
<head>
</head>
<body>
<form >
<?php echo $_SESSION['institute']="rebaz salih" ?>
<input type="text" <?php echo "value=".$_SESSION['institute']; ?> required />
</form>
</body>
Output will be:
rebaz salih
rebaz
Couple of things:
<?php echo $_SESSION['institute']="rebaz salih" ?>
Is this supposed to be the assignment? or just a print line? in any case, try getting rid of the echo.
Both #edCoder, and #chethan194 are on the right track... the value belongs on the outside, but you really should be using a new variable for institute. For example:
//htmlspecialchars will clear out any quotes, etc so it will work in the browser.
<?php
$value = htmlspecialchars($_SESSION['institute'], ENT_QUOTES);
?>
<form >
<input type="text" value = "<?php print $value; ?>" required />
</form>
Here is the full example:
<?php
php session_start();
//i don't know where you get the institute, so i will leave it here for now...
$_SESSION['institute']="rebaz salih";
$value = '';
if (!empty($_SESSION['institute']))
{
$value = htmlspecialchars($_SESSION['institute'], ENT_QUOTES);
}
?>
<html>
<head>
</head>
<body>
<form>
<input type="text" value = "<?php print $value; ?>" required />
</form>
</body>
You can put the value attribute outside php
<?php echo $_SESSION['institute']="rebaz salih" ?>
Wrong - <input type="text" <?php echo "value=".$_SESSION['institute']; ?> />
Right - <input type="text" value = "<?php echo $_SESSION['institute'];?>" />
</form>
<input type="text" value="<?php echo $_SESSION['institute']; ?>" required/>
I'm new here and a super noob in programming. I'm having trouble with my project. My problem is that I'd like hide the form after submit and retain the data input in it.
Here's my code:
<?php
$displayform = true;
if (isset($_POST['trck']))
{
$track = addslashes(strip_tags($_POST['tracknumber']));
$ord = $_POST['id'];
$displayform = false;
if (!$track)
echo "Please enter your tracking number!";
else
{
mysql_query("update `orderdetails` set `trackno`='$track' where `id`='$ord'");
}
if ($row2['id']==$ord)
echo $_POST['tracknumber'];
}
if ($displayform)
{
?>
<form method="post" action="">
<input type="text" name="tracknumber" id="tracknumber" size="30" maxlength="30" placeholder="Enter your track number here." />
<input type="hidden" name="id" value="<?php echo $row2['id']; ?>">
<input type="submit" name="trck" id="trck" value="Save" onclick="return confirm(\'Are you sure you want to save this tracking number?\');" />
</form>
</td>
</tr>
<?php
}
}
?>
This code was inside a while loop and my problem with this is that after I submit all the form is hidden. All I want is to hide the form with the specific ID on a query.
Simplest way is to use jQuery hide
Include the jquery as
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
$("#buttonid").click(function(){
$("#formid").hide();
});
You are looking for something like this in your <form> tag:
<form method="post" action="" id="awesome_form" onSubmit="document.getElementById('awesome_form').style.display = 'none';">
use the jQuery and use :
$("#submitButtonId").click(function(){
$('#formId').hide();
});
or else in pure javascript use
<input type="submit" value="submit" onClick="hideIt()"/>
<script type="text/javascript" >
function hideIt() {
document.getElementById('formId').style.display = 'none';
}
</script>
its better not to use inline javascript
I'm trying to make a simple web application that adds scores from a physical game such as Scrabble. Most of the code is a HTML form, asking for one input per form element. It then puts the data generated from the form and initializes the appropriate variables. The one part I can't figure out is how to add the new score to the last score. I tried to add variables, like $lastScore, but that didn't seem to work either. Does anyone have any suggestions?
<?php
//Gets data from HTML form
$addScore1 = $_REQUEST['addScore1'];
$addScore2 = $_REQUEST['addScore2'];
//Generates HTML form
echo "<!DOCTYPE html>
<html>
<head>
<title>Score Add</title>
</head>
<body>
<div id=\"displayNames\">
<p>
$player1
<form method=\"post\" action=\"\">
<label for=\"addScore1\">Enter your score:</label>
<input type=\"text\" name=\"addScore1\" id=\"addScore1\" />
<input type=\"submit\" />
</form>
</p>
<p>
$player2
<form method=\"post\" action=\"\">
<label for=\"addScore2\">Enter your score:</label>
<input type=\"text\" name=\"addScore2\" id=\"addScore2\" />
<input type=\"submit\"/>
</form>
</p>
</div>
</body>
</html>";
?>
On submit, the script is calling itself and loses all the variables. You need to store their current score, e.g. in the session, in a database, or in a hidden field in the form.
With hidden field in your form:
<form method="post" action="">
<label for="addScore1">Enter your score:</label>
<input type="text" name="addScore1" id="addScore1" />
<--! the addition is done in the next line in value-->
<input type="hidden" name="oldScore1" id="oldScore1" value="<?=($oldscore1 + $addScore1)?>" />
<input type="submit" />
</form>
Do the same with your second form --> oldScore2 etc...
At the top of your script, read the oldscore from $_REQUEST
//Gets data from HTML form
$addScore1 = $_REQUEST['addScore1'];
$addScore2 = $_REQUEST['addScore2'];
$oldScore1 = $_REQUEST['oldScore1'];
$oldScore2 = $_REQUEST['oldScore2'];
// as alternative, do the addition here:
$oldScore1 += $addScore1;
$oldScore2 += $addScore2;
Rewriting your code as a whole, try it:
I edited all those <?php=$somevalue?>because they don't seem to work with your PHP-setup, and replaced them with <?php echo $somevalue> ?>... let me know how it works...
<?php
// Get data from HTML form. $_POST is fine, because form method is set to POST.
$addScore1 = $_POST['addScore1'];
$addScore2 = $_POST['addScore2'];
$oldScore1 = $_POST['oldScore1'];
$oldScore2 = $_POST['oldScore2'];
// if these are numeric values, add them up
if (is_numeric($addScore1) && is_numeric($oldScore1)) $oldScore1 += $addScore1;
if (is_numeric($addScore2) && is_numeric($oldScore2)) $oldScore2 += $addScore2;
// Generate HTML form -- in HTML, much to complicated in PHP, unless it is necessary for sth else
?>
<html>
<head>
<title>Score Add</title>
</head>
<body>
<div id="displayNames">
<p><?php echo $player1; ?> current score: <?php echo $oldScore1; ?>
<form method="post" action="">
<label for="addScore1">Enter your score:</label>
<input type="text" name="addScore1" id="addScore1" />
<input type="hidden" name="oldScore1" id="oldScore1" value="<?php echo $oldscore1; ?>" />
<input type="submit" />
</p>
<p><?php echo $player2; ?> current score: <?php echo $oldScore2; ?>
<label for="addScore2">Enter your score:</label>
<input type="text" name="addScore2" id="addScore2" />
<input type="hidden" name="oldScore2" id="oldScore2" value="<?php echo $oldscore2; ?>" />
<input type=\"submit\"/>
</form>
</p>
</div>
</body>
</html>