I created a form in php named form.php, gave the error statements in the same file. I created another php file named test.php which connects form.php to my local database and submits the data. Now in form.php if I use
form action="test.php" method="post" name="form1"
it directly submits data into the database without judging or showing the errors, if I use
form action=" htmlspecialchars($_SERVER["PHP_SELF"])" method="post" name="form1"
then it judge and shows the errors but does not submit the data to my database.
Please help me in this regard.
It seems you've written the errors checking and validation conditions in your 'form.php' script, and connections with your db are done through the 'test.php'.
A better way would be to keep everything on the same file. Move your connection code to form script, and that should work.
The reason is if you write form action="test.php" method="post" name="form1"
the values of the form are directly transferred to the test.php, and no code of form.php is interpreted. When you do the latter, the test.php isn't considered at all, because it doesn't get any info saying that go to that file.
Related
I have a html form in register.html. When submitted, the data is inserted into a database, using the script from register.php.
Since, there are just a few line of code, I would like to put them both in the same file. Right now I have:
<form action="register.php" METHOD="POST">
If I put the form and the php script in the same file, what should I call on action=" " ?
Use
action="<?=$_SERVER['PHP_SELF']?>"
$_SERVER is a reserved variable -- see more here.
You can keep action the name of the file you're calling from. But in the top of the file, make sure to check if the form has been posted or not and then process it before you even get to the head of the page. It'll have to be a php page though, not html.
So it would look something like:
<?php
if (!empty($_POST['whatever']))
{
//process the database stuff here
}
?>
<html>
<head>
</head>
<body>
</body>
</html>
action takes the form of a relative or absolute pathing, it doesn't matter where the form is.
You'll need to user the action to the path of the file that catchs the POST. PHP doesn't care it came from the same file :)
i am new to php. i have designed a form in html and its php part in different file.now i want to connect the file with each other. i have tried using
<form action="file.php" method="post">
but connecting in this way is not secured and i cannot connect using
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
as this will work only if the php codes and html codes are written in same file. please help me.
if i use
and if someone enters this url as
http://www.variable.com/file.php/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E
then it will show alert box telling it is hacked.
As the Method is 'POST', it's Secure. No need to worry.
Or else..
Create a 'Session' on submiting the form. So no direct access to the php file would occur.
Thanks.
bhumin.vadalia#gmail.com
I can't understand you well, but connecting it this way is secure. If you have this form in html file:
<form action="file.php" method="post">
<input type="password" name="password">
</form>
And you have file called file.php in the same directory it is perfectly fine. In the PHP file you should have:
<?php
$password = $_POST["password"];
To get your input. Ask me something else if you don't understand it :)
As you wrote in your comments, your field shows raw text without "escaping" HTML characters.
In your file.php put or edit with:
echo htmlspecialchars($_POST['yourfield']);
Then output will not be "hacked" by JavaScript.
I have a simple form in an html file, with this line:
<form id="form" name="form" action="submit.php" method="post">
The page redirects, as it should, to submit.php when the user hits the submit button.
HOWEVER, no matter any chance I make to this submit.php file -- even something simple, like adding
<p>Typing just to test if this output will show up</p>
The only way this will show up is if I manually clear the cache of my browser...Otherwise, nothing.
I'm using MAMP as my localhost.
Any ideas?
I have build a form in which you can add images. Unfortunatelly, I am not able to call "move_uploaded_file" in PHP, as the server is running PHP safe mode and there is no way to modify this (I have checked). Therefore, I submit my form to my OWN server, which handles the file uploading.
On my own server, the file however; is not found. I think it has to do with the form calling the external url.
I know this because
echo $_FILES['uploadFile']['name'] ."<br>";
returns just an empty line.
The form itself is:
<form action="http://ejw.patrickh.nl/load.php" method="get" enctype="multipart/form-data" onsubmit ="return checkInput();"> </form>
and contains several input buttons.
Bottomline: the form on my own server submits the file perfectly, however when I make use of the form which is on another site, with the above action; no file is found.
Can this be fixed, and if so; how?
Thanks in advance!
You have to use method="post" to submit files.
Also the enctype attribute alone can be used only, if method="post".
I need help with my form. There's a mix of input, textarea and file upload that i want to enter into the database..
What do I use in the ? Do I use the normal form attribute :
<form action="" method="">
or
<form enctype="" action="" method="">
Please have it in mind that, I have to do this in a single page, and the picture upload must be done along with other text input.
Thanks for your time.
You must use enctype="multipart/form-data" for file uploading, this will also work fine for non-file upload forms.
You need to set enctype="multipart/form-data" and use method="post" for any form that includes a file input. This won't stop you from including other types of fields.
(The way those fields will be submitted to the server will change, but your form parsing library will deal with the differences automatically, you only need to worry about them if you are parsing the raw input yourself).
<form enctype="multipart/form-data" method="post" action="submit.php">
submit.php being, in this case, the external PHP script that will process your form ( if you decide to use PHP ). But you can name the .php script whatever you like ( e.g. cats.php ).
The uploaded file/image data will be stored inside $_FILES, and all the textfield, textarea, radio buttons, check boxes and other data will reside inside the $_POST superglobal.
When submit.php receives the submitted form you can do all kinds of processing on it such as validating that user has submitted the correct type of file/image, store the file path of the file/image in your local database( client/server or file system based ), and much more.
Make sure to validate user input client side and server side too.
<form enctype="multipart/form-data" action="yourpage.php" method="post">
You'll need the enctype attribute if you want the file upload to work. FYI, a form can contain every field type, including file uploads, and work just fine.
In Classic ASP I had to access my textfield as load.getFileData("textfield")
instead of the standard Request("textfield") when using the enctype="multipart/form-data"