I am making a form for the admin area of WordPress. Here is the code so far;
<form method="post" action=options.php">
<?php update_option('gpspl_options', $gpspl_options);?>
<input type="text" name="gpspl_options" value="$gpspl_options"/>
<input type="submit" value="Save Changes"/>
</form>
On the page in the admin area the text box is auto filled with "$gpspl_options". However when I add the text and hit submit it does not update the wp_options table in the database.
What am I missing?
You always call update_option() on whatever is stored in $gpspl_options. You never do anything with the posted value ($_POST['gpspl_options']). So the posted value never gets saved. If you want to save the posted value, you need something like this:
if (isset($_POST['gpspl_options'])) {
update_option('gpspl_options', $_POST['gpspl_options']);
}
As for the text field, you always initialize the text field to the literal string "$gpspl_options" (not the value of the variable $gpspl_options). To use the value, you need something like this:
<?php
$gpspl_options = isset($_POST['gpspl_options']) ? $_POST['gpspl_options'] : '';
?>
<input type="text" name="gpspl_options" value="<?php echo $gpspl_options; ?>"/>
You might want to read an introductory PHP tutorial covering variables, variable names, output, and so on.
That said, all this mixing of logic and output is not good practice. It's what Wordpress does and therefore kind of encourages, but that doesn't mean you should do it, too.
Related
I would like for a user to be able to input data in a text field on my website. WITH this data I would like for them to be able manipulate it.
For example:
Let's say someone needs all the letters in a paragraph capitalized and on my website I have a PHP script that does just that. How do I create a means for them to use my script?
Like so:
paste paragraph into left text field
press 'action button' or in this example 'capitalize letters' button
text in left text field gets ran through the script and becomes all capitalized
text now appears in right text field
A better way to ask this I guess is how do I connect the users input with the script and display the output once it's been ran?
You have to put your fields in a form in the HTML file, for example like this:
<form method="post" action="script_that_does_the_action.php">
Left paragraph: <input type="text" id="leftP" name="leftP"><br>
Right paragraph: <input type="text" id="rightP" name="rightP">
</form>
and then in your script that does all of the action, you can fetch the user input like this:
$userInput = $_POST['leftP'];
//do the capitalization now here
//store the result somehow. Maybe using sessions like this: $_SESSION["result"];
//then you have to redirect the page back to where the text fields are for example using header("location: ");
and now that you are back in the index page (if I may call it like that), paste the resulting value to the right field:
<input type="text" id="rightP" name="rightP" value="<?php echo $_SESSION["result"]; ?>">
Be sure that both of your files (the action script and index file) are in .php format, and that you start the session with session_start();
That's only one example...the most basic one. If you want to make it in the proper way, I'd also suggest using javascript :)
I have a basic question which I cant find an answer to.
i have an input text
I want to change the value by1 every time i click the button.
so, when I make a new soldier, i want it to be shown in the soldiers count.
I started programming in PhP recently.
In Java, command Im looking for would be some setText or something like that.
Here's the basic idea:
You specifically mentioned PHP so I'll give you a PHP example:
This is at the top of every page you want the form on...
<?php
session_start();
if(!isset($_SESSION['soldiers']))
$_SESSION['soldiers'] = 0;
include('form_process.php');
Then in form_process.php:
<?php
if(isset($_POST['soldiers']) && is_numeric($_POST['soldiers']))
{
if($_POST['soldiers'] == $_SESSION['soldiers'])
$_SESSION['soldiers'] ++;
else
$_SESSION['soldiers'] = $_POST['soldiers'];
}
?>
<form id="soldiers" action="" method="post">
<input type="text" name="soldiers" value="<?php echo $_SESSION['soldiers']; ?>">
<input type="submit" name="submit" value="submit">
</form>
I would do this in html and jquery personally, but you asked for PHP so here you go.
Why use sessions? Cause you said the form is on every page so you need to maintain a constant number throughout the session. Better to use a database so the number is constant across all people who may be viewing the site, but you didn't specify that in your question.
I myself don't know what value something like this could be in the state it is in. To me it sounds like you wanted a javascript type way to just update the html of an element on click, which makes a little more sense than incrementing an input value the user can just manually overwrite to begin with. But hey, the beauty of programming is it never needs to make sense to anybody per say, so long as you get whatever you want out of it.
Having looked at various similar questions, both on SO and elsewhere, I have a horrible feeling what I want to do is impossible, but here goes.
I have a page that is a table of text input rows. The user enters information on each row, and submits the data to a separate file, which creates a PDF.
The problem is that I need the user to be able to add rows to the table at will, since the amount of data can vary.
[Before you go there, I need to point out that I cannot use Javascript for any of this - I know it is easy to do in JS but the page needs to be accessible.]
Here is a very simplified version I just cobbled together to (hopefully) illustrate the point:
<?php
if (filter_has_var(INPUT_POST, 'add_rows')) {
$howmanyrows = filter_input(INPUT_POST, 'howmanyrows', FILTER_SANITIZE_NUMBER_INT);
//get all the data from table and put it in an array,
//then add 5 (or however many) new rows to said array.
}
else if (filter_has_var(INPUT_POST, 'send_data')) {
//get table data, add to session and redirect to other page with a header()
}
?>
<html>
<form action="" method="POST">
<table>
<?php //table rows added using an array of data
foreach ($data as $d): ?>
<tr><td><input type="text" value="<?php echo $d; ?>"></td></tr>
<?php endforeach; ?>
</table>
<input type="text" name="howmanyrows" value="5">
<input type="submit" name="add_rows">
<input type="submit" name="send_data">
</form>
...
</html>
As you can see, at the moment I have a clunky setup where there is just one form that encompasses the entire page, and submits the page to itself. Depending on the button that was clicked, a new row is added or the data is submitted to the PDF-creation page.
This is not ideal, for so many reasons. What I really want to be able to do is have two separate forms, or nested forms. But the former won't allow the input values to be submitted to both, and the latter is apparently bad form (no pun intended) and doesn't work.
Is it at all possible to make this do what I want it to do? Any suggestions for a different way to go about it?
I think you have the best non-javascript solution - certainly hte way I'd run with it.
One thing to make it easier is that you can use multiple inputs with the same name:
<input name="tablerow[]" type="text" value="A" />
<input name="tablerow[]" type="text" value="B" />
<input name="tablerow[]" type="text" value="C" />
And these come through the $_POST['tablerow'] as an array. The length of the array is the number of fields. Then add additional fields to that.
For accessibility, you should add a link at the top that allows the user to hop directly to the first "new" field - otherwise they need to tab through the entire form to get to the new field. (See my comment above about if JS is really unavoidable as you and they can avoid this scenario!)
Ok, this might be obvious but its not clicking quite yet. I am creating a forum/blog esque app.
I grab the posts from the database rather securely but commenting is beginning to be a little more difficult. (I could just be paranoid, right?).
How do I add a comment without exposing the id of the parent message? (like in a hidden form field or query string, or something).
I guess I am a bit paranoid that someone might go into the code with firebug or something and change the hidden form field value to something else before submitting. I guess I would have to make sure the user has permission to comment to that particular post/category?
Things to note :
The user is already logged in.
Its not a public post
I would recommend that you setup your database like so:
Comments
---------
id
encodedID
authorID
parentID
message
Then, for the form field have two hidden values, one will be the encodedID, and the second will be a hash that you make. I would recommend the hash to be:
<?php
$hash = sha1(md5($encodedID . $userID . $_SERVER['REMOTE_ADDR'] . "abc1234"));
?>
Then, when the user submits the form, validate that the hash is valid for the specific encodedID and user. Here is a brief code write up:
<?php
if(isset($_POST['submit']))
{
//Get the variables and all and sanitize the input of 'message'
if(sha1(md5($_POST['value1']. $userID . $_SERVER['REMOTE_ADDR'] . "abc1234")) == $_POST['value2'])
{
//User is valid.
}
else
{
//Invalid user.
//Document this.
}
}
$value1 = $encodedID; //Grab this from your database
$value2 = sha1(md5($value1 . $userID . $_SERVER['REMOTE_ADDR'] . "abc1234"));
?>
<form method="post" action="comment.php">
<input type="text" name="message" />
<input type="hidden" name="value1" value="<?php echo $value1; ?>" />
<input type="hidden" name="value2" value="<?php echo $value2; ?>" />
<input type="submit" name="submit" value="Comment" />
</form>
Edit: Just a small tip, but I would recommend that you change value1 and value2 to something abstract, don't call it encodedID or anything like that, just so that it confuses any users that will attempt to try and break it.
And yes md5 and sha1 are not completely secure, but for this case it will work since you want to be able to process the comments fast and efficiently.
That might be an overkill but if you really want to hide the post_id of the current message then you should consider using session. So instead of using something like this on your form:
<form action="/postcomment.php" method="post" >
<input name="post_id" type="hidden" value="123" />
<textarea name="message"></textarea>
</form>
Reduce it to something like this:
<?php $_SESSION['post_id'] = '123'; ?>
<form action="/postcomment.php" method="post" >
<textarea name="message"></textarea>
</form>
Of course this is "yucky" coding but at least you get the idea.
Oh, don't forget to validate EVERYTHING on postcomment.php. Also escape ALL string input values and make sure all numeric inouts are numbers indeed (multiply them by one?).
[EDIT: Due to insistent public demand, may I, if you please, amend the aforementioned:]
Instead of:
<?php $_SESSION['post_id'] = '123'; ?>
Generate a form id:
<?php $_SESSION['form_id'] = $_SESSION['user_id'].'_'.md5(time()); ?>
Then generate the unique post_id:
<?php $_SESSION[$_SESSION['form_id'].'_post_id'] = '123'; ?>
After submitting get the post_id:
<?php $post_id = $_SESSION[$_SESSION['form_id'].'_post_id']; ?>
you could assign the form an "id" as a hidden field and create a database table to track form ids and their associated post ids, that way when the form gets submitted you could check the post id in the db without ever sending it to the client based on the form id that is returned with the post
You're asking the wrong question here: instead of being concerned about the user getting some internal ID that means nothing outside your application, your primary concern should be about keeping them from doing anything unpleasant with it.
Imagine I just started sending POST requests to add a comment for every ID between 1 and 10,000. I'm sure to hit a real post sooner or later.
Rule #1 about writing secure web applications: Don't trust the user.
In other words, yes, you should check to make sure that they have permission to comment when you receive the results back from the from.
i'm using a php page and it gets refreshed(on submit) . i need to keep the value of a textfield from a previous submission. how to make it
If you're just posting data back to the same script that displays the form, just do something like:
<input type="text" name="foo" value="<?PHP echo $_POST['foo']; ?>"/>
If your user is going to go "away", and then come back to the page, you probably can get away with stuffing the stuff you want to save in $_SESSION.
yes, the above thing is correct. Eventually use AJAX so eventually you need not to refresh the page and data will be preserved.
tim is right, but you'll have to be careful about escaping user input. Ideally what you want displayed is exactly what the user types in. You'll probably find that html entities such as ' will get converted.
Slightly better:
<input type="text" name="foo" value="<?PHP echo htmlentities($_POST['foo']); ?>"/>