Good day all,
I have a question I looked it up everywhere and I still seem stuck
If I submit a form via post -> variable -> database and then redirect to another
page using header(location:page.php); in the time it takes to redirect and I
click on the submit button it still inserts duplicate data into the database
how do I prevent that from happening? as I read on tokens but I can't see how it
will work without processing my form data on another page and I don't want to
do that any help please ??
please see below html :
<form name="frmall"class="col s12" action="" method="post">
<!--basic info------------------------------------------------------------------------------------------------------------->
<div class="divider"></div>
<div class="section">
<h5>Basic Member Information</h5>
<div class="row">
<div class="input-field col s6">
<input id="first_name" name="txt_name" type="text" class="validate" value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_name']; } ?>">
<label for="first_name">First Name</label>
</div>
<div class="input-field col s6">
<input id="last_name" type="text" name="txt_surname" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_surname']; } ?>">
<label for="last_name">Last Name</label>
</div>
<div class="input-field col s6">
<input id="icon_telephone" type="tel" name="txt_number" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_number']; } ?>">
<label>Telephone</label>
</div>
<div class="input-field col s6">
<input id="email" type="email" name="txt_email" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_email']; } ?>">
<label for="email" data-error="wrong" data-success="right">Email</label>
</div>
<div class="input-field col s6">
<input id="idnumber" type="text" name ="txt_idnumber" class="validate"value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_idnumber']; } ?>">
<label>ID Number</label>
</div>
</div>
<button class="btn waves-effect waves-light" type="submit" name="btnCancel">Cancel</button>
<button class="btn waves-effect waves-light" type="submit" name="btnContinue">Continue</button>
</div>
</Form>
PHP (please not its just for en example):
if (isset($_POST['btnContinue'])) {
$Conn->insert_main_member($name, $surname, $number, $idnumber, $email);
header(location:page.php);
}
So how do I prevent double submit without disabling the button ? please assist
Clear the post variable and place the header(...) in the right place (right after the db query execution).
The question is not very clear...
If you have problems with submitting the form multiple times and inserting the same values, you can do a check - either in your script (connect to database and check) or create a UNIQUE index in your database table - then the record will not be inserted, if it already exists.
If you have problems with too many people on the site and some data is inserted while it shouldn't and it should wait until something else is completed, then you can use LOCK TABLES command to send to your database.
If you have problems with uniquely identifying transactions, you can also use a token (e.g. a random hash generated before your form is submitted), for example as a hidden form field to send along with the data.
1st quick solution :
You could disable your submit button with javascript after 1st form submit to prevent any other submit before redirection...
2nd solution :
Add a token (generated server side) to your HTML form in a hidden input.
On form submit your token will be sent with other POST data.
Check your token server side before insert data into your database
Edit: Perhaps a sample of your code (server side + html form) could help us to give you a more appropriate answer.
Related
It's probably something incredibly simple, however I feel like my brain is fried from staring at a computer screen for so long, so any pointers would be appreciated...
I cannot seem to get $_POST to work on my form. When I switch the method to GET - it works fine, but I don't want to have to repeatedly pull form data from the URL as it's quite a lengthy form and would take extra steps etc.
My form data:
<form action="<?= site_url() ?>shop/mock/form/<?= esc($first['gtin']); ?>" name="myForm" method="post">
<div class="p-3 p-lg-5 border">
<div class="form-group row">
<div class="col-md-12">
<label for="brand_name" class="text-black">Brand Name </label>
<input type="text" value="<?= esc($_POST['brand_name']); ?>" class="form-control" id="brand_name" name="brand_name">
</div>
</div>
<?php if (isset($_POST['brand_name'])): ?>
<div class="form-group row">
<div class="col-md-12">
<label for="subbrand_name" class="text-black">Subbrand Name </label>
<input type="email" value="<?= esc($_POST['subbrand_name']); ?>" class="form-control" id="subbrand_name" name="subbrand_name" placeholder="">
</div>
</div>
<?php endif; ?>
</div>
</form>
The only thing I can think of is that I'm sending the form back to the same address everytime, and trying to grab the $_POST data from the latest submission, and repopulate the input values so that the form builds with every submission and reveals the next input etc. var_dump($_POST) shows an empty array every time.
Where am I going wrong?
If you want to receive otp in the form then action empty, if you want to receive from other action, you must put the value into $_SESSION
I have a form with some textbox that loads the data from the database. I have created also a button where I can update the data but currently it's not working and I don't have any clue why.
Here's my query:
<?php
include('connect.php');
if (isset($_POST['btnUpdate'])){
$query = "UPDATE users SET fname = '".$_POST['fname']."', lname = '".$_POST['lname']."' WHERE user_id = '".$_POST['id']."'";
$result = mysql_query($query);
if ($result) {
die("<strong>Updated</strong>");
} else {
die("<strong>Error ".mysql_error()."</strong>");
}
}
?>
Here's my form:
<form class="form-horizontal" role="form" action="" method="post">
<input type="hidden" name="id" value="<?php echo $row['user_id']; ?>"/>
<div class="form-group">
<label class="col-lg-3 control-label">First name:</label>
<div class="col-lg-8">
<input class="form-control" name="fname" type="text" value="<?php echo $row['fname'];?>">
</div>
<label class="col-lg-3 control-label">Last name:</label>
<div class="col-lg-8">
<input class="form-control" name="lname" type="text" value="<?php echo $row['lname'];?>">
</div>
<label class="col-md-3 control-label"></label>
<div class="col-md-8" >
<input type="button" name="btnUpdate" class="btn btn-primary" value="Save Changes">
<span></span>
<input type="reset" class="btn btn-default" value="Cancel">
</div>
</div>
</form>
I've tried everything but it won't update my database. It doesn't have any error whatsoever when I checked it on the browser. I'm running out of ideas. Anyone know what part of my code is wrong? I'm still a beginner to php and I cannot seem to understand what's wrong here. Any ideas how to solve this problem would be greatly appreciated. Thanks
Posting as a community wiki; I feel no rep should come of it.
<input type="button"> does not by default propagate POST. Therefore you either need to use a "submit" type:
Either <input type="submit"> or <button type="submit">.
References:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/button
type
The type of the button. Possible values are:
submit: The button submits the form data to the server. This is the default if the attribute is not specified, or if the attribute is dynamically changed to an empty or invalid value.
reset: The button resets all the controls to their initial values.
button: The button has no default behavior. It can have client-side scripts associated with the element's events, which are triggered when the events occur.
You're also open to a serious SQL injection if your site is live or intended to go live.
You should start looking into switching over to either the mysqli_ or PDO api and with a prepared statement.
References:
http://php.net/manual/en/mysqli.prepare.php
http://php.net/manual/en/pdo.prepared-statements.php
https://en.wikipedia.org/wiki/SQL_injection
after many days of trying to get a previously working php form converted to submitting the variables inside a new div I realized that I'm missing something. Other posts show javascript, but Iv'e never used that before and don't understand the need. The new page draws correctly, but the php variables are not being received on the destination page.
HTML for the submit,
<form action="entrance2.php">
<div class="medium-12 columns m-b20"><h4 class="heading">Existing users log-in here :-</h4></div>
</div>
<div class="row">
<div class="user medium-12 columns text-center m-b15"><img src="images/user-img.png" alt=""/></div>
</div>
<div class="row">
<div class="medium-10 columns medium-offset-1"><label for="User Name"></label>
<input id="OwnerEmaili" type="text" placeholder="User Name" name="UserName"></div>
</div>
<div class="row">
<div class="medium-10 columns medium-offset-1"><label for="Password"></label>
<input id="OwnerPasswordi" type="password" placeholder="Password" name="Password"></div>
</div>
<div class="row">
<div class="medium-12 columns text-center"><button class="grd-button">Log In</button></div>
<input type="submit" id="save" name="save" value = "Submit"/>//simple submit for testing
<div class="grd-button1" onClick="document.forms['submit-form'].submit();"></div>
</form></div>
</div>
</div>
Receiving page,
<?php
$p_OwnerEmaili=$_POST["OwnerEmaili"];
$p_OwnerPasswordi=$_POST["OwnerPasswordi"];
echo "$p_OwnerEmaili;$p_OwnerPasswordi";
Only shows the ;.
Is javascript required to submit from inside a div?
You're accessing the wrong items.
You'll need to set your forms input name attributes to this if you want to access them the way you currently have in your php script:
<input id="OwnerEmaili" type="text" placeholder="User Name" name="OwnerEmaili">
And
<input id="OwnerPasswordi" type="password" placeholder="Password" name="OwnerPasswordi">
That will allow you to access them as you do in your PHP script.
You can always check what values have been sent to your php script by using var_dump() or print_r().
<?php print_r($_POST); ?>
Would've shown you that you had UserName & Password set instead of what you wanted.
As Ghost pointed out in the comments, your form will always send user input via GET if you dont specify a method in it. So set this in your form tag:
<form action="entrance2.php" method="post">
I've made a html form using Bootstrap. I've used "required" to ensure data is populated in certain fields for the form to be submitted. This form goes to a php script that opens a database connection, inputs the values as per form submitted, directs to a thank you page and closes the connection.
Its my first hand coded form and my concern is security. How do I keep hackers/spammers at bay?
Can you point out, please, issues with my code so I can address them before I put this live. Please be gentle, Im a newbie with about 3 months of coding experience.
Please note the original form actually has 9 fields but I've omitted it presuming those details wont be necessary for this discussion.
HTML Code
<form class="form-horizontal" method="post" action="vacancy.php">
<div class="form-group">
<label for="company" class="col-sm-3 control-label">Company Name *</label>
<div class="col-sm-6">
<input type="text" name="company" class="form-control" placeholder="Enter Company Name" required />
</div>
</div>
<div class="form-group">
<label for="contactperson" class="col-sm-3 control-label">Contact Person *</label>
<div class="col-sm-6">
<input type="text" name="contactperson" class="form-control" placeholder="Enter Full Name" required />
</div>
</div>
<div class="form-group">
<label for="designation" class="col-sm-3 control-label">Designation *</label>
<div class="col-sm-6">
<input type="text" name="designation" class="form-control" placeholder="Enter Designation" required />
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-6">
<button type="submit" class="btn btn-primary">Submit</button>
<button type="reset" class="btn btn-default">Clear</button>
</div>
</div>
</form>
PHP Code
<?php
$con=mysqli_connect("localhost","db2u","password","db2");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO vacancy (Company, ContactPerson, Designation)
VALUES
('$_POST[company]','$_POST[contactperson]','$_POST[designation]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
header("Location: thankyou.html");
mysqli_close($con);
?>
EDIT : So it seems I need validation. Im looking at jqBootstrapValidation. Even considering htmlspecialchars (which ever is easier). I believe both would do an equally good job right? PDO is a bit too much for me at the moment.
Your code could be compromised by SQL injection http://en.wikipedia.org/wiki/SQL_injection.
Try use htmlspecialchars or better use PDO instead of OLD and DANGEROUS mysql_* functions.
You have not validated any field in your php code,
you should put validation in php file too, any user can remove "required" from input and can post the data.
Never trust the user input. You should escape the strings with mysqli_real_escape_string() function.
http://www.php.net/manual/en/mysqli.real-escape-string.php
$company = mysqli_real_escape_string($_POST[company]);
$contactperson = mysqli_real_escape_string($_POST[contactperson]);
$designation = mysqli_real_escape_string($_POST[designation]);
$sql="INSERT INTO vacancy (Company, ContactPerson, Designation) VALUES ('$company','$contactperson','$designation')";
I was hoping someone could let me know the php code to send the contents of this form through to my email.
Thanks!
I really have absolutely no idea when it comes to php so any help that you could provide would be very much appreciated!
Get in touch to discuss your project!
<input id="af-showreq" class="af-show-input" type="checkbox" name="showreq" />
<form class="af-form" id="af-form" novalidate>
<div class="af-outer">
<div class="af-inner">
<label for="input-title">Title</label>
<input type="text" name="title" id="input-title">
</div>
</div>
<div class="af-outer af-required">
<div class="af-inner">
<label for="input-name">Name</label>
<input type="text" name="fullname" id="input-name" required>
</div>
</div>
<div class="af-outer af-required">
<div class="af-inner">
<label for="input-email">Email address</label>
<input type="email" name="email_address" id="input-email" required>
</div>
</div>
<div class="af-outer af-required">
<div class="af-inner">
<label for="input-country">Company</label>
<input type="email" name="country" id="input-country" required>
</div>
</div>
<div class="af-outer">
<div class="af-inner">
<label for="input-phone">Phone Number</label>
<input type="email" name="phonenumber" id="input-phone">
</div>
</div>
<input type="submit" value="Send it over!" />
</form>
</section>
</div>
</div>
first of all we want to turn the form into a post request. So when someone hits the submit button it will post the form data to your server. You can do this by changing your form tag to have a action (the page on your site you want to post back to") and method="POST".
<form class="af-form" action="" id="af-form" method="POST">
For more information on that look here.
http://www.w3schools.com/html/html_forms.asp
For post to work you need to make sure all your tags that you want to send over have a name tag. Currently your submit button doesn't change it to:
<input type="submit" name ="submit" value="Send it over!" />
Next on the page the post data gets sent to we want to make sure that we have post data. In php all post data is stored in a super variable called POST. So we can check if there is data in here. If there is then we can continue into making the email
if(isset($_POST['submit']){
//the rest of the code should be done in here
//as we only want to send the email if we have made a post request
}
Finally we can now take this information to send you an email
we can get input information by doing the following
$example = $_POST['email_address']
example will now have the information that people put in the email_address input box
sending an email in php is done with the mail() function. An example of this can be seen below
mail("whoto#email.com", "I am a subject", "I am the content of the email);
for more information on the mail function look at http://php.net/manual/en/function.mail.php