I have a problem with get the connection variable for open a database connection.
This my code in html
<form action="password.php" method="post">
<div class="form-group">
<input type="password" class="form-control" name="current" placeholder="Contraseña Actual..." />
</div>
<div class="form-group">
<input type="password" class="form-control" name="new" placeholder="Nueva Contraseña..." />
</div>
<div class="form-group">
<input type="password" class="form-control" name="confirm" placeholder="Repetir Nueva Contraseña..." />
</div>
</div>
<div class="modal-footer">
<input type="hidden" name="q" value="proofQueries">
<button type="button" class="btn btn-default" data-dismiss="modal">Cerrar</button>
<button type="submit" class="btn btn-primary"><i class="fa fa-plus"></i> Cambiar</button>
</form>
While the code of my class php
$settings = new Datasettings();
require_once('../config.php'); // file of connection of PDO
$conexion = new Conexion();
if(isset($_POST['q'])){ // get the name from html form for go to a function of this class
$settings->$_POST['q']($conexion);
}
class Datasettings {
function __construct(){
session_start();
if(!isset($_SESSION['id'])){
header('location:mystyle.css');
}
}
function proofQueries($conexion){
}
... other functions....
Could change the model how I call a the function? How I could make it?
I assume by this code:
if(isset($_POST['q'])){ // get the name from html form for go to a function of this class
$settings->$_POST['q']($conexion);
}
And submitting the hidden form field called q with value proofQueries, you are trying to call $settings->proofQueries($conexion). This is an extremely bad idea.
You are effectively executing code that comes directly from client side, which is a HUGE vulnerability risk.
It seems like a strange approach to begin with to specify the function client side, and then execute it in PHP (i.e. server side). Why specifying the q value at all, instead of just explicitly doing $settings->proofQueries($conexion) in PHP?
If you somehow must specify the function to be called client side, do something like this:
if(isset($_POST['q'])){ // get member function from submitted form
$f = $_POST['q'];
if ($f=='proofQueries') {
$settings->proofQueries($conexion);
}
else {
die("Nope");
}
}
Or if you have multiple possible functions, explicitly filter them with a whitelist to make absolutely 100% sure that ONLY the function names you decide can be called:
if(isset($_POST['q'])){ // get member function from submitted form
$f = $_POST['q'];
$allowedFunctions = array('proofQueries','doSomething','otherFunction');
if (in_array($f,$allowedFunctions)) {
$settings->$f($conexion);
}
else {
die("Nope");
}
}
But again, it seems like a strange approach alltogether. You should not specify server side specific implementation details through client side.
Related
I have a form on page a.php with php code which should set the data from the form into php session variables, however i am having trouble making it work. I have session_start(); at the beginning of every page i want to do this, but its at the top of the html so that is why its not in this piece.
Here is the code:
<form class="form1" method="post" action="" id="form1">
<div class="form-group add_to_cart_prompt">
<span class="">Add something to cart</span>
</div>
<div class="form-group">
<input type="text" name="sticker" class="form_sticker_name" value="something">
<label class="quantity_desc" for="quantity" title="how much?">Quantity</label>
<input class="btn btn-default quantity_input" type="number" id="quantity" name="quantity" placeholder="how much ?" min="0" required>
</div>
<div class="form-group bottom_buttons">
<button type="submit" name="submit" class="btn btn-default add_yes">Add to cart</button>
<button type="reset" class="btn btn-default">Clear</button>
<button type="button" class="btn btn-default add_no">Close</button>
</div>
</form>
PHP which is executing the form is on the same page as the form:
<?php
if (isset($_POST['submit'])) {
if (isset($_POST['sticker'])) {
$sticker_name = $_POST['sticker'];
$_SESSION['sess_sticker'] = $sticker_name;
}
}
?>
I can set session variables to some string, and that works ok, but when i try to put data from the form it gives me this error:
Notice: Undefined index: sticker in
B:\Programs\xampp\htdocs\D2S\shopping_cart.php on line 99
I have looked up how to fix the error, and have been trying a lot and can't fix it. Thank you for trying to help.
In PHP, a variable or array element which has never been set is different from one whose value is null; attempting to access such an unset value is a runtime error.
That's what you're running into: the array $_POST does not have any element at the index "sticker", so the interpreter aborts your program before it ever gets to the nullity test.
You can test for the existence of a variable or array element without actually trying to access it; that's what the special operator isset does:
if (isset($_POST['sticker'])) {
//do something
}
Also I have tested your form code on my machine, and it seemed to be working fine and session variable was set using form data.
I'm trying to create a page with a form using ci.
When i submit the form, the controller says that I have no data that's been submitted.
I can't see where my error lies.
Here's the view:
<?php echo validation_errors(); ?>
<?php echo form_open('widgets/search/'.$hardwaremodel.'/'.$objectid.'/'.$name.'/'.$fd); ?>
<div class="form-group">
<label for="search">Last 4 characters of address:</label>
<input type="text" class="form-control" id="searchstring" placeholder="last 4 characters" size="4">
</div>
<button type="submit" class="btn btn-default">Search</button>
<button type="cancel" class="btn btn-default">Cancel</button>
</form>
Once the page renders, the form tag ends up looking like this:
<form action="http://myserver/myciapp/index.php/widgets/search/205406zl/5461/SW-1/SW1net" method="post" accept-charset="utf-8">
The controller:
public function search()
{
$searchstring = $this->input->post(); // form data
var_dump($searchstring);
exit;
}
The results of the var_dump shows:
bool(false)
Thanks
EDIT 1
I haven't posted the entire HTML page that includes the form... but I display some of the fields passed in the URI as headings on the page - just before I create the form. Hope that clarifies...
Would this impact the POST data? Why is that relevant?
Thanks
A few things I'd suggest doing. First is, if you are going to include other variables in the form_open tag, I would add those variables to your controller, and put them in the form_open tag as URI strings. This will allow the form validation to work if you are going to echo out validation errors.
Also, you should be calling a name on the input->post() to get the specific item, (but you don't need to to get all POST data).
Controller:
public function search($hardwaremodel, $objectid, $name, $fd) {
$searchstring = $this->input->post('search_string'); // form data
var_dump($searchstring);
exit;
}
View:
<?php echo form_open('widgets/search/'.$this->uri->segment(3).'/'.$this->uri->segment(4).'/'.$this->uri->segment(5).'/'.$this->uri->segment(6)); ?>
<div class="form-group">
<label for="search">Last 4 characters of address:</label>
<input type="text" class="form-control" id="search string" name="search_string" placeholder="last 4 characters" size="4">
</div>
Form elements are referenced by name attribute which is missiong on input field searchstring.
Add:
name="searchstring"
on your input field.
in this code you have not used name attribute.You use id.
try this one
<input type="text" name="searchstring" value="xyz">
I am a rookie PHP developer.
I have a PHP web project with an HTML page that contains an Add button. The name of the page is Awards.html. Elsewhere I have created a PHP class, Awards.php which contains a function.
The source code of my files is given as follows:
Awards.html
<div class="divparent">
<div class="modal-header">
<div class="btn-group">
<button class="btn" data-bind="click: closeModal">Exit</button>
</div>
</div>
<div class="modal-title">
<h1 id="headerid">Awards</h1>
</div>
<div class="modal-body">
<input id="hdnValueCurrentAwardSoid" type="hidden" value="null" />
<div class="divleft">
<input id="txtName" maxlength="80" type="text" class="water newpost1" placeholder="Award Name" tabindex="1" />
<section class="ThumbnailContainer">
<img id="imgThumbnail" class="imgThumbnail" />
<img src="http://localhost/rockontechnologies/Images/GreenRibbon.png" id="pictureribbon" class="pictureribbon" />
<input type="text" contenteditable="false" readonly id="transformtext" />
</section>
<textarea id="txtdescription" placeholder="Description" class="water newpost1" rows="4" tabindex="2"></textarea>
<div class="ui-widget">
<input id="txtIssueOrg" maxlength="50" type="text" placeholder="Issue Organization" />
</div>
</div>
</div>
<div class = "divbottom">
<div id="divAddAward">
<button class="btn" onclick="">Add</button>
</div>
</div>
</div>
Awards.php
<?php
class Awards
{
function clickFunction()
{
//Function that needs to be executed!
}
}
The problem here is that on the click event of the Add button, I need to call the clickFunction() of the Awards.php file. Can anyone please tell me how to do this?
Replies at the earliest will be highly appreciated. Thank you.
You should do something like that
<button class="btn" onclick="onrequest();">Add</button>
function onrequest() {
$.post(
'example.php'
).success(function(resp){
json = $.parseJSON(resp);
alert(json);
});
}
and in example.php call your function
$class = new Awards();
$method = $class->clickFunction();
echo json_encode($method);
and in your clickFunction();
clickFunction(){
$array = array(
'status' => '1'
);
return $array;
}
first of you have to a instance of class which is like that
$class = new Awards();
then if you want to onclick event you should make a javascript code but how to get the function you can do like this
<?php echo $class->clickFunction(); ?>
I think you can't call a class directly from HTML in PHP you have to call it through HTTP by loading a page.
Hence, use a AJAX call to call Awards.php. Eg. with JQuery it could look like this $.get("Awards.php", function() {
alert( "success" );
})
In your php-file you should also call your class something like this <?php echo $class->clickFunction(); ?>
Im having a problem displaying a php function. Its for an admin log in form.
The Function Look Like this -
function displayAdmin(){
//test if login is valid
if (isset($_SESSION['adminLogin'])){
if($_SESSION ['adminLogin']=="valid"){
?>
<script type="text/javascript">location.replace('addproduct.php')</script>
<?php
}
else {
// test if login is invalid
// display error message and login form
if($_SESSION['adminLogin']=="invalid") {
echo "<div>Incorrect User ID and/or password provided</div>";
?>
<form name="adminLogin" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<div id="sign_up_form">
<label><strong>Username:</strong> <input type = "text" name="userID" class="sprited"/></label>
<label><strong>Password:</strong> <input type="password" name="passWord" class="sprited"/></label>
<div id="actions">
<a class="close form_button sprited" id="cancel" href="#">Cancel</a>
<a type ="submit" name="adminSignin"class="form_button sprited" id="log_in" href="">Sign in</a>
</div>
</div>
</form>
<?php
}
}
?>
<form name="adminLogin" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<div id="sign_up_form">
<label><strong>Username:</strong> <input type = "text" name="userID" class="sprited"/></label>
<label><strong>Password:</strong> <input type="password" name="passWord" class="sprited"/></label>
<div id="actions">
<a class="close form_button sprited" id="cancel" href="#">Cancel</a>
<a type ="submit" name="adminSignin"class="form_button sprited" id="log_in" href="">Sign in</a>
</div>
</div>
</form>
<?php
}
} // end of function
And on my page where I am wanting the function to sit the code looks like this -
<?php
session_start();
// Test that page title has been created
if (!isset($pageTitle)) {
$pageTitle = '<< Page title not set >>';
}
// include the myFunctions file
include('includes/myFunctions.php');
// test if login details have been keyed in
if(!empty($_POST["userID"])) {
// Store userID and passWord in local variables
$userID=$_POST["userID"];
$passWord=$_POST["passWord"];
// check database for valid customer
checkValidAdmin($userID, $passWord);
}
?>
and then -
<div id="sign_up">
<h3 id="see_id">Administration Log in</h3>
<span>Please sign in using the form below</span>
<div><?php displayAdmin(); ?></div>
<a id="close_x" class="close sprited" href="#">close</a>
</div>
I have searched long and hard for this problem but can not seem to find the issue, if the issue jumps out at anyone I would love to hear from you!
Thank you so much in advance!!
Definitely your $_SESSION ['adminLogin']=="valid" condition is not true. Check it is set properly or session_start(); is called at beginning of the script.
The problem is you did'nt return the html string.
You should assign the form to a variable, and at the end of the function , return this variable.
$_SESSION['adminLogin'] value is empty i.e. not set or null. that is the reason function inside condition not satisfied.
I have a form which I want to submit, so when I click on submit it goes to the selectorpage.php and finds the selected function type e.g. login in this, which further calls the controller to execute the function. Issue I have is that there is a function called validateForm() in js, as soon as I click the submit button, it goes to the selectorPage.php. I wanted to stop the form submission, perform validation through js and then submit the form from there, I used onsubmit = return false; in form tag but it just blocks the form of doing anything further. And I also don't know how to redirect the form to the selectorPage if it somehow works in js. So anybody would like to give me an idea how to submit form from js and then redirect that page to selectorPage.php. Thanks
<form method="post" action="selector.php?type=login" id="login" id="loginForm">
<div class="row">
<div class="offset1 span1">
<div class="lbel">
<label class="control-label" for "loginName">
Username/Email
</label>
</div>
<div class="lbl_inpuCnt">
<input type="text" class="input-xlarge" id="loginName"
name="loginName" maxlength="50"/>
</div>
<div id="usernameError"> </div>
<div class="lbel">
<label class="control-label" for="loginPassword">
Password
</label>
</div>
<div class="controls">
<input type="password" class="input-xlarge"
id="loginPassword" name="loginPassword"
maxlength="50"/>
</div>
<div id="passwordError"> </div><br/>
</div>
</div>
<div style="margin-left: 55px;">
<input class="btn" style="width: 80px;" type="reset"
name="reset" value="Reset"/>
<input class="btn" style="width: 80px;" type="submit"
name="submit" value="Login" onclick="validateForm();"/>
</div>
</form>
this is the javascript according to the code above
function validateForm(){
form = document.forms['loginForm'];
if(document.getElementById('loginName').value == "")
document.getElementById('usernameError').innerHTML = 'Invalid username or email';
else{
document.getElementById('usernameError').innerHTML = " ";
form.submit();
}
} //suppose it for the email validation only for the time being
you could try
<form ... onsubmit="return validateForm();"
in the validateForm() function use
return true / false
depending if errors are found.
Here is the canonical way using inline event handling - see further down how it could be made unobtrusive. Also only have ONE id on the form tag, also NEVER call anything submit in a form it is a reserved word and will block submitting by script (which is what you tried to do)
<form id="loginform" ... onsubmit="return validate(this)">
<div style="margin-left: 55px;">
<input class="btn" style="width: 80px;" type="reset" name="reset" value="Reset" onclick="clearFields()"/>
<input class="btn" style="width: 80px;" type="submit" value="Login" />
</div>
</form>
this is the javascript
function validateForm(form){ // passing form object
document.getElementById('usernameError').innerHTML = ""; // reset
if (form.loginName.value == "") {
document.getElementById('usernameError').innerHTML = "Invalid username";
return false;
}
return true;// allow submission
}
Alternative
<form id="loginform" ..... No event handler here ...>
Script:
window.onload=function() {
document.getElementById("loginform").onsubmit=function() {
document.getElementById('usernameError').innerHTML = ""; // reset
if (this.loginName.value == "") { // notice the "this"
document.getElementById('usernameError').innerHTML = "Invalid username";
return false;
}
return true;// allow submission
}
}
I've had similar issues to this in the past myself.
When you click the 'Login' button of your form, you are triggering two separate events - Calling of the 'validateForm();' javascript function, and submission of the form itself. The problem here, is that submitting the form involves the browser sending an outbound request back to the form target, and to my knowledge, there is no way, using javascript, to kill a request event once it has been triggered.
Using 'onsubmit=return false;', likely, is doing exactly what it is supposed to do - Exiting the current javascript scope (and therefore preventing further javascript associated to that particular event from executing). However, unfortunately, the submission of the form itself, while possible to trigger and control via javascript, is not actually handled by javascript and is not a javascript function itself.
What I've found, in my experiences, to be the best solution, is to use the 'button' type input instead of the 'submit' type input - Both 'submit' and 'button' appear as buttons, but 'button' doesn't actually have any default inherent associated event action (therefore, doesn't actually do anything when you click on it) - What this means, is that, via event handlers (such as 'onclick', as you've done), you are able to entirely control what happens when a user clicks on a 'button'.
You haven't included your 'validateForm();' javascript function here, so I don't know what it contains, but, if it doesn't already do so, I'd include code to submit the form via that javascript function, submitting the form once validation has been successful (or returning some sort of human readable error if validation fails) - That combined with using 'button' instead of 'submit' should solve your problem.
Hope this helps. :)
Edit: Thought of this shortly after making my initial reply. Some browsers will process events handlers such as 'onclick' prior to submitting forms via the submit input type; However, I've found that certain older browsers do not do this currently (thus context of my above post). For newer browsers that honour the results of event handlers processed prior to form submission, it should be possible to prevent the second event (form submission) from occurring at all if validation fails; However, not all browsers honour these results, and I've found that some will continue to submit the form regardless of those results.
well thanks u all, so finally I found the solution by your ideas here is what I have done
rather putting return formvalidate(); function I put it in submit onclick event and it run like charm... thanks
<div style="margin-left: 55px;">
<input class="btn" style="width: 80px;" type="reset" name="reset" value="Reset" onclick="clearFields()"/>
<input class="btn" style="width: 80px;" type="submit" name="submit" value="Login" onclick="return validateForm();"/>
</div>
this is the javascript
function validateForm(){
var form = document.forms['loginForm'];
if(document.getElementById('loginName').value == "")
document.getElementById('usernameError').innerHTML = 'Invalid username or email';
else{
form.submit();
}
return false;
}