I'm learning PHP and trying to understand the if .. else statements a little better, so I'm creating a little quiz. However, I have come across an issue and I don't seem to know what the issue is. My problem is that whenever I type in the age in the input area, it will give me the $yes variable every time even if I enter the wrong age.
Here is my code so far:
My html file:
<form action="questions.php" method="post">
<p>How old is Kenny?<input></input>
<input type="submit" name="age" value="Submit"/>
</p></form>
My php file:
<?php
$age = 25;
$yes = "Awesome! Congrats!";
$no = "haha try again";
if ($age == 25){
echo "$yes";
}else{
echo "$no";
}
?>
You catch the user input inside the $_POST superglobal var (because the method of your form is POST.
So
<?php
$age = 25;
should be
<?php
$age = $_POST['age'];
There is an error in HTML too. This
<input type="submit" name="age" value="Submit"/>
should be
<input type="text" name="age" value=""/>
<input type="submit" value="Click to submit"/>
Because you want one input and one button. So one html element for each element.
and <input></input> must be cleared because it's not valid syntax :-)
<form action="questions.php" method="post">
<p>How old is Kenny?</p><input type="text" name="age"></input>
<input type="submit" value="Submit"/>
</form>
$age = (int) $_POST["age"];
$yes = "Awesome! Congrats!";
$no = "haha try again";
if ($age == 25) {
echo $yes;
} else {
echo $no;
}
<?php
/* Test that the request is made via POST and that the age has been submitted too */
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['age'] ) ){
/*
ensure the age is an integer rather than a string ..
though for this not overly important
*/
$age=intval( $_POST['age'] );
if( $age==25 ) echo "Congratulations";
else echo "Bad luck!";
}
?>
<form action="questions.php" method="post">
<p>How old is Kenny?
<input type='text' name='age' placeholder='eg: 16' />
<input type="submit" value="Submit" />
</p>
</form>
A simple html form, note that the submit button does not carry the values you want to process, they are supplied via the input text element.
First of all, you need to echo the variable; echoing "$no" will keep it as a string. Remove the quotes from "$no" and "$yes" in your if then statement. Otherwise, your code seems sound!
Related
I want form to post automatically if zip variable is passed from URL.
URL looks like: www.sitename.com/maps/zipsearch.php?zip=90210
Form looks like:
<form method="post">
Zipcode:
<input name="zip" value="<?php echo (isset($_GET["zip"]))? $_GET["zip"]:"";?>" />
<input type="submit" name="subbut" value="Find instructors" />
</form>
So it fills the input box with zip code but I would like it to post automatically to see results again if zip is passed.
Maybe an IF / THEN?
Any help would be appreciated.
You mean to echo the value passed in GET parameter?
<input type="submit" name="subbut" value="<?php echo isset($_GET['zip'])?$_GET['zip']:'Find'; ?>" />
EDIT
Or, if you are asking about submitting the form, then something like this might work I believe:
<input type="submit" name="subbut" value="<?php echo isset($_GET['zip'])?$_GET['zip']:'Find'; ?>" />
<?php if( isset( $_GET['zip'] ) ) { ?>
<script>
document.forms["name_of_the_form_here"].submit();
</script>
<?php } ?>
like this:
<form id="form" action="form.php" method="post">
Zipcode:
<input name="zip" value="<?php echo (isset($_GET["zip"]))? $_GET["zip"]:"";?>" />
<input type="submit" name="subbut" value="Find instructors" />
</form>
<?php if (isset($_GET["zip"])): ?>
<script>document.getElementById('form').submit()</script>
<?php endif; ?>
since passing data via URL means GET method, so i think you have a little misconception with your question.
if you would like to post automatically you dont need to show form.
just put this code in your zipsearch.php
if ($_GET['zip'] != ""){
// do what you want if zip parameter is not null
}else{
// do what you want if zip parameter is null
}
It looks like your form is submitting to itself. (Eg. zipsearch.php displays HTML form. When user submits form, it is posted back to zipsearch.php which displays the search results).
If this is the case, you don't have to post anything, because you are already inside the file that handles the form submission. You could do something like this:
<?php
if (isset ($_POST['zip'])) {
$zip = $_POST['zip']; /* Form was submitted */
} else if (isset ($_GET['zip'])) {
$zip = $_GET['zip']; /* "?zip=" parameter exists */
}
if (isset ($zip)) {
/* Display search results */
} else {
/* Display form */
}
So i got this code, at the moment it is repeating everything , and i just wanted it to repeat the echo, so i get all usernames from it, if i leave it as it is it will also repeat the form when i press a username. Every time i tried to ajust it, it just gave me syntax errors
<?php do { ?>
<?php
$username = $row_mensagens['username'];
$user = $row_mensagens['id'];
if(isset($_GET['user']) && !empty($_GET['user'])){
?>
<form>
Introduz mensagem : <br>
<textarea name='message' rows='7' cols='60'></textarea>
<br><br>
<input type='submit' value="Send Message" />
</form>
<?php
} else {
echo "<p><a href='mensagens.php?user=$user'>$username</a></p>";
}
?>
<?php } while ($row_mensagens = mysql_fetch_assoc($mensagens)); ?>
that do { } while() will always repeat as many as the number of records come from database.
You can do it this way:
<?php
if(isset($_GET['user']) && !empty($_GET['user'])){
?>
<form>
<input type="hidden" name="user" value="<?php echo $_GET['user']; ?>" /> <!-- hidden field so you can process to who -->
Introduz mensagem : <br>
<textarea name='message' rows='7' cols='60'></textarea>
<br>
<br>
<input type='submit' value="Send Message" />
</form>
<?php
} else {
do {
$username = $row_mensagens['username'];
$user = $row_mensagens['id'];
echo "<p><a href='mensagens.php?user=$user'>$username</a></p>";
} while ($row_mensagens = mysql_fetch_assoc($mensagens));
}
?>
Move do { inside else and show the form only if you have a $_GET['user']
I have also added for you a hidden field, so you know who to send message.
Hope you understand how this works. Documentation on Control Structures: do-while
I also suggest to make that form a post form, as by default it is a get form, and since you have a textarea you are more likely to bump into errors if the message is too long.
LE: Another suggestion, try to move to PDO or mysqli_* functions since mysql_* functions are considered deprecated as of PHP 5.5 and have some good chances to be removed.
every time i am refreshing the page and i am getting the same value stored in the post array.
i want execution of echo statement only after submit and after refreshing no echo results..
<?php
if(isset($_POST['submit']))
{
$name = $_POST['name'];
echo "User name : <b> $name </b>";
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="text" name="name"><br>
<input type="submit" name="submit" value="Submit Form"><br>
</form>
From just a form, you won't be able to check if it was a refresh, or a first submit, regardless of using GET or POST method.
To ensure a single message, you need to:
a. redirect the user to somewhere else after you processed the request.
if(isset($_POST['submit'])) {
// process data
header("Location: new-url");
}
And display the message on the other URL.
b. set a cookie / session variable, which tells you the form was already processed.
if(isset($_POST['submit']) && !isset($_SESSION['form_processed'])) {
$_SESSION['form_processed'] = true;
}
This second approach will kill your form until the user closes the browser, so you should do something more complex - like storing another hidden field in the form, and storing that in the session.
If you submit a form and then refresh the resulting page, the browser will re-post the form (usually prompts first). That is why the POST data is always present.
An option would be to store a session variable and have it sent in the form, then check if it matches in the form processing code - to determine if it is a re-post or not.
Within the form:
<input type="hidden" name="time" value="<?php echo $time; ?>" />
In the PHP:
session_start();
if(isset($_POST['submit']))
{
if(isset($_SESSION['time']) && $_SESSION['time'] == $_POST['time'])
{
echo "User name : <b> $name </b>";
}
}
$time = $_SESSION['time'] = time();
Another option is to redirect after processing the post data:
if(isset($_POST['submit']))
{
...
...
header('Location: ' . basename($_SERVER['PHP_SELF']));
exit();
}
You need to maintain a state as to whether $name has already been displayed or not. The easiest way is probably to maintain that state in a browser cookie.
<?php
$nonce = $_COOKIE['nonce'];
$new_nonce = mt_rand();
setcookie('nonce', $new_nonce);
if(isset($_POST['submit']) && $_POST['nonce'] == $nonce)
{
$name = $_POST['name'];
echo "User name : <b> $name </b>";
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="hidden" name="nonce" value="<?php echo $new_nonce ?>">
<input type="text" name="name"><br>
<input type="submit" name="submit" value="Submit Form"><br>
</form>
Problems
you are polluting the user “session” with stale variable.
this will break if your user opens several windows (or tabs) to the same page. To fix this you would have to change the nonce cookie into an array of nonces, and update it accordingly.
if you want refresh page after submit use
<form method="get"
sure if your form hasn't a lot of data and also need to use $_GET instead of $_POST variable:)
correct way for you, but this logic is not good, need to refactor this script:
<?php
if(isset($_POST['submit']))
{
$name = $_POST['name'];
echo "User name : <b> $name </b>";
unset($_POST['submit']);
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="text" name="name"><br>
<input type="submit" name="submit" value="Submit Form"><br>
</form>
I have a problem here saving a value on a textbox using session.
I enter a value on one of the textbox and the other one has none, I submit it. The value will come out on the first textbox and will disable the textbox, but when i put a value on the second textbox and submit it, the value on the first textbox has gone. Can anyone help me with this problem?
PHP
<?php
session_start();
#$two = $_POST['two'];
#$four = $_POST['four'];
if(isset($_POST['submit'])){
$_SESSION['two'] = $two;
$_SESSION['four'] = $four;
}
?>
HTML
<form method="POST">
Textbox One: <input type="text" value="<?=#$_SESSION['two']; ?>" name="two" class="inputborder" size="20" <?phpif(#$_SESSION['two']){ echo"disabled=disabled";} else{echo ""; }?> />
<br>
Textbox Two: <input type="text" value="<?=#$_SESSION['four']; ?>" name="four" class="inputborder" size="20" <?php if(#$_SESSION['four']){ echo"disabled=disabled";}else{ echo ""; }?> />
<br>
<input type="submit" name="submit">
</form>
Why are you trying to grab the variables for $two and $four before checking submit?
<?php
session_start();
if(isset($_POST['submit'])){
if(isset($_POST['two'])){
$two = $_POST['two'];
}
if(isset($_POST['four'])){
$four = $_POST['four'];
}
$_SESSION['two'] = $two;
$_SESSION['four'] = $four;
}
?>
That should remove the need for the '#' symbol in the PHP. (although further error handling would be appropriate). But you are suppressing errors everywhere, how are you supposed to get feedback?
I am just starting to learn php, how would I initiate a echo statement after a submit button is pushed, or even a anchor tag.
Here is my code so far
form name="myform" method="get" actions="madlib01.php"
Name: <input type="text" name="name" /> <br />
<input type="submit" name="submit" />
form
<?php
$Name = $_GET['name'];
$hello .= "Hello $Name";
echo $hello //I would prefer the echo to happen after the submit button is hit
?>
the correct attribute for your form tag is "action", not "actions"
When the form is submitted, a new request is sent to the server (in your case, using GET).
So to do it all in one page:
form.php:
<form action="form.php" method="GET">
<input type="text" name="name"/>
<input type="submit">
</form>
<?PHP
if (! empty($_GET['name'])){
echo 'Hello, ' . $_GET['name'];
}
?>
You will first need to check if PHP has received your GET parameter using isset or array_key_exists:
if(isset($_GET['name']) && !empty($_GET['name'])) {
$Name = $_GET['name'];
echo "Hello $Name";
}
or:
if(array_key_exists('name', $_GET) && !empty($_GET['name'])) {
$Name = $_GET['name'];
echo "Hello $Name";
} else {
//example: default to something if nothing has been passed
echo "Hello Guest";
}
Also note, if you're submitting to the same page, you can omit the action attribute from your form tag altogether:
<form method="GET">
echo $hello
You've just gained an HTML-injection vulnerability. If someone sends your user to:
http://www.example.com/madlib01.php?name=<script>stealYourCookies()</script>
you've got problems.
Yes, this is a My First PHP Script. That doesn't make security optional. This is a mistake every tutorial makes: teaching bad practice from the start, treating correctness (and security, which is a subset of correctness) as an optional extra.
The result is that most PHP code out there is full of holes. But there's no need for yours to be! Every time you place a pure-text string into a surrounding HTML context, escape it properly:
echo htmlspecialchars($hello);
I tend to define a function with a shorter name than ‘htmlspecialchars’ to do that for me, as I'm lazy.
<?php
function h($text) {
echo(htmlspecialchars($text, ENT_QUOTES));
}
$name= '';
if (isset($_REQUEST['name']))
$name= trim($_REQUEST['name']);
?>
...
<?php if ($name!=='') { ?>
<p> Hello, <?php h($name); ?>! </p>
<?php } ?>
<form method="get" action="madlib01.php">
<p>
<label for="namefield">Name:</label>
<input id="namefield" type="text" name="name" />
</p>
<p>
<input type="submit" />
</p>
</form>
Now if you say your name is Mister <script>, the page will greet you exactly as such, angle brackets and all, instead of trying to run JavaScript. This is the correct output and thus also secure.