I have looked around for "PHP validation and redirection" but so far they don't work me because I cannot execute PHP scripts inside a HTML page because my website hosting does not give me access to the apache config httpd file. I can add handlers but I don't think that helps me. Here's what I'm trying to do:
User inputs some stuff including a valid email address
PHP creates a json string and save it on the server (works)
Write an email to the user confirming what they've entered (works)
Re-direct after the submit which is from the following code:
<form method=POST action="go.php">
<input type="submit" value="Submit" />
</form>
If the user has entered anything invalid (email, name...) the PHP script should return the user to the previous page with a red * beside the field that's invalid.
My question is, how can I do that without putting PHP inside the html?
Related
I have a form with one text input field:
index.html
<form method="post" action="comment.php">
<a href="javascript:void(0)">
<div class="avatar" style="background:url('img/user4561.jpg') center/cover"></div>
</a>
<input name="comm" type="text"/>
<input type="submit" value="submit"/>
</form>
And here is comment.php in the same directory
<?php
echo $_POST["comm"];
?>
Now the most incredible event. The form data does not get submitted! I get an error:
Notice: Undefined index: comm in 192.168.0.1/comment.php on line 2
I changed comment.php like this:
<?php
if(isset($_POST["comm"])) {
echo "It is set";
} else {
echo "It is not set";
}
?>
and I get:
It is not set
So, I copied the HTML code of the form into another blank webpage. I also changed the action attribute of the form to "192.168.0.1/comment.php". Now I get
It is set
I also tried using GET instead of POST, but I am again in the same conflict.
EDIT: I removed all other files and code, except for the form and its script. The problem persists. You can now read and modify the source code. Go to files.000webhost.com. Use chatstack as the website name and 6RxOkuJ1CIkbNqxKUMGr as the password.
EDIT: I modified the code for the form above to exactly match that in the above given link. I noticed that removing the link from inside the form solves the problem. I have already done this, but this is so weird. According to this post it is totally fine to have other elements inside a <form> element. There are also other parts of my website where I have <div> elements inside a form element and the form is working fine.
What is this? Is it the server or something else?
I am pretty sure the information provided here is not enough. Feel free to ask for any additional information. There is just too much information to write in a post, and I don't know which part of it is relevant.
Open your dev-console in browser.
Go to the network tab. Now you fill in your form and submit. After your comment.php is loaded, you check for the very first row in the network tab (should be the comment.php html document).
When you click on that request it should display you, whether the request was GET or POST and also what data were sent to this document.
You can also try at comment.php var_dump($_REQUEST); to see what data were sent and how it can be accessed.
By this you can see if server all over receives any data. If yes, then you go for an other server like apache2 for testing purpose to look if bug is fixed.
That's how I would to that, but I suspect that by editing your code for the public, you accidentally withheld some information that would solve this simple problem.
It's very unlikely that web-servers like WAMP had passed the testing environment before publishing a new version allthough no data could be procesed by server
I wrote a login code in PHP:
<form NAME="form1" METHOD="POST" ACTION="operation/validateLogin.php">
Username <br/><input name="username" type=text autocomplete="off"><br/><br/>
Password <br/><input name="password" type=text autocomplete="off"><br/><br/>
<button class="btn btn-primary submit" type="submit">Sign In</button>
</form>
When I submit the form the credentials are sent to a validation file. If an error occurs the file sends the error message back to the login page:
header("Location: http://localhost/demoapp/login.php/?em=28");
I handle the 'GET' parameter and print the error message:
if (isset($_GET['em'])){
if($_GET['em'] == 28){$errorMessage = "Your username or password was incorrect.";}
}
Now the user needs to try to login again by resubmitting the form, but the action of the form is:
operation/validateLogin.php
and the URL is now:
http://localhost/demoapp/login.php/?em=28
Therefore, when the form is submitted the url becomes:
http://localhost/demoapp/login.php/operation/validateLogin.php
When it should be...
http://localhost/demoapp/operation/validateLogin.php
How do you prevent this from happening to the URL?
The ACTION attribute of an HTML form can be set with a relative URL:
/operation/validateLogin.php
or
/validateLogin.php
It's actually recommended to work with relative URLs for HTML elements:
Absolute vs relative URLs
However, when working with PHP an absolute URL is your best option:
http://localhost/demoAPP/operation/validateLogin.php
The use of absolute URLs will relieve your code of accidental URL concatenation.
I had trouble recently figuring out which type of URL to use for certain situations, but this is what I've realized...
PHP (local/server language) = Absolute Local/Server Address
require "C:/dev/www/DEMO/operation/login/validateLogin.php";
include "C:/dev/www/DEMO/operation/login/validateLogin.php";
header("Location: http://localhost/demoapp/login.php/?em=28"); (redirect to a web address)
This may seem really simple but remembering this will save you a lot of troubleshooting time.
If you are using .PHP files, alter the URL in any way, and are not using absolute URLs you will most certainly receive errors.
Additional: You'll notice that you can use a web address for HTML attributes and not run into any problems. However, with PHP requires and includes you can only use local addresses. There is a reason for this limitation and it's all because of one important PHP setting...
https://help.dreamhost.com/hc/en-us/articles/214205688-allow-url-include
Hello I have a web page where users can view and edit their application information. I have an Edit button. When a user clicks on this button it takes him to an edit page. Here is my code:
<form name="form3" method="post" action="pages/application_edit.php?id=<?php echo "$id[0]";?>&pwd=<?php echo "$pwd";?>">
<input type="submit" name="Submit" value="Edit Application" class="button">
</form>`
After a click the user sees this URL:`http://website.com/pages/application_edit.php?id=1&password=Flower1
How can I hide the password from the URL?
Instead of sending the values as $_GET values, send them as $_POST values to that PHP page.
<form method="POST" action="pages/application_edit.php"> // no need for the URL query string
In the PHP file
<?php
$user_id = $_POST['id']; // similar to how you'd use $_GET
....
Although the way you're approaching this is wrong, you shouldn't be passing these values between pages. At the very least your username/id should be stored as a session variable and information should be accessed when required from a database.
Either way, that's how you can send them without having them "visible".
It seems you lack session control routines.
You should manage all private options of your application (the ones you are able to perform only - and just only - when you are logged in) inside a session to avoid exposing user credentials.
You can start learning about it here.
Also, consider encrypting your HTTP requests using SSL certificate.
I´ve a multipart form with a mixture of default inputs (text, select etc.) and a file upload (<input type="file">).
I´m using a combination of form validation class and upload library of Codeigniter for form submission. That works great.
I´ve only one problem for what I haven´t found a solution yet: If the user selects an image but misses to fill another required field (like "name"), then the form validation class blocks the request and shows an error message to the customer.
But now I´ve the problem, that the image was already submitted successfully and I don´t want to let the user add the file again. So I want to pre-fill the file input with this data.
I´ve tried different things like:
<input type="file" name="image" value="<?php echo set_value('image','');?>" />
and also spent time on finding a solution on the web but without success.
On the server side, you do not get any information about where the file is located on the client's computer, so in the scenario of a user uploading an image successfully but the user hasn't filled out the rest of the fields properly, you have to simply omit the input type="file" field entirely but keep a store of where the file is located on your server. There's a few ways to go about this, but it all involves taking the absolute location of the uploaded file and:
Inserting it back as a hidden value using <input type="hidden" name="uploadedFile" value="<?php echo $absPath; ?>" /> then checking for the existence of $_POST['uploadedFile'] and utilizing it appropriately. But this isn't a solid idea as you're now exposing server paths to the end-user (opens yourself up to malicious attack.)
Starting a session and saving the absolute path in the $_SESSION variable while presenting the user with a simple token in their re-attempt form.
I'd stick with method 2, so assuming you've done all the work to validate the form and upload the file and your file is located in $absFilePath, you could do the following:
session_start(); // This needs to be at the very top of you PHP file
// ...
$formToken = md5(time());
$_SESSION['uploadedFile'][$formToken] = $absFilePath;
Then render the token as a hidden variable using:
if (!empty($_SESSION['uploadedFile'][$formToken]))
echo '<input type="hidden" name="formToken" value="'.$formToken.'" />';
and hide the file upload portion using
if (empty($_SESSION['uploadedFile'][$formToken]))
echo // <input type="file" output here...
finally inside of your form submission code check for the existence of a formToken value before attempting to load $_FILES['image'] using isset($_POST['formToken']), and handle it using:
$absFilePath = $_SESSION['uploadedFile'][$_POST['formToken']];
Bam! Now you have your absolute file path as if the file had been uploaded just like before.
Since you haven't given enough code, I can only given you enough instruction to get you started, but this should be more than enough.
I want to display warning messages in html. This code shows two text boxes named "company" and "name". con.php connects to the database and inserts the information. But if I enter nothing, then the values are still getting stored in the database as null. I want user to know that he shouldn't leave the fields blank by displaying some messages and also a warning should appear if the given company already exists in the database. How do I implement that?
<html>
<head>
<title>store in a database</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<h2>company Store</h2>
<form name="form1" method="post" action="con.php">
<p>company:<input type="text" name="company">
<br/>
<br/>
<br/>
Name: <input type="text" name="name" size="40">
<br/>
<br/>
<br/>
<input type="submit" value="Save">
<input type="button" onclick="window.close()" value="cancel">
</form>
</body>
While an alert message cannot be produced without JavaScript, you could take advantage of HTML5's placeholder attribute to inform the user of this message:
<input type="text" placeholder="You must enter something in this field"! name="whatever" id="whatever" />
And couple this with JavaScript:
var inputElem = document.getElementById('whatever');
var form = document.getElementsByTagName('form')[0];
form.onsubmit = function(){
if (inputElem.value = '' || inputElem.value.length < 1){
alert('You must enter some actual information');
return false;
}
};
However JavaScript can be edited by the users, via Firebug, Web Inspector, Dragonfly...or by simply creating a new html file and submitting the form to the same source from the action attribute of the form element. Therefore your form-handling script must be sanitised and checked on the server as well as the client; client-side checking is a convenience to the user (to prevent unnecessary page-reloads, submissions and so on), it is not a security feature, and should not be used, or mistaken, as such.
Best way is using Ajax if you want to do it at the same page. You need to read some tutorials on it. It's not that easy to explian here.
If reloading or redirecting to other page is ok for you, you should compare the submitted form value with the values in the database in a PHP script which is redirected from form submission (action url). If values doesn't match and not empty, store the values to database and redirect to a page like the list of companies or "company successfully created" message page. If values match with an old record or empty, redirect back to the same form page with a flag (something like form.php?error=1 etc.) and show the proper error message.
Also you can use JavaScript for immediate alerts. But you should always do the same checks at PHP side since JavaScript can be disabled in browsers.
In con.php you should do your data validation and return the markup (or redirect to page describing the error).
So, check for empty fields, and if the exists redirect the user to a page saying the fields can not be empty (and probably allow them to enter new values).
If the data entered is ok, check the database for duplicates and if they exist, redirect the user to a page saying that the company already exists (and again probably allow the user to correct the data).
You can not do it only with HTML.
You need to add a form validation (to prevent empty strings), HTML5 form validation can do that for you (check http://www.broken-links.com/2011/03/28/html5-form-validation/), but not all browser support it, so you will need to use JavaScript to validate the form.
There are JavaScript libraries that will take an old browser and make it behave like a browser that support HTML5 (check http://www.matiasmancini.com.ar/jquery-plugin-ajax-form-validation-html5.html).
You will also need to retrieve the companies already in your database and check them against the user input and alert him if needed.
On top of that you will need to validate the data in your PHP before inserting it to the database (check for empty string for example).