If i upload file with single quotes that will cause empty name when i do print_r to $_FILE. for example, file named 2'.ogg that system would output .ogg. I think that windows causes this, but i'm not sure. here the code i'm using:
<?php
if(isset($_POST['submit'])) {
print_r($_FILES);
}
echo <<<Print
<form action='' method="POST" enctype="multipart/form-data">
<input type="file" name="t[]"> <input type="submit" name="submit">
</form>
Print;
?>
Use addslashes() to escape single quote and stripcslashes() to remove added slashes.
Related
<?php
if(isset($_POST['btnLogin'])){
$myVariable = $_POST['fieldParameter'];
if(condition){
//do something
}else{
echo "
<form method='POST' action='submit.php'><br/>
<input type='hidden' name='myVariable' value='<?php echo $myVariable; ?>'/>
<br/>
<input type='submit' name='btnSubmit' id='submit' value='Submit'>
</form>
";
}
}
?>
Notice that the variable $myVariable is contained in the main IF block. I'm trying to send the value of $myVariable to submit.php as hidden field.
Also, i enclosed all the html tags using one echo statement with double quotes.
I found related questions here in SO but can't find similar to embedding php within a long echo of html tags
I tried to put value='<?php echo $studentNo; ?>' with no success.
I want to access it in a submit.php file like this,
submit.php
<?php
$aVariable = $_POST['myVariable'];
echo $aVariable;
?>
How can I pass the value contained in $myVariable as hidden field? Is there something wrong with the way I use double and single quotes?
If you are already echoing a string you shouldn't put <?php echo "" ?> inside it again. You should concatenate your string instead. But in your case you don't even need to do that, because you're using double quotes for echoing which means you can simply just write your variable in it.
echo "<form method='POST' action='submit.php'><br/>
<input type='hidden' name='myVariable' value='$myVariable;'/>
<br/>
<input type='submit' name='btnSubmit' id='submit' value='Submit'>
</form>";
If you were using single quotes for your echo, it would look like this:
echo '<form method="POST" action="submit.php"><br/>
<input type="hidden" name="myVariable" value="' . $myVariable . '"/><br/>
<input type="submit" name="btnSubmit" id="submit" value="Submit">
</form>';
You just need to type $myVariable instead of in your string. Double quotes "" only creates a string literal. It doesn't directly output data like inline HTML. As you can see from the syntax coloring in StackOverflow, the
You can try these variants (simplified):
// code before
echo "<input type='hidden' name='myVariable' value='$myVariable'/>";
// code after
// OR //
// code before
?>
<input type='hidden' name='myVariable' value='<?= $myVariable ?>'/>
<?php
// code after
Note that the quotes you use in HTML don't affect PHP, as long as you escape them properly (use \" and \' where appropriate).
I have a form to get information and when i type just spaces with no any other character it gets posted, How could i avoid inserting just spaces in the form?
<form action="index.php" method="post">
<textarea name="textA"></textarea>
<input type="submit" name="sent" value="Send">
</form>
<?php
if(isset($_POST['sent']) && !empty($_POST['textA'])){
$insert=new Insert();
$insert->insertData($_POST['textA']);
}
?>
Just use trim() which will remove all leading and trailing spaces. If there are only spaces in the string then it will become an empty string and empty() will be true.
if(isset($_POST['sent']) && !empty(trim($_POST['textA']))){
You can also do things like str_replace() to replace spaces with and empty string or preg_replace() to do the same but this should do what you need.
I have a web site that allows people to upload a csv file and then it loads it into a postgres database. uploading the file is fine and i capture the file name and location ../Data/Uploads/mycsv.csv as $_POST['fname'].
I'm trying to use this variable in $file=file($_POST['fname']) but cant get it to work however if i hard code it in as $file=file("../DATA/Uploads/mycsv.csv") it works. I have attached the code in question. Thanks in advance for any help
Also to clarify echo $_POST['fname']; returns ../DATA/Uploads/mycsv.csv, which is the same as the hard coded value.
please bear with me as im only relatively new to this. I have attached the 2 html forms being used as well. the top one passes the $fname variable containing the file name and path from the php code used to upload the file.
<Form Method="post" Action="../PHP/Loadcsv.php">
<input type="text" value="<?php echo htmlspecialchars($fname);?>" name="fname">
<br />
<Input Type="submit" Value="Continue">
</Form>
this is the php copy the csv into the database
<?PHP
if ($_POST['submit']) {
$file = file(printf($_POST['fname'])); //****doesnt work******
//$file = file("../DATA/Uploads/csv_trial1.csv"); //********This works******
$db = pg_connect("host=localhost dbname=blah user=me password=you");
pg_exec($db, "COPY personaldetails FROM stdin");
foreach ($file as $line) {
$tmp = explode(",", $line);
pg_put_line($db, sprintf("%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n", $tmp[0], $tmp[1], $tmp[2], $tmp[3], $tmp[4], $tmp[5], $tmp[6], $tmp[7]));
}
pg_put_line($db, "\\.\n");
pg_end_copy($db);
?>
below is the html to run the above php.
<form id='form' method='post' action='' >
<input type="submit" name="submit" />
</form>
after running a whole lot of echo to find where the variable is reaching, i dont think it is reaching the inside of the if statement possibly due to the next use of post??
**update**
So after a little playing and bouncing ideas almost literally off my office walls.... i was on the right track and Devon was right too, my problem was the 2 post requests the answer was to have a php variable $filename = $_POST['fname']; to take the variable from the first form and put this into the input for the second form
<form id='form' method='post' action='' >
<input type="hidden" value="<?php echo htmlspecialchars($filename);?>" name="fname">
<input type="submit" name="submit" />
I'm sure there may be other ways to achieve this but at the moment it works.
I'm not sure where you came up with printf(), but any print or echo command will output the arguments to the browser and won't return it to the function at hand. You don't need to use anything special to use a variable as an argument. Just: file($_POST['fname']);
Printf specifically outputs a formatted string and returns the length of the string. So this is the equivalent of calling file(integer) where integer is the length of $_POST['fname']'s value.
I have string parameter with apostrophes that I need to pass it to another php page.
My code is:
echo '<form name="submitForm2" action="creatDocument.php?$formulation='.$formulation.'" method="POST">
<input type="submit" value="pass"/>
</form>';
The $fomulation parameter contain the string with hebrew characters that came from user.
if $fomulation = אבג"דה
creatDocument.php received just $fomulation = אבג .
How can I fix it?
What's happening is that the URL parser is breaking on the single quotes. Check out the URLEncode method, to encode your query string parameters.
http://us3.php.net/urlencode
echo '<form name="submitForm2" action="creatDocument.php?$formulation='.urlencode(utf8_encode($formulation)).'" method="POST">
<input type="submit" value="pass"/>
</form>';
I have two variables containing some html code, and another variable containing code for a html form. I am trying to expand a string within the second to pass it as a parameter to a function, however this causes some errors.
My make popup function is very simple:
function popup(htmlcode){
child1 = window.open ("about:blank");
child1.document.write(htmlcode);
child1.document.close();
}
The code that uses the above function
<?php
$blah = "<h1>Well</h1>"; $test = "<h2>Done</h2>";
echo '<script type="text/javascript" src="fetchlayers.js"></script>';
$formcode = "<form action=\"process.php\" method=\"post\" enctype=\"multipart/form-data \">
<label for=\"file\">Filename:</label>
<input type=\"file\" name=\"file\" id=\"file\"/>
<br />
<input type=\"submit\" name=\"submit\" value=\"Submit\" onclick=\"setTimeout(function() { sendInfo(\"".$blah."\", \"".$test."\"); } ),1250);\" />
</form>";
echo "<h1>hello</h1>
<div id='form'>
<a href='#' onclick=\"popup('" . htmlentities($formcode) . "'); return false;\">
click here</a>
</div>";
This produces decent enough html code, however firebug gives me an error that I have an unterminated string lateral. I cannot find where this is. I understand the way I have done this is not ideal, but I am learning and do not know a better way at present. I appreciate any input
edit: OK, so the problem was that I had unterminated string literals, which were \n characters. I made the string into one line and it called the function correctly.
Is it not possible to break one echo statement into multiple lines?
Now the problem is with the html generated in the popupwindow. Some of the code is actually printed to the screen, why is this?
<form action="process.php" method="post" enctype="multipart/form-data "><label for="file">Filename:</label><input name="file" id="file" type="file"> <br><input name="submit" value="Submit" onclick="setTimeout(function() { sendInfo(" type="submit"><h1>Well</h1>", "<h2>Done</h2>"); },1250);" /></form>
See the image here:
A better way to do this is to open an HTML or PHP page that already has the form code in it, instead of opening about:blank and passing it dynamically.
There is no reason you should ever have to pass HTML into a Javascript function just so it can be directly written to document.
If you absolutely have to keep the popup function as is, I found a solution with help from this answer to "How do I escape a string inside javascript inside an onClick handler?".
<?php
$blah = "<h1>Well</h1>"; $test = "<h2>Done</h2>";
echo '<script type="text/javascript" src="fetchlayers.js"></script>';
$formcode = '<form action="process.php" method="post" enctype="multipart/form-data ">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"/>
<br />
<input type="submit" name="submit" value="Submit" onclick="setTimeout(function() { sendInfo(\\x27'.$blah.'\\x27, \\x27'.$test.'\\x27); }, 1250);" />
</form>';
echo "<h1>hello</h1>
<div id='form'>
<a href='#' onclick='popup(\"" . addslashes(str_replace("\n", ' ', $formcode)) . "\"); return false;'>
click here</a>
</div>";
?>
Before edit:
Maybe you can do it differently.
Javascript functions:
function popup(id, params){
var html = document.getElementById(id).innerHTML;
if (params != undefined) {
html = findAndReplaceStrings(html, params);
}
var child1 = window.open ("about:blank");
child1.document.write(html);
child1.document.close();
}
function findAndReplaceStrings(text, json) {
for (var x in json) {
text = text.replace(x, json[x]);
}
return text;
}
HTML hidden code:
<div style="display:none;" id="process">
<form action="process.php" method="post" enctype="multipart/form-data ">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"/>
<br />
<input id="submit" type="submit" name="submit" value="Submit" onclick="setTimeout(function() { sendInfo('{param1}', '{param2}'); } ), 1250);" />
</form>
</div>
HTML link with json:
<a href="#" onclick="popup('process', {'{param1}':'<h1>Well</h1>', '{param2}':'<h2>Done</h2>'}); return false;">
click here</a>
You must escape the carriage returns (\n) by doing
$formcode = str_replace("\n", "\\n", $formcode);
You also have to escape the quotes
$formcode = str_replace("'", "\\'", $formcode);
You can combines those two lines into a single one:
$formcode = str_replace(array("\n", "'"), array("\\n", "\\'"), $formcode);
The submit button has an extra ) which closes the setTimeout function too early. The specific spot is inside:
} ),1250
you should also probably think about using single quotes inside the php string to make it all easier to read. And because you're using double quotes you don't have to break out of the string to insert the content of the variables $blah and $test.
something like this should work:
$formcode = "...
<input type='submit' name='submit' value='Submit'
onclick='setTimeout(function() { sendInfo(\"$blah\", \"$test\"); },1250);' />
...
";
EDIT:
looks like it's closing the onclick too early now. Matching these as the start and end quotes:
onclick=\"setTimeout(function() { sendInfo(\"
I changed the sendInfo line to the following, ran it and looks like it's working. The single quote is escaped here so it doesn't prematurely close the call to popup().
sendInfo(\'".$blah."\', \'".$test."\');