I have an
<input type="text" name="name">
<input type="file" name="photo">
After submit it form, I found some errors, so, I do:
<input type="text" name="name" value="<?php echo htmlspecialchars($_POST['name']); ?>">
<input type="file" name="photo" value="WHAT HERE?!">
As you can see, I don't know what I need to write on the value attr to refill the selected file form the user.
Can I do that?
Thanks!
Unfortunately, this cannot be done because it presents too many security risks. When a file is uploaded, the browser is not given the actual file path but rather creates a temporary file (with a path value of C:\fakepath) that it can send to the server on processing. So there is no value you can pass through the POST that you can put back into an input to choose a file.
An alternative would be to use AJAX for form validation, that way the user never leaves the page until the form is ready to submit.
Can I do that?
No, you cant. For security reasons, the value attribute is ignored for input elements
of type="file".
Possible workarounds:
Keep a reference to the submitted file (that is stored on disk) in a hidden input. Show a message to the user to inform that the file not need to be entered again, because you already have it from previous failed submits.
Submit your form via AJAX.
Validate as much as possible on the client side with javascript to avoid reloads. This will assume javascript is enabled.
Related
I'm a bit confused of do I need to prefix form input variables with i.e. ('car_', or 'bike_' corresponding to 'car_make', 'bike_make') or can I use same template for both forms without prefixing variables. And if so, do I still need to prefix the 'submit' field, or having different form name is enough to avoid data collision.
I have these two HTML forms on the same page:
<form action="" name="car_search_form" method="POST">
<input type="hidden" name="make" value="Audi" />
<input type="submit" name="car_do_search" value="Search Car" />
</form>
<form action="" name="bike_search_form" method="POST">
<input type="hidden" name="make" value="Schwinn" />
<input type="submit" name="bike_do_search" value="Search Bike" />
</form>
So, in the end I want to get correct value for $validCarMake via this code:
if(isset($_POST['car_do_search']))
{
$paramCarMake = isset($_POST['make']) ? sanitize_text_field($_POST['make']) : '';
$validCarMake = esc_sql($paramCarMake); // For SQL queries only
// TODO: Add data saving to database
}
Also, I want to understand the decision process of PHP engine. How it does deside which variable to choose - how it know on which button I clicked, and why not it does just submit all forms on the page? Also, if there would be any difference if I'd use "GET" method instead of "POST" besides that the one does put the variable values to URL? And how does the GET case it would process attached image to form submit then (as the maximum URL lenght is 255 chars as I know, and i.e. JPEG 100 kiB image contains thousands of chars. I'm asking this, because I also want to allow not just have that search on site's home page, but also allow to make search from a separate website's some kind of widget.
And the last question - if the HTML form processing differs somehow in PHP 7.X compared to PHP 5.X (i.e. PHP 5.4). I means does it caches somewhere the data, does it sends over the internet the attached images of the both forms and consumes network and server data, or it submit's only the data of the form on which I clicked the button.
As long as you keep the 2 input requests separate having the post arg "make" is completely fine. If you send the args in the same request the 2nd will override the first since it was last set.
As for how php decides on what is first it uses what is called order of precedence. This means what it comes to first it executes first unless explicitly told not to.
I want to understand the decision process of PHP engine. How it does decide which variable to choose - how it know on which button I clicked, and why not it does just submit all forms on the page?
When you click on a button, php will take the <button name="value"> value assigned in the name property of the input field or button clicked. This is how it can decide what's the form to submit. Consider that if you have two forms with the same name assigned to the submit button, the first one will override the second and php will only submit one form. This is because php execute operations with a logical order.
I have a simple log in form in php, and I have two forms each on in separated web-page.
when I fill the log in information and go to another form in another web-page, the new form is filled automatically with the same data of the log in form.
And when I go back to log in page after logging out, the credential fields are filled the the old data as well.
I tried value="" for each input and autocomplete="off" and the autocomplete wasn't disabled. and I don't want to cache the data on the forms.
How to prevent one form to use the data from another?
and how to prevent caching the data and autofilling?
have you tried to apply the autocomplete="off" on the form tag and not in the input tag?
<form action="" method="" autocomplete="off">
</form>
Have you tried:
autocomplete="nope"
(or any other random string value for autocomplete, as suggested by Mozilla)?
See: https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion
How can I store input field value in session without form submit?
<input type="text" size="3" name="quantity" id="quantity" value="<?php echo $product_quantity; ?>" />
PHP does not interact directly with the browser. You'll need to use javascript to obtain the value of the textbox and then append it to the url (GET OR POST).
I don't understand why you cannot use a form - they're there for the purpose of passing data to pages.
PHP is server side, as in once the page has been sent to the browser from the server, PHP is useless and has no control. PHP can process forms, use variables etc.
Javascript is the opposite. It only works once the page is sent and is entirely reliant on the browser. It can be used to auto fill forms and even submit forms for you. Because it is browser dependant, if your visitor has turned off javascript, is will not work at all.
AJAX is between these forms, so it can auto submit forms, process variables etc... It's
simply an extension of javascript, so if you know javascript, AJAX isn't that much more work.
I have got a <input type="file" > field along with other text fields in a form, When i try to upload any files using browse button and then click submit button ,the value in the input type= "file" field disappears , I would like the browsed value to remain in the <input type="file" > field if errors are present in other fields , is there any way i can retain the value that is browsed and for it to remain in the <input type="file" > field when submit button is clicked ,
<form action="form.php" method="post" enctype= multipart/form-data>
<input type="file" value="$file" name="file"/>
<input type="text" value="$line" name="line">
<input type="submit" name="btnsubmit">
</form>
if($_POST['btnsubmit'])
{
$line =$_POST['line'];
$file =$_FILES['file'] ['name'];
if($line)
{
//do something
//conditions for file check here
}
else
//error
}
It is not possible to do this. Browser security prevents you from pre-populating the File input field, so that websites cannot steal private files of their will without the user authorizing it first (by clicking "Browse..." and choosing a file).
EDIT: It is not possible to do this natively - but you can attempt some CSS wizardry to display the previously chosen file name maybe beside the file input box to hint the user. If you want to try and be really cool, you can also attempt to overlay the browser's native file input text display area with another div that has the previous file name filled in it. But this will prevent clicking on the input area and so is user unfriendly. Too much work, little reward.
This not allowed to be set by any script for security purpose, implemented by browser vendors as file input as readonly.
There is one way to do this. Submit the form details for validation using an AJAX submission method so the user never really leaves the page or "submits" the form. That way you can validate the result server-side but the user still has all their values populated, including file inputs.
As mentioned, input[type=file] is readonly. By validating your input on the client side, you can prevent the submit to happen unless all fields are valid. ...and, in most cases, it provides a much better user experience!
Check out jquery.validation or some other validation plugin for your favourite framework, or write one yourself. Keep in mind that you should also validate on the server side.
By preventing the request, the file input will keep it's value until all fields are OK. If you need server side validation, you could also do this using ajax.
I have a PHP form, with various input fields and textboxes. If you submit and go back, all of the data that was submitted in the input fields remains, however the textboxes are blank. How can I get the data entered in the textbox to cache like the regular text inputs?
This is a client-side issue. Although there's no way to force the browser to cache the textarea input you can send the data back yourself using cookies if you want. One easy way to do so would be to store the textarea input in cookies when the form is submitted and then to check for the cookies and insert the values into the page source on subsequent requests to the server.
Check out this page for information on setting the cookies and this one to learn how to access the information the next time your form is accessed.
I generally prefer the back button myself, but if you want to re-populate all your fields, an alternative is to have the form page submit to self and then do like this:
<form action="whatever" method="POST">
<input type="text" size="20" name="text_field" value="<?php echo $_POST['text_field']; ?>">
<textarea name="text_area"><?php echo $_POST['text_area']; ?></textarea>
<input type="submit" value="Submit">
</form>