I can't figure out why my hidden input field is still showing in the source code of the page:
<form method="POST" ACTION="score.php">
<ul class="answer">
<li>
<input type="checkbox" name="answer_0" value="<?php echo $answer_0; ?>"><?php echo answer_0;?></br>
<input type="hidden" name="right" value="<?php echo $right;?>"/>
</li>
</ul>
<button type="submit" class="btn btn-warning">Submit</button>
</form>
What is wrong here ? I tried without the PHP variable and the hidden field was still showing.
There's nothing wrong here. Hidden inputs should not be used for data that the user must not be able to see. It's just used for data that they don't need to see, and would just clutter up the form.
If you want to hide something from the user securely, you should use session variables. These are kept on the server, not sent to the browser. If you do need to send something to the browser, and don't want the user to be able to get anything from it, you could encrypt it first. But remember, you can't trust that the user won't modify it before sending it back. Anything that comes from the browser can be tweaked by the user.
Related
Is it possible to hold the get params. in the url by switching pages?
Situation:
At the first page the user can choose between different prices.
The "submit" button is just an easy
<a href="/genrepage?price=twoDollars" value.....>
So the user does get directed from the ".../pricepage" to the ".../genrepage?price=twoDollars" url. At this point it is possible to choose between different genres. The submit button is in a ..
<form method="get" action="">
<input type="submit" name="genre" value="action">
</form>
..now the user does get redirected to the ".../genrepage?genre=action" url.
I would like to see something like ".../genrepage?price=twoDollars&genre=action.
Is it possible to realise this via WordPress (only) or would I need to code "smthg like a" plugin with php? Or is the price get param. saved in the $_Session so I could call it anyhow in the functions.php?
(Sry for this english and my bad knowledge, still learning^^)
You are obviously a web dev noob but we all have been in earlier times 😉 well in case you have a session opened (WordPress does not use sessions by default) you simply could do:
$_SESSION["price"] = $_GET["price"];
You also could start a session if none exists by adding
session_start();
in the beginning of your functions.php file.
The get variable is saved to the session then and will be available in your functions.php (and elswhere) as long as the session is alive. Save into your session whatever get/post variables you want.
If you are not using sessions you could put the price value into a hidden field at the form in the second page:
<form method="get" action="">
<!-- ... your other fields ... -->
<input type="hidden" name="price" value="<?php echo htmlentities($_GET["price"]); ?>" />
<input type="submit" name="genre" value="action">
</form>
Then on the next page both variables will available in $_GET.
I have a simple HTML post with a php variable included as the value, I wish to use this in my codeigniter project what is the best way to do this.
Here is my correct code (I do have the form helper)
<form action="https://www.mysite.co.uk/1/" method="POST">
<input id="start-test" type="hidden" name="userid" value="<?php echo htmlspecialchars($userID); ?>;
<input class="btn btn-primary" type="submit" role="button" id=""></input>
</form>
I may have misunderstood your question with my first answer.
If all you want is a post button, then you can write this
<input type="submit" class="btn btn-primary" role="button" value="Send" />
Or use the form helper
<?php echo form_submit('BtnName', 'Send'); ?>
// Would produce:<input type="submit" name="BtnName" value="Send" />
http://www.codeigniter.com/user_guide/helpers/form_helper.html#form_submit
You can do what you are doing:
<input id="start-test" type="hidden" name="userid" value="<?php echo htmlspecialchars($userID); ?>">
Or use set_value like this:
<input id="start-test" type="hidden" name="userid" value="<?php echo set_value('userid', $userID); ?>">
This will repopulate the field value on form error. I have missed off the HTML special chars but you can include that still if you feel like you need to, but I presume this is an id from a database, that is set with auto increment and as it is not user generated data the use of html special chars here might be a bit unnecessary.
In your controller you can access the post variables like this:
$posted_id = $this->input->post('userid');
However, you should be using form validation on posted data. This is quite a big topic but you can read about the above in the docs. Also referring to your User ID directly is not always a great solution since this form can be easily manipulated. You can help to alleviate that somewhat with CI CSRF protection and using form_open but it is often best to use sessions and get the ID from there. You should not ever have to include a user id in a hidden form variable.
Set Value
http://www.codeigniter.com/user_guide/libraries/form_validation.html#re-populating-the-form
Reading post variables
http://www.codeigniter.com/user_guide/libraries/input.html#accessing-form-data
Form Validation in general
http://www.codeigniter.com/user_guide/libraries/form_validation.html#form-validation
Form open and CSRF
http://www.codeigniter.com/user_guide/helpers/form_helper.html#form_open
CI Sessions
http://www.codeigniter.com/user_guide/libraries/sessions.html#session-library
If you are not familiar with security practices it is sometimes best to get to know and use a mature and developed authorization and authentication library. There are many so I will not recommend one here. Just do a search for one and find one that suits your needs.
I would like to hard-code the form below. In other words, I would like to post $submission and $fullurl to index.php as "tweet" without giving the user the option to edit them.
How can I do this?
EDIT: I want the user to still click a button that says "Tweet" to post the variables.
Thanks in advance,
John
<form method='post' action='index.php'>
<br />
<textarea name="tweet" cols="50" rows="5" id="tweet" ><?php echo $submission ?> <?php echo $fullurl ?></textarea>
<br />
<input type='submit' value='Tweet' name='submit' id='submit' />
</form>
<form method='post' action='index.php'>
<p><?php echo $submission ?> <?php echo $fullurl ?></p>
<input type="hidden" name="tweet" value="<?php echo $submission ?> <?php echo $fullurl ?>">
<input type='submit' value='Tweet' name='submit' id='submit' />
</form>
That still doesn't mean the user won't be able to doctor the value through, everything's editable client-side one way or another. Save the to-be-submitted tweet server-side in a session if you need absolutely immutable values.
I'm not entirely sure what you are asking, but it sounds like you just want to have some variables kept serverside without a user being able to edit them, between page loads.
In that case you may wish to learn about Sessions and session variables. These allow you to store stuff in between page loads without a user being able to edit them (but you can still read from them so you can display your variables on the page!)
If you could perhaps rephrase your question some if this isn't the answer you are looking for, we would be better able to assist you.
You could set the disabled
attribute of the <textarea>. But then
it would not be submitted with the
form. So you'd have to make a hidden
input with the value or use sessions to persist the data if it could not be recreated therwise.
You could also use JavaScript to blur the text area on focus. But there are ways around this, i.e. disable JavaScript.
In the end, I think you should reconsider the user interface and user experience. A textarea that isn't editable, probably should be a form element. Just display the data you plan to tweet and allow them to Appove it.
You could just make it completely invisible (style="visibility:hidden"), or disable it (`disabled="true"').
You can also just use document.getElementById('formID').submit(); to submit the form automatically.
Better yet, just make them all hidden inputs, and submit on page load with the above code.
I seem to have a bit of a problem here that I can't quite figure out.
So the deal is I have a php script along with an HTML file, in that file I have a few forms with some text boxes and some drop downs. Now the reason I had to go single forms on all of these was because if I did one big one none of them would work when I would hit the submit button. I have no idea... My current code is below, my previous code only had one form and it wouldn't work at all.
<form method="post" id="locationFromPost" name="locationFormPost">
<div class="formRow">
<div class="label">
<label for="locationForm">Current Location:</label>
</div>
<div class="field">
//If post is null go back to value pull originally else echo post
<?php if($_POST['locationForm']==null) $location=$location;else $location=$_POST['locationForm']; ?>
<input type="text" name="locationForm" id="locationForm" value="<?php echo $location?>"></input>
</div>
</div>
</form>
...... and so on.......
<form method="post" id="sexFromPost" name="sexFormPost">
<div class="formRow">
<div class="label">
<label for="sexForm">Sex</label>
</div>
<div class="dropDown">
<select name="sex" id="sexForm" >
//If post is null go back to value pull originally else echo post
<?php if($_POST['sexForm']==null) $sex=$sex;else $sex=$_POST['sexForm']; ?>
<option value="1" <?php if($sex==1){echo"selected='selected'";}?>>Male</option>
<option value="2" <?php if($sex==2){echo"selected='selected'";}?>>Female</option>
<option value="3" <?php if($sex==3){echo"selected='selected'";}?>>Not Specified</option>
</select>
</div>
</div>
</form>
...... and so on.......
<form method="post" id="submit" name="submit">
<div class="formRow"><div id="seperator"></div></div>
<div class="submitButton">
<input type="submit" name="submit" id="submit" value="Save Changes"/>
</div>
</div>
</form>
So thats what the top part of my code looks like, all the div's are for formatting you don't have to worry about those. Now the php code to save the information is below. I should note that the variables you see in the php parts of the code above are retrieved from the Database in the earlier part of the code, thats working fine. What I am having problems with is I want a user to be able to edit their information then just hit the submit button and the information to be saved. What currently happens is, well, absolutely noting. The page will refresh and all the values will go back to what they were when they were pulled, they are not stored in the DB at all, now I checked to make for sure that part of the code works, buy doing some test. It saves the data no problem. What I thin is the problem is the forms them-selfs, if I do everything in one big form it doesn't work... Don't know why. now if I hit enter at the end of each of the forms individually in the browser the data goes in but just that field, sometimes other fields are wiped completely out and a null or empty string is stored. I cant seem to figure this thing out at all.
heres the php to save the information.
<?php
if (isset($_POST['submit']))
{
mysql_query("UPDATE members SET location= '".$_POST['locationForm']."' WHERE usr='" .mysql_real_escape_string($_SESSION['usr']) ."'");
mysql_query("UPDATE members SET location= '".$_POST['sexForm']."' WHERE usr='" .mysql_real_escape_string($_SESSION['usr']) ."'");
........ you know the rest.......
}?>
I am completely lost at why this thing is doing this, now im not the best PHP programmer by any-means, so it could (probably is) be me. If anyone could point out what I would need to do to get a system like that working please let me know
Thanks.
I wasn't clear exactly what your problem was.
However this:
<?php if($_POST['locationForm']==null) $location=$location;else $location=$_POST['locationForm']; ?>
Doesn't look to me like it is going to do much. Try something like this:
<?php
if(!isset($_POST['locationForm'])){
$location=$location;
}
else {
$location=$_POST['locationForm'];
}
?>
(Curly braces are my own personal liking)
Assuming you have $location defined somewhere you didn't show us. This will check if there is NOT a $_POST['locationForm'], and if there is it will use it.
Try placing all the form fields within on form tag and also use mysql_real_escape_string on your variable as well.
you need all the fields that are going to be submitted to any given page to exist in a single form tag. any elements in a different form tag will submit as a set of THAT form tag.
I' assuming that you also want to maybe combine down your updates?
//$_SESSION['usr'] should already be sanitized and safed wherever you handle your site credentials..
//set your submittable values, with a default to an empty string in this case.
$sex=isset($_POST['sexForm'])?mysql_real_escape_string($_POST['sexForm']):"";
$location=isset($_POST['locationForm'])?mysql_real_escape_string($_POST['locationForm']):"";
//single statement, no need to iterate for each field, that's wasted connections.
$sql="update "UPDATE members SET location= '$location' , sex='$sex' WHERE usr='".$_SESSION['usr']."'";
I have a picture upload inside a form...
The file is a php file btw...
Problem is whenever this form is filled in, and the user clicks to upload the first picture, the form is submitted to itself and all the fields which the user may have filled in will go blank...
I know of one way to do it, alot of 'isset' in my php code, but is there any simpler or maybe better way I don't know of?
Thanks
You echo back the POST variable on your fields.
<form method="POST">
<input type="text" name="name" value="<?php echo $_POST['name']?>" />
<input type="submit" name="submit" />
</form>
When the form is submitted to self, the same data will be filled.
Well i do not know of anything else. I always use this:
<input type="text" value="<?= isset($value) ? $value : ""; ?>">
I think it is not too much code in the Templates, but it does the Trick.
Alternatively you could use some Frameworks wich abstract everything for you, but i cannot recommend some...