I'm using simple honeypot
my HTML
<input type="text" name="mail" id="mail">
my CSS
#mail{display:none;}
my PHP
if(isset($_POST["mail"])){
$honeycomb_passed = "No";
} else {
$honeycomb_passed = "Yes";
}
When I submit the form always outputs No. To my understanding it should output yes, right? Where is the problem?
Thanks
Just because the field is hidden in CSS doesn't mean it isn't send to the server.
If you don't want the email value to be sent to the server - try to user something like:
$('input[name=email]').remove();
to remove the element from the dom
be sure to wrap in:
$().ready(function(){});
If you're not using jQuery let me know!
You're doing it wrong.
A working honeypot
HTML
<form>
<input type="text" name="mail" id="mail">
<input type="submit">
</form>
<style>
#mail{display:none;}
</style>
PHP
if($_POST && $_POST["mail"] != ""){
die("Sorry, no robots");
}
How does it work
You have a hidden field inside your form. Typically, a robot will attempt to fill any form field available with data in the hope that it will not get rejected. Once it submits that form, your script will detect the input and die. If a human was filling it out, they would not see the hidden input (type=text style=display:none) and leave it empty. Thus the php would allow the submit to go ahead.
If you PHP script dies as soon as it detects the honeypot field, then you are saving yourself cpu cycles (because there is no need to reply reasonably to a robot).
For more information on honeypot, see this question:
How do I add Honey pot fields to my forms?
Related
I need to validate a form using php. when i go to validate i need it to stay on same page if validation fails. is this possible. i know it can be done with the use of javascript but im trying to cater to those who turn javascript off.
No. If you're not willing to use Javascript, you'll have to submit the form (and go to a new page) to validate it.
Put all of the variables into strings, then use a post method to validate, and if there was a problem get the variables back out from the strings
$name = $_POST['name'];
<form action="validate.php" method="POST" value="$name">
<input type="text" id="name" />
</form>
PHP is server side code. In order to validate the page, you need to do a round trip to the server. If the form doesn't validate, then you can redirect them back to the same, page, along with some markup that explains the problem.
That said, only ~1% of people disable javascript, so I wouldn't worry about that.
Even if you do perform client side form validation in javascript, you should always validate server side as well.
While it is not possible to do without client side help it is possible to emulate the result by posting the for to the page that hosts the form.
if ($_SERVER["REQUEST_METHOD"] == "POST"){
// validate your form and set placeholder variables for error messages.
if(empty($_POST["username"])) $userError = "You must supply a username";
// if the form is valid do a header redirect
header("Location: http://mysite.com/myaccount/");
}
<form method='post'>
<label for='username'>Username: </label>
<input id='username' name='username' type='text'
value='<?= isset($_POST["username"])?$_POST["username"]:"" ?>'>
<?= isset($userError)?$userError:"" ?>
</form>
I have a HTML form in list.php that submits the data from text box ("item" in below code) to check.php. This check.php validates the text entered to be not empty or white spaces only. After validation, it redirects to list.php for the entered text to be displayed. list.php is below. I want the "add" button to be enabled only when valid text is entered in the text box. I would like this feature to be done with php and probably not with javascript.
I can use "disabled=\"disabled\" in the form, but this does not work in real-time disabling depending on validation.
<form action="check.php" method="post">
<input name="item" type="text" size="25" autofocus="autofocus" />
<input type="submit" value="Add" id="add" />
</form>
You say:
I would like this feature to be done with php and probably not with javascript.
Unfortunately, if you want "real-time" then you're gonna need JavaScript. You'll need it to make AJAX calls to your PHP code to check for validation.
So either A) you don't validate in "real-time" at all, or B) You use JavaScript in one shape or another.
Let's say you opt for B), to use JavaScript, and presuming ALL you need to do is check for an empty string or whitespace, then you can do all of this client-side in JavaScript and not require a server call at all, also making it truly "real-time".
And so, here is my solution, using JavaScript (jQuery) without relying on server calls. This may not be suitable for your current implementation, but just in case it is, this might be helpful.
JSFiddle:
http://jsfiddle.net/VKfrw/1/
JavaScript:
function hasWhiteSpaceOrEmpty(s)
{
return s == "" || s.indexOf(' ') >= 0;
}
function validateInput()
{
var inputVal = $("#myInput").val();
if(hasWhiteSpaceOrEmpty(inputVal))
{
//This has whitespace or is empty, disable the button
$("#add").attr("disabled", "disabled");
}
else
{
//not empty or whitespace
$("#add").removeAttr("disabled");
}
}
$(document).ready(function() {
$("#myInput").keyup(validateInput);
});
HTML:
<!-- give this guy an ID -->
<input id="myInput" name="item" type="text" size="25" autofocus="autofocus" />
This implementation uses jQuery.
As mentioned, if you want this done in real time some javascript will be needed.
However I think this problem is actually more suited to javascript in general. PHP validation can be useful if you need to cross reference for data with data in your database.
eg. In a sign up form, checking a user is not already registered with the entered email address.
But in your case, depending on what you mean by "valid text" it is probably easier and better to use javascript.
There are some great jQuery plugins which make javascript validation really simple.
http://docs.jquery.com/Plugins/Validation/validate
I have a form that I need to have required fields filled out. I know to use the code below to verify if the field is blank:
<?php
if (!empty($_POST['client_name'])) {
echo '<p style="color:red;">'"Client Name is required!"'</p>';
}
?>
My question is, how do I get the error message to display on the form page, saving all the data already entered in the form. Example: I fill out all 15 fields on the form, excluding the required field. When I hit the submit button, if the required field is empty, I want to stay on that form page, without losing any of the info I put into the fields, and I want to display a message next to the required field box, saying "This is a required field.
I am not sure on the code to do that, or where to put it. On the form, or on the script that executes the form?
use client side javascript validation first, then php server side validation.
Why you use !empty you can use empty for best result like
<?php
if (empty($_POST['client_name'])) {
echo '<p style="color:red;">'"Client Name is required!"'</p>';
}
?>
Actually you should be first set HTML5 validation like
<input type="text" name="abc" required="">
You can set custom error message for required field like
<input type="text" name="abc" required="" oninvalid="this.setCustomValidity('Please Select This')">
Then you can use JS or jQuery validation and then user Server side Validation like PHP or ASP or others.
Thanks.
Without knowing the structure of your pages, it's hard to give an exact answer, but here's a general process flow that should help:
Form is submitted to processor
Processor validates inputs
if inputs are good, processor redirects to next page
if inputs are not good, processor should send error text and form data back to the routine that builds/displays the form.
IMHO, the processor should not echo anything. All display should be handled by the script that builds the form.
Without coding it for you, that's the best answer I can give :-)
After filling the form when submit, accidentally due to some filling error ,the form is not submit and return to back,in this condition the value of all text box is blank. i want to stable value of all fields in this condition . I'm using php with smarty framework. Please reply with solution as soon as possible.
Thanks.
If the form is submitted to the page that contains it then you will have access to the submitted values, and can use them to populate your form. For example, if you are submitting the form via POST:
<input name="something" value="<?=$_POST['something']?>" />
If you are submitting the form to a different script, you could send the values back to the page with the form as URL parameters, or you could use temporary session variables, and unset them when the input passes whatever validation you are using:
$_SESSION["temp_something"] = $_POST["something"]; //In form processing script
Then in your form:
<input name="something" value="<?=$_SESSION['temp_something']?>" /> <!--In form-->
You can fill the form fields, on the second round, by filling the content inside the value attributes of html tags, like so:
<input type="text" value="<?php echo $_REQUEST['test']; ?>" name="test">
Pay attention: this is a fast and simple solution. It gives you an idea. In good web programming practice you should sanitize the form data received by client in order to avoid security issues.
I've written a simple entry form that compiles information onto a database, and I'm having trouble with my required fields...
I use a form to process the data via post method if the user neglects to fill in a required field I would like to bring him back to the original form with his/her previous fields entered.
How to I pass info back into an input label? Is there an easy way to do this without any crazy scripts? I started with sessions but I realized I have no clue how to put the stored info from the session back into the input field so the user doesnt have to retype all of their info... Also would a cookie be better for this over session?
Thanks guys,
Arthur
When you post a form, all those variables are submitted into a global array named $_POST['input_name'] and available on the page posted to. A lot of times what I like to do if I'm doing it fairly quickly, is just make the value of those input fields equal the same as what would be posting.
For example lets say we have a desired username field but the form didn't validate for some reason and posted back to itself; we don't want them to have to enter it again:
<input type="text" name="username" value="<?php print $_POST['username']; ?>" />
Of course when they first load the page, the value will be empty so there is nothing there, but if for some reason it posts back, that "username" field will already contain entered information.
Even better is java script validation, as the form doesn't have to post back, but this will do the job just fine!
Since the user posts all your data to you, these values are also available in your scripts. So you can use them very easily in the case of text-fields, but a bit more work is required for select options, checkboxes and radio buttons:
<input id="myid" name="myid" type="text"
<?php echo !empty($_POST['myid'] ? "value=\"{$_POST['myid']}\"" ?> />
For radio buttons, select options and checkboxes you instead have to check the value to see if it corresponds with the entry you are currently outputting and print selected="selected".
When it comes to validation you can also have a JavaScript validation to give feedback sooner to the user about possible failures. Just remember to have the same validation on the server side in case someone doesn't have JavaScript enabled or submits it using JavaScript, thus bypassing your client side validation.
Not sure if this is the best way, but you could redirect to a "reload" page and use the values from POST or GET to reinput the existing fields. So first validate, the fields that are required and if any are missing, redirect to this page. Then the POST or GET will have all of the values the user filled in (and the missing required fields will already be blank) so you just loop through and load up the supplied info. Additionally, if they supplied incorrect info you could manually clear it and this will also allow you to mark the missing required fields.
Another option is put your validation in JS so you know the data is good before you submit. However, I'm not sure if there are security concerns with that or not.
I check to see if the post value has been set otherwise you can show a default value, then use a bit of jQuery to remove it when the input has focus
<input type="text" name="first_name" id="first_name" value="<?php if(isset($_POST['myid'])) { echo $_POST['myid'] } else { echo "Your Name" ?>"></input>
Here's the jQuery which will remove the default Your Name when the textbox has focus.
$(document).ready(
function(){
$.fn.clearDefault = function() {
return this.focus(function() {
if( this.value == this.defaultValue ) {
this.value = "";
}
}).blur(function() {
if( !this.value.length ) {
this.value = this.defaultValue;
}
});
};
// clear default textbox entries
$("#first_name"). clearDefault();
}
);
jQuery Validation Plug-in
<input type="text" name="username" value="<?php isset($_POST['username']) ? echo $_POST['username'] : null; ?>" />
will work fine