i am new to php. i have designed a form in html and its php part in different file.now i want to connect the file with each other. i have tried using
<form action="file.php" method="post">
but connecting in this way is not secured and i cannot connect using
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
as this will work only if the php codes and html codes are written in same file. please help me.
if i use
and if someone enters this url as
http://www.variable.com/file.php/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E
then it will show alert box telling it is hacked.
As the Method is 'POST', it's Secure. No need to worry.
Or else..
Create a 'Session' on submiting the form. So no direct access to the php file would occur.
Thanks.
bhumin.vadalia#gmail.com
I can't understand you well, but connecting it this way is secure. If you have this form in html file:
<form action="file.php" method="post">
<input type="password" name="password">
</form>
And you have file called file.php in the same directory it is perfectly fine. In the PHP file you should have:
<?php
$password = $_POST["password"];
To get your input. Ask me something else if you don't understand it :)
As you wrote in your comments, your field shows raw text without "escaping" HTML characters.
In your file.php put or edit with:
echo htmlspecialchars($_POST['yourfield']);
Then output will not be "hacked" by JavaScript.
Related
I created a form in php named form.php, gave the error statements in the same file. I created another php file named test.php which connects form.php to my local database and submits the data. Now in form.php if I use
form action="test.php" method="post" name="form1"
it directly submits data into the database without judging or showing the errors, if I use
form action=" htmlspecialchars($_SERVER["PHP_SELF"])" method="post" name="form1"
then it judge and shows the errors but does not submit the data to my database.
Please help me in this regard.
It seems you've written the errors checking and validation conditions in your 'form.php' script, and connections with your db are done through the 'test.php'.
A better way would be to keep everything on the same file. Move your connection code to form script, and that should work.
The reason is if you write form action="test.php" method="post" name="form1"
the values of the form are directly transferred to the test.php, and no code of form.php is interpreted. When you do the latter, the test.php isn't considered at all, because it doesn't get any info saying that go to that file.
Hi I'm learning php of a tutorial and these are my two files. I browse to my apache2 server via http://myservers-ip/form2.php
fill out the forms and hit the submit button, it calls my result.php page, but all it displays is "Hi ." where it should be like "Hi (userentry)."
Please help :-(
form2.php:
<html>
<head>
<title>Form</title>
</head>
<body>
<h1>Enter your name</h1>
<form method="post" action="result.php">
<input type="text" name="username">
<input type="submit">
</form>
</body>
</html>
and my result.php
Hi <?php print $username; ?>.
Using apache2 and mysql running on my box.
I'm not sure if the source code is correct or if there might be a misconfiguration? if so which config files would you need?
Thanks
Data sent via a form with POST action will be in the superglobal $_POST array. You would want to sanitize it before trying to use it for anything, but just starting with $_POST['username'] will get you closer to your end goal.
Edit: Whatever tutorial you are using, abandon it. It's clearly waaaaay outdated.
You're sending data from form via post so you need to get them in your result.php file from POST superglobal like so:
Hi <?php print $_POST['username']; ?>.
The data is being sent to results.php via POST method.
All post params are stored in $_POST param. So to get user name you need to get it from $_POST, in results.php. E.g:
<?php
// file: results.php
if (isset($_POST['username']){
echo "Hi, {$_POST['username']}.";
} else {
echo "No user name."
}
I'm a PHP newbie trying to sort some basics out. I have a user-form that leads to a mysql select query, which works fine. Every tutorial I have found so far has the standard form tag, ie: action='script.php' method='post'. This obviously opens script.php in a new tab/window though.
If I don't want to display what's fetched from my db on a different webpage I have to put the html and php in one document together. I didn't think this is how you would really want to do it though.
My specific question is when you want to display stuff on the same page do you just put everything in together within one document and let users hit the submit button?
NO you dont put your php scripts on the same page as your html file/s
Try this link for your reference =)
OR you can put 2 different pages that act as 1 by using INCLUDE FUNCTION
script1.php
<form action="script2.php" method="post" name="myform">
...
<input type="submit" name='submit_button' value="Submit" />
<input
</form>
---------------
script2.php
include 'script1.php';
if(isset($_POST['submit_button']
{.......}
Yeah You can put html and php in single document.
With the help of action.But it not the proper way.
In action you should mention this for writing html and php in same page.
<?php echo htmlspecialchars ($_SERVER["PHP_SELF"]);?>
You can use the same page as Action in form and make condition based on your submit button whthere it is pressed or not.
If it is pressed you can make your Code there for connecting db and do operation like select, insert, update or delete.
e.g.
Your file: script.php
<?php
if(isset($_POST['btnsubmit'])) {
// Do your Operation here...
}
?>
<form action="script.php" method="post" name="myform">
...
<input type="submit" name="btnsubmit" value="Submit" />
<input
</form>
What you can do is simply refer the user back to the form, or another page on your server with the header tag. Inside your PHP script you'd add something similar after your query executes correctly
header( 'Location: ' . $_SERVER['HTTP_REFERER'] ); // Refer to the last page user was on...
Or another URI
header( 'Location: http://some.url/' );
If you really want to do this, here is a way:
<?php
if(isset($_POST)){
//do your php work here
}
?>
<html>
<form method='POST'>
//form elements here
<input type='submit'>
</form>
<!-- other html code -->
</html>
It depends on the length of your code, if the code is too much, then the better way is to include some script file to your parent file. using include() functions, and your perfect answer is yes. just put everything in together within one document
I would like to use the data entered in the html form and insert into MYSQL. I have a separate php (cus.php). but nothing is happening with current code I have
at the moment when I click "register" I'm nav to the php file. Thank you
You forgot the most important thing about an HTML form: the <form> tag.
You have to wrap the whole form (all inputs) which should be submitted when clicking like this:
<form method="POST" action="cus.php">
...
</form>
This will send all inputs to cus.php and make them available there as variables $_POST['input_name']. You can alternatively use GET as the method (and then use the $_GET array instead).
Edit: Didn't see it, you actually do have a form tag. However it's missing the target file in its action attribute.
First, see DCoder's comment. It's the most important.
Change:
<form action="" method="seller">
To:
<form action="cus.php" method="post">
Does that fix it?
Try to do this
FORM action="your script" method="Post"
I have an html form which uses a PHP file to submit data by email. I want to add some code (which I already have) to generate random numbers for spam protection. Can I call another PHP file within my form?
Here is the code that goes in the form:
<form name="mail" action="go.php" method="post" onsubmit="return CheckData()">
<input type="text" name="q">
<input type="submit" name="Submit" value="OK">
</form>
I am a real novice with PHP so any help would be appreciated.
LozFromOz
you can do it with image in your form that call to php file.
the famous is to use captcha,
read this link :
Stopping scripters from slamming your website hundreds of times a second
a good captcha to insert in php :
http://recaptcha.net/plugins/php/
There's no need to have the browser make two http requests for two different urls to the webserver. Your php script go.php can do what ever you want it to do, e.g. include two other scripts and/or calling two functions or ...
<?php // go.php
require_once 'spam_protection.php';
require_once 'form_helper.php';
require_once 'database_something.php';
....