For a website I'm currently building, I decided to let admin log in, and edit all of the source within each pages main content div. I'm using PHP and SQL to retrieve the source of the desired page (based on url). If a certain login session variable is set, and $_REQUEST["edit_page"] == true, the source of the content div is placed within a textarea, within a form.
This system really doesn't work if I try to add a form to the source. Anything outside of the pages source's form, displays as it would if the page wasnt being edited.
Is there any way around this?
EDIT:
Here's an example.
<form action="" method="post"><input type="hidden" name="edit_text" value="true"><input type="hidden" name="text_id" value="1"><input type="hidden" name="data_sent" value="true"><textarea name="new_text">
// SOURCE GOES HERE, LETS YOU EDIT IT, THEN SUBMIT IT, TO OVERWRITE THE CURRENT DATA STORED FOR THIS PAGE IN THE DATABASE
</textarea>
<input type="submit" value="Send">
</form>
This doesn't work if the source includes a form. It messes with the existing form, in which you are editing the source.
EDIT:
Basically, how do I display HTML source within a textarea, without it acting like HTML source?
Worked out you can use htmlspecialchars() in PHP to solve this. Problem solved.
You use htmlspecialchars() PHP function to display html source within textareas.
http://board.phpbuilder.com/showthread.php?10208990-display-html-source-in-text-area&p=10218525#post10218525
Related
I need to open a page from another site on my site and add text in the inputs of that page, so I used iframe to open it, but I don't know how to add the text in the inputs. Can someone help me?
The only way to achieve this would be if the page you're loading in the iframe allows GET parameters to be passed in with the URL. The form elements on the target site would then have to use the values as default for them to be displayed on load.
E.g.:
https://target.com/?formFieldOne=hello
Then the code of the target page would have to be something similar to this:
<input type="text" value="<?PHP echo($_GET['formFieldOne']); ?>" />
I want to get DIV contents in PHP to submit a form.
<div id="hello"></div>
In my search, I was advised to use <input type="hidden" but I do not know how to do.
If you are obtaining the HTML as a string, or even if its a remote web page, you will need a HTML parser. There are lots of these for PHP and the question has already been asked and answered. How do you parse and process HTML/XML in PHP?
If you are looking to do this on click or some other page event when a user does something, you need to use javascript instead of PHP. PHP is a server side language and cant be used to access elements in the users web browser, you need to use javascript for this.
If you don't want to use an input field to show a value (perhaps because you don't want the user to modify it or for styling reasons). You can display it in a div, and pass the value with the form submission by duplicating the value in a hidden input positioned inside your form. The div may be inside or outside your form.
<div id="user">Jaber</div>
<form>
... any other form fields
<input type="hidden" name="user" value="Jaber">
... submit button
</form>
I have a html/php page, which reads file NAMES on the server, collects user inputs, and returns results upon user clicking "submit" button. The returned results will be parsed and displayed in a table in the page. Certain functions are implemented in javascript, btw.
That's how the html/php usually works. Now I need another field that will allow user to specify a name, and I need "refresh" the page with additional info which will be read from file NAMES on the server. Let me call this ShowExtraName function, for the sake of wording.
Before ShowExtraName, I have html/php code like this (sorry for the format, not sure how to write html tags in the post):
<html>
<head>
<javascripts added here>
<table>
<div>
<form>
<continue html layout here>
<checkboxes with php reading file NAMES from server --- line XXYY>
<submit>
<php script to check user input and query server, then display returns in table. This section is blank before submit since certain input fields are not "isset".>
Now my question is how/where I can add the ShowExtraName. I believe it needs to be php, because I need determine not only user-specified name, but also get additional and related information from the server and display it in line XXYY.
Hope I describe it clearly. Thank you for your input!
You have to use JavaScript/jQuery and AJAX calls in order to be able to ask the server to execute some code and then to render the result back to the HTML without refreshing the page.
jQuery is a very simple and yet very powerful tool.
You can do this a number of ways.
Using only html and php, the easiest would probably be to use a form that uses GET with an action of the same page. Then check for get parameters in your PHP and print the extra row of data in your code.
<FORM action="" method="get">
<INPUT type="text" id="name"><BR>
<INPUT type="submit" value="Send">
</FORM>
<?php
if (isset($_GET['name'])) {
//do database query
//echo more stuff
}
?>
If you are doing a database query be sure to use prepared statements
Otherwise if you want to get fancy with a live refresh you will need to use JavaScript. (jQuery AJAX)
Is there a way to prevent the editing of HTML and CSS contents in a page using Firebug-like tools?
I found that some users are editing some values in hidden fields and some contents which written between a div or span tag for gaining some profits. They are doing mostly by editing with help of tools like firebug. Is there any way to identify such modifications? The problem here is that the values they are editing is generated when the page is compiled. The page is developed in PHP. The editing is done mostly in between the and tags.
Thanks in advance for the help.
There is no way to prevent users from changing the information that is submitted from their browser to your server. You do not have control over their browser.
To fix this problem, you must change the design of your server application so that sensitive information that users should not modify, is not sent to the browser and submitted back to you.
The following is a simple example. Suppose you have an online store and are implementing an "Order" button. Suppose you have a form like this:
<form action="/order">
<input type="hidden" name="description" value="Better Mousetrap">
<input type="hidden" name="price" value="15.00">
<input type="submit">
</form>
If you have a form like the above, the user could change the price value to whatever they want when submitting the form. That is probably not what you want. Instead, you could do something like:
<form action="/order">
<input type="hidden" name="item_id" value="1234">
<input type="submit">
</form>
Then, when this form is submitted, you look up item_id number 1234 in your database, and get the price from that. The only thing the user could change in this case is the item_id, which means they would get a different item than what they wanted.
I have a page that contains a table that the user can update. This has been done using javascript.
When the user has finised updating, I want to have the raw HTML page uploaded to the server, and then the user will be redirected to a php page which will do some final processing and spit out a report.
Is this possible or should I come up with another method of reaching the same end... and if so how do I get the dynamically created HTML onto the server to be manipulated?
You could have a form with a hidden input, and load the html into it using jquery.
So, your html may look like this:
<table id="table1">
... (this is the table from which you want to get the html)
</table>
<form id="form1">
<input type="hidden" id="table_html" name="table_html" />
<input type="submit" value="Submit" />
</form>
<script>
$("#form1").submit(function() {
$("#table_html").val($("#table1").html());
});
</script>
I didn't test this or anything, but the idea is that when you submit the form, the script populates the hidden value with the table html.
Now, if you have complex stuff in the table (I assume you do since the user can edit stuff right there), then maybe sending all the html isn't the best thing, you'll get a lot of garbage with the "useful" stuff. The way I'd do it is have the table inside the form, and have everything in inputs. Probably the names of the inputs will be like "first_name[]", so php will get arrays of values when there are several rows with the same cells and stuff like that.