when the user input a name to a form. how to display the name to another webpage?
so i have 2 webpage here it is
webpage 1:
<html>
<body>
<form action="lol.php" method="post" <div id="name">
<label for="txtname">name: </label> <br/>
<input type="text" name="txtname" value="" /> </div>
</html>
webpage 2 :
<html>
<body>
<p> echo 'welcome! $_POST
</html>
huhuhu so whats next ? :( im kinda new to php please be gentle guys tnx
As an addition to the already existing answers: One very important thing to keep in mind is protection against Cross Site Scripting attacks. You must assume "All Input Is Evil!". Users might not only enter their name or something like that but also JavaScripts (XSS or even persistent XSS, if you save the inputs) or parts of SQL querys to perform an SQL injection.
Let's say your script accepts a variable called txtname from GET or POST (this is what $_REQUEST means). And you have this code:
<?php echo "Welcome!" .$_REQUEST['txtname']; ?>
One could build a link like this:
http://yourhost/yourscript.php?txtname=<script%20type="text/javascript">alert("This%20might%20also%20be%20an%20evil%20script!");</script>
Then one uses a URL shortening service to build a harmless looking link redirecting to the attacker's URL above, e.g.
http://short.xy/dfudf7
which will redirect the user to the evil JavaScript link above. Then your website will execute any JavaScript or embedd evil iframes or whatever an attacker wants. Your users / customers will only see your website in the address bar and will think all that comes from you although a hacker added malicious parts to the site they view.
Therefore, whenever you output something that comes directly or indirectly from a user input (regardless whether read by $_REQUEST or fetched from a database), you have to make sure, HTML special chars like < and > don't work any more! php offers the function htmlspecialchars to escape these dangerous characters. Then they are displayed just as text and do not function as HTML/JavaScript.
By the way, this is not a protection against SQL injections. If you plan to use a database later, you will also have to look for that. Also in this area there are functions to "demine" a user input before passing it to a database.
You are missing to close <form> tag, missing to add submit button, I have fixed your form and it should be like...
webpage.html
<form action="lol.php" method="post">
<div id="name">
<label for="txtname">name: </label> <br/>
<input type="text" name="txtname" value="" />
<input type="submit">
</div>
</form>
lol.php
<?php echo "Welcome!" .$_POST['txtname']; ?>
NOTE
You can also use $_REQUEST to print name..
<?php echo "Welcome!" .$_REQUEST['txtname']; ?>
Page : 1
<html>
<body>
<form action="lol.php" method="post" <div id="name">
<label for="txtname">name: </label> <br/>
<input type="text" name="txtname" value="" /> </div></form>
</html>
Page : 2
<?php
echo "Welcome ".$_POST['txtname'];
?>
You are missing to close <form> tag, missing to add submit button
webpage.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>webpage</title>
</head>
<body>
<form action="lol.php" method="post" name="form" id="form">
<div id="name">
<label for="txtname">name: </label>
<br/>
<input type="text" name="txtname" id="txtname" />
<input type="submit" name="submit" id="submit" value="Submit">
</div>
</form>
</body>
</html>
lol.php
<?php
if((isset($_REQUEST['submit']) && trim($_REQUEST['submit']) =='Submit'))
{
$txtname = addslashes(trim($_REQUEST['txtname']));
echo "Welcome ".$txtname;
}
?>
Related
i am making a "login and signup form" actions for my file. i searched about this many times but i cant find the answer and most of the topics are about sql which i don't use for these files.
im looking for a answer without include, sql, or session in my files
here's my codes
html:
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Gleacc</title>
<!-- Load external CSS styles -->
<link rel="stylesheet" href="styles.css">
</head>
<body>
<h1>Gleacc GG</h1>
<br>
<form action="data/signedup.php" method="get">
<label for="usn">
<input placeholder="Username" name="usn" required>
</label>
<br>
<label for="psw">
<input placeholder="Password" name="psw" required>
</label>
<br>
<input type="submit" value="Submit">
</form>
<!-- Load external JavaScript -->
<script src="scripts.js"></script>
</body>
</html>
signuped. php:
<?php
$psw = $_GET['psw'];
$usn = $_GET['usn'];
echo "<form action="data/logined.php" method="post"><input placeholder="Username" name="usn" required><br><input placeholder="Password" name="psw" required><br><input type="submit" value="Submit"></form>";
?>
logined.php: none since we cant compair the input because we cant get the $usn and $psw from signuped.php
I think you are being silly.
Are the users signing up every time they are on the website? If not, then you need to save their username and password in some sort of database.
Any other method used in signuped is exposing data that you shouldn't be exposing.
Here is one way to do what you want and make it a tad secure.
<?php
$psw = encrypt($_POST['psw']);
$usn = encrypt($_POST['usn']);
echo "<form action='data/logined.php' method='post'>
<input placeholder='Username' name='usn' required><br>
<input placeholder='Password' name='psw' required><br>
<input class='hidden' value='$usn' name='encusn'><br>
<input class='hidden' value='$psw' name='encpsw'><br>
<input type='submit' value='Submit'></form>";
?>
Where you use CSS to hide the two inputs. Be warned that it is not hard to expose them in the browser by anyone with even a little knowledge of CSS.
In your logined file you encrypt the entered values and compare them with encrypted values from the hidden inputs. I wouldn't use a two-way algorithm and try to decrypt the encrypted values.
first make sure that signuped.php is placed inside the folder data which placed same level as the html file.
then change the action in the html file from get to post and try var_dump($_POST) to see if the inputs has been submited.
I have the code but it doesn't seem to work and I don't know why.
I don't know what the this.php is for.
here is the instruction:
Create a form with one input that accepts text.
Once the user submits the form, their original input should be shown in the input field and the number of words in their input should be shown below the form.
Display an error message if the user submits no input.
As a bonus, also display the number of characters in the input below the form.
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body class="container">
<h1>Word Counter</h1>
<form action="this.php" method="post" class="form">
<textarea name="input" class="form-control" style="width:50%">
<?php
if(!empty($_POST['input'])){
echo $_POST['input'];
}
?>
</textarea><br />
<input type="submit" class="btn btn-primary" value="Count!" />
</form>
<?php
if(!empty($_POST['input'])){
echo "<p><strong>Output:</strong><br>Number of Words: $words<br>Number of Characters: $chars</p>";
}
?>
</body>
</html>
Hey i'm having a problem where I cannot seem to get the value of an input using PHP, I have a form in HTML and another file named "handle.php" which i prints the value of username but when I submit It directs me to the file "handle.php" and does not print anything, just shows the script.
I tried doing the script inside the HTML but I got the same result, nothing happened so I thought maybe I need to make a function and then call it onclick but it didn't do anything eventually I made a separate file named "handle.php" and in the form I did "action="handle.php" which lead to the first problem.
HTML:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title> Hide/Show Password Login Form</title>
<meta name="viewport" content="initial-scale=1.0, width=device-width" />
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css">
<link rel="stylesheet" href="./style.css">
</head>
<body>
<div class="login_form">
<section class="login-wrapper">
<div class="logo">
<img src="logo.png" alt=""></a>
</div>
<form id="login" method="post" action="handle.php">
<label for="username">User Name</label>
<input required name="login[username]" type="text" autocapitalize="off" autocorrect="off" />
<label for="password">Password</label>
<input class="password" required name="login[password]" type="password" />
<div class="hide-show">
<span>Show</span>
</div>
<button type="submit">Sign In</button>
</form>
</section>
</div>
</body>
</html>
handle.php:
<?php
echo $_POST['login[username]'];
?>
By using this name="login[password]" you can get the values in PHP as:
print($_POST['login']['password']);
One more solution, store input array in a variable like:
$post = $_POST['login'];
then, use like:
echo $post['password']
$_POST['login']; will return a php array with all keys you used in your form. So you get the username key of this array like this:
echo $_POST['login']['username'];
first try to print only $_POST then you see what is you get in request.
always help to you for following this method. debug step by step then get the data into array.
<?php
$request=$_POST['login'];
echo $request["username"];
echo $request["password"];
?>
Replace textbox name as username in html code and Change php code as echo $_POST['username']; in handle.php
In Html code,
<input required name="username" type="text" autocapitalize="off" autocorrect="off" />
In php code( handle.php),
echo $_POST['username'];
Hi I am in New In Php.
I am asking why we are using hidden text box and given value =1.
<input type="text" name="form_submitted" value="1"/>
<html>
<head>
<title>Registration Form</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<?php if (isset($_POST['form_submitted'])): ?>
<?php if (!isset($_POST['agree'])): ?>
<p>You have not accepted our terms of service</p>
<?php else: ?>
<h2>Thank You <?php echo $_POST['firstname']; ?></h2>
<p>You have been registered as <?php echo $_POST['firstname'] . ' ' . $_POST['lastname']; ?> </p>
<p> Go <a href="sample.php" >back</a> to the form</p>
<?php endif; ?>
<?php else: ?>
<h2>Registration Form</h2>
<form action="sample.php" method="POST">
First name: <input type="text" name="firstname"><br>
Last name: <input type="text" name="lastname"><br>
Agree to Terms of Service: <input type="checkbox" name="agree"> <br>
**<input type="hidden" name="form_submitted" value="1"/>**
<input type="submit" value="Submit">
</form>
<?php endif; ?>
</body>
</html>
In this case, the reason the developer have done this, is because it is used in the first IF-statement.
if (isset($_POST['form_submitted'])):
When the form is submitted, it is sent to the same file. When a form is submitted, the form values is accessible via the $_POST paremeter in php. So if $_POST['form_submitted'] is set, then he executes the following code, and if not, the code inside else: is executed
I also have to say that this code is not a good example of how to handle form submissions, and should be improved.
Developers using <input type="hidden" name="form_submitted" value=""> because sometimes they use it as reference for the form submission. They can use it for conditions or whatever functionality they want to use with the hidden input.
Instead of showing the exact input (input text), they're hiding it for more cleaner form.
I'm building my first PHP website (attempting to, anyway!), and I'm trying to create a contact form whose contents are submitted to me via email. I've got the email part down, but I'm having trouble getting the form ("contact.php") to accept data. It automatically refreshes as soon as I type a character in any field. Here's the relevant code:
<div class="contactform">
<form name="contactform" method="post" action="contact-receiver.php">
<fieldset><legend><strong>Required Information</strong></legend>
First Name: <input type="text" name="firstName" size="35" maxlength="30"/>
Last Name: <input type="text" name="lastName" size="35" maxlength="30"/>
Email: <input type="text" name="emailAddress" size="60" maxlength="55"/>
</fieldset>
<input type="submit" value="Submit"/>
<input type="reset" value="Reset"/>
</form>
</div>
This works fine when tested independent from the rest of the site. However, here's the context:
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<?php include 'header.php'; ?>
<?php
$id = $_GET['id'];
switch($id)
{
case 'main':
include 'storeinfo.php';
break;
case 'shop':
include 'inventory.php';
break;
case 'cart':
include 'cart.php';
break;
case 'contact':
include 'contact.php';
break;
default:
include 'error.php';
}
?>
<?php include 'footer.php'; ?>
</body>
</html>
"contact.php" works fine when displayed as a separate page, but won't accept any input when accessed as an include file. If I try to enter data in any of the fields, the page immediately refreshes after I type the first character, and the data is lost.
If anyone could point me in the right direction, I would really appreciate it!
EDIT
Disabling Javascript didn't work. I cleared my cache and restarted my browser (Firefox) just to be sure. While I'm working on that voodoo priest, here's the page source for index.php?id=contact:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Main</title>
<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<div>
<p><img src='headerimg.png' class='header'/></p><a href='index.php?id=main'>
<img src='mainbutton.png' class='nav1'</a><a href='index.php?id=shop'>
<img src='shopbutton.png' class='nav2'</a><a href='index.php?id=cart'>
<img src='cartbutton.png' class='nav2'</a><a href='index.php?id=contact'>
<img src='contactbutton.png' class='nav2'</a>
</div>
<div class="contactform">
<form name="contactform" method="post" action="contact-receiver.php">
<fieldset><legend><strong>Required Information</strong></legend>
First Name: <input type="text" name="firstName" size="35" maxlength="30"/>
Last Name: <input type="text" name="lastName" size="35" maxlength="30"/>
Email: <input type="text" name="emailAddress" size="60" maxlength="55"/>
</fieldset>
<input type="submit" value="Submit"/>
<input type="reset" value="Reset"/>
</form>
</div>
<div id = "footer">
<p>©2012</p>
</div>
</body>
</html>
It sounds like a Javascript-related problem.
Check and make sure you're not including any scripts which try to autocomplete, as being misconfigured might cause it to send a request upon key up which would cause the behavior you're mentioning.
An easy way to test this is to disable JavaScript in your browser and see if the issue continues. If it does, it means you have ghosts in your computer and should see a voodoo priest. If the issue doesn't persist, it means it's an issue with some JavaScript on your site.
Posting some contents of header.php will help, as well. OR, you could simply post the complete HTML page source once - that is, visit your index.php?id=contact page, hit view source, and show that here.