How to hide this html line, that will not appear for the user in inspect element or view source.
<input type="hidden" name="kda" value="<?php echo $code;?>">
how can I do this?
You can't do that - everything you send to the browser can eventually be read and stored somehow.
What you can do instead, however, is using a session to store this information. Then, only a session identifier will be sent to the browser (and back to the server) while your sensitive information can stay on the server.
It's impossible to hide HTML from view source. Any HTML gets sent to the client and can be viewed in view source. Try storing it in $_SESSION, a PHP superglobal. It gives the user a cookie that tells PHP where to look to find that user's information in $_SESSION.
$_SESSION is an array. That means you can store $_SESSION['pies_bought'] = 7 and $_SESSION['cakes_bought'] = 3.
http://www.php.net/manual/en/session.examples.basic.php
If you "hide" it, it won't work.
You could surround in PHP comment so it's stripped when the server renders the page, but I think you are asking to hide the value of this hidden form field, and that you can not do as you are suggesting.
You could post the "viewable" form fields to another php script that then adds this "confidential" key, and then submits the form wherever it's going.
You could, upon submission of form, call an ajax request to get the value and submit all at once.
Many ways to skin a cat.
Set this flag as a PHP variable instead of actually including the hidden input field in the form.
You may use encryption if you still want to use it as a query parameter in your form otherwise session is your best bet.
<input type="hidden" name="kda" value="<?php echo some_php_crypt_function($code);?>">
When you receive kda on the server,just decrypt it and get the value.
This link http://www.php.net/manual/en/mcrypt.examples.php has examples of how to use encryption/decryption in php.
Related
I have an HTML form that sends information via post to a PHP file.
On the user's second visit the page should remember the last search input. So if on their first visit they were looking for pencil then on their second visit, the form would already have prefilled the Product Name input with pencil. I'm doing this via a session variable that is shared between the two files.
For example this is what my code looks like:
<label for="minPrice">Minimum Price</label>
<input id="minPrice" type="text" value="<?php echo $_SESSION['minPrice'];?>" name="minPrice">
<input class="clearForm" type="reset" value="Clear Form">
As you can see, I'm setting the value of the input field using the session variable. Which means the initial value on the second visit of the input will be the value of $_SESSION['minPrice'], so the typical type="reset" for clearing forms doesn't work. Reset just resets the form to it's initial values.
My first thought was to unset the session variables, but that wouldn't change the current values in the input fields of the form.
There are 2 ways to make it happen
Using PHP session the correct way
Using Javascript local storage
Using PHP sessions
Make sure your .php file has session_start() at the top.
Now you need to request the server to save the value(s) you wanna use on "the next visit". This means, requesting the server without refreshing the page through an HTML form submit, using AJAX.
Following JS snippet will post a form to the server, you can modify what to post as easily as eating an apple pie.
fetch(url, {method: 'POST', body: new FormData(form)})
But you have to POST when the user types something so add an eventListener that triggers the fetch method.
document.getElementById('minPrice').addEventListener('keydown', () => {fetch...})
url is the name of the file or the url you wanna POST to,
form is the form you wanna submit, in case you wanna submit some input field(s) alone, replace new FormData(form) by {minPrice: document.getElementById('minPrice').value} and so on.
assign the fetch method to a variable and you can get the server's response using
variable.then(res => res.json()).then(response => //do whatever you want)
On the server side, get the value(s) using the superGlobal $_POST, such as $_POST['minPrice'] and you can save it in the $_SESSION['minPrice'] variable and whenever the user reloads or makes a second visit, the $_SESSION['minPrice '] will assign the last written minPrice to the input field.
Using Javascript local storage
localStorage is built-into javascript and is quite easier to use. Read more about localStorage on MDN docs. Use
localStorage.setItem('minPrice', document.getElementById('minPrice').value)
And assign the localStorage value to the field on every page load.
document.getElementById('minPrice').value = localStorage.getItem('minPrice')
That's it!
Take a look at this !
Make page to tell browser not to cache/preserve input values
Stop browser from filling textboxes with details
Alternatively, try adding this in Jquery :
$("form :input").attr("autocomplete", "off");
Use JavaScript to clear out the values of the form fields.
Something like:
<button onclick="() => {
document.querySelectorAll('input').value = '';
}" />
That way when you click the reset button, it sets all inputs value to empty string.
If you're never going to want the field autofilled by the browser it seems like you'd simply want to use the autocomplete="off" flag on the input field you desire to be dynamically filled by your php script.
You can read more about the specific of this on the MDN docs.
Basically though you'd take the input, store it as a session variable, load the next page and populate the search variable into the input field as a value and turn the autocomplete functionality off so that the browser cannot override the value you provide from the session value.
The support for for this seems fairly broad. and should in most cases prevent the browser from overriding whatever it has stored for the field.
If you're still running into issues with it filling you cvould maybe look to adding some javascript functionality with the reset() function. However depending on how this is fired it might actually end up overriding whatever you populate with the PHP function at the time the DOM is actuall rendered
There are two most notable ways of inserting a row into a MySQL database using PHP:
Create a single PHP file which uses a loop to detect whether isset($_POST['submit_button'] has been submitted, and if the form has not been submitted then display the HTML form. If the form has been submitted, during the loop insert the data into the MySQL table.
Create the HTML form on page1.html and when the form is submitted parse the data and insert into the MySQL table on page2.php.
Both methods work perfectly fine - however, based on your own opinion, is one better than the other (such as security, maintainability etc...)?
Given the choice, I would choose neither. Instead I would opt for the Post-Redirect-Get (PRG) pattern, by which the form posts to a secondary page which only processes the input, but produces no output itself. Upon successful or unsuccessful completion of processing, the script redirects to a final page, which may be the original form page to display messages, errors, or request resubmission.
Typically, session variables would be used to pass information back to the final redirection point, whether that means values from $_POST to repopulate a form, or success/error codes.
This goes a long way toward solving issues with accidental form resubmission via the browser back button.
Your second method of posting to a different page is like an incomplete form of PRG.
I can say that from a usability standpoint, I prefer the first method, because it allows you to create sticky forms, i.e.
<input id="foo" name="foo" value="<?php echo $_POST['foo']; ?>" />
For cases where it is practical, I'd try to get away from having a second user pageload at all. page1.html submits via AJAX to a web service provided via page2.php. And yes, there are many cases where this isn't appropriate, but the most common patterns I can think of where the form handler is simply inserting rows into a database are well suited to an AJAX submit.
This is more a question on php theory, and wondering how this scenario would be done..
So I have a gallery which has pagination, all done through reloading the page through $_GET.
I want the ability for a user to change the amount of images are displayed on a page (basically my LIMIT). I have this working, however when they go to the next page, the php reloads, and the pagecount gets reset back to default.
Is there a way to store this variable through $_POST to another page when they choose the page count, and then every time the page re-loads, it will grab that variable, so it is not re-set?
Excuse my noobiness. Hopefully this makes sense
I believe you are looking for session variables
<?php
session_start();
$_SESSION['views'] = 1; // store session data
echo "Pageviews = ". $_SESSION['views']; //retrieve data
?>
http://www.tizag.com/phpT/phpsessions.php
What you want are PHP sessions, which
...consists of a way to preserve certain data across subsequent accesses
See the PHP docs for more information.
Whenever you make a request to the server, pass along all the variables that you need. So if you're changing the limit by submitting a form, pass along the page number as a hidden form field:
<select name="limit">...</select>
<input type="hidden" name="pageNum" value="<?= htmlspecialchars($pageNum) ?>" />
Or if you're changing the limit with a link, pass along the page number as another URL argument:
Limit 10
Then you can read it on the server using $_POST["pageNum"] or $_GET["pageNum"].
I don't recommend storing things like this in the session. If you do, you'll prevent people from having multiple windows open to different pages. It's best to pass everything in the request (i.e. the form or link).
I have a page. The user submits the page and sends it to a PHP results page. It works fine. Now, I want the results page to link to another page, and for the elements on that page to depend on what was on the results page. I know how to pass form variables to another page, but I don't know anything about passing non-form variables.
From my searching on the web, my best guess is that I should be passing by URL. Is this correct? If so, a possible problem: the page I want the results page to pass to will have a form, and the user will go to yet another results page by clicking submit (the form data will be sent by POST). Can I send the non-form data (the old results page variable) along with the form data, if the user is going to the other page using POST?
I strongly suggest using sessions. It's not that hard to learn, php makes it VERY easy using http://php.net/session_start and the $_SESSION variable.
Advantage is that you will not have to submit a form on every click, and no information will be displayed in plain text in the URL.
There are several options. However, the easiest may be to simply pass the data on using hidden input fields.
Other options would be using the session, storing to a database between forms, or some combination therein.
If you are going to use POST to go to the next page the most simple option is to include the data you want to send along using an input type="hidden" element in your form.
You might consider using a session to pass the data along.
You can embed the non-form data into the second form as hidden fields. To make sure that it is also passed in the link, you can just add it to the URL as a query string, like:
http://..../blah.php?var1=val1&var2=val2
as long as the data you're passing can fit into a URL. Be sure to urlencode() anything you're appending to the URL.
<?php
start_session();
$_SESSION['Foo'] = 'Bar' // Add stuff here.
?>
I have a php page that has a form that asks for an e-mail. When you press the send button, it gets to another php page, which gets the form data and does its stuff. I need to then be able to go back to the old page (the one that contained the form) and give it some data so that it will be able to change itself and say "You've sent your e-mail successfully, and will not display the form.
How do I do it?
Sessions probably
http://us2.php.net/manual/en/book.session.php
You can either use sessions or cookies, to not depend on the URL cookies have always to be enabled.
Check the PHP Manual (Sessions and Cookies).
Options:
1) Set a cookie (or use a session variable, which is kind of the same thing)
2) Use a separate thank-you page. After you've processed the form, redirect to http://www.mysite.com/thankyou
3) Process the form on the same page as itself. If your form is at http://www.mysite.com/myform, then at the top of that page have a little
if ($_POST)
// process form
// display thank you
else
// display form
Good luck!
If the user is just seeing data that they've entered anyway, you can just use hidden form fields:
<input type="hidden" id="lang" name="lang" value="en" />
That way you can continue to POST new forms and pass the data down the lane. That's the easiest thing to do without having to write a single extra line of PHP code.
You could also store each section in a database and save each section as-added. That would give you the added benefit of having partial data in the case of a browser crash or whatever, depending on how many parts your form is. You could then pass just an ID to the DB table row and retrieve the data for display.