I have a page that contains a form. This page also has a PHP script to set some variables.
These variables are then submitted as hidden values when the user clicks submit.
I have a requirement to take a users entered value (amount) and then set that as a variable inside the PHP , then post the form. Is this possible ?
I cannot just sent the form submitted value as it must go through a MD5 hash first in the PHP script. This is a requirment for Realex creditcard payments.
I was thinking this might be possible with JavaScript?
EDIT
Just to clarify , the page has PHP (simplified here for example)
<?php
$amount ="";
$tmp = "$timestamp.$merchantid.$orderid.$amount.$curr";
$md5hash = md5($tmp);
$tmp = "$md5hash.$secret";
$md5hash = md5($tmp);
?>
All of the above variables are pre-defined and dont change, however the amount is dependant on what the customer enters.
The form is on the same page as the above , so when the customer enters a value , then hit submit ... this along with the md5 hash above is sent.
<form>
<input type="text" name="donate_amount" value="">
<input type="hidden" name="AMOUNT" value="<?=$amount?>
</form>
but Im not sure how to do this dynamically before posting.
I'm not sure if I'm getting this correctly without seeing code, but from what I got from it what I think you want to to is save whatever it is to a session.
so if its coming from input
$_SESSION['derp'] = Hash::howeveryouhash($_POST['derp'])
or if hash happens after input is gotten just save the hashed input to a session?
I'm not sure if this what you meant, but if it is, be sure sure to reference the php manual to insure proper use of $_SESSION!
You need to know the final amount before you create the hidden form Gary. There's no point creating the hash without it.
You should ask the user for the amount they wish to donate on the previous page. Then you can present a final "Donation Overview" page containing the hidden form, and the "Proceed to Payment" button.
Whatever you end up implementing, don't put the Realex shared secret in the javascript on the page! This must be kept secured on the server side.
How about doing this:
<input type="text" name="amount" onchange="ajaxFunction(this)" value="" />
Then when the input field changes the function ajaxFunction calls a PHP script sending the value. In the PHP script you can store the value in $_SESSION['amount'] for later use.
function ajaxFunction(obj) {
$.post("store_amount.php", { amount: $(obj).val() } );
}
Requires jQuery.
Related
I'm trying to solve this problem
I need to get values from form
Following code everything works great
<?php $var = 'Test-123';?>
<form action="go.php" method="post">
<input type="hidden" name="name" value="<?php echo $var;?>" />
<input value="GO_SUBMIT" type="submit">
</form>
The go.php file
<?php echo $_POST["name"]; ?>
But my problem the values of the form not Secure
If I use For Example Firebag
in the Value form Area I can send other values
Although it is hidden
is there a way to disable or encrypt this for security purposes
Form values are always visible to client. Form informations are located in user's browser. Let's come to your value change part. Form values are changeable. If you do not want to be changed one of your static variable, you need to put that value in the session on your server, and after user submit the form, you can make a server side validation. The users who want to change form value, can also do that things with curl requests. You can not avoid them. However, you can use csrf token for external form submitting. As a summary, do server side validation in order to be sure for trusting unchangaeable form values
You should use Encoding technique. Like in PHP base64_encode( ) function. For Example:
<?php
$str = 'This is an encoded string';
echo base64_encode($str);
?>
Output:
VGhpcyBpcyBhbiBlbmNvZGVkIHN0cmluZw==
So noone can send the garbage to corrupt data.
I am doing server side validations for my html values. However when server side validation fails and I return back to the page, the form data is cleared. Is there anyway to do save and reload the form data in php without using any framwork?
Just put the submitted value (if there is any ) inside your value="" like this:
$set = isset($_POST['username']) ? $_POST['username'] : '';
The above is called the ternary operator. And, as I have done it, it will check if someone has already submitted a form with attribute "username" ($_POST['username']) in your form, if yes, then it sets the the value of that form to a variable called $set otherwise it just sets it '' nothing.
Now, all you have to do is just put the $set variable inside like: value=" <?= $set ?> ">
Well, sure. Assuming that you're submitting to a different script, and need to be directed back to your page with the form, use PHP Sessions. Save all of the data that you need to reload in the session, and then on your page use the session data to pre-populate the form if it's there. Once you're done using it (i.e. they've successfully completed their form), then you can clear the session on a subsequent interaction.
Yes,
Say you have your input:
<input type="text" name="email" />
If you did this:
<input type="text" name="email" value="<?php echo $_POST['email']?>"/>
It would repopulate with whatever they typed in.
Send the values to the server using an AJAX call, that wont refresh the page leaving your data intact in the page.
I'm writing a site in PHP.
And I have a simple registration form.
<form>
<label...></label> <input .../>
</form>
I want to add a confirmation field:
<input type='hidden' name='hiddeninput' value="jn3kjnv3kjvn35">
But how does this code look on the server side?
Do I need to save every hidden value to the database whenever registration form is loaded?
I'm trying to make sure the form is not being filled in by bots.
That's why I need a random hidden value that is unique for every form submission.
Suppose every time I generate the registration page - I generate the unique value for "hidden" field.
When the user submits the form - how do I compare the submitted value to the one that was generated (as once it's generated - it's not stored anywhere in the site).
Basicly , you should use a function that generates a random string (hash for example)
and sessions to "remember" this string.
Aftet submitting the form , you'll check the INPUT's value and cross it with the SESSION's value.
For instance:
Form.php
<?php
$hash = md5(time());
$_SESSION['form_xx'] = $hash; //in case you have more than one form.
?>
<form method='post' action='do.php'>
..
..
<input type='hidden' name='secret_key' value='<?=$hash?>'>
</form>
do.php
if($_POST['secret_key'] == $_SESSION['form_xx']) //Just make sure your making the posted value SAFE
//He's ok.
else
die("arggg...those hackers");
You need to add a name to the field, too. It works like pretty much any other HTML field.
I now use Ruby on Rails framework that solves it out of the box.
After filling the form when submit, accidentally due to some filling error ,the form is not submit and return to back,in this condition the value of all text box is blank. i want to stable value of all fields in this condition . I'm using php with smarty framework. Please reply with solution as soon as possible.
Thanks.
If the form is submitted to the page that contains it then you will have access to the submitted values, and can use them to populate your form. For example, if you are submitting the form via POST:
<input name="something" value="<?=$_POST['something']?>" />
If you are submitting the form to a different script, you could send the values back to the page with the form as URL parameters, or you could use temporary session variables, and unset them when the input passes whatever validation you are using:
$_SESSION["temp_something"] = $_POST["something"]; //In form processing script
Then in your form:
<input name="something" value="<?=$_SESSION['temp_something']?>" /> <!--In form-->
You can fill the form fields, on the second round, by filling the content inside the value attributes of html tags, like so:
<input type="text" value="<?php echo $_REQUEST['test']; ?>" name="test">
Pay attention: this is a fast and simple solution. It gives you an idea. In good web programming practice you should sanitize the form data received by client in order to avoid security issues.
I've written a simple entry form that compiles information onto a database, and I'm having trouble with my required fields...
I use a form to process the data via post method if the user neglects to fill in a required field I would like to bring him back to the original form with his/her previous fields entered.
How to I pass info back into an input label? Is there an easy way to do this without any crazy scripts? I started with sessions but I realized I have no clue how to put the stored info from the session back into the input field so the user doesnt have to retype all of their info... Also would a cookie be better for this over session?
Thanks guys,
Arthur
When you post a form, all those variables are submitted into a global array named $_POST['input_name'] and available on the page posted to. A lot of times what I like to do if I'm doing it fairly quickly, is just make the value of those input fields equal the same as what would be posting.
For example lets say we have a desired username field but the form didn't validate for some reason and posted back to itself; we don't want them to have to enter it again:
<input type="text" name="username" value="<?php print $_POST['username']; ?>" />
Of course when they first load the page, the value will be empty so there is nothing there, but if for some reason it posts back, that "username" field will already contain entered information.
Even better is java script validation, as the form doesn't have to post back, but this will do the job just fine!
Since the user posts all your data to you, these values are also available in your scripts. So you can use them very easily in the case of text-fields, but a bit more work is required for select options, checkboxes and radio buttons:
<input id="myid" name="myid" type="text"
<?php echo !empty($_POST['myid'] ? "value=\"{$_POST['myid']}\"" ?> />
For radio buttons, select options and checkboxes you instead have to check the value to see if it corresponds with the entry you are currently outputting and print selected="selected".
When it comes to validation you can also have a JavaScript validation to give feedback sooner to the user about possible failures. Just remember to have the same validation on the server side in case someone doesn't have JavaScript enabled or submits it using JavaScript, thus bypassing your client side validation.
Not sure if this is the best way, but you could redirect to a "reload" page and use the values from POST or GET to reinput the existing fields. So first validate, the fields that are required and if any are missing, redirect to this page. Then the POST or GET will have all of the values the user filled in (and the missing required fields will already be blank) so you just loop through and load up the supplied info. Additionally, if they supplied incorrect info you could manually clear it and this will also allow you to mark the missing required fields.
Another option is put your validation in JS so you know the data is good before you submit. However, I'm not sure if there are security concerns with that or not.
I check to see if the post value has been set otherwise you can show a default value, then use a bit of jQuery to remove it when the input has focus
<input type="text" name="first_name" id="first_name" value="<?php if(isset($_POST['myid'])) { echo $_POST['myid'] } else { echo "Your Name" ?>"></input>
Here's the jQuery which will remove the default Your Name when the textbox has focus.
$(document).ready(
function(){
$.fn.clearDefault = function() {
return this.focus(function() {
if( this.value == this.defaultValue ) {
this.value = "";
}
}).blur(function() {
if( !this.value.length ) {
this.value = this.defaultValue;
}
});
};
// clear default textbox entries
$("#first_name"). clearDefault();
}
);
jQuery Validation Plug-in
<input type="text" name="username" value="<?php isset($_POST['username']) ? echo $_POST['username'] : null; ?>" />
will work fine