Here's one that might get you scratching your heads - it certainly has me!
I'm using a form to submit content to WordPress' 'update_post_meta' function.
The form itself is pretty simple, just a range of input and textarea fields. On submit the action directs to the same page where some PHP takes over to do validation on the $_POST info before submitting to Wordpress. Now it all works perfectly, except one very strange bug:
Whenever you use the word 'casino' in any of the fields, instead of submitting the form, the page refreshes and throws up a 404 error, even though the address bar shows a perfectly valid URL! I don't believe it's my PHP code as I don't think we get that far in the process, so I'm thinking it's a server thing, but I can't imagine why. This happens on any form across the whole site and I've also got the same result on other sites hosted with the same hosting company (Namecheap, FYI).
So, the question is, can anyone suggest a reason why sending that word in particular to $_POST would break a form and cause that error?
PS. I'm currently solving this using a replace() javascript function so 'casino' never gets sent with the form, but if the 'casion' issue can solved I would be very grateful. It would at least stop me puzzling over it.
This is because the probability of being recognized as spam is high.
Casinos should be used well because there are many websites that cannot be used by the word itself.
Using the language of other countries is one of the ways to promote it by openly saying "[우리카지노][1]" like me.
I hope you will answer your question.
Related
Every time I submit the form it refreshes, but doesn’t send the mail. I think, it cleans the input box before I get to make them into a variable, so then it goes to the validation IF and shows the *Please don't leave blank parameters! message.
Regarding the sending email code, it works, I tested it in other new made file without a form, just by opening the file and sending the mail as it is opened.
This is always an actual webhost provider with real info/links.
While you are at it, if you would be so kind, please tell me if I’m following any “Bad Practices”. Thanks in advance!
Code:
(I use a real email address to test, as well as real webhost links at the form — changed for this.)
Your issue seems to be on Line 12
In your if statement instead of using the single =, which assigns a value, instead you should be using double == to check the value.
As far as Bad Practices, I will say that your sanitize function inside your if is weird, functions should generally be written outside of logic loops, at the main level, or in OOP it should be at the root of the object.
I have written this small site, with registration and everything, and I got to a point I think I am not too sure what is happening.
It first started as the DB reporting to me that the user I am trying to write into the DB has a duplicate entry (where it should be unique), which really puzzled me, how can it be that I have duplicate ? Well. It took me three days to realize that the page is being somehow called twice !
I put a
$_SESSION['one']=0;
and a
$_SESSION['two']=0;
in the topmost and bottommost parts of the page accordingly.
then I changed them both to ++, so I can check how many times they have been passed through.
I used the verification link from the emaill the site has sent, and tested their values.
Strangely enough, 'one' would equal 2 and 'two' would equal 1...
This explains exactly why all worked registration-wise, but I got all those errors about those duplicates.
Though, I used firebug to trace any redirections, but couldn't see anything...
It shows the page has 12 GETs and a POST.
I was hoping to bump into a redirect and debug accordingly, but alas, or maybe I don't know how to use firebug to trace these redirects...
I would appreciate any suggestion
Thanks in advance!
Like I said in the comments, here is the answer that worked for me and Ted:
What I do to fix it is change my doctype to html 5 and then validate the page using w3c validator, this problem was only occurring for my in firefox using firebug.
Do you have some <img> or <script> with src=""? Or maybe some <link> stylesheet with empty href?
Is firebug showing you, in net tab, that your site is called twice?
This kind of issues usually happen when you have a fatal or otherwise unignorable error that forces PHP to terminate you script early, in the midst of processing a request.
Check you error log for details of happening.
It is Firebug that is causing the page to load twice. Apparently changing the doctype to html5
as:
instead of html4 has overridden that bug.
When you are going to deploy your site, go back to html 4, and of course, always keep the server safe from such bugs. Use DB constraints, validation and escaping when needed.
Hope this helps, and Big thanks to #jeffreydev!!
I am having issues creating a sticky for in PHP. It seems all the samples I can find online are using one pages for both the form and the processor. I have two separate pages. This is going to be a very long form and if a validation fails, and the user has to re-enter everything, they won't, they'll quit. So this is a vital feature for this form. Also, I am very new to PHP and haven't touched ASP for several years.
When all is said and done, this form will probably have over 50 items. It is using POST. What is the easiest way to convert my form to a sticky form?
The current form can be found here: http://family.themajdans.com/new_submission.php. Only the "Your Information" part works right now.
Any help would be appreciated.
I suggest using a framework/library which already has support for this feature to generate the form. There are several. In fact, I think there are several dozen.
Why don't you do it like this (one file PHP)... Make sure everything is well sanitized before doing this. Just filter out invalid inputs, and leave valid ones to be reposted.
<input type="text" name="age" value="'.$post["age"].'"/>
Hi I have a web form that sends a string to one php file which redirects them to a corresponding URL. I've searched about web form hacking and I've only received information about PHP and SQL... my site only uses a single PHP file, very basic etc. Would it be open to any exploits? I'm obviously not going to post the URL, but here is some code I was working on for the php file:
Newbie PHP coding problem: header function (maybe, I need someone to check my code)
Thanks
From that little snippet, I don't see anything dangerous. "Hackers" can enter pretty much anything they want into $_REQUEST['sport'] and thereby $searchsport, but the only place you use it is to access your array. If it's not found in your array.... nothing much will happen. I think you're safe in this limited scenario ;) Just be careful not to use $searchsport for...... just about anything else. Echoing it, or inserting it into a DB is dangerous.
Uh, it really depends. If you are inserting data into a MySQL DB without sanitizing, the answer is a huge yes. This is something you need to decide for yourself if you aren't going to show code.
The solution you've got in the linked question is pretty safe.
Every possible action is hardcoded in your script.
Nothing to worry about.
Though asking for the "web form like this" you'd better to provide a web form. Not the link to the question that contains a code that can be presumed as this form's handler.
Sometimes, when I submit a form that gathers checkbox data, the checkbox data displays perfectly and other times, the values don't display at all. Any ideas what could cause this?
A typo in your code
You misunderstand how checkboxes work
Ineffective debugging logic
Bad logic to begin with
Those would be the most likely causes. If you share some code and a more specific example I bet it can be narrowed down even further.
You probably have a problem with your URL structure. You may be trying to post data to a URL thats different then your current location. This tends to look like a cross site scripting attack and the server won't be able to grab your posted variables in this case.
Example of what I'm talking about:
I have a form here: http://www.mywebsite.com/myform.php
Now I try to submit the form to: http://mywebsite.com/myform.php
To a user this seems fine but the server thinks that the www. version of the site is a different website and doesn't grab your variables.
For consistency you should always force a user to either the www. or non www. version of your website using a .htaccess file.
Hope that helps.