What I'm trying to achieve is, if there is an non empty input + another input will show up.
This is how the input looks like.
<input type="file" name="image[]" />
What I'm trying to do is something like this
if (!empty($input)){
//Add another input
}
I think that you can get the idea, I am just wondering is this achievable, since I am new in php I don't know if this is possible.
And I'm sorry if I made any grammatical mistakes English is not my native language.
Sure! By looking at $_POST and $_FILES you can get an idea whether the input contained something or not. Then you can make that if and render an additional <input> as necessary.
Note though that PHP is server side code. It runs when the form is submitted in the browser and thus the browser makes a request to the server. If you want the additional input to appear immediately, as soon as the first input is filled, you'll need to use JavaScript. That's also quite possible.
My guess is, you want interactivity. In which case, you will need to use JavaScript, which is a client side language.
You hook an event to the input, and check each time it's changed to see if it's empty. If it is, you display another input.
You can see if the file was empty by using:
if ($_FILES['image']['size'] > 0)
Related
I use php to manage html and now I have problem with input date in mysql.
All with my input in MySQL or update or delete in MySQL is ok but how I can make security for input data in mysql because if some one open to see my html source code with browser he can see my predefined inputs and he can change thats in html and after that enter wronk inputs in mysql.
This is my code:
Options Value: <select name="extend">
<option value="<?php $_end1;$newDate = date('Y-m-d', strtotime($_end. " + 1 month"));echo $newDate;?>">1 Month</option>
Now when if someone open browser and see my code he can replease 1 month with several month and that in MySQL.
How can I this secure and or hide that in HTML.
Thx
If you're wanting to have fields or input that can't be edited by the user, such as the current date that the form was submitted on or something along the lines of that, you need to do do all of that on the server side (not the client side). Any data that is submitted from the client side can (and you should treat it like it will) be changed.
Instead of having form fields with preset values, fields that are hidden, fields that are disabled, data that is rendered with JavaScript, or any other way you could think of storing data on the client side, do those things on the server side. You can use a PHP script to do this, seeing as you're already making use of PHP. When you submit the form it has to go to some sort of a server side script, do that logic there and submit that logic to a database.
filter all your received user input. This might be clear for free text inputs, but should be done as well for predefined values.
Easiest for extending might be to only accept a certain number. For example 1, 2 or 3.
$extend = filter_input(INPUT_POST, 'extend', FILTER_VALIDATE_INT); is the first step, but you should also check if $extend is not equal to an illegal number.
if(in_array($extend, range(1,3)){ }
input like numbers is a lot more simple to check than a range of dates.
But even when that would be needed: it is possible to make your own validation function.
It is not possible to limit the browser or the user to only send certain data in a form. Either they could use a tool in the browser to change the habits of a form element, or they could rebuild the form completely in their own htmlpage or other tool
There is very simple answer to your question - you can NOT secure html and you should not even try. Every browser is equipped with developer tools and even without browser anyone can send to your server whatever they want. This is how Internet works.
What you SHOULD do is to verify your input data on server side where user has no access. In your case you should have array of allowed inputs or function assessing if input from user is valid.
More, if you know what will be the algorithm eg. ($_end + 1month) than you do not need to get from user result but only value of $_end. You can calculate $newDate just before inserting data to database - this way user will have no way of changing it.
First of all, please be carefull with your writing, it is pretty hard to understand your problem.
Secondly, if you want to "hide" PHP code to the user, you could write your code in a different way :
You create a form in which users will be able to fill some informations, and for example a date, like in your example. If this date is an option, it can have some value, as the one you show.
Then when the user submit the file, you make a checking on the variables. If you want this form to show a price, to add some data to a database, or whatever, you do some checking to be sure that the values are correct. For example, if you want to calculate a price, you will check the date the user selected, and calculate the price from this date. With this method, even if user changed the code, they will not be able to change the checking (at least not easily).
And to conclude you show a page asking the user for confirmation. This way, he will check if the informations are correct, and you can ask to re-fill some fields if you detected some invalids values
That's hard to show some concrete code, since I don't really know what you want to do, but I hope this explanation was clear. Don't hesitate to ask some questions, I'll try to answer.
darling brother:
you have 3 method:
1: define a variables instead of 1 month
2: use encryption method for php enciding that provide encryption php cides to unformatted charachters (ionCube )
3: usin my sql encryption : MD5
How can I make HTML values safe from change by browsers
some examples
textarea
<textarea maxlength="50"></textarea>
any one can change maxlength value
and <a href="#" rel="15" >Like</a>
any one can change rel value and rel value id of post
i use event.preventDefault(); on jquery
but sometimes i need change value by jquery any help
thanks
Basically the way to look at validation is this:
Client Side Validation - can be used to provide "instant" feedback to the user. That way users have difficulty typing in too many characters or invalid values. This also gives them feedback before they move off the data entry field so they can quickly fix errors. As others have said this is NEVER a substitute for server validation
Server Side Validation - This is your actual validation. Assume everything coming from the client is suspect. You need to check for "html" characters (if you aren't escaping output later on pages). You need to check the length of the data. And of course you need to check any other business rules you might have. Repeat: Assume all input is suspect!
For those familiar with client/server programming this may seem like common sense, but its always important to keep in mind. Hope this helps some!
A better solution would be to perform your sanitation and validation server-side (such as ASP), which cannot be modified by the browser. Any HTML can be modified in the browser.
I have a form (right now only one, but there will be more with similar parameters) and I validate it using jQuery Validation (it is too big word, I validate only one field using jQV), this form is send using AJAX. I have in this form 5 inputs:
text input: username, which is validated by separate PHP script remotely - it checks if this user exists in database of different site and if so, also checks if this user has some specified data, but this is not really important
2 times radio buttons (i mean 2x 2 radio buttons) which are validated in PHP (code later)
2 times PickAColor forms, which are also validated using PHP only with regexp for hexcolors
And I have a question. Is there any way to check this data in PHP in more, well, sophisticated way? Because, as I said, I validate them in similar way:
if($period != "3month" && $period != "7day") {
echo '<div class="alert">Wrong period!</div>';
exit;
}
Actually this form I am writing right now is rather short, but I also have some really big ones, and if's like this one above can take even 50 lines, and that pretty sucks. Most of them has similar expressions inside if, which means that I check if value sent by form is on the list of possible options provided by form (someone can change value parameters in Firebug and call himself hacker...). It's complicated and I don't know how to said that, but I think you understand me. So, once again - is there any sense to validate it in PHP and if so, is there any better way to validate it? Or maybe you have some other suggestions? Thanks a lot for your help.
Man you have to think your users can submit anything there, and to make the code clearer and more MVC oriented (and reusable) you need your validations in the app side, and generic functions in jQuery to just display errors to your users, so I would recommend you to do ajax post with the form sent to your php application, to an api controller that recives the form values, validates using the model and returns the object with the jew form values (if you need to clean up) and any error per field, then you just output in json :
{
errors: {
name: "Already used name",
field2: "Some bad text provided"
}
}
Then you just loop through the errors and set to the already existent placeholder of each error text like
<spam id="name-error" class="error"></spam>
<input type="text" name="name" value=""/>
Then you have a validation code that you can reuse when the form is submitted.
Everytime I create a website for a client, I write the form HTML and then write the php script to handle that data. Sometimes the forms are long, sometimes there are multiple forms - it can get messy.
Before I begin to try and write my dynamic php form handler I'd really like some best practice advice and tips.
I thought of gathering all of the posted variables into an array to handle them. But then how do I know which values were supposed to be required or what they mean?
Maybe something already exists to fix this problem!
Thanks a lot,
Henry
Just a bit more info, what I have in mind is a php script which is flexible enough to work with any form built for it with any amount of inputs. I guess I see it as one file that sits on the server and multiple forms will be sending Ajax requests to it, which it can then satisfy
I don't think you should go with arrays, since the $_POST is already an array anyway.
But what about some sort of naming convention in your code?
ex:
<input type="text" name="txt_username" /> //prefix txt or whatever seems fitting.
Then use regular expressions to find what type of data you expect and act accordingly. You could for example write a class that handles different sorts of input and depending on the prefix in the name-property pass the data to the correct function.
Change the name of you submit button according to your form name. Then in php use a conditional statement to determine which form is posted and get your php working aas you wanted for different forms.
something like this
<input type="submit" name="signupform"/>
in php
if(isset($_POST['signupform']))
{
//Do this
}
elseif(isset($_POST['loginform']))
{
//do this
}
known issue:
You will need to keep those submit names unique and there should not be any other for element in any form being posted to that php file.
You can also add a hidden field
<input type="hidden" name='action' value='signup'/>
and then use a switch case with $_POST['action'] key.
I find it helps to seperate form parts by assigning them to an array e.g.
<input type="text" name="Users[username]" id="Users_username" />
That way, I can easily pick out sections by accessing the array key in php e.g.
$_POST['Users']; // returns username from above example
I have 2 checkboxes in a form and onclick of these, some php code needs to be executed and based on the result of the code, the checkbox is checked or unchecked.
So i have written onclick = document.formName.submit(); Now it is triggering the same page and i am able to write the code. I am not able to differentiate which checkbox is checked.
I don't want to use the procedure of:- calling javascript and then storing the value of the checkbox in a variable and making this variable as invisible.
I would like to write something like document.formName.submit('checkbox1'). So that i should be able to handle the value of this or i dont know.
Please suggest me an alternative method or better approach.
What exactly are you doing in the PHP code? Is it validating whether or not they are able to check that box? Sounds like you're making an extra unnecessary step here... If you could describe your scenario a little better I'm sure someone could point you to a more efficient way to accomplish this.
You can't do it correctly using either saving values in database or passing it as parameter.
you have to store somewhere so that when page is get refreshed it must come to know which checkbox is checked earlier.