I have a small html file working in the frame of a website. It currently requests a zip code and then calls a php page to query the database. The iframe gets the id number from the parent page and then gets the zip code from its own page. Here is the code snippet.
<script>
pid = window.location.search;
pid = pid.substring(11,16)
htmlout = '<input type = "hidden" name = "productid" id = "productid" value = "' + pid + '">';
</script>
<body style="margin: 0px; background-color: #ECECEC;">
<form action="https://www.net10wirelessphones.com/Mini-zip-Lookup.html" style="text-align: left" method = "get">
<script>
document.write(htmlout);
</script><span style="font-size: 9pt"><span style="font-family: Arial, Helvetica, sans-serif; color: #444444">Verify coverage in your area. Enter your Zip Code:
</span>
</span>
<input name="zip" size="5" type="text" />
<input type="submit" value="GO" /> </form>
However, When I enter the zip code 00631, it only goes to the site
http://www.net10wirelessphones.com/Mini-zip-Lookup.html?zip=00631
It seems to be cutting off the hidden value from the form. Any suggestions on what I may be doing wrong?
Edit: For those of you wanting to try it out, try it with the zip code 00631 and the product id 17637. It should accept this option and direct to the zipsuccess page.
Edit: Also, if you want to see it from the start go to the page https://www.net10wirelessphones.com/zipstart.html?productid=17637. Sorry I forgot to include it for those who have been trying it out.
You don't need to do that. Here is a better alternative
<script>
pid = window.location.search;
pid = pid.substring(11,16)
//here is the changes
document.getElementById("productid").value = pid;
</script>
<form action="https://www.net10wirelessphones.com/Mini-zip-Lookup.html" style="text-align: left" method = "get">
<input type = "hidden" name = "productid" id = "productid" value = "" />
<span style="font-size: 9pt"><span style="font-family: Arial, Helvetica, sans-serif; color: #444444">Verify coverage in your area. Enter your Zip Code:
</span>
</span>
<input name="zip" size="5" type="text" />
<input type="submit" value="GO" /> </form>
I manually supplied productid as a GET parameter to your zipfail.html page. It's putting the value into the hidden input field just fine. It's also passing it to Mini-zip-lookup.html without flaw. It appears that either:
You're not be providing the productid in the frame's url.
Or the relevant code on that page is different from zipfail.html
Make sure the iframe's url has ?productid=?<number> on the end.
I got the program to work. It turns out the problem was in another form that sent to this page. I had to make a slight change to a name attribute..
This:
<input name="id" id="productid" type="hidden" value="" />
Changed to:
<input name="productid" type="hidden" id="productid" value="" />
And it worked fine. Thanks guys for your help!
I had a very similar problem and changing the names as stated above fixed it...to a point. I thought it might be useful to include what was actually the issue. I had my variables being set backwards. I was resetting the $_POST variable with a blank value every time. I was trying to add the $_POST values to an array and had it thus:
$_POST['varname'] = $my_array['varname'];
Once I changed it to:
$my_array['varname'] = $_POST['varname'];
It worked perfectly. Hopefully my time spend staring at this silly mistake will save someone else from doing the same.
Related
I have multiple inquiry forms all of which call the same file used for email forwarding, so it's titled emailForwarding.php. I apparently managed to separate the forms using jQuery on the front end, but the script in emailForwarding.php is processed the same number of times as the number of the inquiry forms. I just want the php script to work for the form I submit.
I tried isolating the effect of the script using .eq() and .index() and passing an argument named $arg to only trigger form submission event for the div.vendor-wrapper containing the selected form.
single.php:
echo
'<div class="vendor-wrapper"><form method="post" action="" name="form" class="commentForm">
<textarea name="comment" placeholder="Please enter your message in the space of 300 characters and hit the Confirm button." value="" class="message" maxlength="300"></textarea>
<input name="confirm" type="button" value="Confirm">
<input class="send" name="send'.$i++.'" type="submit" value="Send">
<input type="hidden" name="position" val="">
</form></div>;
<script>
$('.confirm').click(function(){
$('.vendor-wrapper').find('.position').val('');
var index = $(this).parents('.vendor-wrapper').index()-1;
if($('.vendor-wrapper').eq(index).find('.message').val()){
$('.vendor-wrapper').eq(index).find('.confScreen').show();
$('.vendor-wrapper').eq(index).find('.position').val(index);
}
});
</script>
emailForwarding.php:
if(isset($_POST['position'])):
$arg = 'send';
$arg .= $_POST['position'];
echo "<script>console.log('PHP: ".$arg."');</script>";
if(isset($_POST[$arg])):
if(isset($_POST['comment'])):
$EmailCustomer = $_POST['email'] = $current_user->user_email;
//The rest of the script for email processing omitted.
The form is submitted the same number of times as the number of the forms on the page.
Inserting include() before tag of single.php disabled duplicate submission.
Could you provide more code? Because I was trying to reproduce the problem but could not with the provided code. As, what $_POST['position'] stands for is not clear from code.
Is the echo statement user any loop. Can you try by giving a different name to FORM?
<form method="post" action="" name="form-$i" class="commentForm">
When I try to do
Search in Form
i get in address bar the following entry
check.php?go_btn=&s=banana
Why do I get the name of the button "go_btn"
I should get the value
check.php?s=banana
Why this value
name = "go_btn"
Appears in the address bar
simple_search.html
<form action="check.php" method="get" id="my_form">
<input name="go_btn" type="submit" id="go_btn" form="my_form" formaction="check.php"
formmethod="get"
style="background-image: url(images/go.png); border: solid 0px #000000; width:
71px; height: 55px;" value="">
<input type="text" name="s" id="s">
</form>
check.php
<?php
if (isset($_GET['go_btn'])) {
$s_find = $_GET['s'];
if ($s_find == "banana") {
print ("you find banana");
}
else {
print ("blablabla....");
}
}
?>
You get it because you asked for it:
<input name="go_btn" [..snip...] value="" />
^^^^^^^^^^^
Any <input> field with a name attribute will get submitted along with the rest of the form. If you don't want go_btn being submitted, then take away the name attribute.
Well, In your PHP instead of asking about go_btn ask for s as follows:
<?php
if (isset($_GET['s'])) {
$s_find = $_GET['s'];
if ($s_find == "banana") {
print ("you find banana");
}
else{
print ("blablabla....");
}
}
?>
And then remove the attribute name from your form's element go_btn as follows:
<form action="check.php" method="get" id="my_form">
<input type="submit" id="go_btn" form="my_form" formaction="check.php"
...
You will get it because you asked for it. Your form method is GET and the GET method takes all values with it in the URL. If you would like not to see those values in the URL, you may use the POST method.
Moreover, you shouldn't be having ANY problem with that term in the URL, simple because you need that variable in the other file.
I have created a form where a user can add a review. Perhaps this is very obvious but how can I avoid a user inserting a url in the text area. Is there a way to check this?
I have put in a captcha to check for humans.
<form action="" method="POST" name="form">
some other input fields
<span id="sprytextarea1">
<textarea name="Comments" cols="50" rows="3" ></textarea>
<span class="textareaRequiredMsg">A value is required.</span></span></p>
<img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" /><input type="text" name="captcha_code" size="10" maxlength="6" />
[ Different Image ]
<input name="Submit" type="submit" value="Submit your form ">
<input type="hidden" name="MM_insert" value="form">
</form>
Any suggestions welcome.
Just put the if condition,before insert db.
if(preg_match("/\b(?:(?:https?|ftp|http):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$_POST['comment'])){
echo 'error please remove URLs';
}else
{....
Using PHP you can try two things using preg_match() and strip_tags() or a combination of them both. below will clean the textarea, escape it as well for database.
Once the form is submitted try this.
$post = array();
foreach($_POST as $k => $v){
// strip all HTML and escape values for database
$post[$k] = strip_tags(mysql_real_escape_string($v));
}
// check of we have URL in text area
if(preg_match('/www\.|http:|https:/'i,$post['Comments']){
// prevent form from saving code goes here
echo 'error please remove URLs';
}else{
// let form be saved
}
Simply, there is no any automatic way to check a URL in input text. You just have to use a human check for the user input.
For example: suppose that you tried to apply regex check for a URL and I want to trick it, I may able to write infinite string that shown as a URL:
http: example .com
h ttp:// ecxampleDOTcom
ht-tp: / / ecample. Com
etc
So any commenting system to achieve the ultimate spam protection, it applies moderator review in which a human being check the content.
Hi new to coding and scripting, here is what I have:
<html>
<body>
<p align="left"><iframe id="aa" style="HEIGHT: 25px; WIDTH: 227px"src="http://www.html-assets.com/assets/html-building-blocks/php-display-user-ip-address.php" frameborder="0" width="600" name="aa" scrolling="no"></iframe></p>
</br><input type="text" id="ee">
<input type="checkbox" name="dd" value=" onclick="myFunction()"><em>Check the box to copy the IP Address above</em>
<script>
myFunction() {
var x = document.getElementById("aa");
var y =(x.contentWindow || x.contentDocument);
if(dd.oncheck==true){
f.ee.value = y;
}
}
</script>
</body>
</html>
What I am trying to do is have something where the page lists out the IP Address of an end-user. I want the user to have the ability to copy this address into an input field that can be added to a form that can be submitted.
How would I script this? At this point, the object in my iframe is outside my domain; is this impossible to call because of the same origin policy? I am planning on creating this using a .php within our own domain; I will adjust the code accordingly.
Yes, you will have to use a .php file for this.
Once you have created your php file, then insert this code:
<?php
$userip = $_SERVER['REMOTE_ADDR'];
?>
<input type="text" value="" id="textbox1"/>
<input type="button" value="Click me" onClick="document.getElementById('textbox1').value = '<?php echo $userip;?>' "/>
The user's ip will be saved in the variable $userip. Then, when the button is pressed, the textbox textbox1 will be filled with the user's ip address.
I hope this helps!
I have a problem with $_GET. When I click the submit button it doesn't read the "id" which came from my first page of php. This is the link where the value of id came from <?php echo $content."<p><a href='post.php?id=$pid'>Comment.</a>"?></p> but when I try to to run this echo $_GET['id']; its working at it shows that it has value.
<?php
if (isset($_GET['id'])) {
$c = $_GET['id'];
}
mysql_connect("localhost","root","");
mysql_select_db("blog");
?>
<html>
<head>
<body background="u.jpg">
<center>
<img src="1.jpg" width="100" height="50"/>
<img src="2.jpg" width="100" height="50"/>
<img src="3.jpg" width="100" height="50"/>
</center>
<center>
<title>Pinoy Blog</title>
</head>
<?php
if(isset($_POST['submit']))
{
$content = $_POST['content'];
mysql_query("INSERT INTO comment (comment,p_id) VALUE('$content','$c')");
echo 'span style="font-size:26px;"><strong><span style="font-family: verdana, geneva, sans-serif; ">Success! Tignan ang post. </span></strong></span>.
|| Magpost ulit? Click mo to.';
}else{
?>
<form action='post.php' method='post'>
<span style="font-size:26px;"><strong><span style="font-family: verdana, geneva, sans-serif; ">Comment: </span></strong></span>
<textarea name='content' ></textarea><br />
<input type='submit' name='submit' value='POST!'/>
</form>
<?php
}
?>
<center>
</body>
</html>
1) When you are coming from first page to second page with link then it's called query string & you will get it in $_GET['id']
2) But now you are on second page & click on submit button it means it is new http request which doesn't carry $_GET values from previous http request. so you need store $_GET['id'] into second page as hidden form field.
Change your php code as below
if (isset($_REQUEST['id'])) {
$c = $_REQUEST['id'];
}
Now take one hidden field in your form.
<form action='post.php' method='post'>
<span style="font-size:26px;"><strong><span style="font-family: verdana, geneva, sans-serif; ">Comment: </span></strong></span>
<input type="hidden" value="<?php echo $_REQUEST['id'] ?>" name="id">
<textarea name='content' ></textarea><br />
<input type='submit' name='submit' value='POST!'/>
</form>
Note: $_REQUEST default contains the contents of $_GET, $_POST and $_COOKIE
You're submitting a POST form and then searching for GET variables???
To be honest I'm struggling to understand the question, you're saying that when you first land on the page the $_GET['id'] is printing out, but then when you submit the form on that page the ID isn't there??
First of all, where/when are you echoing the query string value such that it displays?
More to the point, I'm going to assume that the code we're seeing is for post.php and that the page is essentially submitting to itself. I'm also going to assume that when you first load the page, you do so with a query string argument. Something like this:
/path/to/post.php?id=123
However, when you submit the form, you change that URL:
<form action='post.php' method='post'>
Now you're loading something like this:
/path/to/post.php
There's no more query string value on the URL, so when the PHP code responds to this request it won't have anything in $_GET['id']. You need to include the query string value when submitting the request to the server. Something like this might work:
<form action="post.php?id=<?php echo htmlspecialchars($_GET['id']); ?>" method="post">
Conversely, instead of mixing POST and GET values, you could set a hidden field in the form. Something like this:
<input type="hidden" name="id" value="<?php echo htmlspecialchars($_REQUEST['id']); ?>" />
Then your form's action won't have to change, but you would have to change how to access the value in the PHP code. $_REQUEST['id'] will pull the value from either the GET values or the POST values, so it need only be present in one of them. That way the same array can be used both when first loading the page and when submitting the page back to itself.
Note the use of htmlspecialchars() here. I'm not a PHP expert, but what I'm explicitly attempting to do is prevent some cross-site scripting attack whereby the code would blindly echo to the page (on your behalf) user-submitted input, which could be malicious. url encode() may also do the trick. It's worth further research for your needs.
<form action='post.php?id=<?php echo $id;?>' method='post'>
<span style="font-size:26px;"><strong><span style="font-family: verdana, geneva, sans-serif; ">Comment: </span></strong></span>
<textarea name='content' ></textarea><br />
<input type='submit' name='submit' value='POST!'/>
</form>
It Will Post Form To post.php?id=1 or any other
And You Will get Values Of $_GET['id']
Replace action='post.php' with action='post.php?id=<?php echo $id;?>'