It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
here is the code for adding to database:
<?php
/*Config*/
Sounds like something that should be able to be easily accomplished using a PHP session variable.
Just use sessions and set a session variable (call it posted or something) and if that variable is set, don't allow the user to post (hide the submit button or use a PHP if-statement in your javascript to only perform the action when that variable is not set).
The session will be cleared when the user closes the browser.
As a possible example, in your PHP code for adding to the database, just put this at the beginning:
session_start();
if (isset($_SESSION['posted']))
die("posted");
$_SESSION['posted'] = true;
EDIT :
You just need to add another else if statement. It will look something like this:
if(response == "knownudid"){
document.getElementById('udid_message').innerHTML = '<br><i><font color="red">This UDID has already been inserted and it is valid.</font></i>' ;
}else if(response == "noudid"){
document.getElementById('udid_message').innerHTML = '<br><i><font color="orange">Please, enter your UDID.</font></i>' ;
}else if(response == "errudid"){
document.getElementById('udid_message').innerHTML = '<br><i><font color="red">It seems this UDID is not correct. Please check for typo.</font></i>' ;
}else if(response == "validatedudid"){
document.getElementById('udid_message').innerHTML = '<br><i><font color="green">This UDID has been found as an invalid one. Now it is valid.</font></i>' ;
}else if(response == "posted"){ // Here is the new one
document.getElementById('udid_message').innerHTML = '<br><i><font color="red">You have already posted a UDID for this session.</font></i>' ;
}else{
document.getElementById('udid_message').innerHTML = '<br><i><font color="green">UDID <b>'+response+'</b> successfully inserted.</font></i>';
}
With some nice jQuery or js you could hide the form after the user submit.
Having the javascript within the HTML elements is bad, move it into the <script> tags or even better, a separate .js file.
For HTML5 browsers, placeholder is a much more elegant way of providing instructions for text fields.
If you're using AJAX to submit the form, within your function insert_udid() add:
.
document.getElementById('your_button_or_form').disabled = true;
// or document.getElementById('your_form').style.visibility = 'hidden';
...otherwise, you'll need for the php code to disable or omit the form from the response HTML.
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I have a question about checkboxes. I am making a website that lets users enter their tasks for the day and can check the tasks off once they are complete. They can browse the tasks by selecting the date. I am using the AJAX get method to get the tasks from the database and display them in the webpage. I am not sure how to create a checkbox for each task I get from the AJAX method as I will be getting all the tasks for the selected date through one ajax call to the php script that connects to database and returns the tasks. And also how to identify which checkbox corresponds to which task.
In the db there are index numbers, task, date of the task, completed or not and the username
Any help will be greatly appreciated. Thanks
Make a JSON response from your PHP function that is returned with the ajax request and use the response to put the html in your page body.
For example, let's say you have the following PHP code:
<?php
$response = array();
$tasks = array(0 => "Task1", 1 => "Task1", 2 =>
"Task1");
$response['tasks'] = $tasks;
$html = '';
foreach($tasks AS $k => $v) {
$html .= '<input type="checkbox" id="task_' .$v. '" />';
}
$response['html'] = $html;
echo json_encode($response); ?>
?>
And once your AJAX request finoshes, you can put the checkboxes in your page with jQuery(?)
<script type="text/javascript">
yourAjaxFunxtinHere().success(function()
{
$('#container').html(response.html);
});
</script>
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I need to run PHP, specifically PHP I can't do it any other language, on click of a link with the class .URL
Specifically the PHP I need to run is this:
$list[4]+=10;
and the link that I need it to run on click of looks like this:
Some site's URL
I have heard about jQuery's ajax() function and its derivatives. But how can I do those to update the value of a PHP variable on click on .URL ?
First things first, most of your question is not possible in the way you want it done. Specifically incrementing a variable in PHP such that you have $list[4] += 10. I say this because when this script is run this won't exist anymore, you'd have to load it in from where ever you happen to be storing data (assuming a DB).
So, a short example of what you're trying to achieve you'll need a couple of files.
index.php - This is where your code happens that renders the page with the links on it.
link_clicked.php - This is called when a link is clicked.
You'll add need this basic Javascript in your code (it uses jQuery because you mentioned it in your question). I've broken this snippet into many pieces which is not how you'd normally write or see jQuery written to explain what is going on.
$(function() {
// Select all elements on the page that have 'URL' class.
var urls = $(".URL");
// Tell the elements to perform this action when they are clicked.
urls.click(function() {
// Wrap the current element with jQuery.
var $this = $(this);
// Fetch the 'href' attribute of the current link
var url = $this.attr("href");
// Make an AJAX POST request to the URL '/link_clicked.php' and we're passing
// the href of the clicked link back.
$.post("/link_clicked.php", {url: url}, function(response) {
if (!response.success)
alert("Failed to log link click.");
});
});
});
Now, what should our PHP look like to handle this?
<?php
// Tell the requesting client we're responding with JSON
header("Content-Type: application/json");
// If the URL was not passed back then fail.
if (!isset($_REQUEST["url"]))
die('{"success": false}');
$url = $_REQUEST["url"];
// Assume $dbHost, $dbUser, $dbPass, and $dbDefault is defined
// elsewhere. And open an connection to a MySQL database using mysqli
$conn = new mysqli($dbHost, $dbUser, $dbPass, $dbDefault);
// Escape url for security
$url = conn->real_escape_string($url);
// Try to update the click count in the database, if this returns a
// falsy value then we assume the query failed.
if ($conn->query("UPDATE `link_clicks` SET `clicks` = `clicks` + 1 WHERE url = '$url';"))
echo '{"success": true}';
else
echo '{"success": false}';
// Close the connection.
$conn->close();
// end link_clicked.php
This example is simplistic in nature and uses some unrecommended methods for performing tasks. I'll leave finding how to go about doing this properly per your requirements up to you.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I want to design a dynamic form using php. suppose i have created a text box using javascript as follow
var labels=new Array()
function add(type) {
var element = document.createElement("input");
var label=prompt("Enter the name for lable","");
labels.push(label);
document.getElementById('raj').innerHTML=document.getElementById('raj').innerHTML+label;
element.setAttribute("type", type);
element.setAttribute("name",label);
var rohit = document.getElementById("raj");
rohit.appendChild(element);
document.getElementById('raj').innerHTML=document.getElementById('raj').innerHTML+"<br/>";
}
I want to make this field as a required field using php(it is required). what should i do for that
In html5 you can set a required attribute.
element.setAttribute("required", "required");
If you want to use PHP, as mentioned in the question, that would happen on the server side. You have to validate the request received by a php script & check whether it is empty or not.
It's not clear what you want do do, but if you're using POST to send it to PHP then you can check if the value is empty like this
<?php
if(empty($_POST['value_name']))
{
echo 'value is required';
}
else
{
// OK
}
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I have a very strange problem that I could really use some insight on. I have a site that is running perfectly in my test environment. This is on my server and the program is for inventory, it allows the user to select a shelf location, then narrow it down by shelf area. Again, this works perfectly in the test environment. I also have a live environment, where this exact same site will not work correctly, I keep getting data.id is undefined when I run Firebug. The really odd thing is, when I add console.log(data) to my ajax success function, it shows me all the data. I have also done this for the test environment and the only difference that I see is that it groups all the id's together and then the locations. In the live environment it shows id=1, location=1, id= 1,2 location = 1,2 etc. in the test environment is shows id=1,2,3 etc location=1,2,3, etc.
Why is it doing this????
I am not sure what parts of the code you may need to see to help with this issue, but I can post whatever you need to see.
Edit:
this is only happening on one ajax call, all the others are working correctly. The domain name is the same except one has testbcos and the other is just bcos. Here is the code for the ajax call:
// Inventory verification section
$("#area").change (function(){
$("#acctRecords tbody tr").remove();
$('#label').show();
$('#label2').show();
$('#location').show();
$('#section').show();
$.ajax({
type: "POST",
async: true,
url: "area.php",
dataType:"json",
data: ({area: $('#area').val()}),
success: function(data) {
console.log(data);
$('select#location').empty();
$('select#location').append('<option value="0">Select Option</option>');
$('select#section').empty();
$('select#section').append('<option value="0">Select Option</option>');
//Populate options of the second dropdown
for(var x=0;x<data.location.length;x++)
{
$('select#location').append('<option value="'+data.id[x]+'">'+data.location[x]+'</option>');
$('select#section').append('<option value="'+data.id[x]+'">'+data.location[x]+'</option>');
} //end of each function
This is the exact same code for the live and test environments.
Edit #2: I don't know if this will help, but here is the area.php file.
$conn = db_connect();
session_start();
$area = $_POST['area'];
$x = 0;
$return_arr = array();
$result = $conn->query ("SELECT location_id, location FROM location where location like '$area%' ORDER BY location");
$num_rows = $result->num_rows;
if($num_rows > 0)
{
while ($row = $result->fetch_assoc())
{
$idArray[$x] = $row['location_id'];
$locationArray[$x] = $row['location'];
$x++;
$location = array('id' => $idArray,
'location' => $locationArray
);
array_push($return_arr,$location);
}
}
$conn->close();
echo json_encode($return_arr);
It sounds like area.php is returning the data differently. Are sure the PHP files are up to date on the live server?
It turns out that in the area.php file, I do not need to use the array_push function:
array_push($return_arr,$location);
When I changed it to return just $location,:
echo json_encode($location);
everything works fine. Thanks to all for the assistance.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
So basically, few days ago one of my website clients, came to me, and told me that their database and website has been hacked (hackers somehow stole the md5 hashed password from database), logged in admin panel, and changed data. Well yeah, I created that page 1 and a half year ago, so I didn't know any better hash or salts then. Anyway, how do they hack the database? Well basically, is there any protection against that, or are they using any type of JavaScript codes, that I shouldn't allow to load, or what else?
Hope you can help me about this question, so I could create more protected websites.
This was the previous login code for that site. Added per request -
public function loginUser($username, $password) {
if(isset($_POST['login'])) {
if($username != '' && $password != '') {
$sql = "SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'";
$q = mysql_query($sql);
$row = mysql_fetch_array($q);
if(mysql_num_rows($q) > 0) {
if($row['level'] == 'admin') {
$_SESSION['user_level'] = 'admin';
}
else {
$_SESSION['user_level'] = 'normal';
}
$_SESSION['logged_in'] = 1;
header('location: account.php');
}
else {
header('location: error2.php');
// Return to page and show error
}
}
else {
header('location: error1.php');
// Show error, when people have empty fields entered
}
}
It's impossible to say definitely without much more information, but the most likely case is that your appplication was vulnerable to SQL injection, which enabled the attacker to get the site to display the contents of the database. Another possibility is that a directory traversal attack allowed them to download the DB files directly.
Since MD5 is by now completely broken (whether you use salt or not hardly matters anymore with MD5), the rest was simple.
You should read about SQL Injection (maybe that's how they got the information in your database).
Then you should take a look at XSS.
The first thing you have to do is to validate every piece of input, EVERYTHING!
Against SQLi you should use prepared statements.
And against XSS you should encode everything!
But, hey, no worries, you could have googled all this!