If you can get this simple SESSION VARIABLES example to work, I'll hug you!
I can't get Session Variables to work at all on my site. I'm running php5, on Windows 7, using Chrome browser.
Here's the send page:
<?php
session_start();
$red='red';
$blue='blue';
$green='green';
$SESSVARS=array($red,$blue,$green);
$_SESSION['USERVARS']= $SESSVARS;
?>
<p>Set Sessionvars</p>
<form action="SessVarCheck.php" method="post">
<input name="Submit" type="submit">
</form>
Here's the result page:
<?php
session_start();
echo "val 1:".$_SESSION['USERVARS'][0];
echo "val 2:". $_SESSION['USERVARS'][1];
echo "val 3:". $_SESSION['USERVARS'][2];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>SessVarCheck.php</title>
</head>
<body>
The Result page
</body>
</html>
I get empty on all three echos.
Any ideas would be welcome!
Make sure that the call to session_start() happens before any page contents are output, on both pages. (See "Note" section here)
(I assume you may already know about this, but given that I don't see a "<html>" on the send page I thought there might be more to that script. Also, I don't know how sensitive this requirement is - just the spaces before the php tag might be enough to be a problem.)
Try a few things:
1) do a var_dump($_SESSION) on your results page, to see what the raw contents of the session are
2) Verify that the sessions are working correctly. Add echo "SessionID: " . session_id(); to both scripts, somewhere AFTER the session_start() calls. If you don't get the same session ID on each page, you're getting a new session each time and it's most likely a cookie problem.
Related
So I'm trying to learn html+php but it seems like I've hit a wall. If I use the GET method in my html form, parameters are sent to my php file just fine, but if I try to do the same using the POST method no parameters are sent.
#Edit: I've taken down the initial code sample displayed here as I found out its not a problem specific to that code. Instead I'm posting a basic form and a basic php script that have the same problem:
HTML FILE:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="testingForm.php" method="POST">
INPUT: <input type="text" id="iTesting" name="nTesting"/><br/>
<input type="submit" value="SUBMIT"/>
</form>
</body>
</html>
PHP FILE:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8"/>
<title></title>
</head>
<body>
<?php
/* THIS WORKS: */
/*if (isset($_GET["nTesting"]))
echo "It is working! ".$_GET["nTesting"];
else
echo "It is NOT working! input: ".$_GET["nTesting"];
echo "<br/>".$_SERVER['REQUEST_METHOD']."<br/>";
echo "<br/>".var_dump($_GET);//*/
/* THIS DOESN'T: */
if (isset($_POST["nTesting"]))
echo "It is working! ".$_POST["nTesting"];
else
echo "It is NOT working! input: ".$_POST["nTesting"];
echo "<br/>".$_SERVER['REQUEST_METHOD']."<br/>";
echo "<br/>".var_dump($_POST);//*/
?>
</body>
</html>
As stated before, if I change the form method to GET, I get no problem at all. However, data doesn't seem to be sent when using POST method.
This is the output using the GET method:
It is working! input: test
GET
array(1) { ["nTesting"]=> string(4) "test" }
This is the output using the POST method:
It is NOT working! input:
POST
array(0) { }
Also, using the developers tool I can see there is a parameter nTesting:test in the formData section of the network tab. Yet, nothing is displayed.
If you're using Chrome
Go to index.html
Press f12. Developer tools will show up
Click Network
Tick Preserve Log and Disable Cache (I usually just do it that way)
From index.html click the submit button (do not close dev tools)
Go back to developer tools click 'teste.php'
Click headers, then expand general. You will see 'Request Method'. It should be POST
After working with #MuriloRM we ended up with the fundamental bug with PHPStorm
Please vote up the resolution of the issue
https://intellij-support.jetbrains.com/hc/en-us/community/posts/115000097930-Can-not-use-POST-method-in-PhpStorm
Consider the following situation. User submits a form which contains a file input field. Then, after processing the upload, server redirects browser to the address containing #hash-part. If the browser is IE7/8, it will discard the part after hash mark (including the # itself). Moreover, it will do this irrespective of whether actual file upload took place or user just left the file field empty. The following code illustrates it.
<? if (isset($_POST['sent'])) {
header("Location: " . basename($_SERVER['PHP_SELF']) . "#test");
die();
}
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Test</title>
</head>
<body>
<form action="" method="post" enctype="multipart/form-data">
<input type="hidden" name="sent" value="1" />
<input type="file" name="test" />
<input type="submit" value="Submit" />
</form>
</body>
</html>
After form is submitted, IE 7/8 shows the same address in the address bar as before while other browsers (and IE 9/10) get properly redirected to the index.php#test. When the file input is replaced with text input, the problem is gone.
Is it a bug or some kind of security measure? Is there a workaround?
I ended up using double redirect on IE 7/8. I replaced
header("Location: " . basename($_SERVER['PHP_SELF']) . "#test");
with
if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match('/(^|[^a-zA-Z])(MSIE|msie) [678]($|[^\d])/', $_SERVER['HTTP_USER_AGENT'])) // If IE 6, 7 or 8
header("Location: redirect.php?to=" . urlencode(basename($_SERVER['PHP_SELF']) . "#test"));
else // For sane browsers
header("Location: " . basename($_SERVER['PHP_SELF']) . "#test");
and created a simple redirection script redirect.php:
<? if (isset($_GET['to']))
header('Location: ' . $_GET['to']);
Thats an odditiy of internet explroer I had to deal with when implementing an oauth flow with javascript.
It appears that it is possible to work around the problem by placing a trailing slash directly in front of the hashtag. so instead of file.php#werewwer make file.php/#werwer
However I do not know why... I think its a bug.
The hashtag is intendeed to never be trasmitted to the server. It is client side only. I think IE just removes it early...
Another possibility is to use a meta redirect instead of a header redirect. That seems to work. You can also append to the url using javascript... Dont know whether this is suitable in your use case.
I have Opera 12.15 on XP with cookies enabled running on XAMPP and localhost. There is no .htaccess.
1) I can't understand why the following session variable does not persist in Opera whilst it does in the other mainstream browsers. With Opera only, if you revisit the page (via a link) after the Form has been accepted, the session variable has gone and the Form is displayed again. It's okay (i.e. the variable persists) if I just refresh the page.
2) I also have a secondary question, as you can see below I have opened a php tag and started an 'if' statement, then closed the php tag, entered some html, opened a new php tag, closed the 'if' and finally closed the second php tag. Is this valid code, I was originally taught to echo the html within the 'if' and just have one set of php tags? The former is easier and works, I saw it used elsewhere.
Thanks in advance.
<?php
// Turn on error reporting
ini_set('display_errors', 1);
error_reporting(E_ALL);
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Opera Session Variable</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<?php
// create a test variable to confirm other session variables outside of Form are persisting
$_SESSION['test'] = 'Test';
// function to print session variables
function print_array( $_SESSION )
{
echo '<pre>$_SESSION<br />' . "\n";
print_r($_SESSION);
echo "</pre>\n";
}
// process the submitted form
if( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
if (isset($_POST['formaccept'])) {
$_SESSION['formaccepted'] = $_POST['formaccept'];
}
}
// print the session variables
print_array( $_SESSION );
// only display the form if it has not previously been accepted in this session
if (!isset($_SESSION['formaccepted'])) {
?>
<p><b>This parargraph should only display if the form has not been accepted in the current session.</b></p>
<br />
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="submit" name="formaccept" value="Accept" />
</form>
<?php
}
?>
</body>
</html>
Must be the way opera handles the cache, I can't see any error with your code.
As for your second question, that syntax works but is not usually recommended, since it makes the layout dirty being full of snippets.
I've just started to learn PHP. I found the $_POST variable is not working and posted the same at the below link
$_POST[] not working in php
and as per the advise i installed XAMPP. But still the proble of $_POST variable is not solved.
Now i've a doubt whether i need to configure any global variable to make $_POST work. I'm totally lost on this and dont know how to proceed.
Any help on this is verryy much appreciated.
Below is the html code - report.html
<html>
<title></title
<head></head>
<body>
<form action="report.php" method="POST" >
<label for="firstname">First name:</label>
<input type="text" id="firstname" name="firstname" value="TestOnly" /><br />
</form>
</body>
</html>
and below is the php code - report.php
<html>
<head>
</head>
<body>
<?php
print( $_POST['firstname']);
?>
</body>
</html>
Below is the view that i got from chrome network data
Thanks.
See, try this.
Source of index.htm File:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>POST</title>
</head>
<body>
<form method="post" action="post.php">
<input type="text" name="name" />
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
Source of post.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<title>Output</title>
</head>
<body>
<?php
if(isset($_POST["name"]))
echo "You have posted " . $_POST["name"];
else
echo "Nothing has been set!";
?>
</body>
</html>
Now try saving these two files under same directory. Enter something in the text box and click on submit. Let us know what you have got.
A few things to check:
Your script will have no data in the POST array unless a form has been submitted (Posted) to that script.
If you have a script and it's submitting properly, make sure the form has method="Post" in its opening tag. If your form submits and in the result script you see a bunch of variables in the address bar separated by ampersands (&) then it's using GET instead of POST. Make sure you have the above statement method="Post" in the form tag.
If you've submitted the script and you still can't see anything, try putting print_r($_POST) or var_dump($_POST) at the top of the target script to see a dump of the $_POST array. If this gives you nothing, try var_dump($_REQUEST) and see if your form data shows up there.
Have you ever tried if your php is correct?
<?php
phpinfo();
?>
or
<?php
print_r($_POST);
?>
what is your code? in default $_POST settings is active in every server unless in server ignore posted data for securitical reasons. i think you mistake is in your code ,don't change XAMP settings
not change the settings of php
either you use get method in html file and use post in action file in both you should use post.
I am trying to create a very simple session between 3 php pages as: index.php ,validate.php and target.php
index.php
<?php
session_start();
$_SESSION['uid'] = 'test';
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Start A Session</title>
</head>
<body>
<h1>Welcome to Heaven</h1>
<form method="POST" action="validate.php">
Your Name: <input type="text" name="name" value="" />
<input type="submit" value="Submit" />
</form>
</body>
</html>
and validate.php as:
<?php
session_start();
$err="Not Allowed";
if(($_POST['name']) == $_SESSION['uid']){
header ("Location: heaven.php");}
else
{echo $err; }
?>
and finally target.php as
<?php
session_start();
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Start Email with PHP</title>
</head>
<body>
<h1>Welcome to Targer <?php echo $_SESSION['uid'] ?></h1>
<img src="session.jpg">
</body>
</html>
Now my questions are:
How come user still can get access to target page while I have already set a session between pages(according to my understanding of sessions the target page must NOT be accessible unless the correct seesion value has been submitted but I can get access to page by clicking on page link in wamp index list! with echoing the $err; ! )
I tried to validate the $_SESSION value by using the isset() but it did'nt go through! can you please let me know how I can modify the validate.php using the isset() instead of if(($_POST['name']) == $_SESSION['uid']) comarison?
Can you please let me know how I can merge two (index.php and validate.php) in one page? I mean how I can validate the session inside the index.php and reduce the files two index and target? In this case I need to handle the wrong logins inside the index page.
Finally, can you please let me know how I can assign the value to $_SESSION from user input? I mean instead of having a hard coded part like $_SESSION['uid'] = 'test'; let the session value start with user input! I know this looks meaningless here but I would like to get idea on creating captcha in same index page
Thanks for your time in advance
This should work properly and just with 2 files. You could even compress it to 1 file, if you really want so (it's much harder to understand), ask for it and I can make it.
index.php:
<?php
session_start();
$_SESSION['uid'] = 'test';
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Start A Session</title>
</head>
<body>
<h1>Welcome to Heaven</h1>
<form method="POST" action="heaven.php">
Your Name: <input type="text" name="name" value="" />
<input type="submit" value="Submit" />
</form>
</body>
</html>
And the other file, heaven.php
<?php
session_start();
if (!empty($_SESSION['uid'])&&$_POST['name']==$_SESSION['uid'])
{
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Start Email with PHP</title>
</head>
<body>
<h1>Welcome to Targer <?php echo $_SESSION['uid'] ?></h1>
<img src="session.jpg">
</body>
</html>
<?php
}
else
{
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Access denied</title>
</head>
<body>
Sorry, you have no permission to access this page.
</body>
</html>
<?php
}
?>
'Validation' is just to display the desired message if the strings match or to display a 'you cannot see this page' if they don't match.
The !empty() needs to be set. Else, imagine what would happen if someone visited the 'heaven.php' page without going first to index.php. You'd compare 2 empty strings! So it would be validated. The alternative is to put $_SESSION['uid'] = 'test'; at the beginning of heaven.php also.
I didn't really answer your questions in order (and in the 2nd one I cheated as I put 2nd and 3rd file together instead of 1st and 2nd), but my code should cover all your problems. For the last part, it's simply $_SESSION['uid']=$_POST['name']; , but it'd be a no sense to do it while validating user. The validation must come from somewhere, generally from a mysql database.
Please start to accept answers to your questions if valid (below the up/down button).
1) What do you mean by assigning correct session value? "heaven.php" is a file which is accessible by anyone if you don't check for access rights in that file.
2) Not sure what you mean. If you need to check if two variables exist and match, you need something like if ( (isset($_POST['name']) && isset($_SESSION['uid'])) && (($_POST['name']) == $_SESSION['uid']) )
3) If there's no need to reduce files to minumun, it's a good idea to keep validating, form processing etc. function in their respective files. If you want to valide session and form values within "index.php" you can do so by first checking if the values exist and then do to them whatever you like. (Like in the 2 above.)
4) You can assign user inputted values for variables by using forms. It's what you are doing with your form currently. In you process file/function you do something like:
if(isset($_POST['submit']){
$_SESSION['uid'] == $_POST['name'];
}
The example above is very simplified.
Finally. You aren't really validating anything, you just check if two values match. Validating means that you make sure value meets the standard(s) specified, for example user submitted value is an integer when it should be an integer (when inserted into database or used some other manner). I think you should see some tutorials about form processing and user input validation before creating anything that's intended in production environment.