Html
<html>
<body>
<h1>What do you want?</h1>
<form action="googleApi.php" method="post" />
<input type="text" name="itemWanted" /> <br />
<input type="submit" name="submit" />
</form>
</body>
</html>
PHP
<?php
//Escape the input
$itemQueried = mysql_real_escape_string($_POST['itemWanted']);
How do I get this code to switch a + sign in for any space for the value $_POST['itemWanted'] so right now, if i enter in 'bag', it works fine. But if I enter in 'Gucci Bag', it doesnt populate the array, because the query (to the script) looks like 'Gucci Bag', when the queries should really be 'Gucci+Bag' if you use a space. How do I switch a + for a <space>?
You can use urlencode, this will convert any spaces to +.
e.g.
urlencode("Gucci Bag"); // Will give "Gucci+Bag"
So just use urlencode($_POST['itemWanted']) instead of $_POST['itemWanted'] and any spaces the user entered will be converted to + for when you create $url.
Related
I am new to both HTML and PHP and I encountered a problem when working on some simple projects. Lets say I have a text bar on my webpage and I want to display the text written in text bar on webpage after the user enters some text and presses the submit button. My problem is that the webpage shows the output when the webpage first loads. Is there a way to prevent the php code from executing untill the submit is pressed ?
Here is a sample code code that indicates the problem I am referring to.
<html>
<body>
<form action="./index.php" method="GET">
First Name: <input type="text" name="first" maxlength="50"><br/>
<input type="submit" value="GO"/>
</form>
</body>
</html>
<?php
$text_var = $_GET[first];
echo "This was typed into text bar" . $text_var;
?>
So "This was typed into text bar" is outputted right away when website loads.
I want it to be outputted only after submit button is pressed.
Thanks.
you need to split it up the form should be showed if nothing is submited so either check the value or the submit button
make sure you keep the html format. look at label tags to describe form inputs
<html>
<body>
<form action="./index.php" method="GET">
<label for="first">First:</label>
<input id="first" type="text" name="first" maxlength="50"><br/>
<input type="submit" value="GO"/>
</form>
<?php
if (!empty($_GET['first'])) {
//take care you escape things never output user input (XSS)
$op = htmlspecialchars($_GET['first']);
echo "This was typed into text bar" . $op;
}
?>
</body>
</html>
Check if $_GET['first'] exists. This is is usually done as the following:
View
<form action="index.php" method="post">
<!-- input fields here -->
<input type="submit" name="submit" value="GO"/>
</form>
Controller
<?php
if (isset($_POST['submit'])) {
// process post
} else {
// display the form
}
<?php
if(isset($_GET['submit'])){
$text_var = $_GET[first];
echo "This was typed into text bar" . $text_var;
}
?>
I submit the s variable to page.php from an input form on a different page.
The URL has the complete string with the ampersand, when I try to echo the variable, the string is cut off after the ampersand.
form:
<form action="page.php" method="get">
<input type="text" name="s" id ="s" />
</form>
Variable is:
search & search
URL:
page.php?s=search+%26+search&var2=variable
variable echoes as:
search
I have tried:
echo htmlspecialchars($_GET['s']);
echo htmlentities($_GET['s']);
echo urldecode($_GET['s']);
You could use (at least) 3 differents ways to archieve this:
1 - urlencode(): use this function in the place you should generate the url to encode the string for URL format.
2 - use %26 (without the "+");
3 - Use $_SERVER['QUERY_STRING']: if you have only one param, you could get all the query_string this way.
UPDATE:
I.E:
$url = "page.php?s=".urlencode('search & search')."&var2=".urlencode('variable'); //or urlencode($variable)
Then use: urldecode() to parse the differents $_GETs.
I assume you have a code similar to this,
<a href="http://localhost/example/page.php?s=search+%26+search">
This kind, will result only the search after you try to echo it.
Try this way,
<a href="http://localhost/example/page.php?s=<?php echo urlencode("search+%26+search") ?>">
it's a convenient way to encode a query part of the url.
and also try this one, an example from the official php documentation
<?php $query_string = 'foo=' . urlencode($foo) . '&bar=' . urlencode($bar);
echo '<a href="mycgi?' . htmlentities($query_string) . '">';
?>
and for more information, please refer to this.
http://php.net/manual/en/function.urlencode.php
I just tried what you said and the problem doesn't seem to be the encoding of url.
Try this out https://www.google.co.in/?q=search+%26+search , Google searches for search & search, there might be a problem on page.php where you are trying to echo the variable.
Additionally, to prove that google is not doing anything special i just made two files named index.php and page.php and the result was as expected.
index.php
<html>
<body>
<form action="1.php" method="get">
<input type="text" name="s" id="s">
</form>
</body>
</html>
page.php
<?php
echo $_GET['s'];
?>
output:
search & search
Try to debug your code on page.php where you are trying to echo the variable or paste the whole code here.
Try this though I test it locally, here's the code
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Problem</title>
</head>
<body>
<form action="page.php" method="get">
<input type="text" name="s" id ="s" />
<input type="text" name="var2" id ="d" />
<input type="submit" name="name" value="submit">
</form>
</body>
</html>
and page.php
<?php
if (isset($_GET['s'])) {
echo $_GET['s'] .' '. $_GET['var2'];
}
?>
when you run it to your browser, it will display two input form and a submit button.
The output will be
search & search variable
I try also pasting in the url
page.php?s=search+%26+search&var2=variable&name=submit
I result the same
I hope this would help
I have created a form where a user can add a review. Perhaps this is very obvious but how can I avoid a user inserting a url in the text area. Is there a way to check this?
I have put in a captcha to check for humans.
<form action="" method="POST" name="form">
some other input fields
<span id="sprytextarea1">
<textarea name="Comments" cols="50" rows="3" ></textarea>
<span class="textareaRequiredMsg">A value is required.</span></span></p>
<img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" /><input type="text" name="captcha_code" size="10" maxlength="6" />
[ Different Image ]
<input name="Submit" type="submit" value="Submit your form ">
<input type="hidden" name="MM_insert" value="form">
</form>
Any suggestions welcome.
Just put the if condition,before insert db.
if(preg_match("/\b(?:(?:https?|ftp|http):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$_POST['comment'])){
echo 'error please remove URLs';
}else
{....
Using PHP you can try two things using preg_match() and strip_tags() or a combination of them both. below will clean the textarea, escape it as well for database.
Once the form is submitted try this.
$post = array();
foreach($_POST as $k => $v){
// strip all HTML and escape values for database
$post[$k] = strip_tags(mysql_real_escape_string($v));
}
// check of we have URL in text area
if(preg_match('/www\.|http:|https:/'i,$post['Comments']){
// prevent form from saving code goes here
echo 'error please remove URLs';
}else{
// let form be saved
}
Simply, there is no any automatic way to check a URL in input text. You just have to use a human check for the user input.
For example: suppose that you tried to apply regex check for a URL and I want to trick it, I may able to write infinite string that shown as a URL:
http: example .com
h ttp:// ecxampleDOTcom
ht-tp: / / ecample. Com
etc
So any commenting system to achieve the ultimate spam protection, it applies moderator review in which a human being check the content.
When I use php to create a button's value and the value is a two word string, only the first word is displayed on the button.
Both of the below buttons should show "Compare All" but instead the first one only displays "Compare" on the button.
(Note: I do need to use php for this conditional button value. this is just a simplified version of more complex code for clarity.)
<?php
$ButtonDisp = 'Compare All'; //The two words that should appear on first button
?>
<input name="comp_homes" type="submit" value=<?php echo $ButtonDisp ; ?> // only the first word appear>
<br />
<input name="comp_homes" type="submit" value="Compare All"> <!--This works/shows two words-->
You're missing quotation marks around the value:
<input name="comp_homes" type="submit" value="<?php echo $ButtonDisp ; ?>">
Because you didn't quote it:
<input name="comp_homes" type="submit" value="<?php echo $ButtonDisp ; ?>" />
Is to possible to POST a string in the form field and get converted string result in the same form field?
I use the code:
<?php
$string='';
if (isset($_POST['string']))
$string=$_POST['string']
if (isset($_POST['DoStuff']))
{
$string = doStuffWithThisString($string);
}
if (isset($_POST['DoOtherStuff']))
{
$string = doOtherStuffWithThisString($string);
}
?>
<form action="" method="post">
<!-- blank action attribute will post form to the current page-->
<input type="text" value="<?=$string?>" name="string" />
<!-- <?=$string?> is the same as <?php echo $string; ?> -->
<input type="submit" value="Do Stuff" name="DoStuff" />
<input type="submit" value="Do Other Stuff" name="DoOtherStuff" />
</form>
but get the result above form field...
Are you sure short tags are enabled?
See: http://php.net/manual/en/ini.core.php
If they are not, just use:
<?php echo $string; ?>
I don't see why it wouldn't work.
Depending on the browser, the button names may not be "DoStuff" and "DoOtherStuff". For example, in IE it will be $_POST['DoStuff_x'] and $_POST['DoStuff_y'].
do a print_r($_POST); to see what the form data is being posted as.
If you would use the same name in the submit fields, upon page reload in $_POST['name'] you would get the value you clicked on.
I think that's the solution to the issue, but can someone confirm this ?