I am trying to ensure the parameter from a GET method of page 2 (which displays the result) will not be changed by others in the URL (the variables behind the question mark) by making sure users clicked the submit button on page 1 (which contains the form).
The professor ask us to use isset() to implement this requirement
Here's the login page: (page1.php)
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional ...> <html
xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Login
Page</title> </head>
<body>
<label>User ID:</label>
<input type="text" name="uid">
<br />
<input type="submit" value="SubmitCredentials" name="SubmitCredentials"/>
<br />
</form> </body> </html>
And this is the second page: (page2.php)
<?php
// get the data from the form
$uid = $_GET['uid'];
if(!isset($_GET['SubmitCredentials'])){
include('error.html');
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional
...>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>HELLO</title>
</head>
<body>
<label>Hello,</label>
<span><?php echo $uid; ?></span><br />
</body>
</html>
However, the if statement doesn't seem to be working. It's supposed to forward the page to error.html when I change the variable uid in the URL (e.g. when I change the URL to http://localhost/1/page2.php?uid=admin) but it's not. How can I fix it?
PS: a relevant tutorial I found on google>>>
http://www.homeandlearn.co.uk/php/php4p7.html
Try:
if(!isset($_GET['SubmitCredentials'])){
header('Location: error.html');
}
Isset is not safe on Arrays. Try comparing with the ===operator instead:
if(!($_GET['SubmitCredentials'] === 'SubmitCredentials')) {
include('error.html');
exit();
}
Page #1:
<form method="GET" action="...">
<input>
<input>
<input>
</form>
Submit URL:
http://localhost/1/page2.php?SubmitCredentials=SubmitCredentials&uid=admin&i_like_php=yes&...
Related
The first page (inputform1test.php)
<?php require_once('Connections/Project.php'); ?>
<?php
if (!isset($_SESSION)) {
session_start();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Input (Test)</title>
</head>
<body>
<form id="form1" name="form1" method="post" action="inputdisplaytest.php">
<p>Name
<input type="text" name="name" id="textfield" />
</p>
<p>Text
<input type="text" name="text" id="textfield2" />
</p>
<p>
<input type="submit" name="button" id="button" value="Submit" />
</p>
</form>
</body>
</html>
Second page(inputdisplaytest.php)
To test if it's working in 2nd page(inputdisplaytest.php)
<?php include('Connections/Project.php'); ?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$_SESSION['name']= $_POST['name'];
$_SESSION['text']= $_POST['text'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Display Input (Test)</title>
</head>
<body>
<table width="200" border="0">
<tr>
<td><?php echo $_SESSION['name']?></td>
<td><?php echo $_SESSION['text']?></td>
</tr>
</table>
inputdisplaytest_2.php
</body>
</html>
Third page(inputdisplaytest2.php)
This is the part where I got the error
<?php include('Connections/Project.php'); ?>
<?php
if (!isset($_SESSION)) {
session_start();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Display Input (Test)</title>
</head>
<body>
<table width="200" border="0">
<tr>
<td><?php echo $_SESSION['name']?></td>
<td><?php echo $_SESSION['text']?></td>
</tr>
</table>
<p>inputdisplaytest.php</p>
</body>
</html>
I clicked to see if it's still working on 2nd page. (Which is not working)
I got the undefinex index problem when I go to the hyperlink and "Document Expired" when I clicked back button via browser.
How do I get the session variables back/not expire?
Any help would be appreciated.
You don't need the
if (!isset($_SESSION)) {
session_start();
}
just use session_start() at the beggining of your script. Even before those includes.
You can't print anything before the session_start. Check your logs for errors.
I believe the reason you're finding this error is because you are POSTing the form data. When you POST the form data, it is sent when you hit Submit. Going back to the form will give you the message to reload the form data. If you change it to GET, your form data should stick.
Remove if statements that you're using to check if session is set, because in your case the session_start() is never being executed, since the $_SESSION array is always set by PHP unless you perform unset($_SESSION) which is deprecated, this will unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal array. So:
if(!isset($_SESSION)){
session_start();
}
becomes:
session_start();
this resolves the problem of undefined index error.
To resolve the browser back button error when navigating back to the page processing your form, you have to put:
session_cache_limiter('private_no_expire');
before session_start() on second.php file, this line of code avoid "Page Has Expired" warnings, you can find more explanation here avoid "Page Has Expired" warnings.
Finally, after session_start() on second.php file, add the following code:
if(isset($_POST['button'])){
$_SESSION['name']= $_POST['name'];
$_SESSION['text']= $_POST['text'];
}
to check if the form was submitted or not, if yes, you can process the data and display the page, else you just display the page using the perviously stored data on your session.
I have had issues with this myself, where the session variables are not passed on, and recently came across the answer. I am sorry that I cannot credit the person who answered this in a previous post because I cannot find the post again. Simply put, sometimes, especially on shared hosting, the sessions are not stored in the right place. You can fix this by forcing the sessions to be saved in a particular spot. My solution was:
ini_set('session.save_path',realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/session'));
My session file is in the domain's root folder.
I then start the session:
session_start();
And then I make sure that the person is signed in:
if(isset($_SESSION["your_variable"])) {
$your_variable = $_SESSION["your_variable"];
//add any other session variables in the same manner
//be sure to rename "your_variable" with the name of your variable
}else{
header('Location: signin.php');
exit;
}
The header redirect at the bottom is where the person is going if they are not signed in or the session variable is not found, so that the session variables are passed to this page. Note the exit, it keeps your code safer. So altogether my first lines of code are:
ini_set('session.save_path',realpath(dirname($_SERVER['DOCUMENT_ROOT']) . `'/session'));`
session_start();
if(isset($_SESSION["your_variable"])) {
$your_variable = $_SESSION["your_variable"];
}else{
header('Location: signin.php');// or wherever your sign in happens to be
exit;
}
I hope this helps.
If i give textbox type as number and submit a form it cut off 0 .
ex: 099921 means it will post as 99921
why it cut off preceding 0
Because 0 in front means nothing and is removed. Make it a string (text) and it will stay. Ints have no 0 in front.
i dont know why but i did the same code and it is displaying the value with o i.e 099921
check out my code
<?php
if(isset($_POST['submit']))
{
echo $numberValue = $_POST['numVal'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form method="post">
<input type="number" name="numVal" value="" />
<input type="submit" name="submit" value="submit"/>
</form>
</body>
</html
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
php $_POST array empty upon form submission
I just make a simple test to POST a HTML format's textfield data to PHP server. And, in PHP server side, just use the $_POST[] function to retrive the posted data.
However, there is empty(null) data recevied always. Attached below are the HTML code and php script I tested.
Appreaicted if you can point me where I was wrong?
----HTML code---
senddata.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=big5" />
<title>Untitled Document</title>
</head>
<body>
<form action="receivedata.php" method="post" enctype="application/x-www-form-urlencoded" name="form1" id="form1">
<label>_id
<input name="_id" type="text" id="_id" />
</label>
<br />
<label>Send
<input type="submit" name="Submit" value="Send" />
</label>
</form>
</body>
</html>
---PHP Script-----
receivedata.php
<?php
echo $_SERVER['SERVER_NAME']."<BR/>" ;
$id = $_post['_id'];
if ( isset($id))
{
echo "Data set ready!<br/>";
echo "id=".$id."<br/>";
}
else
{
echo "Data set is not ready!<br>";
}
?>
and the result display on the browser:
192.168.0.108
Data set is not ready!
$_POST[] is not a function but language construct used to add items into $_POST array.
While $_POST is a variable, though you are not using it anyway but whatever $_post variable instead.
This was my last attempt that I tried as a last effort:
index.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Customer Login</title>
<link href="stylesheet.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="wrapper">
<div class="login">
<form name="loginForm" action="loginCheck.php" method="post">
<?php require("protect/serverInfo.php"); ?>
Email: <input type="text" name="Email" maxlength="35" /><br />
Password: <input type="text" name="Password" maxlength="4" /><br />
<input type="submit" name ="submit"/>
</form>
</div>
</div>
</body>
</html>
loginCheck.php
<?php
session_start();
$_SESSION['email'] = $_POST['Email'];
$_SESSION['password'] = $_POST['Password'];
require("protect/serverInfo.php");
$myusername=$_POST[Email];
$mypassword=$_POST[Password];
$result = mysql_query("SELECT * FROM Customers WHERE Email='$myusername' AND Password=$mypassword");
$count=mysql_num_rows($result);
if($count==1){
header('Location: customer.php');
exit();
}
else{
header('Location: index.php');
exit();
}
?>
customer.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
<link href="stylesheet.css" rel="stylesheet" type="text/css" />
<?php
session_start();
$myusername = $_SESSION['email'];
$mypassword = $_SESSION['password'];
?>
</head>
<body>
<?php
echo"success";
?>
</body>
</html>
I just need a very simple way to have a form post, the post info to be checked if correct then redirect if correct and pass the post data with it. I have been trying to use sessions and redirects but it doesn't to work quite right. What is the easiest way to accomplish this. At the moment I have been using PHP to check the login info from a MySQL database.
You need to use "session_start()" before you do anything else on the page.
Other few things, I avoid storing passwords on a page.. it just seems like a security issue.
Your login form should generate $_SESSION data based on the mysql information returned from the queury, not the form information that the user submited. You need to check against your customers database, to make sure they are an actual customer.
Also, avoid using the "header()" function, especially when working with sessions. I typically have a "redirect" function in php that does something like this...
function redirect($url) {
echo "<script type='text'/javascript'>window.location='" . $url . "';</script>";
}
I am having a bit of trouble. It does not seem to be a big deal, but I have created a page that the user can edit a MySQL database. Once they click submit it should process the php within the if statement and echo 1 record updated. The problem is that it does not wait to echo the statement. It just seems to ignore the way I wrote my if and display the whole page. Can anyone see where I went wrong.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<?php require("serverInfo.php"); ?>
<?php
$res = mysql_query("SELECT * FROM cardLists order by cardID") or die(mysql_error());
echo "<select name = 'Cards'>";
while($row=mysql_fetch_assoc($res)) {
echo "<option value=\"$row[cardID]\">$row[cardID]</option>";
}
echo "</select>";
?>
Amount to Add: <input type="text" name="Add" />
<input type="submit" />
</form>
<?php
if(isset($_POST['submit']));
{
require("serverInfo.php");
mysql_query("UPDATE `cardLists` SET `AmountLeft` = `AmountLeft` + ".mysql_real_escape_string($_POST['Add'])." WHERE `cardID` = '".mysql_real_escape_string($_POST['Cards'])."'");
mysql_close($link);
echo "1 record Updated";
}
?>
<br />
<input type="submit" name="main" id="main" value="Return To Main" />
</body>
</html>
if(isset($_POST['submit']));
1) Should not have a semicolon after it.
2) $_POST['submit'] is not set. You have to set a name on your submit button and give it a value. Just setting the type to 'submit' does not return a value for $_POST['submit'] in PHP.
You've got a ; after your if statement.
I noticed that you have two submit buttons and I assume that you are using the first one.
Try giving it a name="submit" and a value too.
Of course it doesnt. PHP runs in the server side, not in browser!
Open your page source. There is no PHP. Nothing to wait.
You need another page to send your form to.
And it is a big deal. It's a cornestone of understanding how the web does work.