I have a textarea in my front-end which accepts the google map code which is an iframe. When I tried to update it, the query fails. The values is not getting inserted into the database. I use text for saving iframe in db. The code I use in model :
function save(){
$data['cmpny_address'] = $this->input->post('cmpny_address');
$data['cmpny_map'] = $this->input->post('cmpny_map');
$this->db->where('id',1);
$this->db->update('contact_us', $data);
}
I have tried sanitizing the input with htmlspecialchars, strip_tags, $this->db->escape etc. I have actually tried all the suggestions from related SO questions. But no luck. Somebody please suggest a way to fix the issue.
EDIT:
It is the <iframe></iframe> that is creating the problem. <p></p> , <h1></h1> gets through without any error.
(Posted on behalf of the OP).
It was a server issue. The support team said "modsecurity was blocking it".
No need to write any htmlspecialcharsand strip_tags Active record automatically handle all those thing.
Use set method to update your data
function save(){
$this->db->set("cmpny_address", $this->input->post('cmpny_address'));
$this->db->set("cmpny_map", $this->input->post('cmpny_map'));
$this->db->where('id',1);
$this->db->update('contact_us');
}
OR
create you data array like
$data=array('cmpny_address'=>$this->input->post('cmpny_address'),'cmpny_map'=>$this->input->post('cmpny_map'));
$this->db->where('id',1);
$this->db->update('contact_us', $data);
UPDATED
To send iframe into post you have to set
$config['global_xss_filtering'] = FALSE;
In your config.php file
I've been developing a news letter system locally and everything works fine . The mystery begun when I uploaded the whole content to my server , I could see the index page but when I enter the username / Password to log in (in the index page), I get redirected to "authenticate.php " where the Post data are processed this way :
<?php include("includes/initialize.php");
if(!isset($_POST['username']) OR !isset($_POST['password']))
{
// no data were given
redirect_to("error.php");
}
elseif(!$user = User::authenticate($_POST['username'],$_POST['password']))
{
// user not found in the database
redirect_to("error.php");
}
else {
$session->login($user);
redirect_to("enewsletter.php");
}
?>
On this page I get stuck (not on localhost ) , the server is rendering a blank page . after some tests , I tell you what happens : If I fall in the if situation i get redirected to error.php , but when I enter some credentials , It's doing nothing :/
So I added an echo statement to keep trace of the code :
and I had this remark, every time the script meets to a line containing a method that looks in the database (OOP approach) the server is always rendering blank pages , I tried it on many pages and it's always the same . I changed the database connection type from PDO to mysqli (because I thought the server is not supporting PDO) but no change !!
Does any one has a clue , what could be the reason?
well ,
it was just a " Self instead of self " problem ...
Thank you all for your help ;)
I am having an issue with my adding a new member page,, also having an issue with my login page which is similar in code. Both worked fine, tested multiple times and ways and then I switched hosting companies. The rest of the database driven site works fine still except this part. Have no idea why and possibly just need fresh eyes on it. I am fairly new to php and mysql to begin with,,, then attempting to learn the newer versions to keep my code upgraded has me at this point unable to figure out why the code is no longer working. Any help would be much appreciated. Thanks.
The page will run up to this point,, I have confirmed that using echo, then it fails. The page itself, does not load, justs stays completely blank and the little loading wheel in the tab corner just spins and spins.
$sql="SELECT * FROM table WHERE field LIKE'$username'";
$rs=$db->query($sql);
$arr = $rs->fetch_all(MYSQLI_ASSOC);
// test to make sure there was not an issue loading the db
if($rs != true) { // start second if in nested section
// if any errors in reading the db redirect to a general db is down error page
//close db connection
mysqli_close($db);
// redirect header goes here, removed for this post
} else { // else to go with second if
// get number of rows returned in this case should be 0 or 1
$rows_returned = $rs->num_rows;
echo "num of rows are $rows_returned";
} // end second if
I have been trying to figure out why this function is working on chrome, but not on firefox.
I have an auto increment field that is my primary key that I get my id from. Here is my code.
if (isset($_GET['id'])) {
$id = $_GET['id'];
} else {
$id = mysql_insert_id();
echo $id;
}
I've tried putting my connection in the function as follows, but it still does not work. Any pointers would be appreciated. Also, I know of mysqli functions, I am using these functions because the user's setup is quite old.
$id = mysql_insert_id($conn);
Here is my code that is doing the insert.
sprintf("INSERT INTO `trade_show_orders` (`SetupDate`,`SetupEndDate`,`ShowName`,`Location`,`Literature`,`StartDate`,`EndDate`,`Attendees`,`Projected`,`File`,`Giveaways`,`AddressBox`,`LocationType`,`Title`,`FirstName`,`LastName`,`Email`,`AddressOne`,`AddressTwo`,`Zip`,`Special`,`OrderDate`,`ShippingLocation`,`ShippingAddressOne`,`ShippingAddressTwo`,`ShippingZip`,`ShippingSpecial`) VALUES ('$setupDate','$endSetup','%s','%s','$values','$eventStart','$eventEnd','%d','%d','".basename($_FILES['fileUpload']['name'])."', '%s','off','%s','%s','%s','%s','%s','%s','%s','%d','%s',NOW(),'%s','%s','%s','%d','%s')", mysql_real_escape_string($_POST['showName']), mysql_real_escape_string($_POST['location']), $_POST['numberAttendees'], $_POST['visitors'], mysql_real_escape_string($_POST['giveaways']), mysql_real_escape_string($_POST['locationType']), mysql_real_escape_string($_POST['personalTitle']), mysql_real_escape_string($_POST['personalFirstName']), mysql_real_escape_string($_POST['personalLastName']), mysql_real_escape_string($_POST['personalEmail']), mysql_real_escape_string($_POST['personalAddressOne']), mysql_real_escape_string($_POST['personalAddressTwo']), $_POST['personalZip'], mysql_real_escape_string($_POST['personalSpecial']), mysql_real_escape_string($_POST['shippingLocation']), mysql_real_escape_string($_POST['shippingAddressOne']), mysql_real_escape_string($_POST['shippingAddressTwo']), $_POST['shippingZip'], mysql_real_escape_string($_POST['shippingSpecial']));
mysql_insert_id() will only return an ID if you've done an INSERT query WITH THE CURRENT CONNECTION. That means it will not return an ID from a page request "three clicks" ago. it will not return an ID done by some other script that's executing at the same, because that's done using a different connection to mysql.
So show the rest of the code that actually does the insert. PHP shouldn't care at all what browser's running on the remote it. It's just an HTTP request with some data as far as PHP is concerned. If there is a browser-specific issue, it'll be in some client-side code that's blowing up, e.g. some bad javascript doing an AJAX request and not filling out a field properly.
Turns out it had nothing to do with my insert.
Apparently, when you use images with submits on a form in Firefox, IE. It renames the image submit from "submit" to "submit_x" or "submit_y"
Chrome and Safari look for both submit and submit_x,submit_y with images.
Firefox and IE 7,8,9 only look for submit_x and submit_y, which explains the reason why it was only working on chrome.
I recenlty had a site designed for me, but my dev used a really crappy generic captcha that fails half the time. I'm trying to replace it using a recaptcha, but I'm having trouble. I cannot figure out which *.php is used for 'processing' and which is used for the 'form'.
I didn't want to post the whole code, so here it is:
This is the 'form' page, as it has the form fields and etc embedded:
http://dl.dropbox.com/u/45666699/formcode.txt
Can someone please take a look at this code and tell me where I should put the private code for recaptcha? Also, how do I disable the "random_number" captcha that is already installed? Thanks!
the code for your existing captcha is on line 295, 296 and 297
require_once('recaptchalib.php');
$publickey = "6LfIUdISAAAAAKguxgdPCjZ6-OkVeu5tmcBaa7ug"; // you got this from the signup page
echo recaptcha_get_html($publickey);
Well you'll need the private key when you're trying to validate that the correct captch was entered (i.e. at the point where you're handling the form submission)
Which by looking at your code should start immediately after line 4
Using a project i did a while back, you would have something like so...
$recaptcha_error = NULL;
//set it to NULL initially
if(isset($_POST["btnsend"])){
include_once(INCLUDES_FOLDER."recaptcha-php-1.11/recaptchalib.php");
$resp = recaptcha_check_answer(RECAPTCHA_PRIVATE_KEY,$_SERVER["REMOTE_ADDR"],$_POST["recaptcha_challenge_field"],$_POST["recaptcha_response_field"]);
if($resp->is_valid){
//captch was gotten correctly
//continue with your normal code processing here
} else {
//wrong input -- captch was invalid -- give the person the error response
//mine is as below -- my usual way :)
$response = array(array("Something seems to be wrong with the captcha!","Please check that you entered it correctly or check the returned error message"),false,"w");
$recaptcha_error = $resp->error;
//make sure to do the above so u can use it when generating the captcha display
}
}
//You got the recaptch error (or left it as NULL above so you could do this)
//when generating your captch display as done on your lines 295, 296, 297
include_once(INCLUDES_FOLDER."recaptcha-php-1.11/recaptchalib.php");
echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY,$recaptcha_error);
Hope this helps (even if a little) :)
Cheers