I've created a HTML and PHP form to pretty much just input data into a MySQL table.
I've got a file upload field, but it doesn't upload a file. I don't want it to upload anything to the server, all I want is for it to grab the location of the file selected and input that into the database.
It works perfectly fine on Internet Explorer, but doesn't work on any other browser, I assume it's because of security issues it imposes.
My input code:
<input type="file" id="filename" name="filename" />
And of course when the form is submitted some PHP code runs through to insert the data into the database. I've tried JavaScript to copy value of that field to to another field but again because of security issues that doesn't work.
Does anyone know of a way I can do this in JavaScript? Or even Flash? To be honest, anything similar to these would do, just something that works in browsers other than IE.
Thanks.
EDIT -
Here's my code:
<?php
if (isset($_POST['submit'])) {
$name = addslashes(htmlentities($_POST['name']));
$filename = addslashes(htmlentities($_POST['filename']));
if (#mysql_query("INSERT INTO movies SET
name='$name',
doc_filename='$filename'")) {
echo '<p>Movie added.</p><p>Manage movies.</p>';
} else {
echo '<strong>Error:</strong> '.mysql_error().'';
}
} else {
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="newspost" enctype="multipart/form-data">
<div class="form-row">
<label for="fm_title">Movie file path: </label><br />
<input type="file" id="filename" name="filename" />
</div><br />
<div class="form-row">
<label for="fm_title">Movie name: </label><br />
<input type="text" class="input-width" name="name" value="<?php if (!empty($_POST['name'])) { echo $_POST['name']; } ?>" />
</div>
<div class="form-row">
<input type="submit" name="submit" value="Submit" />
</div>
</form>
<?php
}
?>
all I want is for it to grab the location of the file selected and input that into the database.
This is no longer possible using HTML - for security reasons, the location of the selected file is not accessible in the file input's DOM element anymore. Most browsers use C:\Fakepath\ instead.
You might be able to get hold of this information using a Flash or Java based uploader (edit: see e.g. this page in the AS3 manual) SWFUpload's API could be worth a look. It could be that you need to build your own Flash or Java solution for this, though.
how you are posting the data of the form? I am not able to see any way of form post. No Submit button or onclick or onchange event of javascript? and also how you suppose this line to give output
<input type="text" class="input-width" name="name" value="<?php if (!empty($_POST['name'])) { echo $_POST['name']; } ?>" />
as its already in else part of the line
if (isset($_POST['submit']))
Related
I want to send an already existing image stored in the $_FILES['the_file']. The $_FILES['the_file'] is from the page "img_upload.php" for uploading that image, then it is sent to the "form.php" page where the rest of the form is, and then sent to the processing page named "add_product.php"
My problem is that I want to send the $_FILES['the_file'] from the form on "form.php" page to "add_product.php" page (with the rest of the form from "form.php"). How can I do that?
Here is my code:
// img_upload.php
<form action="form.php" method="post" enctype="multipart/form-data">
<input type='file' name='the_file' class='image-selector'>
<button type="submit">Insert the picture</button>
</form>
// form.php
<?php
$file = $_FILES['the_file'];
$fileName = $_FILES['the_file']['name'];
$fileSize = $_FILES['the_file']['size'];
$fileTmpName = $_FILES['the_file']['tmp_name'];
$fileType = $_FILES['the_file']['type'];
?>
<p>Picture name: <?php echo $fileName; ?></p>
<form action="../Includes/add_product.php" method="post" enctype="multipart/form-data">
<?php
echo "<input type='hidden' name='file' value=".$file.">";
?>
<input type="text" name="price" placeholder="Name the price">
<input type="text" name="sent_from" placeholder="Sent from">
<input type="text" name="category" placeholder="Select the category">
<button type="submit">Insert the product</button>
</form>
If you want to include it in a hidden input then you'll need to encode it as a string. The usual way to do that is to base64 encode it.
This question covers how to do that.
When you insert the string into the document, do make sure you make use of htmlspecialchars so you don't expose yourself to XSS attacks.
That approach involves sending the file to the server, then sending it (in a less compressed form) back to the browser, then sending it back to the server again.
This is not bandwidth efficient!
Usually the approach for this would be the same the file on the server and then send an id (e.g. the file name) back to the client (and have some logic for cleaning up old files left over from the user abandoning the process part way through).
so I have 2 pages . On the first page I have a form , where I need to input values and the other page receives those values and saves them. Then I go back to page 1 , input new values and those new values get saved again on page 2 , right next to the previous values. Basically like a shopping list. The problem is that i'm really new to PHP and I can't really find solution how to save these forms next to each other. Massive thanks to anyone who replies.
Page 1 :
<fieldset style="width:fit-content; margin:170px; auto 10px; font-size: 30px; justify-content:center;">
<form action="./site2.php" method="post" >
<legend>Product add</legend>
<label>SKU:<br />
<input type="text" name="SKU" pattern="[0-9.]+" required id="SKU" /></label><br />
<label>Name:<br />
<input type="text" name="name" required id="name" /> </label><br>
<label>Price($):<br />
<input required id="price" pattern="[0-9.]+" type="text" name="price" ></label><br />
<input type="submit" name="Submit" value="Save" >
<input type="reset" value="Cancel">
Page 2 :
<form action="site1.php" method="get">
<?php
session_start();
$data=array();
if(!isset($_SESSION['data'])){
$_SESSION['data'] = array();
}
if (isset($_POST)) {
$_SESSION['data'][] = $_POST['SKU'];
$_SESSION['data'][] = $_POST['name'];
$_SESSION['data'][] = $_POST['price'];
}
foreach($_SESSION['data'] as $d){
}
?>
<form id="form-list" >
<fieldset style="width: fit-content; margin:130px; auto 10px; font-size: 20px; justify-content:center; " >
SKU: <?php echo $d; ?><br>
Product name: <?php echo $d; ?><br>
Price($): <?php echo $d; ?><br>
<input type="checkbox" value="asd" id="test" name="test" />
</form>
It looks like you have read a little, and are trying to build something based on that reading. Good start. but I think you need to take a further dive into the litterature.
Concepts
PHP is a server side language. everything inside the <?php and ?> tags is executed on the server, and not on the client.
HTML is a (most often) client side markup (display) language, and is executed on the client (in the browser)
When you have both php and html in a php file (and it is sent with the proper headers) the php code is executed, and any echo or print or <?="hello world"?> is converted to text on your html page, and the resulting file is executed by the client's browser
Anything in your $_SESSION is available to your PHP sections as they are executed, providing the session (set by the cookie or a path parameter) is the same
What your code is doing
Page 1 (site1.php)
Displays a html form (could in reality be just a .html file instead, if you have no other php in the file)
Page 2 (site2.php)
starts a <form> element which would submit the form to site1.php
parses the submitted form data and saves it in a session variable
parses an empty foreach loop
displays some html elements with an apparently unset php variable $d
creates a checkbox
closes the <form> without a sumbit button, which means you never get back to site1.php
Solution 1: Do everything in a single php file
<!-- input part -->
<html>
<body>
<fieldset style="width:fit-content; margin:170px; auto 10px; font-size: 30px; justify-content:center;">
<form action="" method="post" >
<legend>Product add</legend>
<label>SKU:<br />
<input type="text" name="SKU" pattern="[0-9.]+" required id="SKU" /></label><br />
<label>Name:<br />
<input type="text" name="name" required id="name" /> </label><br>
<label>Price($):<br />
<input required id="price" pattern="[0-9.]+" type="text" name="price" ></label><br />
<input type="submit" name="Submit" value="Save" >
<input type="reset" value="Cancel">
<!-- form input handling -->
<?php
session_start();
$data=array();
if(!isset($_SESSION['data'])){
$_SESSION['data'] = array();
}
if (isset($_POST)) {
$_SESSION['data'][] = $_POST['SKU'];
$_SESSION['data'][] = $_POST['name'];
$_SESSION['data'][] = $_POST['price'];
}
foreach($_SESSION['data'] as $d){
echo "SKU: ".$d['SKU']."<br>".
"Product name: ".$d['name']."<br>".
"Price($): ".$d['price']."<br>";
}
?>
<!-- some link to save.php where you push $_SESSION['data'] to your persistent databse (MySQL/PostgresQL/whatever)-->
</body>
Solution 2 (advanced):
keep your setup with site1.php and site2.php, but keep site2.php as pure php without html, and return the data as json or xml
use ajax (javascript) to submit the form to site2.php and parse the return data to a visible format
have a third file (e.g. save.php) where you do the saving to a dbms
Solution 3: keep your code and fix the issues
put your display code inside the foreach (see my code)
remove the <form> from site2.php and simply add a add more items link at the bottom to go back to the input page
So a couple of things here, if you want to save your values on another page, you're going to need some sort of intermediary to save your values. This is where databases / caches shine.
Just use your preferred storage utility, and call it in your shopping cart with a SELECT / foreach loop.
I have a form on an HTML/PHP page.
I have the same exact code on other pages on the site, and it works fine. I cannot figure it out.
Form:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input name="prize_id" type="hidden" value="<?php echo $prize_id; ?>" />
<input name="ContestEntry" type="submit" class="submit" value="Enter me in the Raffle!" />
</form>
I looked at the HTML source code, and the action populates the correct page, and $prize_id populates the correct info in the value.
PHP:
if(isset($_POST['ContestEntry'])){
//...code to enter data into form, irrelevent since it won't post anything anyway.
}
else {
echo 'Nothing posted from form';
}
"Nothing posted from form" always shows, and no data is being entered into the database. I've tried changing the form name to 5 different things, thinking maybe there was a conflicting name somewhere, but nothing works.
Any ideas?
If all you need to achieve is check whether the form is submitted or not, it's better to check that the request type is a POST:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Process form
} else {
// Nothing posted!
}
Also change your submit button to:
<button type="submit">Submit</button>
and see what happens
The code you posted actually works for me.
But, if you still can't get it working, I would try checking to see if prize_id is set rather than the button. The PHP script is executed when the form is submitted.
Also, I would recommend that you don't use $_SERVER['PHP_SELF'] as the form action. According to https://stackoverflow.com/a/14093363/3593228, that can make it easy for attackers to insert malicious data. Instead, leave the action empty.
The if Condition is not working because you put it on Button, instead of this just make an hidden field in the form to check form is submit or not like as you already have one. Or make new for this form.
<input name="prize_id" type="hidden" value="<?php echo $prize_id; ?>" />
Consider adding what you're looking for as another hidden field:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input name="prize_id" type="hidden" value="<?php echo $prize_id; ?>" />
<input name="ContestEntry" type="hidden" value="Enter me in the Raffle!" />
<input type="submit" class="submit" />
</form>
I call a PHP script from my HTML form submit.
Then I process the values retrieved from this HTML form in the PHP script and now I want to display these values in another HTML form that I am calling from this PHP script.
How do I retrieve this variable?
Note: I tried echo but I think I actually want to display this value in the form (HTML) and not break it again in a PHP tag.
I'm not sure what you mean by "not breaking it again with a PHP tag". HTML on its own cannot access PHP variables. This is because PHP is a server-side language and HTML is a client side language. But here is the simplest way to print php variables retrieved from a form.
<form>
<p>Your name: <?php echo $_POST['name'] ?></p>
</form>
This is assuming that there was a form that submitted a field called 'name' using POST.
You can process the name in a php script at the top of the file and then simply echo it when you're printing the html. This way, you won't have too much php code mixed in with the HTML (which makes it look cleaner).
Once you got the values in the PHP script, are you calling a new script? If so, you might wanna save the values in $_SESSION["varible_name"]. If not, you just have to echo it.
It depends on how you are accessing your form data, either through $_POST or through $_GET. For simplicity, I'll assume your using $_GET and modify this example for more clarity.
So lets say you have a form hosted on welcome.php:
<form action="welcome.php" method="get">
Name: <input type="text" name="fname" />
Age: <input type="text" name="age" />
<input type="submit" />
</form>
Now the results will be returned back to the same page, so you want to modify the page to say:
<form action="welcome.php" method="get">
Name: <input type="text" name="fname" value="<?php echo $_GET["fname"]; ?>"/>
Age: <input type="text" name="age" value="<?php echo $_GET["age"]; ?>" />
<input type="submit" />
</form>
Though you'll notice that we're using the same page, and we can only have one version of the page, so we want to render if upon the condition that our variable has been set.
if (isset($_GET["fname"])){
//code to print second form
}
else{
//code to print first form
}
Or, in another way (using the ternary operator):
<form action="welcome.php" method="get">
Name: <input type="text" name="fname" value="<?php echo ((isset($_GET["fname"]))?$_GET["fname"]:""); ?>"/>
Age: <input type="text" name="age" value="<?php echo ((isset($_GET["age"]))?$_GET["age"]:""); ?>" />
<input type="submit" />
</form>
Post Updated: After commentors advice.
Index.php
<?php
$id = uniqid("");
?>
</head>
<body>
<form method="post" action="frame.php" target="upload_iframe" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<input type="hidden" name="APC_UPLOAD_PROGRESS" id="progress_key" value="<?php echo $id; ?>"/>
<br />
<input type="submit" name="submit" value="Submit" />
</form>
<iframe name="upload_iframe" style="width: 400px; height: 100px;">
</iframe>
frame.php
<?php
if(isset($_POST['progress_key'])) {
echo "hey1";
$status = apc_fetch('upload_'.$_POST['progress_key']);
echo $status['current']/$status['total']*100;
}
echo "hey2";
?>
Still doesnt work :(, I dont even get POST form data in frame. Where am i going so wrong?
Regards.
Whenever you use the APC file upload mechanism, you need to add an additional parameter to your form that identifies the file that's being uploaded, and is the key for your apc_fetch.
<?php $id = uniqid(time()); ?>
<input type="hidden" name="APC_UPLOAD_PROGRESS" id="myUniProgressKey" value="<?php echo $id; ?>"/>
As the file is uploaded the value in the key upload . $id will contain the info you need to display the progress bar. Easiest way to get to is to ajax poll the server, using the apc_fetch call you have. This dictates that your upload page needs to not refresh the current page the user is on. I've used an iframe in the past that kicks off an interval to poll the server. Once the upload is complete, you're able to show a nice complete message in the same iframe.