I have a general question about php and mysql.
So currently, I have a form in a html file that on sumbit gets posted to a code.php with some input processing in code.php.
How would I go about generating different pages on submit with mysql and showing them the result from code.php?
So for instance, I have my domain example.com and on submit, it would generate a page example.com/1.php, and after, if I were to refresh the page and hit submit again, it would generate example.com/2.php?
I know my question is very general, just looking for a tutorial, or example to code to follow!
I actually think what you are asking for is something like a step-by-step add process?
So what I write in page 1, page 2 and page 3 firstly wants to be added on page 4?
If that is the case you should read about serialize()-function in PHP.
E.g. on post you could make this:
if( isset($_POST['step1']) )
{
$_SESSION['step1_ok'] = 1;
}
And then use the session for checking if the user comes from the last step. :)
I don't get your point, but to create a file you use fopen.
Not sure the point of this, are you trying to have a form that contains multiple pages?
You could just do that in 1 php page with something like:
<?php
if(isset($_POST['step'])) {
$step = $_POST['step'];
}
else {
$step = 1;
}
if($step == 3) {
//show s3rd page
}
else if($step == 3) {
//show 2nd page
}
else {
//show 1st page
}
?>
If you want the 1.php, 2.php, 3.php,.....
Then you should do something with mod_rewrite to make all those requests to to 'code.php' and then you would do something like above to figure out which of the virtual pages they tried accessing
Generating php code and then saving it as a php file which is then executed opens you up to a lot of security issues.
If your goal is to create the URL as you described for cosmetic reasons, perhaps you should look into mod_rewrite, or something similar.
http://articles.sitepoint.com/article/guide-url-rewriting
Related
I have a framework and I think I'm following something like the MVC pattern: A framework (the model) an index page that controls the input (the controller) and the views pages (that are included inside main.php/the main html)
I read a lot about structure and logics, to write a good application. I read many comments like "Why are you outputting anything if all you are going to do is try and redirect the user to another page?". Well the answer is, the most common case: redirect after the user successfully logged in. Do I need to print something? Of course, the whole main page with a login form/post. How I'm supposed to do that redirection??
So I'm a bit confused about logics and structure of the application. How do you store all the output and do the header redirection without printing anything?
I was thinking about using javascript to do the redirection but I also read comments saying; "if you write good code (following a good logic/structre), you won't need to use hacks like javascript redirection". How is that even possible?
Because the php output_buffering should not be enabled.
I have the output_buffering enabled, and I can use header (after output) without any problem. If I use the javascript redirection the whole page reloads, but using header it just loads the content (the views content that are included in main.php).
So how do you do this without output_buffering?
If you want to redirect to a success page AND pass messages - say, after a successful login - an easy solution is to use "flash" sessions, where you store a message in a SESSION and then, as soon as it's used, you discard it. You don't need to sore anything in the output buffer for this.
This is a very basic example, but should give you the gist of it.
login.php
if($login_successful) {
// put your message in the session
$_SESSION['message'] = 'Login Successful';
// redirect to the success page
header('location: success.php');
}
success.php
<?php
session_start();
// check if $_SESSION['message'] exists
if(isset($_SESSION['message'])) {
// print the message
echo $_SESSION['message'];
// clear the session
$_SESSION['message'] = null;
}
Looks like you are mixing up some things here. What you are talking about are actually two different requests. Either the user wants to view the main page, or he wants to log in using that form on your main page. In your index.php you would have something like this (pseudocode):
if (isLoginRequest) {
// user wants to log in
if( validateLogin($loginFormData) ) {
redirect('successful');
} else {
displayLoginError();
}
} else {
// user wants to view main page
echo main.html
}
Update to answer the question in the comments: The better alternative would be to leave your form validation stuff in login.php and refer to that in your login form <form action="login.php" .... Then in your login.php you would have something like this:
if (loginSuccessful) {
redirect('success.php');
// no need to call die() or whatever
} else {
setFlashMessage('Login failed'); // set a flash message like timgavin described
redirect('index.php')
// also no die() or whatever
}
index.php then is responsible to display your main page and, if set, rendering the flash message from a failed login attempt.
Simple solution: Move the login post script from login.php to another file (login_post.php). The same for other scripts using header() after dom output. (no need to change the form action="")
In index.php:
$url = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
//some more security checks like esc_url() (non-php function)
if ($url == '/login') {
include('header_pages/login_post.php');
}
// all these includes before including main.php
// where views pages are included and the DOM output starts
Since header() is inside the post script, no more headers already sent errors (And output_buffering off, of course).
Same for logout page that is currently being included inside main.php
Thanks to the other answers, they helped me finding this solution.
I have the following PHP script within a file named login.php
<?php
$ref = $_SERVER['HTTP_REFERER'];
if ($ref == 'http://example.com/dir/invalid.php' || $ref == 'http://www.example.com /dir/invalid.php') {
echo '
<div id="invalid">
TESTTESTTESTTESTTESTTESTTESTTEST
</div>
';
}
?>
I have deliberately went to the invalid.php page (which redirects using header() to login.php) and this div does not show up. Does it have something to do with the referrer not really being invalid.php or is there an issue with the script?
Thanks
I don't think the HTTP_REFERER is what you think it is. Namely, it is the page from which the user followed a link to the current page. However, it's very unreliable as we rely on the browser of the user to correctly report this value.
I would suggest the option I thought you needed, except that the only one I can think of you might doesn't really makes sense... (checking if the url matches a url that's not the current script)... so I do not see what you are trying to do.
As promised several ways to do what you want to achieve:
First off, I don't like this solution at all and really consider it ugly, but it's the one closest to what you where trying to do.
invalid.php
require 'login.php'; // we include the file instead of referring to it
login.php
if ($_SERVER['SCRIPT_NAME'] == 'invalid.php')
{
// do whatever
}
The main difference between what you did and what I did for the user will be that here the url bar will show that you're at invalid.php and not somewhere else. This also means that refreshing doesn't make the message go away.
A better solution in my opinion is the following:
In your script that logs a user in (checks the database and everything):
if (!valid_login()) // pseudo-code, obviously
{
$_SESSION['invalid_login'] = true;
header('Location: login.php');
// previously, we had something like this instead of the two lines above:
// header('Location: invalid.php');
}
in login.php
if (isset($_SESSION['invalid_login']) && $_SESSION['invalid_login'])
{
$_SESSION['invalid_login'] = false;
// do whatever
}
Of course, this should be done with proper session facilities like starting up the session in both those files. Instead of using session variables, you could include the file and use normal variables or send GET variables through the header request, but both those solutions share a problem: refreshing doesn't make the message disappear. However, if you were to move the code from the top file of the two above to login.php (if it's not already there, I don't know what file that actually is...) you could once again use normal variables instead of session variables and have a solution in which refreshing does make it go away. In this case, you might argue that you are cluttering your files with bussiness logic and presentation, but there are solutions to that (like keeping it in a separate file, and including it into login.php, moving the html to another file and including that one into login.php or both.
I am trying to hide my websites cms application...
So i thought i would add a bit of php to any random page on my site, that includes a GET referance to some random string... So basically, if you go to x page, and add ?RANDOMSTRING the cms index is included. This is stored above the web root... Here is the peice of php:
if (isset($_GET['J7sd-H3sc9-As3R']))
{
require_once($docRoot . '/../../includes/admin/index.php');
}
Basically, index.php is laid out as a page with 3 fieldsets. In the 3 field sets are various links relating to various applications that deal with various tasks. They were accessed through the same means as the above code. And they were held in the web root and were able to be accessed via http...
That all worked perfectly fine, But the problem now comes when i try to access any specific part of the cms...so what would have been:
http://www.mysite.com/admin/part/
is now:
include($_SERVER['DOCUMENT_ROOT'] . '/../../includes/admin/part/index.php');
Or something of the sort...
So now when i go to my page at
http://www.mysite.com/randomDirectory/
and add:
http://www.mysite.com/randomDirectory/?J7sd-H3sc9-As3R
I get sent to my cms... Cool... But when i try to click on any section i get this header:
http://www.mysite.com/randomDirectory/?part
and the page gets refreshed to:
http://www.mysite.com/randomDirectory/
If that makes sense...
Could any provide me with any input or suggestions regarding the task that i am trying to accomplish? I am not sure if it is even possible to start off with, but it seems simple enough.
Any replies would be greatly appreciated, Thanks!
I guess you should append at the end of every link in your page something like
<?php if (isset($_GET['J7sd-H3sc9-As3R'])) echo '?J7sd-H3sc9-As3R'; ?>
Example:
http://www.mysite.com/randomDirectory/randomPage<?php if (isset($_GET['J7sd-H3sc9-As3R'])) echo '?J7sd-H3sc9-As3R'; ?>
edit
An easier way to do this would be to use sessions, in this way:
<?php
session_start();
if (isset($_GET['J7sd-H3sc9-As3R']))
{
$_SESSION['token'] = 'J7sd-H3sc9-As3R';
}
if (!isset($_SESSION['token']) || $_SESSION['token'] !== 'J7sd-H3sc9-As3R')
{
exit;
}
// go on with your page
?>
In this way, when you open a page with your token in the url, the session is started and the token is saved in the session, so it should work without the need to insert the token in every url until you close your browser.
(Have ammended this question to show the redirect code)
I am using a select menu in a simple form for a bus tours site to allow users to select an option and have a new page load using php based on what they select. This works fine but if the user clicks submit when the first value is selected eg 'select a bus tour' it should go nowhere but instead it seems to go into a loop. Firefox gives this error:
http://hairycoo.nsdesign7.net/tour//
here is the form code:
$thisTour = new tour($_GET['id']);
$tourData = $thisTour->getData();
if ( !isset($_GET['pagetile']) )
{
ob_get_clean();
header('Location: /tour/'.urlencode($tourData->tours_title).'/'.$_GET['id']);
exit();
}
Thanks!
Paul
Your site seems to be stuck in a redirect loop, I went to the URL and there was nothing to see. I suspect this may be your issue:
If you have a page redirecting to itself in the absence of a required $_POST value, make sure you only do it if $_POST data is actually present. The $_POST data will then expire after the first redirect. Example:
if ( ! empty($_POST)) // <--- make sure there is post data
{
if ( ! isset($_POST['some_required_value']))
{
header('Location: my/url'); // Redirect back
}
else
{
// Process the data
}
}
The content of the form is not related, feel free to edit your question and post the code that preforms the redirect if this is still giving you trouble.
I am new both to PHP and new to Facebook...
I am trying to create a button that by clicking on it, the next page will be called ,
how can I do that and still remain in Facebook framework?
I tried using an HTML button with reference to next PHP page, but it took me out of Facebook framework...
and I need to use variables from the calling page.
can someone help me?
Thank!!
In PHP, you should always use a "Dispatcher" in your top level directory, and hide your other classes in subfolders, with appropriate permissions.
Doing so, here is what you can do:
index.php (dispatcher)
<?php
switch($_GET['p']) {
case 'home':
include './include/home.php';
break;
case 'anotherPage':
include './include/anotherPage.php';
break;
default:
include './include/home.php';
break;
}
?>
And now, all you have to do is to call your Facebook page like this (sorry, I don't remember the exact facebook url for application):
http://www.facebook.com/yourapp/?p=home
http://www.facebook.com/yourapp/?p=anotherPage
[EDIT]
If you want to send informations and get it back, modify your HTML form to POST data at the dispatcher like this:
<FORM METHOD=POST ACTION="./?p=anotherPage">
Than, modify the "anotherPage.php" to verify the POST data, process it and maybe set the data you want back in $_SESSION['myVariable']. Once everything is done, redirect the page to the initial one:
<?php
session_start();
if (ISSET($_POST['myData']) && $_POST['myData'] == 1) {
$_SESSION['myVariable'] = "HelloWorld";
}
header('Location: http://www.facebook.com/myApp/?p=home');
I hope this will help you with your project