I am having issues creating a sticky for in PHP. It seems all the samples I can find online are using one pages for both the form and the processor. I have two separate pages. This is going to be a very long form and if a validation fails, and the user has to re-enter everything, they won't, they'll quit. So this is a vital feature for this form. Also, I am very new to PHP and haven't touched ASP for several years.
When all is said and done, this form will probably have over 50 items. It is using POST. What is the easiest way to convert my form to a sticky form?
The current form can be found here: http://family.themajdans.com/new_submission.php. Only the "Your Information" part works right now.
Any help would be appreciated.
I suggest using a framework/library which already has support for this feature to generate the form. There are several. In fact, I think there are several dozen.
Why don't you do it like this (one file PHP)... Make sure everything is well sanitized before doing this. Just filter out invalid inputs, and leave valid ones to be reposted.
<input type="text" name="age" value="'.$post["age"].'"/>
Related
Here's one that might get you scratching your heads - it certainly has me!
I'm using a form to submit content to WordPress' 'update_post_meta' function.
The form itself is pretty simple, just a range of input and textarea fields. On submit the action directs to the same page where some PHP takes over to do validation on the $_POST info before submitting to Wordpress. Now it all works perfectly, except one very strange bug:
Whenever you use the word 'casino' in any of the fields, instead of submitting the form, the page refreshes and throws up a 404 error, even though the address bar shows a perfectly valid URL! I don't believe it's my PHP code as I don't think we get that far in the process, so I'm thinking it's a server thing, but I can't imagine why. This happens on any form across the whole site and I've also got the same result on other sites hosted with the same hosting company (Namecheap, FYI).
So, the question is, can anyone suggest a reason why sending that word in particular to $_POST would break a form and cause that error?
PS. I'm currently solving this using a replace() javascript function so 'casino' never gets sent with the form, but if the 'casion' issue can solved I would be very grateful. It would at least stop me puzzling over it.
This is because the probability of being recognized as spam is high.
Casinos should be used well because there are many websites that cannot be used by the word itself.
Using the language of other countries is one of the ways to promote it by openly saying "[우리카지노][1]" like me.
I hope you will answer your question.
When I type in a name in a textbox on a form, how can I validate that name before the user clicks submit?
I see this all the time in CMS and in some forums and never been able to figure it out.
Joe
That depends entirely on what you want to validate. Are you trying to filter out potentially dangerous characters? Is there a format you want names to adhere to?
If you want to filter it before the user clicks submit, then you'll need to use Javascript.
Read in the value of the textbox, either as the user types it, or after focus is no longer on the textbox, and then inspect the value to see if you're happy with what has been put in. The easiest way to do that is by using regular expressions. Look them up.
You can disable the submit button until the text field validates.
However, it may still be possible to submit the form, so make sure you do validation on the server side too. Again, it depends entirely on what you want to do - PHP has lots of built-in functions for validating strings to filter out malicious characters, HTML entities, and more.
Figure out what you want to do, then look it up in a search engine.
I am assuming you are talking about seeing if a username is available or if the username is valid - the best way to do this is by using a jQuery plugin.
There are plenty of tutorials available online to walk you though the all steps.
Such as jQuery Username Availability check.
I've been given the task to turn a couple of forms for a charity into online forms to fill out (stuff to sign up for different programs in the charity). The forms I have been give all just have text input fields and I can make the html version.
I was wondering if someone knows of a PHP script that will handle input from the html forms, and chuck them in a text file or database (maybe not database because the fields may change). It doesn't have to be super feature complete, but the charity does not want to use a service such as wufoo.
If anyone has any suggestions it would be greatly appreciated!
You might want to check out FormMail.
http://www.tectite.com/formmailpage.php
It's a free script that allows you to save your HTML form submissions to a text file (CSV) or have it email the results. There's plenty of documentation/links on the site to help with configuring it.
As over-the-top as this is going to sound, drupal7 has nice form management right out of the box…er, zip file.
If you've already got PHP and MySQL, the setup time is measured in minutes for a basic install. There's also a simple way of creating custom forms and all sorts of configurations to allow you to use the data that's been collected.
<form action="/path/hello.php" name='myForm' method='post'>
<!-- onChange="ajaxFunction();" -->
<input type= "text" name="user" id= "txtname" /><br />
<!-- <input type="text" name="user2" id="txtname2" /> -->
<input type='submit' name = "click" />
</form>
Noweveryone who looks at my html source code will know where this php file is located and will know how to call it. How can i stop this ?
If you handle the POST request to /path/hello.php properly, it shouldn't matter whether someone accesses it manually. Just make sure you are checking for things like the existence of $_POST['click'] and any other POST data you expect to exist, clean it, and proceed as normal.
If someone were to call /path/hello.php with spoofed POST data, then how would that be any different than them submitting your own form? There's no need to modify the script's visibility.
Furthermore, if your fear is that someone would be able to view the source of your PHP scripts--don't. The only thing a user would be able to see if they made an HTTP request to your PHP script would be the rendered HTML.
However, even if they could--why wouldn't you want someone to see your source (of course, barring situations where you might have sensitive configuration data within a PHP file)
You can't stop it. If you're going to tell the browser where the form is, you have to put the address in the HTML somewhere and once you do that anyone can see it.
It really shouldn't make any difference though, as your script should be able to cope with whatever values are sent to it. You can't blindly trust the data from the client in any case, so you need to verify the data sent is what you're expecting - no matter whether that's data sent by filling in your form as normal or someone calling it directly.
I can give a good example for why you would want to do this. You may have a service and offer it to a 3rd party, however in order to make this work there is some important configurable data that may come exposed. Here is an example
You own a website and let's say you want to create some type advertising campaign on your website but your "client" wants to advertise this the same thing on their website but the data needs to go into your email database.
you may not want them to know who you use
those services may require you to add account number or some type of identifying parameter towards your account.
May not be a big deal but still could be a security risk. So if you divert or mask it can prevent some of it.
There is no way to avoid this other than leave off action all together. The form will then submit to the current URL.
In any case, why are you worried about someone accessing the script? If you've written it correctly, no information should be exposed, and, no, they will not know how to "call" it - unless by calling it you mean simply accessing it in the browser. If by simply accessing it in the browser, sensitive information is displayed, you've got some serious problems on your hands.
I think your question is that by showing these paths that people will be able to actually view the source of the php file. That is not possible because it is being rendered by the php engine you are using. You have nothing to fear here.
Sorry, this isn't an answer, but a general observation on this same subject...
I have also experienced this and, seem to know where the OP is coming from...
I have seen a number of large CMS where form "actions" don't show the script... almost as if it points to a "friendly" URL...
Such as <form name="contactform" method="post" action="http://example.com/contact/send-contact">
As can be seen the extension is missing but the form is processed correctly...
I guess the htaccess could hide the extensions but some have a mix of visible URLs for standard pages and some "friendly" URLs for other content (including forms).
I'm not sure how these work...
It is sometimes considered best practice to keep .php files above the root directory to protect against the rare occurrence of php being configured incorrectly on the server and displaying php code to the client.
All you have to do is create a proxy script and post to that. I store the action in a hidden field so that I don't need multiple proxy scripts. I can't post the source code because I would be duplicating my answer on another post. You can find it here: https://stackoverflow.com/a/36941336/2452680
you can first give an action to page1 and in page 1 you can get the data and redirect and post the data to page2.
if you are using phpin page1 you can use curl and options to put data and execute it.
So i've never worked with PHP or http posting or anything before, so please excuse me if i'm asking something dumb.
Heres a site so I can explain more accurately what I need.
http://nycserv.nyc.gov/NYCServWeb/NYCSERVMain
So I want to write something that will go to that site, go to the resultant page as if I had hit "go" next to where it says business tax, then enter in data into the text box on the new page and hit search, and finally get the data from the resulting page.
Having no idea how to do this and after googling for several hours with no luck, I think I should be doing HTTP posting. I've seen that using PHP and CURl seems to work well, but I still don't know exactly how I should be doing this. Any help would be greatly appreciated.
Make a form that copies one of theirs. For example:
<form action="http://nycserv.nyc.gov/NYCServWeb/NYCSERVMain" method="POST"><input type="text" name="searchticket"/><input type="submit" value="submit"/></form>
Save that as .html and then open it with a browser. Type a valid number into the text field (one that actually exists), submit it, and see if it takes you directly to a results page. Then you will know whether you can post to NYCSERVMain. If you can do that, I don't see why you couldn't do it with pHp if you really need to. Follow these instructions on how to post with php.
Well what's happening with the example you mentioned is each of those drop downs and [GO] button is in a separate form.
I believe you should follow this tutorial from Tizag.
They have lots of good basic HTMl tutorials as well as HTML + PHP tutorials that will be able to help you learn how to to what it is you are trying to do.
Good Luck!