im new to sessions but from what i see it complicated to apply <input> with them. can you please look at this code and tell me why its not working. i had it working earlier then it died on me. the function of the program is to fill out a form and have it verified for legit information using regular expressions, i just need help with getting the sessions to save the data.
<?php session_start(); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>regex</title>
</head>
<body>
<?php
$fname = $_REQUEST['fname'];
$fname = $_SESSION['fname'];
print<<<form
<form method="post" action="">
<input type ="text"
name="fname"
value="">
<input type ="submit">
</form>
form;
$_SESSION['fname'] = $fname;
print $_SESSION['fname'];
?>
</body>
</html>
You are reading $fname from $_REQUEST, then overwriting it with the value from $_SESSION, then putting it back to $_SESSION. So far, it should work as designed :) What are you trying to do? If you want to set the $_SESSION variable with the value received through $_REQUEST, leave out the second "$fname=" line.
Timothy,
Change your code so that it checks if the session/request is empty or not
Something like:
if(isset($_REQUEST['fname'])){
$fname = $_REQUEST['fname'];
}else if(isset($_SESSION['fname'])){
$fname = $_SESSION['fname'];
}
Try this:
if (!isset($_SESSION['fname'])) {
$_SESSION['fname'] = ''; // default value
}
if (isset($_POST['fname'])) {
$_SESSION['fname'] = $_POST['fname'];
}
print<<<form
…
form;
print $_SESSION['fname'];
Related
This is my html page:
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Hello and welcome to my site</title>
</head>
<body>
<p>are these 2 numbers equal? type yes or no in the box</p>
<p2>one</p2> and eight
<form action="welcome_get.php" method="get">
Answer: <input type="text" name="name"><br>
<input type="submit">
</form>
</body>
</html>
this is my new php page containing a previous answer and im having new errors
<html>
<body>
<?php
var_dump($_GET['name']);
$answer = $_GET['name'];
$saying = "congratulations";
if ($answer == "yes"){
echo $saying;
}
?>
</body>
</html>
the new errors are referring to my php page which is welcome_get.php
var_dump($_GET['name']);
Additionally, to see all available GET params:
var_dump($_GET)
To assign to a new variable:
if(!empty($_GET['name'])){
$answer = $_GET['name'];
if($answer == 'something'){
// do something
}
}
You can use isset function to check if $_GET['var'] is set
if(isset($_GET['name'])){
$answer = $_GET['name'];
$saying = "congratulations";
if ($answer == "yes"){
echo $saying;
}
}
I am trying to redirect to a different page when a value is entered into 'username' on my login form. But a warning appear saying "cannot modify header information - headers already sent by (output started at /Users/Zach/Sites/Project2/proj2Functions.php:10) in /Users/Zach/Sites/Project2/redirect.php on line 3"
I put the code all the way at the top so I thought the redirect would work. What am I doing wrong?
Here is the code for the login:
if (isset($_POST["submit"])) {
$username = trim($_POST["username"]);
$password = trim ($_POST["password"]);
if (has_presence($username)) {
redirect_to("Homepage2.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>Start Collay Login(beginLogin)</title>
</head>
<body>
<?php echo "This is the first login page"; ?>
<form action="beginLogin.php" method="post">
Username: <input type="text" name="username" value=""><br>
Password: <input type="text" name="password" value=""><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
And here is the code for the redirect file:
<?php
function redirect_to($new_location) {
header("Location: " . $new_location);
exit;
}
?>
The redirect file code should be the first thing to appear on the page so even if there is a blank space or a line break before the <?php then it will not work or you may turn output_buffering on in your php.ini file by assigning it a value (4096) is generally a good value..
Hope this helps,
Take care and Happy coding..
why i cant view what i fill up in my html form. is that something wrong with my code in php code?
<html>
<head>
<title>What's your name?</title>
</head>
<body>
<h1>What's your name?</h1>
<h3>Writing a form for user input</h3>
<form method = "post" action = "User.php">
Please type your name:
<input type = "text" name = "userName" value = " "><br>
<input type = "submit">
</form>
</body>
</html>
Code:
<html>
<head>
<title>Hi User</title>
</head>
<body>
<h1>Hi User</h1>
<h3>PHP program that receives a value from "whatsName"</h3>
<?
print("<h3>Hi there , $userName </h3>");
?>
</body>
</html>
Unless you have Register Globals on (which you shouldn't so turn it off if so), the form variables won't automatically be expanded, so you need to pick them up from the $_POST array:
if($_SERVER['REQUEST_METHOD'] == 'POST'){
print("<h3>Hi there , " . htmlspecialchars($_POST['userName']) . "</h3>");
}
Maybe you have been used to badly configured servers running with register_globals turned on.
Or maybe you have moved to a version of PHP where register_globals has been removed i.e. PHP5.4 or greater.
You should address any data coming from a HTML <form> using the proper
$_POST['variableName']
or
$_GET['variableName']
With that in mind your code might look like this
print('<h3>Hi there , ' . $_POST['userName'] . '</h3>');
Note: You should really be sanity checking the values passed in this type of data, and also checking if it is actually there. Although you should have been doing that anyway even if register_globals was turned on.
I want users to fill out a signup like so:
<h1>Enlistment Form</h1>
<form name="input" action="http://spartancorps-gil.comyr.com/Enlistment.php" method="get">
<p>First Name?: </p>
<input type="text" name="FirstName" value="" />
<p>Last Name?: </p>
<input type="text" name="lastname" value=""/>
<input type="submit" value="Submit" />
</form>
It sends to a server with this php:
<html>
<head>
<title>A BASIC HTML FORM</title>
<?PHP
$Firstname = $_POST['FirstName'];
print ($Firstname);
$Lastname = $_POST['lastname'];
print ($Lastname);
</head>
</html>
For some reason it isn't printing out these values. What am I missing here?
Because you are using method="GET" in your form and in second file you are using $_POST for getting that values:
Do like this: Use method="POST" in you form:
Example:
<form name="input" action="http://spartancorps-gil.comyr.com/Enlistment.php" method="POST">
and use do like this:
echo $_POST['FirstName'];
echo $_POST['LastName'];
Read about "superglobals" in PHP.
http://php.net/manual/en/language.variables.superglobals.php
Please change your code to this and try...
Please change the method of form to post and close the php tag
<form name="input" action="http://spartancorps-gil.comyr.com/Enlistment.php" method="post">
<?PHP
$Firstname = $_POST['FirstName'];
print_r($Firstname);
$Lastname = $_POST['lastname'];
print_r($Lastname);
?>
You submitting the form with GET, but trying to read $_POST. So either change method to POST in your form, or use $_GET to read submitted values.
Make sure that url in action points to correct php file.
Close php tag after print ($Lastname);
try this one, just close your php tag.
<html>
<head>
<title>A BASIC HTML FORM</title>
<?PHP
$Firstname = $_POST['FirstName'];
echo $Firstname;
$Lastname = $_POST['lastname'];
echo $Lastname;
?>
</head>
</html>
You have to change "print" to "echo" like this:
<html>
<head>
<title>A BASIC HTML FORM</title>
<?PHP
$Firstname = $_POST['FirstName'];
echo $Firstname;
$Lastname = $_POST['lastname'];
echo $Lastname;
</head>
</html>
Trying to make my own contact form with php. Is there a better/cleaner way to approach this?
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1 /DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Contact Form Practice</title>
</head>
<body>
<form method="POST" action="mailer.php">
Name:
<br>
<input type="text" name="name" size="19"><br>
<br>
Your Email Adress:
<br>
<input type="text" name="email" size="19"><br>
<br>
Message:
<br>
<textarea rows="9" name="message" cols="30"></textarea>
<br>
<br>
<input type="submit" value="Submit" name="submit">
</form>
</body>
</html>
----------------php---------------
<?php
if(isset($_POST['submit'])) {
$to = "mail#cheapramen.com";
$subject = "Contact";
$name_field = $_POST['name'];
$email_field = $_POST['email'];
$message = $_POST['message'];
$body = "From: $name_field\n E-Mail: $email_field\n Message:\n $message";
echo "Data has been submitted to $to!";
mail($to, $subject, $body);
} else {
echo "4! OH! 4!";
}
?>
The code seems correct, but I'd highly recommend adding in some data validation. You'll want to make sure all required fields are filled out with valid info. Also be sure to encode/strip any HTML, JS, etc for security/readability purposes.
Lastly, you should also consider using CAPTCHA to guard against spam. I've got an old site running code similar to this and used to get over 500 spam emails a day!
That's pretty much it, maybe on successful completion you can do a header() redirect to a confirmation page, but as far as processing the form what you have is pretty standard.
Also, you want to sanitize your data as a standard practice of accepting any user input.
You might want to look into implementing a CAPTCHA to prevent the bots from hammering your form as well.
PHP Captcha
One thing you definitely want to do is make the data a bit safer to send in the email. I would at least run the htmlentities and strip_tags on the input data but you should definitely look in to doing further validation.
Also instead of isset($_POST["SUBMIT"]) I would maybe do something like...
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// body code here
}
I would HIGHLY recommend looking up some information about PHP mail() hijacking and making sure you are not going to leave your script vulnerable to such an attack. Also what everyone else suggested is very good to do as well.
In the question, you had 2 separate files processing the form. The problem is if you get a validation error, you are left with little choice but the awful "Please click you back button" solution.
Consider this template PHP file that will handle it all on one page, provide for data validation, errors, re-submitting, and the whole 9 yards.
<?php
// Read input variables from _POST
$FormAction = (isset($_POST['FormAction']) ? $_POST['FormAction'] : '');
$FirstName = trim(isset($_POST['FirstName']) ? $_POST['FirstName'] : '');
...
// Define script variables
$Errors = array();
// Process input if data was posted.
switch($FormAction)
{
case 'Process':
// validation code
if(empty($FirstName) or strlen($FirstName) > 20)
$Errors[] = "First name is required.";
...
if(count($Errors) > 0)
break;
// Here we have valid data.. Do whatever...
// Now, redirect somewhere.
header('Location: http://www.next.com/whatever');
exit;
}
?>
<html>
<body>
<?php if(count($Errors)) { ?>
<div class="Error">
<?php foreach($Error as $Error) { ?>
<div><?php echo htmlspecialchars($Error); ?></div>
<?php } ?>
</div>
<?php } ?>
<form method="POST" action="<?php echo htmlspecialchars($_SERVER['REQUES_URI'], ENT_QUOTES); ?>" />
<input type="hidden" name="FormAction" value="Process" />
First Name:
<input type="text" name="FirstName" value="<?php echo htmlspecialchars($FirstName, ENT_QUOTES); ?>" />
...
<input type="submit" />
</form>
</body>
</html>