How To Get User Input For A Variable Without Using Forms Or Tables
I have created forms and taken user input from the forms into php variables. When validating the fields, if i find my conditions not satisfied on the php variable, i ignore the database connectivity and display error message and having the user to go back to the page and correct the error.
Is there a way i can correct the error without going back to the page, and getting the particular user input without having to create another form or table for input into the php variable.
View Complete Forum Thread with Replies
See Related Forum Messages: Follow the Links Below to View Complete Thread
Passing Input Between Forms
I have FormA and FormB. A user fills out FormA and gets brought to the verification screen. At the top of the screen I have "If you meant to fill out FormB, Please Click Here." If they go to FormB, I would like some of the information (name, email, etc) to carry over and automatically fill in the appropriate fields. How would I go about doing this? Will I need cookies? Or can I just pass in the variables somehow?
Fix Harmful Code From Input Forms
I'd like to hear what kind of protection you use for making sure users input valid data into forms, and dont input ' (quote) " (doublequote) etc. I have tried to do a str_replace, but with little success: function remove_harmful_code($variable){ $variable = str_replace("'", "'", $variable); $variable = str_replace('"', """, $variable); return $variable; } I get the same results if using htmlspecialchars, it simply doesnt replace the " and the '....
Are Secure Forms Input Impossible?
I have a problem with stripping tags from form-input. There seems to be tons of information about this on the Internet and I have read quite a bit of this information and now I think I have solved my problem, but I'm far from sure and that's why I turn to you – the experts :) This is my setup: I have a HTML-page that contains a form for the visitor to fill out. There are three things to fill out: name_1, name_2 and an email address. When the visitor has filled out the form and clicked on the "send" button the data is sent (via POST) to a PHP-script. When it arrives to the PHP-script I first check the email address with the following function: function validateEmail($email) { return eregi("^[_.0-9a-z-]+@([0-9a-z][0-9a-z-]+.)+[a-z]{2,3}$", $email); } If the email is correct I run the two reaming variables (name_1 and name_2) trough a function which removes <script> and </script> tags and then I run the result from that operation trough the usual PHP strip_tags function. First I tried to use only strip_tags but then the <script> tags still remained. Then when name_1 and name_2 are "clean" I send the email and I also save the email to a database. My php.ini has: magic_quotes_gpc = On and register_globals = Off Is what I have explained above enough protection?
Create Automatically Input Forms And Views
Is there a program that can make automatically input forms and views using the table design information in mysql. for example: in mysql you have a table: Customer with the next field: Name, Address, ZipCode, City the 'automatic form creator' should create a input form with the fields Name, Address, ZipCode, City, add a submit and reset button. you should also be able to make new customers and delete customers AND a standaard view of all customers. The program will be used by people who don't know anything about programmang, they have only a little bit ms experience. So it has to be easy configurable and modified by them We prefer a open source (php) program with a mysql database.
User Input...
I have a form with a field that expects user to input HTML tags. I know I have to use htmlspecialchars for that input but what if the user inputs PHP code? I've looked at the help file and I can only find strip_tags which removes both PHP and HTML tags. If a user wants to crash/corrupt/hack into your site by entering PHP code, what kind of things can he type? Must he include PHP tags to work? If he must use PHP tags, I could just write a function to remove only the PHP tags and not the HTML tags.
User Input?
Is there a way to get user input from a php script that doesn't have to do with html? I would like to ask the user(me) to input a directory(preferably in a gui way such as a folder selection dialog) to do some work with. Is this possible when running the script directly on my comp(not off a server(remote or local))? The script is a management thing that I'd like to create to help generate some html code. Essentially I want it to scan a dir(but don't want to hard code it) and have it generate a list of links for the files in that dir(which are images). Maybe even asking for a description for each. Even if it was a little shell program to change the directory(sorta like dos) would be much better than having to enter in the directory name by hand.
Php User Input
When running PHP as a binary, is there a way to ask for user input?
Verifying User Input
I want to be able to search through a string that gets filled into my form. Make sure there are no quotes, semicolons and that kind of thing, that will mess up my database query. PHP Code:
What To Strip From User Input:
I recently suffered massive bot attacks against my contact page. Someone sent me over 350 e-mails from my form in less than a couple of hours. As this form only sends e-mail to an address dedicated for this purpose, this isn't more than an inconvenience. In re-writing it, I decided to write better stripslash and strip_tags functions of my own. I have the function stripping out left and right angle brackets, and forward and back slashes. I replace these with blanks (I am the only one that views these e-mails and I think I can figure out what was meant). That should break most script and malicious html tags. What else should I watch for and strip? I thought it might be wise to replace "=" signs with blanks. Should I worry about words like "query" or "fopen"? Part of my solution to preventing bot attacks against my form is to force manual input by varying the name="" values. I have eighteen different possibilities for each field on the form. I choose which to use randomly. I check each possibility when processing to see if it is set and send posters to a 404 page if they post to the wrong or all possible variables. I also include a random string of 5 digits as an authorization code in a hidden field. I use mysql database to let the processing page know what variables and authorization code to expect, associated with the poster's ip. Use the wrong authorization code and you go to the 404 page. If your ip doesn't show up on in the database, you get a "404 page not found." I delete records from the database after processing, including old, unused entries where someone left without completely filling out the form. Does anyone see any reason that won't work to thwart the bots?
User Input Validation
I am intending to make a form on a page, on pushing submit the forms gets posted onto itself so that it checks for empty fields and prompts user to get all fields filled, BUT the filled value should stay, I did this easily on ASP, but could not figure out in PHP. Code:
User Input Filtering
I have a comments system. In this comment system, people can enter certain strings, and it will break my page layout. Such as repeated characters with no spaces. It will just blow the table way out of proportion and completely ruin my layout. How can I break their input up if such a thing happens? Also, how can you number an array of data that is being withdrawn from the database DESC? Such as.. Quote1. itemnumber1 2. itemnumber2 3. itemnumber3 4. itemnumber4
Checking User Input
I want to check to see if there's only letters and numbers in a field, how would I go about doing this?
Filtering User Input...
I want to take text that a user inputs and store it into a variable. That's the easy part. I have and array of 30 elements that I want to store the inputted text into. So.. here's an example... - I want a user to enter text. - I'll store it into a variable like $inputText. - I want to split the text from $inputText into 30 equal sections and store each section into an element in the variable. - I don't care if the words get separated during the filter, as long as the whitespaces stay where they are. Could anyone give me some tips to help me get started or point me towards a tutorial or something?
Security With User Input And Sessions
I have two sort of related questions, if anyone would be so kind as to answer: 1. When I do an form for input (into a database) that is used for subsequently displaying on a web page, is there a function written to parse out all dodgy stuff, like putting HTML tags that could break the page, or filter out SQL that could corrupt or invalidate the entry or is there a regular expression that someone has already done to cover all areas? 2. If I am displaying data from a database and using sessions and the like, should I be putting something like this in my code (I found it in the php manual): header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0
Cleaning Up User Form Input In Php
Does anyone please know why when trying to clear up user input that has been entered into a form, php only clears up most of it and not all? For example, using stripslashes to remove all slashes from a variable after a user has submitted quotation marks ("") into a form. The quotation marks cause the variable being parsed to contain slashes. e.g. a user enters """""" into a form , the variable returned to php becomes """"" So if I only wanted the quotation marks, I thought the stripslashes function would achieve this. However, it only removes 3 of the 5 slashes leaving 2 unwanted slashes behind.
Calling A Function Through User Input.
So heres yet another question to a problem where I would have no idea where to look for the answer for so I turn to you :) Say my sites administrator wants to write a news update or blog or whatever. Something like this "Added a new gallery from my trip to Phuket, enjoy: [GID=24] If you liked it tell me." I want the [GID=24] to get replaced by my galery loading function (very nifty and handy) so it would turn into something like this echo "Added a new gallery from my trip to Phuket, enjoy: ".galery($GID)." If you liked it tell me."; I chose this [GID=24] because it is similar to burning board code. I would also like to include a command like [PID=45] witch would run my picture function.
Cleaning User Input, Is This Safe Enough?
I've written a small function that cleans up all user input before entering it to the DB. I'm wondering, is this sufficient or am I missing someting? function clean_text($text) { $text = str_replace("<", "<", $text); $text = str_replace(">", ">", $text); $text = strip_tags($text); $text = htmlspecialchars($text, ENT_NOQUOTES); $text = mysql_real_escape_string($text); return $text; }
Checking User Input With Eregi Function
The function below (ExpressionTest.php) is for checking user input. The function is supposed to permit only alphabetical characters, the apostrophe ('), and the dash (-) for the "FirstName" variable. For some reason the script below will permit the dash to be used but gives the message "Please enter a valid first name." message when the FirstName variable includes an apostrophe. I have tried switching places for the dash and the apostrophe. But if I place the apostrophe first in the string and the dash second in the string I still get the same message. PHP Code:
How Do You Do TCL Exec Command On PHP Script That Uses User Input?
The TCL command I am using will do a command-line action on a PHP script: set cannotRunPHP [catch { eval "exec php -q $root/scripts/info/php/info.php" } errMsg] I have to do it this way as both the TCL script and the PHP script run as CLI. However, "info.php" requires user input to run; this causes the TCL script calling the PHP script to hose up and die. Is there a way I can do this so that the TCL script can call the PHP script without any problems? Is there an alternate way of calling the PHP script other than using exec were that to solve this issue?
Displaying Text Fields On User Input
How would I echo a particular amount of text fields depending on how many the user selects from a drop down menu that I have already created. For example say the user selects 4 or whatever other number from a drop down menu how would I echo 4 or whatever the amount of text fields for a user to input text into? An example would be an airline website were you select how many people are travelling and then it echo fields for those people to enter their names.
Controlling User Flow With Forms
I have a screen where I ask the user their payment type. Once they select the payment type either check or credit card, I would like them to go to a seperate checkout page. How can I write a bit of code to make .php re-direct them to the proper page? (I considered doing this with Javascript, but would rather keep it all in .php)
User Local Time Diplay In Input Field
I'm wondering how can I have the local time of a user into a input field, it might sound or be stupid but even after my search I couldn't find a code si9mple enough, without any bla bla which each not my need.
Dynamically Creating URLS Based On User Input !
I am looking to create pages on the fly or dynamically based on user input. For example if i have www.example.com and they visit this and enter 'bob' in a textfield and press submit they create www.example.com/bob.html . How would I go about this ? I am guessing I need to create a folder when submit is pressed in my website directory ?
How To Drop TEMPORARY HEAP TABLES After User Has Logged Out?
My web site uses Mysql and PHP3. I'm using HEAP tables for rapid access. A HEAP table is created for each user as they log in, and then dropped when they log out. The problem is that some users will leave the site without logging out, and I need to drop those orphaned tables so they don't choke my RAM. The ideal solution would be if there was some way to ascertain if the person has left the site and then trigger table removal, but I'm not familiar with such a "detector." Another idea I had is to make the HEAP tables Temporary Tables, hoping that they stay alive until the user leaves the site. But I can't find any good documentation on the behavior of Temporary tables. Specifically, I need to know whether a PHP persistent connection [mysql_pconnect()] will maintain the tables alive as the user travels from page to page and script to script, and then will die when the person logs out. Or does anyone have a better idea for handling this problem? I know I could also periodically run a script that would remove tables created for members who are no longer logged in, but I'd like another solution if I can find one. Any suggestions?
Cleaning User Input (Removing HTML/stripping Slashes Etc...)
How can I remove HTML and add slashes to a variable? I know I can add slashes with addslashes($var); but I need to know how to remove all HTML at the same time. Also - Are there any other characters I should strip from the variable (it will be stored in a database and displayed on a web page).
Sumitting Forms Using Fget: How To Set Resulting Cookie On User PC ?
i'm trying to submit a series of forms using php rather than javascript, to better control the windows the user is seeing. Basically, i need to submit $username and $passwd to an external site www.site.com, as well as log the action, and then open a given url on www.site.com in a new window. Code:
Select Statement With Changing Tables Base On User Selection
I am trying to make a select statement that would allow me to change the table, base on the user selection from a drop down menu list. I don't know if its possible or my syntax is wrong PHP: sql = SELECT * FROM "'.$_POST[Tableselection].'" WHERE "'.$_POST[userid].'" ='1';
Multiple Variable Forms
I am trying to create a form that will autofill variables into the buy it now button. Example Page 1: Choose your game o Silkroad - SRO o Heroes Online - HO o Knights Online - KO Choose Amount o 10 mil - $7.00 o 20 mil - $13.00 o 30 mil - $18.00 these will have a values like Game name is G1 value is SRO or HO or KO. Amount name is A1 with a value of 7.00 or 13.00 or 18.00. they will click submit, I would like it to automatically fill in the values on a payment system like with moneybookers payment: Code:
Passing Variable Variables Through Forms
I´ve spent the last few hours trying to figure out why my code doesn´t work, cos I had it working already, then made a few changes which actually cannot have anything to do with my variables, and now just one of them is passed (strange, eh?). OK, here´s the code ( a bit chaotic, I suppose, anyway...) <FORM action="bestell_mail.php" method="post"> <?php $namensliste = array(Name, Vorname, Strasse, Postleitzahl, Ort, Mail); $laenge = array(12,12,12,5,12,20); for($p=0; $p<6 ; $p++) { //20 echo"<TR> <TD nowrap> {$namensliste[$p]}: </TD> <TD> <INPUT TYPE=TEXT NAME={$namensliste[$p]} SIZE={$laenge[$p]} maxlength={$laenge[$p]} > </TD> </TR>"; } ?> <TR> <TD colspan=2 align=center> <INPUT TYPE=submit NAME=submit VALUE=abschicken> </FORM> so actually, I should be able to use my variables, (the names of which I have in the array called $namensliste) in the file "bestell_mail.php". I tried this using a loop to read the variable names from an array again, and I also tried it using simple code like this echo "$Vorname"; I had it working already, as I mentioned before, so u can imagine this is driving me mad right now. So with ur help, maybe I can still get some peace of mind this night.
Passing Variable Through Hidden Input Drops Data
I have a form that is filled out that is passed to a preview page so the user can validate the changes they're making. On the preview page, they review their changes and hit the "Submit" button to have the data changed in the database. The preview page submits the data to the page that does the work using hidden inputs like: PHP Code:
Variable Handling - New User Problem
I am a new php learner. I have Fecora Core 1 with apache2 and php installed on 1 pc and SuSE 9 with apache2 and php installed on a laptop. I have the following problem with both: I have a simple form: 1 field I submit with action=get and the value is passed. When the form refreshes the variable will NOT show with echo $username; However if I set $username to a value explicityly it will print it. This suggests that the variable value is not being passed from form to form. Otherwise php seems to be working.
User Authentication Using Session Variable
I have a login form (method:post) which works fine. But, when I add a session variable in order to keep the user logged in, the session does not work. I figure it out because i see no user data on the URL. Changing the form method from post to get, seems to work (I mean userdata are on the URL), but in this case the form action (opening another page) is not performed.
Query User Info From A Session Variable
When a user logs in, a session variable is passed. The variable is the users ID. If the variable is passed successfully, they are logged in and I want to query the users information based on the session variable. Code:
Variable From Link In E-mail Is Cut Off Once User Logs In...
Every time I add an update to a user's account on my website, I have an auto e-mail sent out to the user. It is formatted with HTML and includes a hyperlink. This hyperlink will be in the form of http:/www.domainname.com/page.php?variable . Once they click on it, they will be forced to login to the site since that page is restricted to clients only. Once they login in, I want them to be forwarded to that initial link that they clicked on. Instead, they are forwarded to http://www.domainname.com/page.php - The variable seems to get cut off. Can someone please assist me with keeping the url intact including the variable at the end? Here is my code:
How Redirect A User To Another Page And Send Some Variable With The Post Method?
I make a user registration. It contains two/more page. First page is for official purpose. User ID, password and some other official information is in first page and user basic information is in second page. If user enter an user id that already exist in database then a message show the same page to change his user id otherwise page is redirect to second page and send user id, and other variable that was in first page. My Code:
$_POST Behavior From Input=submit Vs Input-type=button
I have been trying to solve an annoying behavior with PHP (I think). Maybe some of you have encountered the same and have some ideas. I have an html form and I use an <input type="button"> element with the onClick event that calls a javascript funtion. Once the script's content has been processed, I execute the form.submit() directive. I would like to combine the html form and the PHP script into one, and use action="<?php echo($PHP_SELF) ?>". When the html form has <input type="button" name="theButton" value="thisisthetrigger" onclick="doThis(this.form)">but PHP cannot 'read' the value of $_POST["theButton"] after form.submit(). If I substitute the <input type="button"> for <input type="submit"> then PHP reads the value just fine. Some may argue to just use the latter option, but that will cost me a trip back to the server to basically do a lot of validation that can be very easily accomplished on the client side.
Generating Multiple Alternating Columns And/or Tables Within Tables
I am having a little bit of trouble generating the code for a table with 2 columns. The columns contain tables within themselves. Not sure why as that part was an existing design. Here is the output so far and it is correct but not how i want it to be (i'll explain) Code:
PHPmyadmin Access Denied For User 'user'@'localhost'
WinMe machine as server, with Apache 2 installed and working PHP4 installed and working ( had PHP 5.05 installed and working, but i couldnt get the mysql extensions to load - phpinfo() didnt list mysql :(, so i installed PHP4, which now lists mysql when i run phpinfo). MYSQL 4.1 installed and working. I dont know the console commands too well, but i know its working ok, cos I have used a few simple DOS prompt commands to check its alive and I can connect to the database using MyODBC frontend/driver 3.51 and also using Navicat 2004. When i try to connect to the database via PHPmyadmin from another network PC I have an error: #1045 - Access denied for user 'user'@'localhost' (using password: YES) I have played around alot with different settings in the config.inc.php file.... nothing seems to work. This almost appears to be a simple login problem ( probably is too), but I can access the database locally from the Winme machine with the username and password that wont work over the network! I have tried not using 'localhost' as the host name but the IP address of the Winme PC but I get this error: #1130 - Host 'MYSERVERNAME' is not allowed to connect to this MySQL server
Notice: Use Of Undefined Constant User - Assumed 'user'
I have a script for a shopsystem on a Linux. There it works fine. But when I try to run it on my Windows machine, PHP says things like Notice: Use of undefined constant dbname - assumed 'dbname' in c:apachehtdocsaposhop estshopclassesxxx.clas s.php on line 77 On Windows I run PHP 4.3.2 On Linux runs PHP 4.3.1
Authenticating User Common User Names
I want to create a password protected page with PHP and Mysql. I have 2 groups User and Admin. The respective groups have a common user/password. The user/password are stored in a database. I want to authenticate the user through a login form and not through a pop-up ($PHP_AUTH_USER) way. What I want is, if a user logs in and he moves from one page to another, he should not be asked for validity again. Is this possible only with scripting (without session and $PHP_AUTH...). If yes - how do I keep track of an authorised user and unauthorised user, so that he should not be validated again. Does setting the user variable to global in all the pages do the trick.?
|
TRACKER
