Submit Form Issue, Submitting a form action and form method |
Submit Form Issue, Submitting a form action and form method |
KBM |
Aug 26 2014, 02:31 PM
Post
#21
|
Member Group: Members Posts: 30 Joined: 17-August 14 Member No.: 21,413 |
I'll try it and let you know how it works!
A couple of other things Is there a php version for the terms and conditions that you could add? Also, I have been getting bots in the database. Is there anything that can be added to help that?? Thanks |
CharlesEF |
Aug 26 2014, 05:27 PM
Post
#22
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
I'll try it and let you know how it works! A couple of other things Is there a php version for the terms and conditions that you could add? Also, I have been getting bots in the database. Is there anything that can be added to help that?? Thanks I'm not sure I understand what you want. Do you mean terms and conditions that I use in my replies? I get my information from the online PHP manual located here. I also search the web for examples, when needed. As for the bot problem you mention. I have never heard of bots being saved in a database. |
KBM |
Aug 26 2014, 06:33 PM
Post
#23
|
Member Group: Members Posts: 30 Joined: 17-August 14 Member No.: 21,413 |
I'll try it and let you know how it works! A couple of other things Is there a php version for the terms and conditions that you could add? Also, I have been getting bots in the database. Is there anything that can be added to help that?? Thanks I'm not sure I understand what you want. Do you mean terms and conditions that I use in my replies? I get my information from the online PHP manual located here. I also search the web for examples, when needed. As for the bot problem you mention. I have never heard of bots being saved in a database. I mean the one like I had in the test_volunteer.php that was a javascript where the person must click a check box to agree to the terms before submitting. JavaScript can be disabled, therefore a php version would be better. We use a FileMaker database and a web application that submits directly in the FileMaker database. I do get bots there!!! Any thoughts? Also what is involved in taking care of the sql injection. Is this a process that be relatively easily added? This post has been edited by KBM: Aug 26 2014, 06:35 PM |
CharlesEF |
Aug 27 2014, 01:27 AM
Post
#24
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
Oh, I understand now. I will use the original files you posted, not the new ones. You have the checkbox defined as '<input name="Terms" type="checkbox" value="0">'. This means that the value of 0 is submitted when you submit the form. You would have to check for a blank value (or strlen = 0) to see if it is not checked, I will use the strlen method to match the empty rule. To do this you must add some code to your 'validator.php' script, you must also add the field and rule to your 'test_volunteer.php' script. (for some reason the code button is not working)
Add these lines to your 'test_volunteer.php' script: $validator->add_field('Terms'); $validator->add_rule_to_field('Terms', array('checked')); Add this code to your switch statement in the 'public function add_rule_to_field($field_name, $field_rule)' function of your 'validator.php' script. case 'checked': if(strlen($_POST[$field_name]) == 0) { $this->add_error_to_field($field_name, ucwords($field_name). " must be checked"); } break; You can change the 'must be checked' error message if you want. That should do it. This post has been edited by CharlesEF: Aug 27 2014, 02:12 AM |
Christian J |
Aug 27 2014, 05:31 AM
Post
#25
|
. Group: WDG Moderators Posts: 9,653 Joined: 10-August 06 Member No.: 7 |
I do get bots there!!! Any thoughts? Do you mean bots are able to access your database? Sounds like SQL injection to me. Or maybe you simply need to password protect the form (script) that accesses the database. QUOTE Also what is involved in taking care of the sql injection. Is this a process that be relatively easily added? You should always add mysqli_real_escape_string in order to escape characters (such as quotes) before using data submitted by site visitors in an SQL statement. (Can't say if that's always enough though: this PHP manual commenter says that underscores and percent signs are not escaped by mysqli_real_escape_string, and that these characters are used in LIKE clauses, but that's beyond my SQL knowledge.) |
CharlesEF |
Aug 27 2014, 01:20 PM
Post
#26
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
Christian J might be right, it could be SQL injection but I'm not sure either. If I could see the 2 missing scripts I mentioned before then I could make a better suggestion.
As for my checked code I posted. There is another way to do it that might be better because it does not depend on any value being sent. In the checked switch statement change this line of code: CODE if(strlen($_POST[$field_name]) == 0) toCODE if(!isset($_POST[$field_name])) This works because $_POST['Terms'] is sent when the checkbox is checked and not sent when it is not checked.This post has been edited by CharlesEF: Aug 27 2014, 01:22 PM |
Christian J |
Aug 27 2014, 02:50 PM
Post
#27
|
. Group: WDG Moderators Posts: 9,653 Joined: 10-August 06 Member No.: 7 |
|
KBM |
Aug 27 2014, 03:46 PM
Post
#28
|
Member Group: Members Posts: 30 Joined: 17-August 14 Member No.: 21,413 |
Here is where I am.
1. The Form submits and the data enters into the database fine. However when it submits to the new_volunteer.php the page is white. If I refresh it posts the information again. Which may not be an issue because I need the submit to redirect to new_volunteer_orientation.php 2. The Terms and Conditions works great. Thanks 3. The Email (post 17) is not an issue as it will be sent when the orientation is submitted. 4. Here is another issue: a. How do you place the "<input name="personal_DOB" type="text" value="<?php echo $_POST['personal_DOB']; ?>" id="personal_DOB"> on a drop down to get it to keep the information in the field if you have some fields that have not validated and you need to complete those fields? When the page come up "text" fields continue to display the information that was put into them, but the "drop down's" are empty and you have to fill them again? <input name="personal_DOB" type="text" value="<?php echo $_POST['personal_DOB']; ?>" id="personal_DOB"> I have attached a copy of the new_volunteer.php. Could you give it a look to see if there are any code issues before I launch it and place the redirect to the new_volunteer_orientation.php Thanks for all your help!!! Attached File(s) new_volunteer.php ( 59.5k ) Number of downloads: 155 |
CharlesEF |
Aug 27 2014, 11:01 PM
Post
#29
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
I see that you have the checkbox validation defined twice, you only need it once.
CODE $validator->add_field('Terms'); $validator->add_rule_to_field('Terms', array('checked')); $validator->add_field('Terms'); $validator->add_rule_to_field('Terms', array('checked')); CODE fmsRedirect('new_volunteer_orientation.php'.'?Profile_id='<$new_volunteer_row->getField('Profile_id')); I do not have the code for fmsRedirect(...) but it appears to redirect with a query string attached to the end of the URL. If this redirect works then you can delete the line 'header("Location: new_volunteer_orientation.php");'.//redirect to success pages header("Location: new_volunteer_orientation.php"); exit(); You asked about a <select> but your code shows an <input>, but here is a general idea: CODE <select id="timezone" name="timezone"> Each <option> will need that PHP code snippet, unless you load the <select> from a database, in that case, there is another way to do it.<option value="0"<?php if($_POST['timezone'] == '0') echo(' selected="selected"');?>></option> <option value="Pacific/Midway"<?php if($_POST['timezone'] == 'Pacific/Midway') echo(' selected="selected"');?>>(UTC-11:00) Midway Island</option> <option value="Pacific/Samoa"<?php if($_POST['timezone'] == 'Pacific/Samoa') echo(' selected="selected"');?>>(UTC-11:00) Samoa</option> </select> If you really need to redirect to another page and you want to keep the $_POST values then you will need to save the data in a SESSION array, like so, in test_volunteer.php: CODE @session_start(); This code must be placed before the redirect command.$_SESSION['data'] = $_POST; Then in, test_volunteer_submit.php, you need this type of code to read the array: CODE @session_start(); The key names are case sensitive, so be careful (like the name 'Terms'). I can't tell you why you get a white page, I have to comment out most of your code to run it on my computer because of the missing PHP script files.$test_volunteer_fields = array('name_first'=>$_SESSION['data']['name_first'],'name_last'=>$_SESSION['data']['name_last'],'orientation_key'=>$_SESSION['data']['orientation_key'],'terms'=>$_SESSION['data']['Terms'],'email'=>$_SESSION['data']['email']); foreach($test_volunteer_fields as $key=>$value) { echo($key . '=' . $value . '<br>'); } unset($_SESSION['data']); // To destroy the array This post has been edited by CharlesEF: Aug 27 2014, 11:07 PM |
KBM |
Aug 29 2014, 02:36 PM
Post
#30
|
Member Group: Members Posts: 30 Joined: 17-August 14 Member No.: 21,413 |
#1 You asked if this code needed to be with the validation for new_volunteer.php. (post 20) I think it does. I used the test version and used the FM redirect and redirected it to the new_volunteer_orientation.php and it worked, so my guess is that this code needs to be within the validation. So how do I put it within the validation? Could you redo the code so its within the validation so that I can make the changes or paste your changes to the page. As always thanks for all your help. while I am not a programmer, I am learning as we go! THANKS!!!
#2 Session Array - I did a version of the new_volunteer_submit with the Sessions in it. Was having issues so I put the original back. I have attached both files (new_volunteer.php and new_volunteer_submit.php. for you to look at. Let me know if that is what you where looking for on the submit page (PS line 11 of the submit has an error!!) Thanks $new_volunteer_find = $Vol_Web->newFindCommand('Profile'); $new_volunteer_findCriterions = array('Profile_id'=>'*',); foreach($new_volunteer_findCriterions as $key=>$value) { $new_volunteer_find->AddFindCriterion($key,$value); } $Positions_find = $Vol_Web->newFindCommand('Position'); $Positions_findCriterions = array('PosID'=>$posID,); foreach($Positions_findCriterions as $key=>$value) { $Positions_find->AddFindCriterion($key,$value); } fmsSetPage($new_volunteer_find,'new_volunteer',10); fmsSetPage($Positions_find,'Positions',10); $new_volunteer_result = $new_volunteer_find->execute(); $Positions_result = $Positions_find->execute(); if(FileMaker::isError($new_volunteer_result)) fmsTrapError($new_volunteer_result,"error.php"); if(FileMaker::isError($Positions_result)) fmsTrapError($Positions_result,"error.php"); fmsSetLastPage($new_volunteer_result,'new_volunteer',10); fmsSetLastPage($Positions_result,'Positions',10); $new_volunteer_row = current($new_volunteer_result->getRecords()); $new_volunteer__ApplicationProcess_portal = fmsRelatedRecord($new_volunteer_row, 'Application_Process'); $new_volunteer__Logo_portal = fmsRelatedRecord($new_volunteer_row, 'Logo'); $new_volunteer__Volunteerarchive_portal = fmsRelatedRecord($new_volunteer_row, 'Volunteer_archive'); $Positions_row = current($Positions_result->getRecords()); $Positions__Profile_portal = fmsRelatedRecord($Positions_row, 'Profile'); |
CharlesEF |
Aug 29 2014, 03:07 PM
Post
#31
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
The validation and post code is contained within 2 if statements (an if inside another if), like this:
CODE if($_POST) Any validation code needed should be placed in the 1st if section, 'if($_POST)'. Any code needed to run after validation passes should be placed in the inner if section, 'if($validator->form_valid())'.{ $validator->add_field('name_first'); $validator->add_rule_to_field('name_first', array('min_length', 2)); $validator->add_rule_to_field('name_first', array('empty')); ....... ....... ....... $validator->add_field('Terms'); $validator->add_rule_to_field('Terms', array('checked')); //check errors if($validator->form_valid()) { $test_volunteer_add = $Vol_Web->newAddCommand('Profile'); $test_volunteer_fields = array('name_first'=>$_REQUEST['name_first'],'name_last'=>$_REQUEST['name_last'],'orientation_key'=>$_REQUEST['orientation_key'],'Terms'=>$_REQUEST['Terms'],'email'=>$_REQUEST['email'],); ....... ....... header("Location: test_volunteer_submit.php"); exit(); } } I do not see any new attached files in this post, or are you talking about the versions you posted before? |
KBM |
Aug 29 2014, 04:22 PM
Post
#32
|
Member Group: Members Posts: 30 Joined: 17-August 14 Member No.: 21,413 |
OOPS - here are the attachments
Thanks Attached File(s) new_volunteer.php ( 55.13k ) Number of downloads: 131 new_volunteer_submit.php ( 6.67k ) Number of downloads: 116 |
CharlesEF |
Aug 29 2014, 08:51 PM
Post
#33
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
Ok, I moved the code to run after validation and before the existing code that was there. You forgot the SESSION code needed in 'new_volunteer.php' so I put it in. There was a syntax error in 'new_volunteer_submit.php' which I fixed.
I sees that 'new_volunteer_submit.php' will redirect to 'new_volunteer_orientation.php'. Do you want the $_SESSION['data'] values available to that script also? If yes then you must comment out the unset command in 'new_volunteer_submit.php'. And you should copy that unset command line to 'new_volunteer_orientation.php'. You only want to destroy the SESSION data when all your scripts are done. Try it out, see how it goes. new_volunteer.php ( 55.14k ) Number of downloads: 283 new_volunteer_submit.php ( 6.65k ) Number of downloads: 302 |
KBM |
Sep 1 2014, 09:23 AM
Post
#34
|
Member Group: Members Posts: 30 Joined: 17-August 14 Member No.: 21,413 |
I tried the new_volunteer.php and no fields show on the page. I did have some dreamweaver errors, but perhaps some code was omitted when adjustments were made. I copied the center section, which was the FileMaker code and that corrected the dreamweaver issue, but the page still does not show fields. I attached the new page with my changes. I also included the link below so you cold take a look at the page . Again thanks, while I am not a programmer, I am learning a great deal. I have a great appreciation for your help and skills. Thanks!
https://kbmssl.c7.ixsecure.com/fm9web/vol_w...w_volunteer.php This post has been edited by KBM: Sep 1 2014, 09:27 AM Attached File(s) new_volunteer.php ( 55.45k ) Number of downloads: 152 |
CharlesEF |
Sep 2 2014, 11:34 AM
Post
#35
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
First, are you sure it is new_volunteer.php that is failing? The reason I ask is because your 'new_volunteer.php' script calls another script which in turn calls another script. What is the address located in the address bar after the blank page. The link you posted shows a web page this is partly built. If you do a 'view source' you will see that some of the web page is defined. It does not finish and that's more likely where your PHP error is
|
KBM |
Sep 2 2014, 03:14 PM
Post
#36
|
Member Group: Members Posts: 30 Joined: 17-August 14 Member No.: 21,413 |
First, are you sure it is new_volunteer.php that is failing? The reason I ask is because your 'new_volunteer.php' script calls another script which in turn calls another script. What is the address located in the address bar after the blank page. The link you posted shows a web page this is partly built. If you do a 'view source' you will see that some of the web page is defined. It does not finish and that's more likely where your PHP error is I'm pretty sure. if you open the attached php file, that is the one that the link is viewing. I'm think the issues is there. Maybe there is scripting there that is cutting it off. Let me know if that php file is the issue. This post has been edited by KBM: Sep 2 2014, 03:16 PM |
CharlesEF |
Sep 2 2014, 06:23 PM
Post
#37
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
The error was on this line:
CODE <?php $validator->output_all_field_errors();?> , it should be like this:CODE <?php if($_POST) $validator->output_all_field_errors();?> $validator is only valid during a submit process. I re-arranged the code a little, it is hard for me to know the flow of data that you need because I don't have access to the functions used by your script. Anyway, try it out and let me know.new_volunteer1.php ( 55.43k ) Number of downloads: 360 |
KBM |
Sep 2 2014, 07:44 PM
Post
#38
|
Member Group: Members Posts: 30 Joined: 17-August 14 Member No.: 21,413 |
The error was on this line: CODE <?php $validator->output_all_field_errors();?> , it should be like this:CODE <?php if($_POST) $validator->output_all_field_errors();?> $validator is only valid during a submit process. I re-arranged the code a little, it is hard for me to know the flow of data that you need because I don't have access to the functions used by your script. Anyway, try it out and let me know.new_volunteer1.php ( 55.43k ) Number of downloads: 360 Here is what your revised new_volunteer.php looks like. https://kbmssl.c7.ixsecure.com/fm9web/vol_w...w_volunteer.php Could you describe what "I don't have access to the functions used by your script. " Maybe that will help me know a little more what you are looking for. Here is another link, same page, but for return volunteers fi that helps. Thanks https://kbmssl.c7.ixsecure.com/fm9web/vol_w...n_volunteer.php By the way, I attached a jpeg of the injection I am getting. Is this sql injection or bots? This post has been edited by KBM: Sep 2 2014, 07:48 PM Attached thumbnail(s) |
CharlesEF |
Sep 2 2014, 08:36 PM
Post
#39
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
Your script uses functions like fmsSetPage(), fmsSetLastPage() and fmsRelatedRecord() but I don't have the script files where those functions are defined. They might be in 'FileMaker.php' and 'FMStudio_v2/FMStudio_Tools.php'.
As for your error, the page stops loading when it gets to this PHP script: CODE <?php This script appears to be used several times in your page. I can only check the syntax of the code, I have no idea if you are using the functions correctly (like passing 6 parameters with the function call to fmsValueListItems2()). Now, on my computer I would expect this code to stop because I'm missing the supporting script files.foreach(fmsValueListItems2($Vol_Web,'Profile','YES/NO',$new_volunteer_row->getField('crime_conviction'),null,"") as $list_item) { if(html_entity_decode($list_item[0]) == "") { echo "<option value=\"{$list_item[0]}\" selected=\"selected\">{$list_item[1]}</option>\n"; } else { echo "<option value=\"{$list_item[0]}\">{$list_item[1]}</option>\n"; } } fmsValueListCustomChoice(null); ?> Also, your thumbnail looks like a bot attack to me. This post has been edited by CharlesEF: Sep 2 2014, 08:37 PM |
CharlesEF |
Sep 3 2014, 02:30 AM
Post
#40
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
1 question, the PHP snippet I posted before appears to be used to populate several <select> lists. I'm not sure I understand this part, '$new_volunteer_row->getField('crime_conviction')'. When the page first loads I do not think there is a $new_volunteer_row, yet.
Maybe you want the select list to have general items, so get rid of $new_volunteer_row? |
Lo-Fi Version | Time is now: 20th April 2024 - 07:50 AM |