Validating 'required' form page data for save to database, Saving by php code file after succesful validation. Success message on |
Validating 'required' form page data for save to database, Saving by php code file after succesful validation. Success message on |
Freddz |
Jan 7 2019, 08:34 PM
Post
#1
|
Novice Group: Members Posts: 25 Joined: 7-January 19 Member No.: 26,791 |
Hello,
I have a form page where I check the mandatory inputs client-sided by the attribute 'required' (when clicking send button). When all required inputs are done the send button click... 1.) should call a php file 'dbinsert.php' which just contains the save process of the form data to a database. 2.) But the success message should be shown on the SAME page, on top of the form page. How can I implement this process under those 2 conditions? I suppose that the send button's 'action' attrbute should be empty and the php file has to be called via Ajax (within a Javascript function?) !? But unfortunately I fail in implementing THIS specific configuration. Could you help me, please? If so, please specify in your answer all necessary code lines like the form header, the submit button and the Javascript function that executes the Ajax call (and also fires the success message, I suppose)? Thank you so much! The following constellation does not work: * <FORM NAME="Betrugseingabe" ACTION="../cgi-bin/DBinsert.php" METHOD=POST> * <INPUT TYPE="submit" NAME="Absenden" VALUE="Absenden" ID="Schaltflaeche1" formtarget="_self"> |
Christian J |
Jan 15 2019, 07:03 AM
Post
#2
|
. Group: WDG Moderators Posts: 9,722 Joined: 10-August 06 Member No.: 7 |
$sql = "INSERT INTO ... VALUES ('" . $_POST["Name"] . "', '" ... );" The above is very dangerous, to avoid SQL injection exploits you should never use raw form data (such as $_POST) in the database query before sanitizing it. The sanitation must be done by the PHP script, not by the HTML form. QUOTE I can put this script also into the HTML form page code if it is more difficult with a php file. I think that would be the simplest solution. QUOTE But as I said: Main condition is that the fields are validated by attribute 'required' !! I assume that such a solution should exist! Yes, but it only works on the client-side (the browser), so it can't be trusted for security. QUOTE If this regardless isn't possible I begin to ask myself why this attribute is existing. It's just meant as a convenience for users. As https://www.w3.org/TR/html/sec-forms.html#c...form-validation says, it "allows the user to avoid the wait incurred by having the server be the sole checker of the user’s input." If it means that we cannot use a function (javascript) because in this function a php code cannot be implemented directly but just via Ajax (which limits the possibilities) we still could use isset instead, couldn't we? Cause then we may not need a function but can put the isset php code directly into the HTML code anywhere, right?... Yes, but then you must submit the whole page (like in my first suggestion), so that the PHP can run on the server. Ah, this is also not possible, right? isset can only be used within a php page file but cannot be nested into a html file!?. PHP can be used in a .html file (if you configure the server that way). But PHP always run on the server before the file is sent to the browser (except when using Ajax). QUOTE I once created the site with Netobjects Fusion Elements. This doesn't support php page files but only html pages. So do I only have the chance to use cgi script code to save form data of an html page file into a database (if I want to continue to work with NOF)?... I don't know, but in general I advice against using WYSIWYG editors like these. QUOTE Or I have to use the action attribute to execute a php code I assume you mean using different URLs for the form and PHP script? QUOTE but then have to accept that the success message cannot be displayed by a simple alert message window but only by a separate new page that "Action='dbinsert.php'" created?... If the PHP page is loaded in an iframe, you can still make it produce an alertbox if that's what you want. |
Lo-Fi Version | Time is now: 21st September 2024 - 11:57 AM |