Validating 'required' form page data for save to database, Saving by php code file after succesful validation. Success message on |
Validating 'required' form page data for save to database, Saving by php code file after succesful validation. Success message on |
Freddz |
Jan 7 2019, 08:34 PM
Post
#1
|
Novice Group: Members Posts: 25 Joined: 7-January 19 Member No.: 26,791 |
Hello,
I have a form page where I check the mandatory inputs client-sided by the attribute 'required' (when clicking send button). When all required inputs are done the send button click... 1.) should call a php file 'dbinsert.php' which just contains the save process of the form data to a database. 2.) But the success message should be shown on the SAME page, on top of the form page. How can I implement this process under those 2 conditions? I suppose that the send button's 'action' attrbute should be empty and the php file has to be called via Ajax (within a Javascript function?) !? But unfortunately I fail in implementing THIS specific configuration. Could you help me, please? If so, please specify in your answer all necessary code lines like the form header, the submit button and the Javascript function that executes the Ajax call (and also fires the success message, I suppose)? Thank you so much! The following constellation does not work: * <FORM NAME="Betrugseingabe" ACTION="../cgi-bin/DBinsert.php" METHOD=POST> * <INPUT TYPE="submit" NAME="Absenden" VALUE="Absenden" ID="Schaltflaeche1" formtarget="_self"> |
Freddz |
Jan 15 2019, 02:17 PM
Post
#2
|
Novice Group: Members Posts: 25 Joined: 7-January 19 Member No.: 26,791 |
I assume your solution 5 cannot be used as Netobjects (NOF) doesn't support php files. (I would like to work at this site with NOF yet. However, I am just trying the free tool 'Blue Griffon' now...)
Now solution 3 could be an option as well. Cause before I understood from Charles' sentence "if you use ajax then you must write code to validate any required fields" I understood that attr. required is ignored here. But now you say it is not... However, version 4 seems to be the best solution now. I agree to you. Cause before I tried this version already but failed. Now you said that it may be my Apache configuration. VERY important!! Thanks. I will check that asap now... If so this problem would have a quite simple solution then. Very fine. But it was a quite long way to here... ;-) To your last alarming remarks about security. I doubt that I could edit this with NOF as well. However, I then would have to do it manually soon after version 4. So would you please show me already now by short code samples which kind of secure implementation (form page and db save process) would be satisfying here? Thank you very very much, Christian! You are doing a VERY good 'job' with me !!!!! |
Christian J |
Jan 15 2019, 03:50 PM
Post
#3
|
. Group: WDG Moderators Posts: 9,722 Joined: 10-August 06 Member No.: 7 |
I assume your solution 5 cannot be used as Netobjects (NOF) doesn't support php files. But ../cgi-bin/DBinsert.php is a PHP file already, yes? The only difference is that my PHP script would also output HTML code. QUOTE Now solution 3 could be an option as well. Cause before I understood from Charles' sentence "if you use ajax then you must write code to validate any required fields" I understood that attr. required is ignored here. But now you say it is not... Maybe Charles meant that you should validate in the PHP script as well. QUOTE However, version 4 seems to be the best solution now. I agree to you. Cause before I tried this version already but failed. Now you said that it may be my Apache configuration. VERY important!! Thanks. I will check that asap now... If so this problem would have a quite simple solution then. Very fine. But it was a quite long way to here... ;-) See also post #15... QUOTE To your last alarming remarks about security. I doubt that I could edit this with NOF as well. It's done in the PHP script. QUOTE So would you please show me already now by short code samples which kind of secure implementation (form page and db save process) would be satisfying here? It may depend a little on your form fields. If you only use a SELECT menu, you might compare the user's submitted form data with a whitelist of allowed values (say only integers 1-5). If you have text fields it becomes trickier, this might be a start: http://php.net/manual/en/mysqli.real-escape-string.php However I suspect Charles (or almost anyone) is better at this than me, so it's probably best I don't go into detail. QUOTE Thank you very very much, Christian! You are doing a VERY good 'job' with me !!!!! You're welcome! |
Lo-Fi Version | Time is now: 21st September 2024 - 02:57 AM |