benanamen

What source code? How about posting it using the code tags <>

In mobile, the posters logo block the post text.

1. if ($_SERVER['REQUEST_METHOD'] == 'POST'){ //Process form } 2. https://www.php.net/manual/en/function.trim.php 3. https://www.php.net/manual/en/function.exit.php

Firstly, dont post pictures of code. Post the actual code using the code formatting button <> Depending on the name of a button to be submitted for your script to work will completely fail in certain cases. You need to check the POST REQUEST. Do not create variables for nothing Trim the POST array, THEN check for empty Errors messages should be arrays. You must kill the script after header redirect Do not output user supplied data to the page. Use htmlspecialchars Get rid of most if not all those elses Your code is vulnerable to an XSS atta

<!DOCTYPE HTML> <html> <head> <title>Untitled</title> <style type="text/css"> /* <![CDATA[ */ body{ background-color:#e4dab8; } form fieldset{ background-color:#fff9e7; border-width:2px; border-style:solid; border-color:#7c5b47; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; margin:20px 0px 20px 0px; width:350px; position:relative; display:block; padding: 0px 10px 10px 10px; } form fieldset legend{ background-color:#7c5b47; border-width:1px; border-style:solid; border-color:#FFCC99; color:#ffcc99; font-w

Who/what/where in the world taught you to do this? Just stop it! Stop it right now! Post code that shows what you are actually trying to do.

This is what I do... config.php <?php return [ 'charset' =>'utf8mb4' , 'name' =>'exambuilder' , 'username' =>'root' , 'password' =>'' , 'host' => 'localhost' , 'options' =>[ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION , PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC , PDO::ATTR_EMULATE_PREPARES => false ] ] somefile.php <?php $config = require 'conf

Not sure how much LOC you have, but I have found it much faster to just start clean when I encounter an old code base. It always takes longer to fix someone else's bad code than it does to start clean. Hopefully you have that option, or at least enough hair on your head to pull out with your frustrations. If it is not some super secret app you could put it on a repo and we could have a "Fun With Refactoring" Friday night.

Are you using and IDE? PhpStorm is pretty smart at telling you what is wrong with your code. There are additional plugins for PHP Mess Detector and SonarLint that would also be of benefit.

@Alexa, If you can put your entire app on GitHub I will take a look at it. You can make it a private repo if you don't want the world to see it. It will be easier to properly help you if I can see everything.

What you need to do is check the REQUEST METHOD for a post request and then handle the form validation, processing, etc. The code should not care about the name of a submit button and can actually completely fail in certain cases by doing so. The submit button doesn't even need the name attribute at all and it's value should not even matter to your code. As to #4, if you want/need to insist data is only submitted from your form then you need to implement CSRF protection and maybe a nonce. if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Do processing } * This is in response t

C'mon @requinix, you know that's not how to do it. In fact, that's exactly how not to do it.

@Strider64, you need to be careful when providing a "tutorial" link. There are several issues with that one (as is with most every one of them).

So little code yet so much wrong. DO NOT USE PLAIN TEXT PASSWORDS. NOT NOW, NOT EVER! Use Prepared Statements - NEVER EVER put variables in your query. Do not SELECT *. Specify the column names you want You need to check the REQUEST METHOD, not count the POST array You have an extra closing curly bracket Do not post your database login credentials for the whole world to see

You can start by using square brackets in your POST variables instead of curly braces like the rest of us. The curly braces can fail in at least one case. Example: $myArray = [1,2]; $index = 1; echo "value at index $index is $myArray[$index]"; // outputs "value at index 1 is 2" echo "value at index $index is $myArray{$index}"; // will throw "Notice: Array to string conversion" var_dump($myArray{$index}); // outputs "int(2)" https://wiki.php.net/rfc/deprecate_curly_braces_array_access