Jump to content

benanamen

Members
  • Posts

    2,134
  • Joined

  • Last visited

  • Days Won

    42

Everything posted by benanamen

  1. 1. if ($_SERVER['REQUEST_METHOD'] == 'POST'){ //Process form } 2. https://www.php.net/manual/en/function.trim.php 3. https://www.php.net/manual/en/function.exit.php
  2. Firstly, dont post pictures of code. Post the actual code using the code formatting button <> Depending on the name of a button to be submitted for your script to work will completely fail in certain cases. You need to check the POST REQUEST. Do not create variables for nothing Trim the POST array, THEN check for empty Errors messages should be arrays. You must kill the script after header redirect Do not output user supplied data to the page. Use htmlspecialchars Get rid of most if not all those elses Your code is vulnerable to an XSS attack. See #6 Posting again for "urgent" help is not going to get you help any faster.
  3. <!DOCTYPE HTML> <html> <head> <title>Untitled</title> <style type="text/css"> /* <![CDATA[ */ body{ background-color:#e4dab8; } form fieldset{ background-color:#fff9e7; border-width:2px; border-style:solid; border-color:#7c5b47; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; margin:20px 0px 20px 0px; width:350px; position:relative; display:block; padding: 0px 10px 10px 10px; } form fieldset legend{ background-color:#7c5b47; border-width:1px; border-style:solid; border-color:#FFCC99; color:#ffcc99; font-weight:bold; font-variant:small-caps; font-size:110%; padding:2px 5px; margin:0px 0px 10px 0px; position:relative; top: -12px; } form fieldset legend img{ padding:0px 5px 0px 5px; } label{ font-size:80%; display:block; float:left; width:100px; text-align:right; margin:6px 5px 0px 0px; } .button{ background-color:#7c5b47; border-width:1px; border-style:solid; border-color:#FFCC99; font-weight:bold; font-family:Verdana, Arial, Helvetica, sans-serif; } /* ]]> */ </style> </head> <body> <form> <fieldset> <legend>My Array Form Generator </legend> <?php if ($_SERVER['REQUEST_METHOD'] == 'POST'){ } // Form Fields Arrays: Field Title, Field Name, Field Type $formfields = array( array( "First Name", "name_first", "text" ), array( "Last Name", "name_last", "text" ), array( "Username", "username", "text" ), array( "Password", "password", "password" ), ); foreach ($formfields as $key => $value) { echo "<label for='{$value[1]}'>{$value[0]}</label>\n<input id='{$value[1]}' name='{$value[1]} type=\"{$value[2]}' value='' ><br><br>\n\n"; } ?> <input type="submit" name="submit" value="Submit" class="button"> </fieldset> </form> </body> </html>
  4. Who/what/where in the world taught you to do this? Just stop it! Stop it right now! Post code that shows what you are actually trying to do.
  5. This is what I do... config.php <?php return [ 'charset' =>'utf8mb4' , 'name' =>'exambuilder' , 'username' =>'root' , 'password' =>'' , 'host' => 'localhost' , 'options' =>[ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION , PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC , PDO::ATTR_EMULATE_PREPARES => false ] ] somefile.php <?php $config = require 'config.php'; echo $config['username']; You could also use dotenv like Laravel https://github.com/vlucas/phpdotenv
  6. Not sure how much LOC you have, but I have found it much faster to just start clean when I encounter an old code base. It always takes longer to fix someone else's bad code than it does to start clean. Hopefully you have that option, or at least enough hair on your head to pull out with your frustrations. If it is not some super secret app you could put it on a repo and we could have a "Fun With Refactoring" Friday night.
  7. Are you using and IDE? PhpStorm is pretty smart at telling you what is wrong with your code. There are additional plugins for PHP Mess Detector and SonarLint that would also be of benefit.
  8. @Alexa, If you can put your entire app on GitHub I will take a look at it. You can make it a private repo if you don't want the world to see it. It will be easier to properly help you if I can see everything.
  9. What you need to do is check the REQUEST METHOD for a post request and then handle the form validation, processing, etc. The code should not care about the name of a submit button and can actually completely fail in certain cases by doing so. The submit button doesn't even need the name attribute at all and it's value should not even matter to your code. As to #4, if you want/need to insist data is only submitted from your form then you need to implement CSRF protection and maybe a nonce. if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Do processing } * This is in response to a previous post, not specifically to your OP.
  10. C'mon @requinix, you know that's not how to do it. In fact, that's exactly how not to do it.
  11. @Strider64, you need to be careful when providing a "tutorial" link. There are several issues with that one (as is with most every one of them).
  12. So little code yet so much wrong. DO NOT USE PLAIN TEXT PASSWORDS. NOT NOW, NOT EVER! Use Prepared Statements - NEVER EVER put variables in your query. Do not SELECT *. Specify the column names you want You need to check the REQUEST METHOD, not count the POST array You have an extra closing curly bracket Do not post your database login credentials for the whole world to see
  13. You can start by using square brackets in your POST variables instead of curly braces like the rest of us. The curly braces can fail in at least one case. Example: $myArray = [1,2]; $index = 1; echo "value at index $index is $myArray[$index]"; // outputs "value at index 1 is 2" echo "value at index $index is $myArray{$index}"; // will throw "Notice: Array to string conversion" var_dump($myArray{$index}); // outputs "int(2)" https://wiki.php.net/rfc/deprecate_curly_braces_array_access
  14. STOP posting pictures! I already told you to post code.
  15. We cant see the page source of your browser. Post it here.
  16. Does the file exist where you are calling it from? Turn on error reporting. What is the error message? I suspect the error message will be Warning: include(xxx.html): failed to open stream: No such file or directory in path
  17. We cant paste pictures of code into our editors. Post real code using the code formatting tags. The <> icon.
  18. Just to clarify, my response had nothing to do with MVC. It was with the Database Class itself.
  19. Typically yes, that's what you see out on the net, but I would have to disagree with this method. IMO there is really only two common cases to use Try/Catch, that being the DB Connection and handling a duplicate constraint error. There is no need to litter the code base with Try/Catch blocks. (Yes, I was guilty of that until I got spanked by @Jacques1 and learned better) What "should" be done is set the PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION and let the exceptions bubble up and let PHP handle it, which it does very well. set_exception_handler can also be used if you want a custom handler for exceptions.
  20. Link please. Based on the DB class, the tutorial is less than optimal.
  21. If you want a count, then SELECT a count.
  22. In a single form? That sounds like quite a lot. What exactly do you have going on?
  23. That particular tutorial has issues.
  24. You need to implement PRG. (POST, REDIRECT, GET)
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.