Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About enthused_confused

  • Rank
  1. I have an answer. This came from phpbuilder.com. Turns out I needed to add "g-recaptcha-response" to the whitelist. Thanks for your attention and suggestions to this problem.
  2. @ requinix Thank you for pointing out that you feel whitelisting is unnecessary . Do you have any answer to my posted question? How to include recaptcha in whitelist ?
  3. @ requinix What method would you suggest I use to prevent malicious attempts to add un-wanted inputs?
  4. @ requinix The OWASP input validation cheat sheet suggests whitelisting rather than blacklisting. https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet#Whitelisting_vs_blacklisting
  5. @ handball player Commented out "die()" and replaced with echo "Hack attempt detected." No php errors reported. "Hack attempt detected." is echoed out to page. Using json_decode on captcha response, this returns an object. Maybe try something like this: if(response->success ==1) { array_push($whitelist, "recaptcha-token"); } Am I on the right track using this approach?
  6. My php ini is set as you descibed. Presently I don't get any php errors. I will try it without the " die();" and see if any errors are reported.
  7. I have a form that I decided to include Google recaptcha as an added measure of security. When I added the recaptcha it triggers an error because the recaptcha is not whitelisted. I read that HTML5 does not allow assigning the name attribute to div. i.e. <div name="myName"></div>. Against convention, I tried adding a name to the recaptcha div and adding that name to the whitelist. That approach failed. There is an iframe within the div that has the name attribute. I tried using the iframe name in the whitelist. That approach also failed. There is a hidden input that h
  8. After some tweaking I was able to get the code working. Had to add some quotation marks and semicolons. Had to add some echo as well. Had to include $statelist array. working code looks like this: <select id="req-state" name="req-state" class="form-control" placeholder="please select your state"> <?php $stateList = array("Alabama", "Alaska", "Arkansas", "Arizona", "California", "Colorado", "Connecticut", "District of Columbia", "Delaware", "Florida", "Georgia", "Hawaii", "Idaho", "Illinois", "Indiana","Iowa", "Kansas", "Kentucky", "Louisiana", "Maine", "Maryland","Massach
  9. Can anybody help me out here? I am not having any success trying to use the code suggested Barand. I am not sure how insert in my current code.
  10. @Barand Thanks for taking time to look at this. Where would I insert the suggested code?
  11. I have a html select input element for the states of the United States. When the user clicks the triangular icon of the select element I would like the drop-down to display all of the state options in alphabetical order if the form hasn't been submitted. After submission I would like the select element to display a $_SESSION['var'] . The $_SESSION ['var'] would be the state that was selected.. Say for instance the user leaves the page or the user is redirected to page with another form then the forms are pre-populated with the user's previous inputs. I have been able to accomplish on all my ot
  12. @Barand Thank you. Your advice was exactly what I needed to correct this issue. Can you please elaborate on the throw it away part. I haven't really grasped that. Is it because I was using the echo or the var_dump?
  13. Am I missing something here? The line of code with preg_match has four (4) parenthesis "(preg_match(...$matches)) Sorry about the extra white spaces forgot to eliminate them before posting. The closing bracket for the function is two (2) lines above format_phone_number($phonedata); Have you tried to run the code? It successfully formats the phone number and echos the formatted number in the success message.
  14. Hello Freaks. Can someone please tell me why $Phone is null and how to get it to contain the value of $resultPhone as it echoed in the success statement ? I thought if I use a return $var; such as I have used return $resultPhone; the value of that $var was stored for further use. I suspect this is truly simple task to accomplish, but it completely has me confused at this point. <?php $errors = array(); if(isset($_POST['submit'])){ //echo 'Submit button pressed!'.'<br>'; //print_r($_POST); $postedPhone = null; if($_POST['req-phone']){ $postedPhone = $_POST['req-ph
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.