phpapprentice

thanks

How can I test if my form is vulnerable with SQL injection.? I have a simple for that Insert data into mysql database

wow that was awesome. thank you very much. appreciate it. thanks

I used the following code: It works, but the text Firstname is displaying in the textbox. How can I change it. What I want is to enter data into the textbox and keep that data <?php if (isset($_POST['submit'])) { $FirstName = FirstName; //do whatever processing, pretend $firstname was set to firstname and $lastname was set to lastname } ?> //display form: <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> <input type="text" name="FirstName" value="<?php echo (isset($FirstName) ? $FirstName : ''); ?>" /> <input type="text" name="lastname" value="<?php echo (isset($LastName) ? $LastName : ''); ?>" /> <input type="submit" name="submit" value="Submit" /> </form>

below is my form. where will i add the code in here. the following form has an action='http://sample.work.com/pages/tok/add.php' *********************************************** <html> <body> <form name='test' action='http://sample.work.com/pages/tok/add.php' method='POST' ><br /> <table cellspacing="0" cellpadding="2" border="0" style="width: 415px; height: 356px;"><tbody> <tr><td>Firstname:</td><td><input name="FirstName" /></td></tr> <tr><td>Lastname:</td><td><input name="LastName" /></td></tr> <tr><td>Address</td><td><textarea rows="5" cols="25" name="Address"></textarea></td></tr> <tr><td>City:</td><td><input name="City" /></td></tr> <tr><td>Zip Code</td><td><input name="ZipCode" /></td></tr> <tr><td>Home Phone</td><td><input name="HomePhone" /></td></tr> <tr><td>Work Phone</td><td><input name="WorkPhone" /></td></tr> <tr><td>Cell Phone</td><td><input name="CellPhone" /></td></tr> <tr><td>Email Address</td><td><input name="Email" /></td></tr> <tr><td>Emergency Contact Name:</td><td><input name="EmergencyContactName" /></td></tr> <tr><td>Emergency Contact Telephone:</td><td><input name="EmergencyContactPhone" /></td></tr> <tr><td>Noyce Program at:</td><td><input name="NoyceProgramAt" /></td></tr> </tbody></table> <br /> Who are you? <input type="checkbox" name="person1[]" value="true" />IHE Personnel <input type="checkbox" name="person2[]" value="true"/> K-12 Personnel <input type="checkbox" name="person3[]" value="true"/> Current Noyce Scholar <input type="checkbox" name="person4[]" value="true"/> Noyce Alumnus <input type="checkbox" name="person5[]" value="true"/> Other, EXPLAIN <input name="Other" /> <br /><br /> If Noyce Scholar, are you currently receiving Noyce Funding? <input type="radio" name="ScholarReceivingFunding" value="yes"/>Yes <input type="radio" name="ScholarReceivingFunding" value="no"/>No <br /><br /> Are you <input type="checkbox" name="MathematicsForm[]" value="true"/>Mathematics <input type="checkbox" name="BiologyForm[]" value="true"/>Biology <input type="checkbox" name="ChemistryForm[]" value="true"/>Chemistry <input type="checkbox" name="GeosciencesForm[]" value="true" />Geosciences <input type="checkbox" name="PhysicsForm[]" value="true"/>Physics<br /><br /> Are you <input type="radio" name="status" value="Undergraduate" />Undergraduate <input type="radio" name="status" value="CredentialCandidate" />Credential Candidate <input type="radio" name="status" value="CredentialTeacher" />Credentialed Teacher <br /><br /> If you are currently teaching, please let us know which school and school district in which you are teaching and indicate in what capacity: <br /> School <input name="School" /> District <input name="District" /> <br /><br /> <input type="radio" name="status2" value="StudentTeaching"/>Student Teaching <input type="radio" name="status2" value="InternTeaching"/>Intern Teaching <input type="radio" name="status2" value="CredentialedTeacher"/>Credentialed Teacher <br /><br /> What meals should we reserve for you?<br /> Friday<input type="checkbox" name="FridayDinner[]" value="true" />Dinner <br /> Saturday <input type="checkbox" name="SaturdayBreakfast[]" value="true" />Breakfast <input type="checkbox" name="SaturdayLunch[]" value="true" />Lunch <input type="checkbox" name="SaturdayDinner[]" value="true" />Dinner <br /> Sunday <input type="checkbox" name="SundayBreakfast[]" value="true" />Breakfast <input type="checkbox" name="SundayLunch[]" value="true" />Lunch <br /><br /> Food Request (Click all that apply) <br /> <input type="checkbox" name="Vegetarian[]" value="true" />Vegetarian <input type="checkbox" name="Fish[]" value="true" />Fish <input type="checkbox" name="Chicken[]" value="true" />Chicken <br /> <br /> Two nights of housing are provided by the grant.<br /> Please indicate for which nights you need housing: <br /> <input type="checkbox" name="FridayNightHousing[]" value="true" />Friday Night <input type="checkbox" name="SaturdayNightHousing[]" value="true" />Saturday Night <br /> <br /> Provided housing is at double occupancy.<br /> Single occupancy is possible, for an additional $90/person/2 nights, and is not covered by the grant. <br /> Please check here <input type="checkbox" name="singleroom[]" value="true"/> if you are interested in a single occupancy room. <br /> We cannot guarantee single occupancy rooms until we confirm room availability with the hotel, after all registrations are received. <br /> After confirming with the hotel we will notify you, and will include instructions on where to mail your check. <br /> The check should be received before January 5, 2009.<br /> <br /> Do you have any roommate? If so, please fill out: <br /> Roommate Name:</td><td><input name="RoommateName" /><br /> Roommate Email:</td><td><input name="RoommateEmail" /> <br /> If not, are you <input type="radio" name="Gender" value="male" />Male <input type="radio" name="Gender" value="female" />Female <br /> <br /> Travel: <br /><br /> You will be reimbursed for travel based on the information we emailed to your PI. <br /> Please check with your PI for details. We encourage you to carpool whenever possible. <br /> If you will be reimbursed for car travel, please make sure to bring with you your <br /> <li>driver’s license and</li> <li>proof of automobile insurance</li>with you. <br /> <br /> Please press the submit button below to register <br /> <br /><br /> <input type="submit" name="submit" value="Submit Form!" /> </form> </body> </html>

How can I do it using session?

I need help in keeping the data into the form. I have a form that validates fields. If a user enter John for firstname field and miss the lastname. The error message that will appear is "Please enter Lastname" and a go back link is also displayed. But when I clicked the go back link, the text that was entered(Jonh-for the firstname) disappeared. How can I keep the data into the form? Please help.

when I check the the 3 boxes it will display TRUE for all with your code: print '<pre>'.print_r($_POST,1).'</pre>';exit; THIS IS WHAT I WANT TO DO: If I check StudentTeaching it must display TRUE to StudentTeaching and FALSE for the other fields - (InternTeaching, CredentialedTeacher). How can I do that? this is the code: <?php print '<pre>'.print_r($_POST,1).'</pre>';exit; $con = mysql_connect("localhost","mydatabase","mypassword"); if (!$con) { die('Could not connect: ' . mysql_error()); }mysql_select_db("noyce", $con); //for field IHEpersonnel, K12Personnel, Scholar, $person['IHEpersonnel'] = 'false'; $person['K12Personnel'] = 'false'; $person['Scholar'] = 'false'; $person[$_POST['personnel']] = 'true'; //for field Mathematics, Science $maj['Mathematics'] = 'false'; $maj['Science'] = 'false'; $maj[$_POST['major']] = 'true'; //for field Biology,Chemistry,Geosciences, Physics $sci['Biology'] = 'false'; $sci['Chemistry'] = 'false'; $sci['Geosciences'] = 'false'; $sci['Physics'] = 'false'; $sci[$_POST['sciencechoice']] = 'true'; //for field Undergraduate, CredentialCandidate, CredentialTeacher //$stat['Undergraduate'] = 'false'; //$stat['CredentialCandidate'] = 'false'; //$stat['CredentialTeacher'] = 'false'; //$stat[$_POST['status']] = 'true'; //$stat2['Undergraduate'] = 'false'; //$stat2['CredentialCandidate'] = 'false'; //$stat2['CredentialTeacher'] = 'false'; //$stat2[$_POST['status']] = 'true'; //for field StudentTeaching, InternTeaching, CredentialedTeacher --THIS IS YOUR CODE $stat2['StudentTeaching'] = mysql_real_escape_string($_POST['StudentTeaching']); $stat2['InternTeaching'] = mysql_real_escape_string($_POST['InternTeaching']); $stat2['CredentialedTeacher'] = mysql_real_escape_string($_POST['CredentialedTeacher']); //$stat2['StudentTeaching'] = isset($_POST['StudentTeaching']) ? 'true' : 'false'; //$stat2['InternTeaching'] = isset($_POST['InternTeaching']) ? 'true' : 'false'; //$stat2['CredentialedTeacher'] = isset($_POST['CredentialedTeacher']) ? 'true' : 'false'; //for field FridayDinner $fri['FridayDinner'] = 'false'; $fri[$_POST['Friday']] = 'true'; $sql="INSERT INTO NoyceConferenceContact (FirstName, LastName, Address, City, State, ZipCode, HomePhone, WorkPhone, CellPhone, Email, EmergencyContactName, EmergencyContactPhone, NoyceProgramAt, IHEpersonnel, K12Personnel, Scholar, ScholarReceivingFunding, Mathematics, Science, Biology, Chemistry, Geosciences, Physics, Undergraduate, CredentialCandidate, CredentialTeacher, School, District, StudentTeaching, InternTeaching, CredentialedTeacher, FridayDinner ) VALUES ('$_POST[FirstName]','$_POST[LastName]','$_POST[Address]','$_POST[City]','$_POST[state]','$_POST[ZipCode]','$_POST[HomePhone]','$_POST[WorkPhone]','$_POST[CellPhone]','$_POST', '$_POST[EmergencyContactName]','$_POST[EmergencyContactPhone]','$_POST[NoyceProgramAt]', '$person[iHEpersonnel]','$person[K12Personnel]','$person[scholar]', '$_POST[scholarReceivingFunding]', '$maj[Mathematics]','$maj[science]', '$sci[biology]','$sci[Chemistry]','$sci[Geosciences]','$sci[Physics]', '$stat[undergraduate]','$stat[CredentialCandidate]','$stat[CredentialTeacher]', '$_POST[school]','$_POST[District]', '$stat2[studentTeaching]','$stat2[internTeaching]','$stat2[CredentialedTeacher]', '$fri[FridayDinner]' )"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added";mysql_close($con) ?>

barand, nothing was store in the 3 fields. the result is the same

this is the second result, I CHECKED ALL THE BOXES. Array ( [FirstName] => dfgsdfgsdfg [LastName] => dsdfgsdfgsdf [Address] => sdfgsdfgsdf [City] => dfsgsdfg [state] => Alabama [ZipCode] => [HomePhone] => [WorkPhone] => [CellPhone] => => [EmergencyContactName] => [EmergencyContactPhone] => [NoyceProgramAt] => [personnel] => IHEpersonnel [scholarReceivingFunding] => yes [major] => Science [sciencechoice] => Biology [status] => Undergraduate [school] => wergasdfg [District] => adgsdfgsd [studentTeaching] => true [internTeaching] => true [CredentialedTeacher] => true [RoommateName] => )

Array ( [FirstName] => John [LastName] => Doe [Address] => sadgasdg [City] => asgdasg [state] => Arkansa [ZipCode] => 14132 [HomePhone] => sadfasdf [WorkPhone] => asdfasdf [CellPhone] => asdfdasfs => asdfasdfas [EmergencyContactName] => sadfasdf [EmergencyContactPhone] => sadfasf [NoyceProgramAt] => sadfasdf [personnel] => K12Personnel [scholarReceivingFunding] => yes [major] => Science [sciencechoice] => Biology [status] => CredentialTeacher [school] => afsdfs [District] => asfdsadf [status2] => CredentialedTeacher [RoommateName] => )

It did not store anything in the fields

Need Help. I have three fielfd named StudentTeaching,InternTeaching,CredentialedTeacher. The form is working fine, when I check StudentTeaching, It will store TRUE on my StudentTeaching field and the rest FALSE. When I check InternTeaching, it will store TRUE on my InternTeaching field and the rest FALSE. But when I check them all, it will only store TRUE to the CredentialedTeacher field.which is the last field. What I want to do is if I check them all, it will store TRUE for all of the 3 fields need help. this is my form test.html ************* <input type="checkbox" name="status2" value="StudentTeaching" />Student Teaching <input type="checkbox" name="status2" value="InternTeaching"/>Intern Teaching <input type="checkbox" name="status2" value="CredentialedTeacher"/>Credentialed Teacher ************* this is some part of my add.php ********************* $stat2['StudentTeaching'] = 'false'; $stat2['InternTeaching'] = 'false'; $stat2['CredentialedTeacher'] = 'false'; $stat2[$_POST['status2']] = 'true'; ********************* ALSO part of my add.php ****************************** '$stat2[studentTeaching]','$stat2[internTeaching]','$stat2[CredentialedTeacher]',

OKAY, thanks a lot PROBLEM SOLVED

boolean