russthebarber

I have a form file upload page. When I hit submit it posts data to php which uploads an image. Then from this .php page I click an ok button which sends me back to my form upload (posting some data with me). I can then repeat the process and upload more files...all working ok so far. On the upload page, I also have a list of all the files I've uploaded. I am using jquery ajax to post data to another php file which changes some things in my database relating to those files and fires response data back to my form. This page also does some other tasks that require reloading the page. Because the page has post data, I am getting the "To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier." message. Can anyone think of a way around the problem without using normal php posts for the whole thing or using ajax for the whole thing. All tasks need to be performed on this one page.

Yep, you're all right. I don't need the hidden field at all. Thanks.

Thanks.

I have a site where users have a username, password and user_id (primary key auto generated). Every user has related products that are specific to that user. I'd like to know if anyone has any thoughts on if the following is a secure way to send info from page to page or if there is a better way: If a user is logged in, the user_id is stored in a var and is sent in a hidden form input from page to page (not alone very secure, I know). This var can then be used to see which products belong to that user, but only after a login check has been made in the backend to see if that user_id matches the logged in user. $postUserId = $_POST['$postUserId'];//passed from page to page if($session->is_logged_in()) { $serverUserId = $session->user_id;// user_id from database of user data if ($postUserId == $serverUserId ){ // all is OK }else{ // all is not OK } }else{ echo "not logged in"; } Anyone looking at the source code can only see the user_id and can't do anthing with it as the checks are made by the session data backend..... or have I missed something? Is this really secure?

Thanks for the tip. You've prompted me to start reading up a bit on PHP security and bad coding.

I've just noticed my folders had spaces in the names so of course they didn't have the same name. I thought that was impossible so it's the first place I looked. I trimmed my $_POST variables and the problem has been solved now. Thanks. What did you mean allowing the user to dfine userId.... the user doesn't define his or her own id.

I have a form for uploading pictures. The form sends a file and a user_id to a .php file which among other things, does the following: 1. creates a folder based on the user_id 2. uploads the file to it If the folder exists already, there is a warning message. This all works fine. <?php $uploadedfile = $_POST['uploadedfile']; $userId = $_POST['userId']; echo $userId."<br />"; if ($_FILES["file"]["error"] > 0){ echo "Error: " . $_FILES["file"]["error"] . "<br />"; } else{ $thisdir = getcwd();//finds absolute path of this file //does folder exist if(file_exists($thisdir."/images"."/userFotos".$userId)) { echo "Folder based on userId exists already <br />"; }else{ //create new folder based on userId echo "This directory is: ".$thisdir."<br />"; /* create subfolder and make world-writable (CHMOD 0777). Tell me if success or failure... */ if(mkdir($thisdir ."/images"."/userFotos".$userId , 0777)){ echo "Directory".$thisdir ."/images"."/userFotos".$userId." has been created successfully...<br />"; }else{ echo "Failed to create directory..."; } } // etc etc. All works OK There is then a button which sends the user id back to the uploads page if the user wishes to upload more images: <form action="uploadTheFile.php" method="post" accept-charset="utf-8"> <input type="hidden" name="userId" value="<?php echo $userId; ?> " id="userId"> <input type="submit" value="Back to image uploads"> </form> Then the user can do it all again. The problem is that the second time the user browses an image and sends to the php file for folder creation/image upload I have the following problems: 1. The warning message saying that the folder already exists doesn't show up. 2. php creates a second folder with the same name and uploads the image there. Can anyone tell me why this is happening? Here is the original form... <?php $userId = $_POST['userId']; echo $userId."<br />"; ?> <form action="uploadTheFile_submit.php" method="post" enctype="multipart/form-data"> Choose a file to upload: <input name="uploadedfile" type="file" /> <input type="hidden" name="userId" value="<?php echo $userId; ?>" id="userId" /> <input type="submit" value="Upload File" /> </form>

Brilliant. Thanks salathe.

I'll try and explain it another way. If you look at the keys (dates) in $priceArr, you'll see that there are three dates in September....the 13th, 14h and 20th. This information is in $dateArr. The question is if $dateArr didn't exist how would I create it in php from $priceArr?

I have an associative array with dates and prices: $priceArr=array("2012-9-13"=>"34.00", "2012-9-14"=>"35.00", "2012-9-20"=>"36.00", "2012-10-21"=>"37.00", "2012-10-28"=>"38.00", "2012-10-29"=>"38.00"); I'm looking for the best solution. I need to loop through the array and explode just the keys that have a 9 in the middle (i.e. are in September). Then I just need the date value in a new array....which should look like this when finished: $dateArr=array("13", "14", "20"); The exploding and pushing items into the second array I can do, it's just dealing with the key from the associative array that's new and confusing territory for me.

Thanks Jesi. i did indeed misread the part about extract(). I am well on the way to a good solution now though.

OK. That all makes good sense. I'll drop the variable idea completely I think and use extract(). That looks like a brilliantly useful function. I didn't know about it before. A million thanks.

Thanks for the tip, PFMaBiSmAd. My "bob, jim..." example was just to simplify things. But seems to have caused some confusion instead. What I am actually doing is sending a massive amount of form data to a php file and then using this method to give variables appropriate names. So I will actually have two arrays: $varsArr = array("first_name", "last_name", "town"); //etc for 100s of fields $valuesArr = array("Bob", "Johnson", "Miami"); //etc for 100s of fields My vars will then have valid names. But there is probably an even better way of doing this. Maybe a function that receives a JSON array of my form data and converts it all to vars with values? This data will be used to create a new instance of an object later. A user for example.

OK. That's a massive help. Thanks all.

great. Thanks, Spiderwell I have just seen that I can do $$namesArray[1]; to make a variable $jim; But I have bad feeling that there must be a catch. Are there any pitfalls or problems with using this way? Is the way you suggested robuster?