Jump to content

[SOLVED] Image button submit...tried hidden field...etc.

mo

By mo
in PHP Coding Help

 Share

Recommended Posts

mo Member

mo

Posted
Posted

My cart.php form was working fine when I had my submit buttons defined using CSS. I recently changed my form buttons (update cart, keep shopping, checkout) to be input type image as they were not passing Firefox's SQL Inject Me test. Now the all my form input passes SQL injection but my buttons no longer work.

 

My update cart button is defined as below and I even tried to use a hidden field. The form will resubmit but my IF statement is never met. Driving me nuts because I know it's something simple as my other forms use the same logic and work fine.

 

Update button:

 

<td colspan=\"1\">

<input src=\"$img_home/b/butn_update.gif\" name=\"update\" alt=\"Update\" class=\"submit\" type=\"submit\" value=\"update\">

<input type=\"hidden\" class=\"hidden\" name=\"UpdateCart\" value=\"1\">

</td>

 

Submit class:

input.submit {

width:auto;

height:auto;

border:0px;

}

.submit {

font-family: Tahoma;

font-size: 9pt;

color: #000000;

background-color:#99CC66;

border: 2px solid #CCCCCC;

vertical-align: middle;

}

 

 

Check for update button click:

if(isset($_POST['update']) || isset($_POST['update_x'])){

}

 

I've tried also:

 

if(isset($_POST['UpdateCart']) || isset($_POST['UpdateCart_x'])){

}

 

I've also tried _y and checking the POST variables w/o isset but none of the POST values have any values. My form definition is as follows.

 

<form id=\"cartform\" name=\"cartform\" method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">

Link to comment
Share on other sites
mo Member

mo

Posted
  • Author
Posted

it should be

input type='image'   to use an image as a submit button

 

Yes. Sorry for that, I just changed this code before I pasted but my live code has input type 'image' and not submit. Nice catch but does not work either way. I actually changed the button to type submit to see if I could get the form working but no good.

Link to comment
Share on other sites
mo Member

mo

Posted
  • Author
Posted

use print_r($_POST) to check what the button sends (after you have set type="image") - some browsers pass different values...

 

The only thing that prints is:

 

Array ( )

 

I hate to post my entire page after but here it is after rendering.

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="icon" href="https://www.dummy.com/favicon.ico" type="image/x-icon">
<link rel="shortcut icon" href="http://www.dummy.com/favicon.ico" type="image/x-icon">
<title>Test</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="copyright" content="Copyright dummy - 2008">
<meta name="author" content="dummy">
<meta name="email" content="support@dummy.com">
<meta name="Distribution" content="Local">
<meta name="Rating" content="General">
<meta name="Robots" content="NOODP">

<meta name="Revisit-after" content="7 Days"><link href="https://test.dummy.com/css/main_ff.css" rel="stylesheet" type="text/css">
							 <link href="https://test.dummy.com/css/tabular_ff.css" rel="stylesheet" type="text/css">
<style type="text/css">
.class0 A:link {text-decoration: underline; color:#000000;}
.class0 A:visited {text-decoration: underline; color:#000000;}
.class0 A:active {text-decoration: underline; color:#000000;}
.class0 A:hover {text-decoration: underline; color: #000000;}
</style>
<style type="text/css">
.class1 {
	font-family: Tahoma; 
	font-size:10pt; 
	color: #FFFFFF; 
}
.class1 A:link {text-decoration: none; color:#FFFFFF;}
.class1 A:visited {text-decoration: none; color:#FFFFFF;}
.class1 A:active {text-decoration: none; color:#FFFFFF;}
.class1 A:hover {text-decoration: underline; color: #FFFFFF;}
</style>
<style type="text/css">
.class2 A:link {text-decoration: underline; color: #FFFFFF;}
.class2 A:visited {text-decoration: underline; color: #FFFFFF;}
.class2 A:active {text-decoration: underline; color: #FFFFFF;}
.class2 A:hover {text-decoration: underline; color: #FFFFFF;}
</style>
<style type="text/css">
.class3 A:link {text-decoration: underline; color:#FFFFFF;}
.class3 A:visited {text-decoration: underline; color:#FFFFFF;}
.class3 A:active {text-decoration: underline; color:#FFFFFF;}
.class3 A:hover {text-decoration: underline; color: #FFFFFF;}
</style>
<style type="text/css">
.class4 A:link {text-decoration: underline; color:#666666;}
.class4 A:visited {text-decoration: underline; color:#666666;}
.class4 A:active {text-decoration: underline; color:#666666;}
.class4 A:hover {text-decoration: underline; color: #666666;}
</style>
<style type="text/css">
.class5 A:link {text-decoration: underline; color:#666666;}
.class5 A:visited {text-decoration: underline; color:#666666;}
.class5 A:active {text-decoration: underline; color:#666666;}
.class5 A:hover {text-decoration: underline; color: #000000;}
</style>
<style type="text/css">
.SmallLink {
	font-family: Tahoma; 
	font-size:8pt; 
	color: #000000; 
}
.SmallLink A:link {text-decoration: underline; color:#000000;}
.SmallLink A:visited {text-decoration: underline; color:#000000;}
.SmallLink A:active {text-decoration: underline; color:#000000;}
.SmallLink A:hover {text-decoration: underline; color: #FFFFFF;}
</style>

<script type="text/javascript"> 
function SetToggle(idInfo,flag) { 
  var CState = document.getElementById(idInfo); 
  if (flag == true) { CState.style.display = 'block'; } 
               else { CState.style.display = 'none'; } 
} 
</script><SCRIPT type="text/javascript" src="https://test.dummy.com/scripts/lightbox.js"></script> 

<SCRIPT type="text/javascript">
<!-- Idea by:  Nic Wolfe -->
<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin
function popUp(URL) {
day = new Date();
id = day.getTime();
eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 362,top = 184');");
}// End -->
</script>

<SCRIPT type="text/javascript">
function newWindow(url, height, width) {
    nameW='feature'
if (navigator.appVersion.indexOf('4') != -1) {
// Vars for centering the new window on Version 4 Browsers
xTop = screen.width/2 - (width/2);
yTop = screen.height/2 - (height/2);
window.open(url, nameW, 'height='+height+',width='+width+',scrollbars=1,resizable=0,menubar=0,toolbar=0,status=0,location=no,locationbar=0,directories=no,left=' + xTop + ',top=' + yTop + '');
} else {
window.open(url, nameW, 'height='+height+',width='+width+',scrollbars=1,resizable=0,menubar=0,toolbar=0,status=0,location=no,locationbar=0,directories=no,left=150,top=200');
}
}
</script>
<SCRIPT type="text/javascript">
function go(){
location= document.menuSearch.store_name.
options[document.menuSearch.store_name.selectedIndex].value
}
</script>
<script src="https://test.dummy.com/scripts/ajax/prototype.js" type="text/javascript"></script> 
<script type="text/javascript">   
function ajaxRequest(url,data) {
	var aj = new Ajax.Request(url, {
	method:'get',
	parameters: data,
	onComplete: getResponse
	}
	);   
}   
/* ajax.Response */  
function getResponse(oReq) {
	$('result').innerHTML = oReq.responseText;   
}   
</script></head><body>
<div id="panel_a"><!--Header Panel Start-->
<div id="innerdiv-a" align="center">
<div id="stats">

<ul>            
<li> Items in cart: [1] </li>
<li class="hform-pad"> | </li>
<li> Cart Sub-total: [$11.99] </li>
<li class="hform-pad"> | </li>
<li>Your location is: [Newark, NJ] </li>
<li class="hform-pad"> | </li>

<li class="SmallLink"><a href="http://www.dummy.com">Change Location</a></li>
</ul>		
</div>

<div id="user-menu">
<ul>
<li class="class2">You are logged in as mabright.</li>
<li class="hform-pad"> | </li><li class="class3"><a href="logout.php">  Logout  </a></li></ul></div></div>
</div><!--Header Panel End-->
<p></p>
<div id="container">

<div id="logo"><!--Logo:Start-->
<span><a href="http://test.dummy.com/shop.php"><img src="https://test.dummy.com/img/mrlogo_h.gif" alt="image"></a></span>
</div><!--Logo:End-->
<div id="adWindow1">
<h4><a href="advertise.php">Advertise Here</a></h4>
</div><!--Banner Ads End-->

<div id="main-menu">
<ul>
	<li><img src="https://test.dummy.com/img/mbar_lblock.gif" alt="image"></li>
	<li class="hform-pad"><a href="http://test.dummy.com/shop.php"> Home </a></li>

	<li class="hform-pad">|</li>
	<li class="hform-pad"><a href="http://test.dummy.com/h/about.php"> About </a></li>
	<li class="hform-pad">|</li>
	<li class="hform-pad"><a href="http://test.dummy.com/h/contact.php"> Contact Us </a></li>
	<li class="hform-pad">|</li>		
	<li class="hform-pad"><a href="http://test.dummy.com/h/faq.php"> FAQ </a></li>

	<li class="hform-pad">|</li>
	<li class="hform-pad"><a href="http://test.dummy.com/menusearch.php"> Menus/Search </a></li>
	<li class="hform-pad">|</li>
	<li class="hform-pad"><a href="http://test.dummy.com/h/deliveryarea.php"> Delivery Area </a></li>
	<li class="hform-pad">|</li>

	<li class="hform-pad"><a href="http://test.dummy.com/h/advertising.php"> Advertising </a></li>
	<li class="hform-pad">|</li>
	<li class="hform-pad"><a href="http://test.dummy.com/h/testimonial.php"> Testimonials </a></li>
	<li><img src="https://test.dummy.com/img/mbar_rblock.gif" alt="image"></li>
</ul></div>
								<div id="infoarea1">

									<ul>
										<li><img src="https://test.dummy.com/img/icons/user_green.png" alt="image"></li>
										<li class="class1"><a href="http://test.dummy.com/usercp.php">My Account</a></li>
										<li>|</li>
										<li class="class1"><a href="https://test.dummy.com/checkout.php"><img src="https://test.dummy.com/img/icons/cart_go.png" alt="image"></a></li>
										<li class="class1"><a href="https://test.dummy.com/checkout.php">Checkout</a></li>
										<li>|</li>

										<li class="class1"><a href="http://test.dummy.com/cart.php"><img src="https://test.dummy.com/img/icons/cart.png" alt="image"></a></li>
										<li class="class1"><a href="http://test.dummy.com/cart.php">View Cart</a></li>							
										<li>|</li>
										<li>Today's date 04.15.2009 02:34 PM EST</li>								
									</ul>
								</div>
<div id="main-frame"><!--Main Frame:Start-->
Array
(
)
<br>
<form id="cartform" name="cartform" method="POST" action="/cart.php">

<div class="errortext"></div>	
		<table class="dataList" align="center">
			<tr><td class="dataListTitle" colspan="11"><h5>Shopping Cart</h5></td></tr><tr><td class="dataListItem" colspan="11">
					          <img src="https://test.dummy.com/img/icons/add_only.gif">
					          <a href="http://test.dummy.com/dispmenu.php?storeid=1000&storename=dummy" >Add additonal dummy Store items to your order.</a>
					          </td></tr><tr><td class="dataListHeader">Item ID</td>
				<td class="dataListHeader">Store</td>
				<td class="dataListHeader">Description</td>

				<td class="dataListHeader">Recipient</td>
				<td class="dataListHeader">Comments</td>
				<td class="dataListHeader">Size</td>
				<td class="dataListHeader">Qty.</td>
				<td class="dataListHeader">Price</td>
				<td class="dataListHeader" colspan="2">Total</td>

				<td class="dataListHeader"></td>
		</tr><tr><td class="dataListItem">32</td>
			  <td class="dataListItem">
			  <a href="dispmenu.php?storeid=1003&storename=Applebees" />Applebees</a></td>
			  <td class="dataListItem">Ultimate Trios</td>
			  <td class="dataListItem">Maurice</td>
			  <td class="dataListItem"> </td>

			  <td class="dataListItem">-</td>
			  <td class="dataListItem">
			  <input name="qID[]" type="text" size="5" value="1" />
			  <input type="hidden" class="hidden"  name="pid[]" value="32" />
			  <input type="hidden" class="hidden"  name="optionStr[]" value="2,4,8," />
			  </td>
			  <td class="dataListItem">11.99</td>
			  <td class="dataListItem" colspan="2">11.99</td>

			  <td class="dataListItem">
			  <input type="image" class="image" src="https://test.dummy.com/img/icons/delete.gif" alt="Delete" name="btnDelete" id="btnDelete" 
			  value="Delete" onClick="window.location.href='/cart.php?action=remove_item&smid=32&itemOption=2,4,8,'">
			  </td></tr><tr>
				  	<td class="dataListItemOpt" colspan="2">COMBO Option 1 ></td><td class="dataListItemOpt" colspan="5">Dynamite Shrimp</td><td class="dataListItemOpt">0.00</td>
				  	<td class="dataListItemOpt" colspan="2">0.00</td>
				  	<td class="dataListItem"></td>
				  	</tr><tr>

				  	<td class="dataListItemOpt" colspan="2">COMBO Option 2 ></td><td class="dataListItemOpt" colspan="5">Steak Quesadilla Towers</td><td class="dataListItemOpt">0.00</td>
				  	<td class="dataListItemOpt" colspan="2">0.00</td>
				  	<td class="dataListItem"></td>
				  	</tr><tr>
				  	<td class="dataListItemOpt" colspan="2">COMBO Option 3 ></td><td class="dataListItemOpt" colspan="5">Spinich & Artichoke  Dip</td><td class="dataListItemOpt">0.00</td>

				  	<td class="dataListItemOpt" colspan="2">0.00</td>
				  	<td class="dataListItem"></td>
				  	</tr><tr><td class="dataListItemLabel" colspan="8">Sub Total (Minimum 5.00): </td>
			      <td class="dataListItem" colspan="2" bgcolor="#FFFF66">11.99</td>
				  <td class="dataListItem"></td>
			  </tr>
			  <tr><td class="dataListItemLabel" colspan="8">Sales Tax(7%): </td>

			      <td class="dataListItem" colspan="2" bgcolor="#FFFF66">0.84</td>
				  <td class="dataListItem"></td>
			  </tr>
			  <tr><td class="dataListItemLabel" colspan="8">Delivery Charge: </td>
			      <td class="dataListItem" colspan="2" bgcolor="#FFFF66">1.00</td>
				  <td class="dataListItem"></td>
			  </tr>			
			  <tr><td class="dataListItemLabel" colspan="8">Delivery Driver Tip(optional): </td>

			      <td class="dataListItem" colspan="2"><input name="tipAmount" type="text" value="0.00" size="5" maxlength="6"/></td>
				  <td class="dataListItem"></td>
			  </tr>
			  <tr><td class="dataListItemLabel" colspan="8">Multi-Store Order Fee($2.00 per extra store.): </td>
			      <td class="dataListItem" colspan="2">0.00</td>
				  <td class="dataListItem"></td>
			  </tr>				  
			  <tr><td class="dataListItemLabel" colspan="8" style="background-color:#FFE824;font-weight:bold;">Total: </td>

			      <td class="dataListItem" colspan="2" style="background-color:#FFE824;font-weight:bold;">13.83</td>
				  <td class="dataListItem"></td>
			  </tr></table><table class="ButnCell">
	      <tr>
	      <td colspan="1">
	      	<input src="https://test.dummy.com/img/b/butn_update.gif" name="update" alt="Update" class="submit" type="submit" value="update">
	      	<input type="hidden" class="hidden" name="UpdateCart" value="1">
	      </td>

		    <td colspan="1">
		    	<input src="https://test.dummy.com/img/b/butn_keepshopping.gif" id="shop" name="shop" alt="Keep Shopping" class="submit" type="image" value="" onMouseOver="this.style.cursor='hand'">
		    </td><td colspan="1"><input src="https://test.dummy.com/img/b/butn_sharecart.gif" class="submit" id="addGuest" name="addGuest" type="image" alt="Add Guest" value="" onMouseOver="this.style.cursor='hand'"></td><td colspan="1">
	      <input src="https://test.dummy.com/img/b/butn_checkout.gif" class="submit" id="checkOut" name="checkOut" type="image" alt="Checkout" value="" onMouseOver="this.style.cursor='hand'">
	      <input type="hidden" class="hidden" id="cartSubTotal" name="cartSubTotal" value="11.99">
			  </td></tr></table></form>
</div><!--Main Frame:End-->
<div id="footer-frame">
<ul>
	<li><b>The site is best viewed in IE 7+ or FireFox 3.0+.</b></li>
</ul>
</div>
<div class="bl1"><div class="br1">mmmm</div></div>
</div><!--Container-->
<p></p>
<p></p>

<div></div>
</body>
</html>

Link to comment
Share on other sites
mo Member

mo

Posted
  • Author
Posted 

if(isset($_POST['UpdateCart']) || isset($_POST['UpdateCart_x'])){
	//Update cart item quantities
	foreach($_POST['pid'] as $pid_key => $pid) {
		$_POST['qID']       = checkSQLinject($_POST['qID']);
		$_POST['optionStr'] = checkSQLinject($_POST['optionStr']);

		$postQty = $_POST['qID'][$pid_key];
		$optionsStr = $_POST['optionStr'][$pid_key];

		$pid = checkSQLinject($pid);
		$postQty = checkSQLinject($postQty);
		$optionsStr = checkSQLinject($optionsStr);
		$message = UpdateItem($pid,$postQty,$optionsStr);
}
}


echo "<form id=\"cartform\" name=\"cartform\" method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">";


......other code........

echo "<table class=\"ButnCell\">
	      <tr>
	      <td colspan=\"1\">
	      	<input src=\"$img_home/b/butn_update.gif\" name=\"update\" alt=\"Update\" class=\"submit\" type=\"image\" value=\"update\">
	      	<input type=\"hidden\" class=\"hidden\" name=\"UpdateCart\" value=\"1\">
	      </td>
		    <td colspan=\"1\">
		    	<input src=\"$img_home/b/butn_keepshopping.gif\" id=\"shop\" name=\"shop\" alt=\"Keep Shopping\" class=\"submit\" type=\"image\" value=\"\" onMouseOver=\"this.style.cursor='hand'\">
		    </td>";
	if($allow_group_orders == "Y"){
		if($_SESSION['cartSharedFlag'] == "Y"){
		//If cart is already n shared, set share button to display only
			echo "<td colspan=\"1\"><input src=\"$img_home/b/butn_sharecart.gif\" class=\"submit\" id=\"addGuest\" name=\"addGuest\" type=\"image\" alt=\"Add Guest\" value=\"\" onMouseOver=\"this.style.cursor='hand'\"></td>";
		}else{
			echo "<td colspan=\"1\"><input src=\"$img_home/b/butn_sharecart.gif\" class=\"submit\" id=\"initiateShare\" name=\"initiateShare\" type=\"image\" alt=\"Share Cart\" value=\"\" onMouseOver=\"this.style.cursor='hand'\"></td>";
		}			  
	}	  
	echo "<td colspan=\"1\">
	      <input src=\"$img_home/b/butn_checkout.gif\" class=\"submit\" id=\"checkOut\" name=\"checkOut\" type=\"image\" alt=\"Checkout\" value=\"\" onMouseOver=\"this.style.cursor='hand'\">
	      <input type=\"hidden\" class=\"hidden\" id=\"cartSubTotal\" name=\"cartSubTotal\" value=\"$subTotl\">
			  </td></tr></table>";
}
if(!$loopFlag) {
echo "<tr><td class=\"dataListItem\" colspan=\"9\">No items in cart.
      </td></tr></table>
      <table><tr><td>
	  		<a href=\"$shoppingReturnUrl\"><img src=\"$img_home/b/butn_keepshopping.gif\" alt=\"Continue\" border=\"0\"/></a>
	  	</td></tr></table>";
}
	      	
echo "</form>";

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The form in the code you posted submits the following - print_r($_POST) -

 

Array
(
    [qID] => Array
        (
            [0] => 1
        )

    [pid] => Array
        (
            [0] => 32
        )

    [optionStr] => Array
        (
            [0] => 2,4,8,
        )

    [tipAmount] => 0.00
    [update] => update
    [updateCart] => 1
    [cartSubTotal] => 11.99
)

 

So, either the page you are submitting to is different/wrong or your code is overwriting the $_POST data or your $_POST data is greater than the post_max_size setting.

 

Link to comment
Share on other sites
mo Member

mo

Posted
  • Author
Posted

While this doesn't really answer your question or solve your current problem, why not just style the submit button with a background image rather than using the type='img' ?

 

My original image buttons were css and input input type submit using the below class. However this cause a huge number of SQL injection errors for some reason and I could not resolve the errors until I changed the button declaration.

 

input.updateButn {

  width: 100px;

  height: 32px;

  padding-top: 5px;

  padding-left: 5px;

  padding-right: 5px;

  margin: 0;

  border: 0;

  background: transparent url(../img/b/butn_update.gif) no-repeat center top;

  overflow: hidden;

  cursor: pointer; /* hand-shaped cursor */

  cursor: hand; /* for IE 5.x */

  outline: none;

}

 

P.S. I checked for UpdateCart_y as well.

Link to comment
Share on other sites
mo Member

mo

Posted
  • Author
Posted

The form in the code you posted submits the following - print_r($_POST) -

 

Array
(
    [qID] => Array
        (
            [0] => 1
        )

    [pid] => Array
        (
            [0] => 32
        )

    [optionStr] => Array
        (
            [0] => 2,4,8,
        )

    [tipAmount] => 0.00
    [update] => update
    [updateCart] => 1
    [cartSubTotal] => 11.99
)

 

So, either the page you are submitting to is different/wrong or your code is overwriting the $_POST data or your $_POST data is greater than the post_max_size setting.

 

 

hmmmm...I think something must be overwriting my $_POST as you stated I will strip some code form my form and test than post findings.

 

 

Link to comment
Share on other sites
mo Member

mo

Posted
  • Author
Posted

OK....It is something in the code below that is causing my POST variables to clear. When I remove this code, I can see print_r($_POST); works fine.

 

	echo "<tr><td class=\"dataListItem\">$strID</td>
			  <td class=\"dataListItem\">
			  <a href=\"dispmenu.php?storeid=$strStoreId&storename=".urlencode($strStoreName)."\" />$strStoreName</a></td>
			  <td class=\"dataListItem\">$strTitle</td>
			  <td class=\"dataListItem\">$strRecipient</td>
			  <td class=\"dataListItem\">$strComments</td>
			  <td class=\"dataListItem\">$strProdSize</td>
			  <td class=\"dataListItem\">
			  <input name=\"qID[]\" type=\"text\" size=\"5\" value=\"$strQty\" />
			  <input type=\"hidden\" class=\"hidden\"  name=\"pid[]\" value=\"$strID\" />
			  <input type=\"hidden\" class=\"hidden\"  name=\"optionStr[]\" value=\"$strOptions\" />
			  </td>
			  <td class=\"dataListItem\">$strPrice</td>
			  <td class=\"dataListItem\" colspan=\"2\">$strTotal</td>
			  <td class=\"dataListItem\">
			  <input type=\"image\" class=\"image\" src=\"$img_home/icons/delete.gif\" alt=\"Delete\" name=\"btnDelete\" id=\"btnDelete\" 
			  value=\"Delete\" onClick=\"window.location.href='".$_SERVER['PHP_SELF']."?action=remove_item&smid=$strID&itemOption=$strOptions'\">
			  </td></tr>";

Link to comment
Share on other sites
mo Member

mo

Posted
  • Author
Posted

OK....It is something in the code below that is causing my POST variables to clear. When I remove this code, I can see print_r($_POST); works fine.

 

	echo "<tr><td class=\"dataListItem\">$strID</td>
			  <td class=\"dataListItem\">
			  <a href=\"dispmenu.php?storeid=$strStoreId&storename=".urlencode($strStoreName)."\" />$strStoreName</a></td>
			  <td class=\"dataListItem\">$strTitle</td>
			  <td class=\"dataListItem\">$strRecipient</td>
			  <td class=\"dataListItem\">$strComments</td>
			  <td class=\"dataListItem\">$strProdSize</td>
			  <td class=\"dataListItem\">
			  <input name=\"qID[]\" type=\"text\" size=\"5\" value=\"$strQty\" />
			  <input type=\"hidden\" class=\"hidden\"  name=\"pid[]\" value=\"$strID\" />
			  <input type=\"hidden\" class=\"hidden\"  name=\"optionStr[]\" value=\"$strOptions\" />
			  </td>
			  <td class=\"dataListItem\">$strPrice</td>
			  <td class=\"dataListItem\" colspan=\"2\">$strTotal</td>
			  <td class=\"dataListItem\">
			  <input type=\"image\" class=\"image\" src=\"$img_home/icons/delete.gif\" alt=\"Delete\" name=\"btnDelete\" id=\"btnDelete\" 
			  value=\"Delete\" onClick=\"window.location.href='".$_SERVER['PHP_SELF']."?action=remove_item&smid=$strID&itemOption=$strOptions'\">
			  </td></tr>";

 

OK. It's the below code that somehow clears my other POST variables.

 

              <td class=\"dataListItem\">
              <input name=\"qID[]\" type=\"text\" size=\"5\" value=\"$strQty\" />
              <input type=\"hidden\" class=\"hidden\"  name=\"pid[]\" value=\"$strID\" />
              <input type=\"hidden\" class=\"hidden\"  name=\"optionStr[]\" value=\"$strOptions\" />
              </td>

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Only if the value="..."  parameters were a huge list that causes the amount of data to exceed the post_max_size setting or contained some HTML that breaks the HTML of the form. What does a "view source" in your browser show when it does not work, because the previous rendered form that I tested worked (in FF).

 

Edit: what does a phpinfo() statement show for the post_max_size setting, because incorrect syntax for that setting actually results in a very small value.

Link to comment
Share on other sites
mo Member

mo

Posted
  • Author
Posted

Only if the value="..."  parameters were a huge list that causes the amount of data to exceed the post_max_size setting or contained some HTML that breaks the HTML of the form. What does a "view source" in your browser show when it does not work, because the previous rendered form that I tested worked (in FF).

 

Edit: what does a phpinfo() statement show for the post_max_size setting, because incorrect syntax for that setting actually results in a very small value.

 

post_max_size setting = 8M

 

rendered page after submit:

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="icon" href="https://www.dummy.com/favicon.ico" type="image/x-icon">
<link rel="shortcut icon" href="http://www.dummy.com/favicon.ico" type="image/x-icon">
<title>dummy</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="author" content="dummy">
<meta name="email" content="support@dummy.com">
<meta name="Distribution" content="Local">
<meta name="Rating" content="General">
<meta name="Robots" content="NOODP">

<meta name="Revisit-after" content="7 Days"><link href="https://test.dummy.com/css/main_ff.css" rel="stylesheet" type="text/css">
							 <link href="https://test.dummy.com/css/tabular_ff.css" rel="stylesheet" type="text/css">
<style type="text/css">
.class0 A:link {text-decoration: underline; color:#000000;}
.class0 A:visited {text-decoration: underline; color:#000000;}
.class0 A:active {text-decoration: underline; color:#000000;}
.class0 A:hover {text-decoration: underline; color: #000000;}
</style>
<style type="text/css">
.class1 {
	font-family: Tahoma; 
	font-size:10pt; 
	color: #FFFFFF; 
}
.class1 A:link {text-decoration: none; color:#FFFFFF;}
.class1 A:visited {text-decoration: none; color:#FFFFFF;}
.class1 A:active {text-decoration: none; color:#FFFFFF;}
.class1 A:hover {text-decoration: underline; color: #FFFFFF;}
</style>
<style type="text/css">
.class2 A:link {text-decoration: underline; color: #FFFFFF;}
.class2 A:visited {text-decoration: underline; color: #FFFFFF;}
.class2 A:active {text-decoration: underline; color: #FFFFFF;}
.class2 A:hover {text-decoration: underline; color: #FFFFFF;}
</style>
<style type="text/css">
.class3 A:link {text-decoration: underline; color:#FFFFFF;}
.class3 A:visited {text-decoration: underline; color:#FFFFFF;}
.class3 A:active {text-decoration: underline; color:#FFFFFF;}
.class3 A:hover {text-decoration: underline; color: #FFFFFF;}
</style>
<style type="text/css">
.class4 A:link {text-decoration: underline; color:#666666;}
.class4 A:visited {text-decoration: underline; color:#666666;}
.class4 A:active {text-decoration: underline; color:#666666;}
.class4 A:hover {text-decoration: underline; color: #666666;}
</style>
<style type="text/css">
.class5 A:link {text-decoration: underline; color:#666666;}
.class5 A:visited {text-decoration: underline; color:#666666;}
.class5 A:active {text-decoration: underline; color:#666666;}
.class5 A:hover {text-decoration: underline; color: #000000;}
</style>
<style type="text/css">
.SmallLink {
	font-family: Tahoma; 
	font-size:8pt; 
	color: #000000; 
}
.SmallLink A:link {text-decoration: underline; color:#000000;}
.SmallLink A:visited {text-decoration: underline; color:#000000;}
.SmallLink A:active {text-decoration: underline; color:#000000;}
.SmallLink A:hover {text-decoration: underline; color: #FFFFFF;}
</style>

<script type="text/javascript"> 
function SetToggle(idInfo,flag) { 
  var CState = document.getElementById(idInfo); 
  if (flag == true) { CState.style.display = 'block'; } 
               else { CState.style.display = 'none'; } 
} 
</script><SCRIPT type="text/javascript" src="https://test.dummy.com/scripts/lightbox.js"></script> 

<SCRIPT type="text/javascript">
<!-- Idea by:  Nic Wolfe -->
<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin
function popUp(URL) {
day = new Date();
id = day.getTime();
eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 362,top = 184');");
}// End -->
</script>

<SCRIPT type="text/javascript">
function newWindow(url, height, width) {
    nameW='feature'
if (navigator.appVersion.indexOf('4') != -1) {
// Vars for centering the new window on Version 4 Browsers
xTop = screen.width/2 - (width/2);
yTop = screen.height/2 - (height/2);
window.open(url, nameW, 'height='+height+',width='+width+',scrollbars=1,resizable=0,menubar=0,toolbar=0,status=0,location=no,locationbar=0,directories=no,left=' + xTop + ',top=' + yTop + '');
} else {
window.open(url, nameW, 'height='+height+',width='+width+',scrollbars=1,resizable=0,menubar=0,toolbar=0,status=0,location=no,locationbar=0,directories=no,left=150,top=200');
}
}
</script>
<SCRIPT type="text/javascript">
function go(){
location= document.menuSearch.store_name.
options[document.menuSearch.store_name.selectedIndex].value
}
</script>
<script src="https://test.dummy.com/scripts/ajax/prototype.js" type="text/javascript"></script> 
<script type="text/javascript">   
function ajaxRequest(url,data) {
	var aj = new Ajax.Request(url, {
	method:'get',
	parameters: data,
	onComplete: getResponse
	}
	);   
}   
/* ajax.Response */  
function getResponse(oReq) {
	$('result').innerHTML = oReq.responseText;   
}   
</script></head><body>
<div id="panel_a"><!--Header Panel Start-->
<div id="innerdiv-a" align="center">
<div id="stats">

<ul>            
<li> Items in cart: [1] </li>
<li class="hform-pad"> | </li>
<li> Cart Sub-total: [$6.05] </li>
<li class="hform-pad"> | </li>
<li>Your location is: [newark, CA] </li>
<li class="hform-pad"> | </li>

<li class="SmallLink"><a href="http://www.dummy.com">Change Location</a></li>
</ul>		
</div>

<div id="user-menu">
<ul>
<li class="class2">You are logged in as mabright.</li>
<li class="hform-pad"> | </li><li class="class3"><a href="logout.php">  Logout  </a></li></ul></div></div>
</div><!--Header Panel End-->
<p></p>
<div id="container">

<div id="logo"><!--Logo:Start-->
<span><a href="http://test.dummy.com/shop.php"><img src="https://test.dummy.com/img/mrlogo_h.gif" alt="image"></a></span>
</div><!--Logo:End-->
<div id="adWindow1">
<h4><a href="advertise.php">Advertise Here</a></h4>
</div><!--Banner Ads End-->

<div id="main-menu">
<ul>
	<li><img src="https://test.dummy.com/img/mbar_lblock.gif" alt="image"></li>
	<li class="hform-pad"><a href="http://test.dummy.com/shop.php"> Home </a></li>

	<li class="hform-pad">|</li>
	<li class="hform-pad"><a href="http://test.dummy.com/h/about.php"> About </a></li>
	<li class="hform-pad">|</li>
	<li class="hform-pad"><a href="http://test.dummy.com/h/contact.php"> Contact Us </a></li>
	<li class="hform-pad">|</li>		
	<li class="hform-pad"><a href="http://test.dummy.com/h/faq.php"> FAQ </a></li>

	<li class="hform-pad">|</li>
	<li class="hform-pad"><a href="http://test.dummy.com/menusearch.php"> Menus/Search </a></li>
	<li class="hform-pad">|</li>
	<li class="hform-pad"><a href="http://test.dummy.com/h/deliveryarea.php"> Delivery Area </a></li>
	<li class="hform-pad">|</li>

	<li class="hform-pad"><a href="http://test.dummy.com/h/advertising.php"> Advertising </a></li>
	<li class="hform-pad">|</li>
	<li class="hform-pad"><a href="http://test.dummy.com/h/testimonial.php"> Testimonials </a></li>
	<li><img src="https://test.dummy.com/img/mbar_rblock.gif" alt="image"></li>
</ul></div>
								<div id="infoarea1">

									<ul>
										<li><img src="https://test.dummy.com/img/icons/user_green.png" alt="image"></li>
										<li class="class1"><a href="http://test.dummy.com/usercp.php">My Account</a></li>
										<li>|</li>
										<li class="class1"><a href="https://test.dummy.com/checkout.php"><img src="https://test.dummy.com/img/icons/cart_go.png" alt="image"></a></li>
										<li class="class1"><a href="https://test.dummy.com/checkout.php">Checkout</a></li>
										<li>|</li>

										<li class="class1"><a href="http://test.dummy.com/cart.php"><img src="https://test.dummy.com/img/icons/cart.png" alt="image"></a></li>
										<li class="class1"><a href="http://test.dummy.com/cart.php">View Cart</a></li>							
										<li>|</li>
										<li>Today's date 04.15.2009 04:57 PM EST</li>								
									</ul>
								</div>
<div id="main-frame"><!--Main Frame:Start-->
Array
(
)
<br>
<form id="CartForm" name="CartForm" method="post" action="/cart.php">

<div class="errortext"></div><table class="dataList" align="center">
			<tr><td class="dataListTitle" colspan="11"><h5>dummy Shopping Cart</h5></td></tr><tr><td class="dataListItem" colspan="11">
					          <img src="https://test.dummy.com/img/icons/add_only.gif">
					          <a href="http://test.dummy.com/dispmenu.php?storeid=1000&storename=dummy" >Add additonal dummy Store items to your order.</a>
					          </td></tr><tr><td class="dataListHeader">Item ID</td>
				<td class="dataListHeader">Store</td>
				<td class="dataListHeader">Description</td>

				<td class="dataListHeader">Recipient</td>
				<td class="dataListHeader">Comments</td>
				<td class="dataListHeader">Size</td>
				<td class="dataListHeader">Qty.</td>
				<td class="dataListHeader">Price</td>
				<td class="dataListHeader" colspan="2">Total</td>

				<td class="dataListHeader"></td>
		</tr><tr><td class="dataListItem">45</td>
			  <td class="dataListItem">
			  <a href="dispmenu.php?storeid=1005&storename=Waffle+House">Waffle House</a></td>
			  <td class="dataListItem">Waffle with Eggs</td>
			  <td class="dataListItem">Maurice</td>
			  <td class="dataListItem"> </td>

			  <td class="dataListItem">-</td>
			  <td class="dataListItem">
			  <input id="qID[]" name="qID[]" type="text" size="5" value="1">
			  <input type="hidden" class="hidden" id="pid[]" name="pid[]" value="45">
			  <input type="hidden" class="hidden" id="optionStr[]" name="optionStr[]" value="1,5,">
			  </td>
			  <td class="dataListItem">5.60</td>
			  <td class="dataListItem" colspan="2">5.60</td>

			  <td class="dataListItem">
			  <input type="image" class="image" src="https://test.dummy.com/img/icons/delete.gif" alt="Delete" name="btnDelete" id="btnDelete" 
			  value="Delete" onClick="window.location.href='/cart.php?action=remove_item&smid=45&itemOption=1,5,'">
			  </td></tr><tr>
				  	<td class="dataListItemOpt" colspan="2">TOPPING Option 1 ></td><td class="dataListItemOpt" colspan="5">Pecans</td><td class="dataListItemOpt">0.45</td>
				  	<td class="dataListItemOpt" colspan="2">0.45</td>
				  	<td class="dataListItem"></td>
				  	</tr><tr>

				  	<td class="dataListItemOpt" colspan="2">PREPARATION Option 1 ></td><td class="dataListItemOpt" colspan="5">Scrambled</td><td class="dataListItemOpt">0.00</td>
				  	<td class="dataListItemOpt" colspan="2">0.00</td>
				  	<td class="dataListItem"></td>
				  	</tr><tr><td class="dataListItemLabel" colspan="8">Sub Total (Minimum 5.00): </td>
			      <td class="dataListItem" colspan="2" bgcolor="#FFFF66">6.05</td>
				  <td class="dataListItem"></td>

			  </tr>
			  <tr><td class="dataListItemLabel" colspan="8">Sales Tax(7%): </td>
			      <td class="dataListItem" colspan="2" bgcolor="#FFFF66">0.42</td>
				  <td class="dataListItem"></td>
			  </tr>
			  <tr><td class="dataListItemLabel" colspan="8">Delivery Charge: </td>
			      <td class="dataListItem" colspan="2" bgcolor="#FFFF66">1.00</td>

				  <td class="dataListItem"></td>
			  </tr>			
			  <tr><td class="dataListItemLabel" colspan="8">Delivery Driver Tip(optional): </td>
			      <td class="dataListItem" colspan="2"><input name="tipAmount" type="text" value="0.00" size="5" maxlength="6"/></td>
				  <td class="dataListItem"></td>
			  </tr>
			  <tr><td class="dataListItemLabel" colspan="8">Multi-Store Order Fee($2.00 per extra store.): </td>
			      <td class="dataListItem" colspan="2">0.00</td>

				  <td class="dataListItem"></td>
			  </tr>				  
			  <tr><td class="dataListItemLabel" colspan="8" style="background-color:#FFE824;font-weight:bold;">Total: </td>
			      <td class="dataListItem" colspan="2" style="background-color:#FFE824;font-weight:bold;">7.47</td>
				  <td class="dataListItem"></td>
			  </tr></table><table class="ButnCell">
	      <tr>
	      <td colspan="1">

	      	<input src="https://test.dummy.com/img/b/butn_update.gif" name="update" alt="Update" class="submit" type="image" value="update">
	      	<input type="hidden" class="hidden" name="UpdateCart" value="1">
	      </td>
		    <td colspan="1">
		    	<input src="https://test.dummy.com/img/b/butn_keepshopping.gif" id="shop" name="shop" alt="Keep Shopping" class="submit" type="image" value="" onMouseOver="this.style.cursor='hand'">
		    </td><td colspan="1"><input src="https://test.dummy.com/img/b/butn_sharecart.gif" class="submit" id="addGuest" name="addGuest" type="image" alt="Add Guest" value="" onMouseOver="this.style.cursor='hand'"></td><td colspan="1">
	      <input src="https://test.dummy.com/img/b/butn_checkout.gif" class="submit" id="checkOut" name="checkOut" type="image" alt="Checkout" value="" onMouseOver="this.style.cursor='hand'">
	      <input type="hidden" class="hidden" id="cartSubTotal" name="cartSubTotal" value="6.05">
			  </td></tr></table></form>

</div><!--Main Frame:End-->
<div class="bl1"><div class="br1">mmmm</div></div>
</div><!--Container-->
<p></p>
<p></p>
<div></div>
</body>
</html>

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

If having $_POST['qID'], $_POST['pid'], or $_POST['optionStr'] in the submitted data causes the $_POST array to be empty at the point in your code where you put the print_r() statement, then you have some php code before that point that is responsible for causing the problem.

 

You need to post your form processing code if you expect someone else to help find where the problem is in it.

Link to comment
Share on other sites
mo Member

mo

Posted
  • Author
Posted

If having $_POST['qID'], $_POST['pid'], or $_POST['optionStr'] in the submitted data causes the $_POST array to be empty at the point in your code where you put the print_r() statement, then you have some php code before that point that is responsible for causing the problem.

 

You need to post your form processing code if you expect someone else to help find where the problem is in it.

 

I resolved the issue. I was performing my SQL injection test twice on the above POST variables and for some reason this cleared everything.

 

Thanks for your reply, it help me look deeper into my code.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.