Jump to content


Photo

form security


  • Please log in to reply
7 replies to this topic

#1 OLM3CA

OLM3CA
  • Members
  • PipPipPip
  • Advanced Member
  • 52 posts
  • LocationCyprus

Posted 19 September 2006 - 07:20 PM

hello.
I have a form including name,surname,age etc... If the user miss one of them,the form alerts the user that he/she missed a part but when they fill all of them and submits the form,The form submitted.but the problem is when you refresh page everytime the page submitted with the same datas.

I use

$_POST['name'] = "";
$_POST['surname'] ="";
$_POST['age'] = "";

after if the form values entered.
But nothing changes.if you refresh the page ,the form submitted everytime it refreshed.
AMD rather than Intel , PHP rahter than ASP

#2 willfitch

willfitch
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts
  • LocationNew Hope, PA

Posted 19 September 2006 - 07:40 PM

A quick fix to this could be the following scenario:

Let's assume your script name is called contact.php. 

1. Make your POSTed form action contact.php?somethere_here
2. Once validation is complete, and the user has passed, insert the data and header back to contact.php.
Zend Certified Engineer (ZEND001989)
www.willfitch.com

#3 OLM3CA

OLM3CA
  • Members
  • PipPipPip
  • Advanced Member
  • 52 posts
  • LocationCyprus

Posted 19 September 2006 - 07:48 PM

I am including this page in index.php and form action is :

action="index.php?page=newpost"

How can I do ? and can you tell me how can header back to page header("Location: contact.php"); ???
AMD rather than Intel , PHP rahter than ASP

#4 craygo

craygo
  • Staff Alumni
  • Advanced Member
  • 1,973 posts
  • LocationRhode Island

Posted 19 September 2006 - 08:08 PM

Using php you have to submit the form and the server will check for errors according to your code. If you want just a simple check you can use javascript to check for blank field data. This will check before the form is submitted.

This guys has some good tutorials for javascript as well as some basic php stuff

http://www.tizag.com...ascriptform.php

Ray

#5 OLM3CA

OLM3CA
  • Members
  • PipPipPip
  • Advanced Member
  • 52 posts
  • LocationCyprus

Posted 19 September 2006 - 08:12 PM

I think you dont exactly understand my question.My problem is not with the control of form values.My problem is when the form is correctly filled and submitted.Its ok but after you REFRESH the page ıt submits those values again and again with refreshing the page
AMD rather than Intel , PHP rahter than ASP

#6 craygo

craygo
  • Staff Alumni
  • Advanced Member
  • 1,973 posts
  • LocationRhode Island

Posted 19 September 2006 - 08:19 PM

O I see. Well the first thing would be to put a check in your insert query to see if the value is there already. e-mail would be a good thing to use

<?php
if(isset($_POST['submit'])){  // checks to see if form has been submitted
$email = $_POST['email'];
$sql = "SELECT * FROM tablename WHERE email_field = '$email'";
  $res = mysql_query($res) or die (mysql_error());
    $num_rows = mysql_num_rows($res);
if($num_rows > 0){
echo "Name already exists in the database";
} else {
// do your insert query here
}
} else {
// Show your form below or whatever

}

Ray

#7 OLM3CA

OLM3CA
  • Members
  • PipPipPip
  • Advanced Member
  • 52 posts
  • LocationCyprus

Posted 19 September 2006 - 08:44 PM

Thank you very much Its ok now.
AMD rather than Intel , PHP rahter than ASP

#8 roopurt18

roopurt18
  • Staff Alumni
  • Advanced Member
  • 3,749 posts
  • LocationCalifornia, southern

Posted 19 September 2006 - 08:47 PM

There are a few ways you could go about handling this situation depending on the nature of the form.

My understanding is that there are limitations depending on the database fields and how they're defined, but usually requiring that some combination of data be unique within your table will solve this problem.
PHP Forms : Part I | Part II

JavaScript: Singleton

http://www.rbredlau.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users