ajoo Posted October 31, 2018 Share Posted October 31, 2018 (edited) Hi, I have been detecting POST submits as below if(isset($_POST['someindex']) && $_POST['someindex']==="somevalue"){ .. } which I know should be replaced by if($_SERVER['REQUEST_METHOD']=== "POST"){ ... } So I changed it in entirety in my project and on testing found that there are conflicts. Now my main file has a slider with a login and logoff button. and then when the user is logged in it includes the user page, which in turn keeps including other pages . So if there are many buttons on those pages, it can result in a conflict as I found out. I wish to confirm that to avoid the conflicts is the following the right way to go about it. I would like to say that while the index may be the same, the values for each are unique. if($_SERVER['REQUEST_METHOD']=== "POST" && if(isset($_POST['someindex']) && $_POST['someindex']==="somevalue")){ ... } Thanks all ! Edited October 31, 2018 by ajoo Quote Link to comment Share on other sites More sharing options...
requinix Posted October 31, 2018 Share Posted October 31, 2018 The first method is better, even required, if you need to test whether a button was pressed. The second method only tells you if a form was submitted. But you should have the login/logoff form pointing to a dedicated page to handle the action. Quote Link to comment Share on other sites More sharing options...
ajoo Posted October 31, 2018 Author Share Posted October 31, 2018 (edited) Hi requinix, ? Thanks for the reply though I am none the wiser ! ? Most of the time I click a button, a form is also being submitted. So what do i do in that case ? Another thing that you mentioned is that the login and logoff form pointing to a dedicated page. In my case, it's handled on the same page. The logoff simply brings the user back to the login page and login includes the restricted page into the main page. Any issues with that especially concerning security. So now there are these 2 questions !!? ? Thank you ! Edited October 31, 2018 by ajoo Incomplete reply Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 31, 2018 Share Posted October 31, 2018 This is very simple. Here is how to handle multiple forms on the same page. <?php if ($_SERVER['REQUEST_METHOD'] === "POST") { if (isset($_POST['form1'])) { echo 'Form 1 Submitted'; } if (isset($_POST['form2'])) { echo 'Form 2 Submitted'; } } ?> <form method="post"> <input type="hidden" name="form1"> <input type="submit" value="Form 1"> </form> <form method="post"> <input type="hidden" name="form2"> <input type="submit" value="Form 2"> </form> 1 Quote Link to comment Share on other sites More sharing options...
ajoo Posted October 31, 2018 Author Share Posted October 31, 2018 (edited) Hi Benanamen, Thanks for the reply. Ya that does seem easy. Yet the problem remains in my case. I'll try my best to explain it. The main page handles the login and logoff. So there is a block of code if ($_SERVER['REQUEST_METHOD'] === "POST") { ... } which handles these two cases. If the user logs in he accesses the restricted page which is included in the main page. This page also has a few buttons and also it's own block if ($_SERVER['REQUEST_METHOD'] === "POST") {...} to handle the submits of this included page. Now because there are two similar blocks in scope, the first block intercepts the request which is meant for the 2nd block and gives an unknown index error. Hence I thought that maybe I needed to use the "AND" to filter it down to the second block. This, thus is the dilemma !! I hope you can tell me a way out. Thanks loads ! Edited October 31, 2018 by ajoo Quote Link to comment Share on other sites More sharing options...
requinix Posted October 31, 2018 Share Posted October 31, 2018 And my and benanamen's posts should give you the answer to that. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted October 31, 2018 Share Posted October 31, 2018 (edited) OR if you use the same named hidden field for all the forms, 'action' for example, each with a unique value, you can eliminate any isset() tests for that field since it will be set if the request method is post. Edited October 31, 2018 by mac_gyver 2 Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 31, 2018 Share Posted October 31, 2018 Not sure what the others are telling you but to give you and idea of how it COULD be done.... In the case where you might be using a SINGLE form you can have multiple 'submit' input tags all having the same name= attribute. I personally use 'btn' all the time. Then your script would check for the REQUEST_METHOD of POST and if found, you can then check what the value of $_POST['btn'] is which would tell you what the user wants the form/script to do for him this time. I think this should give you enough to think on 1 Quote Link to comment Share on other sites More sharing options...
requinix Posted October 31, 2018 Share Posted October 31, 2018 If we're still going at this, <button> has a handy property where its value is separate from what it displays to the user. Consider <button type="submit" name="action" value="login">Login</button> <button type="submit" name="action" value="logout">Logout</button> Quote Link to comment Share on other sites More sharing options...
ajoo Posted November 1, 2018 Author Share Posted November 1, 2018 Hi to all my respected fellow coders and gurus who have taken time to respond, My code echos an error because there are two exactly same blocks as below in it "included" from different pages. one is the from the home page which has the login / logoff slider bar, header. This itself is quite wrong unless I am highly mistaken. Main Page : if ($_SERVER['REQUEST_METHOD'] === "POST"){ if(isset($_POST['submit']) && $_POST['submit'] ="login"){ ... } if(isset($_POST['submit']) && $_POST['submit'] ="logoff"){ ... } } and menu the 2nd comes from the page "included" in the display area. Display Page: if ($_SERVER['REQUEST_METHOD'] === "POST"){ if(isset($_POST['submit']) && $_POST['submit'] ="activate"){ ... } } As i could see from the error and by invoking var_dumps on the results, the $_POST[''submit'], submit from the "included" code in the page display area is intercepted by the code in the first block that deals with login and logoff. Because it does not find the type "activate" of the button associated with type = "submit" in that block , it throws an error. If the code could just fell through the first code block and reached the 2nd block (fictional of course since it cannot happen like that) the error would not occur. But of-course that is wrong in the first place. I am still missing out something from the discussion above, as i probably am, i am really sorry and request you to please explain just once again. Thanks all ! Quote Link to comment Share on other sites More sharing options...
benanamen Posted November 1, 2018 Share Posted November 1, 2018 OP, how about telling us what the real problem is instead of asking about your attempted solution to the real problem. What is the problem you are trying to solve with all these submits in the same page? Quote Link to comment Share on other sites More sharing options...
kicken Posted November 1, 2018 Share Posted November 1, 2018 Your inner if statements are incorrect. You're using = (assignment) when you should be using == (compare). As a result, all of your if branches should be getting followed. Quote Link to comment Share on other sites More sharing options...
ajoo Posted November 1, 2018 Author Share Posted November 1, 2018 Hi ! @Benanaman The problem that I wish to solve is to get the submits to find the correct block and avoid interception by the wrong block. @ Kicken. Correct. I made that mistake here. It's perfect in the actual code though. Thanks. Quote Link to comment Share on other sites More sharing options...
ajoo Posted November 1, 2018 Author Share Posted November 1, 2018 Hi all ! Thanks for all the responses. I think that which was suggested by you all is correct and the problem lies in a bit of complication in my code and the manner in which $_POST and $_SESSION have been used in the if else blocks to get the current and session values. I will fix that, hopefully soon, and then check / test the code again and revert if the problem still remains. Thanks loads ! Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted November 1, 2018 Share Posted November 1, 2018 9 hours ago, ajoo said: Because it does not find the type "activate" of the button associated with type = "submit" in that block , it throws an error. What is the exact error message you are seeing? 5 hours ago, ajoo said: @ Kicken. Correct. I made that mistake here. It's perfect in the actual code though. It might help if you post the actual code block you're working with. Quote Link to comment Share on other sites More sharing options...
benanamen Posted November 1, 2018 Share Posted November 1, 2018 3 hours ago, cyberRobot said: It might help if you post the actual code block you're working with. I was just going to say the same thing. By the way, you still described your attempted solution to the real problem. Think on a higher level, meaning, what is the overall task at hand. We know you have multiple forms on one page. Why? Tell us about that. Quote Link to comment Share on other sites More sharing options...
ajoo Posted November 2, 2018 Author Share Posted November 2, 2018 (edited) Hi all, Grateful for all the responses. I have managed to solve the issue as far as I could test. Quote It might help if you post the actual code block you're working with. Find attached the code below that I had to jiggle with to get the correct order for the logic to work. The complexity arose because of the session values that need to come in a certain order for the logic to work. <?php if(isset($_POST['cn_no'])) { if(($cn_no = fcheckNumber($_POST['cn_no'])) !== false){ $_SESSION['f_error'] = "Center No = ".$cn_no; } else $_SESSION['f_error'] = "Center Error"; } else $cn_no = $_SESSION['cn_no']; ////////////// Stream DropDown /////////////// if(isset($_POST['ddStream'])) { if(($dd_Stream = fcheckStream($_POST['ddStream']))===false) { $dd_Stream = false; $_SESSION['f_error'] = "invalid Stream1"; } elseif($dd_Stream ==='All') { $_SESSION['ddStream'] = $dd_Stream; $pp = "(userstatus.Stream = ? || userstatus.Stream = ?)"; $strTypes = 'issi'; $mm = 'Regular'; $nn = 'Beginners'; $values = array($cn_no,$mm,$nn); } else // $dd_Stream === 'Regular' || $dd_Stream === 'Beginners' { $_SESSION['ddStream'] = $dd_Stream; $pp = "userstatus.Stream = ?"; $strTypes = 'isi'; $mm = $dd_Stream; $values = array($cn_no,$mm); // echo $pp; } } elseif(isset($_SESSION['ddStream'])) { if(($_SESSION['ddStream'])==='All') { $pp = "(userstatus.Stream = ? || userstatus.Stream = ?)"; $strTypes = 'issi'; $mm = 'Regular'; $nn = 'Beginners'; $values = array($cn_no,$mm,$nn); } elseif($_SESSION['ddStream'] === 'Regular' || $_SESSION['ddStream'] === 'Beginners') { // echo"A1"; $dd_Stream = $_SESSION['ddStream']; $pp = "userstatus.Stream = ?"; $strTypes = 'isi'; $mm = $dd_Stream; $values = array($cn_no,$mm); } else { $dd_Stream = false; $_SESSION['f_error'] = "Invalid Stream2"; } } else { $pp = "(userstatus.Stream = ? || userstatus.Stream = ?)"; $strTypes = 'issi'; $mm = 'Regular'; $nn = 'Beginners'; $values = array($cn_no,$mm,$nn); } if(isset($_POST['ddrank'])) { if($_POST['ddrank']==='All') $dd_rank = 'All'; else $dd_rank = fcheckNumber($_POST['ddrank']); if($dd_rank===false){$dd_rank=false; $f_error = "rank Error";} if($dd_rank && $dd_rank==='All') { $_SESSION['ddrank']=$dd_rank; $qq = 'userstatus.rank <= ?'; $ll = 14; array_push($values,$ll); } else { $_SESSION['ddrank']=$dd_rank; $qq = "userstatus.rank = ?"; $ll = $dd_rank; array_push($values,$ll); } } elseif(isset($_SESSION['ddrank'])) { if(($_SESSION['ddrank'])==='All') { $qq = 'userstatus.rank <= ?'; $ll = 14; array_push($values,$ll); } else { $dd_rank = $_SESSION['ddrank']; $qq = "userstatus.rank = ?"; $ll = $dd_rank; array_push($values,$ll); } } else { $qq = 'userstatus.rank <= ?'; $ll = 14; array_push($values,$ll); } . . . ?> By the way I do have CSRF token checking in place in case someone should point that out. I removed that since with a common post block it would be much simpler. Thank you all very much. Much obliged. @ Benanamen: The overall task is to take values of two drop downs. One is sent via post and the other is from a session, the previous value, and using these 2, execute a query and display the results. For ex. in my program, it allows a choice of a stream ( like a subject) and the grade or rank of the user and based on these 2 it creates a query and displays the results. The block structure you gave was absolutely correct. The sessions and their placement in the overall code was the problem. Thanks again ! Edited November 2, 2018 by ajoo incomplete Quote Link to comment Share on other sites More sharing options...
benanamen Posted November 2, 2018 Share Posted November 2, 2018 Better explanation of the task. Do you actually have two separate forms or do you have one form with two dropdowns? It sounds like it is the latter. Have you been calling each dropdown a form? It looks like your logic is all over the place. Its going to take a few good minds here to sort through it. Quote Link to comment Share on other sites More sharing options...
ajoo Posted November 2, 2018 Author Share Posted November 2, 2018 (edited) Hi Benanamen !! Thanks again for the reply. Right so I call the drop downs a form because their selection causes a submit and both are actually enclosed in <form> tags. So yes they are the forms. Of-course I can choose only one at a time and so only one would be submitted. I put the code for all of you to see. I have managed to sort it out though. It's working great now. I did club the posts together under $_SERVER['method_request'] like you suggested. Yes the logic needed a little twisting though because it needs values from previous session as well. Thanks a ton for pursuing this with me. Regards to all ! Edited November 2, 2018 by ajoo Quote Link to comment Share on other sites More sharing options...
ginerjm Posted November 3, 2018 Share Posted November 3, 2018 Your latest posted code seems to have several flaws in it. It can't possibly be running - is it? Where is $cn_no defined/assigned/created? Where is $dd_stream defined/assigned/created? Where is $_SESSION['cn_no'] etc, etc, etc? Where is $_SESSION['dd_stream'] etc, etc, etc? Quote Link to comment Share on other sites More sharing options...
ajoo Posted November 4, 2018 Author Share Posted November 4, 2018 hi Ginerjim, Thanks for your interest in this. Sorry for the delay in reply since I saw it just now. OK so these are as follows: The cn__no represents a center is a session variable defined on user login. dd_Stream is the value of the dropdown box that is sent as a post variable when it is selected. once selected, it is also assigned to the Session variable $_SESSION['dd_Stream']. If next time around, if rank dropdown is chosen and submitted, the last value of dd_Stream will be held in the session variable and will be used as such, the rank value is now sent as a post variable. Together these two variable are needed and are fed to a query to generate the results to be displayed. The first time around, on the home page, there are default values for these two variables that are used to invoke the query and display the results. Yes the code now works just fine. I hope that clears it. In case you want any further clarification, i'll be glad to provide. Thanks loads ! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.