Jump to content

phprocker

Members
  • Posts

    91
  • Joined

  • Last visited

    Never

About phprocker

  • Birthday 06/13/1976

Profile Information

  • Gender
    Not Telling

phprocker's Achievements

Member

Member (2/5)

0

Reputation

  1. This http://anantgarg.com/2009/03/13/write-your-own-php-mvc-framework-part-1/ is a good read on the topic.
  2. I figured it out. My function call: displayForm(); was missing the default argument: displayForm(array()); Cheers.
  3. Hey all. I have a function called displayForm in a form validation script. This function accepts a few arguments but these arguments are empty upon initial calling of the function. One of the arguments is and errors array that only gets populated if there were form errors. So upon running my script initially I get missing argument Warnings. Can these warnings simply be ignored? Would they cause problems throughout my script if I ignore these warnings? And how can I suppress these warnings if I would like to? Thanks all for your help. Cheers.
  4. Thanks for the great input guys. All clear now. Cheers!
  5. Hey all. What is the best way to check if a form field has been entered by the user? Because a field left blank by the user still shows up as set with the isset function. Example: if (isset($_POST['name'])) { echo "The field is set"; } This is a problem if I'm checking if the user has skipped over the name field on a form because an empty value gets passed to the POST array even if the field is left blank. Do people use empty or a regular expression instead? Cheers!
  6. Hey all. I was curious what is the best practice when creating a user login system? I've seen them done in the following 2 ways. First I've seen tutorials on logins where after the post data is verified against the database a username session is created and member pages are accessed if the user session is set. Second I've seen tutorials on logins where the username session is verified against the database on every single page. What is the best practice along these lines? Cheers!
  7. It's late and I'm tired so hopefully I did this right. I think this is what you mean. $title = "This is an example of a sentence in a paragraph"; $title_array = explode(" ", $title); foreach($title_array as $value) { $count = strlen($value); echo "The word has " . $count . " characters.<br />"; }
  8. I just fixed an error I saw i had...check to make sure you have this... <?php echo "<img src=\"C:\wamp\www\fermpix\Pics\\" . $row['Name'] . "\">"; ?>
  9. This: <?php echo "<img src=\"C:\wamp\www\fermpix\Pics\'{$row["Name"]}'\">";?> needs to be this: <?php echo "<img src=\"C:\wamp\www\fermpix\Pics\\" . $row['Name'] . "\">"; ?> Respond if it doesn't work.
  10. @Pikachu200 Doesn't htmlspecialchars($_POST['PHP_SELF'], ENT_QUOTES) deal with the XSS vulnerability? @adm83 I'm not sure what you mean by "create an empty list".
  11. Here is what I believe you are looking for. Please note: The following code is a rough draft and meant as a guide. Not for any production site. <?php // database variables $host = "localhost"; $user = "user"; $pass = "pass"; //database connection $conn = mysql_connect($host, $user, $pass); mysql_select_db("database", $conn); // create form to get number of fields if (!isset($_POST['submit']) && !isset($_POST['formfields'])) { $form = '<h2>Choose Number Of Items</h2><form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <select style="width:225px" name="formfields"> <option value=1>1</option> <option value=2>2</option> <option value=3>3</option> <option value=4>4</option> <option value=5>5</option> <option value=6>6</option> <option value=7>7</option> <option value=8>8</option> <option value=9>9</option> <option value=10>10</option> </select><br /><br /> <input type="submit" name="submit" value="Submit" /> </form>'; } // generate inputs if user chose number of items if (isset($_POST['submit']) && $_POST['formfields'] != '') { $items = $_POST['formfields']; $form = "<h2>Enter Your Items</h2> <form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">"; for($in=1;$in<=$items;$in++){ if ($in >= 11){ break; } $form .= "<p>Item</p>" . $in . ": <input style=\"width:200px\" type=\"text\" name=\"formvalue[]\" /><br /><br />"; } $form .= "<input type=\"hidden\" name=\"formfields\" value=\"" . $_POST['formfields'] . "\" /> <input type=\"submit\" name=\"submit\" value=\"Submit\" /></form>"; } //check form items submitted if (isset($_POST['submit']) && isset($_POST['formvalue'])) { //check missing user input foreach($_POST['formvalue'] as $value) { if(!isset($value) || $value == "") { $emptyvalue = TRUE; } } if ($emptyvalue) { //view if missing user input echo $form; exit(); } } else { //view if no submit echo $form; exit(); } //step through post array and make safe for sql foreach($_POST['formvalue'] as $value) { $sqlsafe[] = '("' . mysql_real_escape_string($value) . '")'; } // build query $query = "INSERT INTO tbl_clients (Calias) VALUES " . implode(",", $sqlsafe); // insert to database or error if(!mysql_query($query,$conn)) { die('Error: ' . mysql_error()); } // debugging echo $query; ?> Please note: Depending on how many items you are allowing users to choose, in the for loop "$in >= 11" must be adjusted. The current value is for 10 items.
  12. Let me rephrase my above post to suit your needs. This line: $query = "INSERT INTO tbl_clients (Calias) VALUES " . implode(",", $sqlsafe); outputs this: INSERT INTO tbl_clients (Calias) VALUES ("value1_from_field_1"),("value2_from_field_2"),("value3_from_field_3"),etc,etc,etc.... to how ever many items your user needs.
  13. ** see post below for correction **
  14. Are you referring to something like this? Notice the form input names. You can have a page that generates fields with a drop down list of numbers. <?php // database variables $host = "localhost"; $user = "user"; $pass = "pass"; //database connection $conn = mysql_connect($host, $user, $pass); mysql_select_db("database", $conn); //check form submitted if (isset($_POST['submit'])) { //check missing user input foreach($_POST['formvalue'] as $value) { if(!isset($value) || $value == "") { $emptyvalue = TRUE; } } if ($emptyvalue) { //view if missing user input $form = "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\"> Value: <input type=\"text\" name=\"formvalue[]\" /><br /> Value: <input type=\"text\" name=\"formvalue[]\" /><br /> Value: <input type=\"text\" name=\"formvalue[]\" /><br /> <input type=\"submit\" name=\"submit\" value=\"Submit\" /> </form>"; echo $form; exit(); } } else { //view if no submit $form = "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\"> Value: <input type=\"text\" name=\"formvalue[]\" /><br /> Value: <input type=\"text\" name=\"formvalue[]\" /><br /> Value: <input type=\"text\" name=\"formvalue[]\" /><br /> <input type=\"submit\" name=\"submit\" value=\"Submit\" /> </form>"; echo $form; exit(); } //step through post array and make safe for sql foreach($_POST['formvalue'] as $value) { $sqlsafe[] = '("' . mysql_real_escape_string($value) . '")'; } // build query $query = "INSERT INTO userinput (formvalue) VALUES " . implode(",", $sqlsafe); // insert to database or error if(!mysql_query($query,$conn)) { die('Error: ' . mysql_error()); } // debugging echo $query; ?> Then your form generation page could be something like: <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <select style="width:225px" name="formfields"> <option value=1>1</option> <option value=2>2</option> <option value=3>3</option> <option value=4>4</option> <option value=5>5</option> </select><br /><br /> <input type="submit" value="Submit" /> </form> You will have to link the 2 pages together with the appropriate coding if this is what you're trying to achieve.
  15. That works to check if the array is there, but I'm talking about individual array values. My code works I just wanted an experts opinion on the method I used and if there is a better way to achieve it.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.