WesleyA

Are you going to store this string in a database?

yes.

But I have another question about correcting wrong input.

If a user types his name like: JohnEastwoodJohnEastwood I would consider it as wrong because it's double and so I would like to stop it by modifying the entire string. Is that possible?

I searched for it but coud not find if a string could be used as a modifier.

Does anyone know that?

 

What is this input? What are you going to do with this input? Validation of user inputs is commonly done both in Javascript for speedy response and then again in Php for security.

The input is a link or a description. My goal is to make it safe first. If I'm ready with the 'network' part the part that is done with PHP and MySQL then I'll do javascript.

But one other thing: I figured out programmers also use perl for validation.

What is the difference or (dis)advantage of perl validation in relation to php?

This regular expression will match any character repeated 5 times:/(.)1{5,}/

I liked this posting

Well I could use Javascript possibly, but I prefer PHP.

The reason is that sometimes browsers dont process javascript. I want to avoid that problem. So for me it is either PHP unless there is a waterproof script that tracks down browsers not using javascript.

Is there?

I'm looking for a way to block input in a text field occuring more than 5 times. For example

aaaaaa

is wrong but:

A sentence having an input of a happening several times or even more is okay.

above sentence has 7 inputs and shouldnt be blocked.

What is the solution?

And is this a save way? I'm not using PHPSESSID or session_name, so I'm afraid that bad people still can manipulate my database.

How can I avoid unwanted behaviour of others?

ok I have it solves, thanks for the tips.

But, you said I should not clear $_POST, the way I did it it was necessary.

    <?php session_start();      session_name('BlaBlaSession');     $_SESSION['something'] = '';      if (isset($_GET['something'])){     $_SESSION['something'] = $_GET['something'];      var_dump($_GET['something']);      var_dump($_SESSION['something']); }    if (!empty($_SESSION['something']))    { header('Location: NextPage.php');   }     ?>    <html><center> <br><br>Input Form<br><br><form action="#" method="get"><input type=" text" name     ="something" value = "<?php echo $_SESSI     ON['something']; ?>" > <input type="submit" value     ="S     ubmit it!!"> </form></center></html>

second script:

    <?php session_start();     var_dump($_SESSION['something']);    if (isset($_SESSION['something']))    {    var_dump($_SESSION['something']);    $value='';    $value=$_SESSION['something'];    echo '<center>';    echo '<br><br><br>';    echo 'this is the input of the other page : ' . $value;    echo '</center>';    unset ($_SESSION['something']);    unset ($_GET['something']);    }    ?>

Im not sure why you adviced it. Is it wrong to script this way, like can it be done any shorter? Im not only looking for a way to write script, but I want good and short scripts and not much unnecessary stuff.

I never worked with header. I assume it is necessary because I could not replace # in action. What condition combined with header is common in this script where I'm working on?

    <?php session_start();      session_name('BlaBlaSession');    if (isset($_GET['something'])){    $_SESSION['something'] = $_GET['something'];    var_dump($_GET['something']);    var_dump($_SESSION['something']);     }     if (!empty($_SESSION['something'])){ header('NextPage.php');   }    ?>    <html>    <center> <br><br>    Input Form<br><br>    <form action="#" method="get">    <input type=" text" name ="something" value = "<?php echo $_SESSION['something']; ?>" >     <input type="submit" value="Submit it!!"> </form></center></html>

OK I get stuck where the input form must get the value and send it to another page.

it is either the PHPSESSID ( I changed the name with session_name) that has to set in the action tag probably I'm not sure if it's that what is missing.

I post the code of the 2 scripts here:

    <html>    <center>    <br><br>    <?php        session_name('BlaBlaSession');    session_start();    $_SESSION['something'] = '';    $_POST['something'] = '' ;    $_SESSION['something'] = $_POST['something'];     ?>    <br><br>        Input Form<br><br>    <form action="NextPage.php" method="post">    <input type=" text" name ="something" value = "<?php echo $_SESSION['something']; ?>" >    <input type="submit" value="Submit it!!">    </form>    </center></html> 

NextPage.php

    <html>    <center>    <br<br<br>    <?php        session_name('BlablaSession');        session_start();        var_dump($_SESSION['something']);        if (isset($_SESSION['something']))        {           var_dump($_SESSION['something']);    $value='';    $value=$_SESSION['something'];    echo 'this is the input of the other page : ' . $value;    }    ?>    </center></html> 

sorry I was a bit off track.

I figured out what my problem is.

I cant find a good solution for creating an input field and putting the variable in a $_SESSION

any suggestions. ?

(sorry I hope my question is not too no-brainy but I'm like almost a noob and I'm very unfamiliar with forms, html and working with globals)

Oh yeah what I also would like to know is this:

Is it possible to change PHPSESSID?

So then you would use some kind of function to change PHPSESSID in an own variable making it harder for miscreants to use bad code?

What does it cause to stop them? Is it more effective and in what way?

Disable sessions?

OMG. If it would be safer I would do that.

Actually at the moment - for me as a beginner - it is getting really unclear what is safer, sessions or cookies. All together it is hazy stuff and all kinds of tuts, books and forums have different explanations about what is the best and safest way.

Can you give examples about what is possible with session 'hijacking'? As hijacking is often mentioned as a way of sending bad code to someone's website.

Back to script writing:

Dont you think that the purpose of a script and its varaibles is also determining what should be used either sessions or cookies? For the present part of the script I need the input value which determines how many links someone can fill in, but for the validation form I need the same choice. I dont know, there is a risk maybe when someone fills in like 10.000 links an hour or so, but I can of course make a limit when adding them to the database.

Not all script parts are immediately really dangerous. I guess, but i'm not sure, it's all new stuff to me. It is actually really interesting to figure out what is possible. I also shallowly investigated Kali and Backtrack in the past as a means of penetrating but most stuff is illegal and yeah of course you can do that cracks but if they want to get into something they will do it anyway, same with defending your own house if they want to break in to your house then they get in, even if you ly armed on a matrass behind the front door.

The use of $_POST and $_GET is quite clear and easy, you also collect details from the user but only one value every time, but is $_SESSION the only good alternative? Isnt it possible for the coding department to make some kind of instruction that works like $_POST but is able to handle values over several pages?

Im looking for a way to send a variable with $_SESSION to another page. $_POST its scope is not sufficient.

I have it now with a link and it is sent to 1 other php file.

script

    <?php    session_start();    $count = "3";    $_SESSION['count']=$count;    echo "the following number was in the variable : " . $count;    echo "<br>";    echo "click the next link";    echo "<br>";    echo "<a href= 'targetpag.php?PHPSESSID=' . strip_tags(session_id()). > To target page </a>";    ?>

this is the target script where the variable is sent to.

    <?php        session_start();     $count=$_SESSION['count'];    echo 'this is the number : ' . $count;    ?>

The <a href> solution is not good for my script and limits the use of inpt type hidden.

Is there a way to sent values of $_SESSION without a html submit button (including type hidden) to multiple pages or if not how is it done with other html elements/attrubutes?

I read somewhere that when you do not want to use include you should turn on register_globals.

I added this code at the end of the php.ini file:

     register_globals=1

Do I have to restart WAMP or not?

appears to be depricated

when working with $_SESSION and creating a super global then in the script where I use include and call the variable the entire form is showing up.

I have to work with $_SESSION, because $_POST or $_GET wont work in this situation.

Is there a way to transfer a form value to another script, and then a single value and not the complete form with everything in it.

Good !

I first tested a separate script making a dropdown menu, and managed to do that

I admit I never had done it before, at least not with php and transferring it to another page. My programming skills are not so high its more on a hobby level.

I realize that html is very important for webprogramming. Just starting with php will confront you with interesting challenges.

But anyway thanks for the help I really appreciate your patience and time.

Geez! remove label, label does absolutely nothing to prevent it submission, the only problem is YOU! not following my example, where did you get the idea that label goes in select, I'll tell you, no where, MY EXAMPLE will work if you follow it correctly. I'm really starting to get bored with this, its obvious you have no idea on creating basic form and proper use of name attribute, until you do, you'll just going to repeat going round and round in circles, wrong php start tag, php closing tag in comment. The code is there to work you just have to learn basics of form to get that right first, so its good night from me and good night from him.

Well I admit that I dont know a lot about html pogramming. Im still a beginner actually. I know name is used for giving a name to a form.

I have used name in the form element, but I'm not sure if that is enough, maybe you could explain that?

If you know any good and profound info online about the usage of html and attributes in html/php forms then please tell. I am looking for good info.

OK here is the first script:

    // make connection with database    <form action="Add-Succ7.php" id="rublist" method="get">     <SELECT name="kolom2"><?php         $tmp=0;        while($row = $result->fetch_assoc() ) {                  // $reeks = implode(" " , $row); ?>  	<label form="rublist">	<option id="kolom2" value = "<?echo 'whatever' .$tmp; ?>" >   <?php 	             echo 'whatever' .$tmp;                      ?></option></label>       <?php $tmp++; }?>	     </SELECT>         	     <?php     mysqli_close($conn);            ?>    // code for input of name and webadres     <?php     $num = $_POST['number'];  // previous page gives user possibility to choose between 1 and 5    for ($i=0; $i < $num ; $i++) {         ?><p><center>        		<label for="linkoms_<?php echo $i ?>">		Omschrijving: <?php echo ($i + 1) ?>		</label>		        <input type="text" name="linkoms[]" 		id="linkoms_<?php echo $i ?>" 		placeholder="website naam" required /> <br> <br>						<label for="linkadd_<?php echo $i ?>">		Het webadres <?php echo ($i + 1) ?>		</label>				 <input type="text" name="linkadd[]" 		id="linkadd_<?php echo $i ?>" 		 placeholder="www.website.com" /><br><br>        </center>	</p>	<?php	        }    ?>     <br><br><br>	      <input type="submit" method="get" value="Submit"  />		      </form >

Then the Add-succ7.php which executes the adding of the link address and name to the database:

     <?php    // .. make connection     $conn = new mysqli($servername, $username, $password, $dbname);    if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error);}     if ($_SERVER['REQUEST_METHOD'] == 'POST') 	{     if (isset($_GET['kolom2']) )      {       var_dump($_GET['kolom2']);     $tab="";	 $tab=$_GET['kolom2'];			 $tab = filter_input(INPUT_POST, 'kolom2');    } 						   }	 If (isset($_GET['linkoms']) && (is_array($_GET['linkoms'])) && ($oms = " ") && isset($_GET       ['linkadd']) && (is_array($_GET['linkadd'])) && ($add = " ")  ) {						$tab="";		$tab=$_GET['kolom2'];		$tab = filter_input(INPUT_POST, 'kolom2');			          foreach($_GET['linkoms'] as $key => $dummy) {     $oms = $conn->real_escape_string($_GET['linkoms'][$key]);     $add = $conn->real_escape_string($_GET['linkadd'][$key]);     $sql = "INSERT INTO $tab (linkoms, linkadd) VALUES ('$oms', '$add')" ;        if ($conn->query($sql) === TRUE)                                { // echo  $sql .'<br>'; //  connection made                                                                } else {            echo "Error: an error occured while adding to the database" . " <br>" . $conn->error;            }						 echo "<br>" . "The records are added to the database "             ;                                      } 				}  else { echo "error: try again to add to the database"; } 	       ?>

It is not all of the code, parts with the password data etc. are left out just as the header parts, but I hope it gives a good impression of the way it should work.

I still dont see it. Should i be more specific? Should I use </label> and wrap that around it?

I changed as you told, but I dont see which values you mean that are showing up in the address bar.

This is what is coming up after Add-Succ7.php

    ../Add-Succ7.php?kolom2=%3C%3Fecho+%27whatever%27+.%24tmp%3B+%3F%3E&linkoms[]=franse+thee&linkadd[]=http%3A%2F%2Fwww.thee.fr

    <form action="Add-Succ7.php" id="rublist" method="post">    <SELECT name="kolom2"><?php     while($row = $result->fetch_assoc() ) {         $reeks = implode(" " , $row); ?>        <option name ="kolom2" value = "<?????? dont know what to do here? >" > <?php           echo $reeks;           } ?></option>        </SELECT>      </center>         <?php     mysqli_close($conn);    ?>

The ouptut in Add-Succ7.php of var_dump is empty, so not null but ' ' .I tried to place $reeks in value and $_POST['kolom2'] but the var_dump($_POST['kolom2']) remained giving an empty or a variable as output. placing the name of one of the tables in value - in this case value="cars" - gave the wanted output. Is there a sort of instruction in between so that the form confirms which option is chosen?

OK get that.

But one way or antother the 'name' attribute doesnt post it towards the next page. var_dump gives an empty result.

Okay dsonesuk this was very valuable. I managed to have the database tables show up in the dropdown menu.

But the strange thing is that submitting doesnt work anymore.

I changed the previous properly working checkbox input script into this dropdown menu with the idea it would work. So the name attribute was set properly but no new records are added.

Is there anything important that should be heeded when programming this?

The script now is like this:

    <form action="Add-Succ7.php" id="rublist" >     <SELECT name="kolom2" method="post" form="rublist" >     <?php 			while($row = $result->fetch_assoc() ) {				$reeks = implode(" " , $row);         echo $reeks;                       ?>		    <option value = "<?php // $reeks; ?>" >         <?php                               }  ?>                 </option>	     </SELECT>         </center>	       <?php         mysqli_close($conn);                ?>        // part of the script that looks after several input fields.    <input type="submit" method="post" value="Kies Rubriek"  />		    </form>

The input fields are later added as records to the database.

Ok here is the php code in a more inline style.

    $conn = new mysqli($servername, $username, $password, $dbname);    if ($conn->connect_error) {        die("Connection failed: " . $conn->connect_error);    }    $sql = "SHOW TABLES";    if (!$result = $conn->query($sql)){	die('There was an error running the query[' .$conn->error. ']');	    }     ?>        <form name = "inpform"  method="post" action="Add-succ7.php">         <SELECT >		<option value = " <?php 		$reeks='';		echo $reeks; 		while($row = $result->fetch_assoc() ) {				$reeks = implode(" " , $row);		?>  " ></option>	 </SELECT>      </center>	      <?php        }      mysqli_close($conn);      ?>

Although I have closed the option value which I will quote here:

<option value = " <?php

$reeks=''; echo $reeks; while($row = $result->fetch_assoc() ) { $reeks = implode(" " , $row); ?> " >

this code gives a strange repeat of "> about 12 times and unfortunately an empty dropdown menu.

I cant remove "> at the end but would like to receive some help finding a place where to put this part of the code.

So my goal is now to have a table list read from the database. The content of the table is supposed to be put in an <SELECT> <OPTION VALUE> form for a dropdown menu having the user select only 1 value.

     $conn = new mysqli($servername, $username, $password, $dbname);     if ($conn->connect_error) {        die("Connection failed: " . $conn->connect_error);       }     $sql = "SHOW TABLES";      if (!$result = $conn->query($sql)){	     die('There was an error running the query[' .$conn->error. ']');	       }       foreach($row = $result->fetch_assoc()){		echo "<center>"; 	     $reeks = implode(" " , $row);	 // echo $reeks;		// echo "<br>";	echo "</center>";            ?>      <center>        <form name = "inpform"  method="post" action="Add-succ7.php">         <SELECT >		<option value = "<?php echo $reeks; 		?>" > </option>       </SELECT>            </center>	      <?php       }      mysqli_close($conn);       ?>

Do I have to do this with foreach or while? (or something else?)

In the checkbox version I use while but when doing that I get a list of 8 checkboxes without any value. I see the dropdown menu is placed in the loop of while so another condition (like foreach) seems to be the first thing to think about.

But what kinda solutions would you have for the script above?