ansaurus

Question

HTML / PHP form

Answer 1

+3 A:

Try switching the tags

'<?' to: '<?php'

Your development environnement may not recognize short tags, thus producting an empty page.

When you access the source code of the page, do you see the doctype/html/body tags ?

Rodolphe 2010-04-15 07:25:03

Note that this is considered good practice - while it's possible to change your PHP installation to allow the short tags, generally it's best to just use the long format.

El Yobo 2010-04-15 07:27:42

Hey thanks for the hlp, I tired adding <?php it didnt change anything, yes I can see the html source code, thanks again!

Jacksta 2010-04-15 07:31:33

I just ran your code on my computer : I have some notices about empty indexes, but the form is shown.Which php server do ou use ? Wamp ? easyphp ? 'hand-made' php server ?Try to run a file with just < ?php phpinfo(); ?> to see if your php server is working as intended...

Rodolphe 2010-04-15 07:52:13

Hey Rodolphe I am runnign this os a hosts server, the phpinfo() works fine, it brings up all the php info. I can also see the form, the problem is that it wont process the form.

Jacksta 2010-04-15 08:06:01

Answer 2

+1 A:

You can use html with php as follows

<?php if ($_POST[op] != "ds") {  ?>

<input type="hidden" name="op" value="ds">
<form method="post\" action=\"$server[PHP_SELF]\">

/* your html code here */

</form>";

<php } else if ($_POST[op] == "ds") {  ?>...............

Salil 2010-04-15 07:27:32

hum... im a little confused. The example in this book I am using only has one open php tag <?php at the beginning of the form and one ?> close at the end of the script.

Jacksta 2010-04-15 07:37:40

your html does not need to be in between php tags, in this example the user will also only see the html if op = ds because there was a php if before it. Therefor the 2 php parts <?php if(){ ?>HTML do be displayed if condition is met<?php } else ... ?>

Pmarcoen 2010-04-15 08:37:42

wow that is right over my head, its my first week coding! how do I change the code?

Jacksta 2010-04-15 08:40:55

instead of : if ($_POST[op] != "ds") { //they see this form echo "$form_block";}else { ... }you can just do :if ($_POST[op] != "ds") {?><form method=\"post\" action=\"$server[PHP_SELF]\">....<?php}else {...}then you can forget about the $form_block which will make things much cleaner :)

Pmarcoen 2010-04-15 09:28:28

and indeed, like zaf said, all of your input needs to be between the <form> tags

Pmarcoen 2010-04-15 09:29:33

Answer 3

A:

Your left out some dashes when trying to access some of the $_POST and $_SERVER varibles.

Example: It's $_POST['op'] and not $_POST[op]

also $_SERVER[PHP_SELF] and not $server[PHP_SELF]

( ! ) Notice: Undefined variable: server in /home/vidves/public_html/www01/test.php on line 14
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: sender_name in /home/vidves/public_html/www01/test.php on line 16
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: sender_email in /home/vidves/public_html/www01/test.php on line 18
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: message in /home/vidves/public_html/www01/test.php on line 20
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Use of undefined constant op - assumed 'op' in /home/vidves/public_html/www01/test.php on line 25
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: op in /home/vidves/public_html/www01/test.php on line 25
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

PHP_Jedi 2010-04-15 07:31:00

-1 Pls specify what are you trying to show up here?

OM The Eternity 2010-04-15 07:34:04

Yepp, I Just did ;-)

PHP_Jedi 2010-04-15 07:35:25

Thanks PHP_JediI checked my example in the book they have $_POST[op] and not $_POST['op'].I changed $server[PHP_SELF] to $_SERVER[PHP_SELF]Still doesnt work :(

Jacksta 2010-04-15 07:42:03

Oki, could you please post in what you see on the screeen, than we can help you more. Do you get an errorcode or message, or is it just a blank page? ... A simple way to test where the code crashes is to uncomment and remove code bit by bit... please fill in with your result.

PHP_Jedi 2010-04-15 12:28:08

I updated the question with the code, cheers

Jacksta 2010-04-16 00:24:51

Thanks, but now im abit comfused here. Your question states that there is no HTML output from your script, and you have outdated with the output. So, Is your problem solved or what was the problem again?

PHP_Jedi 2010-04-16 08:15:26

Answer 4

A:

Some installations care about file-extensions, is your file called *.html or *.php?

It is not uncommon that *.html is just sent out to the client, while the *.php parsed by the php-engine and then to the client.

Johan 2010-04-15 07:41:50

It's in .php formatt I tried changing it to .html and it had a whole lot of code printed on the screen, thanks for the suggestion.

Jacksta 2010-04-15 07:43:43

Answer 5

+1 A:

Found it. Your hidden input field is not inside the form tags and does not get sent when the form is submitted which does not trigger the rest of the PHP code.

So, instead of:

...
<input type=\"hidden\" name=\"op\" value=\"ds\">
<form method=\"post\" action=\"$server[PHP_SELF]\">
...

Swap them round like::

...
<form method=\"post\" action=\"$server[PHP_SELF]\">
<input type=\"hidden\" name=\"op\" value=\"ds\">
...

Very naughty.

zaf 2010-04-15 08:26:06

well spotted, the script still doesnt run the error check e.g. no text in name field and return error.

Jacksta 2010-04-15 08:30:05

If you just click submit on the blank form don't you get "Please enter your name" ?

zaf 2010-04-15 08:44:06

No, did you get that?

Jacksta 2010-04-15 08:49:23

Yes. Have you tried flushing your browser cache?

zaf 2010-04-15 09:04:16

Answer 6

+1 A:

As a stylistic tip, you may want to read up on the HEREDOC syntax. You could do your form building and variable assignment without all the escaping:

$form_block = <<<EOL
<input type="hidden" name="op" value="ds">
<form method="post" action="$_SERVER[PHP_SELF]">
<p>Your name<br />
<input name="sender_name" type="text" size=30 value="$_POST[sender_name]" /></p>
<p>Email<br  />
<input name="sender_email" type="text" size=30 value="$_POST[sender_email]"/></p>
<p>Message<br />
<textarea name="message" cols=30 rows=5 value="$_POST[message]"></textarea></p>
<input name="submit" type="submit" value="Send This Form" />
</form>
EOF;

Also be aware that blindly inserting user-provided data into the form as you are (sender_name and sender_email) can lead to trivial cross-site-scripting attacks. Consider what would happen if the user filled out the form and included a double-quote in either field, but caused a form error some other way (e.g: double quote in sender_name, but left sender_email blank). The double-quote gets inserted into the form and prematurely terminates the "value" attribute of the input field.

To mitigate this, pass all values that will be inserted into the form through htmlspecialchars() first, which will escape any special characters.

Marc B 2010-04-15 14:18:09

wow I was not aware of that, something else I have learnt!

Jacksta 2010-04-16 00:06:12

ansaurus

tags:

views:

answers:

HTML / PHP form

related questions