#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    21
    Rep Power
    0

    Need help can you find error for saving data user typed in form


    I have entered my code below I am trying to make my form save users information if they for get another field so when they are told to submit something they missed they do not loose the data they already entered (example: they fill in everything except user name and when they click send all the other fields will still show what they have already typed) This seems to be working fine by using value="\"".$_POST['fieldname']. When I test this though it is not saving the comments field is there a different code I do not know about or is it a placement issue any help would be most appreciated.
    Code:
    <?php function printForm($strMessage){ echo "<strong>" .$strMessage."</strong>"; echo "<form method=\"post\" action=\"" .$_SERVER['PHP_SELF']. "\" name=\"form\">\n<br>"; echo "Your Name: <input type=\"text\" Name=\"yname\" value=\"" .trim($_POST['yname'])."\"><br>"; echo "Your Email: <input type=\"text\" Name=\"yemail\" value=\"" .trim($_POST['yemail'])."\"><br>"; echo "Username: <input type=\"text\" Name=\"yusername\" value=\"" .trim($_POST['yusername'])."\"><br>"; echo "Password: <input type=\"password\" Name=\"pword\" value=\"" .trim($_POST['pword'])."\"><br>"; echo "Confirm Password: <input type=\"password\"  Name=\"cpword\" value=\"" .trim($_POST['cpword'])."\"><br>";   echo "Comments: <textarea name=\"comments\" rows=\"5\" cols=\"20\" value=\"" .trim($_POST['comments'])."\"></textarea><br>";       echo "<input type=\"submit\" value=\"send\" Name=\"submit\"/>\n<br>"; echo "</form>\n"; } ?> <html> <head> <title>Self Submitting Sticky Form</title> <style>body { 				background-color:red; 				}  </style> </head> <body>     <?php     if(isset($_POST['submit'])){         $yourname=trim($_POST['yname']);         $youremail=trim($_POST['yemail']);         $yourusername=trim($_POST['yusername']); 		$yourpassword=trim($_POST['pword']);         $yourcpassword=trim($_POST['cpword']);          if ($yourname==''){         $strMessage='Please enter your name.';         printForm($strMessage);         }         elseif ($youremail==''){ 		        $strMessage='Please enter your email.'; 		        printForm($strMessage);         }         elseif ($yourusername==''){ 				        $strMessage='Please enter your username.'; 				        printForm($strMessage);         }         elseif ($yourpassword==''){ 				        $strMessage='Please enter your password.'; 				        printForm($strMessage);         }         elseif ($yourcpassword==''){ 				        $strMessage='Please confirm your password.'; 				        printForm($strMessage);         }         elseif ($yourcpassword != $yourpassword){ 				        $strMessage='passwords must match.'; 				        printForm($strMessage);         }         elseif(strlen($yourpassword) <= 3 ){         $strMessage='passwords must be at least 4 characters.';         printForm($strMessage);         }           else{         $strMessage='Thank you. your information was sent.';         echo $strMessage;         }      }      else{      $strMessage='Please enter all fields below:';      printForm($strMessage);      }        ?>      </body>      </html>
    Also I am sorry for my code showing up like this I tried to wrap it in the code tags and this is how it displayed I am also going to copy and paste below with out the code tags becuase I think I used them wrong.
    <?php
    function printForm($strMessage){
    echo "<strong>" .$strMessage."</strong>";
    echo "<form method=\"post\" action=\"" .$_SERVER['PHP_SELF']. "\" name=\"form\">\n<br>";
    echo "Your Name: <input type=\"text\" Name=\"yname\" value=\"" .trim($_POST['yname'])."\"><br>";
    echo "Your Email: <input type=\"text\" Name=\"yemail\" value=\"" .trim($_POST['yemail'])."\"><br>";
    echo "Username: <input type=\"text\" Name=\"yusername\" value=\"" .trim($_POST['yusername'])."\"><br>";
    echo "Password: <input type=\"password\" Name=\"pword\" value=\"" .trim($_POST['pword'])."\"><br>";
    echo "Confirm Password: <input type=\"password\" Name=\"cpword\" value=\"" .trim($_POST['cpword'])."\"><br>";


    echo "Comments: <textarea name=\"comments\" rows=\"5\" cols=\"20\" value=\"" .trim($_POST['comments'])."\"></textarea><br>";






    echo "<input type=\"submit\" value=\"send\" Name=\"submit\"/>\n<br>";
    echo "</form>\n";
    }
    ?>
    <html>
    <head>
    <title>Self Submitting Sticky Form</title>
    <style>body {
    background-color:red;
    }

    </style>
    </head>
    <body>
    <?php
    if(isset($_POST['submit'])){
    $yourname=trim($_POST['yname']);
    $youremail=trim($_POST['yemail']);
    $yourusername=trim($_POST['yusername']);
    $yourpassword=trim($_POST['pword']);
    $yourcpassword=trim($_POST['cpword']);


    if ($yourname==''){
    $strMessage='Please enter your name.';
    printForm($strMessage);
    }
    elseif ($youremail==''){
    $strMessage='Please enter your email.';
    printForm($strMessage);
    }
    elseif ($yourusername==''){
    $strMessage='Please enter your username.';
    printForm($strMessage);
    }
    elseif ($yourpassword==''){
    $strMessage='Please enter your password.';
    printForm($strMessage);
    }
    elseif ($yourcpassword==''){
    $strMessage='Please confirm your password.';
    printForm($strMessage);
    }
    elseif ($yourcpassword != $yourpassword){
    $strMessage='passwords must match.';
    printForm($strMessage);
    }
    elseif(strlen($yourpassword) <= 3 ){
    $strMessage='passwords must be at least 4 characters.';
    printForm($strMessage);
    }


    else{
    $strMessage='Thank you. your information was sent.';
    echo $strMessage;
    }
    }
    else{
    $strMessage='Please enter all fields below:';
    printForm($strMessage);
    }


    ?>
    </body>
    </html>
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    a textarea doesn't have a value attribute. Its content is what you write between the tags (that's why it's a non-empty element).

    Apart from that, you seriously need to work on the security of your script:

    The 6 worst sins of security.

    Check 2. especially, but the other vulnerabilities might apply as well.

    Also, do not use $_SERVER['PHP_SELF'], as this can often be controlled by the visitor and used to inject arbitrary content. Simply hard code the script name.
    Last edited by Jacques1; February 13th, 2013 at 04:41 AM.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    21
    Rep Power
    0
    Originally Posted by Jacques1
    Hi,

    a textarea doesn't have a value attribute. Its content is what you write between the tags (that's why it's a non-empty element).

    Apart from that, you seriously need to work on the security of your script:

    The 6 worst sins of security.

    Check 2. especially, but the other vulnerabilities might apply as well.

    Also, do not use $_SERVER['PHP_SELF'], as this can often be controlled by the visitor and used to inject arbitrary content. Simply hard code the script name.
    Thank you very much this does help a bit and I will be reading into this security as I am sure it can help me greatly can you tell me however to make my form save the persons comments if they miss a field because the way it is set right now if they miss something on the form their comments are gone too that's whats really confusing me. Thanks
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Did you read the first sentence about the "value" attribute?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    21
    Rep Power
    0
    Originally Posted by Jacques1
    Did you read the first sentence about the "value" attribute?
    Yes I know I should be taking this out
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    21
    Rep Power
    0
    by tinkering with my code I found if I place the value before or after my text area it will save the comment but not in the comment box so I am assuming I am getting closer to getting it right.
  12. #7
  13. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Please post your code (the textarea should be enough).
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    21
    Rep Power
    0
    Originally Posted by Jacques1
    Please post your code (the textarea should be enough).
    I have been messing with it trying so many different combinations I can not seem to figure out how I had it but like this it does work but it is still not saving users comments
    Code:
    echo "Comments: <textarea name=\"comments\" rows=\"5\" cols=\"20\"></textarea><br>";
    I am assuming this is because I am not using .trim($_POST['comments']) but I can not figure out how to place it exactly.
  16. #9
  17. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by ak4744710
    I am assuming this is because I am not using .trim($_POST['comments']) but I can not figure out how to place it exactly.
    In the textarea element, between <textarea> and </textarea> (just like with "div" elements or "span" or whatever).
    PHP Code:
    <?php 

    // put this in some global script and use it whenever you output a variable
    function html_escape($raw_input) { 
        return 
    htmlspecialchars($raw_inputENT_QUOTES ENT_HTML401'UTF-8'); 
    }  

    echo 
    'Comments: <textarea name="comments" rows="5" cols="20">' html_escape(trim($_POST['comments'])) . '</textarea><br>';
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo