Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    21
    Rep Power
    0

    SOLVED - POST listbox contents in form not 'posting'..


    Hi,

    I have two listboxes which contain data obtained from a previous POST. Here is the code:

    [CODE]<form id="repeat" action="questionsubmit.php" method="post">[CODE]

    [PHP]
    $tagvalues = $_POST['Taglist'];
    $coursevalues = $_POST['Courselist'];

    echo "<select multiple=\"multiple\" name=\"tester[]\">";
    foreach ($tagvalues as $a){
    echo "<option value='$a'>$a</option>";
    }
    echo "</p>\n";
    echo "</select>";

    echo "<select multiple=\"multiple\" name=\"test[]\">";
    foreach ($coursevalues as $b){
    echo "<option value='$b'>$b</option>";
    }
    echo "</p>\n";
    echo "</select>";
    [PHP]

    [CODE]<input type="submit" value="Add my question!" /></form>[CODE]

    There are also many other input types but I've left them out - These do submit to questionsubmit.php correctly! It's just the two select input types above that do not show on the next page - However, they do contain the values from the previous post.

    Here is the questionsubmit.php code:

    [PHP]
    $tester = $_POST['tester'];
    $test = $_POST['test'];

    echo "<p>Tag(s) selected: <br />";
    foreach ($tester as $a){
    echo $a ."<br />";
    }
    echo "</p>\n";
    echo "<p>Course(s) selected: <br />";
    foreach ($test as $b){
    echo $b ."<br />";
    }
    echo "</p>\n";
    [PHP]

    Any ideas why the POST does not work for the two listboxes?

    Thanks in advance, any help appreciated.
    Daniel
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    189
    Rep Power
    0
    Perhaps it is because of the closing p tags you have just ahead of your closing select tag. ??
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    first of all, this code is a huge security risk, because you insert the POST values directly into your page, allowing anybody to manipulate it and inject JavaScript code.

    You need to escape the user input before you can output it.

    Regarding the form issues, I'm not exactly sure if I understand you correctly. So some other form initiates a POST request to your first form, right? You take the POST data and create a selection list from them, basically letting the user make another selection from what they've already selected. The user submits this form again, and now what exactly happens?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    21
    Rep Power
    0
    Originally Posted by Jacques1
    Hi,

    first of all, this code is a huge security risk, because you insert the POST values directly into your page, allowing anybody to manipulate it and inject JavaScript code.

    You need to escape the user input before you can output it.

    Regarding the form issues, I'm not exactly sure if I understand you correctly. So some other form initiates a POST request to your first form, right? You take the POST data and create a selection list from them, basically letting the user make another selection from what they've already selected. The user submits this form again, and now what exactly happens?
    Thanks for the tip on security. I'm new to PHP so I'd expect to have done it wrong.

    The user submits the form again, and then the data is inserted into a database with MySQL.

    Thanks for your reply,
    Daniel
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    No, I mean, what's the error?

    Let's say the initial POST request to your upper script contains

    Code:
    test: [2, 3, 4]
    So the selection box in the upper script will contain those three options. Now I select "3" and "4". This means in the lower script, I should be seeing "You selected 3 and 4". What happens instead?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    21
    Rep Power
    0
    Originally Posted by Jacques1
    No, I mean, what's the error?

    Let's say the initial POST request to your upper script contains

    Code:
    test: [2, 3, 4]
    So the selection box in the upper script will contain those three options. Now I select "3" and "4". This means in the lower script, I should be seeing "You selected 3 and 4". What happens instead?
    Instead the lower script just shows:
    Tag(s) selected:

    With no id numbers listed. However, the post has worked because other values were passed to the lower script page. It's just the two select types that don't seem to be able to pass values on.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    189
    Rep Power
    0
    In case you missed my prev post,

    Your Select Tags are Not Formed Correctly.
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    21
    Rep Power
    0
    Originally Posted by jimmyg999
    In case you missed my prev post,

    Your Select Tags are Not Formed Correctly.
    Thank's for reminding me, I did miss it! I have removed the closing p tag but it's still not working. Any other ideas?

    Here's an image of the code snippets I've been using:

    www(dot)freeimagehosting.net/em8xe
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    189
    Rep Power
    0
    Can we see the code again?
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    21
    Rep Power
    0
    Originally Posted by jimmyg999
    Can we see the code again?
    Here's an image of the code snippets I've been using:

    www(dot)freeimagehosting.net/em8xe

    - It's a bit schematic and I've left out the onsubmit and so on..
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    21
    Rep Power
    0
    Originally Posted by DanJames
    [CODE]<form id="repeat" action="questionsubmit.php" method="post">[CODE]

    [PHP]
    $tagvalues = $_POST['Taglist'];
    $coursevalues = $_POST['Courselist'];

    echo "<select multiple=\"multiple\" name=\"tester[]\">";
    foreach ($tagvalues as $a){
    echo "<option value='$a'>$a</option>";
    }
    echo "</select>";

    echo "<select multiple=\"multiple\" name=\"test[]\">";
    foreach ($coursevalues as $b){
    echo "<option value='$b'>$b</option>";
    }
    echo "</select>";
    [PHP]

    [CODE]<input type="submit" value="Add my question!" /></form>[CODE]

    There are also many other input types but I've left them out - These do submit to questionsubmit.php correctly! It's just the two select input types above that do not show on the next page - However, they do contain the values from the previous post.

    Here is the questionsubmit.php code:

    [PHP]
    $tester = $_POST['tester'];
    $test = $_POST['test'];

    echo "Tag(s) selected: <br />";
    foreach ($tester as $a){
    echo $a ."<br />";
    }

    echo "Course(s) selected: <br />";
    foreach ($test as $b){
    echo $b ."<br />";
    }

    [PHP]
    They are the changes that I have made so far^^. If you would like to see the whole code for each document, I'll copy it in?
  22. #12
  23. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    189
    Rep Power
    0
    Change this:
    PHP Code:
    echo "<select multiple=\"multiple\" name=\"tester[]\">"
    to this:
    PHP Code:
    echo "<select multiple name='tester[]'>"
  24. #13
  25. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Just to make sure: You are aware that you need to actually select the options, right? The form only sends selected values and ignores the rest.

    If that's not the reason, grab the developer tools of your browser:

    First of all, analyze the DOM tree (the structure your browser generates from the HTML source code). Is the selection element actually interpreted correctly as a part of the form with all the option elements below it? Because if the HTML is invalid, the browser may close the form before the selection element, making it disfunctional.

    Secondly, analyze the POST request. Does it contain the "test" parameter at all?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  26. #14
  27. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    21
    Rep Power
    0
    Originally Posted by jimmyg999
    Change this:
    PHP Code:
    echo "<select multiple=\"multiple\" name=\"tester[]\">"
    to this:
    PHP Code:
    echo "<select multiple name='tester[]'>"
    I have done that and still no difference. It seems like it must be something small!
  28. #15
  29. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    21
    Rep Power
    0
    Full code for page1:
    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Add a Question to our Database</title>
    <link rel="stylesheet" href="http://twitter.github.com/bootstrap/assets/css/bootstrap.css" />
    <link rel="stylesheet" href="lib/chosen/chosen.css" />
    
    <script src="http://code.jquery.com/jquery-1.8.0.min.js"></script>
    <script src="lib/chosen/chosen.jquery.min.js"></script>
    
    <script type="text/javascript">
    $(function () {
    	$('.chzn-select').chosen();
    })
    
    </script>
    
    
    
    </head>
    
    <body>
      <?php
    include ('./dbdetails.php');//this file contains the password etc needed to access the server.
    if($connect = mysql_connect($host, $user, $password)) {//this tries to connect to the server, and returns true if it worked, false if it didn't
    
    }else{
    
    }
    
    //Test to see if we can connect to the database NAME
    $dbname = $user.'NAME';
    if($selectdb = mysql_select_db($dbname)) {
    
    }else{
    
    }
    	
    	$QuestionTitle = $_POST["questiontitle"];
    	$QuestionURL = $_POST["questionURL"];
    	$ServerDate = date("Y-m-d H:i:s"); 
    	$UserID = 'Variable';
    	$tagvalues = $_POST['Taglist'];
    	$coursevalues = $_POST['Courselist'];
    
    echo "<form id=\"repeat\" action=\"questionsubmit.php\" method=\"post\">";	
    echo "<input type='hidden' name='title' value='$QuestionTitle'/>";
    echo "<input type='hidden' name='url' value='$QuestionURL'/>";
    echo "<input type='hidden' name='userid' value='$UserID' />";
    
    echo "<select multiple name='tester[]'>";
    	foreach ($tagvalues as $a){
        echo "<option value='$a'>$a</option>";
    	}
    echo "</select>";
    
    echo "<select multiple name='test[]'>";
    	foreach ($coursevalues as $b){
        echo "<option value='$b'>$b</option>";
    	}
    echo "</select>";
    
    	$tbl = 'tblQuestions';//give the table a name, don't include spaces, punctuation etc
    	$field1 = 'CourseID';
    	$field2 = 'CourseName';//this field will contain some small piece of data. 20 characters expected.
    	$field3 = 'TopicName';//this field will contain a chunk of text. Who knows how many characters?
    	$field4 = 'TopicID';
    
    //$insertQuery = mysql_query("INSERT INTO $tbl ($field1, $field2, $field3) VALUES ('$QuestionTitle', '$QuestionURL', '$ServerDate')") or die ('Could not insert record into tblQuestions: '.mysql_error());//this line creates a query, that asks the server to create a table, with the name and fields described above.;
    
    //$RecordID = mysql_insert_id();
    
    //ADD FORM WITH HIDDEN FIELDS - VALUES FROM POST FROM LAST FORM
    //ON SUBMIT ADD QUESTION ADD OTHER VALUES (TAGS/TOPICS) ON SUBMIT! ONE PROBLEM IS EACH TIME FORM REFRESHES THE QUESTION ID WILL BE ADDED TO DB UNDER DIFFERENT ID, WE NEED TO SET IT TO SUBMIT THIS
    
    	$coursevalues = $_POST['Courselist'];
    	
    	
    	echo "<div>";
    foreach ($coursevalues as $a){
    
    	$resultQuery = mysql_query("SELECT * FROM tblCourses WHERE CourseID='$a'");
    	while($row = mysql_fetch_array($resultQuery)) {
    	echo "<div class=\"topiclist\">";
    	echo "<h3>" . $row[$field2] . "</h3><input type=\"text\" id=\"$a\"><br />";
    	}
    	$topicQuery = mysql_query("SELECT tblCourses.CourseID, tblTopics.TopicName, tblTopics.TopicID FROM tblTopics INNER JOIN (tblCourses INNER JOIN tblLinkCourseTopic ON tblCourses.CourseID = tblLinkCourseTopic.CourseID) ON tblTopics.TopicID = tblLinkCourseTopic.TopicID WHERE (((tblCourses.CourseID)='$a'))");
    	while($row = mysql_fetch_array($topicQuery)) {
    	echo $row[$field3] . "<input type=\"checkbox\" value='$row[$field4]' name=\"checkbox[]\"><br />";
    
    	}
    	echo "</div>";
    	}
    	echo "</div>";
    echo "</p>\n";	                
    		
    //	echo "<textarea id=\"questiontitle\" name=\"questiontitle\" cols=\"200\" rows=\"2\" value=\'$QuestionTitle\'></textarea>"	   
    	?>
    <p></p>
    <input type="submit" value="Add my question!" />
    </form>
    </p>
    </body>
    </html>
    Full code for page 2:
    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Untitled Document</title>
    </head>
    
    <body>
    <?php
    include ('./dbdetails.php');//this file contains the password etc needed to access the server.
    if($connect = mysql_connect($host, $user, $password)) {//this tries to connect to the server, and returns true if it worked, false if it didn't
    	echo 'connected to server<br />';
    }else{
    	echo 'couldn\'t connect to server<br />';
    }
    
    //Test to see if we can connect to the database NAME
    $dbname = $user.'NAME';
    if($selectdb = mysql_select_db($dbname)) {
    	echo 'was able to select database<br />';
    }else{
    	die('could not select database:'.mysql_error());
    }
    
    $QuestionTitle = $_POST["title"];
    $QuestionURL = $_POST["url"];
    $ServerDate = date("Y-m-d H:i:s");
    $tester = $_POST['tester'];
    $test = $_POST['test'];
    $checkbox = $_POST['checkbox'];
    
    
    echo "<p>Topic(s) selected: <br />";
    foreach ($checkbox as $a){
        echo $a ."<br />";
    }
    echo "</p>\n";
    
    echo "Creator ID: ". $_POST["userid"] . "<br />"; 
    echo "Question Title: ". $QuestionTitle . "<br />";
    echo "Question URL: ". $QuestionURL . "<br />"; 
    echo "Tag(s) selected: <br />";
    foreach ($tester as $a){
        echo $a ."<br />";
    }
    echo "Course(s) selected: <br />";
    foreach ($test as $b){
        echo $b ."<br />";
    }
    /*
    $tbl = 'tblQuestions';//give the table a name, don't include spaces, punctuation etc
    $field1 = 'QuestionTitle';
    $field2 = 'URL';//this field will contain some small piece of data. 20 characters expected.
    $field3 = 'DateCreated';//this field will contain a chunk of text. Who knows how many characters?
    
    $insertQuery = mysql_query("INSERT INTO $tbl ($field1, $field2, $field3) VALUES ('$QuestionTitle', '$QuestionURL', '$ServerDate')") or die ('Could not insert record: '.mysql_error());//this line creates a query, that asks the server to create a table, with the name and fields described above.;
    
    $RecordID = mysql_insert_id();
    
    $tbl = 'tblLinkQuestionTag';//give the table a name, don't include spaces, punctuation etc
    $field1 = 'QuestionID';
    $field2 = 'TagID';//this field will contain some small piece of data. 20 characters expected.
    
    //NOTES!!!!!!
    //FIGURE OUT HOW TO CHANGE $a so that each id in array is given - $a just gives the last id, we need it to essentially do the foreach loop again!!
    $insertQuery = mysql_query("INSERT INTO $tbl ($field1, $field2) VALUES ('$RecordID', '$a')") or die ('Could not insert record: '.mysql_error());//this line creates a query, that asks the server to create a table, with the name and fields described above.;
    */
    ?>
    </body>
    </html>
    I am only learning PHP and so most of the stuff will be 'bad code'.
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo