Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 5 years ago.
Improve this question
Currently working on a messaging system for my site. I've created a JavaScript function to send post data, and a corresponding PHP file to insert the data. However, the data is not being sent to the database. I'm not sure if the error is in the JavaScript or the PHP file as there is no error log being created.
HTML:
<form action="javascript:sendPM();" name="pmForm" id="pmForm" method="post">
<input name="pm_send_id" id="pm_send_id" type="hidden" value="<?php echo $_SESSION['userID']; ?>" />
<input name="pm_send_name" id="pm_send_name" type="hidden" value="<?php echo $_SESSION['userName']; ?>" />
<input name="pm_receive_id" id="pm_receive_id" type="hidden" value="<?php echo $row['userID']; ?>" />
<input name="pm_receive_name" id="pm_receive_name" type="hidden" value="<?php echo $row['userName']; ?>" />
X
<h4>Send to <?php echo $row['userName']; ?></h4>
<div class="sectionheader"></div>
<div id="interaction"></div>
<br>
<p>Comment:</p>
<textarea name="pmTextArea" id="pmTextArea"></textarea>
<p>Select Video:</p>
<input name="pmSubmit" type="submit" value="Submit" />
</form>
JavaScript:
$('#pmForm').submit(function(){$('input[type=submit]', this).attr('disabled','disabled');});
function sendPM(){
var pmTextArea = $("pmTextArea");
var sendName = $("pm_send_name");
var sendID = $("pm_send_id");
var receiveName = $("pm_receive_name");
var receiveID = $("pm_receive_id");
var url = "messages.php";
if (pmTextArea.val() == ""){
$("#interaction").html('Comment field is empty.').show().fadeOut(5000);
}
else {
$.post(url,{ message: pmTextArea.val(), sendername: sendName.val(), senderid: sendID.val(), recname: receiveName.val(), recID: receiveID.val() }, function(data){
$("#interaction").html(data).show().fadeOut(5000);
document.pmForm.pmTextArea value='';
});
}
}
PHP:
<?php
session_start();
require_once 'class.channel.php';
require_once 'dbconfig.php';
$user_message = new USER();
if (isset($_POST['message'])) {
$to = ($_POST['recID']);
$from = ($_POST['senderid']);
$toName = ($_POST['sendername']);
$fromName = ($_POST['recname']);
$msg = htmlspecialchars($_POST['message']);
$stmt = $user_message->runQuery("INSERT INTO inbox(send_id, receive_id, timesent, comment) VALUES(?, ?, ?, ?)");
$stmt->bindValue(1,$from);
$stmt->bindValue(2,$to);
$stmt->bindValue(3,now());
$stmt->bindValue(4,$msg);
$stmt->execute();
}
?>
You need to use # to retrieve value using their id, which you are missing.
var pmTextArea = $("pmTextArea");
should be
var pmTextArea = $("#pmTextArea");
And yes, you need to correct, which #RyanHame pointed
document.pmForm.pmTextArea value='';
to
document.pmForm.pmTextArea.value='';
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 days ago.
Improve this question
Hey im trying to get rid of jquery and go pure javascript.
The problem is when do the ajax request no data is coming back from the request
Here is process. I am not getting any data in the processing part.
<form name="inputform" method="post">
<input type="text" id="user" name="user">
<input type="text" id="name" name="name">
<input type="text" id="email" name="email">
<input type="button" value="submit" onclick="myFunction()">
</form>
<script>
function myFunction()
{
var data = new FormData();
//apend name first then variable
var user = document.getElementById("user").value;
var name = document.getElementById("name").value;
data.append('user', email);
data.append('name', name);
data.append('email', email);
var xhr = new XMLHttpRequest();
xhr.open('POST', 'test-process.php', true);
xhr.onload = function () {
// do something to response... show data in alert
//console.log(this.responseText)
alert(this.responseText);
};
xhr.send(data);
}
</script>
test-process.php
<?php
$user = $_POST["user"];
$name = $_POST["name"];
$email = $_POST["email"];
echo $user;
echo $name;
?>
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
Is this login page secure, researching about sql-injection, is their a vulnerability if so how do I manage it?
I previously encrypted the users details into a file and stored it locally. I also use localhost, thinking about moving to a domain. Are there any issues with storing users details in a file?
Please disregard the html
<?php
session_start();
?>
<html>
<body>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<input type="text" name="Username"value="">
<?php if ($_SERVER["REQUEST_METHOD"] == "POST"){
$user = $_REQUEST['Username'];
} ?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<input type="password" name="Password"value="">
<?php if ($_SERVER["REQUEST_METHOD"] == "POST"){
$password = $_REQUEST['Password'];
}
if (isset($_POST['submit'])) {
$file = $user.".txt";
if (file_exists($file)){
$contents = file_get_contents($file);
$ciphering = "AES-128-CTR";
$iv_length = openssl_cipher_iv_length($ciphering);
$options = 0;
$decryption_iv = '#secret#';
$decryption_key = "#key#";
$decryption= openssl_decrypt ($contents, $ciphering,
$decryption_key, $options, $decryption_iv);
if($decryption==$password){
echo("details match");
setcookie("username", $user,time()+2000);
$_SESSION["logged_in"] = true;
$_SESSION["username"] = $user;
header("Location:/login/new folder/findchat.php?username");
exit();
}
else{
echo('Complete im not a robot');
}
}
else{echo("pasword or username is not valid");}
}
?>
<input type="submit"value="submit"name="submit">
</body>
</html>
Apologies of my bad spelling, Thanks
Wow, this is awful. There's tons of vulnerabilities. Here's the ones that jump out at me at first glance:
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
This is vulnerable to XSS, like this: http://example.com/badlogin.php/"><script>alert("xss")</script>
$file = $user.".txt";
if (file_exists($file)){
$contents = file_get_contents($file);
Trivial directory traversal.
$decryption= openssl_decrypt ($contents, $ciphering,
$decryption_key, $options, $decryption_iv);
if($decryption==$password){
You're supposed to hash passwords, not encrypt them.
About the only vulnerability you don't have is SQL injection, and that's because you don't use any SQL.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 3 years ago.
Improve this question
I am trying to post a form to a PHP script, and it is getting stuck at validating the request as a POST request, and thus it exits from the PHP script. The AJAX request returns as successful, but the data returned from the database says the recognition of the request as POST failed. I've tried changing the content types etc, to no avail.
JS:
$(document).ready(function() {
$("#delete4").on('click', function(e) {
e.preventDefault();
var ok = confirm('Are you sure you want to delete this?');
if (ok == true)
{
console.log("true")
var data = $("#form4").serialize();
$.ajax({
data: data,
type: "post",
url: "delete_AJAX.php",
success: function(data) {
console.log("successfully deleted");
console.log(data);
//$("#div4").remove();
},
error: function(data) {
alert("fail");
console.log(data);
}
});
} else {
return;
}
});
});
HTML:
<form type="text" name="form4" id="form4" action="delete_AJAX.php" method="post">
<div class="aligner">
<button type="button" class="button_div" name="edit" onclick="send(52)">Edit</button>
<button type="button" class="button_div" id="delete4">Delete</button>
<button type="button" class="button_div" name="read" onclick="send2(52, 13)">See</button>
</div><br>
<input type="hidden" id="hidden_c4" value="13" name="hidden_c">
<input type="hidden" id="hidden_bid4" name="hidden_bid" value="52">
</form>
PHP:
require_once("db.php");
if ($_REQUEST['REQUEST_METHOD'] === 'POST')
{
$bid = $_POST['hidden_bid'];
echo "passed request";
$sql = "SELECT * FROM xxx WHERE yyy = $bid";
$result = mysqli_query($connection, $sql);
if ($result === false)
{
die("f1");
}
$resultCheck = mysqli_num_rows($result);
if (!resultCheck > 0)
{
echo "ERROR NO RESULT";
exit();
};
$row = mysqli_fetch_assoc($result);
$delete_cover = $row['cover'];
unlink($delete_cover);
// updating table row
$sql2 = "DELETE FROM xxx WHERE (yyy=?);";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql2))
{
header("Location: ../create.php?error&prepare1111");
exit();
}
else
{
$stmt->bind_param("i", $bid);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
$connection->close();
echo "successfully deleted";
}
} else {
echo "FAILURE TO REQUEST";
}
So I keep consistently getting failure "FAILURE TO REQUEST", and when I remove any barrier to the script, post is shown as empty, and the variables arent set. Thus it stops at the "f1" error. Any help would be amazing!! Thankyou!
You seem to be using the wrong global variable for the "REQUEST_METHOD".
Instead of $_REQUEST['REQUEST_METHOD'] use $_SERVER['REQUEST_METHOD']
In the conditional,
$_REQUEST['REQUEST_METHOD'] should be replaced with $_SERVER['REQUEST_METHOD'].
Maybe could this help
if( $_POST ) {
echo 'posted';
//do some stuff
}
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I want to select multiple items to delete the records in the database. But i am not being able to. My delete.php is fine. How can i use it to delete multiple selected items. I just created a checkbox. How can i make that checkbox work.
echo"<TR><TD>Select</td><TD>S.N.</td><td><B>Full Name</B></td><td><B>Options</B></td></TR>";
while ($myrow = $result->fetch_assoc())
{
echo "<tr><td><input type='checkbox'name='mycheck'onclick='toggleform('document.myform','mycheck','ptext')'></td>";
echo "<TD>".$myrow['id']."</TD>";
echo "<TD>".$myrow['name']." </TD>";
echo "<TD>View ";
echo "Delete ";
echo "Edit";
}
<input type="button" name= "ptext" value="Delete selected">
You have to create checkbox name as array type i.e. mycheck[]. Then, In delete_all.php page, find total checked checkbox and delete it accordingly.
<form method='POST' action="delete_all.php">
<?php
echo"<TR><TD>Select</td><TD>S.N.</td><td><B>Full Name</B></td><td><B>Options</B></td></TR>";
while ($myrow = $result->fetch_assoc())
{
echo "<tr><td><input type='checkbox' name='mycheck[]' value=".$myrow['id']."></td>";
echo "<TD>".$myrow['id']."</TD>";
echo "<TD>".$myrow['name']." </TD>";
echo "<TD>View ";
echo "Delete ";
echo "Edit";
}
?>
<input type="submit" name= "ptext" value="Delete selected">
</form>
delete_all.php
<?
extract($_POST);
$totalCheckboxChecked = sizeof($mycheck);
for($i=0;$i<$totalCheckboxChecked;$i++)
{
$idToDelete = $mycheck[$i];
echo "DELETE FROM table_Name WHERE id_ColumnName = '$idToDelete'";
// Execute Your Querys
}
?>
Are you getting all ids on the delete.php page? if yes then simple use
DELETE FROM tableName
WHERE id IN ($id1 , $id2 , $id3 , etc);
if not, The way i would do it is, i would use form, and then post it in the delete.php page using method post, and then simply take the values from super global
$_POST[]
and use the above query, hope this helps.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I'm having a problem with my PHP. I would like to send data from my page to another page. But it's all in PHP. I need to take an input value and a combobox value. And I don't know how to do it.
Here's my PHP :
<?php
session_start();
$q = intval($_GET['q']);
$db = mysql_connect('localhost', 'root', 'root');
mysql_select_db('Projet',$db);
$sql2 = "select IDControle, NomControle from Controle WHERE IDUser='".$_SESSION['id']."'";
$req2 = mysql_query($sql2) or die('Erreur SQL !<br>'.$sql2.'<br>'.mysql_error());
echo'<select id="controleChoix" name="controleChoix">';
while ($data2 = mysql_fetch_array($req2)){
echo '<option value="'.$data2['IDControle'].'">'.$data2['NomControle'].'</option>';
}
echo '</select>';
echo '<input type="hidden" name="selected_text" id="selected_text" value="" />';
$sql = "select ID, Nom, Prenom from User where Groupe ='".$q."'";
$req = mysql_query($sql) or die('Erreur SQL 2!<br>'.$sql.'<br>'.mysql_error());
echo '<ul class="list-group">';
while ($data = mysql_fetch_array($req)){
echo '<li class="list-group-item"><strong>Nom</strong> : '.$data['Nom'].' <br> <strong>Prénom</strong> : '.$data['Prenom'].'<br>';
echo '<input type="text" name="note" id="note"/> ';
echo '<a class="label label-success" href="ajouterNote.php?var1='.$data2['IDControle'].'&var2='.$data['ID'].'&var3='.$test.'"><i class="fa fa-fw fa-check"></i></a></li>';
}
echo '</ul>';
echo '<a class="btn btn-primary" href="#">Ajouter toutes les notes</i></a></li>';
?>
I need to send the input note.value, the select controleChoix.value and the intval q that I've received from another page.
As you already seem to use SESSIONS, you could easily transfer your data from one page to another using these $_SESSION variables.
https://secure.php.net/manual/en/book.session.php
edit: Please keep in mind that this isn't secure at all. The values can easily be changed by the user. Using this you might want to validate the values first, before using.