Even if you don't know html, you can help

Clockwork · 07-20-2008, 09:38 PM

Hey there, im working with php and html. i made a form that submits some info to another for processing, but the item_name value (in the radio buttons) does not get sent

Quote:

<html>
<head>
<title>Purchase this Picture</title>
</head>
<body bgcolor="black" text="white">
<div align="center">
<table>
<?php
$pic = $_POST['pic'];
echo "<img src=\"/images/".$pic."\" ><br>";
echo "8 Wallets: \$15 <input type=\"radio\" name=\"item_name\" value=\"".$pic."w\"><br> ";
echo "4X6: \$10 <input type=\"radio\" name=\"item_name\" value=\"".$pic."4x6\"><br> ";
echo "5X7: \$20 <input type=\"radio\" name=\"item_name\" value=\"".$pic."5x7\"><br> ";
echo "8X10: \$35 <input type=\"radio\" name=\"item_name\" value=\"".$pic."8x10\"><br> ";
echo "11X14: \$50 <input type=\"radio\" name=\"item_name\" value=\"".$pic."11x14\"><br> ";
echo "12X12: \$50 <input type=\"radio\" name=\"item_name\" value=\"".$pic."12x12\"><br> ";
echo "16x20: \$50 <input type=\"radio\" name=\"item_name\" value=\"".$pic."16x20\"><br> ";
echo "<td>Enter the Quantity you Desire:<br><input type=\"text\" name=\"add\"><br> ";
echo "<form target=\"paypal\" action=\"processor.php\" method=\"post\"> ";
echo "</tr><tr colspan=\"2\"><input type=\"image\" src=\"https://www.paypal.com/en_US/i/btn/btn_cart_SM.gif\" border=\"0\" name=\"submit\" ";
echo "alt=\"PayPal - The safer, easier way to pay online!\"> ";
echo "<input type=\"hidden\" name=\"pic\" value=\"".$pic."\" >";
echo "</form> ";

?>
</div>

</body>
</html>

however, when i get this at the end of the form, i get that itemname submitted

Quote:

echo "<input type=\"hidden\" name=\"item_name\" value=\"".$pic."16x20\">";

any help would be appreciated. Even helping me spot the significant difference.

**jamiemac2005** · 07-21-2008, 09:06 AM

Hmm, the item_name radio buttons are not within a form?

Code:

<html>
<head>
<title>Purchase this Picture</title>
</head>
<body bgcolor="black" text="white">
<div align="center">
<table>
<?php
$pic = $_POST['pic'];
echo "<img src=\"/images/".$pic."\" ><br>";
echo "8 Wallets: \$15 <input type=\"radio\" name=\"item_name\" value=\"".$pic."w\"><br> ";
echo "4X6: \$10 <input type=\"radio\" name=\"item_name\" value=\"".$pic."4x6\"><br> ";
echo "5X7: \$20 <input type=\"radio\" name=\"item_name\" value=\"".$pic."5x7\"><br> ";
echo "8X10: \$35 <input type=\"radio\" name=\"item_name\" value=\"".$pic."8x10\"><br> ";
echo "11X14: \$50 <input type=\"radio\" name=\"item_name\" value=\"".$pic."11x14\"><br> ";
echo "12X12: \$50 <input type=\"radio\" name=\"item_name\" value=\"".$pic."12x12\"><br> ";
echo "16x20: \$50 <input type=\"radio\" name=\"item_name\" value=\"".$pic."16x20\"><br> ";
echo "<td>Enter the Quantity you Desire:<br><input type=\"text\" name=\"add\"><br> ";
echo "<form target=\"paypal\" action=\"processor.php\" method=\"post\"> ";
echo "</tr><tr colspan=\"2\"><input type=\"image\" src=\"https://www.paypal.com/en_US/i/btn/btn_cart_SM.gif\" border=\"0\" name=\"submit\" ";
echo "alt=\"PayPal - The safer, easier way to pay online!\"> ";
echo "<input type=\"hidden\" name=\"pic\" value=\"".$pic."\" >";
echo "</form> ";

?>
</div>


</body>
</html>

i assume the above higlighted item is the form you specify?

the form decleration is below the radio button items?

So it should be:

Code:

<html>
<head>
<title>Purchase this Picture</title>
</head>
<body bgcolor="black" text="white">
<div align="center">
<table>
<?php
$pic = $_POST['pic'];
echo "<img src=\"/images/".$pic."\" ><br>";
echo "<form target=\"paypal\" action=\"processor.php\" method=\"post\"> ";
echo "8 Wallets: \$15 <input type=\"radio\" name=\"item_name\" value=\"".$pic."w\"><br> ";
echo "4X6: \$10 <input type=\"radio\" name=\"item_name\" value=\"".$pic."4x6\"><br> ";
echo "5X7: \$20 <input type=\"radio\" name=\"item_name\" value=\"".$pic."5x7\"><br> ";
echo "8X10: \$35 <input type=\"radio\" name=\"item_name\" value=\"".$pic."8x10\"><br> ";
echo "11X14: \$50 <input type=\"radio\" name=\"item_name\" value=\"".$pic."11x14\"><br> ";
echo "12X12: \$50 <input type=\"radio\" name=\"item_name\" value=\"".$pic."12x12\"><br> ";
echo "16x20: \$50 <input type=\"radio\" name=\"item_name\" value=\"".$pic."16x20\"><br> ";
echo "<td>Enter the Quantity you Desire:<br><input type=\"text\" name=\"add\"><br> ";
echo "</tr><tr colspan=\"2\"><input type=\"image\" src=\"https://www.paypal.com/en_US/i/btn/btn_cart_SM.gif\" border=\"0\" name=\"submit\" ";
echo "alt=\"PayPal - The safer, easier way to pay online!\"> ";
echo "<input type=\"hidden\" name=\"pic\" value=\"".$pic."\" >";
echo "</form> ";

?>
</div>


</body>
</html>

If that isn't right then please post back saying so, is there a specific reason i've missed that the form decleration was below the input items?

Cheers,
Jamey

**Redcore** · 07-25-2008, 09:28 PM

How come you add slashes within the echoed stuff rather than just single quoting?

Example:

PHP Code:


			
echo "<input type=\"hidden\" name=\"pic\" value=\"".$pic."\" >";

instead...

PHP Code:


			
echo "<input type='hidden' name='pic' value='".$pic."' >";

Otherwise you're just bound to mess something up with all that confusion.

Slapshot · 07-30-2008, 07:04 PM

You do realize thats not going to work anyways right? I don't see what the point of echo'ing it all since the PHP is useless in that situation. Its not doing anything...

You really should google up some tuts on security. I could hack your site within seconds if you put that up.

**jamiemac2005** · 07-31-2008, 04:20 AM

Slapshot raises a good point, apart from inserting the $pic variable this php does nothing useful. Why is it needed?

Lmao as for hacking "could" is the best word, it seems quite pointless given the content of the site. Though yet again a good point, read up on some security. And don't do it from books published months ago because although it could be useful you may be missing something new.

Cheers,
Jamey

Slapshot · 07-31-2008, 06:57 AM

Yeah, you should be using htmlspecialchars(); or htmlentitles(); to clean the input.

Clockwork · 08-03-2008, 07:53 PM

Yes yes, I know about the security issues, this is a temporary site still under construction. I was learning php, and i wanted to do the whole site in php. I am so stupid that i moved that formtag, i don't know how it got down there. thanks though. thanks for the advice withthe slash, i am still learning it. thanks for all of the advice. any idea where i could find a good website on security?

Also, what would you suggest to manipulate the $pic variable?

Slapshot · 08-04-2008, 07:40 AM

www.php.net/manual ;)
htmlentitles($_POST['pic']);

07-25-2008, 09:28 PM	#3 (permalink)
Redcore Design Team Member Join Date: Aug 2007 Location: Jamestown, CA Posts: 478 OS: WinXP My System	Re: Even if you don't know html, you can help How come you add slashes within the echoed stuff rather than just single quoting? Example: PHP Code: `echo "<input type=\"hidden\" name=\"pic\" value=\"".$pic."\" >";` instead... PHP Code: `echo "<input type='hidden' name='pic' value='".$pic."' >";` Otherwise you're just bound to mess something up with all that confusion. __________________ Free Resources PC Protection - Comodo Firewall \| AVG Anti-Virus \| WinPatrol \| Ad-Aware \| Spybot S&D \| SpywareBlaster \| Web Design/Programming - KompoZer (Editor) \| Paint.NET (Graphic) \| GIMP+GIMPShop (Graphic) \| FileZilla (FTP Client) \| Free Hosting \|

07-30-2008, 07:04 PM	#4 (permalink)
Slapshot Registered User Join Date: Feb 2008 Posts: 240 OS: Vista	Re: Even if you don't know html, you can help You do realize thats not going to work anyways right? I don't see what the point of echo'ing it all since the PHP is useless in that situation. Its not doing anything... You really should google up some tuts on security. I could hack your site within seconds if you put that up.

07-31-2008, 04:20 AM	#5 (permalink)
jamiemac2005 Design Team Member Join Date: Jul 2007 Location: Northampton, UK Posts: 932 OS: Win Vista Home Premium & Ubuntu Hardy(8.04)	Re: Even if you don't know html, you can help Slapshot raises a good point, apart from inserting the $pic variable this php does nothing useful. Why is it needed? Lmao as for hacking "could" is the best word, it seems quite pointless given the content of the site. Though yet again a good point, read up on some security. And don't do it from books published months ago because although it could be useful you may be missing something new. Cheers, Jamey __________________ Help fight cancer. < I just started =]

07-31-2008, 06:57 AM	#6 (permalink)
Slapshot Registered User Join Date: Feb 2008 Posts: 240 OS: Vista	Re: Even if you don't know html, you can help Yeah, you should be using htmlspecialchars(); or htmlentitles(); to clean the input.

08-03-2008, 07:53 PM	#7 (permalink)
Clockwork Registered User Join Date: Aug 2006 Location: Southeast MI Posts: 209 OS: XP/XP-64bit/Ubuntu	Re: Even if you don't know html, you can help Yes yes, I know about the security issues, this is a temporary site still under construction. I was learning php, and i wanted to do the whole site in php. I am so stupid that i moved that formtag, i don't know how it got down there. thanks though. thanks for the advice withthe slash, i am still learning it. thanks for all of the advice. any idea where i could find a good website on security? Also, what would you suggest to manipulate the $pic variable? __________________ Win·dows: Noun. A thirty-two bit extension and graphical shell to a sixteen-bit patch to an eight-bit operating system originally coded for a four-bit microprocessor which was written by a two-bit company that can't stand one bit of competition. -LW Last edited by Clockwork : 08-03-2008 at 07:55 PM.

08-04-2008, 07:40 AM	#8 (permalink)
Slapshot Registered User Join Date: Feb 2008 Posts: 240 OS: Vista	Re: Even if you don't know html, you can help www.php.net/manual ;) htmlentitles($_POST['pic']);