I have an application with 2 pages form . If there is an error,I set the action to the same page to display the errors .If no errors,I set the action to page2.php(that both processes and echoes a thankyou message).
I get the following results:
1-if an error,action is set to same page(page1)
2-if no error,action is still set to same page(page1)
3-if no error,and I submit from page1 that is displaying an error,action is then set to page2.php
I played with various variations of if/else statements,but in vain.
[php]
<?
if($errmsg == '')
{
?>
<FORM action ="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multip art/form-data" name="form1">
<?
}
else {
?>
<FORM action="form2.p hp" method="post" enctype="multip art/form-data" name="form2">
<?
}
?>
....rest of form....
[/php]
7  1761  kovik 1,044
Recognized Expert Top Contributor
Why can't you handle everything in one file...?
If you must do it this way, look into header() redirection.
Also, FYI, PHP_SELF opens you up to XSS and should not be used without filtering.
pbmods 5,821
Recognized Expert Expert
Heya, Jankie.
I think that you are doing the right thing by keeping your view and controller code separate.
To solve the problem, simply ALWAYS have the form go to page2.php, and have page2.php validate the data before it processes it. If the data is bad, use header() redirection to send the User back to page1.php.
If the data is good, process it and then redirect to page3.php (or wherever you want to send him once the script is finished).
header() redirection works like this: -
header('Location: http://mysite.tld/path/to/some/other/file.ext');
-
exit;
-
Volectricity has written an article that (among other things) covers the best way to specify a location for a redirect. The article is available here.
Thank you for both of you!
I'll try Pbmods suggestion as it goes in line with my application structure(I do have a page3.php).
This freaking code has been killing me for 2 hours now.
If I set
[php]
if ($error) { // only this part works
..
}
elseif (!$error) { // this does not
..
}
[/php]
Reversing it,the other part that does not work,now it does.
[php]
if (!$error) { // this part now works
..
}
elseif ($error) { // na,not this time.
..
}
[/php]
pbmods 5,821
Recognized Expert Expert
Heya, Jankie.
Try this: -
if(empty($error))
-
{
-
.
-
.
-
.
-
}
-
else
-
{
-
.
-
.
-
.
-
}
-
Note that there is no 'elseif' in this example; you should always have a 'default'.
That didnt work either,but I found out it is not because of the code.
I found out that It is about how the $error variable is interpreted by the if/else statement.
So my code was meant to be :
[php]
if($error != '') {// if $error is Not empty(there's an error)
remain on same page.
}
[/php]
was interpreted as
[php]
if($error != '') {// if $error is Not displayed(and thus there's no error)
remain on same page.// thus stopping error-free input from moving to thanks.php
}
[/php]
Thank you Volectricity for bringing the php_self vulnerability to my attention.
Just back from that article on your site(nice site by the way).
It's sad though that this beautiful feature can be maliciously manipulated.
I have php_self everywhere,even in my redirection code.check this out:
[php]
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($ _SERVER['PHP_SELF']), '/\\');
$extra = 'page.php';
header("Locatio n: http://$host$uri/$extra");
exit;
}
[/php]
Can the php_self in the $uri be vulnerable as well ?
I'll check your article about redirection Pbmods kindly pointed out yesterday.
kovik 1,044
Recognized Expert Top Contributor
So my code was meant to be :
[php]
if($error != '') {// if $error is Not empty(there's an error)
remain on same page.
}
[/php]
[php]if(!empty($erro r))
{
// Do something
}[/php]
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Anand |
last post by:
We needed to replace our Motherboard on a server running win 2K Adv.
Server with SQL server 2000. After replacing, we could not bring
the system back with the previous OS. So, we have decided to
migrate to Windows 2003 server and install SQL svr on it.
On the old server, the SQL DB is residing on a seperate disk.
Is there any way one can install SQL on the new server and import
the data from the disk. Many posts talk about how to do...
|
by: John |
last post by:
This message is popping up at startup and its saying "fatal execution engine
error (0x7927e03e)" Ive tried deleting, reinstalling frameworks, restoring
computer, but I can't use the os cd because i hvae important programs on my
system that would cost alot to replace. I noticed a sql server native client
isnt there like it was before but cant find same program anywhere. Please I
hope someone can help me out. I have a web page that im trying...
|
by: Lauren Wilson |
last post by:
Hello good folks!
It is WAY past time for me to figure out how to check for the
existence of all referenced libraries on application startup and
provide feedback to the user if they are not.
Do any of fine folks have a link to some sample VBA code that will do
this? The big issue, I believe, is how to make such a procedure
sensitive the various storage locations for the referenced DLLs on
various versions of Access -- 2000, 2002 and...
|
by: Timothy Shih |
last post by:
Hi, I am trying to figure out how to use unmanaged code using P/Invoke. I
wrote a simple function which takes in 2 buffers (one a byte buffer, one a
char buffer) and copies the contents of the byte buffer into the character
pointer. The code looks like the following:
#include <stdio.h>
#include <stdlib.h>
#include "stdafx.h"
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
|
by: Chad Z. Hower aka Kudzu |
last post by:
A few of you may recognize me from the recent posts I have made about Indy
<http://www.indyproject.org/indy.html>
Those of you coming to .net from the Delphi world know truly how unique and
"huge" Indy is both as a project, in support, development, and use. But
Indy is new to the .net world.
Indy is a HUGE library implementing over 120 internet protocols and
standards and comes with complete source. Its an open source project, but
not...
| | |
by: Phil |
last post by:
k, here is my issue.. I have BLOB data in SQL that needs to be grabbed and
made into a TIF file and placed on the client (could be in temp internet
dir). The reason we need it in TIF format is there are multiple pages per
invoice.
How can I grab the data, make the TIF, place it on the client and then Open
with the clients default program for veiwing TIF's (usually Microsoft Picture
and Fax Viewer).
Please help.
|
by: vincent |
last post by:
I made the suggestion "Need built in obfuscation support in C# compiler" to
Microsoft. Anyone here agree with me? If yes, please cast your vote on this
suggestion to raise its priority.
|
by: vijaykokate |
last post by:
Our company http://www.softnmation.com/ offers its customers a great
variety of products. Everything you need can be found in this site.
Web Template, CSS Template, Logo Template, Corporate Identity Package,
Logo Set,Icon Set, Flash Animated Template, Flash Intro Header, Flash
Site, PHP-Nuke Theme, Full Site, Stretched Web Templates and Stretched
Flash Templates, ZenCart Templates ,osCommerce Templates and many more
|
by: =?Utf-8?B?QW5kZXJ3IE1pbGxlcg==?= |
last post by:
Apologies for posting in this forum, I don't see a more appropriate group...
I'm trying to understand the timeline for Window 2003 ending mainstream
support. I have consulted the MS lifecycle support center for 2K3 and 2K3
R2(http://support.microsoft.com/lifecycle/?p1=3198 and
http://support.microsoft.com/lifecycle/?p1=10394 ) but it is unclear to me
exactly when mainstream support ends. Both say 'Mainstream support will end
two years...
|
by: Jim Cobban |
last post by:
I am writing a program in which I need a hash table implementation of a
Map. The version of g++ available for Windo$e does not yet include the
TR1 support for this. It just has the original SGI implementation.
However the SGI implementation is so old that it predates the STL, so it
does not, among other things, include hash support for std::basic_string.
So I tried implementing the hash map from Stroustrup 3rd edition. At
the least I...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
