Hey!
Im trying to use an update and continue button on a form without any javascript.
so first just like a shopping cart where user update their cart so they can see the totals and then continue.
the problem is that the update and continue button are both type=submit and are on the same form which goto the same action=
i want it without any javascript, heres the example below.
so below, i want customer to be able to select quatities and then be able to update cart to calculate totals just by php then after they see the total they can click continue.
<form action="./signup.php?plan&payments" method="post">
<select name="qauntity1">
<option value='4'>4</option>
<option value='5'>5</option>
<option value='6'>6</option>
<option value='7'>7</option>
</select>
<input type="text" name="amount1" readonly><br><br>
<select name="qauntity1">
<option value='4'>4</option>
<option value='5'>5</option>
<option value='6'>6</option>
<option value='7'>7</option>
</select>
<input type="text" name="amount2" readonly><br>
Total: $<input type="text" name="total" id="total" readonly><br>
<input type="submit" name="submit" value="Update"> <input type="submit" name="submit" value="Continue">
</form>
4  4642 
I was having a similar issue recently on a shopping cart I built. What you need to do, is check to see which submit was clicked. Both buttons should be input type=submit, but they should have different values. If you click the "Update" button, only the update button is available in the POST array submitted with the form, the "continue" button isn't submitted unless it's clicked on. Then in your PHP you could have something like:
[PHP]switch($_POST['submit']){
case "update":
//handle the update code
break;
case "submit":
//handle the submit code
break;
}[/PHP]
I was having a similar issue recently on a shopping cart I built. What you need to do, is check to see which submit was clicked. Both buttons should be input type=submit, but they should have different values. If you click the "Update" button, only the update button is available in the POST array submitted with the form, the "continue" button isn't submitted unless it's clicked on. Then in your PHP you could have something like:
[PHP]switch($_POST['submit']){
case "update":
//handle the update code
break;
case "submit":
//handle the submit code
break;
}[/PHP]
thanks, but does it have to be $_POST[]
because i like using $_REQUEST[]
Atli 5,058
Expert 4TB
thanks, but does it have to be $_POST[]
because i like using $_REQUEST[]
That is not a good idea, from a security standpoint. It may be a little less effort on you part, but it can be a serious security issue.
I mean, lets say you had a page to process orders in your shopping chart that accepted values from a form using POST data. Now if you use $_REQUEST, anybody could just type up the order in the query string and your script would just accept it as a valid data.
As for your continue.. update problem.
Have you considered putting the buttons in seperate forms?
Technically, REQUEST isn't any more secure than POST or GET. There is no real security risk in using REQUEST.
You just have to be aware that REQUEST consists of GET, POST, SESSION, and COOKIE, usually in that order. This means that they can overwrite each other. So if there is a session or cookie variable by the same name (i.e. a login form that uses a field named 'username,' and there's a session variable or cookie variable named 'username' as well), then your script will accept the value from the session / cookie over the GET / POST requests.
Like Atli said, it can accept GET data as well POST data for the same value, but that's not a 'security' risk. It does make it possible for a clueless user to click a link that posts data that they do not want to, however, and makes it easy for data to be re-posted over and over again by following the same URL. These are both unexpected results that could be remedied a bit easier if you used the proper data.
There *is* an actual security risk in REQUEST, though. It can open you up to XSS through the URL. However, if you treated REQUEST the same way you're supposed to treat GET or POST, then you wouldn't be vulnerable to it.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: laurie |
last post by:
Hi all,
I'm trying to help out a friend who has inherited a client with a PHP
shopping cart application. Neither of us know PHP, but I've been
muddling my way through, trying to get these old...
|
by: revolnip |
last post by:
As attached is the code :
<% Option Explicit
dim lngTimer
lngTimer = Timer
%>
<!--#include file="Connect.asp" -->
<!--#include file="Settings.asp" -->
<!--#include file="Common.asp" -->
|
by: Mr. Smith |
last post by:
Hi.
I have a form with three <textarea> and one <input> element. When either of
these are changed I want an "Update" button to be visible at the bottom of
the form. I've tried this:
On every...
|
by: Andrew Donnelly |
last post by:
I am trying to update a memo field in a table from a form that I have
created. The form is unbound, and once the user makes their changes,
they have to click the continue button. Once the button...
|
by: buran |
last post by:
Dear ASP.NET Programmers,
I have a question about a script I'm trying to code and invoke when a button
(btnSave) is pressed on the page. This script should only run when a textbox
(txtAD) on the...
|
by: socasteel21 via AccessMonster.com |
last post by:
I have a database that is used to process warranty claims. Each record in my
main table (tblClaim) represents a claim. Each claim has a status of Paid,
Unpaid, or Pending. I would like to add a...
|
by: laryten |
last post by:
Hi,
Is there a way to update the same web page instead of getting a new
page each time we click the submit button? The simplest thing to do is
to delete the current page (or go back to the...
|
by: Reedsp |
last post by:
OS: MS XP
Access version: 2003 SP2
I am trying to use an update query to replace quote marks with nothing. In essence, I'm removing quote marks. I get a error message when a field is empty or...
|
by: Curious |
last post by:
I have two buttons on a form, "Pause" and "Continue".
When "Pause" button is clicked, it should:
1) Stop the background worker;
and, 2) Enable the "Continue" button.
I have the code below...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
