Results 1 to 8 of 8

Thread: PHP self submitting forms

  1. #1
    Join Date
    Jun 2007
    Posts
    72
    Thanks
    3
    Thanked 3 Times in 3 Posts

    Default PHP self submitting forms

    Hi, I have been updating my site to PHP and during this process I have merged my html and PHP files, but I am having a slight problem. On my guest book for example when I go on the add page it automatically reloads to the view page (a separate file) I know this is happening because all the code is in one page and when the page loads it will run the script, but how can I get the script to run only when the user click continue? Or will I have to separate all my files again?
    Here is the code I am using:

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <meta name="author" content="Calum Ogg">
    <meta name="keywords" content="Calum Ogg's Photography, Calum Ogg, Calum, Ogg, Calum's Photos, Calums Pics, Photography, Photos, Pics, Digital photography, images, imaging, Landscapes, Panoramas, Panoramic photography, Views, Camera, Cameras,">
    <meta name="robots" content="index, follow">
    <meta name="description" content="Calum Ogg's Photography, a selection of my best photography. ">
    <title>Calum Ogg's Photography - Guestbook |</title>

    <script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
    </script>
    <script type="text/javascript">
    _uacct = "UA-755937-1";
    urchinTracker();
    </script>

    <script type="text/javascript" src="../res/js/SpryValidationTextField.js"></script>
    <script type="text/javascript" src="../res/js/SpryValidationTextarea.js"></script>

    <link href="../res/css/styles.css" rel="stylesheet">
    <link href="../res/css/SpryValidationTextarea.css" rel="stylesheet">
    <link href="../res/css/SpryValidationTextField.css" rel="stylesheet">
     
    </head>

    <body>
      <table width="800" border="2" align="center" cellpadding="5" cellspacing="0" bordercolor="#333333" bgcolor="#999999">
        <tr>
          <td><?php require_once '../include/menu.php';   ?>
            <p align="center" class="text"><span class="title">Guest Book</span></p>
            <p align="center" class="text">Welcome to the guestbook, please leave me a comment letting me know what you think of the photography on my site, or the site itself. Or if you have a question, use the contact page and send me a message. Thanks for taking the time to leave a message.</p>
            <p align="center" class="text">Or you can <a href="view.php" class="link">View the Guestbook</a></p>
            <form name="guestbook" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
              <table width="72%" border="0" align="center" cellpadding="3" cellspacing="1">
    <tr>
    <td width="117">Name</td>
    <td width="14">:</td>
    <td width="357"><input name="name" type="text" class="text" id="name" size="40" /></td>
    </tr>
    <tr>
    <td>Email</td>
    <td>:</td>
    <td><input name="email" type="text" id="email" size="40" /></td>
    </tr>
    <tr>
    <td valign="top"><p>Comment</p>
      <p>(Max. 500 characters)</p></td>
    <td valign="top">:</td>
    <td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
    </tr>
    <tr>
    <td colspan="3"><div align="center">
      <input type="submit" name="Submit" value="Add Comment" />  
      <input type="reset" name="Submit2" value="Reset" />
    </div></td>
    </tr>
    </table>
    </form>
    <?php require_once '../include/footer.php';   ?></td>
      </tr>
    </table>
    <script type="text/javascript">
    var name = new Spry.Widget.ValidationTextField("name", "none", {regExpFilter:/^[^\'"\*]{0,15}$/, validateOn:["blur"]});
    var email = new Spry.Widget.ValidationTextField("email", "email", {validateOn:["blur"]});
    var comment = new Spry.Widget.ValidationTextarea("comment", {useCharacterMasking:true, maxChars:500, counterType:"chars_count", counterId:"Countvalidta1", validateOn:["blur"]});
    </script>
    </body>
    </html>

    <?php
    $host
    ="******"// Host name
    $username="******"// Mysql username
    $password="******"// Mysql password
    $db_name="******"// Database name
    $tbl_name="******"// Table name

    // Connect to server and select database.
    mysql_connect("$host""$username""$password")or die("cannot connect server ");
    mysql_select_db("$db_name")or die("cannot select DB");

    $datetime=date("d/m/y"); //date
    $ip $_SERVER['REMOTE_ADDR']; //IP address
    $name $_POST["name"];
    $email $_POST["email"];
    $comment $_POST["comment"];

    // Attempt to defend against header injections:
    $badStrings = array("Content-Type:""MIME-Version:""Content-Transfer-Encoding:""to:""bcc:""cc:""text/html""charset""/HTML""X-Postfix-Sender""Final-Recipient:""X-Original-To:""a href");

    // Loop through each POST'ed value and test if it contains
    // one of the $badStrings:
    foreach($_POST as $k => $v){
       foreach(
    $badStrings as $v2){
           if(
    strpos($v$v2) !== false){
               
    logBadRequest();
               
    header("HTTP/1.0 403 Forbidden");
                   exit;
           }
       }
    }    

    // Made it past spammer test, free up some memory
    // and continue rest of script:    
    unset($k$v$v2$badStrings$authHosts$fromArray$wwwUsed); 

    $sql="INSERT INTO $tbl_name(name, ip, email, comment, datetime)VALUES('$name', '$ip', '$email', '$comment', '$datetime')";
    $result=mysql_query($sql);

    $mailto="******"//send mail to
    $subject="$name has signed your guestbook"// subject
    $messagebody="$name signed your guestbook on $datetime with the following comment:
    $comment
    "
    ;
    mail("$mailto""$subject""$messagebody""From: $email");

    //check if query successful
    if($result){

    echo 
    "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";
    echo 
    "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";
    echo 
    "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";
    echo 
    "  <tr>";
    echo 
    "    <td><div align=\"center\" class=\"text\">";
    echo 
    "      <p>Adding entry... Please Wait</p>";
    echo 
    "      <p><img src=\"../res/loading.gif\" width=\"126\" height=\"22\" /></p>";
    echo 
    "    </div></td>";
    echo 
    "  </tr>";
    echo 
    "</table>";

    }

    else {
    echo 
    "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";
    echo 
    "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";
    echo 
    "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";
    echo 
    "  <tr>";
    echo 
    "    <td><div align=\"center\" class=\"text\">";
    echo 
    "      <p>There has been an error please go back and try again</p>";
    echo 
    "    </div></td>";
    echo 
    "  </tr>";
    echo 
    "</table>";
    }

    mysql_close();
    ?>
    Thanks in advance for any info

  2. #2
    Join Date
    Jul 2006
    Location
    just north of Boston, MA
    Posts
    1,806
    Thanks
    13
    Thanked 72 Times in 72 Posts

    Default

    you can encapsulate the code to refresh the page inside a function, and whereever you have the "continue" you can initiate the refresh

    Code:
    <script type="text/javascript">
    function getPage(file)
    {
          code();
    }
    </script>
    HTML Code:
    <a href="/link/with/new/code" onclick="getPage(this.href); return false;">Continue</a>
    depending on how you set up the refresh sequence that will grab whatever page you put as the link and if javascript is disabled it will still grab the entire page thus keeping the accessibility

  3. #3
    Join Date
    Jun 2007
    Posts
    72
    Thanks
    3
    Thanked 3 Times in 3 Posts

    Default

    Thanks for the reply, I was more looking for a PHP way of doing it. I have added some new code in the html part I added a hidden field
    Code:
      <input type="hidden" name="submit" value="true">
    and in the PHP part I have added:

    Code:
    if ($_POST['submit']=='true') {  
    *main body of code
    } 
    else { 
    exit;
    }
    Now the page will load and not run the script, but when I do submit it the data is being sent twice. Do you know why?

    Here is the complete code that I am now using:

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <meta name="author" content="Calum Ogg">
    <meta name="keywords" content="Calum Ogg's Photography, Calum Ogg, Calum, Ogg, Calum's Photos, Calums Pics, Photography, Photos, Pics, Digital photography, images, imaging, Landscapes, Panoramas, Panoramic photography, Views, Camera, Cameras,">
    <meta name="robots" content="index, follow">
    <meta name="description" content="Calum Ogg's Photography, a selection of my best photography. ">
    <title>Calum Ogg's Photography - Guestbook |</title>

    <script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
    </script>
    <script type="text/javascript">
    _uacct = "UA-755937-1";
    urchinTracker();
    </script>

    <script type="text/javascript" src="../res/js/SpryValidationTextField.js"></script>
    <script type="text/javascript" src="../res/js/SpryValidationTextarea.js"></script>

    <link href="../res/css/styles.css" rel="stylesheet">
    <link href="../res/css/SpryValidationTextarea.css" rel="stylesheet">
    <link href="../res/css/SpryValidationTextField.css" rel="stylesheet">
     
    </head>

    <body>
      <table width="800" border="2" align="center" cellpadding="5" cellspacing="0" bordercolor="#333333" bgcolor="#999999">
        <tr>
          <td><?php require_once '../include/menu.php';   ?>
            <p align="center" class="text"><span class="title">Guest Book THIS IS CURRENTLY UNDER RECONSTRUCTION PLEASE DO NOT SIGN</span></p>
            <p align="center" class="text">Welcome to the guestbook, please leave me a comment letting me know what you think of the photography on my site, or the site itself. Or if you have a question, use the contact page and send me a message. Thanks for taking the time to leave a message.</p>
            <p align="center" class="text">Or you can <a href="view.php" class="link">View the Guestbook</a></p>
            <form name="guestbook" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
              <table width="72%" border="0" align="center" cellpadding="3" cellspacing="1">
    <tr>
    <td width="117">Name</td>
    <td width="14">:</td>
    <td width="357"><input name="name" type="text" class="text" id="name" size="40" /></td>
    </tr>
    <tr>
    <td>Email</td>
    <td>:</td>
    <td><input name="email" type="text" id="email" size="40" /></td>
    </tr>
    <tr>
    <td valign="top"><p>Comment</p>
      <p>(Max. 500 characters)</p></td>
    <td valign="top">:</td>
    <td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
    </tr>
    <tr>
    <td colspan="3"><div align="center">
      <input type="hidden" name="submit" value="true">
      <input type="submit" name="Submit" value="Add Comment" />  
      <input type="reset" name="Submit2" value="Reset" />
    </div></td>
    </tr>
    </table>
    </form>
    <?php require_once '../include/footer.php';   ?></td>
      </tr>
    </table>
    <script type="text/javascript">
    var name = new Spry.Widget.ValidationTextField("name", "none", {regExpFilter:/^[^\'"\*]{0,15}$/, validateOn:["blur"]});
    var email = new Spry.Widget.ValidationTextField("email", "email", {validateOn:["blur"]});
    var comment = new Spry.Widget.ValidationTextarea("comment", {useCharacterMasking:true, maxChars:500, counterType:"chars_count", counterId:"Countvalidta1", validateOn:["blur"]});
    </script>
    </body>
    </html>

    <?php

    if ($_POST['submit']=='true') { 
    $host="******"// Host name
    $username="******"// Mysql username
    $password="******"// Mysql password
    $db_name="******"// Database name
    $tbl_name="******"// Table name

    // Connect to server and select database.
    mysql_connect("$host""$username""$password")or die("cannot connect server ");
    mysql_select_db("$db_name")or die("cannot select DB");

    $datetime=date("d/m/y"); //date
    $ip $_SERVER['REMOTE_ADDR']; //IP address
    $name $_POST["name"];
    $email $_POST["email"];
    $comment $_POST["comment"];

    // Attempt to defend against header injections:
    $badStrings = array("Content-Type:""MIME-Version:""Content-Transfer-Encoding:""to:""bcc:""cc:""text/html""charset""/HTML""X-Postfix-Sender""Final-Recipient:""X-Original-To:""a href");

    // Loop through each POST'ed value and test if it contains
    // one of the $badStrings:
    foreach($_POST as $k => $v){
       foreach(
    $badStrings as $v2){
           if(
    strpos($v$v2) !== false){
               
    logBadRequest();
               
    header("HTTP/1.0 403 Forbidden");
                   exit;
           }
       }
    }    

    // Made it past spammer test, free up some memory
    // and continue rest of script:    
    unset($k$v$v2$badStrings$authHosts$fromArray$wwwUsed); 

    $sql="INSERT INTO $tbl_name(name, ip, email, comment, datetime)VALUES('$name', '$ip', '$email', '$comment', '$datetime')";
    $result=mysql_query($sql);

    $mailto="******"//send mail to
    $subject="$name has signed your guestbook"// subject
    $messagebody="$name signed your guestbook on $datetime with the following comment:
    $comment
    "
    ;
    mail("$mailto""$subject""$messagebody""From: $email");

    //check if query successful
    if($result){

    echo 
    "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";
    echo 
    "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";
    echo 
    "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";
    echo 
    "  <tr>";
    echo 
    "    <td><div align=\"center\" class=\"text\">";
    echo 
    "      <p>Adding entry... Please Wait</p>";
    echo 
    "      <p><img src=\"../res/loading.gif\" width=\"126\" height=\"22\" /></p>";
    echo 
    "    </div></td>";
    echo 
    "  </tr>";
    echo 
    "</table>";

    }

    else {
    echo 
    "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";
    echo 
    "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";
    echo 
    "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";
    echo 
    "  <tr>";
    echo 
    "    <td><div align=\"center\" class=\"text\">";
    echo 
    "      <p>There has been an error please go back and try again</p>";
    echo 
    "    </div></td>";
    echo 
    "  </tr>";
    echo 
    "</table>";
    }

    mysql_close(); 

    else { exit; }

    ?>

  4. #4
    Join Date
    Jun 2007
    Posts
    72
    Thanks
    3
    Thanked 3 Times in 3 Posts

    Default

    Sorry I was just being very VERY stupid. I coped the code into the 'if ($_POST['submit']=='true') { '
    bit but forgot to delete it from outside so the same code was there twice!!
    My forms are working fine now!!!

  5. #5
    Join Date
    Jun 2007
    Posts
    72
    Thanks
    3
    Thanked 3 Times in 3 Posts

    Default

    Please could this be deleted as it is interfering with my page ranking on google.

    It is my fault as I copied the headers into the post, but I would really appreciate it if it was deleted.

    Thanks

  6. #6
    Join Date
    Aug 2007
    Location
    Ohio
    Posts
    79
    Thanks
    0
    Thanked 15 Times in 15 Posts

    Default

    Interfering with your Google PageRank? How?

  7. #7
    Join Date
    Jul 2006
    Location
    just north of Boston, MA
    Posts
    1,806
    Thanks
    13
    Thanked 72 Times in 72 Posts

    Default

    its not "interfering" its probably just listing his page code because dynamic drive has a decent google page rank, and he doesn't want his code shown to everyone (most likely for security purposes)

    if that is the case, you can always edit that post and delete the code

  8. #8
    Join Date
    Jun 2007
    Posts
    72
    Thanks
    3
    Thanked 3 Times in 3 Posts

    Default

    Quote Originally Posted by boogyman View Post
    its not "interfering" its probably just listing his page code because dynamic drive has a decent google page rank, and he doesn't want his code shown to everyone (most likely for security purposes)

    if that is the case, you can always edit that post and delete the code
    That is indeed the case (sorry I got the terminology wrong) the edit button is not being displayed I am guessing that is because its a old post so I would be greaful if the code could be removed by a moderator or admin. Thanks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •