PHP self submitting forms

**calumogg** · 10-18-2007, 02:46 PM

Hi, I have been updating my site to PHP and during this process I have merged my html and PHP files, but I am having a slight problem. On my guest book for example when I go on the add page it automatically reloads to the view page (a separate file) I know this is happening because all the code is in one page and when the page loads it will run the script, but how can I get the script to run only when the user click continue? Or will I have to separate all my files again?
Here is the code I am using:

PHP Code:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="author" content="Calum Ogg">

<meta name="keywords" content="Calum Ogg's Photography, Calum Ogg, Calum, Ogg, Calum's Photos, Calums Pics, Photography, Photos, Pics, Digital photography, images, imaging, Landscapes, Panoramas, Panoramic photography, Views, Camera, Cameras,">

<meta name="robots" content="index, follow">

<meta name="description" content="Calum Ogg's Photography, a selection of my best photography. ">

<title>Calum Ogg's Photography - Guestbook |</title>



<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-755937-1";

urchinTracker();

</script>



<script type="text/javascript" src="../res/js/SpryValidationTextField.js"></script>

<script type="text/javascript" src="../res/js/SpryValidationTextarea.js"></script>



<link href="../res/css/styles.css" rel="stylesheet">

<link href="../res/css/SpryValidationTextarea.css" rel="stylesheet">

<link href="../res/css/SpryValidationTextField.css" rel="stylesheet">

 

</head>



<body>

  <table width="800" border="2" align="center" cellpadding="5" cellspacing="0" bordercolor="#333333" bgcolor="#999999">

    <tr>

      <td><?php require_once '../include/menu.php';   ?>

        <p align="center" class="text"><span class="title">Guest Book</span></p>

        <p align="center" class="text">Welcome to the guestbook, please leave me a comment letting me know what you think of the photography on my site, or the site itself. Or if you have a question, use the contact page and send me a message. Thanks for taking the time to leave a message.</p>

        <p align="center" class="text">Or you can <a href="view.php" class="link">View the Guestbook</a></p>

        <form name="guestbook" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

          <table width="72%" border="0" align="center" cellpadding="3" cellspacing="1">

<tr>

<td width="117">Name</td>

<td width="14">:</td>

<td width="357"><input name="name" type="text" class="text" id="name" size="40" /></td>

</tr>

<tr>

<td>Email</td>

<td>:</td>

<td><input name="email" type="text" id="email" size="40" /></td>

</tr>

<tr>

<td valign="top"><p>Comment</p>

  <p>(Max. 500 characters)</p></td>

<td valign="top">:</td>

<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>

</tr>

<tr>

<td colspan="3"><div align="center">

  <input type="submit" name="Submit" value="Add Comment" />  

  <input type="reset" name="Submit2" value="Reset" />

</div></td>

</tr>

</table>

</form>

<?php require_once '../include/footer.php';   ?></td>

  </tr>

</table>

<script type="text/javascript">

var name = new Spry.Widget.ValidationTextField("name", "none", {regExpFilter:/^[^\'"\*]{0,15}$/, validateOn:["blur"]});

var email = new Spry.Widget.ValidationTextField("email", "email", {validateOn:["blur"]});

var comment = new Spry.Widget.ValidationTextarea("comment", {useCharacterMasking:true, maxChars:500, counterType:"chars_count", counterId:"Countvalidta1", validateOn:["blur"]});

</script>

</body>

</html>



<?php

$host="******"; // Host name

$username="******"; // Mysql username

$password="******"; // Mysql password

$db_name="******"; // Database name

$tbl_name="******"; // Table name



// Connect to server and select database.

mysql_connect("$host", "$username", "$password")or die("cannot connect server ");

mysql_select_db("$db_name")or die("cannot select DB");



$datetime=date("d/m/y"); //date

$ip = $_SERVER['REMOTE_ADDR']; //IP address

$name = $_POST["name"];

$email = $_POST["email"];

$comment = $_POST["comment"];



// Attempt to defend against header injections:

$badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "to:", "bcc:", "cc:", "text/html", "charset", "/HTML", "X-Postfix-Sender", "Final-Recipient:", "X-Original-To:", "a href");



// Loop through each POST'ed value and test if it contains

// one of the $badStrings:

foreach($_POST as $k => $v){

   foreach($badStrings as $v2){

       if(strpos($v, $v2) !== false){

           logBadRequest();

           header("HTTP/1.0 403 Forbidden");

               exit;

       }

   }

}    



// Made it past spammer test, free up some memory

// and continue rest of script:    

unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed); 



$sql="INSERT INTO $tbl_name(name, ip, email, comment, datetime)VALUES('$name', '$ip', '$email', '$comment', '$datetime')";

$result=mysql_query($sql);



$mailto="******"; //send mail to

$subject="$name has signed your guestbook"; // subject

$messagebody="$name signed your guestbook on $datetime with the following comment:

$comment

";

mail("$mailto", "$subject", "$messagebody", "From: $email");



//check if query successful

if($result){



echo "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";

echo "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";

echo "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";

echo "  <tr>";

echo "    <td><div align=\"center\" class=\"text\">";

echo "      <p>Adding entry... Please Wait</p>";

echo "      <p><img src=\"../res/loading.gif\" width=\"126\" height=\"22\" /></p>";

echo "    </div></td>";

echo "  </tr>";

echo "</table>";



}



else {

echo "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";

echo "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";

echo "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";

echo "  <tr>";

echo "    <td><div align=\"center\" class=\"text\">";

echo "      <p>There has been an error please go back and try again</p>";

echo "    </div></td>";

echo "  </tr>";

echo "</table>";

}



mysql_close();

?>

Thanks in advance for any info

**boogyman** · 10-18-2007, 03:01 PM

you can encapsulate the code to refresh the page inside a function, and whereever you have the "continue" you can initiate the refresh

Code:

<script type="text/javascript">
function getPage(file)
{
      code();
}
</script>

HTML Code:

<a href="/link/with/new/code" onclick="getPage(this.href); return false;">Continue</a>

depending on how you set up the refresh sequence that will grab whatever page you put as the link and if javascript is disabled it will still grab the entire page thus keeping the accessibility

**calumogg** · 10-18-2007, 04:20 PM

Thanks for the reply, I was more looking for a PHP way of doing it. I have added some new code in the html part I added a hidden field

Code:

  <input type="hidden" name="submit" value="true">

and in the PHP part I have added:

Code:

if ($_POST['submit']=='true') {  
*main body of code
} 
else { 
exit;
}

Now the page will load and not run the script, but when I do submit it the data is being sent twice. Do you know why?

Here is the complete code that I am now using:

PHP Code:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="author" content="Calum Ogg">

<meta name="keywords" content="Calum Ogg's Photography, Calum Ogg, Calum, Ogg, Calum's Photos, Calums Pics, Photography, Photos, Pics, Digital photography, images, imaging, Landscapes, Panoramas, Panoramic photography, Views, Camera, Cameras,">

<meta name="robots" content="index, follow">

<meta name="description" content="Calum Ogg's Photography, a selection of my best photography. ">

<title>Calum Ogg's Photography - Guestbook |</title>



<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-755937-1";

urchinTracker();

</script>



<script type="text/javascript" src="../res/js/SpryValidationTextField.js"></script>

<script type="text/javascript" src="../res/js/SpryValidationTextarea.js"></script>



<link href="../res/css/styles.css" rel="stylesheet">

<link href="../res/css/SpryValidationTextarea.css" rel="stylesheet">

<link href="../res/css/SpryValidationTextField.css" rel="stylesheet">

 

</head>



<body>

  <table width="800" border="2" align="center" cellpadding="5" cellspacing="0" bordercolor="#333333" bgcolor="#999999">

    <tr>

      <td><?php require_once '../include/menu.php';   ?>

        <p align="center" class="text"><span class="title">Guest Book THIS IS CURRENTLY UNDER RECONSTRUCTION PLEASE DO NOT SIGN</span></p>

        <p align="center" class="text">Welcome to the guestbook, please leave me a comment letting me know what you think of the photography on my site, or the site itself. Or if you have a question, use the contact page and send me a message. Thanks for taking the time to leave a message.</p>

        <p align="center" class="text">Or you can <a href="view.php" class="link">View the Guestbook</a></p>

        <form name="guestbook" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

          <table width="72%" border="0" align="center" cellpadding="3" cellspacing="1">

<tr>

<td width="117">Name</td>

<td width="14">:</td>

<td width="357"><input name="name" type="text" class="text" id="name" size="40" /></td>

</tr>

<tr>

<td>Email</td>

<td>:</td>

<td><input name="email" type="text" id="email" size="40" /></td>

</tr>

<tr>

<td valign="top"><p>Comment</p>

  <p>(Max. 500 characters)</p></td>

<td valign="top">:</td>

<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>

</tr>

<tr>

<td colspan="3"><div align="center">

  <input type="hidden" name="submit" value="true">

  <input type="submit" name="Submit" value="Add Comment" />  

  <input type="reset" name="Submit2" value="Reset" />

</div></td>

</tr>

</table>

</form>

<?php require_once '../include/footer.php';   ?></td>

  </tr>

</table>

<script type="text/javascript">

var name = new Spry.Widget.ValidationTextField("name", "none", {regExpFilter:/^[^\'"\*]{0,15}$/, validateOn:["blur"]});

var email = new Spry.Widget.ValidationTextField("email", "email", {validateOn:["blur"]});

var comment = new Spry.Widget.ValidationTextarea("comment", {useCharacterMasking:true, maxChars:500, counterType:"chars_count", counterId:"Countvalidta1", validateOn:["blur"]});

</script>

</body>

</html>



<?php



if ($_POST['submit']=='true') { 

$host="******"; // Host name

$username="******"; // Mysql username

$password="******"; // Mysql password

$db_name="******"; // Database name

$tbl_name="******"; // Table name



// Connect to server and select database.

mysql_connect("$host", "$username", "$password")or die("cannot connect server ");

mysql_select_db("$db_name")or die("cannot select DB");



$datetime=date("d/m/y"); //date

$ip = $_SERVER['REMOTE_ADDR']; //IP address

$name = $_POST["name"];

$email = $_POST["email"];

$comment = $_POST["comment"];



// Attempt to defend against header injections:

$badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "to:", "bcc:", "cc:", "text/html", "charset", "/HTML", "X-Postfix-Sender", "Final-Recipient:", "X-Original-To:", "a href");



// Loop through each POST'ed value and test if it contains

// one of the $badStrings:

foreach($_POST as $k => $v){

   foreach($badStrings as $v2){

       if(strpos($v, $v2) !== false){

           logBadRequest();

           header("HTTP/1.0 403 Forbidden");

               exit;

       }

   }

}    



// Made it past spammer test, free up some memory

// and continue rest of script:    

unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed); 



$sql="INSERT INTO $tbl_name(name, ip, email, comment, datetime)VALUES('$name', '$ip', '$email', '$comment', '$datetime')";

$result=mysql_query($sql);



$mailto="******"; //send mail to

$subject="$name has signed your guestbook"; // subject

$messagebody="$name signed your guestbook on $datetime with the following comment:

$comment

";

mail("$mailto", "$subject", "$messagebody", "From: $email");



//check if query successful

if($result){



echo "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";

echo "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";

echo "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";

echo "  <tr>";

echo "    <td><div align=\"center\" class=\"text\">";

echo "      <p>Adding entry... Please Wait</p>";

echo "      <p><img src=\"../res/loading.gif\" width=\"126\" height=\"22\" /></p>";

echo "    </div></td>";

echo "  </tr>";

echo "</table>";



}



else {

echo "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";

echo "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";

echo "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";

echo "  <tr>";

echo "    <td><div align=\"center\" class=\"text\">";

echo "      <p>There has been an error please go back and try again</p>";

echo "    </div></td>";

echo "  </tr>";

echo "</table>";

}



mysql_close(); 

} 

else { exit; }



?>

**calumogg** · 10-18-2007, 04:30 PM

Sorry I was just being very VERY stupid. I coped the code into the 'if ($_POST['submit']=='true') { '
bit but forgot to delete it from outside so the same code was there twice!!
My forms are working fine now!!!

**calumogg** · 02-19-2008, 06:02 PM

Please could this be deleted as it is interfering with my page ranking on google.

It is my fault as I copied the headers into the post, but I would really appreciate it if it was deleted.

Thanks

**jackbenimble4** · 02-20-2008, 12:10 AM

Interfering with your Google PageRank? How?

**boogyman** · 02-20-2008, 02:28 PM

its not "interfering" its probably just listing his page code because dynamic drive has a decent google page rank, and he doesn't want his code shown to everyone (most likely for security purposes)

if that is the case, you can always edit that post and delete the code

**calumogg** · 02-20-2008, 05:10 PM

Originally Posted by boogyman

its not "interfering" its probably just listing his page code because dynamic drive has a decent google page rank, and he doesn't want his code shown to everyone (most likely for security purposes)

if that is the case, you can always edit that post and delete the code

That is indeed the case (sorry I got the terminology wrong) the edit button is not being displayed I am guessing that is because its a old post so I would be greaful if the code could be removed by a moderator or admin. Thanks

Thread: PHP self submitting forms

Thread Tools

Search Thread

PHP self submitting forms

Bookmarks

Bookmarks

Posting Permissions