Page 1 of 1

php not getting one html variable in a form

Posted: Mon Jun 30, 2003 12:54 pm
by m3rajk
on top of the orginal question (below) i'm wondering about (db--username check related) when mysql says it retuns false if it doesn't get anything, is that the same as NULL in php? i'm wondering because if so then i know how to check the username against the db (check to see if i can return anything when querying for the username) if not, does it return the string 'false' or a number (generally 0 from my experience)?

Code: Select all

<?php 
$db=mysql_connect(/* stuff to connect */); 
$user=mysql_query("select * from main-user-table where username=$un", $db); 
if($user!==NULL){ 
  $err=TRUE; $errs[]='the username you desire is already in use, please choose a new username'; 
}?>
this is a multiple step form. in step 4, the step variable isn't being passed.

i can't figure out why. is this a php issue or an html issue?

text display of full code: http://people.brandeis.edu/~m3rajk/JMT/ ... signup.txt
code in action: http://people.brandeis.edu/~m3rajk/JMT/ ... signup.php

step 4:

Code: Select all

}elseif(($step==4)&&($err)){ # an error was found in step4
    bgnpg('no', $step); errreport($step, $errs); s4();
  }elseif($step==4){ # get the validation code and let them upload pics
    bgnpg('no', $step); s4();

function bgnpg($cookie, $step){
  if($cookie=='yes'){ # set the cookie with the validation code
    $conf=md5(uniqid(microtime(),1)); # make unique id
    $expire=time()+60*60; # set expiration an hour from now
    setcookie(confcode, $conf, $expire); #create cookie
  }
  if($step==3){
    $un=md5($_POST['un']);
    $expire=time()+60*60; # set expiration an hour from now
    setcookie(un, $un, $expire);
  }
  ?><html>
  <head>
    <title>FindYourDesire.com Signup page -- <? echo $step; ?></title>
    <meta name="Author" content="coded by: Josh Perlmutter; images by Morgan O'Brien-Bledsow & Tamara Collette all rights reserved">
    <style type="text/css">
      <!-- this comment is for non-css compliant browsers
      {text-decoration=none}
      end of css -->
    </style>
  </head>
  <body bgcolor="#000000" text="#c8c8c8" alink="#fc00ff" vlink="#00e0c4" link="#ffffff">
    <center><p>&nbsp;</p>
      <!-- banner goes here -->
      <!-- ad bar goes here -->
 <?php
}

function errreport($step, $errs){
  if($step==1){ # report errors in step1
    foreach($errs as $err){
      echo "      <h1><font color="#ff0000">YOU MUST AGREE TO THE $err!</font></h1>";
    }
  }elseif($step==2){ # report errors in step2
    foreach($errs as $err){
      echo "      <h1><font color="#ff0000">$err</font></h1>";
    }
  }else{ # report errors of step4
    foreach($errs as $err){
      $val=$_POST['conf'];
      echo "<h1>debug line: validation code submitted: $val</h1>";
      echo "      <h1><font color="#ff0000">$err</font></h1>";
    }
  }
}

function s4(){
  ?>      <h1>THIS IS A TEST. IT DOES NOT HAVE A DATABASE CONNECTION NOR DOES IT CHECK USERNAMES. THIS LINE WILL BE REMOVED IN THE REAL ONE </h1>
      
      <p>Thank you for your interest in joining FindYourDesire.com. We need to know some things about you in order to make your profile here. Any feild in <font color="#ff0000">RED</font> is required. Any feild marked with an * is confidential and will NOT show up in your user stats. Any feild with a &#176; will not show up in your user stats, but is collected for future features. You will be notified before they are used.</p>
      <h2>NOTE: MAXIMUM PICTURE SIZE IS 150 KB</h2>
      <form enctype="multipart/form-data" action="<?php echo $_SERVER[PHP_SELF]; ?>" method="POST">
	<input type="hidden" name="step" value="5"><input type="hidden" name="MAX_FILE_SIZE" value="153600">
	<table frame="void" bgcolor="#000000" border="0" cellpadding="0" cellspacing="0" text="#c8c8c8">
	    <tr><td>Your <a name="#confcode" href="#confcode" onClick="window.open('faq.php?seek=confcode', 'faq', 'width=500,height=250,scrollbars=yes');">Confirmation Code</a></td><td><input type="text" name="conf" size="25"></td></tr>
	    <tr><td>Upload your main picture</td><td><input type="file"  accept="image/jpeg" name="main" size="25"></td></tr>
	    <tr><td>Upload Thumb 1</td><td><input type="file"  accept="image/jpeg" name="t1" size="25"></td></tr>
	    <tr><td>Upload Thumb 2</td><td><input type="file"  accept="image/jpeg" name="t2" size="25"></td></tr>
	    <tr><td>Upload Thumb 3</td><td><input type="file"  accept="image/jpeg" name="t3" size="25"></td></tr>
	    <tr><td>Upload Thumb 4</td><td><input type="file"  accept="image/jpeg" name="t4" size="25"></td></tr>
	    <tr><td>Upload your <a name="#salute" href="#salute" onClick="window.open('faq.php?seek=salute', 'faq', 'width=500,height=250,scrollbars=yes');">salute</a></td><td><input type="file"  accept="image/jpeg" name="salute" size="25"></td></tr>
	    <tr><td><input type="submit" value="Go To The Next Step"></td><td><input type="reset" value="Restart This Step"></td></tr>
	</table>
    </center>
  </body>
</html>
 <?php
}

Posted: Mon Jun 30, 2003 3:57 pm
by m@ndio
what is the variable step?

Posted: Mon Jun 30, 2003 7:48 pm
by m3rajk
step is a variable to know how far you've gone.

this actually has 5 steps. the inital one you start on, one you get moved to after agreeing to the inital page, one you move to after that... until we have all the information.

step keeps track of how far you are...

Posted: Tue Jul 01, 2003 12:39 pm
by m3rajk
note: prior to this it was working... when i fixed the issue witht eh space and period being in the code i also added the maximum file size

One thing...

Posted: Tue Jul 01, 2003 2:21 pm
by tal3323
One thing I can't figure out is why you're not starting the code off within <?php ?> tags. I would understand if it was all supposed to be html but you're using php variables and functions up there with no php tags.

Re: One thing...

Posted: Tue Jul 01, 2003 4:17 pm
by m3rajk
tal3323 wrote:One thing I can't figure out is why you're not starting the code off within <?php ?> tags. I would understand if it was all supposed to be html but you're using php variables and functions up there with no php tags.
because that is NOT the full code. if you click the link to the full code, you'll notice it's missing an opening <?php

it's missing that so it'll display as text

Posted: Thu Jul 03, 2003 12:52 pm
by patrikG
So much code.../sigh

you can replace

Code: Select all

<?php
/* ***************************************************
   ** set any and all variables that need to be set **
   *************************************************** */

$step=$_POST['step']; # what step are we on?
   # variables for step 1
$lw=$_POST['lw']; $gtu=$_POST['gtu']; $fcc=$_POST['fcc']; $pp=$_POST['pp']; # liability waiver, general terms of use, forum civility code, privacy policy
   # variables for step 2
$un=$_POST['un']; $pw=$_POST['pw']; $pwc=$_POST['pwc']; $email=$_POST['email']; $dobm=$_POST['month']; $dobd=$_POST['day']; $doby=$_POST['year']; $gender=$_POST['gender']; $sexpref=$_POST['sexpref']; $marstat=$_POST['marstat']; $country=$_POST['country']; $feet=$_POST['feet']; $inches=$_POST['inches']; $waist=clean($_POST['waist']); $eye=clean($_POST['eye']); $hair=clean($_POST['hair']); $weight=clean($_POST['weight']); $body=$_POST['body']; $education=$_POST['education ']; $employment=$_POST['employment']; $religion=clean($_POST['religion']); $ethnicity=clean($_POST['ethnicity']); $city=clean($_POST['city']); $spt=$_POST['spt']; $czodiac=$_POST['czodiac']; $rzodiac=$_POST['rzodiac']; $selfcat=$_POST['selfcat']; $aim=$_POST['aim']; $icq=clean($_POST['icq']); $mirc=clean($_POST['mirc']); $msn=$_POST['msn']; $yim=$_POST['yim']; # || username, password, password check, email || date of birth month/day/year, gender, sexual preference, marital status, country, height (feet/inches), waist, eye, hair, weight, body type, education level, employment status, religion, ethnicity, city, state/province/territory, chinese zodiac, regular zodiac, selfcat || aim, icq, mirc, msn, yim
   # variables for step 3
$bq1=clean($_POST['bq1']); $bq2=clean($_POST['bq2']); $bq3=clean($_POST['bq3']); $bq4=clean($_POST['bq4']); $auth=clean($_POST['auth']); $bio=clean($_POST['bio']); $music=$_POST['music']; $books=$_POST['books']; $movies=$_POST['movies']; $sports=$_POST['sports']; $_POST['misc']; # answers to bio questions 1-4, an author for the quote, and a space to write a open bio || interests: movies, books, music, sports, misc
   # variables for step 4
$conf=$_POST['conf']; # confirmation code, uploaded files dealt with in processing
?>
with

Code: Select all

<?php
extract($_POST);
?>
Generally, you have created a "god-function" (looking at http://people.brandeis.edu/~m3rajk/JMT/ ... signup.txt), which is a bad thing. Why? Because one totally looses perspective of what is actually happening. Debugging becomes a nightmare and you wade through code instead of designing an API.

Try coding functions that fit on one screen and keep them simple.

You can replace all this

Code: Select all

<?php
 else{ #only bother if the confcode is right
      # process the uploaded files (if any)

      if($_FILES['main']['name']){ # if they uploaded a file
	if(153600<$_FILES['main']['size']){ # make sure it isn't over 150 KB
	  $err=TRUE; $step=4; $merr=TRUE;
	  $errs[]='Your Main picture was too large. You may not upload a file over 153600 Bytes (150 KB)';
	}
	if('image/jpeg'!==$_FILES['main']['type']){ # only accept jpegs
	  $err=TRUE; $step=4; $merr=TRUE;
	  $errs[]='Your Main picture was not a JPEG. JPEG encoded files traditionally end with .jpe, .jpg, and .jpeg on windows.';
	}
	if($_FILES['main']['error'] !== (0 || 'UPLOAD_ERR_OK')){ # if there was an error
	  $err=TRUE; $step=4; $error=$_FILES['main']['error']; $merr=TRUE;
	  $errs[]='Uploading your Main Picture caused an error: '.$error;
	}
	if(!($merr)){ # if there wasn't an issue, move to the awaiting approval bin -- humans will check it's ok
	  $un=$_COOKIE['un']; $to='/var/www/html/findyourdesire/unapproved/'.$un.'.jpg';
	  move_uploaded_file($_FILES['main']['tmp'], $to);
	  $errs[]='main was uploaded sucessfully'; # incase something else went wrong
	}
      }

      if($_FILES['t1']['name']){ # if they uploaded a file
	if(153600<$_FILES['t1']['size']){ # make sure it isn't over 150 KB
	  $err=TRUE; $step=4; $t1err=TRUE;
	  $errs[]='Your 1st thumb was too large. You may not upload a file over 153600 Bytes (150 KB)';
	}
	if('image/jpeg'!==$_FILES['t1']['type']){ # only accept jpegs
	  $err=TRUE; $step=4; $t1err=TRUE;
	  $errs[]='Your 1st thumb was not a JPEG. JPEG encoded files traditionally end with .jpe, .jpg, and .jpeg on windows.';
	}
	if($_FILES['t1']['error'] !== (0 || 'UPLOAD_ERR_OK')){ # if there was an error
	  $err=TRUE; $step=4; $error=$_FILES['t1']['error']; $t1err=TRUE;
	  $errs[]='Uploading your 1st thumb caused an error: '.$error;
	}
	if(!($t1err)){ # if there wasn't an issue, move to the awaiting approval bin -- humans will check it's ok
	  $un=$_COOKIE['un']; $to='/var/www/html/findyourdesire/unapproved/t1.'.$un.'.jpg';
	  move_uploaded_file($_FILES['t1']['tmp'], $to);
	  $errs[]='thumb 1 was uploaded sucessfully'; # incase something else went wrong
	}
      }

      if($_FILES['t2']['name']){ # if they uploaded a file
	if(153600<$_FILES['t2']['size']){ # make sure it isn't over 150 KB
	  $err=TRUE; $step=4; $t2err=TRUE;
	  $errs[]='Your 2nd thumb was too large. You may not upload a file over 153600 Bytes (150 KB)';
	}
	if('image/jpeg'!==$_FILES['t2']['type']){ # only accept jpegs
	  $err=TRUE; $step=4; $t2err=TRUE;
	  $errs[]='Your 2nd thumb was not a JPEG. JPEG encoded files traditionally end with .jpe, .jpg, and .jpeg on windows.';
	}
	if($_FILES['t2']['error'] !== (0 || 'UPLOAD_ERR_OK')){ # if there was an error
	  $err=TRUE; $step=4; $error=$_FILES['t2']['error']; $t2err=TRUE;
	  $errs[]='Uploading your 2nd thumb caused an error: '.$error;
	}
	if(!($t2err)){ # if there wasn't an issue, move to the awaiting approval bin -- humans will check it's ok
	  $un=$_COOKIE['un']; $to='/var/www/html/findyourdesire/unapproved/t2.'.$un.'.jpg';
	  move_uploaded_file($_FILES['t2']['tmp'], $to);
	  $errs[]='thumb 2 was uploaded sucessfully'; # incase something else went wrong
	}
      }

      if($_FILES['t3']['name']){ # if they uploaded a file
	if(153600<$_FILES['t3']['size']){ # make sure it isn't over 150 KB
	  $err=TRUE; $step=4; $t3err=TRUE;
	  $errs[]='Your 3rd thumb was too large. You may not upload a file over 153600 Bytes (150 KB)';
	}
	if('image/jpeg'!==$_FILES['t3']['type']){ # only accept jpegs
	  $err=TRUE; $step=4; $t3err=TRUE;
	  $errs[]='Your 3rd thumb was not a JPEG. JPEG encoded files traditionally end with .jpe, .jpg, and .jpeg on windows.';
	}
	if($_FILES['t3']['error'] !== (0 || 'UPLOAD_ERR_OK')){ # if there was an error
	  $err=TRUE; $step=4; $error=$_FILES['t3']['error']; $t3err=TRUE;
	  $errs[]='Uploading your 3rd thumb caused an error: '.$error;
	}
	if(!($t3err)){ # if there wasn't an issue, move to the awaiting approval bin -- humans will check it's ok
	  $un=$_COOKIE['un']; $to='/var/www/html/findyourdesire/unapproved/t3.'.$un.'.jpg';
	  move_uploaded_file($_FILES['t3']['tmp'], $to);
	  $errs[]='thumb 3 was uploaded sucessfully'; # incase something else went wrong
	}
      }

      if($_FILES['t4']['name']){ # if they uploaded a file
	if(153600<$_FILES['t4']['size']){ # make sure it isn't over 150 KB
	  $err=TRUE; $step=4; $t4err=TRUE;
	  $errs[]='Your 4th thumb was too large. You may not upload a file over 153600 Bytes (150 KB)';
	}
	if('image/jpeg'!==$_FILES['t4']['type']){ # only accept jpegs
	  $err=TRUE; $step=4; $t4err=TRUE;
	  $errs[]='Your 4th thumb was not a JPEG. JPEG encoded files traditionally end with .jpe, .jpg, and .jpeg on windows.';
	}
	if($_FILES['t4']['error'] !== (0 || 'UPLOAD_ERR_OK')){ # if there was an error
	  $err=TRUE; $step=4; $error=$_FILES['t4']['error']; $t4err=TRUE;
	  $errs[]='Uploading your 4th thumb caused an error: '.$error;
	}
	if(!($t4err)){ # if there wasn't an issue, move to the awaiting approval bin -- humans will check it's ok
	  $un=$_COOKIE['un']; $to='/var/www/html/findyourdesire/unapproved/t4.'.$un.'.jpg';
	  move_uploaded_file($_FILES['t4']['tmp'], $to);
	  $errs[]='thumb 4 was uploaded sucessfully'; # incase something else went wrong
	}
      }
?>
with

Code: Select all

<?php
$images=array("main"=>"Main Picture","t1"=>"Thumbnail 1","t2"=>"Thumbnail 2","t3"=>"Thumbnail 3","t4"=>"Thumbnail 4");
foreach($images as $key=>$value){
      if($_FILES[$key]['name']){ # if they uploaded a file
   if(153600<$_FILES[$key]['size']){ # make sure it isn't over 150 KB
     $err=TRUE; $step=4; $merr=TRUE;
     $errs[]='Your $value was too large. You may not upload a file over 153600 Bytes (150 KB)';
   }
   if('image/jpeg'!==$_FILES[$key]['type']){ # only accept jpegs
     $err=TRUE; $step=4; $merr=TRUE;
     $errs[]='Your $value was not a JPEG. JPEG encoded files traditionally end with .jpe, .jpg, and .jpeg on windows.';
   }
   if($_FILES[$key]['error'] !== (0 || 'UPLOAD_ERR_OK')){ # if there was an error
     $err=TRUE; $step=4; $error=$_FILES[$key]['error']; $merr=TRUE;
     $errs[]='Uploading your $value caused an error: '.$error;
   }
   if(!($merr)){ # if there wasn't an issue, move to the awaiting approval bin -- humans will check it's ok
     $un=$_COOKIE['un']; $to='/var/www/html/findyourdesire/unapproved/'.$un.'.jpg';
     move_uploaded_file($_FILES[$key]['tmp'], $to);
     $errs[]='$value was uploaded sucessfully'; # incase something else went wrong
   }
      }
}
?>
Note: I haven't had time to test the code above for little errors.

Posted: Thu Jul 03, 2003 2:26 pm
by m3rajk
Patrick: i didn't know of the short for the images., and the reason i didn't use extract is because i want that clean function to run on most of them. the only ones it doesn't run on are e-mail, password, and username, all of which are checked elsewhere for validity

would extract(clean($_POST)) work? (i can then redo the email, pw and username i guess)

Posted: Thu Jul 03, 2003 3:03 pm
by patrikG
as long as clean($_POST) returns an array it should be fine.

Posted: Thu Jul 03, 2003 3:19 pm
by m3rajk
the way i wrote the clean function, it can only work on strings.

since i want to clean everything before i insert it into the db, i'll need to have those calls at some point.

Posted: Sun Jul 06, 2003 4:42 pm
by m3rajk
i've made a number of changes in the sign up so it will remember what you entered previously if there's an issue in step 2. however, this has had no effect on the previously posted issue where php is not picking up the step variable after step 4. there are two new issues though.
new issue 1: eye color will not display
new issue 2: if i include the states/provinces/territories, then it gives a parse error (note: it's not commented out in txt version) (parse error: Parse error: parse error, expecting `')'' in /usr/users/m3rajk/WWW/JMT/preview/phpprev/signup.php on line 367)
new issue 3: (db--username check related) when mysql says it retuns false if it doesn't get anything, is that the same as NULL in php? i'm wondering because if so then i know how to check the username against the db (check to see if i can return anything when querying for the username) if not, does it return the string 'false' or a number (generally 0 from my experience)?

i don't understand why either of these issues are occuring. there was an issue on the second one with two of the key=>value pairs being listed as key=value, but i fixed them. i can't find anything else, and i can't find the one in the eye color
i don't know if i'm too close to the code or if i don't know enough php

http://people.brandeis.edu/~m3rajk/JMT/ ... signup.php
http://people.brandeis.edu/~m3rajk/JMT/ ... signup.txt

new issue #1

Code: Select all

<tr><td>Eye Color</td><td><select size="1" name="eye"><?php
$eycolor=array('0'=>'Blue', '1'=>'Brown', '2'=>'Green', '3'=>'Grey', '4'=>'Hazel');
foreach($eyecolor as $key=>$color){
  if($_POST['eye']==$key){
    echo "<option value="$key" selected>$color</option>";
  }else{
    echo "<option value="$key">$color</option>";
  }
}?></select></td></tr>
(note hair color and some others were made witht eh same structure and work fine)

new issue #2

Code: Select all

<tr><td>State/Province/Territory&#176</td><td><select name="spt" size="1"><?php
$spts=array('00'=>'Alabama', '01'=>'Alaska', '02'=>'Alberta', '03'=>'American Samoa', '04'=>'Arizona', '05'=>'Arkansas', '06'=>'British Columbia', '07'=>'California', '08'=>'Colorado' '09'=>'Connecticut', '10'=>'Delaware', '11'=>'Federated States Of Micronesia', '12'=>'Florida', '13'=>'Georgia', '14'=>'Guam', '15'=>'Hawaii', '16'=>'Idaho' '17'=>'Illinois', '18'=>'Indiana', '19'=>'Iowa', '20'=>'Kansas', '21'=>'Kentucky', '22'=>'Louisiana', '23'=>'Maine', '24'=>'Manitoba', '25'=>'Marshall Islands', '26'=>'Maryland', '27'=>'Massachusetts', '28'=>'Michigan', '29'=>'Minnesota', '30'=>'Mississippi', '31'=>'Missouri', '32'=>'Montana', '33'=>'Nebraska', '34'=>'Nevada', '35'=>'New Brunswick', '36'=>'New Hampshire', '37'=>'New Jersey', '38'=>'New Mexico', '39'=>'New South Wales', '40'=>'New York', '41'=>'Newfoundland', '42'=>'North Carolina', '43'=>'North Dakota', '44'=>'Northern Mariana Islands', '45'=>'Northern Territory', '46'=>'Northwest Territories', '47'=>'Nova Scotia', '48'=>'Ohio', '49'=>'Oklahoma', '50'=>'Ontario', '51'=>'Oregon', '52'=>'Palau', '53'=>'Pennsylvania', '54'=>'Prince Edward Island', '55'=>'Puerto Rico', '56'=>'Quebec', '57'=>'Rhode Island', '58'=>'Saskatchewan', '59'=>'South Australia', '60'=>'South Carolina', '61'=>'South Dakota', '62'=>'Tasmania', '63'=>'Tennessee', '64'=>'Texas', '65'=>'Utah', '66'=>'Vermont', '67'=>'Victoria', '68'=>'Virgin Islands', '69'=>'Virginia', '70'=>'Washington', '71'=>'Washington DC', '72'=>'West Virginia', '73'=>'Western Australia', '74'=>'Wisconsin', '75'=>'Wyoming', '76'=>'Yukon', '77'=>'Not From A Listed Country');
foreach($spts as $key=>$value){
  if($_POST['spt']==$key){
    echo "<option value="$key" selected>$value</option>";
  }else{
    echo "<option value="$key">$value</option>";
  }
}?></select></td></tr>
new issue #3

Code: Select all

<?php
$db=mysql_connect(/* stuff to connect */);
$user=mysql_query("select * from main-user-table where username=$un", $db);
if($user!==NULL){
  $err=TRUE; $errs[]='the username you desire is already in use, please choose a new username';
}?>
old issue still needing help on

Code: Select all

<?php
function s4(){
  ?>      <h1>THIS IS A TEST. IT DOES NOT HAVE A DATABASE CONNECTION NOR DOES IT CHECK USERNAMES. THIS LINE WILL BE REMOVED IN THE REAL ONE </h1>
      
      <p>Thank you for your interest in joining FindYourDesire.com. We need to know some things about you in order to make your profile here. Any feild in <font color="#ff0000">RED</font> is required. Any feild marked with an * is confidential and will NOT show up in your user stats. Any feild with a &#176; will not show up in your user stats, but is collected for future features. You will be notified before they are used.</p>
      <h2>NOTE: MAXIMUM PICTURE SIZE IS 150 KB</h2>
      <form enctype="multipart/form-data" action="<?php echo $_SERVER[PHP_SELF]; ?>" method="POST">
	<input type="hidden" name="step" value="5"><input type="hidden" name="MAX_FILE_SIZE" value="153600">
	<table frame="void" bgcolor="#000000" border="0" cellpadding="0" cellspacing="0" text="#c8c8c8">
	    <tr><td>Your <a name="#confcode" href="#confcode" onClick="window.open('faq.php?seek=confcode', 'faq', 'width=500,height=250,scrollbars=yes');">Confirmation Code</a></td><td><input type="text" name="conf" size="25"></td></tr>
	    <tr><td>Upload your main picture</td><td><input type="file"  accept="image/jpeg" name="main" size="25"></td></tr>
	    <tr><td>Upload Thumb 1</td><td><input type="file"  accept="image/jpeg" name="t1" size="25"></td></tr>
	    <tr><td>Upload Thumb 2</td><td><input type="file"  accept="image/jpeg" name="t2" size="25"></td></tr>
	    <tr><td>Upload Thumb 3</td><td><input type="file"  accept="image/jpeg" name="t3" size="25"></td></tr>
	    <tr><td>Upload Thumb 4</td><td><input type="file"  accept="image/jpeg" name="t4" size="25"></td></tr>
	    <tr><td>Upload your <a name="#salute" href="#salute" onClick="window.open('faq.php?seek=salute', 'faq', 'width=500,height=250,scrollbars=yes');">salute</a></td><td><input type="file"  accept="image/jpeg" name="salute" size="25"></td></tr>
	    <tr><td><input type="submit" value="Go To The Next Step"></td><td><input type="reset" value="Restart This Step"></td></tr>
	</table>
    </center>
  </body>
</html>
 <?php
}
?>

Posted: Sun Jul 06, 2003 8:05 pm
by McGruff
Patrick wrote: extract($_POST)
Careful with using extract on any GPC input: a forged form, for example, can supply ANY variable name/value. If one of these has the same name as a legitimate var in the same scope as the extract line it gets overwritten with the forged value.

If that could be a problem in your script, this..

extract($_POST, EXTR_PREFIX_ALL, 'prefix_')

.. is safer. You could still wind up declaring a bunch of hacker vars but, since they aren't referenced in any way by your script, they won't do anything.

Posted: Sun Jul 06, 2003 10:51 pm
by m3rajk
McGruff-

that's a nice trick to know, but i think at this point i'm going to use the $name=clean($_POST['passedvariable']); instead since it preps it for entry into the db. (in some cases i don't want to encode for html removal till after i check so i use rtc($_POST['variable']); instead)

can you help with any problems in the post just previous to yours?

Posted: Mon Jul 07, 2003 12:07 am
by McGruff
This won't help you with your immediate problems, but in general the code you posted "feels" wrong imho. It maybe needs some modularisation.

As an example, you have the $spts array defined in the script: I would define that as a global variable - possibly in a config.php file, or maybe even store all the values in a db table (with a custom function to declare the array).

In your code, you would then have:

foreach ($GLOBALS['spts'] as $key=>$value) {

..or:

$spts = getStates(); // db query, build & return $spts array

foreach ($spts as $key=>$value) {

This instantly cuts out a dozen or more lines of code from your script - or rather moves them elsewhere. It doesn't change anything: it's really just a layout issue. With the code split up into bits, each with their own area of responsibility, it's much easier to debug problems.

Sorry I can't help more but I've got a dozen different things on the go and not enough time for any of them.