Hello everyone,
I am new to this forum, and also quite new to PHP! Hopefully someone is able to help me with my problem or direct me in a different direction if I have come to the completely wrong place!
Say I had a form with two input boxes, one for first name and one for second name. When you press submit I would like the two strings entered to concatenate to give me a full name. For example, if I enter Joe and Bloggs, the result given is Joe Bloggs. This is simple enough to have the form on one page then have the result appear on another page when I press submit. However, if I wanted the result of the concatenation to appear below the form itself on the same page when I press submit, would that be possible or would I need to use AJAX or something of a similar nature?
This is probably very simple but is this something that would be possible with HTML and PHP alone, or could someone help me or point me in the right direction as to how I would go about doing this.
Cheers!
Using PHP to concatenate string values entered into a form
Moderator: General Moderators
Re: Using PHP to concatenate string values entered into a fo
Hello Danberz,
think this might help
think this might help
Code: Select all
<?php
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
echo "$firstname $lastname";
?>
<html>
<form method="post" action="<?php echo $PHP_SELF;?>">
First Name:<input type="text" size="12" maxlength="12" name="firstname" /> <br />
Last Name:<input type="text" size="12" maxlength="36" name="lastname" /> <br />
<input type="submit" value="Submit" />
</form>
</html>
Re: Using PHP to concatenate string values entered into a fo
Brilliant, that works perfectly. Thanks for getting back to me so quickly!
Quick question though, what if I wanted to run the PHP script from a different file, rather than having to include my code at the top? Also, are there any security issues with implementing the task this way, for example, couldn't a malicious user pass in a JavaScript this way?
I may be completely wrong.
Quick question though, what if I wanted to run the PHP script from a different file, rather than having to include my code at the top? Also, are there any security issues with implementing the task this way, for example, couldn't a malicious user pass in a JavaScript this way?
I may be completely wrong.
Re: Using PHP to concatenate string values entered into a fo
You can include PHP from a different file (we'll name it diff_file.php) this way:Danberz wrote:Brilliant, that works perfectly. Thanks for getting back to me so quickly!
Quick question though, what if I wanted to run the PHP script from a different file, rather than having to include my code at the top? Also, are there any security issues with implementing the task this way, for example, couldn't a malicious user pass in a JavaScript this way?
I may be completely wrong.
index.php code
Code: Select all
<?php
include 'diff_file.php';
?>
<html>
<form method="post" action="<?php echo $PHP_SELF;?>">
First Name:<input type="text" size="12" maxlength="12" name="firstname" /> <br />
Last Name:<input type="text" size="12" maxlength="36" name="lastname" /> <br />
<input type="submit" value="Submit" />
</form>
</html>Code: Select all
<?php
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
echo "$firstname $lastname";
?>
Yeah, there are security issues implementing task this way, and you can fix them by doing the following change(s) to the diff_file.php:
Code: Select all
<?php
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$firstname = mysql_real_escape_string($firstname);
$lastname = mysql_real_escape_string($lastname);
echo "$firstname $lastname";
?>Re: Using PHP to concatenate string values entered into a fo
Thanks for the help! Works well, cheers!
Re: Using PHP to concatenate string values entered into a fo
FYI, you should only be using mysql_real_escape_string before the data is being added to a database (it should be the very last thing to happen to the data). In this example, it is useless to escape before echoing to the web browser - in fact, the code provided most recently would throw an error as there isn't even a MySQL connection.
You should be running htmlentities() or strip_tags(), before outputting to the browser to ensure there aren't any XSS vulnerabilities
E.g.
You should be running htmlentities() or strip_tags(), before outputting to the browser to ensure there aren't any XSS vulnerabilities
E.g.
Code: Select all
<?php
if(isset($_POST['submit']))
{
//Sanitize Data
$firstname = strip_tags(htmlentities($_POST['firstname']));
$lastname = strip_tags(htmlentities($_POST['lastname']));
//Output to browser
echo "$firstname $lastname<br />";
//Or ...
echo $firstname . ' ' . $lastname;
}
?>
<html>
<form method="post" action="<?php echo $PHP_SELF;?>">
First Name:<input type="text" size="12" maxlength="12" name="firstname" /> <br />
Last Name:<input type="text" size="12" maxlength="36" name="lastname" /> <br />
<input type="submit" name="submit" value="Submit" />
</form>
</html>