Page 1 of 2

unique id in form problem

Posted: Wed Apr 07, 2004 10:37 pm
by allelopath
I'm having difficulty getting a unique id for a form submission to work
The id is 'token' here.
It doesn't get assigned a value.
Here's the form:

Code: Select all

<form action="$_SERVER[PHP_SELF]" method="post">

  <?php $token = md5(uniqid(rand(), true)); ?>

     <table>
      <tr>
        <td>
          <b>First name:</b>
        </td>
        <td>
          <input type="text" name="firstName" size="30">
        </td>
      </tr>
      </table>
       <!-- create hidden field with unique id to prevent multiple submission of same form -->
      <input type="hidden" name="token" value="<?php echo $token; ?>">

      <input type="submit" value="Submit">

  </form>
and then later i try to access it:
echo 'token: ' . $_POST['token'] ;

but nothing is printed out after 'token:'

What am i doing wrong?

Posted: Wed Apr 07, 2004 11:12 pm
by Illusionist
<form action="$_SERVER[PHP_SELF]" method="post">
change to
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

Posted: Thu Apr 08, 2004 12:09 am
by allelopath
Thanks for your reply.
I cut'n'pasted that line, and i get a parse error:
Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

Posted: Thu Apr 08, 2004 6:05 am
by Illusionist
i really dont think that you did. My code works perfect, i jsut tested it. It something with your other code. It might help if you post al you code around there

Posted: Thu Apr 08, 2004 9:24 am
by omom
for some reason, if i remove the quotes from PHP_SELF, it parses.
<form action="<?php echo $_SERVER[PHP_SELF]; ?>" method="post">
this isn't right, though, i know the quotes need to be there.

Posted: Thu Apr 08, 2004 9:28 am
by magicrobotmonkey
Change $_SERVER[PHP_SELF] to $_SERVER['PHP_SELF'] is proper

Posted: Thu Apr 08, 2004 9:45 am
by Steveo31

Code: Select all

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post"> 

  <?php $token = md5(uniqid(rand(), true)); ?> 

     <table> 
      <tr> 
        <td> 
          <b>First name:</b> 
        </td> 
        <td> 
          <input type="text" name="firstName" size="30"> 
        </td> 
      </tr> 
      </table> 
       <!-- create hidden field with unique id to prevent multiple submission of same form --> 
      <input type="hidden" name="token" value="<?php echo $token; ?>"> 

      <input type="submit" value="Submit"> 

  </form>
There.

Posted: Thu Apr 08, 2004 10:25 am
by markl999
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
As Illusionist said, you'd need to echo it otherwise it won't display ;)
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">

Posted: Sat Apr 10, 2004 10:16 pm
by allelopath
Here's the entire file, stripped to a minimum, in which a get the parse error on the <form action...? line.
Can anyone tell me whats wrong?
<?php

require 'DB.php';

if (isset($_POST['stage']) && ('process' == $_POST['stage']))
{
//process_form();
}
else
{
print_form();
}

function print_form()
{
echo <<<END

<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">

<?php $token = md5(uniqid(rand(), true)); ?>

<table>
<tr>
<td>
<b>First name:</b>
</td>
<td>
<input type="text" name="firstName" size="30">
</td>
</tr>
</table>


<!-- create hidden field with unique id to prevent multiple submission of same form -->
<input type="hidden" name="token" value="<?php echo $token; ?>">

<input type="submit" value="Submit">

</form>


END;
}

?>

Posted: Sat Apr 10, 2004 10:37 pm
by d3ad1ysp0rk

Code: Select all

<?php

require 'DB.php';

if (isset($_POST['stage']) && ('process' == $_POST['stage']))
{
   //process_form();
}
else
{
   print_form();
}

function print_form()
{
   $token = md5(uniqid(rand(), true));
   $file = $_SERVER['PHP_SELF'];
   echo <<<END

   <form action="$file" method="post">



   <table>
   <tr>
   <td>
   <b>First name:</b>
   </td>
   <td>
   <input type="text" name="firstName" size="30">
   </td>
   </tr>
   </table>


   <!-- create hidden field with unique id to prevent multiple submission of same form -->
   <input type="hidden" name="token" value="<?php echo $token; ?>">

   <input type="submit" value="Submit">

   </form>
END;
}
?>
Try that

Posted: Sat Apr 10, 2004 10:42 pm
by feyd
you're using <? tags in heredoc (legal? never tried it)

Posted: Sat Apr 10, 2004 10:44 pm
by d3ad1ysp0rk
me or him?

i was until i tried running what I posted, then edited it.

now it works.

Posted: Sat Apr 10, 2004 10:47 pm
by feyd
him..

Posted: Sun Apr 11, 2004 1:15 am
by William
You can always just use:

Code: Select all

<form action="<?=$_SERVER['PHP_SELF'] ?>" method="post">

Posted: Sun Apr 11, 2004 3:48 pm
by allelopath
LiLpunkSkateR,
Your code that takes the $_SERVER['PHP_SELF'] out of the <form...> tag works!

I still have one problem though.
'token' is being assigned a value (a 32 character string) in the print_form function, but the value doesn't seem to make it to the process_form function. I echo the value of token and when it is assigned (e.g. 86a7b6e6e8412e8aecc9e88ed58fd06a), but when I print it out in the process_form function, it seems to have lost its value (nothing is output from the echo statement).

So the value is being assigned to the value $token, but apparently not making it into the $_POST array (in $_POST['token']). This would poin t to an error in the hidden field tag:
<input type="hidden" name="token" value="<?php echo $token; ?>">

Any idea what is wrong?

Code now looks like this:

<?php

require 'DB.php';

if (isset($_POST['stage']) && ('process' == $_POST['stage']))
{
process_form();
}
else
{
print_form();
}

// ----------------------------------------------------------------------------
function print_form()
{
$token = md5(uniqid(rand(), true));
echo 'token = ' . $token;

$file = $_SERVER['PHP_SELF'];

echo <<<END

<form action="$file" method="post">

<table>
<tr>
<td>
<b>First name:</b>
</td>
<td>
<input type="text" name="firstName" size="30">
</td>
</tr>
</table>


<!-- create hidden field with unique id to prevent multiple submission of same form -->
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="hidden" name="stage" value="process">

<input type="submit" value="Submit">

</form>
END;
}

// ----------------------------------------------------------------------------
// process form
// validate, submit form data to db, start download
// ----------------------------------------------------------------------------
function process_form()
{
echo 'Thanks for submitting, ' . $_POST['firstName'] ;
echo '<br>';
echo 'token: ' . $_POST['token'] ;
echo '<br>';

}

?>