Page 1 of 2
unique id in form problem
Posted: Wed Apr 07, 2004 10:37 pm
by allelopath
I'm having difficulty getting a unique id for a form submission to work
The id is 'token' here.
It doesn't get assigned a value.
Here's the form:
Code: Select all
<form action="$_SERVER[PHP_SELF]" method="post">
<?php $token = md5(uniqid(rand(), true)); ?>
<table>
<tr>
<td>
<b>First name:</b>
</td>
<td>
<input type="text" name="firstName" size="30">
</td>
</tr>
</table>
<!-- create hidden field with unique id to prevent multiple submission of same form -->
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="Submit">
</form>
and then later i try to access it:
echo 'token: ' . $_POST['token'] ;
but nothing is printed out after 'token:'
What am i doing wrong?
Posted: Wed Apr 07, 2004 11:12 pm
by Illusionist
<form action="$_SERVER[PHP_SELF]" method="post">
change to
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Posted: Thu Apr 08, 2004 12:09 am
by allelopath
Thanks for your reply.
I cut'n'pasted that line, and i get a parse error:
Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING
Posted: Thu Apr 08, 2004 6:05 am
by Illusionist
i really dont think that you did. My code works perfect, i jsut tested it. It something with your other code. It might help if you post al you code around there
Posted: Thu Apr 08, 2004 9:24 am
by omom
for some reason, if i remove the quotes from PHP_SELF, it parses.
<form action="<?php echo $_SERVER[PHP_SELF]; ?>" method="post">
this isn't right, though, i know the quotes need to be there.
Posted: Thu Apr 08, 2004 9:28 am
by magicrobotmonkey
Change $_SERVER[PHP_SELF] to $_SERVER['PHP_SELF'] is proper
Posted: Thu Apr 08, 2004 9:45 am
by Steveo31
Code: Select all
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<?php $token = md5(uniqid(rand(), true)); ?>
<table>
<tr>
<td>
<b>First name:</b>
</td>
<td>
<input type="text" name="firstName" size="30">
</td>
</tr>
</table>
<!-- create hidden field with unique id to prevent multiple submission of same form -->
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="Submit">
</form>
There.
Posted: Thu Apr 08, 2004 10:25 am
by markl999
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
As Illusionist said, you'd need to echo it otherwise it won't display

<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
Posted: Sat Apr 10, 2004 10:16 pm
by allelopath
Here's the entire file, stripped to a minimum, in which a get the parse error on the <form action...? line.
Can anyone tell me whats wrong?
<?php
require 'DB.php';
if (isset($_POST['stage']) && ('process' == $_POST['stage']))
{
//process_form();
}
else
{
print_form();
}
function print_form()
{
echo <<<END
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<?php $token = md5(uniqid(rand(), true)); ?>
<table>
<tr>
<td>
<b>First name:</b>
</td>
<td>
<input type="text" name="firstName" size="30">
</td>
</tr>
</table>
<!-- create hidden field with unique id to prevent multiple submission of same form -->
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="Submit">
</form>
END;
}
?>
Posted: Sat Apr 10, 2004 10:37 pm
by d3ad1ysp0rk
Code: Select all
<?php
require 'DB.php';
if (isset($_POST['stage']) && ('process' == $_POST['stage']))
{
//process_form();
}
else
{
print_form();
}
function print_form()
{
$token = md5(uniqid(rand(), true));
$file = $_SERVER['PHP_SELF'];
echo <<<END
<form action="$file" method="post">
<table>
<tr>
<td>
<b>First name:</b>
</td>
<td>
<input type="text" name="firstName" size="30">
</td>
</tr>
</table>
<!-- create hidden field with unique id to prevent multiple submission of same form -->
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="Submit">
</form>
END;
}
?>
Try that
Posted: Sat Apr 10, 2004 10:42 pm
by feyd
you're using <? tags in heredoc (legal? never tried it)
Posted: Sat Apr 10, 2004 10:44 pm
by d3ad1ysp0rk
me or him?
i was until i tried running what I posted, then edited it.
now it works.
Posted: Sat Apr 10, 2004 10:47 pm
by feyd
him..
Posted: Sun Apr 11, 2004 1:15 am
by William
You can always just use:
Code: Select all
<form action="<?=$_SERVER['PHP_SELF'] ?>" method="post">
Posted: Sun Apr 11, 2004 3:48 pm
by allelopath
LiLpunkSkateR,
Your code that takes the $_SERVER['PHP_SELF'] out of the <form...> tag works!
I still have one problem though.
'token' is being assigned a value (a 32 character string) in the print_form function, but the value doesn't seem to make it to the process_form function. I echo the value of token and when it is assigned (e.g. 86a7b6e6e8412e8aecc9e88ed58fd06a), but when I print it out in the process_form function, it seems to have lost its value (nothing is output from the echo statement).
So the value is being assigned to the value $token, but apparently not making it into the $_POST array (in $_POST['token']). This would poin t to an error in the hidden field tag:
<input type="hidden" name="token" value="<?php echo $token; ?>">
Any idea what is wrong?
Code now looks like this:
<?php
require 'DB.php';
if (isset($_POST['stage']) && ('process' == $_POST['stage']))
{
process_form();
}
else
{
print_form();
}
// ----------------------------------------------------------------------------
function print_form()
{
$token = md5(uniqid(rand(), true));
echo 'token = ' . $token;
$file = $_SERVER['PHP_SELF'];
echo <<<END
<form action="$file" method="post">
<table>
<tr>
<td>
<b>First name:</b>
</td>
<td>
<input type="text" name="firstName" size="30">
</td>
</tr>
</table>
<!-- create hidden field with unique id to prevent multiple submission of same form -->
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="hidden" name="stage" value="process">
<input type="submit" value="Submit">
</form>
END;
}
// ----------------------------------------------------------------------------
// process form
// validate, submit form data to db, start download
// ----------------------------------------------------------------------------
function process_form()
{
echo 'Thanks for submitting, ' . $_POST['firstName'] ;
echo '<br>';
echo 'token: ' . $_POST['token'] ;
echo '<br>';
}
?>