Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New Coder
    Join Date
    Jul 2009
    Posts
    43
    Thanks
    13
    Thanked 0 Times in 0 Posts

    Prevent Hidden Fields From Being Passed

    How would I prevent hidden fields from being passed unless someone selects them?

    The problem is I have a shopping cart type script where a person can input a quantity into small form. The input type is hidden and the value is always present. I can't change the value to static, because its dynamic.

    Any advice would be greatly appreciated.

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    I might not be understanding this right, but why is it necessary to not pass them?
    If someone doesn't enter a quantity, what difference does it make?

    Maybe you can give us an actual example (link to your site) and also tell us what
    shopping cart script you're using.

  • #3
    Regular Coder seco's Avatar
    Join Date
    Nov 2008
    Location
    Oregon
    Posts
    687
    Thanks
    6
    Thanked 79 Times in 77 Posts
    remove it?

  • #4
    New Coder
    Join Date
    Jul 2009
    Posts
    43
    Thanks
    13
    Thanked 0 Times in 0 Posts
    PHP Code:
    <tr valign="top">
          <td width="92%" align="left">

                <div align="right">

    <a href="javascript:void();" title="requireclick=[on] cssbody=[dogvdvbdy] cssheader=[dogvdvhdr] header=[<?php echo $row_accessories['name']; ?>] body=[<center>

          <?php echo text1($row_accessories['description']); ?>]"><strong><?php echo $row_accessories['name']; ?></strong></a></div>
           </td>
               <td width="8%">
                    
                  <input name="quantity1<?php echo $accessories_nm?>" type="text" size="5" />
                  <input type="hidden" name="name<?php echo $accessories_nm?>" value="<?php echo $row_accessories['name']; ?>">
                  <input type="hidden" name="price<?php echo $accessories_nm?>" value="<?php echo $row_accessories['price']; ?>">
                  <input type="hidden" name="XC_recordId<?php echo $accessories_nm?>" value="<?php echo $row_accessories['id_store_accessory']; ?>">
                     
                        
                      <?php $accessories_nm++; ?>

          </td>
    </tr>
    This is on xcart. Basically, I took over this site and the previous guys have put a mishmash of things together, like using xcart forms, but not the actual shopping cart, etc... At this point I'm just trying to hack some things together. I do SEO, not programming as you can probably tell

    Anyway, the above code spits out about 12 times for 12 different items depending on the title of the page. The user can input the quantity he's interested in next to anyone of the item listed. He then submits his email and bam done.

    The problem is, as you can see, the value gets auto filled for every item and gets passed whether the user is interested in it or not.

    If anyone wants to see the page, I'd be happy to PM you the link, but I'd rather not post it live.

  • #5
    Regular Coder ohgod's Avatar
    Join Date
    Jun 2008
    Location
    Ohio
    Posts
    579
    Thanks
    6
    Thanked 69 Times in 69 Posts
    so what does it matter if it gets passed?

  • #6
    New Coder
    Join Date
    Jul 2009
    Posts
    43
    Thanks
    13
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by ohgod View Post
    so what does it matter if it gets passed?

    I'm sorry, I wasn't clear. Since they all get passed , they all get echoed out in the email they and I receive. Not just the items they chose.

    So in an email to me for a quote on 3 different products they chose, instead I'm getting all the items every time.

    Here's the sendmail.php file that process this form. I'm not sure if that's where the change has to be made.
    PHP Code:
    <?php
      $email 
    $_POST['email'] ;
      
    $product=$_POST['product'];
      
    $subject=$_POST['subject'];
      
    $ip=$_POST['ip'];
      
    $url$_POST['url'];
      
    $location $_POST['location']; 
      
    $n1=$_POST['name1'];
      
    $n2=$_POST['name2'];
      
    $n3=$_POST['name3'];
      
    $n4=$_POST['name4'];
      
    $n5=$_POST['name5'];
      
    $n6=$_POST['name6'];
      
    $n7=$_POST['name7'];
      
    $n8=$_POST['name8'];
      
    $n9=$_POST['name9'];
      
    $n10=$_POST['name10'];
      
    $n11=$_POST['name11'];
     
      
      
    $recipients "test@gmail.com, $email";

      
    $message="
      Request From: $email
      From IP: $ip  
      Location: $location 
      Referring URL: $url 
      Interested In:  $product \n
    //here is where all the items are displayed
      $n1 
      $n2
      $n3
      $n4
      $n5
      $n6
      $n7
      $n8
      $n9
      $n10
      $n11
      
      "
    ;
     
      
    mail"$recipients""$email Quote For a $subject "$message "From: $email " );
      
      
    header("location:result.php?email=$email&product=$product");

    ?>

  • #7
    Regular Coder ohgod's Avatar
    Join Date
    Jun 2008
    Location
    Ohio
    Posts
    579
    Thanks
    6
    Thanked 69 Times in 69 Posts
    it would be more appropriate to alter your mail handling to only include those that have been selected. you'd assign all those inputs with a default of zero or null, and then only parse them for mail if they've been changed.

    you should really be processing and santizing that input anyway for security reasons...

  • Users who have thanked ohgod for this post:

    GenVic (08-26-2009)

  • #8
    New Coder
    Join Date
    Jul 2009
    Posts
    43
    Thanks
    13
    Thanked 0 Times in 0 Posts
    Thanks, some code or pointing me in the right direction would be very helpful. As far as sanatizing, yes, I still need to do that, this is all just being tested.

  • #9
    Regular Coder ohgod's Avatar
    Join Date
    Jun 2008
    Location
    Ohio
    Posts
    579
    Thanks
    6
    Thanked 69 Times in 69 Posts
    i'd suggest a mod moving this to the php section then. you'll get more examples and ideas then you'll know what to do with.

  • #10
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    GenVIC,
    If you're satisfied with the form itself, and you think that just
    modifying the email is OK, let us know. Maybe tomorrow I can
    come up with a PHP modification for that ... unless someone
    else beats me to it. I mention this because a moderator might
    not move this thread.

  • Users who have thanked mlseim for this post:

    GenVic (08-26-2009)

  • #11
    New Coder
    Join Date
    Jul 2009
    Posts
    43
    Thanks
    13
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by mlseim View Post
    GenVIC,
    If you're satisfied with the form itself, and you think that just
    modifying the email is OK, let us know. Maybe tomorrow I can
    come up with a PHP modification for that ... unless someone
    else beats me to it. I mention this because a moderator might
    not move this thread.
    Awesome, yes I think it should be moved to the PHP Section. Thanks mlseim.

  • #12
    New Coder
    Join Date
    Jul 2009
    Posts
    43
    Thanks
    13
    Thanked 0 Times in 0 Posts
    Okay guys, thanks for the help, but I figured this one out.

    Stupid mistake , I was using a test sendmail form, but the native one had this built in already and was processing as $_SERVER["PHP_SELF.

    Duh!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •