Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    New Coder
    Join Date
    Jan 2014
    Posts
    74
    Thanks
    11
    Thanked 0 Times in 0 Posts

    PHP won't recognise my form

    Hi all,


    I have a problem where PHP is not recognising my form. I have a single index page which pulls either 'main' or 'process' depending on what the user is doing. Here are the relevant bits of the code...

    'index.html'
    Code:
    <?php
    	session_start();
    	if ($_POST["securitycode"] == $securitycode) {
    		unset($securitycode);
    		include 'process';
    	} else {
    		include 'main';
    	}
    ?>
    'main'
    Code:
    <?php $securitycode = rand(100, 999); ?>
    <FORM action="" name="form">
    	<DIV>
    		<TEXTAREA cols="0" name="feedback" rows="0"></TEXTAREA>
    		<BR>
    		<BR>
    		Please enter the security code '<?php echo $securitycode; ?>': <INPUT class="securitycode" name="securitycode">
    		<BR>
    		<BR>
    		<INPUT type="submit" value="SEND">
    	</DIV>
    </FORM>
    What's happening is PHP is including 'process' no matter what. Does anyone know why?

  • #2
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    <FORM action="" name="form">

    should be

    <FORM action="POST">
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • Users who have thanked felgall for this post:

    Phaelon (03-05-2014)

  • #3
    New Coder
    Join Date
    Jan 2014
    Posts
    74
    Thanks
    11
    Thanked 0 Times in 0 Posts
    Nah, 'action' is the destination URL where the form submits to. What I think you mean is:

    <FORM action="" method="post" name="form">

    I tried that already, it doesn't work.

  • #4
    New Coder
    Join Date
    Jan 2014
    Posts
    74
    Thanks
    11
    Thanked 0 Times in 0 Posts
    PHP is including 'process' first page load up before I have even had the chance to see the form which is included in 'main'. Why is it doing this I am trying to understand.

  • #5
    Regular Coder djh101's Avatar
    Join Date
    May 2009
    Location
    California
    Posts
    626
    Thanks
    51
    Thanked 67 Times in 67 Posts
    If that is the entirety of your code, neither of those variables are set, so you have false == false which is true. $_POST["securitycode"] is not set because you don't have form method set to post (the default is get) and $securitycode is not set because when you submit the form, the page is reloaded and it hasn't been defined at the point where you are reading it.

    Debugging tip: If you are having trouble with a variable, echo it somewhere in your code. This way you the value will be visible as you fiddle with your code trying to find out what the issue is. Also, there are PHP tags designed specifically to contain PHP code in Advanced Reply mode.
    "Yeah science!"
    Online Science Tools

  • #6
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,108
    Thanks
    2
    Thanked 326 Times in 318 Posts
    'process' is being included because null == null (null is equal to null) in the following -
    Code:
    if ($_POST["securitycode"] == $securitycode) {
    $_POST["securitycode"] is a null because your form tag needs a method='post' attribute and $securitycode is a null because it only exists in your 'main' code where the rand(100, 999) value is being assigned to it.

    Besides the method='post', you will need to store the rand(100, 999) value in a session variable so that it will be available in the form processing code.

    Your logic also needs to test if the form was submitted before using the $_POST data and you need to test if the session variable holding the securitycode is set and is an expected value, because besides null being equal to null, an empty value is equal to an empty value. Someone could submit an empty $_POST["securitycode"] and prevent the session from working, resulting in an empty == empty comparison, which is true.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #7
    New Coder
    Join Date
    Jan 2014
    Posts
    74
    Thanks
    11
    Thanked 0 Times in 0 Posts
    I am a little confused. The first time someone goes to index.html, it will include 'main', and in main $securitycode is defined as a random number. Then when the user submits the form, PHP in index.html matches the post input named 'securitycode' and should be including 'process' instead of 'main'.

    I set method="post" in my form, but it still didn't make much difference other than the form inputs no longer appear as variables in the URL (which I am happy about, thanks felgall).

  • #8
    New Coder
    Join Date
    Jan 2014
    Posts
    74
    Thanks
    11
    Thanked 0 Times in 0 Posts
    Here is the full code, in case I am explaining something wrong (I haven't slept properly)

    index.html
    Code:
    <?php
    	session_start();
    	if (isset($_POST["securitycode"]) && $_POST["securitycode"] == $securitycode) {
    		unset($securitycode);
    		include 'process';
    	} else {
    		include 'main';
    	}
    ?>
    main
    Code:
    <?php $securitycode = rand(100, 999); ?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
            "http://www.w3.org/TR/html4/strict.dtd">
    <HTML>
    	<HEAD>
    		<TITLE></TITLE>
    		<SCRIPT type="text/javascript">
    			function validateForm() {
    				if (document.forms['form']['feedback'].value == "") {
    					alert("No feedback has been given.");
    					return false;
    				}
    				if (document.forms['form']['securitycode'].value != <?php echo $securitycode; ?>) {
    					alert("The security code entered does not match the quoted security code.");
    					return false;
    				}
    			}
    		</SCRIPT>
    		<LINK href="/body.css" rel="stylesheet" type="text/css">
    		<STYLE type="text/css">
    			div.centre {
    				background-color: orange;
    				margin-top: -193px;
    				position: absolute;
    				top: 50%;
    				width: 100%
    			}
    			div.location {
    				left: 2px;
    				top: 77px;
    				position: absolute
    			}
    			input.securitycode {
    				width: 34px
    			}
    			table.selector {
    				margin-left: auto;
    				margin-right: auto;
    				text-align: center
    			}
    			textarea {
    				height: 245px;
    				width: 491px
    			}
    		</STYLE>
    		<META content="charset=utf-8; text/html" http-equiv="Content-Type">
    	</HEAD>
    	<BODY>
    		<DIV class="main">
    			<DIV class="topspacer"></DIV>
    			<IMG alt="" class="logo" src="/logo.png">
    			<DIV class="menu1"><?php include '../rawcode/menu/menu1'; ?></DIV>
    			<DIV class="menu2"><?php include '../rawcode/menu/menu2'; ?></DIV>
    			<DIV class="topbar"></DIV>
    			<DIV class="location">> Feedback</DIV>
    			<DIV class="centre">
    				<TABLE cellpadding="0px" cellspacing="19px" class="selector">
    					<TR>
    						<TD>
    							If you would like to leave feedback for us, then please use the form bellow.
    							<BR>
    							<BR>
    							<FORM action="" method="post" name="form" onsubmit="return validateForm();">
    								<DIV>
    									<TEXTAREA cols="0" name="feedback" rows="0"></TEXTAREA>
    									<BR>
    									<BR>
    									Please enter the security code '<?php echo $securitycode; ?>': <INPUT class="securitycode" name="securitycode">
    									<BR>
    									<BR>
    									<INPUT type="submit" value="SEND">
    								</DIV>
    							</FORM>
    						</TD>
    					</TR>
    				</TABLE>
    			</DIV>
    			<DIV class="bottomholder">
    				<DIV class="bottombar"></DIV>
    				<DIV class="menu3"><?php include '../rawcode/menu/menu3feedback'; ?></DIV>
    			</DIV>
    			<DIV class="bottomspacer"></DIV>
    		</DIV>
    	</BODY>
    </HTML>
    process
    Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
            "http://www.w3.org/TR/html4/strict.dtd">
    <HTML>
    	<HEAD>
    		<TITLE></TITLE>
    		<LINK href="/body.css" rel="stylesheet" type="text/css">
    		<STYLE type="text/css">
    			div.centre {
    				background-color: orange;
    				margin-top: -13px;
    				position: absolute;
    				top: 50%;
    				width: 100%
    			}
    			div.location {
    				left: 2px;
    				top: 77px;
    				position: absolute
    			}
    			table.selector {
    				margin-left: auto;
    				margin-right: auto;
    				text-align: center
    			}
    		</STYLE>
    		<META content="charset=utf-8; text/html" http-equiv="Content-Type">
    	</HEAD>
    	<BODY>
    		<DIV class="main">
    			<DIV class="topspacer"></DIV>
    			<IMG alt="" class="logo" src="/logo.png">
    			<DIV class="menu1"><?php include '../rawcode/menu/menu1'; ?></DIV>
    			<DIV class="menu2"><?php include '../rawcode/menu/menu2'; ?></DIV>
    			<DIV class="topbar"></DIV>
    			<DIV class="location">> Feedback</DIV>
    			<DIV class="centre">
    				<TABLE cellpadding="0px" cellspacing="19px" class="selector">
    					<TR>
    						<TD>
    							Your feedback has been received. Thanks.
    						</TD>
    					</TR>
    				</TABLE>
    			</DIV>
    			<DIV class="bottomholder">
    				<DIV class="bottombar"></DIV>
    				<DIV class="menu3"><?php include '../rawcode/menu/menu3'; ?></DIV>
    			</DIV>
    			<DIV class="bottomspacer"></DIV>
    		</DIV>
    	</BODY>
    </HTML>

  • #9
    Regular Coder djh101's Avatar
    Join Date
    May 2009
    Location
    California
    Posts
    626
    Thanks
    51
    Thanked 67 Times in 67 Posts
    Variables are defined on page load. If the page is reloaded, all your php goes away (the exception being session and cookie variables, which are stored on the user's computer), so even though you defined $securitycode, when you submit the form you are loading a new page and it will not be defined on this page. This is what sessions/cookies are for- you can store the $securitycode value in a session variable and reload it when the page reloads. Again, echoing variables somewhere on the page is a good way to debug your code, since you can see immediately if the variable is not the value that you expected it to be and go from where to resolve the issue. It also helps to isolate your if statement conditions individually to isolate the one causing the problem (e.g. if(isset($_POST['securitycode'])) echo "TRUE"; else echo "FALSE"; ).
    Last edited by djh101; 03-05-2014 at 06:58 AM.
    "Yeah science!"
    Online Science Tools

  • Users who have thanked djh101 for this post:

    Phaelon (03-05-2014)

  • #10
    New Coder
    Join Date
    Jan 2014
    Posts
    74
    Thanks
    11
    Thanked 0 Times in 0 Posts
    I am really having allot of trouble understanding what your saying about the page reload thing and variable cookies. Are you able to show me in my code what I would need to do to get this working? I really want to see and understand what the issue is here as I will be making many more pages of similar engineering design. I can't believe I don't understand this!!

  • #11
    New Coder
    Join Date
    Jan 2014
    Posts
    74
    Thanks
    11
    Thanked 0 Times in 0 Posts
    OH MY GOD! YES I DIDNT SET IT AS A SESSION VARIABLE! WHAT A NOOB! Its been 2 years since I've used PHP.

    LOL OMG HOW EMBARRASSING!!

    Thanks man!

  • #12
    Regular Coder djh101's Avatar
    Join Date
    May 2009
    Location
    California
    Posts
    626
    Thanks
    51
    Thanked 67 Times in 67 Posts
    The way PHP works is the server processes all the PHP code on the page. After the PHP is processed, a page is generated and sent to the user where the HTML/CSS/Javascript is processed by the browser. Once the PHP has been processed, that's it. You can't interact with it anymore. It's like mailing a package- once UPS picks it up, it's gone and you can't interact with any of its contents anymore. Reloading the page would be comparable to creating and sending a second package and when you submit a form, the page has to be reloaded in order to retrieve the data of that form. You are now starting over and running another script, so all the variables that you want to use have to be redefined. When you try to compare $securitycode to $_POST["securitycode"], you are trying to access a variable that no longer exists because you reloaded the page. If you want to compare to $securitycode, you have to define it as a new variable.

    There is a way around this, though, and that is cookies. Cookies store information on the user's computer. Since the data is stored on their computer, you can retrieve it after the page reloads. Session variables are a type of cookie that are not stored permanently but only last until the user closes their web browser. These are what you want to be using. You already have session_start in your code, so I am assuming you have some familiarity with sessions. In your main page, store the security code in a session variable using $_SESSION[name]. Then, when you want to compare your post data to this value, simply retrieve it using that same session variable.

    PHP Code:
    <?php
    session_start
    ();
    $_SESSION['securitycode'] = rand(100,999);
    ...
    if (isset(
    $_POST["securitycode"]) && isset($_SESSION['securitycode']) && $_POST["securitycode"] == $_SESSION['securitycode']) {
    ...
    ?>
    PHP Sessions
    "Yeah science!"
    Online Science Tools

  • #13
    Regular Coder djh101's Avatar
    Join Date
    May 2009
    Location
    California
    Posts
    626
    Thanks
    51
    Thanked 67 Times in 67 Posts
    Great. Glad you got it working. In that case, sorry if that last post was a little too basic (I wasn't sure what your PHP background was).
    "Yeah science!"
    Online Science Tools

  • #14
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    The tldr:
    HTTP is a stateless protocol. On request PHP hasn't a clue that you've ever requested anything before and therefore must be babysat and have its hand held to show it where it left its toys. This is the same of all web based server side languages. Any persistence must be performed using sessions or to a lesser extent, cookies (only for non verifying information such as remembering preferences or whatnots).

    Pointed out to some of the above to this particular form:
    You require a method="post" to post the form. Otherwise you'll find it in $_GET. Its easy enough to identify this by simply looking at the url; if it includes the querystring than chances are high that the form has not posted.
    You need to store a variable within a session and then on the submission form you retrieve the variable from the session and compare it to input. I do this all the time with a form token which is explicitly designed to block a flood. Its a simple setting of a form hidden field the same value within the session, then after verifying it I would destroy the session value. If the form is reposted, there is no match on the token and the submission is rejected.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •