Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Mar 2011
    Posts
    28
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Post include php script to call from an html file

    I'm hoping I posted this question in the right spot.

    What i'm trying to do is include a php script to call from an html file. I'm still really new to php and I'm trying to call 4 variables from an is_config.php file; $postURL, $gatewayID, $returnURL, and $cancelURL. the point of this exercise is to hide the information from the view source of the web browser. The problem is the code below is not getting the variable from the is_config.php file(internetsecure config file) at all???

    PHP Code:
    <?php
    include_once(is_config.php);
    ?>
     
    <!DOCTYPE html>
    <html>
    <head>
    <title>Variable Payment</title>
    </head>
    <script type="text/javascript">
     
    function getamount(){
                    var prod = "::1::P001::Sample Payment::";
                    var pvalue = document.frmdo.payvalue.value;
                    var amount = pvalue + prod;
                    document.frmdo.Products.value = amount;
    }
    </script>
     
    <form method="post" action="$postURL" name="frmdo" onsubmit="return getamount();">
                    <input type="hidden" name="GatewayID" value="$gatewayID" />
                    <input type="hidden" name="ReturnURL"          value="$returnURL" />
                    <input type="hidden" name="xxxCancelURL" value="$cancelURL" />
                    <input type="hidden" name="Products" value="" />
     
    <fieldset style="width:200px; align:center;">
                    <legend>Online Donation</legend>
                    <table>
                    <tr>
                                    <td align="center">Amount $<input type="text" name="payvalue" id="payvalue" value="" size="10">USD</td>
                    </tr>
                    <tr>
                                    <td align="center"><input type="submit" value="Submit" name="submit"></td>
                    </tr>
                    <tr>
                                    <td align="center">
                                                    <IMG ALIGN=CENTER SRC="https://www.internetsecure.com/images/visa.gif" WIDTH=35 HEIGHT=20>
                                                    <IMG ALIGN=CENTER SRC="https://www.internetsecure.com/images/master.gif" WIDTH=33 HEIGHT=20>
                                                    <IMG ALIGN=CENTER SRC="https://www.internetsecure.com/images/amex.gif" WIDTH=33 HEIGHT=20>
                                                    <IMG ALIGN=CENTER SRC="https://www.internetsecure.com/images/discover.gif" WIDTH=33 HEIGHT=20>
                                    </td>
                    </tr>
                    </table>
    </fieldset>
     
    <table align="center" width="200">
                                    <tr>
                                                    <td width="200" height="100%" align="center" valign="middle">
    <a href="http://www.internetsecure.com"><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#0000FF">InternetSecure</font></a><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#0000FF"> | </font><a href="https://www.internetsecure.com/merchants/ShowPage.asp?page=HELP"><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#0000FF">Help Library</font></a><br />
    <a href="https://testwww.internetsecure.com/merchants/Demopage.asp?page=PRV1"><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#0000FF">Sample Policies</font></a><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#0000FF"> | </font>
    <a href="https://testwww.internetsecure.com/merchants/Demopage.asp?page=SAMI"><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#0000FF"> Sample Forms</font></a>
                                                    </td>
                                    </tr>
    </table>
    </form>
     
    </html>
    Last edited by fulltiltphil; 03-31-2014 at 10:01 PM.

  • #2
    Senior Coder
    Join Date
    Aug 2006
    Posts
    1,405
    Thanks
    11
    Thanked 298 Times in 297 Posts
    The easy one, your file name must be in quotes:

    include_once("is_config.php");

    The tricky one though, is that this will accomplish nothing toward your goal of hiding the variables from a "view source" in the browser. Remember that php is just creating html and spitting it out to the browser, so by the time the browser gets this page, those variables will have been replaced by their contents, and be completely visible to anyone looking at the source.

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Although correct that it should be in quotes, it will actually parse without (albeit incorrectly). PHP is a string based language, so if you leave a constant as undefined, it will assume that you mean it to be a string and revert it to the string equivalent, so without the quotes the result is the string: string(12) "is_configphp" (without the ., since that's a concat operator) and should issue a warning of the conversion from the undefined constant. The problem here is that either you are parsing the PHP and without the quotes are not finding the file (since there is no . in the extension), or that you're not parsing the PHP code. View the source, if you see the <?php block in it, the server is not parsing it. If you do, its simply because of the quotes. Of course, the error with the quotes should still be addressed.

    As noted, PHP is a server side parsed language. As long as its being parsed, than the variables are never available to the client so you don't need to worry about them being readable. For security of your configuration variables, I'd move the document above the web root, and include it in from there.
    Then, you need to include these in PHP blocks:
    Code:
    <form method="post" action="$postURL" name="frmdo" onsubmit="return getamount();">
                    <input type="hidden" name="GatewayID" value="$gatewayID" />
                    <input type="hidden" name="ReturnURL"          value="$returnURL" />
                    <input type="hidden" name="xxxCancelURL" value="$cancelURL" />
                    <input type="hidden" name="Products" value="" />
    Should instead be:
    PHP Code:
    <form method="post" action="<?php echo $postURL;?>" name="frmdo" onsubmit="return getamount();">
                    <input type="hidden" name="GatewayID" value="<?php echo $gatewayID;?>" />
                    <input type="hidden" name="ReturnURL"          value="<?php echo $returnURL;?>" />
                    <input type="hidden" name="xxxCancelURL" value="<?php echo $cancelURL;?>" />
                    <input type="hidden" name="Products" value="" />
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •