| Author |
Message |
Donovan
Client
Joined: Oct 07, 2003
Posts: 735
Location: Ohio
|
 Posted:
Fri Aug 31, 2007 12:34 pm |
|
Another thread for help on my next issue for this standalone (Non Nuke) program.
As I stated on my other thread I have a single index.php page.
I have this at the top.
Code:switch ($op) {
case "comment":
comment();
break;
case "reply":
reply($cid);
break;
case "previewComment":
previewcomment();
break;
case "submitComment":
submitComment($title, $comment_text, $topic, $ipaddress);
break;
default:
index();
break;
}
|
My form action for each function is: Code:action=\"" .$_SERVER['PHP_SELF']
|
In my comment function I have all my variables between my form tags such as
<select name=\"topic\">
<input type="\text\" name="\title\">
<textarea cols=\"50\" rows=\"12\" name=\"comment_text\"></textarea>
I send this to my submitComment function
Code:echo'</p><p><input type="submit" name="submit" value="Submit" /> '
.'<input name="op" type="hidden" value="submitComment" />';
|
Where I receive nothing when I try to just echo the variables.
Code:function submitComment($title, $comment_text, $topic, $ipaddress) {
Opentable();
echo"<tr><td>$title</td></tr></br >";
echo"<tr><td>$comment_text</td></tr></br >";
echo"<tr><td>$topic</td></tr></br >";
echo"<tr><td>$ipaddress</td></tr></br >";
Closetable();
}
|
Any help is appreciated. |
| |
|
 
 |
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Fri Aug 31, 2007 3:10 pm |
|
Remember, register_globals is not on. You need to get the data out of the $_POST or $_GET arrays yourself. |
_________________
GCalendar - An Event Calendar for PHP-Nuke
Member_Map - A Google Maps Nuke Module |
|
|
|
|
Donovan
|
| Posted:
Fri Aug 31, 2007 3:19 pm |
|
So within my comment function I would need to do something like:
$topic = $_Post['topic']; |
| |
|
|
|
|
Gremmie
|
| Posted:
Fri Aug 31, 2007 3:36 pm |
|
Yes, or wherever you want to use it. |
| |
|
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
| Posted:
Fri Aug 31, 2007 7:00 pm |
|
I'm not positive but I think it has to be $_POST. Capitalized. You might also want to make it a habit to do an isset check on POST variables. Text type fields will always be passed in the POST array but checkboxes will not unless they are checked. |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Sat Sep 01, 2007 6:55 am |
|
|
|
|
|
Donovan
|
| Posted:
Tue Sep 04, 2007 1:13 pm |
|
How could I pass the $op variable from an admin menu that is called before each function.
Such as:
Code:function admin_menu(){
OpenTable();
echo "<table border='1' align='center' width='100%' cellpadding='2' cellspacing='0'>\n";
echo "<tr>\n";
echo "<td align='center' valign='top' width='15%'> <b><u>Waiting Questions</u></b> </td>\n";
echo "<td align='center' valign='top' width='15%'> <b><u>Change Your Info</u></b> </td>\n";
echo "<td align='center' valign='top' width='15%'> <b><u>Courses</u></b> </td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td align='center' valign='top' width='15%' rowspan='3'>\n";
echo " <a href='index.php?op=listQuestions'>List Questions</a> <br />\n";
echo "</td>\n";
echo "<td align='center' valign='top' width='15%' rowspan='3'>\n";
echo " <a href='index.php?op=info'>Your Info</a> <br />\n";
echo "</td>\n";
echo "<td align='center' valign='top' width='15%' rowspan='3'>";
echo " <a href='index.php?op=listCourses'>List Courses</a> <br />";
echo "</td>\n";
echo "</tr>\n";
echo "</table>\n";
echo "<table border='1' align='center' width='100%' cellpadding='2' cellspacing='0'>\n";
CloseTable();
}
|
If I click on List Questions it does not go anywhere but just refreshes. The $op is not being passed to the switch $op I have at the bottom of my index page.
Code:$op = isset($_POST['op']) ? $_POST['op'] : '';
switch ($op) {
case "listQuestions":
listQuestions();
break;
case "info":
info();
break;
case "listCourses":
listCourses();
break;
default:
admin_menu();
break;
}
|
globals are off and I can't seem get this concept thru my thick head that I need to $_POST the $op variable, but I don't know where. |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Tue Sep 04, 2007 4:38 pm |
|
|
|
|
|
montego
|
| Posted:
Wed Sep 05, 2007 5:13 am |
|
Donovan, the links that you are showing within your function admin_menu() are not coming from a form with a method of POST. Therefore, in this case, these are in $_GET.... |
| |
|
|
|
|
Donovan
|
| Posted:
Wed Sep 05, 2007 6:31 am |
|
Thanks Montego,
I didn't know coding with registered globals on made things much easier to a novice PHP developer. Without them it has lead to a bunch of errors in my code. Alas, things are more secure with them off, but it takes some getting used to. |
| |
|
|
|
|
fkelly
|
| Posted:
Wed Sep 05, 2007 7:35 am |
|
Donovan, working without register globals is really not complicated. You either have $_POST variables or $_GET. These are all contained in a POST or GET array. If you are using a form with a POST request method then the field names on the form are all POSTED automatically to the receiving or processing program. You will want to validate them on the receiving end. There is an extensive discussion of this here:
http://www.ravenphpscripts.com/posts13234-highlight-filtering.html
There is code in mainfile that turns register globals on (or I should say imports the variables) but I think there is general agreement that we would like to gradually convert Nuke so that we explicitly filter all variables rather than relying on implicitly importing them. That's going to take some doing since the old method permeates the core PHPnuke code. But for your new stuff you'd be better off getting familiar with the preferred approach. That's my opinion anyway. |
| |
|
|
|
|
Donovan
|
| Posted:
Wed Sep 05, 2007 8:05 am |
|
| fkelly wrote: | | Donovan, working without register globals is really not complicated. You either have $_POST variables or $_GET. These are all contained in a POST or GET array. |
But if my admin_menu () did not have any form tags at all then the only way to find the value of $op was to $_GET?
Correct?
I changed this
Code:$op = isset($_GET['op']) ? $_GET['op'] : '';
switch ($op) {
blah
blah
}
|
and now I am able to get inside my listQuestions() function. |
| |
|
|
|
|
fkelly
|
| Posted:
Wed Sep 05, 2007 8:12 am |
|
Correct. You are either using the GET method or the POST one and in this case you are using GET. The important part is to conceptualize of user input (whether it be a form with POSTS or a selection that results in setting a GET) and the processing of that input as being a single integrated piece of code. Because of the nature of web architecture you can't total rely upon the fact that anything sent to your processing program comes from the source it says it comes from so you need to filter to assure that only legitimate variables (POSTS or GETS) are received and acted on. |
| |
|
|
|
|
Donovan
|
| Posted:
Tue Sep 11, 2007 11:50 am |
|
Well I'm still having trouble here.
I can list the questions and can choose which question I want to edit. Within the edit question function I have a textarea where the text is located but when I try and post that to a saveQuestion function all I am getting is the $cid of that question. I cannot pass the text or title of that question.
For example:
//list questions
Code:OpenTable();
echo "<table width=\"100%\" border=\"0\">";
echo "<tr>";
echo "<td align=\"left\" width=\"50%\"><div class=\"content\">$title</div></td>";
echo "<td align=\"center\" width=\"25%\"><div class=\"content\">$formatdate</div></td>";
echo "<td align=\"right\" width=\"25%\"><div class=\"content\"><a href=\"index.php?op=editQuestion&cid=$cid\">Edit</a></div></td>";
echo "</tr>";
echo "<input name=\"cid\" type=\"hidden\" value=\"$cid\" />";
echo "</form>";
echo "</table>";
CloseTable();
|
Edit Questions since $cid is not declared in listQuestion or outside any form tags I have to $_GET
Code:
function editQuestion() {
global $AllowableHTML, $db;
$cid = $_GET['cid'];
$result = $db->sql_query("SELECT * FROM comment_queue WHERE cid = '$cid'");
while ($row = $db->sql_fetchrow($result)) {
$title = stripslashes(check_html($row['title'], 'nohtml'));
$comment_text = stripslashes(check_html($row['comment_text'], 'nohtml'));
}
OpenTable();
echo "<b>Title:</b><br />"
."<input type=\"text\" name=\"title\" size=\"50\" maxlength=\"80\" value=\"$title\" /><br />";
echo "<b>Text:</b>You can use HTML to format your question.<br />"
."<textarea cols=\"50\" rows=\"15\" style=\"background:#EFEFEF\" name=\"comment_text\">$comment_text</textarea><br />";
echo "<p>If you included any URLs or html, be sure to double check them for typos.</p>"
."<p>Allowed HTML:<br />"
."</p>"
."<p>";
while (list($key,) = each($AllowableHTML)) echo ' <'.$key.'>';
echo "</p>";
echo"<select name=\"op\">"
."<option value=\"deleteQuestion\">Delete Question</option>"
."<option value=\"preview\" selected=\"selected\">Preview</option>"
."<option value=\"postReply\">Post Reply</option>"
."</select>"
."<input type=\"submit\" value=\"OK\" />";
echo"<br>";
echo"<a href=\"index.php?op=deleteQuestion&cid=$cid\">Delete</a>";
echo"<br>";
echo"<a href=\"index.php?op=previewQuestion&cid=$cid\">Preview</a>";
echo"<br>";
echo"<a href=\"index.php?op=saveQuestion&cid=$cid\">Save</a>";
echo"<br>";
echo "</form>";
CloseTable();
}
|
^
^
My list box is not working so I am using links for now.
I need to send the contents of $comment_text and $title to the saveQuestion function to update those fields.
Code:function saveQuestion() {
global $db;
$cid = $_GET['cid'];
$title = $_POST['title'];
$comment_text = $_POST['comment_text'];
echo"$cid";
echo"<br>";
echo"$title";
echo"<br>";
echo"$comment_text";
|
The only thing I am able to echo out is $cid
In the editQuestion function I am using the PHP_SELF as action but Sentinal wont let me use that. |
| |
|
|
|
|
fkelly
|
| Posted:
Tue Sep 11, 2007 1:39 pm |
|
I don't see any form tag with a method="post". In fact I just see a closing form tag and not an open one. Am I missing it? You can't post anything if your method isn't post. Furthermore you don't have an action attribute.
I'd recommend that you go entirely with posts and forget the gets. You might have one form that posts the cid and another that retrieves it and sticks the question in a textarea and then posts any edits that are done on that. I'd also recommend that you run what you have (or any amended version) thru the w3c validator. It will point out any missing tags. I also haven't seen that "while (list($key,)" syntax before. That may just be my inexperience but that comma looks suspicious to me. What's it there for? |
| |
|
|
|
|
Donovan
|
| Posted:
Tue Sep 11, 2007 1:53 pm |
|
All my forms start with method post and action .$_SERVER['PHP_SELF']
But NukeSentinal was choking on this so I left it out of the post.
The , is to separate the Allowable html "keys" in an array.
Code:$AllowableHTML = array(
'a' => array('href' => 1, 'target' => 1, 'title' => array('minlen' => 4, 'maxlen' => 120)),
'b' => array(),
'blockquote' => array(),
'br' => array(),
'center' => array(),
'div' => array('align' => 1),
'em' => array(),
'font' => array('face' => 1, 'style' => 1, 'color' => 1, 'size' => array('minval' => 1, 'maxval' => 7)),
'h1'=>array(),
'h2'=>array(),
'h3'=>array(),
'h4'=>array(),
'h5'=>array(),
'h6'=>array(),
'hr' => array(),
'i' => array(),
'img' => array('alt' => 1, 'src' => 1, 'hspace' => 1, 'vspace' => 1, 'width' => 1, 'height' => 1, 'border' => 1, 'align' => 1),
'li' => array(),
'ol' => array(),
'p' => array('align' => 1),
'pre' => array('align' => 1),
'span' =>array('class' => 1, 'style' => array('font-family' => 1, 'color' => 1)),
'strong' => array(),
'strike'=>array(),
'sub'=>array(),
'sup'=>array(),
'table' => array('align' => 1, 'border' => 1, 'cell' => 1, 'width' => 1, 'cellspacing' => 1, 'cellpadding' => 1),
'td' => array('align' => 1, 'width' => 1, 'valign' => 1, 'height' => 1, 'rowspan' => 1, 'colspan' => 1 ),
'tr' => array('align' => 1),
'tt'=>array(),
'u' => array(),
'ul' => array(),
);
|
I was trying at one time to use fckeditor but never got it working. Maybe in version 2 of this project. |
| |
|
|
|
|
eldorado
Involved
Joined: Sep 10, 2008
Posts: 424
Location: France,Translator
|
| Posted:
Sun Oct 23, 2011 11:28 am |
|
Hey , i've been struggling with a simple $POST , despite my countless hours working on other scripts this one is really pissing me off..
And i've read the post entirely...
What I don't understand is that GET works on that other portion...
Any help appreciated.
full code Code:<?php
#
# Example to use Navigator class
#
// $Del_Auth , Autorisation de supprimer dans ce repertoire
// $trash , repertoire poubelle
// $ base , base du repertoire sur lequel naviguer
include("config.php");
include("top_header.php");
include ("Plugins/class.navigator.php");
$base= _FTP_PATH;
echo '<title>Upload de fichier</title>';
echo '<link rel="stylesheet" rev="stylesheet" href="post-it.css">';
echo '<link rel="stylesheet" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.3/themes/base/jquery-ui.css" type="text/css" media="all" />
<script src="js/php_file_tree_jquery.js" type="text/javascript"></script>';
echo '</head>';
//OUVERTURE DE LA BASE DE DONNEES
include("bd.php");
include("bandeau.php");
include("menu_droite.php");
include("menu_gauche_dropbox.php");
echo '<div id="contenu">
<div class="padding" >';
if(very_long_conditions_cropped_but_working)
{
if($_GET[browse]!=""){
$base = urldecode($_GET[browse]);
}
if($_GET[browse]=="public"){
$Del_Auth = false ;
$base = _FTP_PUBLIC;
}
if($_GET[browse]=="perso" || $_POST[browse]=="perso"){
//Reinit GET , on sait jamais que ça bugge
if ($_GET[browse]=="") $_GET[browse]="perso";
//On conditionne Del_Auth , ici on se = true
$Del_Auth = true ;
$perso = true ;
// echo "On est dans le repertoire personnel des gens"
$base =_FTP_PATH."/ftp_".$_SESSION['username2'];
$files = $_POST['selectedFiles'];
echo "test 1:";
echo $files[1] ;
echo "<br />";
$N = count($files);
for($i=0; $i < $N; $i++)
{
echo "\n on supprime: ".$files[$i];
if ($N>1 and $i!=$N-1) echo "<br /> et ";
//On déplace dans la poubelle!
//~ // Failsafe , on sait jamais que quelqu'un supprime le truc...
}
}
if($_GET[delete]=='trash'){
echo "filetrash";
$files = $_POST['selectedFiles'];
$N = count($files);
for($i=0; $i < $N; $i++)
{
echo "\n on supprime: ".$files[$i];
if ($N>1 and $i!=$N-1) echo "<br /> et ";
//unlink($files[$i]);
}
echo "<br /> Tous les fichiers ont été supprim&eactutes ";
//~ // Et on est content!!
}
if($_GET[browse]=='trash'){
$Del_Auth = true ;
$trash = true ;
$base =_FTP_PATH."/poubelle";
}
$obj= new Navigator($base);
$obj->SortListD($_GET[sortby],$_GET[sortdir]);
$obj->SortListF($_GET[sortby],$_GET[sortdir]);
if($trash == false){
echo "<h3>Navigateur : <u>".$obj->Pwd()."</u> <i>taille : ".$obj->ConvertSize($obj->GetDirSize($obj->Pwd()))." </i></h3>" ;
}
else {
echo "<h3>Navigateur : <u>Poubelle</u> <i>taille : ".$obj->ConvertSize($obj->GetDirSize($obj->Pwd()))." </i></h3>" ;
}
echo "<br />Les fichiers supprimés ici le sont définitivement";
echo "<table border=1>";
echo "<tr><td colspan=6>Dossiers :".$obj->Count("d")."</td></tr>";
while($obj->NextDir())
{
echo "<tr>";
echo "<td><a href=\"$_SERVER[PHP_SELF]?browse=".urlencode($base."/$obj->FieldName")."\" >$obj->FieldName</a></td>";
echo "<td>".$obj->FieldDate."</td>";
echo "<td>".$obj->FieldSize."</td>";
echo "<td>".$obj->FieldPerms."</td>";
echo "<td>".$obj->FieldOwner."</td>";
echo "<td>".$obj->FieldGroup."</td>";
echo "</tr>";
}
echo "</table>";
echo "<br>";
echo "<FORM ACTION=\"".$_SERVER[PHP_SELF]."\" METHOD=\"POST\">";
echo "<table border=1>";
echo "<tr><td colspan=6>Fichiers Total :".$obj->Count("f")."</td></tr>";
if($obj->Count("f")!=0)echo "<tr><td>Nom du Fichier</td><td>Date</td><td>Taille</td>";
if($_GET[browse]=="perso") echo "<td>Permissions</td><td>Proprietaire</td><td>Groupe</td><td>Poubelle</td>";
echo "</tr>";
while($obj->NextFile())
{
echo "<tr>";
echo "<td>".$obj->FieldName."</td>";
echo "<td>".$obj->FieldDate."</td>";
echo "<td>".$obj->FieldSize."</td>";
if($Del_Auth){
echo "<td>".$obj->FieldPerms."</td>";
echo "<td>".$obj->FieldOwner."</td>";
echo "<td>".$obj->FieldGroup."</td>";
echo "<td><input type='checkbox' name=\"selectedFiles[]\" value\"".$obj->FieldName."\" /><td>";
echo "</tr>";
}
}
echo "</table>";
?>
<INPUT TYPE=hidden name="browse" value="<?php echo $_GET[browse]?>">
<INPUT TYPE=submit value="Supprimer">
</FORM>
<FORM ACTION="<?php echo $_SERVER[PHP_SELF];?>" METHOD="GET">
<SELECT name=sortby>
<option VALUE=N>Par Nom</option>
<option VALUE=D>Par Date</option>
<option VALUE=S>Par Taille</option>
</SELECT>
<SELECT name=sortdir>
<option VALUE=ASC>Ascendant</option>
<option VALUE=DESC>Descendant</option>
</SELECT>
<INPUT TYPE=submit value=Sort>
<INPUT TYPE=hidden name="browse" value=<?php echo $_GET[browse]?>>
</FORM>
<?php
}
else
{
?>
<meta http-equiv="refresh" content="0; URL=connexion.php">
<?php
}
?>
<br class="clear" />
</div>
</div>
<!--footer -->
<?php include("footer.php"); ?>
<!--footer end-->
</body>
</html>
|
Basicly , it's supposed to be a file explorer script. I have set some different options to view , public , personal (own folder) and that's all , since it's admin side and isset() does it job very well i don't need to check for invalid input in browse..
But , i've been struggling with this portion of script which deletes multiple files (basicly renames them into a folder called trash)
Code:if($_GET[browse]=="perso" || $_POST[browse]=="perso"){
//Reinit GET for future use
if ($_GET[browse]=="") $_GET[browse]="perso";
//On conditionne Del_Auth , ici on se = true
$Del_Auth = true ;
$perso = true ;
// echo "Personal Path"
$base =_FTP_PATH."/ftp_".$_SESSION['username2'];
$files = $_POST['selectedFiles'];
echo "test 1:";
echo $files[1] ;
do_something with that ();
}
|
$files are selected from selectedFiles[] in here
Code:while($obj->NextFile())
{
echo "<tr>";
echo "<td>".$obj->FieldName."</td>";
echo "<td>".$obj->FieldDate."</td>";
echo "<td>".$obj->FieldSize."</td>";
if($Del_Auth){
echo "<td>".$obj->FieldPerms."</td>";
echo "<td>".$obj->FieldOwner."</td>";
echo "<td>".$obj->FieldGroup."</td>";
echo "<td><input type='checkbox' name=\"selectedFiles[]\" value\"".$obj->FieldName."\" /><td>";
echo "</tr>";
}
|
i've tried many times...and using the $GET , but $POST is definitely the best method... and the array returns no element...or if i echo them it says on ...
if needed to see it live i can provide a password by PM
Am I missing something? |
_________________
United-holy-dragons.net (My RN site)- Rejekz(cod4 clan) - gamerslounge |
|
 |
|
killing-hours
RavenNuke(tm) Development Team
Joined: Oct 01, 2010
Posts: 438
Location: Houston, Tx
|
| Posted:
Sun Oct 23, 2011 1:27 pm |
|
Just off hand... aren't you supposed to be putting quotes within the brackets??
I.e. $_GET[browse]
should actually be
$_GET['browse'] |
_________________
Money is the measurement of time - Me
"You can all go to hell…I’m going to Texas" -Davy Crockett |
|
|
|
|
Palbin
Site Admin
Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania
|
| Posted:
Sun Oct 23, 2011 5:31 pm |
|
Are you selecting multiple files? The reason I ask is that the first file would be $files[0] not $files[1].
Try doing a "var_dump($_POST)" to see what us contained in $_POST.
I would also recommend the quotes that killing-hours mentioned to avoid all the warnings. |
_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. |
|
|
|
|
eldorado
|
| Posted:
Mon Oct 24, 2011 8:17 am |
|
Oh yeah , i was selecting multiple file ...i forgot i left it to $file[1];
so for 2 selected checkboxes i have
| Quote: | | array(2) { ["selectedFiles"]=> array(2) { [0]=> string(2) "on" [1]=> string(2) "on" } ["browse"]=> string(5) "perso" } |
browse is well set.. so i'm pretty much happy with that one 
selectedfiles's rank is 2 , so that is also a good thing...
I understand the "on" parsed now , but why these , i thought it was the value which was posted...
Code:value\"".$obj->FieldName."\"
|
, am I missing something
 i kept saving the quick reply with ctrl+s... |
| |
|
|
|
|
eldorado
|
| Posted:
Mon Oct 24, 2011 8:24 am |
|
Ok....i'm feeling really really blonde and frustrated not having seing that beforehand...and now i'm feeling depressed....
I think i'll switch to sudoku 
Code:echo "<td><input type='checkbox' name=\"selectedFiles[]\" value\"".$obj->FieldName."\" /><td>";
|
to Code:echo "<td><input type='checkbox' name=\"selectedFiles[]\" value=\"".$obj->FieldName."\" /><td>";
|
forgot "="... i just noticed that while re-reading my reply... |
| |
|
|
|
|
Palbin
|
| Posted:
Mon Oct 24, 2011 3:56 pm |
|
You should be developing with php errors on and checking your compliance as you go. That would have shown up.  |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
