Submit Restrictions

Credits

Free Web Hosting

Xisto

Welcome Guest ( Log In | Register)

Open Discussion > CONTRIBUTE > Computers > Programming Languages > PHP Programming

3 Pages

< 1 2 3 >

Submit Restrictions, Is there anyway to bypass this on my localhost?

Options

Spectre View Member Profile Find Member's Posts	Sep 17 2006, 04:05 PM Post #11
Privileged Member Group: Members Posts: 873 Joined: 30-July 04 Member No.: 246	Just try adding some simple checking of each element: CODE $rad1 = !empty($_POST['rad1']) ? $_POST['rad1'] : ''; $_1stNumber = !empty($_POST['txt1stNumber']) ? $_POST['txt1stNumber'] : 0; $_2ndNumber = !empty($_POST['txt2ndNumber']) ? $_POST['txt2ndNumber'] : 0; if( $rad1 == 'Divide' ) { if( $_2ndNumber == 0 ) { echo('<font color="#FF0000">Cannot divide by 0.</font>'); $rad1 = ''; } } $result = ""; if ($rad1 != null){ This post has been edited by Spectre: Sep 17 2006, 04:06 PM (list)

darran View Member Profile Find Member's Posts	Sep 18 2006, 01:57 AM Post #12
Privileged Member Group: Members Posts: 661 Joined: 31-August 06 From: Singapore Member No.: 29,189 myCENT:ZERO	I am pretty new to testing php pages on a live server. Can you give me a guide as to which security changes must be made? And can all these be done on the CPanel? I believe my first php page is more or less completed with the exception of some minor glitches and also the security regarding XAMPP. PS: Changing the value of $result to 0 did not reset the value when I clicked the reset button. This post has been edited by darran: Sep 18 2006, 02:20 AM (list)

jlhaslip View Member Profile Find Member's Posts	Sep 18 2006, 02:18 AM Post #13
A computer once beat me at chess, but it was no match for me at kick boxing. Group: [MODERATOR] Posts: 4,298 Joined: 24-July 05 From: Linix, DOS and Windows…the good, the bad and the ugly Member No.: 9,787 myCENT:8.90	Three rules of Security on php pages are as follows: Never trust user input Never trust user input Never trust user input A common method is to set the variables using the following techique: CODE ... code to input the value from the User ... $my_variable = stripslashes(trim($_POST['user_input'])); ... rest of code uses $myvariable ... trim() removes white-space before or after the data in $_POST['user_input'] and stripslashes() removes any backslashes found in $_POST['user_input'] (list)

darran View Member Profile Find Member's Posts	Sep 18 2006, 02:45 AM Post #14
Privileged Member Group: Members Posts: 661 Joined: 31-August 06 From: Singapore Member No.: 29,189 myCENT:ZERO	Is that the security issue you are talking about? I thought it had something to do with Apache or on the server side. Another PHP question from me, I want to create a button to handle the clearing of values, but from my understanding, only javascript is able to do this but what if it was disabled by the user, how am I to interact with the button in a php page? How about the reset button? It does not reset the value to 0. (list)

Spectre View Member Profile Find Member's Posts	Sep 18 2006, 06:56 AM Post #15
Privileged Member Group: Members Posts: 873 Joined: 30-July 04 Member No.: 246	When you're just dealing with numeric values, you don't need to do any form of sanitization outside of is_numeric() - if the value is not numeric, then cancel. Additonally, unless you are passing the value to something outside of PHP, evaluating it as code, or treating it as a filename (as well as a few other exceptions), there isn't really a lot that can be manipulated by user input. The worst that could happen in this particular case is the operation failing, resulting in an error being displayed and revealing path information etc. darran, set the initial value of the input fields to '0' and the reset action should result in them reverting to this (ie. <input type="text" name="field" value="0">). (list)

darran View Member Profile Find Member's Posts	Sep 18 2006, 09:26 AM Post #16
Privileged Member Group: Members Posts: 661 Joined: 31-August 06 From: Singapore Member No.: 29,189 myCENT:ZERO	As for the validation, I am only checking for the numeric numbers using is_numeric() but also I need to validate whether a radio button is selected and whether the user has entered anything. All that is fine with the exception of the reset button not doing what it should. Resetting the result to 0 or empty I did as you said, setting the initital value of input fields to '0' but when I clicked the reset button, my $result variable value did not reset along with the form entered by the user. (list)

jlhaslip View Member Profile Find Member's Posts	Sep 18 2006, 12:53 PM Post #17
A computer once beat me at chess, but it was no match for me at kick boxing. Group: [MODERATOR] Posts: 4,298 Joined: 24-July 05 From: Linix, DOS and Windows…the good, the bad and the ugly Member No.: 9,787 myCENT:8.90	I can't see where you are re-setting the txt1stnumber or the txt2ndnumber variables, so they are probably producing the result and the result is being echo'd out each time. Maybe re-post the current code here. (list)

darran View Member Profile Find Member's Posts	Sep 19 2006, 04:21 AM Post #18
Privileged Member Group: Members Posts: 661 Joined: 31-August 06 From: Singapore Member No.: 29,189 myCENT:ZERO	Here is the code CODE <?php function calculate() { $result = 0; $_1stNumber = 0; $_2ndNumber = 0; if (isset($_POST['submitted'])){ $_1stNumber = stripslashes(trim($_POST['txt1stNumber'])); $_2ndNumber = stripslashes(trim($_POST['txt2ndNumber'])); if (!is_numeric($_1stNumber) \|\| !is_numeric($_2ndNumber)) { exit("<font color=#FF0000>Enter a number in the textbox</font>"); } if (isset($_POST['rad1'])){ $rad1 = $_POST['rad1']; switch($rad1){ case "Add": $result = $_1stNumber + $_2ndNumber; break; case "Subtract": $result = $_1stNumber - $_2ndNumber; break; case "Multiply": $result = $_1stNumber * $_2ndNumber; break; case "Divide": $result = $_1stNumber / $_2ndNumber; break; } echo("<font color=#FF0000>$result</font>"); } else { exit("<font color=#FF0000>Select an operation</font>"); } } } ?> However I feel this is not the right way, this is just setting the starting value of the 2 variables $_1stNumber and $_2ndNumber to 0. And clicking on the reset button does not help in changing this value back to 0. Is there a way to check when the reset button is pressed so that I can reset the value of the result there? On a general question, is there anyway to handle button clicks other than using javascript because not everyone would have javascript enabled. (list)

Spectre

Sep 19 2006, 07:11 AM

Post #19

Privileged Member

Group: Members
Posts: 873
Joined: 30-July 04
Member No.: 246

I'm not quite sure what you're asking, but if you mean how do you reset the variables within PHP when the Reset button is pressed... the value is only going to be sent to the server when the user clicks 'Submit'. The Reset button is handled only on the client-side, so clicking it doesn't interact with the server at all. The variables are going to contain the value they were initially assigned (in this case, the integer value '0') each time the script is execute