Solved

Posting information from form goes wrong.

Posted on 2009-07-08
6
267 Views
Last Modified: 2013-12-13
Hi Expert,

I've got an old guest book functionality that is written for PHP 4.x But now I've moved it to PHP 5 it does not work. The user entered values are not arriving in the post file. I've been looking for problems in the code but was not able to determine what goes wrong.

The error I get is the validation in the "voegtoe.php" telling me I did not fil in a value.

Both files are attached

Your help is highly appreciated

-----index.php------------
<?php
 
if(!$start) {
$start="0";} else{
$start=$start;}
?>
 
 
<html>
<head>
<?php
include("include/config.php");
include("include/style.inc.php");
include("include/functies.inc.php");
 
?>
 
 
<title>Mijn gastenboek</title>
 
<script type="text/javascript"> 
// ADDTEXT 
function addtext(veld,text) 
{ 
    document.gastenboek.elements[veld].value += " "+text+" "; 
    document.gastenboek.elements[veld].focus(); 
} 
</script>
 
<script>
 
function submitonce(theform){
//if IE 4+ or NS 6+
if (document.all||document.getElementById){
//screen thru every element in the form, and hunt down "submit" and "reset"
for (i=0;i<theform.length;i++){
var tempobj=theform.elements[i]
if(tempobj.type.toLowerCase()=="submit"||tempobj.type.toLowerCase()=="reset")
//disable em
tempobj.disabled=true
}
}
}
</script>
 
 
</head>
 
<body>
 
<?php
 
include("bekijk.php");
?></p>
<p>&nbsp;</p>
 
<form method="POST" name="gastenboek" action="voegtoe.php" onSubmit="submitonce(this)">
 
<div align="center">
  <center>
  <table border="0" cellpadding="2" width="100%">
    <tr>
      <td width="19%">Naam:</td>
      <td width="81%"><input type="text" name="naam" size="30"></td>
    </tr>
    <tr>
      <td width="19%">E-mail:</td>
      <td width="81%"><input type="text" name="email" size="30"></td>
    </tr>
    <tr>
      <td width="19%">Lid van onze club:</td>
      <td width="81%"><input type="checkbox" name="lid" value="ON">ja</td>
    </tr>
    <tr>
      <td width="19%" valign="top">Jouw bericht:</td>
      <td width="81%">
 
<?php
if ($UBB=="true") {
UBBinc(bericht);
}
?>  
 
<textarea rows="4" name="bericht" cols="40" class="tekstvak"></textarea><br>
 
<?php
if ($smilie=="true") {
smilieinc(bericht);
}
?> 
 
</td>
    </tr>
    <tr>
      <td width="19%"></td>
      <td width="81%"><input type="submit" value="Verzenden" name="B1" class="knop"> <input type="reset" value="Invoer wissen" name="B2" class="knop"></td>
    </tr>
  </table>
  </center>
</div>
</form>
<?php
//copyright
//if($Copyrightnr11) {
//copyright ();}
?> 
</body>
 
</html>
-----------------------end of index.php------------------
 
-------------------voegtoe.php----------------------
 
<?php 
// Boven aan je pagina 
ob_start(); 
 
include("include/config.php");
include("include/style.inc.php");
include("include/functies.inc.php");
 
session_start(); 
$verlooptijd = 0; //tijd in seconden waarna er weer gepost mag worden 
 
if($_SESSION['tijd'] + $verlooptijd > time()){ 
$wachten = $_SESSION['tijd'] + $verlooptijd - time(); 
echo "U heeft zojuist al een bericht geplaatst, over ".$wachten." seconden kunt u weer posten."; 
} 
else{ 
$_SESSION['tijd'] = $tijd;
 
$datum=date("d-m-Y @ H:i:s",time());
$id=date("dmyHis",time());
 
 
//check lege velden
if (strlen($naam)<1) {
echo "<b>U heeft uw naam (nog) niet ingevuld ...</b><br><br><A href=\"javascript: history.go(-1);\" target=\"_self\"><blockquote>Klik hier om terug te gaan en vult u alsnog uw naam in !!!</blockquote></A>";
}
elseif (strlen($bericht)<1) {
echo "<br><br><b><br>U heeft (nog) geen bericht achtergelaten ...</b></font><br><br><A href=\"javascript: history.go(-1);\" target=\"_self\"><blockquote>Klik hier om terug te gaan en schrijft u alsnog een leuk <img border=\"0\" src=\"img/smile/knipoog.gif\"> bericht !!!</blockquote></a>";
}
else {
 
//html-tags verwijderen
$naam  = strip_tags($naam);
$email = strip_tags($email);
$bericht = strip_tags($bericht);
$bericht = stripslashes($bericht);
 
//Toevoegen IP gelogd
$iplog="J";
 
//vervangen van de smilies-codes door html codes ...
$bericht=smilie($bericht);
 
if ($scheldwoorden=="true") {
$bericht = scheldwoorden($bericht);
}
 
//vervangen van de UBB codes door html codes ...
$bericht=UBB($bericht);
 
$bericht = nl2br($bericht); 
$bericht = eregi_replace("\n", "", $bericht); 
      
 
//wegschrijven naar een bestand
$logfile = fopen("$bestand","a"); 
fputs($logfile, $id."||".$datum."||".$email."||".$lid."||".$iplog."||".$bericht."||".$naam."||\n"); 
fclose($logfile); 
 
//bestand voor de IP adressen van berichten in het gastenboek
$ipbestand ="ipadressen.txt";
 
//initialiseren IP
$ip = $REMOTE_ADDR; 
 
//wegschrijven naar een bestand
$logfileip = fopen("$ipbestand","a"); 
fputs($logfileip, $ip."||".$datum."||".$naam."||\n"); 
fclose($logfileip);
 
 
?>
 
<html>
 
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta http-equiv="refresh" content="0;URL=index.php">
 
<title>ZFC Zuidlaren</title>
</head>
 
<body>
</body>
</html>
 
<?php
} } 
 
 
// Onder aan je pagina 
ob_end_flush(); 
?> 
-----------------end of voegtoe.php---------------------

Open in new window

0
Comment
Question by:Steynsk
  • 5
6 Comments
 
LVL 18

Accepted Solution

by:
Hube02 earned 500 total points
ID: 24805065
The problem is here:

$naam  = strip_tags($naam);
$email = strip_tags($email);
$bericht = strip_tags($bericht);
$bericht = stripslashes($bericht);


You need to change all the references to $_POST variables to use the $_POST global. Example

$naam  = strip_tags($_POST['naam']);
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805091
Noticed that you have these references all through the code. Your other choice is to turn register globals on, but I'd fix the code.
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805276
Another solution, at the beginning of your "voegtoe.php" file add the following:
<?php
 
  foreach($_POST as $key => $value) {
    $$key = $value;
  }
 
?>

Open in new window

0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 18

Expert Comment

by:Hube02
ID: 24805331
Or the below.

But the best solution is to correct the problem which is that the script was written for a PHP with register_globals = On, which was determined to be a security risk and is not Off by default.
<?php
 
  extract($_POST);
 
?>

Open in new window

0
 
LVL 1

Author Closing Comment

by:Steynsk
ID: 31601175
Hube02,
Many thanks
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805344
That should be:

 "it is NOW of by default"

sorry for the typo that completely changes the meaning of the sentence :S
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question