Previous Thread
Next Thread
Print Thread
Hop To
Joined: Mar 2008
Posts: 262
enthusiast
enthusiast
Joined: Mar 2008
Posts: 262
OK so we are moving the message board to Mindraven and on our old server we had a form inside the subscription page to update a non ubb database. You can see the form here http://www.fgmcc.com/html/howtojoin.shtml and click on the second link. When you click on the submit button for the form it updates the database, but displays what ever I put in the update.php file, then you have to click back to submit the subscription to ubb. I have been looking at using $PHP_SELF action as the action and adding the php code to the subscription description field in the control panel. Do you think this will work? I have also read that using the $PHP_SELF can be a bad idea because of script kiddies... Any other ways to do this?


Ian
http://www.firstgenmc.com/ubbthreads

"Experience is a hard teacher because she gives the test first, the lesson afterwords."
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
So long as you properly sanitize the variable you should be fine:
PHP Code
$this_page = strip_tags(htmlspecialchars($_SERVER["PHP_SELF"])); 


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Mar 2008
Posts: 262
enthusiast
enthusiast
Joined: Mar 2008
Posts: 262
So this would work? I assume it would not reload the current page?
Code
<form action="strip_tags(htmlspecialchars($_SERVER["PHP_SELF"]));" 
 method="post">
<?php
Check to see if submit button has been pressed
other php code
?>

html form stuff

</form>


Ian
http://www.firstgenmc.com/ubbthreads

"Experience is a hard teacher because she gives the test first, the lesson afterwords."
Joined: Apr 2007
Posts: 3,940
Likes: 1
SD Offline
Former Developer
Former Developer
Joined: Apr 2007
Posts: 3,940
Likes: 1
PHP Code
form action="<?php echo htmlentities($_SERVER['PHP_SELF']) ?>"
 method="post">
....
 

is what i do smile

or go total paranoid (which i don't) and do:

PHP Code
substr($_SERVER['PHP_SELF'], 0, (strlen($_SERVER['PHP_SELF']) - @strlen($_SERVER['PATH_INFO']))); 

for the echo.. i had that del.icio.us'd somewhere laugh

Joined: Mar 2008
Posts: 262
enthusiast
enthusiast
Joined: Mar 2008
Posts: 262
It has to work inside the subscription template... Right now I just added the <form> ... </form> code to it...


Ian
http://www.firstgenmc.com/ubbthreads

"Experience is a hard teacher because she gives the test first, the lesson afterwords."
Joined: Mar 2008
Posts: 262
enthusiast
enthusiast
Joined: Mar 2008
Posts: 262
OK so still learning... Here is what I have in the body of the subscription... It displays the form, and some of the code instead of checking to see if the submit button has been clicked. Can I use php and html in the description filed of a subscription?


Code
<center>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']) ?>" method="post">
<?php
if(isset($_POST['submit']))		//submit button pressed
  {
  echo '<p>Thank-you for submitting your member information, please choose from one of the options below to pay.</p>'
  
  //Process the individual form controls
  }
else					//display the form
  {
  ?>

<!- HTML code for the form -->


  <table border="0" width="650" height="868" cellpadding="0" align="left">
     <tr>
      <td width="100%" height="750" colspan="2" valign="top" align="left">
        <b>
        <font face="Verdana" size="3">Personal Information</font>
        </b>
        <table border="1" width="100%" height="1" cellspacing="3" bordercolor="#000000" bordercolorlight="#000000" bordercolordark="#000000">
          <tr>
            <td width="23%" height="12" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">First Name:</font></td>
            <td width="77%" height="12" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="F_Name" /></font></td>
          </tr>
		  <tr>
            <td width="23%" height="12" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Last Name:</font></td>
            <td width="77%" height="12" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="L_Name" /></font></td>
          </tr>
		  <tr>
            <td width="23%" height="12" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Middle Name:</font></td>
            <td width="77%" height="12" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="M_Name" /></font></td>
          </tr>
          <tr>
            <td width="23%" height="13" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Street Address:</font></td>
            <td width="77%" height="13" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="S_Address" /></font></td>
          </tr>
          <tr>
            <td width="23%" height="7" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">City:</font></td>
            <td width="77%" height="7" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="City" /></font></td>
          </tr>
		  <tr>
            <td width="23%" height="10" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">State/Province:</font></td>
            <td width="26%" height="10" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="State" /></font></td>
            <td width="25%" height="10" bordercolor="#000000" bgcolor="#E5E5E5"><font face="Verdana" size="3">Zip/Postal Code:</font></td>
            <td width="26%" height="10" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Zip" /></font></td>
          </tr>
          <tr>
            <td width="23%" height="7" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Country:</font></td>
            <td width="77%" height="7" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Country" value="United States" /></font></td>
          </tr>
		  <tr>
            <td width="23%" height="9" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Phone
              Number:</font></td>
            <td width="77%" height="9" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Phone" /></font></td>
          </tr>
          <tr>
            <td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">E-mail
              Address:</font></td>
            <td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Email" /></font></td>
          </tr>
		  <tr>
            <td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Year of Monte:</font></td>
            <td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana">
			<select name="Year">
			<option value="1970">1970</option>
			<option value="1971">1971</option>
			<option value="1972">1972</option>
			</select></font></td>
          </tr>
		  <tr>
            <td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Engine:</font></td>
            <td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Engine" /></font></td>
          </tr>
		  <tr>
            <td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Transmission:</font></td>
            <td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Transmission" /></font></td>
          </tr>
		  <tr>
            <td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Exterior Color:</font></td>
            <td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Ext_Color" /></font></td>
          </tr>
		  <tr>
            <td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Interior Color:</font></td>
            <td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Int_Color" /></font></td>
          </tr>
		  <tr>
            <td width="87%" bgcolor="#E5E5E5" height="19"><font size="3" face="Arial">Vinyl Top</font></td>
            <td width="13%" height="19"><input type="radio" name="V_Top" value="1" /> Yes<br />
  <input type="radio" name="V_Top" value="0" /> No<br /></td>
          </tr>
		  <tr>
            <td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Vinyl Top Color:</font></td>
            <td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="V_Color" /></font></td>
          </tr>
        <b><font size="3" face="Verdana">
      
             <td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000" valign="top" rowspan="2"><font size="3" face="Verdana">Any
              comments?:</font></td>
            <td width="77%" height="1" colspan="3" bordercolor="#000000" valign="top"><font size="3" face="Verdana"><input type="text" name="Comments" />
			</font></td>
          </tr>
 </table>
        <font size="3" face="Verdana">
        <b>Club Roster</b></font>
        <table border="1" width="100%" bordercolor="#000000" cellspacing="3" height="1">
          <tr>
            <td width="87%" bgcolor="#E5E5E5" height="19"><font size="3" face="Arial">Would
              you like to be listed in the club roster?</font></td>
            <td width="13%" height="19"><input type="radio" name="Roster" value="1" /> Yes<br />
  <input type="radio" name="Roster" value="0" /> No<br /></td>
          </tr>
          <tr>
            <td width="87%" bgcolor="#E5E5E5" height="19"><font size="3" face="Arial">Would
              you like your address to be listed in the club roster?</font></td>
            <td width="13%" height="19"><input type="radio" name="Roster_Add" value="1" /> Yes<br />
  <input type="radio" name="Roster_Add" value="0" /> No<br /></td>
          </tr>
          <tr>
            <td width="87%" bgcolor="#E5E5E5" height="1"><font size="3" face="Arial">Would
              you like your phone number listed in the club roster?</font></td>
            <td width="13%" height="19"><input type="radio" name="Roster_Num" value="1" /> Yes<br />
  <input type="radio" name="Roster_Num" value="0" /> No<br /></td>
          </tr>
		  <tr>
		     <td><input type="submit" value="Submit" /></td>
		  </tr>
        </table>
		<?php
   }				//close off the ending bracket for the else statement
?>
<?php
 $F_Name=$_POST['F_Name']; 
 $L_Name=$_POST['L_Name']; 
 $M_Name=$_POST['M_Name'];
 $City=$_POST['City'];
 $State=$_POST['State'];
 $Zip=$_POST['Zip'];
 $Country=$_POST['Country'];
 $S_Address=$_POST['S_Address'];
 $Phone=$_POST['Phone'];
 $Email=$_POST['Email'];
 $Year=$_POST['Year'];
 $Engine=$_POST['Engine'];
 $Ext_Color=$_POST['Ext_Color'];
 $Int_Color=$_POST['Int_Color'];
 $V_Top=$_POST['V_Top'];
 $V_Color=$_POST['V_Color'];
 $Transmission=$_POST['Transmission'];
 $Comments=$_POST['Comments'];
 $Roster=$_POST['Roster'];
 $Roster_Add=$_POST['Roster_Add'];
 $Roster_Num=$_POST['Roster_Num'];  
 mysql_connect("xxx", "xxx", "xxx") or die(mysql_error()); 
 mysql_select_db("xxxxx") or die(mysql_error()); 
 mysql_query("INSERT INTO `xxxx` (F_Name, L_Name, M_Name, City, State, Zip, Country, S_Address, Phone, Email, Year, Engine, Transmission, Ext_Color, Int_Color, V_Top, V_Color, Comments, Roster, Roster_Add, Roster_Num) VALUES ('$F_Name','$L_Name', '$M_Name', '$City', '$State', '$Zip', '$Country', '$S_Address', '$Phone', '$Email', '$Year', '$Engine', '$Transmission', '$Ext_Color', '$Int_Color', '$V_Top', '$V_Color', '$Comments', '$Roster', '$Roster_Add', '$Roster_Num')"); 
 ?> 
		</form>
        </td>
    </tr>
  </table>
  </center>

Last edited by Sirdude; 08/20/2010 4:22 PM. Reason: put code in spoilers..

Ian
http://www.firstgenmc.com/ubbthreads

"Experience is a hard teacher because she gives the test first, the lesson afterwords."
Joined: Apr 2007
Posts: 3,940
Likes: 1
SD Offline
Former Developer
Former Developer
Joined: Apr 2007
Posts: 3,940
Likes: 1
you'll need to do some serious sanitizing.. i'd recommend running that thru the ubb.engine, which does all that for you 1st..

Joined: Mar 2008
Posts: 262
enthusiast
enthusiast
Joined: Mar 2008
Posts: 262
Where / How?


Ian
http://www.firstgenmc.com/ubbthreads

"Experience is a hard teacher because she gives the test first, the lesson afterwords."
Joined: Mar 2008
Posts: 262
enthusiast
enthusiast
Joined: Mar 2008
Posts: 262
Still working on this, it is the last thing I need to get working before I can move the rest of the site to the new host frown Any other pointers / places to look?


Ian
http://www.firstgenmc.com/ubbthreads

"Experience is a hard teacher because she gives the test first, the lesson afterwords."
Joined: Jan 2005
Posts: 72
C
journeyman
journeyman
C Offline
Joined: Jan 2005
Posts: 72
Originally Posted by Iann128
OK so we are moving the message board to Mindraven and on our old server we had a form inside the subscription page to update a non ubb database. You can see the form here http://www.fgmcc.com/html/howtojoin.shtml and click on the second link. When you click on the submit button for the form it updates the database, but displays what ever I put in the update.php file, then you have to click back to submit the subscription to ubb. I have been looking at using $PHP_SELF action as the action and adding the php code to the subscription description field in the control panel. Do you think this will work? I have also read that using the $PHP_SELF can be a bad idea because of script kiddies... Any other ways to do this?
Hey, another car forum admin here! And one I'm actually a member of & visit!

Wish I could help ya, but it's over my head.


www.yenko.net
UBB.Threads 7.5.5
Joined: Mar 2008
Posts: 262
enthusiast
enthusiast
Joined: Mar 2008
Posts: 262
Small world isn't it smile What is you username over at FGMCC?


Ian
http://www.firstgenmc.com/ubbthreads

"Experience is a hard teacher because she gives the test first, the lesson afterwords."
Joined: Apr 2007
Posts: 3,940
Likes: 1
SD Offline
Former Developer
Former Developer
Joined: Apr 2007
Posts: 3,940
Likes: 1
i put your code in spoiler tags -- just so the thread doesn't blow up horizontally, Ian

2c


Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
1 members (Ruben), 476 guests, and 111 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)