|
Joined: Mar 2008
Posts: 262
enthusiast
|
enthusiast
Joined: Mar 2008
Posts: 262 |
OK so we are moving the message board to Mindraven and on our old server we had a form inside the subscription page to update a non ubb database. You can see the form here http://www.fgmcc.com/html/howtojoin.shtml and click on the second link. When you click on the submit button for the form it updates the database, but displays what ever I put in the update.php file, then you have to click back to submit the subscription to ubb. I have been looking at using $PHP_SELF action as the action and adding the php code to the subscription description field in the control panel. Do you think this will work? I have also read that using the $PHP_SELF can be a bad idea because of script kiddies... Any other ways to do this?
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
So long as you properly sanitize the variable you should be fine: $this_page = strip_tags(htmlspecialchars($_SERVER["PHP_SELF"]));
|
|
|
|
Joined: Mar 2008
Posts: 262
enthusiast
|
enthusiast
Joined: Mar 2008
Posts: 262 |
So this would work? I assume it would not reload the current page? <form action="strip_tags(htmlspecialchars($_SERVER["PHP_SELF"]));"
method="post">
<?php
Check to see if submit button has been pressed
other php code
?>
html form stuff
</form>
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
form action="<?php echo htmlentities($_SERVER['PHP_SELF']) ?>"
method="post">
....
is what i do or go total paranoid (which i don't) and do: substr($_SERVER['PHP_SELF'], 0, (strlen($_SERVER['PHP_SELF']) - @strlen($_SERVER['PATH_INFO'])));
for the echo.. i had that del.icio.us'd somewhere
|
|
|
|
Joined: Mar 2008
Posts: 262
enthusiast
|
enthusiast
Joined: Mar 2008
Posts: 262 |
It has to work inside the subscription template... Right now I just added the <form> ... </form> code to it...
|
|
|
|
Joined: Mar 2008
Posts: 262
enthusiast
|
enthusiast
Joined: Mar 2008
Posts: 262 |
OK so still learning... Here is what I have in the body of the subscription... It displays the form, and some of the code instead of checking to see if the submit button has been clicked. Can I use php and html in the description filed of a subscription? <center>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']) ?>" method="post">
<?php
if(isset($_POST['submit'])) //submit button pressed
{
echo '<p>Thank-you for submitting your member information, please choose from one of the options below to pay.</p>'
//Process the individual form controls
}
else //display the form
{
?>
<!- HTML code for the form -->
<table border="0" width="650" height="868" cellpadding="0" align="left">
<tr>
<td width="100%" height="750" colspan="2" valign="top" align="left">
<b>
<font face="Verdana" size="3">Personal Information</font>
</b>
<table border="1" width="100%" height="1" cellspacing="3" bordercolor="#000000" bordercolorlight="#000000" bordercolordark="#000000">
<tr>
<td width="23%" height="12" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">First Name:</font></td>
<td width="77%" height="12" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="F_Name" /></font></td>
</tr>
<tr>
<td width="23%" height="12" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Last Name:</font></td>
<td width="77%" height="12" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="L_Name" /></font></td>
</tr>
<tr>
<td width="23%" height="12" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Middle Name:</font></td>
<td width="77%" height="12" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="M_Name" /></font></td>
</tr>
<tr>
<td width="23%" height="13" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Street Address:</font></td>
<td width="77%" height="13" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="S_Address" /></font></td>
</tr>
<tr>
<td width="23%" height="7" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">City:</font></td>
<td width="77%" height="7" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="City" /></font></td>
</tr>
<tr>
<td width="23%" height="10" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">State/Province:</font></td>
<td width="26%" height="10" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="State" /></font></td>
<td width="25%" height="10" bordercolor="#000000" bgcolor="#E5E5E5"><font face="Verdana" size="3">Zip/Postal Code:</font></td>
<td width="26%" height="10" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Zip" /></font></td>
</tr>
<tr>
<td width="23%" height="7" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Country:</font></td>
<td width="77%" height="7" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Country" value="United States" /></font></td>
</tr>
<tr>
<td width="23%" height="9" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Phone
Number:</font></td>
<td width="77%" height="9" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Phone" /></font></td>
</tr>
<tr>
<td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">E-mail
Address:</font></td>
<td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Email" /></font></td>
</tr>
<tr>
<td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Year of Monte:</font></td>
<td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana">
<select name="Year">
<option value="1970">1970</option>
<option value="1971">1971</option>
<option value="1972">1972</option>
</select></font></td>
</tr>
<tr>
<td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Engine:</font></td>
<td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Engine" /></font></td>
</tr>
<tr>
<td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Transmission:</font></td>
<td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Transmission" /></font></td>
</tr>
<tr>
<td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Exterior Color:</font></td>
<td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Ext_Color" /></font></td>
</tr>
<tr>
<td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Interior Color:</font></td>
<td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="Int_Color" /></font></td>
</tr>
<tr>
<td width="87%" bgcolor="#E5E5E5" height="19"><font size="3" face="Arial">Vinyl Top</font></td>
<td width="13%" height="19"><input type="radio" name="V_Top" value="1" /> Yes<br />
<input type="radio" name="V_Top" value="0" /> No<br /></td>
</tr>
<tr>
<td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000"><font face="Verdana" size="3">Vinyl Top Color:</font></td>
<td width="77%" height="1" colspan="3" bordercolor="#000000"><font size="3" face="Verdana"><input type="text" name="V_Color" /></font></td>
</tr>
<b><font size="3" face="Verdana">
<td width="23%" height="1" bgcolor="#E5E5E5" bordercolor="#000000" valign="top" rowspan="2"><font size="3" face="Verdana">Any
comments?:</font></td>
<td width="77%" height="1" colspan="3" bordercolor="#000000" valign="top"><font size="3" face="Verdana"><input type="text" name="Comments" />
</font></td>
</tr>
</table>
<font size="3" face="Verdana">
<b>Club Roster</b></font>
<table border="1" width="100%" bordercolor="#000000" cellspacing="3" height="1">
<tr>
<td width="87%" bgcolor="#E5E5E5" height="19"><font size="3" face="Arial">Would
you like to be listed in the club roster?</font></td>
<td width="13%" height="19"><input type="radio" name="Roster" value="1" /> Yes<br />
<input type="radio" name="Roster" value="0" /> No<br /></td>
</tr>
<tr>
<td width="87%" bgcolor="#E5E5E5" height="19"><font size="3" face="Arial">Would
you like your address to be listed in the club roster?</font></td>
<td width="13%" height="19"><input type="radio" name="Roster_Add" value="1" /> Yes<br />
<input type="radio" name="Roster_Add" value="0" /> No<br /></td>
</tr>
<tr>
<td width="87%" bgcolor="#E5E5E5" height="1"><font size="3" face="Arial">Would
you like your phone number listed in the club roster?</font></td>
<td width="13%" height="19"><input type="radio" name="Roster_Num" value="1" /> Yes<br />
<input type="radio" name="Roster_Num" value="0" /> No<br /></td>
</tr>
<tr>
<td><input type="submit" value="Submit" /></td>
</tr>
</table>
<?php
} //close off the ending bracket for the else statement
?>
<?php
$F_Name=$_POST['F_Name'];
$L_Name=$_POST['L_Name'];
$M_Name=$_POST['M_Name'];
$City=$_POST['City'];
$State=$_POST['State'];
$Zip=$_POST['Zip'];
$Country=$_POST['Country'];
$S_Address=$_POST['S_Address'];
$Phone=$_POST['Phone'];
$Email=$_POST['Email'];
$Year=$_POST['Year'];
$Engine=$_POST['Engine'];
$Ext_Color=$_POST['Ext_Color'];
$Int_Color=$_POST['Int_Color'];
$V_Top=$_POST['V_Top'];
$V_Color=$_POST['V_Color'];
$Transmission=$_POST['Transmission'];
$Comments=$_POST['Comments'];
$Roster=$_POST['Roster'];
$Roster_Add=$_POST['Roster_Add'];
$Roster_Num=$_POST['Roster_Num'];
mysql_connect("xxx", "xxx", "xxx") or die(mysql_error());
mysql_select_db("xxxxx") or die(mysql_error());
mysql_query("INSERT INTO `xxxx` (F_Name, L_Name, M_Name, City, State, Zip, Country, S_Address, Phone, Email, Year, Engine, Transmission, Ext_Color, Int_Color, V_Top, V_Color, Comments, Roster, Roster_Add, Roster_Num) VALUES ('$F_Name','$L_Name', '$M_Name', '$City', '$State', '$Zip', '$Country', '$S_Address', '$Phone', '$Email', '$Year', '$Engine', '$Transmission', '$Ext_Color', '$Int_Color', '$V_Top', '$V_Color', '$Comments', '$Roster', '$Roster_Add', '$Roster_Num')");
?>
</form>
</td>
</tr>
</table>
</center>
Last edited by Sirdude; 08/20/2010 4:22 PM. Reason: put code in spoilers..
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
you'll need to do some serious sanitizing.. i'd recommend running that thru the ubb.engine, which does all that for you 1st..
|
|
|
|
Joined: Mar 2008
Posts: 262
enthusiast
|
enthusiast
Joined: Mar 2008
Posts: 262 |
|
|
|
|
Joined: Mar 2008
Posts: 262
enthusiast
|
enthusiast
Joined: Mar 2008
Posts: 262 |
Still working on this, it is the last thing I need to get working before I can move the rest of the site to the new host Any other pointers / places to look?
|
|
|
|
Joined: Jan 2005
Posts: 72
journeyman
|
journeyman
Joined: Jan 2005
Posts: 72 |
OK so we are moving the message board to Mindraven and on our old server we had a form inside the subscription page to update a non ubb database. You can see the form here http://www.fgmcc.com/html/howtojoin.shtml and click on the second link. When you click on the submit button for the form it updates the database, but displays what ever I put in the update.php file, then you have to click back to submit the subscription to ubb. I have been looking at using $PHP_SELF action as the action and adding the php code to the subscription description field in the control panel. Do you think this will work? I have also read that using the $PHP_SELF can be a bad idea because of script kiddies... Any other ways to do this? Hey, another car forum admin here! And one I'm actually a member of & visit! Wish I could help ya, but it's over my head.
|
|
|
|
Joined: Mar 2008
Posts: 262
enthusiast
|
enthusiast
Joined: Mar 2008
Posts: 262 |
Small world isn't it What is you username over at FGMCC?
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
i put your code in spoiler tags -- just so the thread doesn't blow up horizontally, Ian
|
|
|
Bots
by Outdoorking - 04/13/2024 5:08 PM
|
|
|
|
|
|
1 members (Mors),
833
guests, and
197
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|