Database entry error - ckeditor

What's the problem in this code?
It shows no error while querying, neither does it get stored
<?php
if(isset($_POST['submit']))
{
$title=$_POST['title'];
$content=$_POST['content'];
$dbc=mysqli_connect('localhost','root','root','skype')
or die('Error connecting');
$query= "INSERT INTO pages (title,editor) VALUES ('$title', '$content')"
or die('Error querying database');
echo '<br>Page saved successfully under the title: '.$title.'<br>';
mysqli_close($dbc);
}
? >
<form>
<label for="title">Title</label>
<input type="text" name="title" required >
<script type="text/javascript" src="/ckeditor/ckeditor.js"></script>
<textarea class="ckeditor" name="content" ></textarea>
<input type="submit" name="submit" value="Submit">
</form>

The default request method for a form is GET (see specs). If you want to POST your form you need to explicitly add the method:
<form method="post">
Otherwise your $_POST will always be empty.
Also, you are open to SQL injection.

Related

Get all content of POST HTML form in Gin

I've an HTML form:
<body>
<div>
<form method="POST" action="/add"name="submitForm">
<label>Message</label><input type="text" name="message" value="" />
<input type="checkbox" name="complete" value=""> Complete<br>
<input type="submit" value="submit" />
</form>
</div>
</body>
Now I want to access both values (message and complete) at the same time when a POST occurs.
How can I do this in Go (gin gonic)?
I can do it in two times by using c.PostForm but is there a way to collect them both?:
func AddTodoHandler(c *gin.Context) {
fmt.Println(c.PostForm("message"))
fmt.Println(c.PostForm("complete"))
I tried fmt.Println(c.PostForm("submitForm")) but that did not work.
I don't know if you've already solved this, but the way I managed to capture the 2 values simultaneously was by removing the value from the checkbox and using the Request.PostForm instead of the PostForm.
I tried using the form's name or id, but it seems that it's still not possible to get the data from them.
<body>
<div>
<form method="POST" action="/add" name="submitForm"> << not work
<label>Message</label><input type="text" name="message" value="" />
<input type="checkbox" name="complete"> Complete<br> << remove value attribute
<input type="submit" value="submit" />
</form>
</div>
</body>
func AddTodoHandler(c *gin.Context) {
fmt.Println(c.Request.PostForm)
Note: as my reputation is less than 50pts, I cannot comment on the post.

CS- cart custom form and ajax response

Actually I am new in cs-cart and I am trying to show my result set into html/smarty block which contains the form code which I added from backend
Design->Layout but it only shows response in console ,I am pasting of some code here
Block code (added from backend Design->Layouts) :
<div class="quick-quote">
<h3>Quick Quote!</h3>
<form class="cm-ajax" action="index.php" method="post" id="quick_quote_form">
<div id="quick-quote">
<div class="clearfix">
<label style="width:73px;" >Width:</label>
</div>
<div class="input">
<input type="text" placeholder="enter width" name="d_width" id="d_width" class="required form-control" >
</div>
<div class="clearfix">
<label style="width:73px;" >Height:</label>
</div>
<input type="submit" class="get-quote-btn" value="Get Quote" name="dispatch[get_qoute.get_rates]" />
</div>
<div class="result"></div>
<!-- tag -->
<input type="hidden" name="result_ids" value="result" />
</form>
</div>
Controller code:
<?php
use Tygh\Registry;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($mode == 'get_rates') {
$height= $_POST["d_height"];
$width=$_POST["d_width"];
$val = $height+$width;
Registry::get('view');
Registry::get('ajax')->assign('get_rates', $val);
}
exit;
}
?>
Result set is coming correctly , Now I don't know how to show response in block div.
<div class="result"></div>
<!-- tag -->
<input type="hidden" name="result_ids" value="result" />
Thanks in advance.
Dont goto design ->layout because its common for all forms and pages.
Goto the website menu-> content then choose the form you want to change, there you can see layout tab, edit block done.
In form you set what block must refresh by ajax method
<input type="hidden" name="result_ids" value="result" />
Your problem in this line:
<div class="result"></div>
All refresh results must be in ID tag:
<div id="result"></div>

AJAX form not returning data when using input file

im experiencing a weird issue. I have this form basically it just sends data to another cfm file that processes the inputs and updates a database. Today ive added an input type="file" so to process EXIF data from it and extract GPS info. The result page will copy a div to the specified target div. All works fine, data gets extracted and updated, but the div with the response does not appear anymore. As soon as i remove the input="file" div target div gets updated. Seems a response header issue, but i have no idea how to fix it. Thanks.
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.js"></script>
<script src="http://malsup.github.com/jquery.form.js"></script>
<script>
$(document).ready(function() {
// bind form using ajaxForm
$('#sede-form').ajaxForm({
// target identifies the element(s) to update with the server response
target: '#htmlExampleTarget',
// success identifies the function to invoke when the server response
// has been received; here we apply a fade-in effect to the new content
success: function() {
$('#htmlExampleTarget').fadeIn('slow');
}
});
});
</script>
<cfoutput query="dett_cli">
<form id="sede-form" enctype="multipart/form-data" action="modifica_sede_response.cfm" method="post" class="form-inline">
<input type="hidden" name="codice" value="#url.codice#" />
<input type="hidden" name="id_sede" value="#url.id_sede#" />
... [other fields]...
<input type="hidden" name="sed_coordinate_o" value="#sed_coordinate#" class="input-large">
<div class="control-group">
<label class="control-label" for="sed_coordinate">JPG Coordinate GPS </label>
<div class="controls">
<div class="input-prepend">
<input type="file" name="sed_coordinate" id="sed_coordinate" class="input-large">
</div>
</div>
</div>
... [other fields]...
<!-- END div.row-fluid -->
<div class="form-actions">
<button type="reset" class="btn btn-danger"><i class="icon-repeat"></i> Resetta</button>
<button type="submit" class="btn btn-success"><i class="icon-ok"></i> Aggiorna</button>
<div id="htmlExampleTarget"></div>
</div>
</form>
</cfoutput>
Try putting the following back into your ajaxForm options.
iframe:true,
forceSync:true,

Honeypot protection with Ajax

Recently i got attacked by nasty auto-form fill bots which filled my shout form with all sorts of spam. My shout form consist from a html file with 2 textboxes,an ajax script(for refreshing without reloading) and my php file for handling all the inserting data into my DB.
I am thinking implementing a hidden textbox for a minimum protection against these bots but with no luck since i cant pass the honeypot data to my php file. My code:
HTML Form
<form class="form" method="post" action="postdata.php">
<fieldset id="inputs">
<input id="name" name="name" type="text" placeholder="name" maxlength="20">
<textarea id="message" name="message" type="text" placeholder="message" maxlength="255"></textarea>
</fieldset>
<fieldset id="actions">
<input type="submit" id="submit" value="Submit">
</fieldset>
</form>
Ajax script
$(function(){refresh_shoutbox();$("#submit").click(function(){var a=$("#name").val();var b=$("#message").val();var c="name="+a+"&message="+b;$.ajax({type:"POST",url:"postdata.php",data:c,success:function(d){$("#shout").html(d);$("#message").val("");$("#name").val("")}});return false})});
function refresh_shoutbox(){var a="refresh=1";$.ajax({type:"POST",headers:{"cache-control":"no-cache"},url:"postdata.php",data:a,success:function(b){$("#shout").html(b)}})};
postdata.php file
<?php
if($_POST['name'] or $_POST['message']) {
$name= $_POST['name'];
$message= $_POST['message'];
///do other stuff/////
?>
I will insert a hidden field in my html form
<input id="email" name="emails" style="display:none"></br>
but i cant manage to pass the extra value to my existing ajax script.Tried some code but with no luck.
Any help so i can get my shoutbox up and running again?

Jquery Validation plug-in custom error placement

Using the jQuery Validation plug-in for the following form:
<form id="information" method="post" action="#">
<fieldset>
<legend>Please enter your contact details</legend>
<span id="invalid-name"></span>
<div id="id">
<label for="name">Name: (*)</label>
<input type="text" id="name" class="details" name="name" maxlength="50" />
</div>
<span id="invalid-email"></span>
<div id="id">
<label for="email">Email: (*)</label>
<input type="text" id="email" class="details" name="email" maxlength="50" />
</div>
</fieldset>
<fieldset>
<legend>Write your question here (*)</legend>
<span id="invalid-text"></span>
<textarea id="text" name="text" rows="8" cols="8"></textarea>
<div id="submission">
<input type="submit" id="submit" value="Send" name="send"/>
</div>
<p class="required">(*) Required</p>
</fieldset>
</form>
How can I place the errors inside the span tags? (#invalid-name, #invalid-email, #invalid-text)
I read the documentation about error placement but I did not get how it works.
Is it possible to handle each single error and place it in the specified element?
Thank you
You can also manually add error labels in places you need them. In my particular case I had a more complex form with checkbox lists etc. where an insert or insert after would break the layout. Rather than doing this you can take advantage of the fact that the validation script will evaluate if an existing label tag exists for the specified field and use it.
Consider:
<div id="id">
<label for="name">Name: (*)</label>
<input type="text" id="name" class="details" name="name" maxlength="50" />
</div>
Now add the following line:
<label for="name" class="error" generated="true"></label>
which is standard error label:
<div id="id">
<label for="name">Name: (*)</label>
<input type="text" id="name" class="details" name="name" maxlength="50" />
</div>
<div id="id-error">
<label for="name" class="error" generated="true"></label>
<div>
jQuery will use this label rather than generating a new one. Sorry I could not find any official documentation on this but found other posts that came across this behaviour.
This is a basic structure, you can use whatever selector you would like in the method. You have the error element and the element that was invalid.
jQuery.validator.setDefaults({
errorPlacement: function(error, element) {
error.appendTo(element.prev());
}
});
Or to target the ID, you could do
jQuery.validator.setDefaults({
errorPlacement: function(error, element) {
error.appendTo('#invalid-' + element.attr('id'));
}
});
Not tested, but should work.
I found that using .insertAfter rather than .appendTo works:
jQuery.validator.setDefaults({
errorPlacement: function(error, element) {
error.insertAfter('#invalid-' + element.attr('id'));
}
});
I'm using the metadata extension with the validator.. (note, I'm setting it to use the data-meta attribute on the markup...)
<input ... data=meta='{
errorLabel: "#someotherid"
,validate: {
name:true
}
}' >
then in code...
jQuery.validator.setDefaults({
errorPlacement: function(error, element) {
error.appendTo($(
$(element).metadata().errorLabel
));
}
});
I've been using the metadata for a lot of similar functionality, which works rather nicely... note, I used the single ticks (apostrophes) around the meta data, this way you can use a JSON serializer server-side to inject into that portion of the tag (which should use double-quotes around strings)... a literal apos may be an issue though, (replace "'" with "\x27" in the string).

Resources