vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   <select> problem (https://vborg.vbsupport.ru/showthread.php?t=109139)

error_22 02-28-2006 05:42 PM
<select> problem
 
HTML Code:
<form action="new_isy.php" method="POST">
First name:<br>
<input type="text" name="fname"><br>
Last name:<br>
<input type="text" name="lname"><br>
Email:<br>
<input type="text" name="email"><br>
Head<br>
<input type="text" name="head"><br>
Message<br>
<textarea name="message" cols="30" rows="8"></textarea><br>
<select name="category">
<option>option1</option>
<option>option2</option>
<option>option3</option>
<option>option4</option>
</select><br><br>
<input type="submit" value="Send"></form>
new_isy.php:
PHP Code:
$date date("Y-m-d H:i:s");
    $sql "INSERT INTO `ads` 
            (
            `fname`, 
            `lname`, 
            `email`, 
            `head`, 
            `message`, 
            `category`, 
            `date`
            )
    VALUES     (
            '{$_POST['fname']}', 
            '{$_POST['lname']}', 
            '{$_POST['email']}', 
            '{$_POST['head']}', 
            '{$_POST['message']}', 
            '{$_POST['category']}', 
            '$date'
            )";

mysql_query($sql) or die("SQL: $sql ".mysql_error());

// ##### Back to main page #####
header ("Location: index.php");
exit; 
Ok so i want option1/option2/option3/option4 to be saved in the field called "category". The point is that people can choose a category and that category should be saves in the db. What am i doing wrong?

Thanks in advance
Niklas

filburt1 02-28-2006 05:44 PM
Give each option a "value" attribute.

Also, perish the thought of using raw user data in queries. Escape it always.

error_22 02-28-2006 05:57 PM
HTML Code:
<form action="new_isy.php" method="POST">
First name:<br>
<input type="text" name="fname"><br>
Last name:<br>
<input type="text" name="lname"><br>
Email:<br>
<input type="text" name="email"><br>
Head<br>
<input type="text" name="head"><br>
Message<br>
<textarea name="message" cols="30" rows="8"></textarea><br>
<select name="category">
<option value="option1">option1</option>
<option value="option2">option2</option>
<option value="option3">option3</option>
<option value="option4">option4</option>
</select><br><br>
<input type="submit" value="Send"></form>
Like that you mean? its still not working

And what do you mean by "raw user data in queries"?

Thanks

error_22 03-06-2006 07:28 PM
anyone?

Princeton 03-06-2006 08:39 PM
Quote:
And what do you mean by "raw user data in queries"?
what he means is that you should make sure that all data is checked/cleaned before saving it into the database

(security risk)

error_22 03-06-2006 09:08 PM
Quote:
Originally Posted by princeton
what he means is that you should make sure that all data is checked/cleaned before saving it into the database

(security risk)
and how do i do that?

error_22 03-21-2006 04:16 PM
bump

Xenon 03-21-2006 09:40 PM
take a look into a general vb-file, especially how they user $vbulletin->gpc and these parts of code :)

error_22 03-23-2006 09:02 AM
hmmm how would that string of code help me when I have no idea what any of you are talking about? I think you have forgotten what its like to not understand ;)

Xenon 03-23-2006 08:00 PM
well, sorry but we can't teach you coding by posting on this forum.

we can just give you examples of how good code looks like, and i said, you should take any vb-file as an example, and will see that nowhere a $_POST is entered directly into the db, but all results are sanitized by the $vbulletin->gpc_cleaner


All times are GMT. The time now is 04:56 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02838 seconds
  • Memory Usage 1,755KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_html_printable
  • (1)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete