I have what I think is a pretty simple form for filling in a couple of dates and sending the user to another page. Unfortunately I find that occasionally the data is not passed to the new page, although the user does get to the page.
The code of my form is
<form action="/book/book1.php" method="post" target="_blank" id="bookboxform" name="bookboxform">
<input name="hid" type="hidden" value="<?php echo $hid ?>">
<!-- This next line added to provide an alternative identification of the hotel -->
<input name="hotelname" type="hidden" value="<?php echo $row_hotel['hotel'] ?>">
<input type="text" name="ArrivalDate" id="ArrivalDate" value="" placeholder="Loading.... please wait" readonly>
<input type="text" name="DepartureDate" id="DepartureDate" value="" placeholder="Loading.... please wait" readonly>
<input type="submit" class="button" value="Click Here!">
</form>
The two date inputs use Jquery UI to provide a selectable calendar.
In the second page (book1.php) I use
if(empty($hid) {
to send me an email of the form has failed. This tells me the user-agent.
Generally it seems to be iPhones and iPads that are usually failing, though most others have done it at some time. I estimate it's happening in 2-5% of occasions when someone tries to use the form. What could be causing this random failure?
It would appear that the failures were caused by users copying the url of book1.php and then pasting it into a fresh browser tab. As the data was being passed by POST method, the data was lost. I am now using GET method so the data is a part of the url, and there have been no failures since.
Related
I am trying to implement an external question in Amazon Mechanical Turk. Everything is working fine except for the submit input which keeps returning the following error:
There was a problem submitting your results for this HIT.
This HIT is still assigned to you. To try this HIT again, click "HITs Assigned To You" in the navigation bar, then click "Continue work on this HIT" for the HIT. If this problem persists, you can contact the Requester for this HIT using the "Contact" link above.
To return this HIT and continue working on other HITs, click the "Return HIT" button.
I have tried everything I can to make the submit task button work and have checked every post I could find on Google and on this website but nothing works.
This is the code for the submit button on my website:
<form name="hitForm" id="hitForm" action="https://workersandbox.mturk.com/mturk/externalSubmit" method="POST">
<input type="hidden" name="assignmentId" value="<?php echo $_REQUEST["assignmentId"]; ?>" />
<input type="hidden" name="hitId" value="<?php echo $_REQUEST["hitId"]; ?>" />
<input type="hidden" name="workerId" value="<?php echo $_REQUEST["workerId"]; ?>" />
<input type="submit" class="btn btn-primary btn-lg active" role="button">
</form>
The user needs to click the submit button on the form once they are done with the task to submit the HIT and receive their payment. I have tried sending the form with more and with less information, I have tried hard coding the information (of the user currently testing the HIT) to the form, I have tried using a hyperlink with the user data, and I have tried submitting the task from different users, from different computers, from different networks, and so on.
Any assistance on this error will be greatly appreciated.
Edit:
I have tried what Thomas has said but I still get the same error message. My form now looks like this:
<form name="hitForm" id="hitForm" action="https://workersandbox.mturk.com/mturk/externalSubmit" method="POST">
<input type="hidden" name="assignmentId" value="<?php echo $_COOKIE["PlayerUserName"]; ?>" />
<input type="hidden" name="foo" value="" />
<input type="submit" class="btn btn-primary btn-lg active" role="button">
</form>
And yes, I am working on the requester sandbox to make sure my entire HIT works properly before opening it to the regular Mechanical Turk.
A couple of possibilities:
Are you using this on the live site? The external submit URL you're using is only for the sandbox. You have to replace workersandbox with www for the live server.
You should not pass hitId or workerId back to the submit URL. These are ignored by MTurk, so there's no point in trying to send them.
You need to send one additional input field besides assignmentId, otherwise the submission will fail. A hidden "foo" field, for example, would be sufficient.
Hey guys i have a question. I am trying to set up something for my insurance website. I want to setup a capture page where the user inputs everything related to their vehicle and their information and once they click submit and proceed it directs them to another page of mine where it autopopulates all this information and gives them a quote. My question is how could i go about doing this?
The most simple solution is to use a Form on one page, that'll be submitted to another page, where the data will be processed and populated.
you can find many examples on the internet.
here's a good example from PHP's DOCS - Dealing With Forms:
HTML form:
<form action="action.php" method="post">
<p>Your name: <input type="text" name="name" /></p>
<p>Your age: <input type="text" name="age" /></p>
<p><input type="submit" /></p>
</form>
and action.php file, where the data will be handled:
Hi <?php echo htmlspecialchars($_POST['name']); ?>.
You are <?php echo (int)$_POST['age']; ?> years old.
you can see that any information sent with a form via the POST method, can be captured in the target php file using the the $_POST variable (a SuperGlobal).
I've been working on having a form where a user can input a subreddits name in a input form and be taken to it, but not been working out well. I've tried using get and name="q" but it makes the address funky.
What I have so far:
<form method="post" action="http://www.reddit.com/r/" style="margin-left:5px;margin-right:5px;margin-bottom:0px;">
<input class="form-control" value="" placeholder="Subreddit Name">
</form>
If you're not getting what i'm trying to do: A user types text into an input, the text they typed would be sent to an address as reddit.com/r/(whatever the user typed)
Not knowing from your question whether or not you have access to server-side coding, and based on your answers in the comments, the following should work for you. Note that if a browser has JavaScript disabled, this will bring the user directly to http://www.redit.com/r/
If you have access to server-side scripting, you could add a catch on your server as well to avoid this.
<form method="post" onsubmit="document.location='http://www.reddit.com/r/'+document.getElementById('subredditname').value;return false;" action="http://www.reddit.com/r/" style="margin-left:5px;margin-right:5px;margin-bottom:0px;">
<input id="subredditname" class="form-control" value="" placeholder="Subreddit Name">
</form>
You can do this easily with PHP.
User types text into input field
<input type="text" name="user_text" />
After form submit, run PHP code
$page = $_POST['user_text'];
//send user to website
header('Location: http://reddit.com/r/' . $page);
Is there a way to prevent a form from being submitted if it contains links.
I would like to prevent links from being added to input: question and message field.
Can anyone point in the right direction for info?
thanks
<div class="form">
<form id="sbwd_contact" method="post" action="http://whatanswered.com/forms/ask/ask.php">
<em class="error"></em>
<input type='hidden' name='sfm_form_submitted' value='yes'/>
<label for="Email">E-Mail: </label>
<input type="text" id="Email" name="Email" size="30" class="required email" />
<label for="question">Question: </label>
<input type="text" id="question" name="question" size="30" class="required" />
<label for="Message">Additional Info: </label>
<textarea name="Message" cols="30" rows="6" id="Message" class="required"></textarea>
<br />
<p><span>I Agree to the Terms and Conditions
<input type="checkbox" name="Terms_and_conditions" value="I agree" class="required"/></span></p>
<input name="Submit" type="submit" id="Submit" value="Send" />
<br /><br />
<p>View our Terms and Conditions</p>
</form>
Add this before insertion in database
if(preg_match("/\b(?:(?:https?|ftp|http):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$_POST['question'])){
// prevent form from saving code goes here
echo "<script>alert('Please remove URLs');</script>";
}
else{
// Insertion in Db
}
To prevent the form from actually being submitted you would need to use JavaScript to suppress the bubbling of the submit event. Specifically I would recommend using jQuery, something like this:
$(document).ready($(document).on('submit', function()
{ if ($("#question:contains('href=')").length > 0) return false; });
I might be wrong, but it looks like you are trying to achieve some sort of simple protection against spam or cross-site-scripting (XSS). If so, this is probably not the best technique, since, like all client-side security, it can easily be bypassed. Better would be to use a regular expression to strip out such links on the server-side after the post. Or for spam prevention, use a proper Bayesian/keyword filter, such as implemented by many WordPress plugins. Remember, a spammer can still market his product without a hyperlink. I think you will find that trying to prevent spam by stopping posts with hyperlinks will not be sufficient for a semi-popular blog or talkback section. All sorts of other types of spam, e.g. stock market three-letter-code pump-and-dump, brand dropping, or brand FUD, can be effective without hyperlinks.
Also keep in mind that there are many different ways for the user to inject potentially harmful HTML/JS/SQL code into the posts. The best technique is to strengthen your handling of user input, rather than restricting input altogether. For example, on Stack Overflow, users can post HTML/JS code samples. SO doesn't want to prevent that input, so they make sure to escape it whenever it's sent back to the browser, rendering it totally harmless. See this article for more info: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet.
Sure you can check if your input field contains one or more substrings like 'HTTP://' and if so end the script with an error.
Use http://php.net/manual/en/function.substr-count.php
First of all, you are posting an HTML script, and you'r asking about PHP, so you are not showing any effort. Having said, that..
If I had wanted to prevent links from being submitted into a form, I could use strip_tags() function of PHP to strip all <a > from what the user is entering, and thus changing the link to just raw text. Alternatively from PHP side, you could use filter_var($url, FILTER_VALIDATE_URL) to validate if URL has been submitted:
$url = "http://www.mywebsite.com";
if(!filter_var($url, FILTER_VALIDATE_URL)){
echo "No URL detected";
}else{
echo "URL is found";
}
And work your way up from there.
I want visitors to my website to be able to search for airport lounges offered by a company called Priority Pass. I have created the following form:
<form action="http://prioritypass.com/lounges/lounge-print.cfm" method="post">
<input type="text" id="print_airport_code" name="print_airport_code" value="MAN" />
<input type="submit" value="Submit" />
</form>
Which mirrors the form they have on their own mobile search site (here). But when I submit my form it doesnt seem like the parameters are being posted properly.
Any help would be great. Thanks.
The form on their website doesnt appear to contain any fields which I have missed?
You're pointing to the wrong URL; POSTing to /lounges/lounge-print.cfm is producing an HTTP redirect header, which is corrupting your output.
Additionally, the name of your input field is incorrect. Using someone else's form results often requires you to maintain all field names consistently as they appear on the remote site.
Change the form to:
<form action="http://www.prioritypass.com/mobile/lounges.cfm" method="post">
<input id="Airport_Code" name="Airport_Code" type="text" size="10" value="MAN" />
<input type="submit" value="Submit" />
</form>