Why do we put "?" in action = "?" - html

When I was learning Php with Mysql, I got a problem :
<form action="?" method="POST">
.
.
.
</form>
Why do we put "?" in the action attribute?
PS: this form was for inserting text into a database.
Actually, I have an Index.php file which is the controller, and 2 files (form.html.php and joke.html.php as templates). In the tutorial, I first clicked on a link "add joke" to include the form.html.php file and in this form there is <form action="?"> </form> and a submit <input>. When I click on submit, the controller index tests and executes the inserted SQL query.
Thanks.

Personally don't ever do that.... Use action="action.php" or use action="" post to the current URL.
Not sure what you are trying to accomplish with ? in the action attribute.

"We" don't and "You" shouldn't do so either.
If you want to POST the data to the current URL, leave it empty, i.e. action="".
If you want to POST to another URL, put that URL in there, e.g. action="save.php".

Related

Promo Code Validation

I need to validate a Promo Code for one of my html Booking form field. If the entered promo code is correct, users can submit the Booking details. Only one unique promo code. Something like "15OFFNOW" How should I do it? Please help.
Thanks.
First, don't put the promo code in your page. Anyone can see it.
I would do this, but it depends on actually functionality.
Do client side check (this can be bypassed by a malicious user)
Do server side check
Do client side check
Use a good non-reversible hashing algorithm and verify what you have in the prom text box to the hash you have stored in a JavaScript variable or in a data-hash attribute.
So if hash(text box value) == valueOf(data-hash), then proceed to sever validation.
Do server side check
In server no need of hash. Just check the post string with the promo code you have.
i try your code
<form method="post">
<input class="form-control form-control-light bdr-2 rd-0" required
data-label="Promo Code"
data-msg="Please enter a valid promo code."
type="text" name="promo-code"
placeholder="Promo Code"
pattern="15OFFNOW" required>
<input type="submit" value="submit"/>
</form>
validation is work . show this message .
You can use Javascript for that , I fyou want to match promocode or you can validate it at backend using any backend language like PHP or java
for JQuery
//previous Ajax code here
if($("#input_id").val() !== "15OFFNOW"){
return false ;
}
// here you can proceed for Ajax request
You are looking for an input pattern, also called regexp (though I would instead suggest doing it js way (but not global) or on server side as advanced users can simply inspect html code). Most probably something like this
<input type="text" name="promo" pattern="15OFFNOW" required >
Also, please try googling it, there're similar questions like this answered also on StackOwerflow, e.g.
html: Can we match an exact string using html pattern attribute only?
js & php: check if input value not equal to integer then don't submit form

Add logic to delete method in Sinatra

I have been learning Sinatra for a couple of days now so I am still quite new. I am simply created a notes application and have added a delete function within the app.
Here is my Controller:
# Will display title of all notes
get '/' do
#notes = Note.all
erb :index
end
# Will display content within selected note
get '/:id' do
#note = Note.where(id: params[:id]).first
erb :note_description
end
# Will delete item from notes.
delete '/:id' do
Note.delete(params[:id])
redirect '/'
end
Here is my view with html/erb:
<div class="container">
<p>Return to Notes</p>
<h1><%= #note.title %></h1>
<p><%= #note.content %></p>
<form onsubmit="confirm('Are you sure you want to delete the following note?')" action="/<%= #note.id %>" method="POST">
<input type="hidden" name="_method" value="DELETE">
<button type="submit">Delete</button>
</form>
</div>
As you can see, I have created a delete button and have a pop-up on submit when you click it. This will simply verify if the user really wants to delete the object. What happens though, is no matter what I click the item will be deleted and I will be redirected to the home page. I want to add logic where the app will only delete and redirect me to home page if the user clicks okay. If they click cancel nothing should happen. Any advice or help would be greatly appreciated.
You need to return from the event handler itself, so the attribute will look like:
onsubmit="return confirm('Are you sure you want to delete the following note?')"
Currently the return value of return is being returned to the event handler, but the handler itself is returning true (or at least not false).
(The current recommendation seems to be to avoid inline event handling like this though.)
You are seeing this behavior because the client is doing a POST, not a DELETE.
HTML forms only know how to do GET and POST. They cannot do PUT or DELETE. One way you can make it work is by using an AJAX call.
If you are using JQuery, you can set the method to DELETE. Here is the reference.
You will need to create the URL: /1 for example. And you need to handle the success and failure cases. Perhaps set the location on success, and display an error on failure.
EDIT: According to Matt's comment below, _method param replaces the HTTP method. Even though this works, I don't think it is a good practice. It would be better to use the HTTP DELETE method.

Django form: *Nothing* happens when submit button is clicked

I'm probably missing something very basic but I'm stumped.
My HTML form (in a Django template):
<form id="site_signout" method="POST">{% csrf_token %}
<input type="submit" value="sign in">
</form>
In my browser (running my site on the dev server), when I click on the <input> button, nothing happens. Like, nothing nothing. Normally something would show in Terminal such as
[22/Apr/2014 08:29:17] "POST /my/url/ HTTP/1.1" 302 0
Or in Firebug, I would see something about a POST in the HTML tab of the Net panel. But I see nothing. Literally nothing happens when I click the button.
Other submit buttons (for other forms) on my site work just fine.
What could be causing this?
EDIT: The relevant part of my view is:
if request.method == 'POST':
pdb.set_trace()
That's all I have for the form right now because I want to examine what is posted in this scenario before I write more code.
EDIT: My intention is to simply POST to the same page (URL) that the form is on. As I understand it, this should be achievable by simply omitting the action attribute of the <form> element altogether. This is how I started but since it didn't work, I tried a couple of other options such as action="/", which is what I originally posted above. However, my intention is to have the form POST handled by the same view as the form itself. Therefore I've edited my original code sample to omit the action attribute altogether to clarify this point.
Here is my top-level urls.py:
urlpatterns = patterns('',
url(r'^inspection/', include('main_inspection.urls') ),
...
) + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
Here is main_inspection.urls with the relevant URL:
urlpatterns = patterns('main_inspection.views',
url(r'^home/$', 'home', name="inspection_home"),
...
)
The URL for the view in question (on my dev server) is:
http://127.0.0.1:8000/inspection/home/
The solution turned out to be quite silly, and not discoverable by anyone reading the above question:
I had some JS capturing any click event happening inside the div in which the form was located.
Lesson learned: when something really strange seems to be happening at the basic HTML level, check to make sure you didn't write any stupid JS code that is producing the effect.
Your URL about "/" should be something like this:
...
url(r'^$','yourapp.views.index',name="base_address"),
...
It will run "yourapp.views.index" when you call "/" address.
If you want to set an address in you form action attribute try to set name of address instead:
<form id="site_signout" method="POST" action="{% url 'base_address' %}">{% csrf_token %}
<input type="submit" value="sign in">
</form>
We defined "base_address" name in urls that assigned to "/" address and then used that with "url" method in template.

HTML Form Action Attribute: Difference Between Values

I am learning about HTML forms and in particular the action attribute has me a bit confused. What is the difference between the following values and when is it best to use each case?
action=""
action="?"
action="?page"
action="?page=main"
action="."
action="../"
action="/"
action="#"
From W3 Form Documentation:
This [action] attribute specifies a form processing agent
That is, the form, when submitted, sends the values to wherever the action is set to. For the most part your noted actions all submit the form back to the same page the form is displayed on. You could also leave the action out all together or use <?php echo $_SERVER['PHP_SELF']; ?> (if you're on a php page) to obtain the same effect.
Now, "?page=main" will technically go to the same page as well, but with the page GET value set to "main" (might be used for processing the output somehow for example). Use it if you need the page value, otherwise do one of the blank ones.

HTML Form works with GET but not with POST

I'm running Firefox 2.0.0.14.
I have a form on a webpage which is working fine with the GET method.
I'm using a plugin to view my browser's HTTP request when submitting the form, and here it is :
GET /postComment.php?review=2&comment=Testing HTTP/1.1
...
However, if I make the simple change from method=GET to method=POST on the form:
GET /postComment.php HTTP/1.1
...
It isn't even attempting to POST.
Any possible reasons for this, under any circumstances?
EDIT: Here is the form:
<form method=POST action="postComment.php"><input type=hidden name=review value="2"><input type=submit value="Postit">
</form>
Is the action parameter of the form tag set? Could Javascript be intercepting the post? Some HTML from your form would be helpful, or an example link :)
I'm guessing your plugin is not capturing the POST variables. Since the output of your plugin is:
GET /postComment.php HTTP/1.1
How are you catpuring your POST varables? $_POST['key'] or $_REQUEST['key'] should contain your value if the form action and method are set properly.
POST will not be found in the query string.
EDIT:
if you are trying to capture the post value, you can check it with something like this:
if (isset($_REQUEST['submit'])) {
echo $_REQUEST['review'];
}
or
if (isset($_POST['submit'])) {
echo $_POST['review'];
}
Acorn
I would start by making sure your HTML is valid XHTML. Wrap attribute values in quotations and end the input elements with />. Use a valid DOCTYPE.
Also, try changing the value of the submit button to "submit" (as that is the default).
Try it out in different browsers, including the latest version of Firefox.
Firstly, your <form> tag needs to be adjusted:
<form method="post" ... >
Secondly, I have a function called debugArray that I use to spit out misbehaving arrays. It's very handy:
function debugArray($array){
echo("<pre>");
print_r($array);
echo("</pre>");
}
Then, call it in your code like this:
debugArray($_POST);
By looking at the entire contents of the $_POST array, you can see exactly what is being sent, what is not, and how it is being sent.
I'm willing to wager that one of the following is true:
You have a spelling mistake in a field name, remembering that names are case sensetive.
Your form field is outside your <form> tags.
You have a value that is not being escaped correctly, or otherwise being dropped from the $_POST for whatever reason.
Edit: And I would also be inclined to update your copy of Firefox.
I was having the same problem, till I remembered that my .htaccess file hides my PHP extension, and for reasons that someone else can explain (tech stuff) All I did was remove the .php extensión in the action property and it worked.
So, I went from:
action="folder/folder/file.php"
To:
action="folder/folder/file"
And the print_r($_POST) displayed the full array
I really Hope this helps someone else with the same problem.
And if anyone can technically explain why this is happening, it would be very educational 🙃