I'm tying to make a html form with a dropbox where you can choose a few options. However when I want to send this to the databse, something goes wrong. Namely that it doesn't send the variable in the name but uses the option as variable.
<select name="name">
<option value="op1">op1</option>
<option value="op2">op2</option>
<option value="op3">op3</option>
<option value="op4">op4</option>
</select>
So when submitting this, it doesn't send var name with value opX but just opX.
While in a normal form box this seems to work:
<input name="email" type="text" value="" size="79"><br>
This sends var email with value = stuff that I typed in.
I am accessing with:
$name = $_POST["name"];
How do I fix this?
You'll probably be accessing your HTML form from some server-side language like PHP or Java.
Here's a PHP example:
$varName = $_POST['name']; // Would equal op1, op2, op3 or op4
create a hidden type and add it under the </select> but within the same form.like <input type=""hidden" name"submit" value="submit">....then check whether its set or not..like in php
if(isset($_GET/POST[submit])
{
//access your form data here..like:
$x=$_GET/POST[name]
}
this is how you can be assured about whether data is set or not
If you want to save data coming from html form, you must use server-side language. ASP,ASP.NET,PHP etc. are server-side programming language.
If you will use PHP or ASP, you should use MySql as a database. If you will use ASP.NET ,you should use MSSQL as a database. If you will use ASP , you should use MS Access Database.
Example for ASP:
<%
variable = Request.Form("name")
variable2 = Request.Form("email")
Set conn=CreateObject("ADODB.Connection")
dbpath="Data Source=" & Server.MapPath("db\yourdb.mdb")& ";Provider=Microsoft.Jet.OLEDB.4.0;"
Conn.Open dbpath
sql = "INSERT INTO yourtable_name (your_field1,yur_field2) VALUES (' "&variable&" ',' "&variable2&" ')"
Conn.execute sql
%>
Related
I have been stuck in this topic for a long time and I hope someone can help me.
I have an application written in asp classic. I must implement an antiforgery token in the form where I go to validate the data.
My page is composed like this
<% Dim token
token = GetGUID()
Session("token")=token
%>
<html>
<head>
</head>
<boby>
...
...
<form method="post" action="../includes/CENT_FUNCTIONS.ASP">
<input type="hidden" value="<%=Session("token")%> name="token">
</form>
</body>
</html>
As you can see at the top in the asp code when opening the page I generate a GUID that I am going to save in a session variable.
I generate the GUID with this vbs function
FUNCTION GetGUID()
GetGUID = CreateObject("Scriptlet.TypeLib").GUID
END FUNCTION
So I'm going to save the session variable in a hidden field of the form. The action of the form goes to call another asp file where I will go to collect the form data to call a store procedure in the sql database.
The file is written like this
<%
IF Request("token") = Session("token") THEN
ID_CENT=Request.QueryString("ID_CENT")
IDAZIENDA_CENT=Request("IDAZIENDA_CENT")
ELSE
Response.Redirect "../notallowed.asp"
END IF
set command = Server.CreateObject("ADODB.Command")
command.ActiveConnection = conn
command.CommandText = "CAR_CENTRALINI_FUNZIONI"
command.CommandType = adCmdStoredProc
set objParameter = command.CreateParameter ("#ID_CENT", adInteger, adParamInput,,ID_CENT)
command.Parameters.Append objParameter
set objParameter = command.CreateParameter ("#IDAZIENDA_CENT", adInteger, adParamInput,,IDAZIENDA_CENT)
command.Parameters.Append objParameter
command.Execute , , adExecuteNoRecords
Set command=Nothing
Set objParameter=Nothing
Response.Redirect "../Fonia/UT_Fonia_CENTRALINI.asp"
%>
So before collecting the form data I go to check if the token arrived is the same as the one stored in the session variable.
But this comparison that I make in the IF condition always returns false.
Is this way I am using to generate and validate the anti forgery token correct? What am I doing wrong?
Thanks for any replies
I currently have a script named "test.pl" that does a variety of things and prints out HTML code to view on a webpage. One of the things I want it to do, is allow the user to type in a comment, and select which type of comment it is and the processing form of the comment box will append the comment into a file. I am not sure if I am doing this right because it doesn't seem to be working as I'm getting some errors.. here are the snippets of the code:
#!/usr/bin/perl
use warnings;
use CGI qw(:cgi-lib :standard); # Use CGI modules that let people read data passed from a form
#Initiate comment processing
&ReadParse(%in);
if ($in("comment") && $in("type") ! == "") {
$comment = $in("comment");
$type = $in("type");
WritetoFile($comment,$type);
}
sub WritetoFile {
my $input = shift;
my $type = shift;
my $file = "$type" . "_comment.txt";
open (my $fh, '>>', $file) or die "Could not open file '$file' $!";
print $fh "$input\n";
close $fh
}
The form I am using is this:
<FORM ACTION=test.pl METHOD=POST>
Comment:
<INPUT TYPE=TEXT NAME="comment" LENGTH=60>
<P>
Select Type
<SELECT NAME ="type">
<OPTION SELECTED> Animal
<OPTION> Fruit
<OPTION> Vegetable
<OPTION> Meat
<OPTION> Other
<INPUT TYPE=SUBMIT VALUE="Submit"></FORM
Any suggestions on how to make this work or even improve the process I am doing would be greatly appreciated!I would prefer to keep the processing script and the script that does the rest of my subs to be the same script (test.pl) unless this is something I have to keep separate
Your code is a bizarre mixture of old- and new-style Perl. You're using the cgi-lib compatibility layer in CGI.pm and calling its ReadParse() function using the (unnecessary since 1994) leading ampersand. On the other hand, you're using three-arg open() and lexical filehandles. I'd be interested to hear how you developed that style.
Your problem comes from your (mis-)handling of the %in hash. Your call to ReadParse() puts all of the CGI parameters into the hash, but you're using the wrong syntax to get the values out of the hash. Hash keys are looked up using braces ({ ... }), not parentheses (( ... )).
You also have some confusion over your boolean equality operators. != is used for numeric comparisons. You want ne for string comparisons.
You probably wanted something like:
ReadParse(%in);
if ($in{comment} ne "" and $in{type} ne "") {
$comment = $in{comment};
$type = $in{type};
WritetoFile($comment,$type);
}
Your $comment and $type variables are unnecessary as you can pass the hash lookups directly into your subroutine.
WritetoFile($in{comment}, $in{type});
Finally, as others have pointed out, learning CGI in 2014 is like learning to use a typewriter - it'll still work, but people will think you're rather old-fashioned. Look at CGI::Alternatives for some more modern approaches.
I have a ui-select2 select and it works fine but I need the selected values to be formatted like this value,value,value. I have it almost there. its returning ["value","value","value"]. I there a way to parse the [" "," "] out of my value?
<select ui-select2 multiple ng-model="selectedDa.value" data-placeholder="Select DA/'s" ngchange="updateDa()">
<option ng-repeat="da in da's" value="{{da.value}}> {{da.label}}>/option>
</select>
Yes, I have similar application which uses select2 and I'm actually doing this in my .php file (which is called by an Angular service through $http:
$inputGet = $_GET['chosenValues'];
$query = explode(",", $inputGet);
This explode PHP function breaks the string into pieces on the given character (in this/our case it's ",") and the resulting $query variable is actually an array - array('value1','value2','value3',....);
I am trying to experiment with python's cgi module, ad do't want to buy an entire server just to accomplish this task. So I have written my html and python cgi script on my Ubuntu 14.04 computer, but the script will not run. Here is the relevant HTML code:
<form action = "cgi-bin/Login.py" method="get">
Username <input type = "text" name = "user"><br>
Password: <input type = "password" name = "password"><br>
<input type = "submit" value = "Submit"><br>
</form>
And the Python 3 Code
import cgi, cgitb
form = cgi.FieldStorage()
# Get data from fields
Username = form.getvalue('user')
Password = form.getvalue('password')
print ("Content-type:text/html")
print ()
print ("<html>")
print ("<head>")
print ("<title>Hello - Second CGI Program</title>")
print ("</head>")
print ("<body>")
print ("<h2>Hello %s %s</h2>" % (Username, Password))
print ("</body>")
print ("</html>")
And lastly the popup that I get when I click the submit button on the webpage.
You'll need to setup and configure a web server to serve the cgi scripts. Here's the apache documentation on that.
Try use POST in the form. CGI on python needs POST to works.
I have a <select> element on a Razor view. It renders as a drop box with language values. I set language via custom cookies and a custom cookie aware view engine.
Let's say I have a cookie set (called language). I want to have a view render with a corresponding <option> marked as selected based on a cookie value. How can I control it with Razor?
Well I would put the select in a strongly typed partial view:
#inherits System.Web.Mvc.WebViewPage<Language>
#Html.DropDownListFor(x => x,
new SelectList((List<Language>)ViewBag.AllLanguages,
"Id",
"Text",
Model==null?-1:Model.Id), "Choose Language")
I would actually set the value in my controller
public virtual ActionResult _MyAction()
{
// get users language
string selectedLanguage = "English"; // default
if(Request.Cookies["language"] != null)
{
selectedLanguage = Request.Cookies["lang"].ToString();
}
// language list
ViewBag.AllLanguages = context.Languages.ToList();
// retrieve language from database - example using EF
ViewBag.SelectedLanguage = context.Languages
.FirstOrDefault(l=>l.Text==selectedLanguage);
and then in my main view
#Html.Partial("LanguageSelect", ViewBag.SelectedLanguage);
This keeps the logic of what language to select away from the presentation of the actual select list. And you could put all that logic in a shared method if it's used a lot.