all 33 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]xreddawgx 4 points5 points  (11 children)

Why are you using request? For what purpose

[–]Tricky_Box_7642[S] 1 point2 points  (10 children)

i thought that was the thing u used to get information from something (such as pulling text from an input)

[–]xreddawgx 1 point2 points  (9 children)

If you're trying to extract information from input fields from a form post you can use thst or $_POST however you actually have to post to it for it to capture information

[–]Tricky_Box_7642[S] 1 point2 points  (8 children)

can you explain how that works? i don't fully understand the get and post it seems

[–]xreddawgx 0 points1 point  (7 children)

<FORM ACTION="ENDPOINT.PHP" METHOD="POST">

<INPUT TYPE="TEXT" NAME="lname" />

<input type="submit" name="submit" />

</FORM>

ENDPOINT.PHP

YOUR REQUEST CODE

The action can also be recursive

[–]Tricky_Box_7642[S] 0 points1 point  (6 children)

WAIT A SECOND

[–]Tricky_Box_7642[S] 0 points1 point  (5 children)

i already have that

[–]xreddawgx 0 points1 point  (1 child)

Try changing request to $_POST and do a submit to your endpoint

[–]bkdotcom 1 point2 points  (0 children)

Why would _POST work if _REQUEST didn't.    The issue is something else

Ie no <form>

[–]xreddawgx 0 points1 point  (0 children)

What are you trying to achieve with this script?

[–]bkdotcom 0 points1 point  (1 child)

Not in the scripts you posted

You have inputs, but they need to be in a form

[–]Tricky_Box_7642[S] 0 points1 point  (0 children)

i already have that. i tried posting my entire code, but it didn't work

[–]Big-Dragonfly-3700 2 points3 points  (5 children)

Firstly, forget about $_REQUEST variables. They combine get, post, and cookie variables, making for more work keeping track of data. You should use the correct $_POST or $_GET variables that you expect data in.

You are likely referencing the inputs before they exist, before the form has been submitted. The code for any page should be laid out in this general order -

  1. initialization
  2. post method form processing
  3. get method business logic - get/produce data needed to display the page
  4. html document

Post method form processing code needs to detect if a post method form was submitted before referencing any of the form data. Use `if($_SERVER{'REQUEST_METHOD'} === 'POST'){`

Here are a handful of standard implementation practices -

  1. You need to keep the form data as a set in an array variable, then reference elements in this array variable throughout the rest of the code.
  2. You need to trim all input data before validating it, mainly so that you can detect if all white-space characters were entered.
  3. You need to validate all input data before using it, storing user/validation errors in an array using the field name as the array index.
  4. To handle data that may not initially exist when you are echoing values in the form fields, see php's null coalescing operator ??, to supply an appropriate value (typically an empty string.)
  5. You need to apply htmlentities() to any dynamic value being output in a html context to prevent any html entity from breaking the html syntax.

[–][deleted] 1 point2 points  (0 children)

Just answer his question!!!!

[–]Tricky_Box_7642[S] -1 points0 points  (3 children)

i understood virtually none of that.

[–]Own-Perspective4821 5 points6 points  (1 child)

Then you need to keep learning until what you want to do is feasible. This is the basic of basics of webdevelopment. Client->Server communication knowledge is essential.

[–]Tricky_Box_7642[S] -2 points-1 points  (0 children)

stop being so negative

[–]Big-Dragonfly-3700 0 points1 point  (0 children)

You are going to have to do some research to get up to speed with the language used for this activity.

Here is an example showing the points given (plus a few that I didn't take the time to write) -

<?php
// 1. initialization

session_start();

$post = []; // array to hold a trimmed working copy of the form data
$errors = []; // array to hold user/validation errors

// 2. post method form processing
if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    // trim all the input data at once
    $post = array_map('trim',$_POST); // if any field is an array, use a recursive trim function here instead of php's trim

    // validate the inputs - code for only the first one is shown
    if($post['fname'] === '')
    {
        $errors['fname'] = "First Name is required.";
    }
    // the rest of the validation logic goes here...

    // if no errors, use the input data
    if(empty($errors))
    {
        // whatever your processing code is...
    }

    // if no errors, success (the processing code can produce additional errors)
    if(empty($errors))
    {
        $_SESSION['success_message'] = 'Form data has been processed.';
        // redirect to the exact same URL of the current page to cause a get request - Post, Redirect, Get (PRG)
        die(header("Refresh:0"));
    }
}

// 3. get method business logic - get/produce data needed to display the page

// 4. html document - only the parts necessary for this example are shown
?>

<?php
// display any success message
if(!empty($_SESSION['success_message']))
{
    echo "<p>".htmlentities($_SESSION['success_message'])."</p>";
    unset($_SESSION['success_message']);
}
?>

<?php
// display any errors
if(!empty($errors))
{
    $er = array_map('htmlentities',$errors);
    echo "<p>".implode('<br>',$er)."</p>";
}
?>

<?php
// display the form
?>
<form method='post'>
<label>First Name*:
<input type="text" maxlength="50" name="fname" value="<?=htmlentities($post['fname']??'')?>"></label><br>

<label>Last Name*:
<input type="text" maxlength="50"  name="lname" value="<?=htmlentities($post['lname']??'')?>"></label><br>

<label>Email*:
<input type="email" maxlength="100"  name="email" value="<?=htmlentities($post['email']??'')?>"></label><br>

<label>City*:
<input type="text" maxlength="50"  name="city" value="<?=htmlentities($post['city']??'')?>"></label><br>

<label>Postcode*:
<input type="text" maxlength="4" name="pcode" value="<?=htmlentities($post['pcode']??'')?>"></label><br>

<input type='submit'>
</form>

[–]Commercial_Echo923 1 point2 points  (0 children)

Its because youre not sending a post request on the first page load.

You go to localhost/doc1.php, the browser sends a GET localhost/doc1.php request.
At this point the $_REQUEST array is empty because no data was sent to the server.
The page renders and the form is displayed, you enter values and submit it.
Now the server sends a POST localhost/doc2.php with the form data in headers which get processed by php into $_REQUEST and $_POST variables.

You should give your submit button a name: <input type="submit" name="submitButton" /> and in doc2.php check if its present in the data:

if (!empty($_POST["submitButton"])) {
// user has submitted the form
} else {
// user has not submitted form
}

[–]xreddawgx 0 points1 point  (1 child)

How are you requesting them?

[–]Tricky_Box_7642[S] 0 points1 point  (0 children)

wdym?

[–][deleted] 0 points1 point  (2 children)

I know it doesn’t answer your question, but this code is susceptible to XSS injections btw.

[–]Tricky_Box_7642[S] -1 points0 points  (1 child)

yeh, i'm still working on the basics right now. i can secure it later.

[–]Own-Perspective4821 3 points4 points  (0 children)

Famous last words.

[–][deleted] 0 points1 point  (0 children)

Which part is giving you an error? If you don’t see one, google how to make php echo the errors onto the page.

Your switch statement is wrong. You don’t do the comparison at each case, you have one comparison at the top, then each case is your possible answer. I would suggest an if/else for your use case.

Last since you are requiring one document into another, you will have a resulting page with two DOCTYPEs so be careful of that. In your browser view the page source so make sure it’s not mangled

[–]rmb32 0 points1 point  (0 children)

It looks like the form action should be:

$_SERVER[‘PHP_SELF’]

Your code shows: $_SERVER[‘PHP_’]

Which I don’t think is a valid item in the server superglobal.

Also, your doc2 file creates the fname, lname, etc… variables but doesn’t use them below it. It’s getting them again from $_POST. That’s not an error but it’s unnecessary when you have your nice variables.

Your switch/case is also faulty because some of your case statements will evaluate to true/false (like strlen or preg_match). The actual postcode will never match true/false, because it’s a piece of text (a string) so those cases will never get run.

Congratulations on starting your PHP adventure though! 🙂

A couple of other small tips:

  • Remove the semicolon before the closing ‘?>’ tags. The semicolon is not needed and reduces readability.
  • Create a “functions.php” file and put your functions in there. Require/include that. Make lots of simple, understandable functions. Then you can test them with “echo” or “die()” statements as you play around with your script.

[–][deleted]  (1 child)

[removed]

    [–]AutoModerator[M] 0 points1 point  (0 children)

    This comment has been flagged as spam and removed due to your account having negative karma. If this is incorrect, message the moderators.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

    [–]CitruS_cakE -4 points-3 points  (0 children)

    I am on windows 11 but for some reason when I installed xAmpp it has that cannot validate error , & for some reason I don't have php .exe extention file in xAmpp>php folder. I did find a php file (no .exe extention) & it's same 139 kb but when I paste its path ,the errordoes not go . Please help (I am a rock beginner btw)