Addition using form select

General discussions related to php

Moderators: macek, egami, gesf

bobbygerez
New php-forum User
New php-forum User
Posts: 18
Joined: Mon Jan 23, 2012 7:40 pm
Contact:

Addition using form select

Postby bobbygerez » Fri Aug 17, 2012 11:01 pm

Code: Select all

<html>
   <head><title>Grouping form array</title></head>
   
<body>
<?php
      if (!isset($_POST['submit'])){
?>
   <form action="array.php" method="post">
      <select name="options[]" multiple>
         <option value="+">+</option>
         <option value="-">-</option>
         <option value="*">*</option>
         <option value="/">/</option>
      </select>
      <input type="submit" name="submit" value="send" />
   </form>
<?php
   } else {
      if (is_array($_POST['options']))
         foreach ($_POST['options'] as $a){
            echo $a;
            //$c = 10 $a 10;
            //echo $c;
         }
      else {
         echo "Please select at least one";
      }
   
   }
?>
</body>
</html>


Anyone can explain this one //$c = 10 $a 10;
//echo $c; it will cause and error but If remove it it will only display the user's selection.
Another thing when the user don't choose anyone from the option it will trigger an error "
Notice: Undefined index: options in C:\wamp\www\edilyn4care\array.php on line 19
Please select at least one ". Thanks for your help.

NigelRen
php-forum Active User
php-forum Active User
Posts: 450
Joined: Fri Aug 05, 2011 9:53 am

Re: Addition using form select

Postby NigelRen » Sun Aug 19, 2012 12:12 am

Not sure what your trying to do with the like

Code: Select all

//$c = 10 $a 10;

If you want it as a string for example - then use

Code: Select all

$c = "10 $a 10";


As for giving you the error when not selecting an option - where your using is_array - I think you should be using isset ( http://php.net/manual/en/function.isset.php ). But you will also need to cater for only one option being selected - so it may be an array - or it may be a single item.

bobbygerez
New php-forum User
New php-forum User
Posts: 18
Joined: Mon Jan 23, 2012 7:40 pm
Contact:

Re: Addition using form select

Postby bobbygerez » Tue Aug 21, 2012 5:48 pm

Code: Select all

<html>
   <head><title>Grouping form array</title></head>
   
<body>
<?php
      if (!isset($_POST['submit'])){
?>
   <form action="array.php" method="post">
         Enter Number:   <input type="text" name="value1" />
            <br />
         Enter Number:   <input type="text" name="value2" />
            <br />
      <select name="options[]" multiple>
         
         <option value="+">+</option>
         <option value="-">-</option>
         <option value="*">*</option>
         <option value="/">/</option>
      </select>
      <input type="submit" name="submit" value="send" />
   </form>
<?php
      } else {
      if (isset($_POST['options'])) {
         foreach ($_POST['options'] as $operator){
         
            if (isset($_POST['value1']) && isset($_POST['value2'])) {
               if (($_POST['value1']!= null) && ($_POST['value2']!=null) )
                  $a = $_POST['value1'];
                  $b = $_POST['value2'];
// How to use the $operator to make replace the +
                  $c = $a + $b;
                  echo $c;
               }
               else {
                  echo "Please Enter Number";
               }
            
         }
      }
      else {
         echo "Please select an operator";
      }
   
   }
?>
</body>
</html>


// How to use the $operator to make replace the +
$c = $a + $b;
echo $c;
Thanks.

NigelRen
php-forum Active User
php-forum Active User
Posts: 450
Joined: Fri Aug 05, 2011 9:53 am

Re: Addition using form select

Postby NigelRen » Tue Aug 21, 2012 11:45 pm

If you wanted to build it that way - you would have to do something like...

Code: Select all

eval ("$c = $a $op $b;");

Where $op is something like +

The only thing is that leaves potential security holes - but as a short example piece of code it shouldn't be an issue.

bobbygerez
New php-forum User
New php-forum User
Posts: 18
Joined: Mon Jan 23, 2012 7:40 pm
Contact:

Re: Addition using form select

Postby bobbygerez » Wed Aug 22, 2012 10:01 pm

NigelRen wrote:If you wanted to build it that way - you would have to do something like...

Code: Select all

eval ("$c = $a $op $b;");

Where $op is something like +

The only thing is that leaves potential security holes - but as a short example piece of code it shouldn't be an issue.


Can you elaborate further NigelRen why it leaves potential security holes. Can you give example so that I'm aware on this security holes. Thanks for letting me know.

NigelRen
php-forum Active User
php-forum Active User
Posts: 450
Joined: Fri Aug 05, 2011 9:53 am

Re: Addition using form select

Postby NigelRen » Wed Aug 22, 2012 11:15 pm

Using eval allow the user to potentially execute almost anything, so if you didn't check what the user was doing they could gain access to any resources on your servers as the code would be running on your server.

So for example - your just using $_POST['options'] as the value to plug into the eval - if the user changed the value of options to be something which just displayed the server configuration ( phpinfo() ) with the correct bits and pieces they could use your eval to display all of the server settings on the users page.

bobbygerez
New php-forum User
New php-forum User
Posts: 18
Joined: Mon Jan 23, 2012 7:40 pm
Contact:

Re: Addition using form select

Postby bobbygerez » Thu Aug 23, 2012 1:31 am

Still have an error, undefined $c; . Any idea is highly appreciated.

NigelRen
php-forum Active User
php-forum Active User
Posts: 450
Joined: Fri Aug 05, 2011 9:53 am

Re: Addition using form select

Postby NigelRen » Thu Aug 23, 2012 5:48 am

Can you post your latest code.

bobbygerez
New php-forum User
New php-forum User
Posts: 18
Joined: Mon Jan 23, 2012 7:40 pm
Contact:

Re: Addition using form select

Postby bobbygerez » Thu Aug 23, 2012 8:03 pm

Code: Select all

<html>
   <head><title>Grouping form array</title></head>
   
<body>
<?php
      if (!isset($_POST['submit'])){
?>
   <form action="array.php" method="post">
         Enter Number:   <input type="text" name="value1" />
            <br />
         Enter Number:   <input type="text" name="value2" />
            <br />
      <select name="options[]" >
         
         <option value="+">+</option>
         <option value="-">-</option>
         <option value="*">*</option>
         <option value="/">/</option>
      </select>
      <input type="submit" name="submit" value="send" />
   </form>
<?php
      } else {
      if (isset($_POST['options'])) {
         foreach ($_POST['options'] as $operator){
         
            if (isset($_POST['value1']) && isset($_POST['value2'])) {
               if (($_POST['value1']!= null) && ($_POST['value2']!=null) )
                  $a = $_POST['value1'];
                  $b = $_POST['value2'];
                  eval ("$c = $a $operator $b;");
                  echo $c;
                  echo $operator;
               }
               else {
                  echo "Please Enter Number";
               }
            
         }
      }
      else {
         echo "Please select an operator";
      }
   
   }
?>
</body>
</html>


Thanks NigelRen for helping me.

NigelRen
php-forum Active User
php-forum Active User
Posts: 450
Joined: Fri Aug 05, 2011 9:53 am

Re: Addition using form select

Postby NigelRen » Thu Aug 23, 2012 11:22 pm

Sorry - it's obvious now I can see whats happening. The line

Code: Select all

                  eval ("$c = $a $operator $b;");

should have been...

Code: Select all

                  eval ("\$c = $a $operator $b;");

What was happening was that the $c was being substituted for the value of $c. The '\' escapes the $ sign to ensure it stays in the expression. The $a and $b doesn't matter either way as you actually want the values put in there.

bobbygerez
New php-forum User
New php-forum User
Posts: 18
Joined: Mon Jan 23, 2012 7:40 pm
Contact:

Re: Addition using form select

Postby bobbygerez » Fri Aug 24, 2012 12:42 am

Thank you so much... It works well and I really understand. :D


Return to “PHP General”

Who is online

Users browsing this forum: Bing [Bot] and 0 guests