SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Member
    Join Date
    Feb 2007
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Trying To Redirect To Anchor Link After Form Submit

    Hello,

    I'm building a ratings page based on a five star rating system. The page has a serious of 10 questions. My problem is that each rating requires a person to hit "submit", at which time the page refreshes to the header. They then have to scroll down to find the next rating.

    I'm wondering if it's possible for the page to return to an anchor link after the form is posted.

    Here's a php code example for the ratings. I've added some anchors for what I had in mind.

    Code:
     <A name="ebu_1"></A>
    	<?php
    $id= "ebu_1";
    include "rate.php"; 
    ?>
    <A name="ebu_2"></A>
    <?php
    $id= "ebu_2";
    include "rate.php"; 
    ?>
    The code for the part of the form which I think is applicable is as follows:


    Code:
    print ("<form method=post><table bordercolor=#99999 cellspacing=0 border=0><TR><td width=50% cellspacing=none cellpadding=none align=middle valign=middle border=1><font size=1 face=Verdana color=#999999>$cratings</td><tr></font>");
    echo"<TR><td align=middle valign=middle><input type=radio name=uvote value=5><font face=arial size=2 color=#000000>Excellent";
    echo"<input type=radio name=uvote value=4>Very Good";
    echo"<input type=radio name=uvote value=3>Good";
    echo"<input type=radio name=uvote value=2>Fine";
    echo"<input type=radio name=uvote value=1>Bad";
    //Submit button starts from here
    print ("<input type=hidden name=send value='true'><input type=hidden name=mpo value=$id>&nbsp; <input type=submit value=Rate style=background:#ffcc00;border-width:1;Border-color:#ffcc00;></TD></TR></table></form>
    If I could get the submit button to return to the anchors, such as
    Code:
    <A name="ebu_1"></A>
    , it would be great.

    Thanks for any help!

    LG

  2. #2
    SitePoint Evangelist catweasel's Avatar
    Join Date
    Apr 2007
    Location
    Goldfields, VIC, Australia
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by algae21 View Post
    I'm building a ratings page based on a five star rating system. The page has a serious of 10 questions. My problem is that each rating requires a person to hit "submit", at which time the page refreshes to the header. They then have to scroll down to find the next rating.
    How come they have to submit at each question? Why not let the user respond to every question then submit the form?

  3. #3
    SitePoint Member
    Join Date
    Feb 2007
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why not let the user respond to every question then submit the form?
    Actually, that would be my preference. This is a purchased script though, and I'm an absolute novice with PHP, trying to figure out what minor improvements I can do on my own. I imagine a portion of the form submit would need revision. I'll post it, but apologize if it's extremely long...

    Basically my ratings are sequentially named ebu_1, ebu_2, etc., etc.. The script looks like this.

    LG

    PHP Code:
    <?php
    extract
    ($HTTP_GET_VARS);
    extract($HTTP_POST_VARS);
    include(
    "conf.php");
    $rate_id=$id;
    $db=mysql_connect($db_host,$database_user,$database_pass) or die("<b>MySQL Error:</b> Unable to connect to database please check that you have provided the correct <li>Database Login username<li>Database Login Password");    //Connect to database or give error if failed
    mysql_select_db($db_name,$db)or die("<b>MySQL Error:</b> Unable to select database please check that you have provided the correct <li>Database name");
    $sql= ('CREATE TABLE ' .$rate_id.' (op INT NOT NULL AUTO_INCREMENT PRIMARY KEY,ip TEXT NOT NULL,vote INT NOT NULL)'); //Create table if it does not exist
    if(@mysql_query($sql)){
    }else{
    }
    if(
    file_exists("rate_d/$id.dat")){
    }else{
    if(
    is_writable("rate_d")){
    $ghi=fopen("rate_d/$id.dat","w");
    fwrite($ghi,"1");
    fclose($ghi);
    }
    }
    if(
    $uvote>=&& $send=="true" && $mpo==$id){
    $result=mysql_query('SELECT ip FROM '.$mpo); 
    $found=0;
    $ip_address getenv(REMOTE_ADDR);
    while(
    $row=mysql_fetch_array($result)){         //Compare the stored IP's with user's IP
    if($row[ip]==$ip_address){
    $found+=1;
    break;
    }
    }
    if(
    $found==0){    //if no ip is matched
    $sql=mysql_query("INSERT INTO $rate_id SET ip='$ip_address',vote='$uvote'"); //insert user's ip as well as vote
    echo "<font color=blue face=arial size=2><CENTER>You have voted $uvote star.</CENTER></font>";
    }elseif(
    $found>=1){
    echo 
    "<CENTER><font color=red face=arial size=2>Sorry, you have already voted.</font></CENTER>";
    }
    }elseif(
    $send=="true" && $uvote "1" && $mpo==$id){
    echo 
    "<CENTER><font face=arial color=red size=2>Please select your rating.</font></CENTER>";
    }
    $voter=0;
    $vcount=mysql_query('SELECT vote FROM '.$rate_id) or die ("<b>MySQL Error:</b> Please check that you have provided correct id for the rating, id must not contain spaces or special characters, only letters, numbers and _ (underscore)<BR><font color=red><b>Rate id shoul not contain only numbers.</b></font><BR>For example: my_1_rating is correct but 12345 is incorrect.");
    while(
    $row=mysql_fetch_array($vcount)){     //count all the votes
    $voter+=$row[vote];
    }
    $total=(mysql_num_rows ($vcount)); //get total number of votes
    if($total==0){
    $total=1;
    }
    $aveg=round(($voter/$total),2);    //Divide all the votes by total number of votes to get average rating
    if ($aveg>=1)
    {
        
    $star "images/1star.gif" ;
    }
    if (
    $aveg>=1.5)
    {
        
    $star "images/15star.gif" ;
    }
    if (
    $aveg>=2)
    {
        
    $star "images/2star.gif" ;
    }
    if (
    $aveg>=2.5)
    {
        
    $star "images/25star.gif" ;
    }
    if (
    $aveg>=3)
    {
        
    $star "images/3star.gif" ;
    }    
    if (
    $aveg>=3.5)
    {
        
    $star "images/35star.gif" ;
    }    
    if (
    $aveg >= 4)
    {
        
    $star "images/4star.gif" ;
    }    
    if (
    $aveg >= 4.5)
    {
        
    $star "images/45star.gif" ;
    }    
    if (
    $aveg >= 5)
    {
        
    $star "images/5star.gif" ;
    }    
    if (
    $aveg<=0)
    {
        
    $star "images/00star.gif" ;
    }
    if (
    $total<=1){
    $spell="Vote";
    }else {
    $spell="Votes";
    }
    if (
    $aveg<=0){
    $cratings="<img src=\"$star\" alt=\"Average rating: $aveg\">";
    }else{
    $cratings="<table><td><font size=2>Rating:</font></td><td><img src=\"$star\" alt=\"Average rating: $aveg\"></td><td> <font size=2>After $total $spell</font></td></table></font>";
    }
    //You may change the look of the ratings, customization starts from here
    print ("<form method=post><table bordercolor=#99999 cellspacing=0 border=0><TR><td width=50% cellspacing=none cellpadding=none align=middle valign=middle border=1><font size=1 face=Verdana color=#999999>$cratings</td><tr></font>");
    echo
    "<TR><td align=middle valign=middle><input type=radio name=uvote value=5><font face=arial size=2 color=#000000>Excellent";
    echo
    "<input type=radio name=uvote value=4>Very Good";
    echo
    "<input type=radio name=uvote value=3>Good";
    echo
    "<input type=radio name=uvote value=2>Fine";
    echo
    "<input type=radio name=uvote value=1>Bad";
    //Submit button starts from here
    print ("<input type=hidden name=send value='true'><input type=hidden name=mpo value=$id>&nbsp; <input type=submit value=Rate style=background:#ffcc00;border-width:1;Border-color:#ffcc00;></TD></TR></table></form></font>");
    ?>

  4. #4
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,806
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    To submit to an anchor with the way you have it now you would need to amend the <form action> part:
    PHP Code:
    <form method='post' action='". $_SERVER['PHP_SELF'] ."#ebu_1'
    that way the form submits to itself and then down to the anchor.

    Welcome to the forums as well algae21
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  5. #5
    SitePoint Evangelist catweasel's Avatar
    Join Date
    Apr 2007
    Location
    Goldfields, VIC, Australia
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by algae21 View Post
    Actually, that would be my preference. This is a purchased script though, and I'm an absolute novice with PHP, trying to figure out what minor improvements I can do on my own.
    There's a few security points to make about this script..
    The first two lines -
    PHP Code:
    extract($HTTP_GET_VARS); 
    extract($HTTP_POST_VARS); 
    Allow any user to set their own variables in your application and also overwrite any of yours.. including variables like $_SESSION ... also HTTP_GET_VARS and HTTP_POST_VARS are deprecated.. these days we use $_POST and $_GET.

    The script has these lines-
    PHP Code:
    $result=mysql_query('SELECT ip FROM '.$mpo);

    $sql=mysql_query("INSERT INTO $rate_id SET ip='$ip_address',vote='$uvote'");

    $vcount=mysql_query('SELECT vote FROM '.$rate_id); 
    All these variables $rate_id, $ip_address, $uvote, $mpo are either extracted straight from post or get arrays without any sanitization or could be overwritten anyway by a malicious user since you are using extract().

    This leaves your database vulnerable to sql injection attacks


    Usually when working with form submissions like this I start by coding up a skeleton page with the form on it the way I want it to be.. only html at first. Then I work out how to process it in php.

    Why not take a shot at that? Do up a html file with nothing in it but the body tag and the form then post it back here and we'll take it from there.

  6. #6
    SitePoint Member
    Join Date
    Feb 2007
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Welcome to the forums as well algae21
    Spike,

    Thanks. I messed with your code a little bit and got it working

    Code:
    <form method='post' action='"."#$id'>
    Catweasel,

    That is pretty much the entire code with the exception of a small config. file.

    I have a sample page here: http:laughingravy21.com/ebaytest/ebu.php

    There's no user input other than the radio buttons, so I'm not sure how bad the security concerns would be?

    The form is displayed with this snippet

    PHP Code:
    <?php
    $id
    "ebu_2";
    include 
    "rate.php"
    ?>
    "Rate.php" is the longer code I posted.

    How worried should I be about the possible security risks given no logins, etc... And how much re-coding am I looking at to possibly turn it into 10 ratings but 1 submit button?

    Thanks again!

    LG

  7. #7
    SitePoint Evangelist catweasel's Avatar
    Join Date
    Apr 2007
    Location
    Goldfields, VIC, Australia
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by algae21 View Post
    There's no user input other than the radio buttons,
    Not in your form no.. but an attacker could easily construct their own form and submit that to your script.. dont' be fooled into thinking just because you coded the form you will always know what data is sent to the server. your script will process whatever is sent to it, no matter where it comes from.

    so I'm not sure how bad the security concerns would be?
    Not being sure is all the more reason to be pedantic about this.

    How worried should I be about the possible security risks given no logins, etc
    You may have no logins but just looking at your script I think there are serious security concerns.. I'm not going to list them here since you've posted the url to the script.

    And how much re-coding am I looking at to possibly turn it into 10 ratings but 1 submit button?
    Not much .. Here's your form using just one submit button.. when you fill the form out and submit it you will see what the $_POST array looks like.
    Maybe it will give you an idea as to how you could process all those ratings in one hit without making the user submit 10 times.

    PHP Code:
    <html>
    <head>
    <style type='text/css'>
    .item {
        margin:5px;
        padding:3px;
    }
    </style>
    </head>
    <body>

    <pre>
    <?php
    if (!empty($_POST)) print_r($_POST);

    ?>
    </pre>

    <div id='left'>
    <form method='post' action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <div class='item'>
    <input type=radio name=uvote[0] value=5>Excellent
    <input type=radio name=uvote[0] value=4>Very Good
    <input type=radio name=uvote[0] value=3>Good
    <input type=radio name=uvote[0] value=2>Fine
    <input type=radio name=uvote[0] value=1>Bad
    <input type=hidden name=mpo[0] value=ebu_1>
    </div>
    <div class='item'>
    <input type=radio name=uvote[1] value=5>Excellent
    <input type=radio name=uvote[1] value=4>Very Good
    <input type=radio name=uvote[1] value=3>Good
    <input type=radio name=uvote[1] value=2>Fine
    <input type=radio name=uvote[1] value=1>Bad
    <input type=hidden name=mpo[1] value=ebu_2>
    </div>
    <div class='item'>
    <input type=radio name=uvote[2] value=5>Excellent
    <input type=radio name=uvote[2] value=4>Very Good
    <input type=radio name=uvote[2] value=3>Good
    <input type=radio name=uvote[2] value=2>Fine
    <input type=radio name=uvote[2] value=1>Bad
    <input type=hidden name=mpo[2] value=ebu_3>
    </div>
    <div class='item'>
    <input type=radio name=uvote[3] value=5>Excellent
    <input type=radio name=uvote[3] value=4>Very Good
    <input type=radio name=uvote[3] value=3>Good
    <input type=radio name=uvote[3] value=2>Fine
    <input type=radio name=uvote[3] value=1>Bad
    <input type=hidden name=mpo[3] value=ebu_4>
    </div>
    <div class='item'>
    <input type=radio name=uvote[4] value=5>Excellent
    <input type=radio name=uvote[4] value=4>Very Good
    <input type=radio name=uvote[4] value=3>Good
    <input type=radio name=uvote[4] value=2>Fine
    <input type=radio name=uvote[4] value=1>Bad
    <input type=hidden name=mpo[4] value=ebu_5>
    </div>
    <div class='item'>
    <input type=radio name=uvote[5] value=5>Excellent
    <input type=radio name=uvote[5] value=4>Very Good
    <input type=radio name=uvote[5] value=3>Good
    <input type=radio name=uvote[5] value=2>Fine
    <input type=radio name=uvote[5] value=1>Bad
    <input type=hidden name=mpo[5] value=ebu_6>
    </div>
    <div class='item'>
    <input type=radio name=uvote[6] value=5>Excellent
    <input type=radio name=uvote[6] value=4>Very Good
    <input type=radio name=uvote[6] value=3>Good
    <input type=radio name=uvote[6] value=2>Fine
    <input type=radio name=uvote[6] value=1>Bad
    <input type=hidden name=mpo[6] value=ebu_7>
    </div>
    <div class='item'>
    <input type=radio name=uvote[7] value=5>Excellent
    <input type=radio name=uvote[7] value=4>Very Good
    <input type=radio name=uvote[7] value=3>Good
    <input type=radio name=uvote[7] value=2>Fine
    <input type=radio name=uvote[7] value=1>Bad
    <input type=hidden name=mpo[7] value=ebu_8>
    </div>
    <div class='item'>
    <input type=radio name=uvote[8] value=5>Excellent
    <input type=radio name=uvote[8] value=4>Very Good
    <input type=radio name=uvote[8] value=3>Good
    <input type=radio name=uvote[8] value=2>Fine
    <input type=radio name=uvote[8] value=1>Bad
    <input type=hidden name=mpo[8] value=ebu_9>
    </div>
    <div class='item'>
    <input type=radio name=uvote[9] value=5>Excellent
    <input type=radio name=uvote[9] value=4>Very Good
    <input type=radio name=uvote[9] value=3>Good
    <input type=radio name=uvote[9] value=2>Fine
    <input type=radio name=uvote[9] value=1>Bad
    <input type=hidden name=mpo[9] value=ebu_10>
    </div>

    <input type=submit value=Rate>
    </form>
    </div>

    </body>
    </html>
    It doesn't process anything yet.. we'll get to that later. This is just an exercise to show how using arrays in form elements makes this kind of thing much easier... btw, what is mpo?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •