Allow user submitted HTML in PHP
HTML Purifier is a
standards-compliant HTML filter
library written in PHP. HTML Purifier
will not only remove all malicious
code (better known as XSS) with a
thoroughly audited, secure yet
permissive whitelist, it will also
make sure your documents are
standards compliant, something only
achievable with a comprehensive
knowledge of W3C's specifications.
How do I only allow a user to submit an html form only once?
With the code below you try to check if the entered tutorial group and group number already exist, but this doesn't work.
$sql = "SELECT (tg,grp) FROM groups";
$result = $conn-> query($sql);
if ($result=1) {
....
}
You need to SELECT
for the entered tutorial group and group number in the query. Like this:
$stmt = $conn->prepare("SELECT id FROM groups WHERE tg = ? AND grp = ?");
$stmt->bind_param('ss', $tg, $grp);
$result = $stmt->execute();
if ($result) {
....
} else {
printf("Error message: %s\n", $conn->error);
}
Note that I bind the parameters to prevent SQL-injection.
However, I have to say that is method is far from perfect. It relies on your students to enter data very accurately, and never make a mistake. That will not work in practice.
Allow a user to edit a php code and submit the results securely
What you are trying to accomplish is what variables are for.
Taking this example:
echo "Hello World!";
You could change that to
echo $_POST["data"];
and in your html
<form type='post'>
<input type='text' name='data'/>
<input type='submit'/>
</form>
See it in action
Eval should be avoided at all costs, there is a very narrow set of problems where using eval is a sane solution.
How to allow users to edit PHP file?
If it doesn't need to be permanent, use a form, then access the variable by $_GET['var'] or $_POST['var']. You can even save it to the user's $_SESSION. If it needs to be permanent, use a database..don't have a user edit your PHP
You can also use something like jQuery to append data to a div container, example:
HTML:
<input id="input_form_id" type="text"/>
<button id="add_ip">Add</button>
<div id="ip_addresses"></div>
Jquery:
$("#add_ip").click(function() {
var ip = $("#input_form_id").val();
$("#ip_addresses").append(ip + "<br/>");
});
Jsfiddle:
http://jsfiddle.net/hvBwK/
How can I allow my user to insert HTML code, without risks? (not only technical risks)
If you are using php, an excellent solution is to use HTMLPurifier. It has many options to filter out bad stuff, and as a side effect, guarantees well formed html output. I use it to view spam which can be a hostile environment.
On an html/php file upload page, can you allow users to select files for upload one at a time without overwriting the previously selected file?
Let me see if I get this straight: you are using HTML file
-type input
with multiple
attribute, meaning you can send multiple files on the same input
.
That works this way:
The multiple attribute is a boolean attribute.
When present, it specifies that the user is allowed to enter more than
one value in the element.Note: The multiple attribute works with the following input types:
email, and file.Tip: For
<input type="file">
: to select multiple files, hold down the
CTRL or SHIFT key while selecting.
So if you're trying to upload multiple files and assign them to the same file
-type input
, it's only natural it gets overwritten every time you manage to select different files again.
If you want to select one file at a time, insert multiple file
-type inputs
in your form
. If you have no idea how many files may be attached, deal with input
generation dynamically with Javascript or even PHP, if it isn't mandatory that your form page is pure front-end.
allow user to download after submitting form data
http://php.net/manual/en/function.readfile.php read the first part (forcing a download), you can read a file and then sending it to the user via the headers. Thus you don't have to give away your file structure (and perhaps even letting the file outside your website's root/public_html).
Related Topics
How to Execute My SQL Query in Codeigniter
Get the Price of an Item on Steam Community Market with PHP and Regex
Xml Creation Using Codeigniter
"Class Xxx Is Not a Valid Entity or Mapped Super Class" After Moving the Class in the Filesystem
Can a User Alter the Value of $_Session in PHP
Any Way to Keep Curl's Cookies in Memory and Not on Disk
How Many Days Until X-Y-Z Date
How to Use C++ Binaries from PHP
Understanding PHP Curl_Multi_Exec
How to Check If Directory Contents Has Changed with PHP
How to Send Notification to Android from PHP
How to Prevent PHP Files from Being Downloaded? and What Are Some Ways Someone Can Download Them