Wisdom of keeping PHP scripts embedded when submitting forms

I was wondering if it would be more secure if the php scripts I'm using to insert user names and contact info into my database would be more secure if the code was moved to a new page called insrtRecord.php and the form action were changed from action="<?php echo $editFormAction; ?>" to action="/Scripts/insrtRecord.php"
The page was constructed entirely with Dreamweavers built in behaviors so all the code is right there in the contact page for anyone to look at.
I'd then password protect the Scripts directory that contained the insrtRecord.php file to keep it from prying eyes.
Thanks for your advice.

>He took a look at my site, checked the code, and I was sure that I saw some PHP tags pop up.
Rick, if you did see a tag then it must have been due to a misconfigured script. Any valid php will be parsed on the server and not sent to the client.
>My Connections folder with the database un and pw is in a protected directory
>and there's never a call to put in a password when a page connects to the MySql database.
>This leads me to believe that I can protect all my PHP scripts.
But connection scripts are referenced using includes which is different than what you originally suggested. I'm not saying it won't work, I really don't know. But it's easy to test and if it works I don't see any harm in adding another layer of security.

Similar Messages

What data to return when submitting form to a php script?

Been trying to figure this out for few days now. Been googling it up and found nothing.
I made a form with livecycle designer, put a http submit button to post data to my php script and when I open it up on acrobat reader and try to submit it, I get an error about content-type not being correct etc.
What kind of content-type should I be returning then? text/plain, text/html and application/pdf with 0 lenght content doesn't seem to cut it. Can I disable whole return-check as I really dont have anything to return? Or can I somehow send an "success/failure" pop-up or something?

Thank you George,
I added the line: header('x', TRUE, 204); to my PHP script per your suggestion and found that I get an error thrown "invalid server response" when using acrobat reader or acrobat pro 9. No new window is loaded and the pdf user's experience is not changed (except for the error message).
Without the added line, I get the error "no input file page data" thrown. Since I'm not returning anything to the browser that is expected but not wanted.
In either case, the data fields are captured and saved by my PHP script. It seems that acrobat requires a response from the server otherwise it is not happy. I can't see a way that I can turn off error messages to avoid this.

I keep getting script errors when accessing Amazon Seller merchant pages. I get the following A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete. Script

I keep getting script errors when accessing Amazon Seller merchant pages. I get the following A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete. Script: chrome://spautofill/content/spOverlay.js:150, I also get js210 as well. I have cleared all cookies and history and unistalled Firefaox and reinstalled. Been thru my AVS and set the site as trusted in every possible place. Still get the problem. Do not get it with IE on same PC.
== URL of affected sites ==
https://sellercentral.amazon.co.uk

Same problem but with a different vendor site:
https://www.webvitamins.com/myfavorites.aspx
Not only does the page hang, but the other tabs also hang.
I contacted the vendor and their reply was "we were told that this looks like a script that is used by "Sticky Password", third-party software that must have been installed on your browser. However, our website did not install it and does not have anything to do with it." As far as I can tell, "Sticky Password" is not installed on my Firefox.
Same problem as above occurs, but with IE 8.0.6001.18702. Therefore, it is not unique to Firefox.
CAUSE DETERMINED: Have determined that this problem only occurs when Kaspersky Password Manager is installed. In Firefox, if the "Password Manager Autofill Engine" add-on is disabled, the problem goes away.

Symbol error when submitting form

experiencing a symbol error when submitting form.

Hi Gen,
Unfortunately, the error came from a client who was submitting a form via Mac OS. He stated that when he attempted to submit he received a symbol error.
On another note, I did experience issues with periods (.) within another form such as 2009.01 and 2011.25. When I downloaded the files corresponding to the numbers, it wouldn’t allow me to save it with the period (used an underscore instead).
Warmest regards,
Delia
Delia Boyd
Program Manager, Standards Development
Executive Office
AOAC INTERNATIONAL
481 N. Frederick Avenue, Suite 500
Gaithersburg, MD 20877-2417
301-924-7077 x126
301-924-7089 - Fax
[email protected]<mailto:[email protected]>
www.aoac.org<http://www.aoac.org/>
cid:[email protected]
127th AOAC Annual Meeting & Exposition
Palmer House Hilton
Chicago, Illinois
August 25-28, 2013
For more information visit our website
at: http://www.aoac.org/meetings1/127th_annual_mtg/main_2.htm
þ Please consider the environment before printing this email.
...you will see it when you believe it!

Keep getting script errors when on facebook is there a fix for this

Downloaded current version of firefox browser keep get script errors is there a fix for this..???

What kind of script errors do you see?
Do you see them in a pop-up (alert) window?
Start Firefox in [[Safe Mode]] to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > Appearance/Themes).
*Don't make any changes on the Safe mode start window.
*https://support.mozilla.org/kb/Safe+Mode

Problems with php script in the contact form

Hello, I am from the Czech Republic and I am not a coder. I have 2 problems with my php sript. I am using a simple php script from Paul Trani, see below.
Firstly the email adress - when someone inserts an email adress in this form [email protected] it is OK, but when someone writes an address for example [email protected] (this type of adress is very common in our country) the answer is "That is not a valid email address. Please return to the previous page and try again." I think the problem is the dot before the @.
Secondly diacritical marks - Since I am from the Czech Republic we use diacritical marks (for example š,č,ř,ž,á,í,é,ě) so instead of this letters a get ? or Å or Å¡ to my email.
I really do not know how to fix these problems.
Thank you for any help. Sorry for my English. Peter
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<META HTTP-EQUIV="refresh" content="0;URL=thankyou.html">
<title>Email Form</title>
</head>
<body>
<?php
$name=addslashes($_POST['name']);
$email=addslashes($_POST['email']);
$comments=addslashes($_POST['message']);
// you can specify which email you want your contact form to be emailed to here
$toemail = "[email protected]";
$subject = "From EcoStyleStudio.com";
$headers = "MIME-Version: 1.0\n"
 ."From: \"".$name."\" <".$email.">\n"
 ."Content-type: text/html; charset=iso-8859-1\n";
$body = "Name: ".$name." \n"
 ."Email: ".$email." \n"
 ."Comments: \n"
 .$comments;
if (!ereg("^[a-zA-Z0-9_]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$", $email))
 echo "That is not a valid email address. Please return to the"
 ." previous page and try again.";
 exit;
 mail($toemail, $subject, $body, $headers);
 echo "Thanks for submitting your comments";
?>
</body>
</html>

ereg() has been deprecated, it is recommended that you dont use it.
You want to look at this
http://www.php.net/manual/en/function.preg-match.php
Within this page I found this:
If you need to check for .com.br and .com.au and .uk and all the other crazy domain endings i found the following expression works well if you want to validate an email address. Its quite generous in what it will allow
<?php
 $email_address = "phil.taylor@a_domain.tv";
 if (preg_match("/^[^@]*@[^@]*\.[^@]*$/", $email_address)) {
 return "E-mail address";
?>

PHP script for a pdf form

Hi,
Can anyone point me in the right direction with this problem?
I am using Dreamweaver CS3. Is there a php script I can use
to have the data that a user inputs into a form extracted and put
on a PDF form that pops up when the user clicks a button so the
user can then print and fax the completed form?
I would really appreciate any help.
Thanks,

Why go to a PDF? Why not just print from a webpage?
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
==================
"Captain825" <[email protected]> wrote in
message
news:g707ol$3b8$[email protected]..
> Hi,
>
> Can anyone point me in the right direction with this
problem?
>
> I am using Dreamweaver CS3. Is there a php script I can
use to have the
> data
> that a user inputs into a form extracted and put on a
PDF form that pops
> up
> when the user clicks a button so the user can then print
and fax the
> completed
> form?
>
> I would really appreciate any help.
>
> Thanks,
>

When submitting form, form elements like text box are not available in my action page. This occurs only for several times. if i resubmit the form, i can get the form elements in my action page. May be form get submitted twice in firefox 3.6.13

I have a simple web page with two form elements say, two text box and submit button. when submitting my form, i didn't get the form data in my action page. This occurs only in Firefox 3.6.13 several times. Not always.
May be form get submitted twice?
Note: Remember, i am not facing this issue. However my friend is facing this issue.

I have a simple web page with two form elements say, two text box and submit button. when submitting my form, i didn't get the form data in my action page. This occurs only in Firefox 3.6.13 several times. Not always.
May be form get submitted twice?
Note: Remember, i am not facing this issue. However my friend is facing this issue.

Encoding error message when submitting form to REST endpoint

When submitting a stand-alone form to the REST endpoint of a process I receive the following message in Acrobat reader (translated from german):
"An error occured when submitting the form. Content of type text/plain;charset=utf-8 could not be processed"
Despite the error message the process gets started and works fine.
In terms of usability I would like to get rid of this error message since it irritates the ordinary user.
This happens only in Acrobat Reader (version is 10.1) not in Pro
My workbench version is 10.0.1

The No Content approach should work. Can you show the exact code you're using to generate the response? Did you add "#FDF" to the end of the URL for the submit form action?
If you haven't looked into it already, consider returning an FDF that causes a popup dialog to display as a way of providing feedback.

Script Errors when submitting the Page

We are using iPlanet 4.1 as WebServer under SSL mode. The customers who are working under Windows XP with IE6.0(128bit) browsers are having Script Error problem, while submitting the data to the WebServer. Though the number of customers affected are less when comparing to the people who can access without problem, the script error problem is becoming to damage the image of our application. FYI, customer is working with BroadBand Internet Connections with the Local ISP.
Kindly advise.

First, due to security problems discovered in earlier versions, you should upgrade to iPlanet Web Server 4.1 SP11 or Sun ONE Web Server 6.0 SP4.
That said, it sounds like you're encountering known SSL bugs present in Microsoft Internet Explorer. The release notes for current Sun ONE Web Server releases cover this topic. You can view the relevant section of the 6.0 SP4 release notes at http://docs.sun.com/source/816-6371-10/index.html#1007147

Error when submitting form to PHP server

Hi all,
I'm trying to submit a PDF file (as a whole, not just the data) to a PHP server. It works as far as the file being delivered and saved, but in Acrobat I keep getting an error message at the end of the process, saying: "No Input File Page Data".
I tried doing some research online and it seems to be related to the return value sent by the server to Acrobat, but I can't seem to get it to function properly.
We've tried using header('HTTP/1.1 204 No Content'); as the response, but it doesn't seem to help, either.
Any ideas would be much appreciated...

The No Content approach should work. Can you show the exact code you're using to generate the response? Did you add "#FDF" to the end of the URL for the submit form action?
If you haven't looked into it already, consider returning an FDF that causes a popup dialog to display as a way of providing feedback.

Numeric or value error when submitting form

I have a form based of a stored procedure. The form has about 20 fields on it. For some reason the form only allows data entry on only about 10 of them. If I put data in any of the other 10, I get: "An unexpected error occurred: ORA-06502: PL/SQL: numeric or value error (WWV-16016)"
I have looked everywhere to see what's going on. I checked the procedure to make sure its parameters are good. It takes takes all VARCHAR2's, so thats OK. I checked the fields in the form editor for validation, and none are being validated, so thats OK. I made sure all the fields are updatable and they are. I even checked the table to make sure that the data can go into the fields, even though I know that the error returned there would be through the procedure, not Portal. I am stumped. What am I missing?
Rich

Follow Up: While troubleshooting this, I filled in all the fields with one character each and the form submitted. I added characters little by little to each field until I got the error. It seems like Portal has a problem when I pass X amount of characters from a form. I say "Portal" because I thought this might be an OS parameter, but I get the same error in both Win2000 and Solaris.
Any ideas where this setting is? Or how to change it?
Rich

Error with reCAPTCHA when submitting form on Business Catalyst hosted site

Hi
Just had a client complain that the webform on their MUSE website isn't submitting correctly. When I tested this myself the image verification for reCAPTCHA is failing and throwing out an error on a new page.
As it is a BC hosted website, the form no longer requires a verification key (it was previously hosted elsewhere until recently).
I've since discovered this happening on another of my websites... Any ideas please?
The error I see is:
ERROR: An error occurred. Image verification failed. If you believe this is incorrect, please contact your system administrator or go back and re-submit the form

There can be few reasons for this including captcha or recatcha included in the form , any html edit with form etc.
Please provide the page url where form is inserted so that we can check on our end, additionally have you tried to re-insert the form and then check or update the site again from Muse to BC ?
Thanks,
Sanjit

Naming of PDF when submitting form via email...

Is there a way to name the pdf that gets attached to the email when using the submit by email button? currently it seems to assign a random selection of characters as the name of the pdf.

Please see following thread:
http://forums.adobe.com/message/4450906

OracleJSP error: java.io.FileNotFoundException when submitting form

I auto-generated a task form for a very simple test and receive this error when SUBMIT-ing the form.
OracleJSP error: java.io.FileNotFoundException:
Set the init-param debug_mode to "true" to see the complete exception message
I am guessing it has something to do with the generated ADF task flow?
Details of the test:
BPM 11.1.1.4
Process: none start > Initiator user task > none end
Data: process data object based on BO based on a (simple) complex type xsd
User is Weblogic, assigned to the single process role.
That's it. The form accepts the data entry (I confirmed this previously by adding a file writer). It just generates the error in the form's pop-up window.

Below is the file Empty1.jspx that you need -- (put it into public_html). No idea why it is needed, but removing it from the unbounded flow does not work. Hope this helps others.
Anthony
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<f:view>
<af:document id="d1">
<af:form id="f1"></af:form>
</af:document>
</f:view>
</jsp:root>

Wisdom of keeping PHP scripts embedded when submitting forms

Similar Messages

Maybe you are looking for