Re: php contact form with AES encrypt and sessions for a multipage contact form - Driving me mad what ma i doing wrong [message #181791 is a reply to message #181790] |
Mon, 03 June 2013 11:31 |
Jerry Stuckle
Messages: 2598 Registered: September 2010
Karma:
|
Senior Member |
|
|
On 6/3/2013 7:12 AM, Jason Demitri wrote:
> Hi im sort of a part time developer that is learning how to do php and what not . .. . now im trying to create a signup form for my site www.relution.co.uk
>
> im using foundation 4 as a framework which has modal windows built in
>
> now im trying to create a form that appears in one of these popup modals which has 4 pages and ajax image upoad i think it is . . .now from what ive figured out from each page of the form subbmission i need to store the collected data in a session to be recalled with the final php script so this is what ive used on page 2 and 3
>
> page 2 to collect the data from page one on submission or next being hit
> <?php
> session_start();
> // other php code here
>
> $_SESSION['title'] = $_POST['title'];
> $_SESSION['fname'] = $_POST['fname'];
> $_SESSION['lname'] = $_POST['lname'];
> $_SESSION['bday'] = $_POST['bday'];
> ?>Form goes here
>
>
> <?php
> session_start();
> // other php code here
>
> $_SESSION['email'] = $_POST['email'];
> $_SESSION['mobphone'] = $_POST['mobphone'];
> $_SESSION['hmephone'] = $_POST['hmephone'];
> $_SESSION['rdname'] = $_POST['rdname'];
> $_SESSION['postcode'] = $_POST['postcode'];
> ?>image upload on this page
>
> and this is the final php to upload to the temp db for confirm email
>
> <?php ob_start(); ?>
> <?php
> session_start();
>
> $_SESSION['usrname'] = $_POST['usrname'];
> $_SESSION['pswd'] = $_POST['pswd'];
>
>
> require('config.php');
>
> //table name
>
> $tbl_name=temp_members_db;
>
> //Random Confirm Code
>
> $confirm_code=md5(uniqid(rand()));
>
> //AES Encrypt Salt
> if(!define('SALT'))
> define('SALT','897sdn9j98u98jk');
>
> //details collected from form
> $title=$_SESSION['title'];
> $fname=$_SESSION['fname'];
> $lname=$_SESSION['lname'];
> $bday=$_SESSION['bday'];
> $email=$_SESSION['email'];
> $emailr=$_SESSION['emailr'];
> $mobphone=$_SESSION['mobphone'];
> $hmephone=$_SESSION['hmephone'];
> $usrname=$_SESSION['usrname'];
> $pswd=$_SESSION['pswd'];
> $pswd2=$_SESSION['pswd2'];
> $rdname=$_SESSION['rdname'];
> $postcode=$_SESSION['postcode'];
> $pic=$_SESSION['pic'];
>
> //Insert data into database
>
> $sql="INSERT INTO $tbl_name(confirm_code, title, fname, lname, bday, email, mobphone, hmephone, usrname, pswd, rdname, postcode, pic)
> VALUES('$confirm_code', '$title', '$fname', '$lname','$bday', AES_ENCRYPT('$email','".SALT."'), '$mobphone', '$hmephone', '$usrname', AES_ENCRYPT('$pswd','".SALT."'), '$rdname', '$pic' AES_ENCRYPT('$postcode','".SALT."'))
> ";
>
> // if suceesfully inserted data into database, send confirmation link to email
> if($result){
> echo "Put Successfull";
> }
>
> else {
> echo "there has been an error";
> }
> ?>
> ?>
>
> now before i tried this on a multipage form i had all of the last page working replacing the $_SESSION WITH POST including the AES encrypt but now on multipage i cant get it working keeps running to the error notice . . . please please help im no coder im still learning and personally think i've done well to get this far
>
Where did you actually insert the data into the database? The $sql=...
statement just creates a string.
A couple of other things - when using strings with a database, you MUST
escape each one or used prepared statements. See the doc for the
interface (mysql - which has been deprecated, or mysqli) for more
information.
And finally - why are you using obstart() on your last page? Proper
design of your code makes it unnecessary.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|