...

View Full Version : Prevent Hidden Fields From Being Passed



GenVic
08-26-2009, 04:50 PM
How would I prevent hidden fields from being passed unless someone selects them?

The problem is I have a shopping cart type script where a person can input a quantity into small form. The input type is hidden and the value is always present. I can't change the value to static, because its dynamic.

Any advice would be greatly appreciated.

mlseim
08-26-2009, 05:50 PM
I might not be understanding this right, but why is it necessary to not pass them?
If someone doesn't enter a quantity, what difference does it make?

Maybe you can give us an actual example (link to your site) and also tell us what
shopping cart script you're using.

seco
08-26-2009, 06:10 PM
remove it?

GenVic
08-26-2009, 06:35 PM
<tr valign="top">
<td width="92%" align="left">

<div align="right">

<a href="javascript:void();" title="requireclick=[on] cssbody=[dogvdvbdy] cssheader=[dogvdvhdr] header=[<?php echo $row_accessories['name']; ?>] body=[<center>

<?php echo text1($row_accessories['description']); ?>]"><strong><?php echo $row_accessories['name']; ?></strong></a></div>
</td>
<td width="8%">

<input name="quantity1<?php echo $accessories_nm; ?>" type="text" size="5" />
<input type="hidden" name="name<?php echo $accessories_nm; ?>" value="<?php echo $row_accessories['name']; ?>">
<input type="hidden" name="price<?php echo $accessories_nm; ?>" value="<?php echo $row_accessories['price']; ?>">
<input type="hidden" name="XC_recordId<?php echo $accessories_nm; ?>" value="<?php echo $row_accessories['id_store_accessory']; ?>">


<?php $accessories_nm++; ?>

</td>
</tr>

This is on xcart. Basically, I took over this site and the previous guys have put a mishmash of things together, like using xcart forms, but not the actual shopping cart, etc... At this point I'm just trying to hack some things together. I do SEO, not programming as you can probably tell :)

Anyway, the above code spits out about 12 times for 12 different items depending on the title of the page. The user can input the quantity he's interested in next to anyone of the item listed. He then submits his email and bam done.

The problem is, as you can see, the value gets auto filled for every item and gets passed whether the user is interested in it or not.

If anyone wants to see the page, I'd be happy to PM you the link, but I'd rather not post it live.

ohgod
08-26-2009, 07:33 PM
so what does it matter if it gets passed?

GenVic
08-26-2009, 07:46 PM
so what does it matter if it gets passed?


I'm sorry, I wasn't clear. Since they all get passed , they all get echoed out in the email they and I receive. Not just the items they chose.

So in an email to me for a quote on 3 different products they chose, instead I'm getting all the items every time.

Here's the sendmail.php file that process this form. I'm not sure if that's where the change has to be made.

<?php
$email = $_POST['email'] ;
$product=$_POST['product'];
$subject=$_POST['subject'];
$ip=$_POST['ip'];
$url= $_POST['url'];
$location = $_POST['location'];
$n1=$_POST['name1'];
$n2=$_POST['name2'];
$n3=$_POST['name3'];
$n4=$_POST['name4'];
$n5=$_POST['name5'];
$n6=$_POST['name6'];
$n7=$_POST['name7'];
$n8=$_POST['name8'];
$n9=$_POST['name9'];
$n10=$_POST['name10'];
$n11=$_POST['name11'];


$recipients = "test@gmail.com, $email";

$message="
Request From: $email
From IP: $ip
Location: $location
Referring URL: $url
Interested In: $product \n
//here is where all the items are displayed
$n1
$n2
$n3
$n4
$n5
$n6
$n7
$n8
$n9
$n10
$n11

";

mail( "$recipients", "$email Quote For a $subject ", $message , "From: $email " );

header("location:result.php?email=$email&product=$product");

?>

ohgod
08-26-2009, 07:57 PM
it would be more appropriate to alter your mail handling to only include those that have been selected. you'd assign all those inputs with a default of zero or null, and then only parse them for mail if they've been changed.

you should really be processing and santizing that input anyway for security reasons...

GenVic
08-26-2009, 08:05 PM
Thanks, some code or pointing me in the right direction would be very helpful. As far as sanatizing, yes, I still need to do that, this is all just being tested.

ohgod
08-26-2009, 08:33 PM
i'd suggest a mod moving this to the php section then. you'll get more examples and ideas then you'll know what to do with.

mlseim
08-26-2009, 08:39 PM
GenVIC,
If you're satisfied with the form itself, and you think that just
modifying the email is OK, let us know. Maybe tomorrow I can
come up with a PHP modification for that ... unless someone
else beats me to it. I mention this because a moderator might
not move this thread.

GenVic
08-26-2009, 08:42 PM
GenVIC,
If you're satisfied with the form itself, and you think that just
modifying the email is OK, let us know. Maybe tomorrow I can
come up with a PHP modification for that ... unless someone
else beats me to it. I mention this because a moderator might
not move this thread.

Awesome, yes I think it should be moved to the PHP Section. Thanks mlseim.

GenVic
08-26-2009, 09:29 PM
Okay guys, thanks for the help, but I figured this one out.

Stupid mistake , I was using a test sendmail form, but the native one had this built in already and was processing as $_SERVER["PHP_SELF.

Duh!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum