Simple options to return scored output

Portal Home > Knowledgebase > Articles Database > Simple options to return scored output

Posted by m8internet, 01-22-2011, 01:06 PM
I am trying to process a basic form to give one of four possible outcomes, based on the scoring Any and all advice welcome Input page : http://m8internet.com/package_chooser.html Output page (example) : http://m8internet.com/package_choose...=2&visitors=10 The issue I have with this page is the values are not summed together and do not become displayed at any time Any other type of alternative is welcome
Posted by tim2718281, 01-22-2011, 03:24 PM
You've defined a function "add" but you do not call it, so it does not get executed,.
Posted by Joseph_M, 01-22-2011, 03:36 PM
What tim said RE: Your "add" function. However: You should also think about checking that a,b,c,d are all numeric values!
Posted by m8internet, 01-22-2011, 05:20 PM
There is no need to check they are numeric values, as they are entered from the form value, not by the visitor Updated script works Now the complicated bit How do I convert that sum, into text? For example if the sum is 3 how do I get an output of "Basic" Probably something along the lines : if $total=1 then $package="basic" echo "We recommend the "$package" package"; Last edited by m8internet; 01-22-2011 at 05:23 PM.
Posted by m8internet, 01-22-2011, 06:29 PM
Many thanks once the function add was sorted the other part was actually very easily implemented The script and pages now work as I intended Just to tidy them up
Posted by Joseph_M, 01-26-2011, 06:23 AM
Any get/post variables can easily be spoofed. You should always check your data inputs for valid content! Make it a matter of good practice, and you'll never get caught out!
Posted by webexperts, 01-26-2011, 10:25 AM
Yeah... handling input with care is very important .... especially when those data is inserting to db..
Posted by iTom, 01-26-2011, 03:09 PM
GET variables are incredibly easy to change, as they are in the page URL. POST are also not too hard to do... Plus you should always check variables, I even do it if there is no user input on the page. As a bare minimum use the (int) parameter in-front of the $GET_['']
Posted by m8internet, 02-03-2011, 09:44 AM
There is no database The GET instruction is to retrieve the data from the form as filled in on the previous page I therefore can't see any risk
Posted by Joseph_M, 02-09-2011, 12:06 AM
As a simple example, based on your code sample, you could easily inject an XSS attack. You should NEVER trust user input. It is far too easy for a user to change the data that they're sending you.