Portal Home > Knowledgebase > Articles Database > Simple options to return scored output
Simple options to return scored output
Posted by m8internet, 01-22-2011, 01:06 PM |
I am trying to process a basic form to give one of four possible outcomes, based on the scoring
Any and all advice welcome
Input page :
http://m8internet.com/package_chooser.html
Output page (example) :
http://m8internet.com/package_choose...=2&visitors=10
The issue I have with this page is the values are not summed together and do not become displayed at any time
Any other type of alternative is welcome
|
Posted by tim2718281, 01-22-2011, 03:24 PM |
You've defined a function "add" but you do not call it, so it does not get executed,.
|
Posted by Joseph_M, 01-22-2011, 03:36 PM |
What tim said RE: Your "add" function.
However:
You should also think about checking that a,b,c,d are all numeric values!
|
Posted by m8internet, 01-22-2011, 05:20 PM |
There is no need to check they are numeric values, as they are entered from the form value, not by the visitor
Updated script works
Now the complicated bit
How do I convert that sum, into text?
For example if the sum is 3 how do I get an output of "Basic"
Probably something along the lines :
if $total=1 then $package="basic"
echo "We recommend the "$package" package";
Last edited by m8internet; 01-22-2011 at 05:23 PM.
|
Posted by m8internet, 01-22-2011, 06:29 PM |
Many thanks once the function add was sorted the other part was actually very easily implemented
The script and pages now work as I intended
Just to tidy them up
|
Posted by Joseph_M, 01-26-2011, 06:23 AM |
Any get/post variables can easily be spoofed. You should always check your data inputs for valid content! Make it a matter of good practice, and you'll never get caught out!
|
Posted by webexperts, 01-26-2011, 10:25 AM |
Yeah...
handling input with care is very important ....
especially when those data is inserting to db..
|
Posted by iTom, 01-26-2011, 03:09 PM |
GET variables are incredibly easy to change, as they are in the page URL. POST are also not too hard to do...
Plus you should always check variables, I even do it if there is no user input on the page.
As a bare minimum use the (int) parameter in-front of the $GET_['']
|
Posted by m8internet, 02-03-2011, 09:44 AM |
There is no database
The GET instruction is to retrieve the data from the form as filled in on the previous page
I therefore can't see any risk
|
Posted by Joseph_M, 02-09-2011, 12:06 AM |
As a simple example, based on your code sample, you could easily inject an XSS attack.
You should NEVER trust user input. It is far too easy for a user to change the data that they're sending you.
|
Add to Favourites Print this Article
Also Read