7.447 views
Weet iemand een goede tutorial hoe zo'n anti bot veld kan maken?
Notice: Undefined index: student_name on line 23
Notice: Undefined index: student_email on line 24
Notice: Undefined index: student_city on line 25
Toevoeging op 12/11/2015 19:54:07:
<?php session_start();
if(isset($_POST['Submit'])){
// code for check server side validation
if(empty($_SESSION['captcha_code'] ) || strcasecmp($_SESSION['captcha_code'], $_POST['captcha_code']) != 0){
$msg="<span style='color:red'>The Validation code does not match!</span>";// Captcha verification is incorrect.
}else{// Captcha verification is Correct. Final Code Execute here!
$msg="<span style='color:green'>The Validation code has been matched.</span>";
$servername = "";
$username = "";
$password = "";
$dbname = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO students (student_name, student_email, student_city)
VALUES(
'".$conn->real_escape_string($_POST["student_name"])."',
'".$conn->real_escape_string($_POST["student_email"])."',
'".$conn->real_escape_string($_POST["student_city"])."'
)";
if ($conn->query($sql) === TRUE) {
echo "<script type= 'text/javascript'>alert('New record created successfully');</script>";
} else {
echo "<script type= 'text/javascript'>alert('Error: " . $sql . "<br>" . $conn->error."');</script>";
}
$collection= array('orange', 'apple', 'grapefruit', 'banana', 'watermelon');
$fruit = array('orange', 'apple', 'grapefruit', 'banana', 'watermelon');
if(isset($_POST['submit']))
{ $fruit = $_POST['fruit'];
$values = array($collection);
foreach($collection as $selection )
{ if(in_array($selection, $fruit))
{ $values[ $selection ] = 1; }
else
{ $values[ $selection ] = 0; }
} // end of foreach.
// MySQL statement.
$insert = "INSERT INTO table_fruit (orange, apple, grapefruit, banana, watermelon)
VALUES ({$values['orange']}, {$values['apple']}, {$values['grapefruit']}, {$values['banana']}, {$values['watermelon']})";
// MySQL statement to execute the INSERT statement above.
mysqli_query($conn, $insert) or die('<br/>Error reading database: '.mysqli_error($dbconnect));
mysqli_close($conn);
} // End of, if statement from the button check
;
}
}
?>
Notice: Undefined index: student_email on line 24
Notice: Undefined index: student_city on line 25
Toevoeging op 12/11/2015 19:54:07:
Marcel Groot op 12/11/2015 19:53:26
Notice: Undefined index: student_name on line 23
Notice: Undefined index: student_email on line 24
Notice: Undefined index: student_city on line 25
<?php session_start();
if(isset($_POST['Submit'])){
// code for check server side validation
if(empty($_SESSION['captcha_code'] ) || strcasecmp($_SESSION['captcha_code'], $_POST['captcha_code']) != 0){
$msg="<span style='color:red'>The Validation code does not match!</span>";// Captcha verification is incorrect.
}else{// Captcha verification is Correct. Final Code Execute here!
$msg="<span style='color:green'>The Validation code has been matched.</span>";
$servername = "";
$username = "";
$password = "";
$dbname = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO students (student_name, student_email, student_city)
VALUES(
'".$conn->real_escape_string($_POST["student_name"])."',
'".$conn->real_escape_string($_POST["student_email"])."',
'".$conn->real_escape_string($_POST["student_city"])."'
)";
if ($conn->query($sql) === TRUE) {
echo "<script type= 'text/javascript'>alert('New record created successfully');</script>";
} else {
echo "<script type= 'text/javascript'>alert('Error: " . $sql . "<br>" . $conn->error."');</script>";
}
$collection= array('orange', 'apple', 'grapefruit', 'banana', 'watermelon');
$fruit = array('orange', 'apple', 'grapefruit', 'banana', 'watermelon');
if(isset($_POST['submit']))
{ $fruit = $_POST['fruit'];
$values = array($collection);
foreach($collection as $selection )
{ if(in_array($selection, $fruit))
{ $values[ $selection ] = 1; }
else
{ $values[ $selection ] = 0; }
} // end of foreach.
// MySQL statement.
$insert = "INSERT INTO table_fruit (orange, apple, grapefruit, banana, watermelon)
VALUES ({$values['orange']}, {$values['apple']}, {$values['grapefruit']}, {$values['banana']}, {$values['watermelon']})";
// MySQL statement to execute the INSERT statement above.
mysqli_query($conn, $insert) or die('<br/>Error reading database: '.mysqli_error($dbconnect));
mysqli_close($conn);
} // End of, if statement from the button check
;
}
}
?>
Die formuliervelden bestaan dan niet, zoals ik al zei.
Laat je formulier eens zien.
Laat je formulier eens zien.
<?php
<html>
<head>
<meta charset="utf-8">
<title>PHP Secure Professional Captcha.</title>
<link href="./css/style.css" rel="stylesheet">
<script type='text/javascript'>
function refreshCaptcha(){
var img = document.images['captchaimg'];
img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>
</head>
<body>
<div>
<form action="" method="post" name="form1" id="form1" >
<input type="checkbox" name="fruit[Orange]" value="orange"> Orange
<input type="checkbox" name="fruit[Apple]" value="apple"> Apple
<input type="checkbox" name="fruit[Grapefruit]" value="grapefruit"> Grapefruit
<input type="checkbox" name="fruit[Banana]" value="banana"> Banana
<input type="checkbox" name="fruit[Watermelon]" value="watermelon"> Watermelon
<label>Student Name :</label>
<input type="text" name="student_name" id="name" required="required" placeholder="Please Enter Name"/><br /><br />
<label>Student Email :</label>
<input type="email" name="student_email" id="email" required="required" placeholder="[email protected]"/><br/><br />
<label>Student City :</label>
<input type="text" name="student_city" id="city" required="required" placeholder="Please Enter Your City"/><br/><br />
</form>
</div>
<meta charset="utf-8">
<script type='text/javascript'>
function refreshCaptcha(){
var img = document.images['captchaimg'];
img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>
<form action="" method="post" name="form1" id="form1" >
<table width="400" border="0" align="center" cellpadding="5" cellspacing="1" class="table">
<?php if(isset($msg)){?>
<tr>
<td colspan="2" align="center" valign="top"><?php echo $msg;?></td>
</tr>
<?php } ?>
<tr>
<td align="right" valign="top"> Validation code:</td>
<td><img src="captcha.php?rand=<?php echo rand();?>" id='captchaimg'><br>
<label for='message'>Enter the code above here :</label>
<br>
<input id="captcha_code" name="captcha_code" type="text">
<br>
Can't read the image? click <a href='javascript: refreshCaptcha();'>here</a> to refresh.</td>
</tr>
<tr>
<td> </td>
<td><input name="Submit" type="submit" value="Submit" class="button1"></td>
</tr>
</table>
</form>
</body>
</html>
?>
<html>
<head>
<meta charset="utf-8">
<title>PHP Secure Professional Captcha.</title>
<link href="./css/style.css" rel="stylesheet">
<script type='text/javascript'>
function refreshCaptcha(){
var img = document.images['captchaimg'];
img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>
</head>
<body>
<div>
<form action="" method="post" name="form1" id="form1" >
<input type="checkbox" name="fruit[Orange]" value="orange"> Orange
<input type="checkbox" name="fruit[Apple]" value="apple"> Apple
<input type="checkbox" name="fruit[Grapefruit]" value="grapefruit"> Grapefruit
<input type="checkbox" name="fruit[Banana]" value="banana"> Banana
<input type="checkbox" name="fruit[Watermelon]" value="watermelon"> Watermelon
<label>Student Name :</label>
<input type="text" name="student_name" id="name" required="required" placeholder="Please Enter Name"/><br /><br />
<label>Student Email :</label>
<input type="email" name="student_email" id="email" required="required" placeholder="[email protected]"/><br/><br />
<label>Student City :</label>
<input type="text" name="student_city" id="city" required="required" placeholder="Please Enter Your City"/><br/><br />
</form>
</div>
<meta charset="utf-8">
<script type='text/javascript'>
function refreshCaptcha(){
var img = document.images['captchaimg'];
img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>
<form action="" method="post" name="form1" id="form1" >
<table width="400" border="0" align="center" cellpadding="5" cellspacing="1" class="table">
<?php if(isset($msg)){?>
<tr>
<td colspan="2" align="center" valign="top"><?php echo $msg;?></td>
</tr>
<?php } ?>
<tr>
<td align="right" valign="top"> Validation code:</td>
<td><img src="captcha.php?rand=<?php echo rand();?>" id='captchaimg'><br>
<label for='message'>Enter the code above here :</label>
<br>
<input id="captcha_code" name="captcha_code" type="text">
<br>
Can't read the image? click <a href='javascript: refreshCaptcha();'>here</a> to refresh.</td>
</tr>
<tr>
<td> </td>
<td><input name="Submit" type="submit" value="Submit" class="button1"></td>
</tr>
</table>
</form>
</body>
</html>
?>
Je hebt 2 <form>ulieren.
Je stuurt nu waarschijnlijk alleen het tweede.
Maak er 1 van.
Je stuurt nu waarschijnlijk alleen het tweede.
Maak er 1 van.
:o het werkt nu thanks moet ik nu alleen nog sql beveiliging toevoegen?
Toevoeging op 12/11/2015 20:34:23:
Daarnaast is dit niet een beetje een rommeltje? (al wel wat kan ik weg halen over verbeteren?)
<?php
<html>
<head>
<meta charset="utf-8">
<title>Testwebsite</title>
<script type='text/javascript'>
function refreshCaptcha(){
var img = document.images['captchaimg'];
img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>
</head>
<body>
<div>
<form action="" method="post" name="form1" id="form1" >
<input type="checkbox" name="fruit[Orange]" value="orange"> Orange
<input type="checkbox" name="fruit[Apple]" value="apple"> Apple
<input type="checkbox" name="fruit[Grapefruit]" value="grapefruit"> Grapefruit
<input type="checkbox" name="fruit[Banana]" value="banana"> Banana
<input type="checkbox" name="fruit[Watermelon]" value="watermelon"> Watermelon
<br>
<label>Student Name :</label>
<input type="text" name="student_name" id="name" required="required" placeholder="Please Enter Name"/><br /><br />
<label>Student Email :</label>
<input type="email" name="student_email" id="email" required="required" placeholder="[email protected]"/><br/><br />
<label>Student City :</label>
<input type="text" name="student_city" id="city" required="required" placeholder="Please Enter Your City"/><br/><br />
</div>
<meta charset="utf-8">
<script type='text/javascript'>
function refreshCaptcha(){
var img = document.images['captchaimg'];
img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>
<?php if(isset($msg)){?>
<?php echo $msg;?></td>
<?php } ?>
Validation code:
<img src="captcha.php?rand=<?php echo rand();?>" id='captchaimg'><br>
<label for='message'>Enter the code above here :</label>
<br>
<input id="captcha_code" name="captcha_code" type="text">
<br>
Can't read the image? click <a href='javascript: refreshCaptcha();'>here</a> to refresh.</td>
<input name="Submit" type="submit" value="Submit">
</form>
</body>
</html>
?>
Toevoeging op 12/11/2015 20:34:23:
Daarnaast is dit niet een beetje een rommeltje? (al wel wat kan ik weg halen over verbeteren?)
<?php
<html>
<head>
<meta charset="utf-8">
<title>Testwebsite</title>
<script type='text/javascript'>
function refreshCaptcha(){
var img = document.images['captchaimg'];
img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>
</head>
<body>
<div>
<form action="" method="post" name="form1" id="form1" >
<input type="checkbox" name="fruit[Orange]" value="orange"> Orange
<input type="checkbox" name="fruit[Apple]" value="apple"> Apple
<input type="checkbox" name="fruit[Grapefruit]" value="grapefruit"> Grapefruit
<input type="checkbox" name="fruit[Banana]" value="banana"> Banana
<input type="checkbox" name="fruit[Watermelon]" value="watermelon"> Watermelon
<br>
<label>Student Name :</label>
<input type="text" name="student_name" id="name" required="required" placeholder="Please Enter Name"/><br /><br />
<label>Student Email :</label>
<input type="email" name="student_email" id="email" required="required" placeholder="[email protected]"/><br/><br />
<label>Student City :</label>
<input type="text" name="student_city" id="city" required="required" placeholder="Please Enter Your City"/><br/><br />
</div>
<meta charset="utf-8">
<script type='text/javascript'>
function refreshCaptcha(){
var img = document.images['captchaimg'];
img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>
<?php if(isset($msg)){?>
<?php echo $msg;?></td>
<?php } ?>
Validation code:
<img src="captcha.php?rand=<?php echo rand();?>" id='captchaimg'><br>
<label for='message'>Enter the code above here :</label>
<br>
<input id="captcha_code" name="captcha_code" type="text">
<br>
Can't read the image? click <a href='javascript: refreshCaptcha();'>here</a> to refresh.</td>
<input name="Submit" type="submit" value="Submit">
</form>
</body>
</html>
?>
Klopt, je moet je queries ook nog beveiligen.
Let wel op SQL-injection, als je $_POST, $_GET en en/of $_COOKIE variabelen gaat gebruiken.
Je kan het beste mysqli_real_escape_string() gebruiken in combinatie met de MySQLi-functies
Hoe kan ik dat dan beveiligen?
Je kan het beste mysqli_real_escape_string() gebruiken in combinatie met de MySQLi-functies
Hoe kan ik dat dan beveiligen?
Zie hier....
Let er wel op dat dit Object Oriënted is.
Als je procedureel gebruikt (mysqli_query() etc..), dan is het
Let er wel op dat dit Object Oriënted is.
Als je procedureel gebruikt (mysqli_query() etc..), dan is het
mysqli_real_escape_string($conn, $_POST['student_city'])Marcel Groot op 13/11/2015 16:05:02
Hoe kan ik dat dan beveiligen?
Door:
Marcel Groot op 13/11/2015 16:05:02
Je kan het beste mysqli_real_escape_string() gebruiken in combinatie met de MySQLi-functies
Volg eens een tut, gebruik Google. Er is heel veel te vinden aan informatie hierover. Ook topics op dit forum.
Wat betreft je code: op regel 38, 39 en 40 open je PHP en sluit je af. Waarom?
Wat is de reden van regel 31?
Ik zou javascript niet midden in een pagina zetten. De javascript functie lijkt er overigens 2x in te staan.
En gebruik bij voorkeur procedurele code, óf object-georienteerde. Het door elkaar gebruiken van elkaar leidt tot fouten in je script.