PHP Comments page, not working on some browsers

Discussion in 'Programming & Software Development' started by TheAvatar, Feb 10, 2015.

  1. TheAvatar

    TheAvatar Member

    Joined:
    Jul 18, 2006
    Messages:
    838
    Location:
    2580
    HI All,

    I have just made a comments page for my wedding but for some reason it does not work on all browsers, though I personally can get it working on everything.

    There are no errors on the server so I am not really sure what to look for so I was wondering if anyone could take a look.

    The page is here - http://dev.chaosjester.net/testwellwish/wellwishes/

    Code is here - http://dev.chaosjester.net/testwellwish/wellwishes/code.txt

    Everything seems to work fine for me in IE, Chrome and firefox and on my phone running chrome but some people have said that when they enter their name and comment it just refreshes the page without inserting their comment in to the DB.

    Any help would be greatly appreciated!

    TIA

    EDIT: Please note that this is my first semi-working project in PHP/SQL so be gentle :p
     
    Last edited: Feb 10, 2015
  2. Zoltag

    Zoltag Member

    Joined:
    Aug 30, 2001
    Messages:
    703
    Location:
    London
    Looks fine to me - Works in Firefox 35.0.1, Chrome 40.0.2214.111 m and Internet Explorer 11.0.15

    I suggest your first port of call is to get your users to enable Javascript - http://www.enable-javascript.com/

    Congratulations on your upcoming wedding, too :)
     
  3. Rezin

    Rezin Member

    Joined:
    Oct 27, 2002
    Messages:
    9,490
    What browser (and platform) are they using?
     
  4. OP
    OP
    TheAvatar

    TheAvatar Member

    Joined:
    Jul 18, 2006
    Messages:
    838
    Location:
    2580
    Some people are on windows 7 with IE/Chrome, have seen it in the flesh with 8.1 and IE/Chrome in my work place, even though it works on my own work laptop running the same SOE.

    This is why I am at a loss, it seems to be really random :/

    Thanks :)

    Hmm guess that could be an issue, the javascript on the page is all to do with bootstrap and the code that is doing the comments is all PHP but I didn't consider that the JS might be causing the page not to render or operate correctly. I will check that out :)
     
    Last edited: Feb 11, 2015
  5. Zoltag

    Zoltag Member

    Joined:
    Aug 30, 2001
    Messages:
    703
    Location:
    London
    PHP is a server-side scripting language. The code served up to clients after a server has processed the PHP is HTML and Javascript (well, it is in this case), hence my suggestion :)

    If you want to see what I'm talking about, look at the source code for the page, as it is rendered in your browser.
     
  6. mr camouflage

    mr camouflage Member

    Joined:
    May 25, 2012
    Messages:
    1,012
    Location:
    Perth
    I remember a problem from way back, although the exact details on which browsers did what escape me, although I think it was IE, and I don't know if they ever "fixed" it, as MS may not have considered it a bug.

    The problem was, if you enter the details, but hit enter to submit the form (or possibly your smart phone equivalent button), then IE won't send the name/value pair for the submit button back to the server with the other post variables. And since you are explicitly looking for submit to see if the form was posted (there are better ways to check for a post, btw), then your code ignores the "if submit" part, and just displays the empty form again without entering the details into the db.

    Simple fix/hack/work-around is to leave the submit button as is, and add a hidden field to the form e.g.:
    Code:
    <input type="hidden" value="postform" name="postform" id="postform"></input>
    and check for that instead of the submit, as it will always be sent back by all browsers.

    The better/more correct way would be to check the request type e.g.:
    Code:
    if($_SERVER['REQUEST_METHOD'] == 'POST'){
    //...do post processing
    }
     
  7. mr camouflage

    mr camouflage Member

    Joined:
    May 25, 2012
    Messages:
    1,012
    Location:
    Perth
    Have also read that some versions of IE will take this:
    Code:
    <input type="submit" value="submit" name="submit" id="submit"></input>
    and switch the value to what is between the input tags, in your case, nothing.

    solution to that is this:
    Code:
    <input type="submit" value="submit" name="submit" id="submit"/>
     
  8. sam_allen

    sam_allen Member

    Joined:
    Sep 7, 2003
    Messages:
    359
    Location:
    Borås, Sweden
    Please NEVER simply insert posted data into ANY database table. That's a bad habit to get into, even if it's something this simple.

    At least use mysql_real_escape_string() on those two post variables.

    $name = mysql_real_escape_string($_POST['name']);
    $comment = mysql_real_escape_string($_POST['comment']);

    As others have mentioned, there's better ways of checking if there was a form submission sent than just letting php figure out a boolean result from what you're expecting should be a string. Use either that which Mr Camouflage suggested, or at least (and a little easier to type)

    if(count($_POST) > 0)
     
  9. OP
    OP
    TheAvatar

    TheAvatar Member

    Joined:
    Jul 18, 2006
    Messages:
    838
    Location:
    2580
    Yep, someone did some code injection :p so yeah, working out the escape strings now :p

    Thanks for all the help, hopefully I can get this going :)
     
  10. sam_allen

    sam_allen Member

    Joined:
    Sep 7, 2003
    Messages:
    359
    Location:
    Borås, Sweden
    Whoever it was forgot, or didn't realise, that mysqli_query only runs a single query, so injecting another query won't work.

    What IS however a larger problem is putting sub-queries into your values to retrieve system versions and user passwords etc. Especially given that whatever is saved is shown immediately on screen.
     
  11. OP
    OP
    TheAvatar

    TheAvatar Member

    Joined:
    Jul 18, 2006
    Messages:
    838
    Location:
    2580
    Just tested it with the person at work that couldn't post and it looks like that solution has worked.

    Thanks heaps for that, now I can focus on the rest of the stuff I need to... Weddings are mental...
     

Share This Page

Advertisement: