PHP Coding question in regards to validat user input before passing it into mysq

Initscri

hero member

Activity: 1582

Merit: 759

Quote from: retteDenTierpark on December 14, 2019, 03:56:52 PM

Quote from: lulucrypto on December 12, 2019, 02:04:44 PM

Based on all posted messages, here is an example of a ready-to-use file ( For example, create a file with name "save_address.php" and post this code is there ) :
- https://pastebin.com/zR42RyEk

But a tip, if you do not know PHP, entrust the work to someone who master the field, because it's a blow to integrate security vulnerabilities in your code ( And potential errors ).

dude its not working and why would i echo out the input form if the input isnt valid

i need the input formhow else can suers input the address

i appreciate your help but honestly what should i do with this half ass script?

if you know how to do it post everthing and not just some random shit that isnt doing anything

everybody that posts a question gets an answer
everytime i ask a question i get bullshit answer that i cant use for shit

I'll make this simple, either go learn PHP yourself (or come back with a better attitude) OR go hire someone to do it for you.

As of this point, no one should be giving code with the way you have treated the community. TryNinja put a valid effort in to helping you. Your inability to understand the code he provided doesn't make his code bad, it just means you have absolutely zero clue what you are doing, and are expecting everyone to hand code to you while being rude to them at the same time.

mgoz

full member

Activity: 265

Merit: 232

Goto php.net and read. What he posted would work just fine provided you have db.php and your database table is named address and has a single field called address.

The form is displayed if it hasn't been submitted. It displays confirmation or error based on if address valid or not. Even with the include commented out, I see the form, can submit a non-valid address, and receive an error, with form now hidden, since it was posted.

If you're expecting someone to do all of your work for you and just copying and pasting code from various sources, your db.php include is probably broken too. I would recommend not directly inserting form variables into the database unless you like SQL injection. You should probably also modify what he provided to check whether the data was successfully inserted or not and display error/confirmation based on that. Right now it displays nothing (blank page) when submitting a valid address if the insert fails. That's probably where your confusion lies because you are not reading or understanding the code presented to you, however, it is a perfectly fine working example.

People aren't going to want to help you if you make no attempt to learn and are rude.

retteDenTierpark

newbie

Activity: 22

Merit: 0

Quote from: lulucrypto on December 12, 2019, 02:04:44 PM

Based on all posted messages, here is an example of a ready-to-use file ( For example, create a file with name "save_address.php" and post this code is there ) :
- https://pastebin.com/zR42RyEk

But a tip, if you do not know PHP, entrust the work to someone who master the field, because it's a blow to integrate security vulnerabilities in your code ( And potential errors ).

dude its not working and why would i echo out the input form if the input isnt valid

i need the input formhow else can suers input the address

i appreciate your help but honestly what should i do with this half ass script?

if you know how to do it post everthing and not just some random shit that isnt doing anything

everybody that posts a question gets an answer
everytime i ask a question i get bullshit answer that i cant use for shit

lulucrypto

sr. member

Activity: 709

Merit: 336

You need someone to develop your Web project ?

Based on all posted messages, here is an example of a ready-to-use file ( For example, create a file with name "save_address.php" and post this code is there ) :
- https://pastebin.com/zR42RyEk

But a tip, if you do not know PHP, entrust the work to someone who master the field, because it's a blow to integrate security vulnerabilities in your code ( And potential errors ).

mgoz

full member

Activity: 265

Merit: 232

Don't expect everything handed to you. What you are asking is very basic PHP and already provided a solution that would allow nice SQL injection. You do not need a separate submit.php file to POST to. You can just POST to self and do all the processing in the same file. For the code you have in pastebin, you are making database calls before you even use your checkAddress function. You are also redirecting to transfer.php regardless of any specific condition. I advise going to php.net and reading up on the documentation.

Say you put all of your code and form in the same file called phpnoob.php and have form submit to self. In pseudo code, all you want is this:

Code:


//Check if form submitted
if($_SERVER['REQUEST_METHOD'] == 'POST'){

     //Check if address valid and insert into db if so
     if(checkAddress($_POST['address'])){
          INSERT INTO DATABASE HERE AND REDIRECT OR DO WHATEVER ON SUCCESSFUL INSERT
     }
     //Display error for invalid address
     else{
          echo "Invalid address";
     }
}

//Display form if form not submitted
else{
     FORM HTML CODE HERE
}

Based on your responses, I'm guessing you just copy/pasted the checkAddress function from somewhere and don't understand PHP.

bitconnect-returns

newbie

Activity: 2

Merit: 0

Quote from: TryNinja on December 11, 2019, 06:57:11 AM

Quote from: bitconnect-returns on December 11, 2019, 05:31:08 AM

i appreciate your help

but how does this help me if i still cant use your code?

And than you are getting butthurt

just you think you help someone by posting jibbersish that noone understands doesnt help anyone

Wrong account.

I’m not coding any “Bitconnect 2.0” for you. Now I’m happy you didn’t get any of my basic PHP code.

Go away, scammer.

fuck you you piece of shit- bitconnect.io is the realest crypto out there

now go and work on real scam projects you fucking loser- fuck you

Sieg heil

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: bitconnect-returns on December 11, 2019, 05:31:08 AM

i appreciate your help

but how does this help me if i still cant use your code?

And than you are getting butthurt

just you think you help someone by posting jibbersish that noone understands doesnt help anyone

Wrong account.

I’m not coding any “Bitconnect 2.0” for you. Now I’m happy you didn’t get any of my basic PHP code.

Go away, scammer.

edit:

Quote from: bitconnect-returns on December 11, 2019, 01:58:31 PM

fuck you you piece of shit- bitconnect.io is the realest crypto out there

now go and work on real scam projects you fucking loser- fuck you

Sieg heil

That escalated quickly. Cheesy

bitconnect-returns

newbie

Activity: 2

Merit: 0

i appreciate your help

but how does this help me if i still cant use your code?

And than you are getting butthurt

just you think you help someone by posting jibbersish that noone understands doesnt help anyone

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: retteDenTierpark on December 10, 2019, 08:00:08 PM

yes that would be great cause i dont understand his stupid code he posts
and than he stops replying in the middle of the conversation

That's because I'm having to teach you basic PHP and my patient is over. No one here owns you anything. I spent basically 1 hour helping you:

1. For free;
2. Just because I tried to be a nice guy.

And yet, - even that you don't know basic PHP, can't read and interpret 2 lines of text and have someone literally coding everything for you for free - you still think it's ok to call this person and his code stupid. Good bye. And next time, try to show some respect to people that are wasting their time to help you.

Quote from: retteDenTierpark on December 10, 2019, 07:53:50 PM

and what is this?

addAddressToDb($address);

Try reading my posts instead of wanting me to craft a working project to you.

// peace, i'm out

retteDenTierpark

newbie

Activity: 22

Merit: 0

Quote from: lulucrypto on December 10, 2019, 06:29:14 PM

Hello,

I am able to provide you with the code you want.

I will not have time to do it today.

I will try to arrange to write the script tomorrow normally Wink

yes that would be great cause i dont understand his stupid code he posts
and than he stops replying in the middle of the conversation

retteDenTierpark

newbie

Activity: 22

Merit: 0

and what is this?

addAddressToDb($address);

and when i paste your code this thing breaks

retteDenTierpark

newbie

Activity: 22

Merit: 0

it says at least 5 times that i use php and mysql and also the $ sign says that i use php

anyways

where in the submit.php file do i need to write all of that?

my submit.php
is this

include_once 'db.php';

$eth = mysqli_real_escape_string($conn,$_POST['address']);

$sql = "INSERT INTO address(address) VALUES('$eth');";
mysqli_query($conn, $sql);

so where goes the checkAddress function?

and why should i echo out anything in the submit.php file

i need to echo that out on the container.php file since this has all the html

isnt there a better way to do this cause if i put it in the submit.php i need to go back and forth and if valid is invalid i need to let them know on the cointainer.php file

Why is this so compliated to validate a simple address?
thats all i need

user inputs bitcoin address- i check if its valid - if it is valid user gets redirected to a success message and address goes into a databse

if invalid user gets a message that input is invalid

this is supposed to be simple

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: retteDenTierpark on December 10, 2019, 07:20:39 PM

now where do i put the checkAddress function so that i can check if address is valid?

The container.php send the address to the submit.php page through a POST request, so obviously in the submit.php file; that's where you receive the address through $_POST["address"] and do all the logical back-end part of the code (verify address and insert into db).

I suggest that you see/read some PHP tutorial to understand what is happening there. That's the most basic stuff, and it's hard to make other people clear that part to you (and write the code) since they don't even know how your project is structured and what you are trying to do (e.g: you never told me your form was in a .php file, and the logical part, which receives the data, was in another one. So how would I guess?).

retteDenTierpark

newbie

Activity: 22

Merit: 0

i understand that

I just dont understand where you write all this

i dont know where i need to put the check address function

since i have 2 files

1 is the container.php file with this in it

and once clicking submit it uses the info from the submit.php

which is this file

include_once 'db.php';

$eth = mysqli_real_escape_string($conn,$_POST['address']);

$sql = "INSERT INTO address(address) VALUES('$eth');";
mysqli_query($conn, $sql);

now where do i put the checkAddress function so that i can check if address is valid?

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: retteDenTierpark on December 10, 2019, 07:08:31 PM

in this function the address variable is happy

and i dont understand your code

you not validating the input

or at least i cant figure out how you validate it and where

you just posted this

if (isset($_POST["address"])) {
   $address = $_POST["address"];
   if (checkAddress($address) {
   addAddressToDb($address);
   } else {
   $error = "Invalid address.";
   }
} else {
   $error = "Please input an address.";
}

where does it get validated and how does this go into my database if its valid

Dude...

Code:

if (checkAddress($address) {
   .... code address valid
} else {
   ... code address not valid
}

checkAddress is the function from your pastebin code.

Code:

function checkAddress($address)
{
    $origbase58 = $address;
    $dec = "0";
 
    for ($i = 0; $i < strlen($address); $i++)
    {
        $dec = bcadd(bcmul($dec,"58",0),strpos("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz",substr($address,$i,1)),0);
    }
 
    $address = "";
 
    while (bccomp($dec,0) == 1)
    {
        $dv = bcdiv($dec,"16",0);
        $rem = (integer)bcmod($dec,"16");
        $dec = $dv;
        $address = $address.substr("0123456789ABCDEF",$rem,1);
    }
 
    $address = strrev($address);
 
    for ($i = 0; $i < strlen($origbase58) && substr($origbase58,$i,1) == "1"; $i++)
    {
        $address = "00".$address;
    }
 
    if (strlen($address)%2 != 0)
    {
        $address = "0".$address;
    }
 
    if (strlen($address) != 50)
    {
        return false;
    }
 
    if (hexdec(substr($address,0,2)) > 0)
    {
        return false;
    }
 
    return substr(strtoupper(hash("sha256",hash("sha256",pack("H*",substr($address,0,strlen($address)-8)),true))),0,8) == substr($address,strlen($address)-8);
}

When you call this function passing the address (which comes from the $address = $_POST["address"] variable, which is passed through the input on the form), it checks if its valid. If it's valid, the rest of the code runs. If it's not, runs the ELSE code. If you don't get this, you probably don't know PHP.

The code I posted above IS 100% WORKING. Everything is there. You just need to read the code and see what is doing.

Edit:

Quote from: retteDenTierpark on December 10, 2019, 07:08:31 PM

i posted the complete check address function but i see nowhere how you pass the input through it

if (isset($_POST["address"])) {
   $address = $_POST["address"];
   if (checkAddress($address) {
   addAddressToDb($address);
   } else {
   $error = "Invalid address.";
   }
} else {
   $error = "Please input an address.";
}

retteDenTierpark

newbie

Activity: 22

Merit: 0

in this function the address variable is happy

and i dont understand your code

you not validating the input

or at least i cant figure out how you validate it and where

you just posted this

if (isset($_POST["address"])) {
   $address = $_POST["address"];
   if (checkAddress($address) {
   addAddressToDb($address);
   } else {
   $error = "Invalid address.";
   }
} else {
   $error = "Please input an address.";
}

where does it get validated and how does this go into my database if its valid

i posted the complete check address function but i see nowhere how you pass the input through it

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: retteDenTierpark on December 10, 2019, 06:53:36 PM

~

I don't get it. I don't know what you are trying to do.

You are the one that should know how to put this into a working project. What are you trying to do? Only you know this.

I can't figure out what is the problem/your question. I already wrote a working code for you. It already checks the address the user inputs on the form, and if its valid, it calls the function to add it to the db or do whatever you want. What else you want? What's up with issue with the $address = "" meaning it's "empty"? Because it is not. That's part of the code to check if the address is valid, which you took it from here, so you probably don't know exactly what it does.

It's hard to explain exactly what you should do when you don't really know PHP to begin with.

retteDenTierpark

newbie

Activity: 22

Merit: 0

yes all the code snippets work

right now user inputs address and clicks submit and the input(address) is put into mysql

also the code for verifying if btc address is valid works

however i cant figure outhow to put this together into a working project

this is from the checkAddress function

the address variable is empty

$address = "";
$eth = mysqli_real_escape_string($conn,$_POST['address']);

so i dont know what to use here- do i need to change this to

$address = $eth;

$eth is actually $btc

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: retteDenTierpark on December 10, 2019, 06:40:14 PM

this makes no sense

How are you validating if its a valid BTC address?

With your code. Your pastebin code has the function checkAddress($address) which I call before deciding to add the address to the table. If it returns true (address is valid), it calls addAddressToDb($address), adding it to the db (just create that function and put the mysqli code there, which you already have). And if it returns false (invalid), it just shows the error "Address is invalid" through the $error variable.

I just didn't copy the whole function here for obvious reasons (it has over 40 lines).

Also, please don't quote that huge reply for a 2 line answer. Either just reply normally or remove the big part of the quote, leaving only enough to point out what you are answering to.

retteDenTierpark

newbie

Activity: 22

Merit: 0

Quote from: TryNinja on December 10, 2019, 06:29:27 PM

What exactly is missing?

You already know how to verify if the address is valid. If it is, insert it into the table (as you already know), if it doesn't, do something like this:

Code:

if (!valid) {
   $error = "Invalid address.";
}

// and maybe in the html
<**php if ($error) { echo $error; } **>

// i changed ? to ** since cloudflare was blocking the code with the real php tag

An working example:

Code:

<**php

if (isset($_POST["address"])) {
    $address = $_POST["address"];
    if (checkAddress($address) {
        addAddressToDb($address);
    } else {
        $error = "Invalid address.";
    }
} else {
    $error = "Please input an address.";
}

**>



    Add Address


    <**php if (isset($error)) { echo $error; } **>
    
        
        
    




// again, i changed ? to ** since cloudflare was blocking the code with the real php tag

And then, the addAddressToDb($address) function simply receives the address as a parameter and add it to the database with the INSERT sql command.

Or something like this.

this makes no sense

How are you validating if its a valid BTC address?

Topic: PHP Coding question in regards to validat user input before passing it into mysq (Read 351 times)