php code works with Konqueror but no other browser

I'm running Mandrake 10
PHP 4x
Apache 2x
The code below resides in /home/doug/public_html
Apache is configured to allow user home drives and I can successfully
load html.

If I'm running Konqueror and launch the code below, the 'submit' button
launches the php file and returns the expected data.

If I'm running any other browser (Firefox, Mozilla, IE), pressing the
'submit'button returns the html form.

I know this may not be a php problem specifically, but the members of
this forum have a wide base of understanding and I'm hoping someone can
at least point me in the right direction.

TIA

Doug

beginning of frmSiteLoginForm.html
<html>
<body>
Enter the name of a website below.<br>
Do not include the .com bit, just the main website name<br>
This will be modified to give you a drop down list you can select from
as soon as I figure that out<br>

<br>
<form)
<form action="queryfromform.php" method = "POST">
<input type="TEXT" name="site" value="enter site name here">
<br><br>
<input type="submit" value = "Run Query">
</form>
</body>
</html>
end of frmSiteLoginForm.html
///////////////////////////////////////////////////////
beginning of queryfromform.php
<?php
//queryfromform.php
import_request_variables("P","mypost_");

// site name from form
$site = $mypost_site;
echo "The requested site is '$site' and the password is: ";

// Define variables
$server = 'localhost';
$username = 'web';
$password = 'user';
$database = 'HomeData';
//$query = "Select site, username, password from sitelogins where site =
'$site'";
$query = "Select * from sitelogins where site = '$site'";
//echo $query;

// connect to mysql
$db = mysql_connect($server, $username, $password);
//$db = mysql_connect("localhost", "web", "user");

// connect to db
mysql_select_db($database, $db);

// run query and print results
$result = mysql_query($query, $db);
if(!$result) die ("query failed");
while($row = mysql_fetch_row($result)) {
echo $row[2];
}
// close connnection
mysql_close($db);
?>
end of queryfromform.php

dogu wrote (in part):

[snip]

> beginning of frmSiteLoginForm.html
> <html>
> <body>
> Enter the name of a website below.<br>
> Do not include the .com bit, just the main website name<br>
> This will be modified to give you a drop down list you can select
from
> as soon as I figure that out<br>
>
> <br>
> <form)
> <form action="queryfromform.php" method = "POST">

[snip]

If this is your real code (cut & paste from you code), the that right
parend ")" is most likely your problem.

Ken

Ken

It was my code.
Fixing the right paren didn't change the outcome :-((
In fact, now the code doesn't work in Konqueror.

I'll keep trying.

Thanks for the pointer.

Doug

Ken Robinson wrote:
> dogu wrote (in part):
>
> [snip]
>
>
>>beginning of frmSiteLoginForm.html
>><html>
>><body>
>>Enter the name of a website below.<br>
>>Do not include the .com bit, just the main website name<br>
>>This will be modified to give you a drop down list you can select
>
> from
>
>>as soon as I figure that out<br>
>>
>><br>
>><form)
>><form action="queryfromform.php" method = "POST">
>
>
> [snip]
>
> If this is your real code (cut & paste from you code), the that right
> parend ")" is most likely your problem.
>
> Ken
>

Ken,

OK, I don't understand what's happening or why, the following code does
this:

Displays the input form on the screen plus the PHP echo "The requested
site is '$site' and the password is: " bit.

I enter a site, hit the 'Get Password' submit button, and the same form
redisplays, with the result and the form field 'site' back to null.

I'm glad it's working, now I need to figure out how to make my original
code work.

Maybe time for a break...

Talk to you later.

Doug

<html>
<body>
Enter the name of a website below.<br>
Do not include the .com bit, just the main website name<br>
This will be modified to give you a drop down list you can select from
as soon as I figure that out<br>
</body>
<br>
<form>
<form action="queryfromform.php" method="POST">
<input type="TEXT" name="site" value="">
<br><br>
<input type="submit" value = "Get Password">
</form>

<?php

// Define variables
$server = 'localhost';
$username = 'web';
$password = 'user';
$database = 'HomeData';

//$query = "Select site, username, password from sitelogins where site =
'$site'";
$query = "Select * from sitelogins where site = '$site'";

// connect to mysql
$db = mysql_connect($server, $username, $password);
//$db = mysql_connect("localhost", "web", "user");

// connect to db
mysql_select_db($database, $db);

// run query and print results
echo "The requested site is '$site' and the password is: ";

$result = mysql_query($query, $db);
if(!$result) die ("query failed");
while($row = mysql_fetch_row($result)) {
echo $row[2];
}



// close connnection
mysql_close($db);
?>
</html>
Ken Robinson wrote:
> dogu wrote (in part):
>
> [snip]
>
>
>>beginning of frmSiteLoginForm.html
>><html>
>><body>
>>Enter the name of a website below.<br>
>>Do not include the .com bit, just the main website name<br>
>>This will be modified to give you a drop down list you can select
>
> from
>
>>as soon as I figure that out<br>
>>
>><br>
>><form)
>><form action="queryfromform.php" method = "POST">
>
>
> [snip]
>
> If this is your real code (cut & paste from you code), the that right
> parend ")" is most likely your problem.
>
> Ken
>

.oO(dogu)

><form>
><form action="queryfromform.php" method="POST">

Why are there two <form> tags?

You should run the site through the W3 validator to avoid such errors.

<http://validator.w3.org/>

>//$query = "Select site, username, password from sitelogins where site =
>'$site'";
>$query = "Select * from sitelogins where site = '$site'";

This will fail on recent PHP installations with default configuration.

<http://www.php.net/manual/en/language.variables.predefined.php>
<http://www.php.net/manual/en/security.globals.php>

Additionally it's not the best idea to use user-submitted data directly
in a query without validation/escaping. Don't rely on magic quotes.

<http://www.php.net/manual/en/security.database.sql-injection.php>
<http://www.php.net/manual/en/function.mysql-real-escape-string.php>

>// run query and print results
>echo "The requested site is '$site' and the password is: ";

Passwords stored in plain text are no passwords, they are a security
risk. You should use the MySQL function PASSWORD() to encrypt them.

Micha

dogu <dfinnerathome@netscape.net> wrote:
> It was my code.
> Fixing the right paren didn't change the outcome :-((
> In fact, now the code doesn't work in Konqueror.

One of the main differences with konq. and rest is that konq takes the
action of the inner form when nesting forms and all others use the top
form. AFAIK w3c says nested forms aren't legal html 4.x.

BTW I saw somehting on Discovery yesterday where they said soja and thus
TOFU may be a cause of aggression in human behavior unless meals are
balances with lots of fish and vegies.

--

Daniel Tryba

Michael
BINGO!

Pulling the first <form> fixed the problem - many thanks.

Thanks also for the recommendation to use the validator site - this is
all new to me and I've just been banging into walls until stuff works.

The select works fine - not sure if it's because I did something right
or am just lucky! I'll figure out which and either be happy or fix the
problem.

You're dead right about the password issue. This is an 'inside the
firewall play around not for real use' site. We run a firewall and
don't allow any inbound http traffic. If/when I decide to open a hole
so I can get to the site from outside, I'll make several changes to the
system:
It will require a password to use the db.
The password data will be encrypted.
I may also further modify the passwords so they are not the real
passwords but some encoded version that serve as 'hints' to the real
passwords. I may be a noob at LAMP who can't write clean HTML, but I
know better than to be blasting plain text pws around cyberspace - and
thanks for the suggestion, always better to point these things out than
to leave them unsaid.

Again, MANY thanks for pushing me the right direction. Now onto more
fun stuff.

Doug
ps - sorry, what is oO?


Michael Fesser wrote:
> .oO(dogu)
>
>
>><form>
>><form action="queryfromform.php" method="POST">
>
>
> Why are there two <form> tags?
>
> You should run the site through the W3 validator to avoid such errors.
>
> <http://validator.w3.org/>
>
>>//$query = "Select site, username, password from sitelogins where site =
>>'$site'";
>>$query = "Select * from sitelogins where site = '$site'";
>
>
> This will fail on recent PHP installations with default configuration.
>
> <http://www.php.net/manual/en/language.variables.predefined.php>
> <http://www.php.net/manual/en/security.globals.php>
>
> Additionally it's not the best idea to use user-submitted data directly
> in a query without validation/escaping. Don't rely on magic quotes.
>
> <http://www.php.net/manual/en/security.database.sql-injection.php>
> <http://www.php.net/manual/en/function.mysql-real-escape-string.php>
>
>>// run query and print results
>>echo "The requested site is '$site' and the password is: ";
>
>
> Passwords stored in plain text are no passwords, they are a security
> risk. You should use the MySQL function PASSWORD() to encrypt them.
>
> Micha

Daniel,

And yet another light goes on... Kill the outside, redundant <form> tag
and everything works everywhere.

Many thanks.

Re Tofu - so if you give lots of soy/tofu to peri-menopausal females as
an estrogen enhancer/replacement, and they're cranky to start with, ....
OMG! WWIII is on the way...

Doug

Daniel Tryba wrote:
> dogu <dfinnerathome@netscape.net> wrote:
>
>>It was my code.
>>Fixing the right paren didn't change the outcome :-((
>>In fact, now the code doesn't work in Konqueror.
>
>
> One of the main differences with konq. and rest is that konq takes the
> action of the inner form when nesting forms and all others use the top
> form. AFAIK w3c says nested forms aren't legal html 4.x.
>
> BTW I saw somehting on Discovery yesterday where they said soja and thus
> TOFU may be a cause of aggression in human behavior unless meals are
> balances with lots of fish and vegies.
>