0

I am adapting a script from here, to use as verification when form is posted.

This is the code being sent form the form page:

<?php
$secret1 = '00001';
?>

And the code from the action page:

if(!empty(htmlentities($_POST['secret1'])) {
    if(htmlentities($_POST['secret1']) == '00001') {
        echo 'PASS';
    }
}else { echo 'ERROR'; }

However, when I submit the form, I get "Can't use function return value in write context" error.

Am just starting to learn php so can't really identify the problem. Can you please help?

Thanks.

Community
  • 1
  • 1
Nikk
  • 7,384
  • 8
  • 44
  • 90

1 Answers1

0

You are trying to pass a function return (htmlentities) to empty. Change your first line to:

if(!empty($_POST['secret1'])) {
Joe Hinton
  • 82
  • 5
  • @MonkeyZeus What do you mean? – Joe Hinton Jan 22 '15 at 17:14
  • @Joey, Didn't really solve my problem. Get another error. I am trying to verify the sender of the form by using a code. – Nikk Jan 22 '15 at 17:15
  • @JoeyHinton I think _@MonkeyZeus_ is referring to your parenthesis. Count your parenthesis. Open ***2***, close ***1***... – War10ck Jan 22 '15 at 17:18
  • @JoeyHinton Doesn't work. I am supposed to get echo PASS, I get else – Nikk Jan 22 '15 at 17:22
  • 1
    Regardless of any other errors, this IS the cause of the error in your question. – JW. Jan 22 '15 at 17:22
  • @Boris This fix solved your error. The problems you're having with the post variable are a separate issue. Just because you post a page, all the variables will not post. They have to be inside a form element. `` in place of setting a variable on the form page would probably solve this issue. But I can't know for sure without seeing that page. – Joe Hinton Jan 22 '15 at 17:31
  • @JoeyHinton No, I am trying to send it to the next page via PHP. Using POST and REQUEST maybe? – Nikk Jan 22 '15 at 17:33
  • @Boris Once again you are now stuck on a post issue. You should mark this as the correct answer for the question you posted and post a new question with the code on the page you are trying to post. You have moved past the error you posted here and arrived at a new problem where your data isn't posting. – Joe Hinton Jan 22 '15 at 17:38
  • 1
    @Boris: If you don't have a `` inside a `
    ` on your page, then you will never have a value in the `$_POST` array.
     – Cᴏʀʏ Jan 22 '15 at 17:49
  • @Cory Is it possible to use SESSIONS instead? What I am trying to achieve is have the form page have a unique code, that the second page will recognize and grant access. If not it will show else. Point is, it's not supposed to be publicly visible. – Nikk Jan 22 '15 at 17:52
  • @Boris: I would research CSRF prevention methods. Perhaps start here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet. You will find that cookies, session, POST, etc. are not safe for the simple methodology you have used here. You need something smarter. – Cᴏʀʏ Jan 22 '15 at 18:09