PHP Coding question in regards to validat user input before passing it into mysq

[retteDenTierpark]

I have a small programm where i take in a users Bitcoin address as input and than insert it into mysql database.



user inputs bitcoin address and clicks submit button

which than validates the bitcoin address and if address is valid- he can click submit button and gets redirected to a different part of my site- and if address is valid it gets added to mysql database.

If input isn't valid - display an error message

Im using php for everything

I just dont know how to put this together into a working project

you find the code to my question here

https://pastebin.com/DpPgp2Xi

i wasnt able to post mysql code here in the forum

[1714063448]

1714063448

[lulucrypto]

Hello,

I am able to provide you with the code you want.

I will not have time to do it today.

I will try to arrange to write the script tomorrow normally

[TryNinja]

What exactly is missing?

You already know how to verify if the address is valid. If it is, insert it into the table (as you already know), if it doesn't, do something like this:

Code:

if (!valid) {
   $error = "Invalid address.";
}

// and maybe in the html
<**php if ($error) { echo $error; } **>

// i changed ? to ** since cloudflare was blocking the code with the real php tag

An working example:

Code:

<**php

if (isset($_POST["address"])) {
    $address = $_POST["address"];
    if (checkAddress($address) {
        addAddressToDb($address);
    } else {
        $error = "Invalid address.";
    }
} else {
    $error = "Please input an address.";
}

**>

<!DOCTYPE html>
<head>
    <title>Add Address</title>
</head>
<body>
    <**php if (isset($error)) { echo $error; } **>
    <form method="POST">
        <input type="text" placeholder="Address" name="address" id="address" />
        <button type="submit">Submit</button>
    </form>
</body>
</html>

// again, i changed ? to ** since cloudflare was blocking the code with the real php tag

And then, the addAddressToDb($address) function simply receives the address as a parameter and add it to the database with the INSERT sql command.

Or something like this.

[retteDenTierpark]

What exactly is missing?

You already know how to verify if the address is valid. If it is, insert it into the table (as you already know), if it doesn't, do something like this:

Code:

if (!valid) {
   $error = "Invalid address.";
}

// and maybe in the html
<**php if ($error) { echo $error; } **>

// i changed ? to ** since cloudflare was blocking the code with the real php tag

An working example:

Code:

<**php

if (isset($_POST["address"])) {
    $address = $_POST["address"];
    if (checkAddress($address) {
        addAddressToDb($address);
    } else {
        $error = "Invalid address.";
    }
} else {
    $error = "Please input an address.";
}

**>

<!DOCTYPE html>
<head>
    <title>Add Address</title>
</head>
<body>
    <**php if (isset($error)) { echo $error; } **>
    <form method="POST">
        <input type="text" placeholder="Address" name="address" id="address" />
        <button type="submit">Submit</button>
    </form>
</body>
</html>

// again, i changed ? to ** since cloudflare was blocking the code with the real php tag

And then, the addAddressToDb($address) function simply receives the address as a parameter and add it to the database with the INSERT sql command.

Or something like this.

this makes no sense

How are you validating if its a valid BTC address?

[TryNinja]

this makes no sense

How are you validating if its a valid BTC address?

With your code. Your pastebin code has the function checkAddress($address) which I call before deciding to add the address to the table. If it returns true (address is valid), it calls addAddressToDb($address), adding it to the db (just create that function and put the mysqli code there, which you already have). And if it returns false (invalid), it just shows the error "Address is invalid" through the $error variable.

I just didn't copy the whole function here for obvious reasons (it has over 40 lines).

Also, please don't quote that huge reply for a 2 line answer. Either just reply normally or remove the big part of the quote, leaving only enough to point out what you are answering to.

[retteDenTierpark]

yes all the code snippets work

right now user inputs address and clicks submit and the input(address) is put into mysql


also the code for verifying if btc address is valid works

however i cant figure outhow to put this together into a working project


this is from the checkAddress function

the address variable is empty

  $address = "";
$eth = mysqli_real_escape_string($conn,$_POST['address']);

so i dont know what to use here- do i need to change this to

$address = $eth;




$eth is actually $btc  
 

[TryNinja]

~

I don't get it. I don't know what you are trying to do.

You are the one that should know how to put this into a working project. What are you trying to do? Only you know this.

I can't figure out what is the problem/your question. I already wrote a working code for you. It already checks the address the user inputs on the form, and if its valid, it calls the function to add it to the db or do whatever you want. What else you want? What's up with issue with the $address = "" meaning it's "empty"? Because it is not. That's part of the code to check if the address is valid, which you took it from here, so you probably don't know exactly what it does.

It's hard to explain exactly what you should do when you don't really know PHP to begin with.

[retteDenTierpark]

in this function the address variable is happy

and i dont understand your code

you not validating the input

or at least i cant figure out how you validate it and where

you just posted this

if (isset($_POST["address"])) {
    $address = $_POST["address"];
    if (checkAddress($address) {
        addAddressToDb($address);
    } else {
        $error = "Invalid address.";
    }
} else {
    $error = "Please input an address.";
}


where does it get validated and how does this go into my database if its valid




i posted the complete check address function but i see nowhere how you pass the input through it

[TryNinja]

in this function the address variable is happy

and i dont understand your code

you not validating the input

or at least i cant figure out how you validate it and where

you just posted this

if (isset($_POST["address"])) {
    $address = $_POST["address"];
    if (checkAddress($address) {
        addAddressToDb($address);
    } else {
        $error = "Invalid address.";
    }
} else {
    $error = "Please input an address.";
}


where does it get validated and how does this go into my database if its valid

Dude...

Code:

if (checkAddress($address) {
   .... code address valid
} else {
   ... code address not valid
}

checkAddress is the function from your pastebin code.

Code:

function checkAddress($address)
{
    $origbase58 = $address;
    $dec = "0";
 
    for ($i = 0; $i < strlen($address); $i++)
    {
        $dec = bcadd(bcmul($dec,"58",0),strpos("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz",substr($address,$i,1)),0);
    }
 
    $address = "";
 
    while (bccomp($dec,0) == 1)
    {
        $dv = bcdiv($dec,"16",0);
        $rem = (integer)bcmod($dec,"16");
        $dec = $dv;
        $address = $address.substr("0123456789ABCDEF",$rem,1);
    }
 
    $address = strrev($address);
 
    for ($i = 0; $i < strlen($origbase58) && substr($origbase58,$i,1) == "1"; $i++)
    {
        $address = "00".$address;
    }
 
    if (strlen($address)%2 != 0)
    {
        $address = "0".$address;
    }
 
    if (strlen($address) != 50)
    {
        return false;
    }
 
    if (hexdec(substr($address,0,2)) > 0)
    {
        return false;
    }
 
    return substr(strtoupper(hash("sha256",hash("sha256",pack("H*",substr($address,0,strlen($address)-8)),true))),0,8) == substr($address,strlen($address)-8);
}

When you call this function passing the address (which comes from the $address = $_POST["address"] variable, which is passed through the input on the form), it checks if its valid. If it's valid, the rest of the code runs. If it's not, runs the ELSE code. If you don't get this, you probably don't know PHP.

The code I posted above IS 100% WORKING. Everything is there. You just need to read the code and see what is doing.


Edit:

i posted the complete check address function but i see nowhere how you pass the input through it

if (isset($_POST["address"])) {
    $address = $_POST["address"];
    if (checkAddress($address) {
        addAddressToDb($address);
    } else {
        $error = "Invalid address.";
    }
} else {
    $error = "Please input an address.";
}

[retteDenTierpark]

i understand that

I just dont understand where you write all this

i dont know where i need to put the check address function

since i have 2 files

1 is the container.php file with this in it

<form class="" action="submit.php" method="post">
    <input type="text"  name="address" placeholder="your Bitcoin address">
    <button type="submit" name="submit" class="btn btn-info">Submit</button>
  </form>

and once clicking submit  it uses the info from the submit.php

which is this file

include_once 'db.php';

$eth = mysqli_real_escape_string($conn,$_POST['address']);


$sql = "INSERT INTO address(address) VALUES('$eth');";
mysqli_query($conn, $sql);



now where do i put the checkAddress function so that i can check if address is valid?

[TryNinja]

now where do i put the checkAddress function so that i can check if address is valid?

The container.php send the address to the submit.php page through a POST request, so obviously in the submit.php file; that's where you receive the address through $_POST["address"] and do all the logical back-end part of the code (verify address and insert into db).

I suggest that you see/read some PHP tutorial to understand what is happening there. That's the most basic stuff, and it's hard to make other people clear that part to you (and write the code) since they don't even know how your project is structured and what you are trying to do (e.g: you never told me your form was in a .php file, and the logical part, which receives the data, was in another one. So how would I guess?).

[retteDenTierpark]

it says at least 5 times that i use php and mysql and also the $ sign says that i use php

anyways

where in the submit.php file do i need to write all of that?

my submit.php
is this

include_once 'db.php';

$eth = mysqli_real_escape_string($conn,$_POST['address']);


$sql = "INSERT INTO address(address) VALUES('$eth');";
mysqli_query($conn, $sql);


so where goes the checkAddress function?

and why should i echo out anything in the submit.php file

i need to echo that out on the container.php file since this has all the html

isnt there a better way to do this cause if i put it in the submit.php i need to go back and forth and if valid is invalid i need to let them know on the cointainer.php file


Why is this so compliated to validate a simple address?
thats all i need


user inputs bitcoin address- i check if its valid - if it is valid user gets redirected to a success message and address goes into a databse

if invalid user gets a message that input is invalid

this is supposed to be simple

[retteDenTierpark]

and what is this?

addAddressToDb($address);



and when i paste your code this thing breaks

[retteDenTierpark]

Hello,

I am able to provide you with the code you want.

I will not have time to do it today.

I will try to arrange to write the script tomorrow normally

yes that would be great cause i dont understand his stupid code he posts
and than he stops replying in the middle of the conversation

[TryNinja]

yes that would be great cause i dont understand his stupid code he posts
and than he stops replying in the middle of the conversation

That's because I'm having to teach you basic PHP and my patient is over. No one here owns you anything. I spent basically 1 hour helping you:

1. For free;
2. Just because I tried to be a nice guy.

And yet, - even that you don't know basic PHP, can't read and interpret 2 lines of text and have someone literally coding everything for you for free - you still think it's ok to call this person and his code stupid. Good bye. And next time, try to show some respect to people that are wasting their time to help you.

and what is this?

addAddressToDb($address);

Try reading my posts instead of wanting me to craft a working project to you.

// peace, i'm out

[bitconnect-returns]

i appreciate your help

but how does this help me if i still cant use your code?

And than you are getting butthurt

just you think you help someone by posting jibbersish that noone understands doesnt help anyone

[TryNinja]

i appreciate your help

but how does this help me if i still cant use your code?

And than you are getting butthurt

just you think you help someone by posting jibbersish that noone understands doesnt help anyone

Wrong account.

I’m not coding any “Bitconnect 2.0” for you. Now I’m happy you didn’t get any of my basic PHP code.

Go away, scammer.

edit:

fuck you you piece of shit- bitconnect.io is the realest crypto out there

now go and work on real scam projects you fucking loser- fuck you

Sieg heil

That escalated quickly.

[bitconnect-returns]

i appreciate your help

but how does this help me if i still cant use your code?

And than you are getting butthurt

just you think you help someone by posting jibbersish that noone understands doesnt help anyone

Wrong account.

I’m not coding any “Bitconnect 2.0” for you. Now I’m happy you didn’t get any of my basic PHP code.

Go away, scammer.

fuck you you piece of shit- bitconnect.io is the realest crypto out there

now go and work on real scam projects you fucking loser- fuck you

Sieg heil

[mgoz]

Don't expect everything handed to you. What you are asking is very basic PHP and already provided a solution that would allow nice SQL injection. You do not need a separate submit.php file to POST to. You can just POST to self and do all the processing in the same file. For the code you have in pastebin, you are making database calls before you even use your checkAddress function. You are also redirecting to transfer.php regardless of any specific condition. I advise going to php.net and reading up on the documentation.

Say you put all of your code and form in the same file called phpnoob.php and have form submit to self. In pseudo code, all you want is this:

Code:

//Check if form submitted
if($_SERVER['REQUEST_METHOD'] == 'POST'){

     //Check if address valid and insert into db if so
     if(checkAddress($_POST['address'])){
          INSERT INTO DATABASE HERE AND REDIRECT OR DO WHATEVER ON SUCCESSFUL INSERT
     }
     //Display error for invalid address
     else{
          echo "Invalid address";
     }
}

//Display form if form not submitted
else{
     FORM HTML CODE HERE
}

Based on your responses, I'm guessing you just copy/pasted the checkAddress function from somewhere and don't understand PHP.

[lulucrypto]

Based on all posted messages, here is an example of a ready-to-use file ( For example, create a file with name "save_address.php" and post this code is there ) :
- https://pastebin.com/zR42RyEk

But a tip, if you do not know PHP, entrust the work to someone who master the field, because it's a blow to integrate security vulnerabilities in your code ( And potential errors ).