NO book i read did sticky form correctly
This is a discussion on NO book i read did sticky form correctly within the PHP Language forums, part of the PHP Programming Forums category; the sticky form is that if validation didn't pass, re-display the form with the value in the text ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-13-2007
|
|||
|
|||
NO book i read did sticky form correctly
the sticky form is that if validation didn't pass, re-display the form
with the value in the text input again (and for other input field as well...) no book I read did it correctly so far. (just for the text input) to reduce the problem, how about write a PHP program that will submit to itself, so that typing in foo "bar" foo and click "Submit" and the form will re-display the form with foo "bar" foo already typed in, kind of like what Google will behave. Of the few books I read, none of them has a correct solution. If you know which book has a correct solution to this, please point me to it. 
|
|
10-13-2007
|
|||
|
|||
|
Re: NO book i read did sticky form correctly
On Oct 13, 5:18 am, Summercool <Summercooln...@gmail.com> wrote:
> > typing in > > foo "bar" foo > > and click "Submit" and the form will re-display the form with > > foo "bar" foo and that foo 'bar' foo should work too.
|
|
10-13-2007
|
|||
|
|||
|
Re: NO book i read did sticky form correctly
..oO(Summercool)
>the sticky form is that if validation didn't pass, re-display the form >with the value in the text input again (and for other input field as >well...) > >no book I read did it correctly so far. (just for the text input) > >to reduce the problem, how about write a PHP program that will submit >to itself, so that > >typing in > > foo "bar" foo > >and click "Submit" and the form will re-display the form with > > foo "bar" foo > >already typed in, kind of like what Google will behave. > >Of the few books I read, none of them has a correct solution. What makes you think that they're not correct? What have you tried so far? What problems do you have? Actually this is a pretty simple task, in fact the PHP code for a single input field could be reduced to a single line if necessary. So I'm quite curious how it's done in your books. Micha
|
|
10-13-2007
|
|||
|
|||
|
Re: NO book i read did sticky form correctly
On Oct 13, 5:29 am, Michael Fesser <neti...@gmx.de> wrote:
> Actually this is a pretty simple task, in fact the PHP code for a single > input field could be reduced to a single line if necessary. So I'm quite > curious how it's done in your books. <form action="self.php" method="get"> <input name="val" type="text" value="<?= $_GET["val"] ?>"> <input type="submit" value="Post it"> </form> </div> usually they do something like this... GET and POST are just the same... none of them work for foo "bar" foo and foo 'bar' foo
|
|
10-13-2007
|
|||
|
|||
|
Re: NO book i read did sticky form correctly
..oO(Summercool)
>On Oct 13, 5:29 am, Michael Fesser <neti...@gmx.de> wrote: > >> Actually this is a pretty simple task, in fact the PHP code for a single >> input field could be reduced to a single line if necessary. So I'm quite >> curious how it's done in your books. > ><form action="self.php" method="get"> ><input name="val" type="text" value="<?= $_GET["val"] ?>"> ><input type="submit" value="Post it"> ></form> ></div> > >usually they do something like this... OK. Even if the PHP code there is quite small, it contains 3(!) errors, one of which is critical: 1) It relies on short open tags, which is a bad idea in general, because it's an optional feature. Fix: Use <?php echo ... ?> to print something out. This will work on all servers and configurations. 2) It doesn't check if there's a submitted value at all. The first call of that page would throw a notice. Fix: Check with isset($_GET['val']) if there is something at all before using it. Such checks should be done for _all_ submitted variables. 3) The worst is the missing escaping of special HTML chars, which not only breaks the form if such chars were entered (which is the problem you encountered), it also allows for cross site scripting attacks. Fix: Use htmlspecialchars() to escape any special chars in $_GET['val'] before printing it out. See the manual for details about the possible parameters. Micha
|
|
10-13-2007
|
|||
|
|||
|
Re: NO book i read did sticky form correctly
Summercool wrote:
> On Oct 13, 5:29 am, Michael Fesser <neti...@gmx.de> wrote: > >> Actually this is a pretty simple task, in fact the PHP code for a single >> input field could be reduced to a single line if necessary. So I'm quite >> curious how it's done in your books. > > <form action="self.php" method="get"> > <input name="val" type="text" value="<?= $_GET["val"] ?>"> > <input type="submit" value="Post it"> > </form> > </div> > > usually they do something like this... > > GET and POST are just the same... > > none of them work for foo "bar" foo > and foo 'bar' foo > > > > Other than the fact they're using short tags, it should work fine. They're assuming short tags are on, and your server probably has them off. It doesn't mean they are wrong - just that the configuration on your server doesn't match what the book assumes. Change <input name="val" type="text" value="<?= $_GET["val"] ?>"> to: <input name="val" type="text" value="<?php echo $_GET["val"] ?>"> -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================
|
|
10-13-2007
|
|||
|
|||
|
Re: NO book i read did sticky form correctly
On Oct 13, 6:20 am, Michael Fesser <neti...@gmx.de> wrote:
> > Fix: Use htmlspecialchars() to escape any special chars in $_GET['val'] > before printing it out. See the manual for details about the possible > parameters. so you think using that will make it work? i don't know why but i tried that and it didn't work in Firefox and IE. the foo "bar" foo will come back as foo \"bar\" foo and click once more will get more "\".
|
|
10-13-2007
|
|||
|
|||
|
Re: NO book i read did sticky form correctly
On Oct 13, 6:20 am, Michael Fesser <neti...@gmx.de> wrote:
> 2) It doesn't check if there's a submitted value at all. The first call > of that page would throw a notice. > > Fix: Check with isset($_GET['val']) if there is something at all before > using it. Such checks should be done for _all_ submitted variables. it would? i thought it would just evaluate to nothing and prints out nothing.
|
|
10-13-2007
|
|||
|
|||
|
Re: NO book i read did sticky form correctly
On Oct 13, 6:25 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> Change > > <input name="val" type="text" value="<?= $_GET["val"] ?>"> > > to: > > <input name="val" type="text" value="<?php echo $_GET["val"] ?>"> one essential thing is to make foo "bar" foo and foo 'bar' foo both work
|
|
10-13-2007
|
|||
|
|||
|
Re: NO book i read did sticky form correctly
Summercool wrote:
> On Oct 13, 6:25 am, Jerry Stuckle <jstuck...@attglobal.net> wrote: >> Change >> >> <input name="val" type="text" value="<?= $_GET["val"] ?>"> >> >> to: >> >> <input name="val" type="text" value="<?php echo $_GET["val"] ?>"> > > one essential thing is to make foo "bar" foo > and foo 'bar' foo both work > > > It will work. Michael's comments are also valid, but aren't stopping your code from working. It sounds like you're running with magic_quotes enabled. It's a setting I wish they would have never had, and I recommend you turn it off. If you can't turn it off, check the stripslashes() call. -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================
|
Linear Mode
