SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Feb 2003
    Location
    boston
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    What are the best practices for form handling

    I'm looking to nail down some best practices for handling data sent between my PHP application which stores data in MySQL and html forms in a browser.

    In general I've found that forms that add new rows to the database don't seem to have problems but forms that display previously added data and allow the user to edit get into trouble. They have issues with some characters like these: <>-. Having html in the database can really cause issues in the display form.

    Some where along the line you need to use functions like:
    urlencode
    urldecode
    htmlentities
    html_entities_decode
    htmlspecialchars
    etc.

    Has anyone seen a good article that goes over the best practices for this? When to use different encoding and how to handle different form fields affectively

    I've been using htmlentities when I pull data from the database and display it on a web page or in a form field. The real question I have is if html_entities_decode is really needed when the form is submitted back with updates.

    Any help would be appreciated.
    Thanks

  2. #2
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    texas
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    when the user submits data back, you shouldn't need to use html_entities_decode...

    if you actually see a < or > in the form input, then a < and > are actually submitted back to you, not &lt; and &gt;.

    as for best practice, i've been successful with storing the non encoded data in the database, and saving steps like htmlentities for the very last step. i like to keep the data as 'pure' as possible in the database. things like htmlentities are only useful for the gui and should be saved for the gui to deal with, imo.

    hope this helps a little , sorry i don't have an article reference
    free online calendar: http://inversiondesigns.com
    includes multiple calendars/users/groups, task manager,
    email and sms reminders, permissions (sharing), etc.

  3. #3
    SitePoint Member
    Join Date
    Feb 2003
    Location
    boston
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your input.

    I definately want to store the user input in it's originally entered form, including html.

    I do want to make sure that any pages that display data on the screen or in a form for editing work properly. I've experienced a few problems with hyphens - being replaced with quesiton marks ? I'd like to find a solid procedure for handling this to avoid future issues.

  4. #4
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    texas
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've experienced a few problems with hyphens - being replaced with quesiton marks ?
    are you (they?) using a foreign keyboard?
    and can you repeat this error?
    free online calendar: http://inversiondesigns.com
    includes multiple calendars/users/groups, task manager,
    email and sms reminders, permissions (sharing), etc.

  5. #5
    SitePoint Member
    Join Date
    Feb 2003
    Location
    boston
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    They are not. The users are on a Windows XP system using IE 6. All american English. I have the same setup. In some cases I've been able to reproduce the issue, in others it's been difficult. That's why I was hoping to find a good article or tutorial that details best practices. I may have to write one myself after I nail down the solution. LOL


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •