SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,921
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Using Hidden Fields

    I have a Form which has two "pseudo" Form Fields. By that, I mean I am displaying data for informational purposes only.

    The problem is that when the Form is submitted and there are errors and I need to redisplay the "pseudo" Form Fields, I am getting "Undefined Index" errors because my two field values were stored in variables which do not carry over to the re-loaded Form.

    Can I do something like this...

    PHP Code:
        <!-- First Name -->
        <li>
            <p class="fauxLabel">First Name:</p>
            <p class="fauxInput"><?php echo str2htmlentities($firstName); ?></p>
            <input id="firstName" name="firstName" type="hidden" value="<?php echo isset($firstName) ? $firstName '' ?>" />
        </li>
    That way, when the Form is submitted, my informational values get copied into the $_POST array, and so I can easily re-display them if there are any Form errors.

    BTW, I never write "Article Title" or "First Name" to the database. Again, they are just for informational purposes.

    Security is my biggest concern...

    What do you think?

    Thanks,


    Debbie

  2. #2
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,506
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    Since the values are only used to be re-displayed again, I don't see any security issues.
    The question is if you need to use hidden fields. Where do you get those values from the first time you display the form?

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,921
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by guido2004 View Post
    Since the values are only used to be re-displayed again, I don't see any security issues.
    The question is if you need to use hidden fields. Where do you get those values from the first time you display the form?
    Well, this is just an issue of code structure that I really don't want to change.

    I normally use this style of coding...

    PHP Code:
    <?php
        
    // Initialization stuff here...


        // *********************************************************
        // HANDLE                                              *
        // *********************************************************
        
    if ($_SERVER['REQUEST_METHOD']=='POST'){
            
    // Form was Submitted (Post).

            // Initialize Errors Array.
            
    $errors = array();

            
    // Trim all form data.
            
    $trimmed array_map('trim'$_POST);


            
    // *********************
            // Validate Form Data.    *
            // *********************

            // Validate Form Here...


        
    }else{
            
    // Form was not Submitted (Get).

            // ****************
            // Populate Form.    *
            // ****************

            // Build query.


            
    }//End of POPULATE FORM

        
    }//End of HANDLE FORM

    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">

    Normally, this works just fine, because when the Form is submitted, if there are any Form Issues, I can grab everything out of $_POST.

    The problem here - which I haven't encountered before - is that I need to access information on the Form that wasn't stored in the $_POST array because it wasn't technically Form data.

    Now I could have made "Article Title" and "First Name" Form Fields, but then they would be editable and I'd have to validate them.

    I could have also used the $_SESSION, but as I am finding out, that can cause lots of issues for psycho Tabbed-Browsing Users?!

    I also could have put my "Populate Form" query above the "Handle Form" block, but like I said, I like to follow the template I have above...

    In the end, I made these changes which *appear* to be working and safe, but I wasn't sure so I posted here?!

    PHP Code:
        // *********************************************************
        // HANDLE FORM.                                         *
        // *********************************************************
        
    if ($_SERVER['REQUEST_METHOD']=='POST'){
            
    // Form was Submitted (Post).

            // Initialize Errors Array.
            
    $errors = array();

            
    // Trim all form data.
            
    $trimmed array_map('trim'$_POST);


            
    // *********************
            // Validate Form Data.    *
            // *********************
            
    $articleTitle $trimmed['articleTitle'];
            
    $firstName $trimmed['firstName'];
            
    $comments $trimmed['comments']; 

    HTML Code:
    	<!-- Article Title -->
    	<li>
    		<p class="fauxLabel">Article Title:</p>
    		<p class="fauxInput"><?php echo '"' . str2htmlentities($articleTitle) . '"'; ?></p>
    		<input name="articleTitle" type="hidden" value="<?php echo (isset($articleTitle) ? $articleTitle : ''); ?>" />
    	</li>
    
    	<!-- First Name -->
    	<li>
    		<p class="fauxLabel">First Name:</p>
    		<p class="fauxInput"><?php echo str2htmlentities($firstName); ?></p>
    		<input name="firstName" type="hidden" value="<?php echo (isset($firstName) ? $firstName : ''); ?>" />
    	</li>
    
    	<!-- Comment -->
    	<li>
    		<label for="comments">Comments:</label>
    		<textarea id="comments" name="comments" cols="50" rows="15"><?php echo (isset($comments) ? $comments : ''); ?></textarea>
    		<?php
    			if (!empty($errors['comments'])){
    				echo '<br /><span class="error">' . $errors['comments'] . '</span>';
    			}
    		?>
    	</li>
    What do you think about all of that?!

    Thanks,


    Debbie
    Last edited by DoubleDee; Jul 7, 2012 at 13:14. Reason: Type-O


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •