Using Hidden Fields

DoubleDee · July 7, 2012, 7:13pm

I have a Form which has two “pseudo” Form Fields. By that, I mean I am displaying data for informational purposes only.

The problem is that when the Form is submitted and there are errors and I need to redisplay the “pseudo” Form Fields, I am getting “Undefined Index” errors because my two field values were stored in variables which do not carry over to the re-loaded Form.

Can I do something like this…


	<!-- First Name -->
	<li>
		<p class="fauxLabel">First Name:</p>
		<p class="fauxInput"><?php echo str2htmlentities($firstName); ?></p>
		<input id="firstName" name="firstName" type="hidden" value="<?php echo isset($firstName) ? $firstName : '' ?>" />
	</li>

That way, when the Form is submitted, my informational values get copied into the $_POST array, and so I can easily re-display them if there are any Form errors.

BTW, I never write “Article Title” or “First Name” to the database. Again, they are just for informational purposes.

Security is my biggest concern…

What do you think?

Thanks,

Debbie

DarthGuido · July 7, 2012, 7:50pm

Since the values are only used to be re-displayed again, I don’t see any security issues.
The question is if you need to use hidden fields. Where do you get those values from the first time you display the form?

DoubleDee · July 7, 2012, 8:13pm

Well, this is just an issue of code structure that I really don’t want to change.

I normally use this style of coding…


<?php
	// Initialization stuff here...


	// *********************************************************
	// HANDLE 											 *
	// *********************************************************
	if ($_SERVER['REQUEST_METHOD']=='POST'){
		// Form was Submitted (Post).

		// Initialize Errors Array.
		$errors = array();

		// Trim all form data.
		$trimmed = array_map('trim', $_POST);


		// *********************
		// Validate Form Data.	*
		// *********************

		// Validate Form Here...


	}else{
		// Form was not Submitted (Get).

		// ****************
		// Populate Form.	*
		// ****************

		// Build query.


		}//End of POPULATE FORM

	}//End of HANDLE FORM

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

Normally, this works just fine, because when the Form is submitted, if there are any Form Issues, I can grab everything out of $_POST.

The problem here - which I haven’t encountered before - is that I need to access information on the Form that wasn’t stored in the $_POST array because it wasn’t technically Form data.

Now I could have made “Article Title” and “First Name” Form Fields, but then they would be editable and I’d have to validate them.

I could have also used the $_SESSION, but as I am finding out, that can cause lots of issues for psycho Tabbed-Browsing Users?!

I also could have put my “Populate Form” query above the “Handle Form” block, but like I said, I like to follow the template I have above…

In the end, I made these changes which appear to be working and safe, but I wasn’t sure so I posted here?!


	// *********************************************************
	// HANDLE FORM.										 *
	// *********************************************************
	if ($_SERVER['REQUEST_METHOD']=='POST'){
		// Form was Submitted (Post).

		// Initialize Errors Array.
		$errors = array();

		// Trim all form data.
		$trimmed = array_map('trim', $_POST);


		// *********************
		// Validate Form Data.	*
		// *********************
		$articleTitle = $trimmed['articleTitle'];
		$firstName = $trimmed['firstName'];
		$comments = $trimmed['comments'];


	<!-- Article Title -->
	<li>
		<p class="fauxLabel">Article Title:</p>
		<p class="fauxInput"><?php echo '"' . str2htmlentities($articleTitle) . '"'; ?></p>
		<input name="articleTitle" type="hidden" value="<?php echo (isset($articleTitle) ? $articleTitle : ''); ?>" />
	</li>

	<!-- First Name -->
	<li>
		<p class="fauxLabel">First Name:</p>
		<p class="fauxInput"><?php echo str2htmlentities($firstName); ?></p>
		<input name="firstName" type="hidden" value="<?php echo (isset($firstName) ? $firstName : ''); ?>" />
	</li>

	<!-- Comment -->
	<li>
		<label for="comments">Comments:</label>
		<textarea id="comments" name="comments" cols="50" rows="15"><?php echo (isset($comments) ? $comments : ''); ?></textarea>
		<?php
			if (!empty($errors['comments'])){
				echo '<br /><span class="error">' . $errors['comments'] . '</span>';
			}
		?>
	</li>

What do you think about all of that?! :-/

Thanks,

Debbie