[Gllug] mySQL PHP

Bruce Richardson brichardson at lineone.net
Wed Jul 11 13:46:09 UTC 2001 

On 7/11/01, 10:18:06 AM, "Jackson, Harry" <HJackson at colt-telecom.com> 
wrote regarding RE: [Gllug] mySQL PHP:



> I know that I need to initialise them on entry but how do I get PHP to
> ignore the initial values when Submit pressed. When I try to 
initialise them
> with defaults they then always stick with these and they also print to 
the
> screen.

Of course, Harry.  That's what your code tells it to do.  If you want 
the form to do one thing if x is true but another thing otherwise then 
you need to put some control logic inside the form:

<form method="post" action="whatever">
<?php
	if (put your test here) {
		print your controls with desired settings here
	} else {
		print something else
	}
?>
</form>

/* Stop gritting your teeth, Dean, I know this is mixing code and 
content but this is learning level.  I have a nice little module you 
can use if you want to do 

	$newform = new form;
	$newform->add(new input_button("Submit"));
*/

If you want to test whether your page is a virgin form or has been 
submitted to itself, you can use a hidden input control to pass a 
check value.  To do this, put a line like

	$submitted = ($submitted) ? $submitted : 0;

at the top of your script.  Then put this inside your form:

<input type="hidden" name="submitted" 
value="<?php print $submitted + 1 ?>">

What this does is set $submitted to 0 if it is not already set.  When 
the
hidden input is created, it has a value one more than $submitted.  If 
you submit the form, the next time the script runs $submitted will 
have a value of 1. (Another - more secure - way to do this is with 
session variables).

So this way you can tell whether your script has already run (and how 
many times).

> > I have some other concerns about your code but there's no need to go
> > down those byways right now.

>       No do not hold back, I think that this may be accepted as a tool 
we
> could use so any concerns you have will be well received.

OK.  You have register_globals enabled, so that values submitted by 
get or post immediately become variables.  This is insecure and a 
potential source of bugs as it means that anybody can set variables in 
your script by getting 
http://url.of.your/form.php?poisonvar=poisonvalue.  

It is better practice to turn off register_globals and enable 
track_vars.  Then you can fetch form variables from either the 
$HTTP_POST_VARS or $HTTP_GET_VARS arrays, whichever is appropriate.

-- 

Bruce




-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list