473,387 Members | 1,493 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > web forms/preserving state with $_get - should i be doing this?

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Web Forms/Preserving state with $_GET - should I be doing this?

I have one page that does 3 different things depending on $_GET:
1. It shows an index with items.
2. It shows an item with a form to submit an amount.
3. It confirms the amount.
I was just wondering, since I haven't approached anything like this if I'm ding something I shouldn't be doing.
To get the post variable to work, I had to add some get variables to the form action. Would it be better to use hidden
fields?

<?php

if (!isset($_GET['action']) || $_GET['action'] == 'home') {
include_once($index_page);
}
elseif (isset($_GET['action']) && isset($_GET['item_id']) && $_GET['action'] == 'item') {
if (isset($_POST['amount'])) {
confirm($_POST['amount']);
include_once($confirm_page);
}
else {
$form = '<form action="' . $_SERVER['PHP_SELF'] . '?action=item&item_id=' . $item_id . '" method="post">' .
'<input type="text" name="amount">' .
'<input type="submit" value="Enter Amount">' .
'</form>';
echo $form;
include_once($item_page);
}
}

?>

Thanks,
J Moore
Jul 17 '05 #1
7 1914
sketch wrote:
I have one page that does 3 different things depending on $_GET:
1. It shows an index with items.
2. It shows an item with a form to submit an amount.
3. It confirms the amount.
I was just wondering, since I haven't approached anything like this if I'm
ding something I shouldn't be doing. To get the post variable to work, I
had to add some get variables to the form action. Would it be better to
use hidden fields?


Well, you are supposed to sanitize your $_GET and $_POST variables before
using them in code, but anyway...

But anyway, I prefer to treat $_GET and $_POST interchangeably, so my
universal page does this (notice simplified to assume no arrays). Because
GETs override POSTs, I can code normal behavior into the hidden vars and
debug/test by putting special values into the URL. It makes it easier for
some troublemaker to experiment with screwing up the system, but then the
system should be protected against that anyway.

foreach ($_POST as $tkey=>$tvalue) {
$GLOBALS["clean"][$tkey] = YourSanitize($tvalue);
}
foreach ($_GET as $tkey=>$tvalue) {
$GLOBALS["clean"][$tkey] = YourSanitize($tvalue);
}

Now in code you can have your own version of $_GET and $_POST with things
like this:

$post=&$GLOBALS["clean"]

if ($post["key"]=="value") {
....
}

--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
Jul 17 '05 #2
I observed something when GET and POST are mixed in the same call.
For example:
..../test.php?code=abcd

If the form has this in the action but uses POST method, then the
test.php gets called twice (once for GET and second time for POST) by
IE or firefox (forgot at this moment which one was doing this).

Had serious trouble from this double calling and ended up spending a
day debugging php in eclipse for runtime tracking.

I would avoid mixing GET and POST for form submission.

Jul 17 '05 #3
sa****@gmail.com wrote:
I observed something when GET and POST are mixed in the same call.
For example:
.../test.php?code=abcd

If the form has this in the action but uses POST method, then the
test.php gets called twice (once for GET and second time for POST) by
IE or firefox (forgot at this moment which one was doing this).

Had serious trouble from this double calling and ended up spending a
day debugging php in eclipse for runtime tracking.

I would avoid mixing GET and POST for form submission.


Let me clarify. The action of the form is always just "index", with no
variables passed in. The POST data of course is coming from the form.

However, the method of merging them allows me to simulate form posts by
typing the following into the location bar:

http://localhost/~me/index?var1=some...r2=sometestvar

and easily walk through the results.
--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
Jul 17 '05 #4
Ken, Thanks - understood.

I have a question (just to satisfy my curiosity):

In case of mixing, is the double GET and POST action expected - or is
it a browser bug?
What does the standard say about it?

Jul 17 '05 #5
On Sat, 12 Mar 2005 08:35:39 -0500, Kenneth Downs <kn**************@see.sigblock> wrote:
Well, you are supposed to sanitize your $_GET and $_POST variables before
using them in code, but anyway...


Thanks, I'm going to play around with your suggestions.
J Moore
Jul 17 '05 #6
On 12 Mar 2005 09:08:29 -0800, sa****@gmail.com wrote:
Ken, Thanks - understood.

I have a question (just to satisfy my curiosity):

In case of mixing, is the double GET and POST action expected - or is
it a browser bug?
What does the standard say about it?


I'm using Mozilla Firebird 0.7 and IE 6 to test my scripts, and am
unable to reproduce the same bug. I'll try this under Linux where I
have some even older browsers.

What alternative to $_GET and $_POST are you thinking of? I've tried
using Javascript submits, but I wanted to avoid that for this project.

J Moore
Jul 17 '05 #7
sa****@gmail.com wrote:
Ken, Thanks - understood.

I have a question (just to satisfy my curiosity):

In case of mixing, is the double GET and POST action expected - or is
it a browser bug?
What does the standard say about it?


Sorry, I've never run across it. I tend to either POST or GET, not both
together. The merge utility just allows me to type URLs into the address
bar that would give the same results as a user POST, making testing easier,
that's really all its for.

--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
Jul 17 '05 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
maintaining state with sessions - help
by: leegold2 | last post by:
Probably a newbie question about "state": My problem is I have a search form, so user enters a keyword <enter>, then this form posts to another page were the result are displayed. But this...
PHP
6
Preserving state
by: Karl | last post by:
This might not really be a javascript question, but I'll start with this group. At http://www.gazingus.org/ there is a very nice collapsible menu written using CSS and Javascript >>>> Using...
Javascript
3
Paragraph breaks in forms
by: EmmettPower | last post by:
Hi, I am building a small CMS for my son's school. Ideally I want to build the system for them and hand it over so that all updates can be done through web-based forms. So far so good....
ASP / Active Server Pages
16
integral promotion, arithmetic conversion, value preserving, unsigned preserving???
by: TTroy | last post by:
Hello, I'm relatively new to C and have gone through more than 4 books on it. None mentioned anything about integral promotion, arithmetic conversion, value preserving and unsigned preserving. ...
C / C++
18
Need a way to tell if a System.Windows.Forms.Button is "depressed" (pushed down)
by: jrhoads23 | last post by:
Hello, I am trying to find a way to tell if an .NET windows forms Button (System.Windows.Forms.Button) is "depressed" (pushed down). For my application, I can not use a check box control set to...
C# / C Sharp
6
MDIForm Parent/Child forms BEST Practice
by: Edwinah63 | last post by:
Hi everyone, could someone give me some thoughts on the best way to manage mdi parent and child forms? in vb6 i could scroll through the forms collection and determine which forms were...
Visual Basic .NET
0
Preserving field values using with DetailsView_ItemInserted
by: rlueneberg | last post by:
I am having difficulty with preserving field values in a DetailsView control after clicking the insert button event. protected void DetailsView1_ItemInserted(object sender,...
C# / C Sharp
19
Atli
Using HTML Forms to pass data to PHP
by: Atli | last post by:
Introduction At some point, all web developers will need to collect data from their users. In a dynamic web page, everything revolves around the users input, so knowing how to ask for and collect...
PHP
7
Do you use bool a lot in Windows Forms? Is there a better way?
by: raylopez99 | last post by:
I find that I am using bool variables a lot when I code in Forms. I know how to overload event handlers, and that's great for offloading code from the 'base' event handler and/or creating helper...
C# / C Sharp
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!