473,394 Members | 1,478 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,394 software developers and data experts.

Web Forms/Preserving state with $_GET - should I be doing this?

I have one page that does 3 different things depending on $_GET:
1. It shows an index with items.
2. It shows an item with a form to submit an amount.
3. It confirms the amount.
I was just wondering, since I haven't approached anything like this if I'm ding something I shouldn't be doing.
To get the post variable to work, I had to add some get variables to the form action. Would it be better to use hidden
fields?

<?php

if (!isset($_GET['action']) || $_GET['action'] == 'home') {
include_once($index_page);
}
elseif (isset($_GET['action']) && isset($_GET['item_id']) && $_GET['action'] == 'item') {
if (isset($_POST['amount'])) {
confirm($_POST['amount']);
include_once($confirm_page);
}
else {
$form = '<form action="' . $_SERVER['PHP_SELF'] . '?action=item&item_id=' . $item_id . '" method="post">' .
'<input type="text" name="amount">' .
'<input type="submit" value="Enter Amount">' .
'</form>';
echo $form;
include_once($item_page);
}
}

?>

Thanks,
J Moore
Jul 17 '05 #1
7 1915
sketch wrote:
I have one page that does 3 different things depending on $_GET:
1. It shows an index with items.
2. It shows an item with a form to submit an amount.
3. It confirms the amount.
I was just wondering, since I haven't approached anything like this if I'm
ding something I shouldn't be doing. To get the post variable to work, I
had to add some get variables to the form action. Would it be better to
use hidden fields?


Well, you are supposed to sanitize your $_GET and $_POST variables before
using them in code, but anyway...

But anyway, I prefer to treat $_GET and $_POST interchangeably, so my
universal page does this (notice simplified to assume no arrays). Because
GETs override POSTs, I can code normal behavior into the hidden vars and
debug/test by putting special values into the URL. It makes it easier for
some troublemaker to experiment with screwing up the system, but then the
system should be protected against that anyway.

foreach ($_POST as $tkey=>$tvalue) {
$GLOBALS["clean"][$tkey] = YourSanitize($tvalue);
}
foreach ($_GET as $tkey=>$tvalue) {
$GLOBALS["clean"][$tkey] = YourSanitize($tvalue);
}

Now in code you can have your own version of $_GET and $_POST with things
like this:

$post=&$GLOBALS["clean"]

if ($post["key"]=="value") {
....
}

--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
Jul 17 '05 #2
I observed something when GET and POST are mixed in the same call.
For example:
..../test.php?code=abcd

If the form has this in the action but uses POST method, then the
test.php gets called twice (once for GET and second time for POST) by
IE or firefox (forgot at this moment which one was doing this).

Had serious trouble from this double calling and ended up spending a
day debugging php in eclipse for runtime tracking.

I would avoid mixing GET and POST for form submission.

Jul 17 '05 #3
sa****@gmail.com wrote:
I observed something when GET and POST are mixed in the same call.
For example:
.../test.php?code=abcd

If the form has this in the action but uses POST method, then the
test.php gets called twice (once for GET and second time for POST) by
IE or firefox (forgot at this moment which one was doing this).

Had serious trouble from this double calling and ended up spending a
day debugging php in eclipse for runtime tracking.

I would avoid mixing GET and POST for form submission.


Let me clarify. The action of the form is always just "index", with no
variables passed in. The POST data of course is coming from the form.

However, the method of merging them allows me to simulate form posts by
typing the following into the location bar:

http://localhost/~me/index?var1=some...r2=sometestvar

and easily walk through the results.
--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
Jul 17 '05 #4
Ken, Thanks - understood.

I have a question (just to satisfy my curiosity):

In case of mixing, is the double GET and POST action expected - or is
it a browser bug?
What does the standard say about it?

Jul 17 '05 #5
On Sat, 12 Mar 2005 08:35:39 -0500, Kenneth Downs <kn**************@see.sigblock> wrote:
Well, you are supposed to sanitize your $_GET and $_POST variables before
using them in code, but anyway...


Thanks, I'm going to play around with your suggestions.
J Moore
Jul 17 '05 #6
On 12 Mar 2005 09:08:29 -0800, sa****@gmail.com wrote:
Ken, Thanks - understood.

I have a question (just to satisfy my curiosity):

In case of mixing, is the double GET and POST action expected - or is
it a browser bug?
What does the standard say about it?


I'm using Mozilla Firebird 0.7 and IE 6 to test my scripts, and am
unable to reproduce the same bug. I'll try this under Linux where I
have some even older browsers.

What alternative to $_GET and $_POST are you thinking of? I've tried
using Javascript submits, but I wanted to avoid that for this project.

J Moore
Jul 17 '05 #7
sa****@gmail.com wrote:
Ken, Thanks - understood.

I have a question (just to satisfy my curiosity):

In case of mixing, is the double GET and POST action expected - or is
it a browser bug?
What does the standard say about it?


Sorry, I've never run across it. I tend to either POST or GET, not both
together. The merge utility just allows me to type URLs into the address
bar that would give the same results as a user POST, making testing easier,
that's really all its for.

--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
Jul 17 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: leegold2 | last post by:
Probably a newbie question about "state": My problem is I have a search form, so user enters a keyword <enter>, then this form posts to another page were the result are displayed. But this...
6
by: Karl | last post by:
This might not really be a javascript question, but I'll start with this group. At http://www.gazingus.org/ there is a very nice collapsible menu written using CSS and Javascript >>>> Using...
3
by: EmmettPower | last post by:
Hi, I am building a small CMS for my son's school. Ideally I want to build the system for them and hand it over so that all updates can be done through web-based forms. So far so good....
16
by: TTroy | last post by:
Hello, I'm relatively new to C and have gone through more than 4 books on it. None mentioned anything about integral promotion, arithmetic conversion, value preserving and unsigned preserving. ...
18
by: jrhoads23 | last post by:
Hello, I am trying to find a way to tell if an .NET windows forms Button (System.Windows.Forms.Button) is "depressed" (pushed down). For my application, I can not use a check box control set to...
6
by: Edwinah63 | last post by:
Hi everyone, could someone give me some thoughts on the best way to manage mdi parent and child forms? in vb6 i could scroll through the forms collection and determine which forms were...
0
by: rlueneberg | last post by:
I am having difficulty with preserving field values in a DetailsView control after clicking the insert button event. protected void DetailsView1_ItemInserted(object sender,...
19
Atli
by: Atli | last post by:
Introduction At some point, all web developers will need to collect data from their users. In a dynamic web page, everything revolves around the users input, so knowing how to ask for and collect...
7
by: raylopez99 | last post by:
I find that I am using bool variables a lot when I code in Forms. I know how to overload event handlers, and that's great for offloading code from the 'base' event handler and/or creating helper...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
0
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.