By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,602 Members | 1,473 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,602 IT Pros & Developers. It's quick & easy.

no empty form fields after submitting form

P: n/a
Hello, a stupid question but...

page_A.php is a page with a form.
The user inserts text in four fields, then he clicks a submit button.
The data goes to page_B.php:
this page controls the data submitted, then echoes a message.
If there were problems with the submitted data the message says:
"a problem occurred with your data. Click here to come back to the
form" (page_A.php).
When the user comes back, he finds the fields white.

How can I do to show him what he submitted?

Thanks!

Sep 14 '07 #1
Share this Question
Share on Google+
26 Replies


P: n/a
..oO(pe*************@gmail.com)
>page_A.php is a page with a form.
The user inserts text in four fields, then he clicks a submit button.
The data goes to page_B.php:
this page controls the data submitted, then echoes a message.
If there were problems with the submitted data the message says:
"a problem occurred with your data. Click here to come back to the
form" (page_A.php).
When the user comes back, he finds the fields white.
You don't need two pages. Let page_A show and handle the form
processing. Submit the form to the same page, check the values and show
the form again if there's an error.

To keep the form data while moving from one page to another you would
have to store the values in a session.

Micha
Sep 14 '07 #2

P: n/a
On Sep 14, 6:39 pm, Michael Fesser <neti...@gmx.dewrote:
To keep the form data while moving from one page to another you would
have to store the values in a session.

Micha


Ok, I'll use sessions, thanks!

Sep 14 '07 #3

P: n/a
pe*************@gmail.com wrote:
Hello, a stupid question but...

page_A.php is a page with a form.
The user inserts text in four fields, then he clicks a submit button.
The data goes to page_B.php:
this page controls the data submitted, then echoes a message.
If there were problems with the submitted data the message says:
"a problem occurred with your data. Click here to come back to the
form" (page_A.php).
When the user comes back, he finds the fields white.

How can I do to show him what he submitted?

Thanks!

Create a form on page B. Copy all of the $_POST variables into hidden
fields with a submit button that says, "Go Back."

--
*****************************
Chuck Anderson Boulder, CO
http://www.CycleTourist.com
*****************************
Sep 14 '07 #4

P: n/a
If you put them in the same page, it will be better for you. It will
ease the process.

[PHP]

if (isset($_POST['submit'])) {

# Process the form

if ($number_of_errors_in_the_form != 0) {

# Show the errors
# Display the Form Again.
# Example: print "<input type='text' name='fieldname' value='".
$_POST['fieldname']."' />";

} else {

# Tell the user everything went fine.

}

} else {

# Display the form.

}
Sep 14 '07 #5

P: n/a
>
Create a form on page B. Copy all of the $_POST variables into hidden
fields with a submit button that says, "Go Back."


hi chuck, it sounds interesting (I imagine form on page B should point
page A), but what if the user clicks the back button of his browser?

Sep 15 '07 #6

P: n/a
pe*************@gmail.com wrote:
>Create a form on page B. Copy all of the $_POST variables into hidden
fields with a submit button that says, "Go Back."


hi chuck, it sounds interesting (I imagine form on page B should point
page A), but what if the user clicks the back button of his browser?

Yes, the form action on page B is to return to page A.

Clicking the Back button is fine. The browser loads the previous state
of page A, with the form fields still filled out.

I've even written a function that reads all of the elements in an array
(e.g., $_POST) and creates hidden form fields for each one. It can even
handle multi-dimensional arrays (e.g., $_POST variables that are
themselves, an array).

--
*****************************
Chuck Anderson Boulder, CO
http://www.CycleTourist.com
The world is my country,
Science, my religion.
*****************************
Sep 15 '07 #7

P: n/a
Chuck Anderson wrote:
pe*************@gmail.com wrote:
>>Create a form on page B. Copy all of the $_POST variables into hidden
fields with a submit button that says, "Go Back."


hi chuck, it sounds interesting (I imagine form on page B should point
page A), but what if the user clicks the back button of his browser?


Yes, the form action on page B is to return to page A.

Clicking the Back button is fine. The browser loads the previous state
of page A, with the form fields still filled out.
It will if you have the browser caching the page and haven't needed to
flush the cache. But you shouldn't depend on that behavior.
I've even written a function that reads all of the elements in an array
(e.g., $_POST) and creates hidden form fields for each one. It can even
handle multi-dimensional arrays (e.g., $_POST variables that are
themselves, an array).
That's the best way to handle things.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Sep 15 '07 #8

P: n/a
I've even written a function that reads all of the elements in an array
(e.g., $_POST) and creates hidden form fields for each one. It can even
handle multi-dimensional arrays (e.g., $_POST variables that are
themselves, an array).


Chuck, this sound really interesting, simple and powerful too:
at the moment, page B converts every key in a variable of the same
name:

foreach($_POST as $k =$v){
if(in_array($k,$required_keys)&&(trim($_POST[$k]!=''))){
${$k}=$v;
$count++;
}
}

it would be quite easy to use this foreach to build my fields :-)

Thanks!

Sep 16 '07 #9

P: n/a

Little problem in page A, now:

I imagine I must verify if I have 'something' in $_POST
(I get an Undefined Variable notice when I directly write:

if($_POST[$k]!=''){
${$k}=$v;
}

and I access this page for the first time, that is when for sure there
is nothing in $_POST
)

I tried
if(array_key_exists(etc. but this way I must write code for any
possible key...

Is there a handy way to know if there is 'something' in $_POST?

Thanks!

Sep 16 '07 #10

P: n/a
On Sun, 16 Sep 2007 12:29:20 +0200, <pe*************@gmail.comwrote:
Is there a handy way to know if there is 'something' in $_POST?
if(isset($_POST['something'])){/* do your thing */}
--
Rik Wasmus
Sep 16 '07 #11

P: n/a
if(isset($_POST['something'])){/* do your thing */}

well, this presumes I must know what I'm receiving in page A...

Anyway, the issue has been caused by the fact that I have not
previously declared/initialized two variables, so when there's nothing
in $_POST they simply don't exist. I partially solved declaring an
undefined value before the $_POST verification code.

Sep 16 '07 #12

P: n/a
..oO(pe*************@gmail.com)
>Little problem in page A, now:

I imagine I must verify if I have 'something' in $_POST
if (!empty($_POST)) {
...
}
>(I get an Undefined Variable notice when I directly write:

if($_POST[$k]!=''){
${$k}=$v;
}
Even if the form was submitted and $_POST is not empty, you should check
every value if it exists before you use it. You could write a little
function for that.

You could also have a look at the extract() function, if you want to
convert the array into single variables. I don't consider that really
necessary, but anyway.

Micha
Sep 16 '07 #13

P: n/a
Even if the form was submitted and $_POST is not empty, you should check
every value if it exists before you use it.


why?

I'm using them this way: if I receive the values I put them in the
value field of the form, if I don't receive data, the field appears
empty.
You could also have a look at the extract() function, if you want to
convert the array into single variables. I don't consider that really
necessary, but anyway.


I considered not using it because the PHP manual says it is not a good
idea for $_GET, $_POST, etc.

Sep 16 '07 #14

P: n/a
..oO(pe*************@gmail.com)
>Even if the form was submitted and $_POST is not empty, you should check
every value if it exists before you use it.

why?
You can't be sure that you'll get all the values from the form you
expect. Every data coming in from the client (POST, GET, cookies) can be
incomplete or manipulated.
>I'm using them this way: if I receive the values I put them in the
value field of the form, if I don't receive data, the field appears
empty.
You just have to make sure that missing values don't lead to notices or
unexpected behaviour in your code.
>You could also have a look at the extract() function, if you want to
convert the array into single variables. I don't consider that really
necessary, but anyway.

I considered not using it because the PHP manual says it is not a good
idea for $_GET, $_POST, etc.
Currently you're doing nearly the same.

Micha
Sep 16 '07 #15

P: n/a
You can't be sure that you'll get all the values from the form you
expect. Every data coming in from the client (POST, GET, cookies) can be
incomplete or manipulated.


i'm in the classical little/medium site backend area sending data
thorugh $_POST: what could cause incompleteness? Who could manipulate
my data?
You just have to make sure that missing values don't lead to notices or
unexpected behaviour in your code.


it is what I try to do and I'm not receiving any unexpected behavior
at the moment :-)
I considered not using it because the PHP manual says it is not a good
idea for $_GET, $_POST, etc.

Currently you're doing nearly the same.


well, it's true... I couldn't find a better way, since I can't change
the overall structure (so I can't but send data from A to B and
viceversa)
Sep 16 '07 #16

P: n/a
pe*************@gmail.com wrote:
>Even if the form was submitted and $_POST is not empty, you should check
every value if it exists before you use it.

why?

I'm using them this way: if I receive the values I put them in the
value field of the form, if I don't receive data, the field appears
empty.
>You could also have a look at the extract() function, if you want to
convert the array into single variables. I don't consider that really
necessary, but anyway.

I considered not using it because the PHP manual says it is not a good
idea for $_GET, $_POST, etc.
No, instead you're just emulating the extract() function in your code.
Is that any smarter?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Sep 16 '07 #17

P: n/a
pe*************@gmail.com wrote:
>You can't be sure that you'll get all the values from the form you
expect. Every data coming in from the client (POST, GET, cookies) can be
incomplete or manipulated.

i'm in the classical little/medium site backend area sending data
thorugh $_POST: what could cause incompleteness? Who could manipulate
my data?
Anyone. For instance, I could post a form to your site which has
anything I want on it. That's a very common way hackers get into systems.
>
>You just have to make sure that missing values don't lead to notices or
unexpected behaviour in your code.

it is what I try to do and I'm not receiving any unexpected behavior
at the moment :-)
And that means you'll never get it in the future? It's this very
thinking which leads to sites being hacked,
>
>>I considered not using it because the PHP manual says it is not a good
idea for $_GET, $_POST, etc.
Currently you're doing nearly the same.

well, it's true... I couldn't find a better way, since I can't change
the overall structure (so I can't but send data from A to B and
viceversa)

Always validate your data.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Sep 16 '07 #18

P: n/a
pe*************@gmail.com wrote:
Little problem in page A, now:

I imagine I must verify if I have 'something' in $_POST
(I get an Undefined Variable notice when I directly write:

if($_POST[$k]!=''){
${$k}=$v;
}

and I access this page for the first time, that is when for sure there
is nothing in $_POST
)

I tried
if(array_key_exists(etc. but this way I must write code for any
possible key...

Is there a handy way to know if there is 'something' in $_POST?

Thanks!
Sounds like you've got a handle on it.

--
*****************************
Chuck Anderson Boulder, CO
http://www.CycleTourist.com
The world is my country,
Science, my religion. ... Huygens
*****************************
Sep 16 '07 #19

P: n/a
pe*************@gmail.com wrote:
>Is there a handy way to know if there is 'something' in $_POST?

$bExists = is_set($_POST);
Sep 16 '07 #20

P: n/a
Is that any smarter?
it isn't

Sep 17 '07 #21

P: n/a
Anyone. For instance, I could post a form to your site which has
anything I want on it. That's a very common way hackers get into systems.

But, sorry for my little experience, my forms only work if you logged
in (and you are a registered user and a session is active...). For
sure, I should understand how hackers do what they do...

And that means you'll never get it in the future?


absolutely not
Always validate your data.


ok, thanks

Sep 17 '07 #22

P: n/a
$bExists = is_set($_POST);


isset?


Sep 17 '07 #23

P: n/a
Sounds like you've got a handle on it.

:-)

Sep 17 '07 #24

P: n/a
pe*************@gmail.com wrote:
>Anyone. For instance, I could post a form to your site which has
anything I want on it. That's a very common way hackers get into systems.


But, sorry for my little experience, my forms only work if you logged
in (and you are a registered user and a session is active...). For
sure, I should understand how hackers do what they do...

And a hacker couldn't register and get a session active? Quite easy.
>
>And that means you'll never get it in the future?

absolutely not
>Always validate your data.

ok, thanks

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Sep 18 '07 #25

P: n/a
On 18 Set, 02:58, Jerry Stuckle <jstuck...@attglobal.netwrote:
>
And a hacker couldn't register and get a session active? Quite easy.


I don't know!
Could an hacker control the value of a specified session variable? I
hope not! :-)
How does the hacker know the name of a session variable and its right
value?

I define:

$_SESSION[$username][$randomValue] = $fixedValue;
How could the hacker infer:
- the name of the user;
- the random number (previously generated and only active when logged
in);
- the fixed value for test;

Sep 22 '07 #26

P: n/a
pe*************@gmail.com wrote:
On 18 Set, 02:58, Jerry Stuckle <jstuck...@attglobal.netwrote:
>And a hacker couldn't register and get a session active? Quite easy.

I don't know!
Could an hacker control the value of a specified session variable? I
hope not! :-)
How does the hacker know the name of a session variable and its right
value?

I define:

$_SESSION[$username][$randomValue] = $fixedValue;
How could the hacker infer:
- the name of the user;
- the random number (previously generated and only active when logged
in);
- the fixed value for test;
I didn't say the hacker could change the value of a session variable.
But that's not what your problem is.

What I'm referring to is someone hacker registering on your site. Then
at a later time, once he's been authorized, he hacks your site and
starts spamming. But the time you catch him, you've been shut off
because you're a spam relay.

The bottom line here is - NEVER, NEVER, EVER trust data from the user.
Always validate it server side. And always watch for hack attempts.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Sep 22 '07 #27

This discussion thread is closed

Replies have been disabled for this discussion.