no empty form fields after submitting form

Hello, a stupid question but...

page_A.php is a page with a form.
The user inserts text in four fields, then he clicks a submit button.
The data goes to page_B.php:
this page controls the data submitted, then echoes a message.
If there were problems with the submitted data the message says:
"a problem occurred with your data. Click here to come back to the
form" (page_A.php).
When the user comes back, he finds the fields white.

How can I do to show him what he submitted?

Thanks!

Re: no empty form fields after submitting form

..oO(pepper.gabriela@gmail.com)

>page_A.php is a page with a form.
>The user inserts text in four fields, then he clicks a submit button.
>The data goes to page_B.php:
>this page controls the data submitted, then echoes a message.
>If there were problems with the submitted data the message says:
>"a problem occurred with your data. Click here to come back to the
>form" (page_A.php).
>When the user comes back, he finds the fields white.

You don't need two pages. Let page_A show and handle the form
processing. Submit the form to the same page, check the values and show
the form again if there's an error.

To keep the form data while moving from one page to another you would
have to store the values in a session.

Micha

Re: no empty form fields after submitting form

On Sep 14, 6:39 pm, Michael Fesser wrote:
> To keep the form data while moving from one page to another you would
> have to store the values in a session.
>
> Micha



Ok, I'll use sessions, thanks!

Re: no empty form fields after submitting form

pepper.gabriela@gmail.com wrote:
> Hello, a stupid question but...
>
> page_A.php is a page with a form.
> The user inserts text in four fields, then he clicks a submit button.
> The data goes to page_B.php:
> this page controls the data submitted, then echoes a message.
> If there were problems with the submitted data the message says:
> "a problem occurred with your data. Click here to come back to the
> form" (page_A.php).
> When the user comes back, he finds the fields white.
>
> How can I do to show him what he submitted?
>
> Thanks!
>
>

Create a form on page B. Copy all of the $_POST variables into hidden
fields with a submit button that says, "Go Back."

--
*****************************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
*****************************

Re: no empty form fields after submitting form

If you put them in the same page, it will be better for you. It will
ease the process.

[PHP]

if (isset($_POST['submit'])) {

# Process the form

if ($number_of_errors_in_the_form != 0) {

# Show the errors
# Display the Form Again.
# Example: print "";

} else {

# Tell the user everything went fine.

}

} else {

# Display the form.

}

Re: no empty form fields after submitting form

>
> Create a form on page B. Copy all of the $_POST variables into hidden
> fields with a submit button that says, "Go Back."
>



hi chuck, it sounds interesting (I imagine form on page B should point
page A), but what if the user clicks the back button of his browser?

Re: no empty form fields after submitting form

pepper.gabriela@gmail.com wrote:
>> Create a form on page B. Copy all of the $_POST variables into hidden
>> fields with a submit button that says, "Go Back."
>>
>>
>
>
>
> hi chuck, it sounds interesting (I imagine form on page B should point
> page A), but what if the user clicks the back button of his browser?
>
>

Yes, the form action on page B is to return to page A.

Clicking the Back button is fine. The browser loads the previous state
of page A, with the form fields still filled out.

I've even written a function that reads all of the elements in an array
(e.g., $_POST) and creates hidden form fields for each one. It can even
handle multi-dimensional arrays (e.g., $_POST variables that are
themselves, an array).

--
*****************************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
The world is my country,
Science, my religion.
*****************************

Re: no empty form fields after submitting form

Chuck Anderson wrote:
> pepper.gabriela@gmail.com wrote:
>>> Create a form on page B. Copy all of the $_POST variables into hidden
>>> fields with a submit button that says, "Go Back."
>>>
>>>
>>
>>
>>
>> hi chuck, it sounds interesting (I imagine form on page B should point
>> page A), but what if the user clicks the back button of his browser?
>>
>>
>
> Yes, the form action on page B is to return to page A.
>
> Clicking the Back button is fine. The browser loads the previous state
> of page A, with the form fields still filled out.
>

It will if you have the browser caching the page and haven't needed to
flush the cache. But you shouldn't depend on that behavior.

> I've even written a function that reads all of the elements in an array
> (e.g., $_POST) and creates hidden form fields for each one. It can even
> handle multi-dimensional arrays (e.g., $_POST variables that are
> themselves, an array).
>

That's the best way to handle things.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: no empty form fields after submitting form

> I've even written a function that reads all of the elements in an array
> (e.g., $_POST) and creates hidden form fields for each one. It can even
> handle multi-dimensional arrays (e.g., $_POST variables that are
> themselves, an array).



Chuck, this sound really interesting, simple and powerful too:
at the moment, page B converts every key in a variable of the same
name:

foreach($_POST as $k => $v){
if(in_array($k,$required_keys)&&(trim($_POST[$k]!=''))){
${$k}=$v;
$count++;
}
}

it would be quite easy to use this foreach to build my fields :-)

Thanks!

Re: no empty form fields after submitting form

Little problem in page A, now:

I imagine I must verify if I have 'something' in $_POST
(I get an Undefined Variable notice when I directly write:

if($_POST[$k]!=''){
${$k}=$v;
}

and I access this page for the first time, that is when for sure there
is nothing in $_POST
)

I tried
if(array_key_exists(etc. but this way I must write code for any
possible key...

Is there a handy way to know if there is 'something' in $_POST?

Thanks!

Re: no empty form fields after submitting form

On Sun, 16 Sep 2007 12:29:20 +0200, wrote:
> Is there a handy way to know if there is 'something' in $_POST?
>

if(isset($_POST['something'])){/* do your thing */}


--
Rik Wasmus

Re: no empty form fields after submitting form

> if(isset($_POST['something'])){/* do your thing */}


well, this presumes I must know what I'm receiving in page A...

Anyway, the issue has been caused by the fact that I have not
previously declared/initialized two variables, so when there's nothing
in $_POST they simply don't exist. I partially solved declaring an
undefined value before the $_POST verification code.

Re: no empty form fields after submitting form

..oO(pepper.gabriela@gmail.com)

>Little problem in page A, now:
>
>I imagine I must verify if I have 'something' in $_POST

if (!empty($_POST)) {
...
}

>(I get an Undefined Variable notice when I directly write:
>
> if($_POST[$k]!=''){
> ${$k}=$v;
> }

Even if the form was submitted and $_POST is not empty, you should check
every value if it exists before you use it. You could write a little
function for that.

You could also have a look at the extract() function, if you want to
convert the array into single variables. I don't consider that really
necessary, but anyway.

Micha

Re: no empty form fields after submitting form

> Even if the form was submitted and $_POST is not empty, you should check
> every value if it exists before you use it.



why?

I'm using them this way: if I receive the values I put them in the
value field of the form, if I don't receive data, the field appears
empty.



> You could also have a look at the extract() function, if you want to
> convert the array into single variables. I don't consider that really
> necessary, but anyway.



I considered not using it because the PHP manual says it is not a good
idea for $_GET, $_POST, etc.

Re: no empty form fields after submitting form

..oO(pepper.gabriela@gmail.com)

>> Even if the form was submitted and $_POST is not empty, you should check
>> every value if it exists before you use it.
>
>why?

You can't be sure that you'll get all the values from the form you
expect. Every data coming in from the client (POST, GET, cookies) can be
incomplete or manipulated.

>I'm using them this way: if I receive the values I put them in the
>value field of the form, if I don't receive data, the field appears
>empty.

You just have to make sure that missing values don't lead to notices or
unexpected behaviour in your code.

>> You could also have a look at the extract() function, if you want to
>> convert the array into single variables. I don't consider that really
>> necessary, but anyway.
>
>I considered not using it because the PHP manual says it is not a good
>idea for $_GET, $_POST, etc.

Currently you're doing nearly the same.

Micha

Re: no empty form fields after submitting form

> You can't be sure that you'll get all the values from the form you
> expect. Every data coming in from the client (POST, GET, cookies) can be
> incomplete or manipulated.



i'm in the classical little/medium site backend area sending data
thorugh $_POST: what could cause incompleteness? Who could manipulate
my data?



> You just have to make sure that missing values don't lead to notices or
> unexpected behaviour in your code.



it is what I try to do and I'm not receiving any unexpected behavior
at the moment :-)



> >I considered not using it because the PHP manual says it is not a good
> >idea for $_GET, $_POST, etc.
>
> Currently you're doing nearly the same.



well, it's true... I couldn't find a better way, since I can't change
the overall structure (so I can't but send data from A to B and
viceversa)

Re: no empty form fields after submitting form

pepper.gabriela@gmail.com wrote:
>> Even if the form was submitted and $_POST is not empty, you should check
>> every value if it exists before you use it.
>
>
>
> why?
>
> I'm using them this way: if I receive the values I put them in the
> value field of the form, if I don't receive data, the field appears
> empty.
>
>
>
>> You could also have a look at the extract() function, if you want to
>> convert the array into single variables. I don't consider that really
>> necessary, but anyway.
>
>
>
> I considered not using it because the PHP manual says it is not a good
> idea for $_GET, $_POST, etc.
>

No, instead you're just emulating the extract() function in your code.
Is that any smarter?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: no empty form fields after submitting form

pepper.gabriela@gmail.com wrote:
>> You can't be sure that you'll get all the values from the form you
>> expect. Every data coming in from the client (POST, GET, cookies) can be
>> incomplete or manipulated.
>
>
>
> i'm in the classical little/medium site backend area sending data
> thorugh $_POST: what could cause incompleteness? Who could manipulate
> my data?
>

Anyone. For instance, I could post a form to your site which has
anything I want on it. That's a very common way hackers get into systems.

>
>
>> You just have to make sure that missing values don't lead to notices or
>> unexpected behaviour in your code.
>
>
>
> it is what I try to do and I'm not receiving any unexpected behavior
> at the moment :-)
>

And that means you'll never get it in the future? It's this very
thinking which leads to sites being hacked,

>
>
>>> I considered not using it because the PHP manual says it is not a good
>>> idea for $_GET, $_POST, etc.
>> Currently you're doing nearly the same.
>
>
>
> well, it's true... I couldn't find a better way, since I can't change
> the overall structure (so I can't but send data from A to B and
> viceversa)
>
>

Always validate your data.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: no empty form fields after submitting form

pepper.gabriela@gmail.com wrote:
> Little problem in page A, now:
>
> I imagine I must verify if I have 'something' in $_POST
> (I get an Undefined Variable notice when I directly write:
>
> if($_POST[$k]!=''){
> ${$k}=$v;
> }
>
> and I access this page for the first time, that is when for sure there
> is nothing in $_POST
> )
>
> I tried
> if(array_key_exists(etc. but this way I must write code for any
> possible key...
>
> Is there a handy way to know if there is 'something' in $_POST?
>
> Thanks!
>

Sounds like you've got a handle on it.

--
*****************************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
The world is my country,
Science, my religion. ... Huygens
*****************************

Re: no empty form fields after submitting form

> pepper.gabriela@gmail.com wrote:

>> Is there a handy way to know if there is 'something' in $_POST?


$bExists = is_set($_POST);

Re: no empty form fields after submitting form

> Is that any smarter?

it isn't

Re: no empty form fields after submitting form

> Anyone. For instance, I could post a form to your site which has
> anything I want on it. That's a very common way hackers get into systems.




But, sorry for my little experience, my forms only work if you logged
in (and you are a registered user and a session is active...). For
sure, I should understand how hackers do what they do...




> And that means you'll never get it in the future?



absolutely not



> Always validate your data.



ok, thanks

Re: no empty form fields after submitting form

> $bExists = is_set($_POST);



isset?

Re: no empty form fields after submitting form

> Sounds like you've got a handle on it.


:-)

Re: no empty form fields after submitting form

pepper.gabriela@gmail.com wrote:
>> Anyone. For instance, I could post a form to your site which has
>> anything I want on it. That's a very common way hackers get into systems.
>
>
>
>
> But, sorry for my little experience, my forms only work if you logged
> in (and you are a registered user and a session is active...). For
> sure, I should understand how hackers do what they do...
>
>

And a hacker couldn't register and get a session active? Quite easy.

>
>
>> And that means you'll never get it in the future?
>
>
>
> absolutely not
>
>
>
>> Always validate your data.
>
>
>
> ok, thanks
>


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: no empty form fields after submitting form

On 18 Set, 02:58, Jerry Stuckle wrote:

>
> And a hacker couldn't register and get a session active? Quite easy.
>



I don't know!
Could an hacker control the value of a specified session variable? I
hope not! :-)
How does the hacker know the name of a session variable and its right
value?

I define:

$_SESSION[$username][$randomValue] = $fixedValue;
How could the hacker infer:
- the name of the user;
- the random number (previously generated and only active when logged
in);
- the fixed value for test;

Re: no empty form fields after submitting form

pepper.gabriela@gmail.com wrote:
> On 18 Set, 02:58, Jerry Stuckle wrote:
>
>> And a hacker couldn't register and get a session active? Quite easy.
>>
>
>
>
> I don't know!
> Could an hacker control the value of a specified session variable? I
> hope not! :-)
> How does the hacker know the name of a session variable and its right
> value?
>
> I define:
>
> $_SESSION[$username][$randomValue] = $fixedValue;
> How could the hacker infer:
> - the name of the user;
> - the random number (previously generated and only active when logged
> in);
> - the fixed value for test;
>
>
>

I didn't say the hacker could change the value of a session variable.
But that's not what your problem is.

What I'm referring to is someone hacker registering on your site. Then
at a later time, once he's been authorized, he hacks your site and
starts spamming. But the time you catch him, you've been shut off
because you're a spam relay.

The bottom line here is - NEVER, NEVER, EVER trust data from the user.
Always validate it server side. And always watch for hack attempts.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================