NO book i read did sticky form correctly

the sticky form is that if validation didn't pass, re-display the form
with the value in the text input again (and for other input field as
well...)

no book I read did it correctly so far. (just for the text input)

to reduce the problem, how about write a PHP program that will submit
to itself, so that

typing in

foo "bar" foo

and click "Submit" and the form will re-display the form with

foo "bar" foo

already typed in, kind of like what Google will behave.

Of the few books I read, none of them has a correct solution. If you
know which book has a correct solution to this, please point me to it.

Re: NO book i read did sticky form correctly

On Oct 13, 5:18 am, Summercool wrote:
>
> typing in
>
> foo "bar" foo
>
> and click "Submit" and the form will re-display the form with
>
> foo "bar" foo

and that

foo 'bar' foo

should work too.

Re: NO book i read did sticky form correctly

..oO(Summercool)

>the sticky form is that if validation didn't pass, re-display the form
>with the value in the text input again (and for other input field as
>well...)
>
>no book I read did it correctly so far. (just for the text input)
>
>to reduce the problem, how about write a PHP program that will submit
>to itself, so that
>
>typing in
>
> foo "bar" foo
>
>and click "Submit" and the form will re-display the form with
>
> foo "bar" foo
>
>already typed in, kind of like what Google will behave.
>
>Of the few books I read, none of them has a correct solution.

What makes you think that they're not correct? What have you tried so
far? What problems do you have?

Actually this is a pretty simple task, in fact the PHP code for a single
input field could be reduced to a single line if necessary. So I'm quite
curious how it's done in your books.

Micha

Re: NO book i read did sticky form correctly

On Oct 13, 5:29 am, Michael Fesser wrote:

> Actually this is a pretty simple task, in fact the PHP code for a single
> input field could be reduced to a single line if necessary. So I'm quite
> curious how it's done in your books.

Re: NO book i read did sticky form correctly

..oO(Summercool)

>On Oct 13, 5:29 am, Michael Fesser wrote:
>
>> Actually this is a pretty simple task, in fact the PHP code for a single
>> input field could be reduced to a single line if necessary. So I'm quite
>> curious how it's done in your books.
>
>

Re: NO book i read did sticky form correctly

Summercool wrote:
> On Oct 13, 5:29 am, Michael Fesser wrote:
>
>> Actually this is a pretty simple task, in fact the PHP code for a single
>> input field could be reduced to a single line if necessary. So I'm quite
>> curious how it's done in your books.
>
>

Re: NO book i read did sticky form correctly

On Oct 13, 6:20 am, Michael Fesser wrote:
>
> Fix: Use htmlspecialchars() to escape any special chars in $_GET['val']
> before printing it out. See the manual for details about the possible
> parameters.

so you think using that will make it work? i don't know why but i
tried that and it didn't work in Firefox and IE. the foo "bar" foo
will come back as foo \"bar\" foo and click once more will get more
"\".

Re: NO book i read did sticky form correctly

On Oct 13, 6:20 am, Michael Fesser wrote:

> 2) It doesn't check if there's a submitted value at all. The first call
> of that page would throw a notice.
>
> Fix: Check with isset($_GET['val']) if there is something at all before
> using it. Such checks should be done for _all_ submitted variables.


it would? i thought it would just evaluate to nothing and prints out
nothing.

Re: NO book i read did sticky form correctly

On Oct 13, 6:25 am, Jerry Stuckle wrote:
> Change
>
> ">
>
> to:
>
> ">

one essential thing is to make foo "bar" foo
and foo 'bar' foo both work

Re: NO book i read did sticky form correctly

Summercool wrote:
> On Oct 13, 6:25 am, Jerry Stuckle wrote:
>> Change
>>
>> ">
>>
>> to:
>>
>> ">
>
> one essential thing is to make foo "bar" foo
> and foo 'bar' foo both work
>
>
>

It will work. Michael's comments are also valid, but aren't stopping
your code from working.

It sounds like you're running with magic_quotes enabled. It's a setting
I wish they would have never had, and I recommend you turn it off.

If you can't turn it off, check the stripslashes() call.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: NO book i read did sticky form correctly

On Oct 13, 7:05 am, Jerry Stuckle wrote:
>
> It sounds like you're running with magic_quotes enabled. It's a setting
> I wish they would have never had, and I recommend you turn it off.

i checked phpinfo()

yes, magic_quotes_gpc is on, and it is said that it is the default
setting.

magic_quotes_runtime is off by default.
magic_quotes_sybase is off.

so shouldn't we work with the default setting? like if i use a
hosting company like Dreamhost, we can't ask them to turn off just for
us.

Re: NO book i read did sticky form correctly

Summercool wrote:
> On Oct 13, 7:05 am, Jerry Stuckle wrote:
>> It sounds like you're running with magic_quotes enabled. It's a setting
>> I wish they would have never had, and I recommend you turn it off.
>
> i checked phpinfo()
>
> yes, magic_quotes_gpc is on, and it is said that it is the default
> setting.
>
> magic_quotes_runtime is off by default.
> magic_quotes_sybase is off.
>
> so shouldn't we work with the default setting? like if i use a
> hosting company like Dreamhost, we can't ask them to turn off just for
> us.
>
>
>
>

I always run with magic_quotes_gpc off. If a host is running with it
on, just find another host. They're a dime a dozen.

You can check to see if they are on or off with get_magic_quotes_gpc().

But I always run with them off - why add slashes if you just need to
take them away again? And if I want to add them, I can (and will).

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: NO book i read did sticky form correctly

On Oct 13, 7:05 am, Jerry Stuckle wrote:
>
> It sounds like you're running with magic_quotes enabled. It's a setting
> I wish they would have never had, and I recommend you turn it off.

i checked phpinfo()

yes, magic_quotes_gpc is on, and it is said that it is the default
setting.

magic_quotes_runtime is off by default.
magic_quotes_sybase is off.

so shouldn't we work with the default setting? like if i use a
hosting company like Dreamhost, we can't ask them to turn off just for
us.

Re: NO book i read did sticky form correctly

Summercool wrote:
> On Oct 13, 7:05 am, Jerry Stuckle wrote:
>> It sounds like you're running with magic_quotes enabled. It's a setting
>> I wish they would have never had, and I recommend you turn it off.
>
> i checked phpinfo()
>
> yes, magic_quotes_gpc is on, and it is said that it is the default
> setting.
>
> magic_quotes_runtime is off by default.
> magic_quotes_sybase is off.
>
> so shouldn't we work with the default setting? like if i use a
> hosting company like Dreamhost, we can't ask them to turn off just for
> us.
>
>
>
>

I already answered you once. Did you read the answer?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: NO book i read did sticky form correctly

On Sun, 14 Oct 2007 16:43:09 +0200, Summercool
wrote:

> On Oct 13, 7:05 am, Jerry Stuckle wrote:
>>
>> It sounds like you're running with magic_quotes enabled. It's a setting
>> I wish they would have never had, and I recommend you turn it off.
>
> i checked phpinfo()
>
> yes, magic_quotes_gpc is on, and it is said that it is the default
> setting.
>
> magic_quotes_runtime is off by default.
> magic_quotes_sybase is off.
>
> so shouldn't we work with the default setting?

Not neccesarily, that's why they're called settings. The only thing one
should do is trying to create code as independant from settings as
possible.

> like if i use a
> hosting company like Dreamhost, we can't ask them to turn off just for
> us.

PHP settings in Apache can easily be set per virtual host, no other client
on the server need ever be troubled by them. Apache even supports setting
them in a per directory .htaccess files (which I often use on little
project on third-party servers to whip them into shape).

Prices for hosting as they are now, I can recommend anyone being
moderately serious about their site just to pay for a VPS. It's still dirt
cheap and one has close to total control.
--
Rik Wasmus

Re: NO book i read did sticky form correctly

On Oct 14, 10:43 am, Summercool wrote:
> On Oct 13, 7:05 am, Jerry Stuckle wrote:
>
>
>
> > It sounds like you're running with magic_quotes enabled. It's a setting
> > I wish they would have never had, and I recommend you turn it off.
>
> i checked phpinfo()
>
> yes, magic_quotes_gpc is on, and it is said that it is the default
> setting.
>
> magic_quotes_runtime is off by default.
> magic_quotes_sybase is off.
>
> so shouldn't we work with the default setting? like if i use a
> hosting company like Dreamhost, we can't ask them to turn off just for
> us.


PHP6 will no longer support magic quotes,along with register globals
and "safe mode". Some of these may be enabled by default on some PHP
versions, but you should disable them and not rely on them
whatsoever. Take a look at the link below for these changes as well
as reasons why they are going this way from the PHP hackers
themselves.

http://www.php.net/~derick/meeting-notes.html

Re: NO book i read did sticky form correctly

In our last episode, <1192381352.545068.4220@v23g2000prn.googlegroups.com>,
the lovely and talented ELINTPimp broadcast on comp.lang.php:

> On Oct 14, 10:43 am, Summercool wrote:
>> On Oct 13, 7:05 am, Jerry Stuckle wrote:
>>
>>
>>
>> > It sounds like you're running with magic_quotes enabled. It's a setting
>> > I wish they would have never had, and I recommend you turn it off.
>>
>> i checked phpinfo()
>>
>> yes, magic_quotes_gpc is on, and it is said that it is the default
>> setting.
>>
>> magic_quotes_runtime is off by default.
>> magic_quotes_sybase is off.
>>
>> so shouldn't we work with the default setting? like if i use a
>> hosting company like Dreamhost, we can't ask them to turn off just for
>> us.


> PHP6 will no longer support magic quotes,along with register globals
> and "safe mode". Some of these may be enabled by default on some PHP
> versions, but you should disable them and not rely on them
> whatsoever. Take a look at the link below for these changes as well
> as reasons why they are going this way from the PHP hackers
> themselves.

> http://www.php.net/~derick/meeting-notes.html

Note to self: do not upgrade to PHP 6. They have broken it in order to
cater to morons.

--
Lars Eighner
Countdown: 463 days to go.
What do you do when you're debranded?

Re: NO book i read did sticky form correctly

On Oct 14, 5:03 pm, Lars Eighner wrote:
> In our last episode, <1192381352.545068.4...@v23g2000prn.googlegroups.com>,
> the lovely and talented ELINTPimp broadcast on comp.lang.php:
>
>
>
> > On Oct 14, 10:43 am, Summercool wrote:
> >> On Oct 13, 7:05 am, Jerry Stuckle wrote:
>
> >> > It sounds like you're running with magic_quotes enabled. It's a setting
> >> > I wish they would have never had, and I recommend you turn it off.
>
> >> i checked phpinfo()
>
> >> yes, magic_quotes_gpc is on, and it is said that it is the default
> >> setting.
>
> >> magic_quotes_runtime is off by default.
> >> magic_quotes_sybase is off.
>
> >> so shouldn't we work with the default setting? like if i use a
> >> hosting company like Dreamhost, we can't ask them to turn off just for
> >> us.
> > PHP6 will no longer support magic quotes,along with register globals
> > and "safe mode". Some of these may be enabled by default on some PHP
> > versions, but you should disable them and not rely on them
> > whatsoever. Take a look at the link below for these changes as well
> > as reasons why they are going this way from the PHP hackers
> > themselves.
> >http://www.php.net/~derick/meeting-notes.html
>
> Note to self: do not upgrade to PHP 6. They have broken it in order to
> cater to morons.
>
> --
> Lars Eighner
> Countdown: 463 days to go.
> What do you do when you're debranded?


Lars,

These "features" (magic quotes, registered globals, etc) were intended
to do generic work to make life easier/more secure for the masses. In
PHP6, they are undoing the damage they have done in this "catering to
morons", as you put it. PHP4 is dead on 8 August 2008. Yes, that's
still almost a year away, and yes, PHP4 was carried for quite a bit
longer than most people thought it should have been...but one day,
PHP5 will be in that place. I think it's wise to always write your
code with the future in mind, giving it the longest lifespan it can
have (or at least not influence others that may be learning PHP to the
contrary). To disregard PHP6 by labeling it 'broken' and infering it
is written for morons does nothing for you or to advance the PHP
community.

If you read a little of the discussions at the link I provided above,
perhaps you will have more appreciation for the work that goes on,
mostly unpaid, behind the scenes to make your life better.

Regards,

Steve

Re: NO book i read did sticky form correctly

In our last episode, <1192398356.112848.54740@q5g2000prf.googlegroups.com>,
the lovely and talented ELINTPimp broadcast on comp.lang.php:

> If you read a little of the discussions at the link I provided above,
> perhaps you will have more appreciation for the work that goes on,
> mostly unpaid, behind the scenes to make your life better.

I did read it. The summary is: morons won't read the manual so we have to
save them from themselves by getting rid of this stuff.

--
Lars Eighner
Countdown: 463 days to go.
What do you do when you're debranded?