Question is similar to this: How to debug a Symfony2 form?
The problem is - on posting data - the data is in $_POST array. Form has the fields and they even have some values.
After handleRequest - those values become nulls.
The form is big, its a lot of work now to minimize the code. I think other developers know where else to look for to see the problem.
I have tried looking in debug bar, but I don't see anything useful - just errors, one of them that field is not filled which is not true because it is in $_POST array.
Stepping inside handleRequest also sounds unproductive with many of those loops going on there and unclear code inside.
I have a problem with Symfony 3.4.
One of ways - check if you have not modified $request wrong way.
I needed to unset some data from request object
if ($policyRef->getUser() !== null && $policyRef->getUser()->getHowDidYouHearAboutUs() !== null) {
// this happens when existing account is signing up in checkout with oauth
$postData = $request->request->all();
unset($postData['checkout']['account_setup']['signup']['howDidYouHearAboutUs']);
unset($postData['undefined']); // todo maybe in frontend unset?
$request->request->set('checkout', $postData['checkout']);
}
By stepping inside handleRequest with xdebug, found out that there is error that form contains extra field 'checkout'.
It was because at first I have done this:
$request->request->set('checkout', $postData);
Probalby also in debug bar should have shown this, but I did not pay attention because there were few errors and I had focused on other fields.
Related
Before anyone tells me to look at other similar posts, I already have and I cannot find any solution to my problem.
I am building a questionnaire for a project, and I am using php 5.6, xampp, phpmyadmin, Phpstorm 2017.1.2 and of course the usual languages html css javacript.
In order to write less code, I used the masterpage method to build my website for the questionnaire.
I therefore have a do-test.php where I put my questionnaire alone and an index.php where I have the main skeleton of the page.
I have my questionnaire form with various fieldsets and their inputs. Lastly I have a input type=submit button that I click and the form is supposed to be submitted. However my $_POST method is not working at all.
The following code does all the work. Unfortunately for reasons yet unknown to me, when the if statement runs, it doesn't even look at the isset or !empty method.
Using an IDE debugger
Debugging the do-test.php without the master-page.: My xdebug (installed in phpstorm), jumps directly from the breakpoint in if statement to the bottom of the page. I tried using an else with a message that "submit is not set" and it shows it before and after submitting the form.
if(isset($_POST['Submit']) && !empty($_POST['Submit'])) {
$results = new Results();
$results->ProcessRequest();
if ($results->isSuccessful()) {
echo "<script type='text/javascript'>
alert('Your data is sent to the server');
</script>";
} else {
echo "<script type='text/javascript'>
alert('Something went wrong.');
</script>";
}
}
My http raw post data is visible but the post array is empty.
Debuggin the do-test.php with the master-page: Gets me 502 bad gateway error
Debug using localhost
Using this code snippet here I tried to see what is going on.
Submitting the form from the master-page or the simple do-test page, gives me the following result:
which means that my post array has all the right variables. All that remains is for the method to be executed and for the data to pass into the db.
My post_max_size and variables_order (advise taken from here) are correct.
magic_quotes_gpc (from this post) are off in php.ini.
Could it be the http modules that interfere with POST as told by GeorgeMillo
here??? If so how do I tamper with those?
Could there be something wrong with my version of phpstorm or the php version?
Any suggestion is welcome. Thank you in advance.
I may have written one thing wrong so I gave the wrong impression. I wrote "when the if statement runs", when in fact, the debugger runs and tries to execute the if statement but it doesnt. Sorry for my bad explanation.
The member "Alive or Die" gave me the simple solution of using
if(count($_POST)>0)
and it works!! So I will stick with that.
Thanks to everyone for your fast comments and for pointing out the obvious when one cannot see it!!
Lets say I have an index.php file and some $_GET variables. After a few hundred lines of code I call a method, with the variables as parameters.
Should I validate the variables on top of everything, or should I validate them inside the class/method I call?
2 things in mind:
Avoiding to validate the variables multiple times, everywhere..
Having multiple sources, not only $_GET, and multiple calls to such a method from different files.
Some code:
<?php
function do_something($string) {
// Validate $string here?
}
// ...or here, before using it?
$result = do_something($_GET['some_string']);
This is a question where's no standard solution possible.
You could write yourself a helper class (i recommend this since this is a solution with less maintanance and best flexibility) which is called at the very first beginning of your index.php file, as some kind as a "contract" which is like:
<?
require_once "validator.php";
$validator = new Validator();
$validated = $validator->validateGet($_GET);
// all the remaining site's php code goes here
?>
this class could return anything you want, such like a boolean indicating whether every variable is okay or not, or an array containing the values with removed tags, etc.
Another barrier for cross site scripting and/or SQL injection should be prepared statements: http://php.net/manual/de/pdo.prepared-statements.php
All your SQL queries should also be contained in a external utilities class called ProductDataAccessObject (ProductDAO) or ProductQuerier, etc., which is also for structural/maintanance reasons.
But there's no rule that says "you must validate your variables at the very first beginning or at time of use"
Validate at the very first point when you are receiving $_GET at the entry level so that you are sure for the below code at later stage as well-
// Validate $_GET['some_string'] HERE
$result = do_something($_GET['some_string']);
If you validate here -
function do_something($string) {
// Validate $string here?
}
then there is a possibility that u miss the validation and it will open a loop hole in the code as validation is available only to the method this time.
If you are setting some values for the database, it is a good practice to double check the data and make it safe from code injections.
You can validate on top of the page your every single variable with a one line
$_GET = array_map("mysqli_real_escape_string",$_GET);
Array_map applies one function over every value of an array which in our case is applying mysqli_real_escape_string to the array $_GET
IMPORTANT:
Please do note this is only for sanitization and not validation
You need to validate every variable by your own, for example if what is being sent in an integer, make sure to use intval to validate it
Refer to this question for more information: Sanitization and Validation
I'm not satisfied with your answers yet, I did not ask HOW to validate, I did ask WHERE to do it.
Here is my own suggestion:
As I think the times for procedural coding in PHP are finally over (!!), I dont have any logic inside of my index.php, all logic goes into controller classes.
So you have a data Sender, and data Reciever.
As a Reciever (not only in PHP, it's something very common in realife, too), I have to validate the information sent by the Sender. The Reciever does not trust anybody (this is important in APIs for example). Therefore, validation has to be inside the methods you create, not at the top of index.php files or outside of a class. Imagine someone else using your method, is he going to validate the arguments, or has it been YOUR task? I think it's up to you, so you (the Reciever!) can throw Exceptions.
I also like to keep my data ($_GET, $_POST, ...) as raw as possible outside of the controller. Imagine you have a method which needs validated data at line 100, and a method at line 200 which needs raw data. Now on liee 5 you changed the raw into sanitized. => You have to keep two variables, $data and $data_raw, which is unnecassary overhead.
Think about it
I'm using Symfony2 and Doctrine 2.
I created a form in Symfony2. But I am not able to get the posted values in the controller. The syntax I use to get the values is:
$block = $request->request->get('txtblock');
You should try to use a var_dump() on $request->request->all(). That way, you can debug what has been send. Most likely, your form/input field has a different name.
You can try to print the content of $_POST. It's not the way Symfony is designed to be, but if $_POST is empty too, I guess the problem is on your form submission.
This may be a n00b topic but, anyways, I have been having a rather difficult and strange time with this bug. Basically I was working on a controller method for a page that displays a form. Basically, I was debugging the form's submitted data by var dumping the form input using codeigniter's $this->input->post function like so:
var_dump($this->input->post('first_name'));
Every other day this has worked, but today I was finding that when I dumped post variables to the browser it would return false as if they had no values even though they did have values when I submitted the form. Then I tried accessing the variables through PHP's POST superglobal array directly like so:
var_dump($_POST['first_name']);
and that returned empty as well so then I tried dumping the entire post array like so:
var_dump($_POST);
and it was empty as well despite the fact that I filled out the entire form. Nevertheless, the records in my MySQL database were being updated (which means that the form was submitting even though my $_POST variables appeared empty).
Also, I reasoned that normally, if I var dumped variables in the controller function before a redirect function call that it should give me a 'Headers already sent' error but it never did. It just redirected me to the supposed success page instead of dumping my variables.
So for the about 2 hours I thought that my POST data wasn't being sent and re-checked the code for errors and began commenting out statements one by one until I could find the culprit statement in my script.
Finally, I commented out a chunk of code that sets a success message an redirects, like so:
/*
if($record_updated_successfully)
{
$this->session->set_flashdata('success', $this->lang->line('record-updated-successfully'));
}
redirect('admin/success_page');
*/
and only then did the script start dumping out all my previous variable dumps using codeigniter's $this->input->post function as well as the $_POST superglobal array.
So ok, if the script does indeed redirect me despite the variable dumps sending output before headers are sent then I can see why the $_POST variables would appear empty.
So then the real question is why the script would still redirect despite my sending of output before headers are sent? Has anyone ever experienced this?
Any help with this would be appreciated.
EDIT: with respect to loading the view here's a simplified version of my script looks like
with the debugging var dump statements:
function some_controller_method() {
var_dump($this->input->post());
var_dump($_POST);
// some code
if($this->input->post('form_action') == 'update record') {
// code that runs when the form is submitted
/*
* ...
*/
if($record_updated_successfully)
{
$this->session->set_flashdata('success', $this->lang->line('record-updated-successfully'));
}
redirect('admin/success_page');
}
$this->load->view('my-view-file.php');
}
While I can't be sure, I'm going to assume you were outputting things like the var_dump() in your view file. A view is not executed at the time you call it, for example:
$this->load->view('some_view');
echo "hi!";
In a controller will not result in the contents of some view followed by "hi". It will results in "hi" followed by the contents of some view. The view is actually output after everything else in the controller has run.
This is the only thing that comes to mind with the information you've presented. I'd have to see more code to offer a different diagnosis.
I had "the same" problem and I found an unset() function in a loop in my code. Perhaps this will help.
As usual, I thought something in the Drupal forms API would be simple... what was I thinking?
Problem
I have a block that outputs a form via drupal_get_form(). Somehow in the block's display function, I want to check whether the form failed validation (i.e. has any errors that were set by form_set_error() in my form's validation function).
Tried so far...
checking $_SESSION['messages']['error'] in block display function - but they are gone by then
checking $_POST in block display function - nothing useful here
checking form_get_errors() in mymodule_preprocess_page() - empty
checking form_get_errors() in mytheme_preprocess_page() - empty
I am confused by my calls to form_get_errors() being empty. It calls form_set_error() with no args - which leaves $reset = FALSE, thus the static var that holds the form errors does not get cleared. So I don't know where that var is getting reset - somewhere by another forms api function? - so that by the time I call it in my module or theme, it's empty.
help?
So, does anyone know at what point (preprocess functions?) I can call form_get_errors() before the static var is cleared? Or have another idea how to check for form errors in the block that displays the form? (By the way - I am fairly sure I could check this easily once I am inside my function that drupal_get_form() calls... but I need to know about the errors in the enclosing block display function.)
This is ugly as all get out but it should work.
$form['#validate'][] = '_error_preservation_helper';
...
function _error_preservation_helper($form, &$form_state) {
$GLOBALS['_error_preservation_helper'] = form_get_error();
return true;
}