This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Check if multiple strings are empty
today i got this answer here on stackoverflow:
<input type="text" name="required[first_name]" />
<input type="text" name="required[last_name]" />
...
$required = $_POST['required'];
foreach ($required as $req) {
$req = trim($req);
if (empty($req))
echo 'gotcha!';
}
This is ok, but what if someone change
name="required[first_name]"
To
name=""
Then i will have some data missing in further code (i use form to send submited data to email). How to fix this?
Yes, someone can change the html that submits to your code. So you have to check for the existence of everything you want to have in the code that handles the form. Lots of beginners want to automate that away by looping through $_POST or $_GET. And they almost always miss something or end up with code just as complicated, but harder to read, than just checking each input you want.
Loop through the $_GET array and check if any variables are "" or start with something other than required, and then just error out.
You should always validate data on the server side (i.e. in PHP).
You should list the required field in PHP and check them in PHP.
Never trust user data.
Related
This question already has answers here:
what does a question mark mean before a php form action
(4 answers)
Closed 2 years ago.
Can someone explain to me what is the use of ?action=add&code= and what they do in the code below? I have tried to search it on Google but they gave me HTML action atribute instead.
<form method="post" action="index.php?action=add&code=<?php echo $product_array[$key]["code"]; ?>">
Sorry for the noob question.Thanks for the reply.
Those are called query string values or parameters, they are one of several potential parts of a URL. Each key/value pair provides information that the server-side code can use when constructing the response to send back to the client. (Or the server-side code could even simply ignore them, they have no harmful effect.)
For example, given this key/value pair on the query string:
action=add
In the server-side code you can get the value "add" by fetching it from the query string by its key:
$action = $_GET["action"];
// $action now contains the string "add"
Presumably the logic in the code would then do something based on that value.
action is the name of a "normal" GET variable $_GET['action'].
You must look in the further code to see where it appears and what it is used for.
There is no standard for that
In the url after ? we can pass the values onto another webpage which can be used further.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 3 years ago.
Improve this question
Let's say I have a php variable $post_index = 'myInput'.
Assuming that <input name="myInput"> exist, I then use this php variable on $_POST[$post_index].
Whenever I submit the form and get the value from <input name="myInput"> with the same name as the string in $post_index it works but when I use isset() to check if the form has an input with that name, isset($_POST[$post_index]), isset() returns nothing compared to isset($_POST['myInput']) which returns a 1.
The reason why I am trying to get this to work is because I have a while loop that checks if an input field exist on a dynamically increasing number of fields monitored by an incrementing variable.
<?php
if(isset($_POST['submit-data'])){
$i = 1;
$varcheck = 'part_number'.$i;
echo "<script>alert('".isset($_POST[$varcheck])."');</script>"; //this shows nothing
echo "<script>alert('".isset($_POST['part_number1'])."');</script>"; //this shows "1"
}
?>
<form action="" method="post">
<input name = "part-number1">
<button type="submit" name="submit-data" id="submit-data">Submit</button>
</form>
Why is this the case and how do I work around this using only php?
Edit: Added the code
Edit: Answered - Typographical Error
If I understand your question correctly, you are saying that when you check for the existence of an array key, it only works when you explicitly type in the key name. It does not work when you assign that key to a variable and then use that variable in the check, right?
If so, then the variable is not holding what you think it is. Here is a hard coded example showing that it would work if the variable holds the value you expect.
<?php
$array = [
'key' => 'value'
];
var_dump(isset($array['key']));
$keyStoredInAVariable = 'key';
var_dump(isset($array[$keyStoredInAVariable]));
Output
bool(true)
bool(true)
Why is this the case and how do I work around this using only php?
You don't need a work around. You need to figure out why that variable isn't holding what you think it is. But you haven't given us enough info to help you figure out that reason.
You are sending this data from html (within a form or an xmlhttrequest)?
or are you trying to set the $_POST[] variable manually as $_POST[$post_index]?
If I'm not wrong, your answer is the second one, $_POST only receive request sent by the $_POST protocol, you can't assign it as a common variable in the same php file
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
Here is the HTML Form:
<form action="imagematch.php" method="get">
Input Route Number: <input type="text" name="N" />
<input type="submit" />
</form>
And here is the PHP file:
<?php
if(isset($_GET[āNā]))
{
$N = $_GET[āNā];
}
?>
Right now, it is reading the PHP file but it isn't reading the "N" argument correctly.
As best we can tell, the issue seems to be the type of quotes you are using around the letter 'N'. This is very common when copying code from webpages. The angled/curly quotes used in webpages aren't interpreted the same as quotes expected and accepted in most programming languages. If you look at this article, you can see the difference. Note you want to do the opposite of what they recommend as they are making recommendations for publications and not code. You want to use straight quotes only in code.
As a separate recommendation, as mentioned by joeDaigle, you should use the GET method for when you are GETting (or reading) information, and use PUT when PUTting (or writing/updating) information. You can read this RFC for more details, but the main reason is that browsers treat GET and POST requests differently (note when you refresh a regular webpage, versus when you refresh a page after submitting a POST form and your browser prompts asking if you're sure).
This question already has answers here:
How to pass variables received in GET string through a php header redirect?
(8 answers)
Closed 7 years ago.
I have two pages in php ,one of them is exam page(exam.php) and another is result page(result.php), the result is calculated in exam page and must be sent to result page to display.(I don't have a form)
to send the result, Inside exam.php ,I write, header("location:result.php?result");
and to get the result inside result.php ,I write, $newresult=$_GET['result'];
but I receive error,and result didn't sent to the result page.
would you please guide me?
Using a URL to pass parameters can be done like so.
HTML
<a href='yourPage.php?name=Script47'>Send Variable</a>
PHP
<?php
if (isset($_GET['name') && !empty(trim($_GET['name'])) {
$name = htmlspecialchars(trim($_POST['name']), ENT_QUOTES);
}
?>
Explanation
The HTML is fairly simple, we create a link which holds a parameter specified after the page extension (?name=[...]).
The PHP first checks if the name parameter which was passed isset to prevent an undefined index error, and we check if it isn't empty. The trim function removes white spaces so an string with a space isn't outputted (" "). When we know that the string has a value in it we sanitize it (never trust user input) and then we output it.
Reading Material
htmlspecialchars();
trim();
empty();
isset();
Try use session
exam.php
<?php
session_start();
$_SESSION['result'] = $result;
?>
result.php
<?php
session_start();
echo $_SESSION['result'];
?>
This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
The ultimate clean/secure function
When it comes to sanitizing POST/GET data could we just program a loop to go through all set variables in a universal php include file and never had to worry about it in code?
I have always done a function called sanitize to do this but this seems to make sense.
You may be better off creating a function in your application that would do it when needed. Then you'll still have the original posted values in case you need them and you can modify the function as needed based on what youre cleansing by passing it options. For example:
function getPostField($field)
{
// all your sanitation and isset/empty checks
$val = sanitize($_REQUEST[$field]);
// ...
return $val;
}
Yes, of course. Some frameworks do this automatically and store the sanitized REQUEST variables in a different array or object, so the original data is still available should it ever be required.