In a form(in Drupal) I want to have a temporary field that there is no need to save it's value in database. So I need a way to prevent form from sending the field's value to $_POST array. Is it possible?
If it's outside the form being submitted, it won't be sent by the browser.
If it doesn't have a name, it won't be sent by the browser.
If it is disabled, it won't be sent by the browser.
See Form submission: Successful controls for the complete rules.
That said, your approach is very very wrong. You shouldn't decide what to put in a database based on what comes from the client. The client can send you anything!
Just don't give it the name="" attribute.
You can also exclude it from the $_POST array when placing it in the database
Related
I have a form that the user will submit multiple values to PHP via POST.
The PHP takes the input and if the data entered is valid, it will display a second form for the user to fill out.
After the user has filled out the second form, I need to process the data that was entered in the first form again as well as the data entered in the second form.
What is the best way to access the form data from the first PHP form?
Should I put each value into its own SESSION variable and access it when I need it again later?
I just wasn't sure if this is the best/cleanest way to accomplish this task.
Thanks!
I like the idea of sticking it in the $_SESSION, but depending on your validation needs, it might be better for you to simply use client-side (javascript) validation and some conditional logic to reveal additional form fields. Then you only have one efficient post to the server with all necessary information.
I think it should go without saying, but nevertheless, once it does post to the server you want to re-validate and sanitize the data.
I have worked on very large form and it’s submitting results to mysql very well. But I want to show confirmation of the entered form data so users can update it if there are any changes required before submitting it to mysql.
What should I use to achieve this? $_POST or $_SESSION? Please let me know your suggestions.
Definitely $_POST is the choice as it will not required to store again in sessions.
Just show the confirmation, if user selects yes, then you can insert them from the $_POST variable which you already have stored.
A combination of both?
When the user submits the form, use $_POST to get the parameters and prolly some validation if you don't let javascript do it for you.
Display those parameters in another page together with the confirm button.
You can keep the input in the $_SESSION for a while and when the user confirms, send it to mysql.
You should use JAVASCRIPT validation for check validation of this form and if all fields having valid values then Submmit form via POST method.Now you will get all your fields in $_POST.
Thanks.
use POST for the non-cookie, non-javascript solution
the confirm page will have the previous form data in hidden field and the data will be submitted again with the Yes button
here is a simple sample using jquery http://jsfiddle.net/robx/QBt5L/. Not formatted for anything, but you can get an idea from it, plus as mentioned, you should also consider JQuery validation for form validating to increase error submissions in required fields.
I need to validate a form in php and display some error messages in the view if there are validation errors. The problem is that once the form is submitted, sending the user back to the page will clear all the of the completed form fields. Is there a simple way to not lose the unvalidated form data?
The only solution I can come up with is reverse engineering the $_POST variable, but I'd like a more elegant way to do it.
Don't send the user anywhere, but re-render the form right where you are, pre-populating the form with the entered values. That would be the most common method.
The second way would be storing the values in session variables, but that should be the last resort if the project structure doesn't allow for the first approach.
Validate on the client side.
If you must validate on the server side, made an ajax call (so you won't have to refresh the page) to the server with the elements you want to validate. Make the validations you need and return an answer back to the page (is valid or not).
If answer is valid, you can proceed (Note: you may not need to return to the page after the validation, if all the elements you need to proceed are also the ones validated).
If it's not valid, the answer should return the invalid elements (and possibly a error message for each) so that you can display the error messages you want.
If in php code that you use to prepare the form you always set field values to whatever exists in $_POST array, then in validation code you can simply conditionally include that form file and it will render itself with user values. When you render the form the first time (empty form) $_POST will not have elements with field names, and the form will be empty.
I have a ton of data collection forms on my website, and I wrote a PHP script to handle all the data. All the forms have that one script as their action, and POST as the method. The handler emails a copy of the data to me, and I'd like for the emails I get to contain the URL of the form where they originated. Is there any way in PHP to get the url of the form which was submitted to the script? Or do I have to add an extra hidden field in every form with its URL?
Send the following variable in the email as well:
$_SERVER['HTTP_REFERER']
If you want to ensure that posts only arrive from your own form, you could put a one-time token on the form in a hidden field to validate.
I've been trying to use jQuery to grab the information from $_POST and return the user back to the actual form if their email address already exists in the system, however I can't seem to get jQuery to grab the php variable $post (which has all the information from $_POST) and spit them back to the original form. Could someone help me out please? :)
**************** EDIT ****************
So here's the basic structure.
Form: Name, Email, Address.
Submitting the form calls a php function to check if user exists in the database. If the email address is in the database, I want it to say "sorry this email already exists, click here to try again".
After clicking on the link to try again, I want the form to re-display with the fields they just typed in to display again. <- this is what I thought jQuery could do to re-post the information back to the form page..?
If the user doesn't exist, the user is saved into the database.
Does that make more sense?
From the sound of your question what you're trying to do doesn't make sense. This is because PHP is a server side language while Javascript is a client side (in the browser). This means that Javascript, and therefore jQuery, don't have access to PHP's variables ($_POST included).
There are two common ways to solve this:
Have PHP generate the form. You would output the values from $_POST, or another data location, into the form (ex., echo the variable into the input tag's value attribute). This is by far the easiest method. For example: printf('<input type="text" name="foo" value="%s"/>', $someCleanVariable);
Have the PHP generate JSON or XML, and use AJAX to get the data from the PHP script. You would have to parse out the values into the form. This is basically the same as the previous example, except it's more portable: you can have any source consume the data instead of just your form.
However, make sure that you protect your users when doing this: you need to clean the data that you're sending back to the user to make sure that there is no HTML, Javascript, or other malicious code in it. You don't want people being able to alter the look of your page by passing it data. See Cross-site Scripting Attacks.
Cheers.