Im building a wordpress plugin for client that does a number of jobs.
My goal is to simply get all the input tags in some html and use the data.
I have some html(that contains inputs)
The user fills the inputs in and clicks save.
Javascript puts the entire htmlinto another hidden input for POSTING purposes.
I then retrieve the html from posted item ie: $_POST["my_html"]
I get the input elements using the DOM. getElementsByTagName.
But the input values are EMPTY.
Am I doing something wrong. Can this be done (above) ?
Why choose such a difficult path? Just submit your form normally and get the values from $_POST. As for your method, my guess (since no code is provided) is that you try to add whole DOM element as a string. You need to set each's elements value (element.value) not the whole element. I could clarify my answer if some code could be provided.
The correct way to serialize a form is not to store its' html markup. You should be storing key-value pairs instead, which can be neatly serialized in a number of ways, JSON being a very popular and easily graspable method.
There's also the possibility of submitting your form directly to the handling script, which has been a working solution since HTML 2.0.
Related
Can we somehow pass the type HTML input attribute value to the $_POST array or grab it anyhow else with PHP?
I am aware that I can create a hidden field and basically put the type of the real input into the value of the hidden field, but this seems a bit like "repeating" work to me.
I want to create a Form, where input values are submitted to the $_POST and I can detect the type of that input without the need to hardcode/map the single inputs to each a type.
In this way I could detect the field type and act upon without the need to create a "map" that maps my custom inputs (by name or ID) to a certain type, which I already declare in HTML form anyway.
It seems a real shortcoming that the type of an input is undetectable in a Form Submit - or perhaps (hopefully) I miss something?
Can we somehow pass the type HTML input attribute value to the $_POST array or grab it anyhow else with PHP?
Not per se.
I am aware that I can create a hidden field and basically put the type of the real input into the value of the hidden field
That is a way to do it.
It seems a real shortcoming that the type of an input is undetectable in a Form Submit
Usually you know what type of data you expect for a given field because you aren't processing them generically, so it would rarely be a useful feature.
perhaps (hopefully) I miss something?
No.
Well here is the breakdown;
GET accessed via $_GET in PHP tackling and POST accessed via $_POST in PHP are transport methods, so is PUT, and DELETE etc for a from it does not matter what method you use it only works on client side and only knows to map every thing in it into serialised query string or at least have it read for being serialised.
For example
<input type="text" id="firstname" name="fname">
it takes the name attribute and converts into this
?fname=ferret
See it didn't even bother with ID attribute. When we hit submit button form will only run through name attributes of each input and make LHS of the with value and add user input as RHS to the value. It will not do anything else at all.
On PHP side we ask $_GET tunnel are there any query strings in the request or $_POST tunnel. Each of these if there is any query string - emphasis on word string. explodes the string into array and gives it you. hence $POST['fname'].
Looks something like this
$_POST = [
fname => 'ferret',
someothingelse => 'someothervalue']
SO what you are trying to do is or at least asking to do is ...make browser change its BOM behaviour - which we cannot in real sense of the matter; to make form add some thing like this.
?fname=ferret,text
?fname=ferret-text
?fname=ferret/text
form by default will not do this, unless you run custom function updating each query before submit and that is pron to what we call escaping, 3/100 time you would miss it given the chance
Then on PHP side you want PHP to figure out on its own that after slash is type like so
$_POST = [
fname => 'ferret/text']
PHP would not do that on its own, unless you fork it make custom whatever like Facebook has done and then run it or at least make some kind of low level library but that too would be after the fact.
in case your not wondering, thats how XSS and injections happen.
SO query string standards are rigid to keep things a string with militaristic data and serialised.
So yes what you intended to do with hidden field is one tested way of achieving what you are want.
Following situation: I have a form with mostly dropdown lists which I populate from a database. There's also a text input field. The form is sent via POST.
What I'm wondering is, is it really necessary to sanitize the $_POST variables (besides the text input field, of course) before putting them in an sql query?
After all, it's not really user input if it came from a drop down list that I created. With $_GET I would understand the recommendation as it would be possible to manipulate the variables being sent. But AFAIK, that's not possible with POST.
Faking a POST is as easy as faking a GET. So, YES, input sanitation is needed.
You can fake using cURL (http://php.net/manual/en/intro.curl.php), but it is even insanely easier to just edit a simple html page, copy & paste your code in it, replace the values of the dropdown with whatever value you want but keeping the address in the action property of the form tag, and then that form will send all that garbage to your unprotected script.
Yes, it's possible, so you need to sanitize your database input.
With most browsers, it'll be difficult, but you can use tools like curl to simulate POST requests, where you have free control over the contents of the variables.
I have a page with three different forms. The second has to have access to the post vars submitted by the
first. The third has to have the cumulative post vars.
Even though an element such as a hidden field has the same id as another form element, it should
be valid if it exists under a different form element, right? I have done this in the past without problem
as far as submission processing, but the xhtml doctype syntax checker in my text editor (BBedit on Mac OSX) marks
the re occurrence of an element id as an error.
To be completely valid with respect to doctype I have to use xhtml transitional to allow name attributes (forms
won't submit with out them)
I don't want to have three different sets of hidden fields to transmit the same values for each different form
That requires huge amounts of redundant processing on the server side.
Thanks for reminding me that I can use the same name attribute and different ids. Sometimes I get wrapped up
in details and loose sight of the bigger picture
By the way, I posted a problem with using one form for the entire setup at:
https://stackoverflow.com/questions/21315920/browser-caching-post-vars
and I have not received any definitive answer there.
The id attribute MUST be unique per document. However, if you simply want various fields to accessible using the same key server-side, simply set the name attribute. name has no such requirement and can differ from the id.
I have two forms on the page. To the user it looks like 1 form, and I actually wish it was one form. But the way I'm trying to reuse code and include things, I can't avoid two forms in the source code... trying to act as one.
I don't want to do ajax submit, I want a normal post submit, my form handler has redirects in it. How can I submit both of these, and get values that make sense on the server side. something like $_POST['form1]['whatever'] $_POST['form2]['thing']
Maybe take all the inputs from form 2, rename all of them with a prefix, and append them to form 1? I can't find a non-messy way of doing this. I don't think I need code, just a plan. Least messy idea wins.
Maybe take all the inputs from form 2, rename all of them with a
prefix, and append them to form 1?
That's exactly what you have to do. Wouldn't be much of an answer without a code sample, so here you go.
$("#form2 :input").appendTo("#form1")[0].submit()
now in php you'll have $_POST['thing'] containing an array with two values. Alternatively you can rename all of the inputs from form2:
$("#form2 :input").attr("name",function(name){
return name + "_form2";
}).appendTo("#form1")[0].submit();
You can try to collect values of one form with jQuery.serializeArray() and then generate hidden inputs with names and values from variable storing result of previously called jQuery.serializeArray() and insert them to second form on submit event of form.
You should be able to combine both forms fields into one single form in PHP. If your code doesn't allow it, it must be in terrible shape.
If you are using simple scripts, you should be able to cut the forms into parts producing the fields, and the other parts producing the form outlines, either as separate scripts, or simply as separate functions.
i.e.:
<?php
function form_body($params) {
// here's the code for echoing fields according to $params
}
function form($params) {
// here's the code to build the form properties
$f_properties = '....';
echo '<form '.$f_properties.'>';
form_body($params);
echo '</form>';
}
?>
Then it's just a matter of combining $params from form1 and form2 to get the definitive form.
If you're using OOP, it's probably very easy to derive a new class containing both forms, and have it output their fields.
This are very simplistic advices, but you don't provide any source to help refactoring, so I can only provide vague/generic code examples.
Going the js way to combine forms on the client side will turn into a lot of problems down the line to maintain and evolve the code, and bring a lot of issues (security not the least of them).
How can I get the values from a html table and pass that to a controller in codeigniter?
I'm passing an array to a view. I walk that array and display its content in a table where the user can alter the table. For example, adding a row, or deleting one, but changing values is a possibility too. But then the user saves the data by pressing the button 'save'.
How do i get the data from the table and pass that to php?
When the "save" button is pressed you trigger a javascript function that uses the DOM to get at the values you want. You "select" a table cell and then use innerhtml to get the string inside it. Using unique html id's on your cells will make this easy. Collect all this data in an array and "send" it to your PHP via an Ajax POST request.
That's one way of going about it. Another way is to use Simplehtmldom where you use PHP instead of JS to get your values. This may be easier / more difficult depending on how good your JS is, but the methods are the same. Simplehtmldom uses a syntax that's quite similar to jquery's and in this case you put the load on the server instead of the client.