I'm finishing up a small contact form and had a question about providing default values for $_POST. The reason I'm asking about default values is because within my form I have fields like this:
<input type="text" name="fullname" value="<?php echo $_POST['fullname']; ?>" />
Clearly I would like to retain the submitted value if I do not permit the data to clear. This raises errors when the page is first loaded, since there is no value for $_POST['fullname'].
To my question: is there anything I should be concerend about providing default values to the $_POST array like I'm doing in the next code-sample:
$_POST += array(
'fullname' = '',
);
If $_POST['fullname'] already exists, it will be retained - if it doesn't, it will be created within the array. This way, upon loading the form, blank values will be presented in the input fields.
Don't worry, all
I sanitize my data
Thank you for the help
Even if you are doing so, put that data in your container, do not modify superglobals. Create class that'll contain your data - then you'll have the interface do sanitize, manipulate and get it te proper way. Import data from $_POST and then validate, if all necessary values are in.
As for code:
<?php
class PostData
{
private $data;
public function __construct(array $data)
{
$this->data = is_array($data)
? $data
: array();
}
public function set($key, $value)
{
$this->data[$key] = $value;
}
public function get($key, $default, $escaping)
{
if(isset($this->data[$key]))
{
switch($escaping)
{
case 'htmlspecialchars':
{
return htmlspecialchars($this->data[$key]);
break;
}
case 'mysql_real_escape_string':
{
return mysql_real_escape_string($this->data[$key]);
break;
}
// and so on, your invention goes here
default:
{
return $this->data[$key];
}
}
}
else
{
return $default;
}
}
}
$postData = new PostData($_POST);
Create function:
function displayValue($field) {
if(isset($_POST[$field])) {
echo 'value="' . htmlentities($_POST[$field]) . '"';
}
}
And then use like:
<input type="text" name="fullname" <?php displayValue('fullname'); ?> />
You can also do it like this:
<?php echo empty($_POST['fullname']) ? null : $_POST['fullname']; ?>
Related
i am beginner php programmer, iv been trying to create a small program that takes input from a forum and then after submission i want it to be printed on the screen. simple and easy i thought, iv been trying and suspiciously it seems to work fine for 1 text field, when i added the remaining 2 text fields called [fam][user] my code stops returning the content to the screen. also i started to recieve an error of an unindex array, therefore i had to use isset to counter this problem, and also, why does my code call the destructor although i never implicitly set my destructor. i dont know how to ask these questions because the errors arent consistent.
code doesnt print my [name][fam][user]
code prints [name] when everything about [fam][user] are ommited from the code.
-code sometimes called the destructor
-code doesnt clear html previous input(e.g, when working with the one text field, lets say i input the [name] john, and click submit it
displays submit, then,i refresh the page, and the name john is still
displayed, why doesnt the destructor clear the memory of name from my
submission.
<form class="nameform" action="book.php" method="post">
<input type="text" name="Name" value="1">
<input type="text" name="Fam" value="2">
<input type="text" name="User" value="3">
<input type="button" name="submit" value="Submit">
</form>
private $name; private $familyName; private $userName;
function __construct($names,$familyNames,$userNames)
{
$this->name = $names;
$this->familyName = $familyNames;
$this->userName = $userNames;
}
function getName()
{
return $this->name;
}
function getFamilyName()
{
return $this->familyName;
}
function getUserName()
{
return $this->userName;
}
public function __destruct()
{
echo "destroyed again";
$this->name;
$this->familyName;
$this->userName;
}
}
if(!isset( $_POST["Name"])||!isset($_POST["Fam"])||!isset($_POST["User"]))
{
echo "Please fill in the data";
} else {
$p1 = new Person($_POST["Name"],$_POST["Fam"],$_POST["User"]);
print $p1->getName();
print $p1->getFamilyName();
print $p1->getUserName();
print_r($_POST);
}
// $n = $_POST["Name"];
// $f = $_POST["Fam"];
// $u = $_POST["User"];
// $p1 = new Person($_POST["Name"],$_POST["Fam"],$_POST["User"]);
?>
code doesnt print my [name][fam][user]
You never echo them out of the destuctor
public function __destruct()
{
echo "destroyed again";
$this->name; //<---- does nothing
$this->familyName;
$this->userName;
}
So I am not sure what this is supposed to do. You have them down at the bottom
print $p1->getName();
print $p1->getFamilyName();
print $p1->getUserName();
But the only thing you'll get from the destruct method is
"destroyed again"
And you will only see that if everything in the form is set. Which it always is when the form is submitted, because type text is always submitted with its form.
Which brings me to this, you should be checking empty instead of isset there
if ('POST' === $_SERVER['REQUEST_METHOD']) { //check if POST
if(empty($_POST["Name"])||empty($_POST["Fam"])||empty($_POST["User"])){
echo "Please fill in the data";
} else {
$p1 = new Person($_POST["Name"],$_POST["Fam"],$_POST["User"]);
print $p1->getName();
print $p1->getFamilyName();
print $p1->getUserName();
print_r($_POST);
}
}
Note that anything falsy will be empty, false, [], '', 0, '0', null etc.
I don't know if this solves all of you problems, but these things could produce some of the behaviour you are experiencing.
Another more advance way to check these is like this:
if ('POST' === $_SERVER['REQUEST_METHOD']) { //check if POST
$post = array_filter( $_POST, function($item){
return strlen($item); //any thing of a length of 0 is removed
});
if(count($post) != count($_POST)){
foreach(array_diff_key( $_POST, $post) as $missing=>$empty) {
echo "Please fill in $missing\n";
}
}else{
$p1 = new Person($_POST["Name"],$_POST["Fam"],$_POST["User"]);
print $p1->getName();
print $p1->getFamilyName();
print $p1->getUserName();
print_r($_POST);
}
}
Output
Please fill in Name
Please fill in Fam
You can test it online Here
Cheers!
I have situation where codeigniter shows database Error Number 1048. It seems Values NULL but when I try to check it usign var_dump($_POST) Values are not NULL.
Controller : Jurusan.php
public function simpan()
{
$this->form_validation->set_rules('code','Kode','required|integer');
$this->form_validation->set_rules('jurusan','Jurusan','required');
$this->form_validation->set_rules('singkatan','Singkatan','required');
$this->form_validation->set_rules('ketua','Ketua','required');
$this->form_validation->set_rules('nik','NIK','required|integer');
$this->form_validation->set_rules('akreditasi','Akreditasi','required');
if($this->form_validation->run() == FALSE)
{
$isi['content'] = 'jurusan/form_tambahjurusan';
$isi['judul'] = 'Master';
$isi['sub_judul'] = 'Tambah Jurusan';
$this->load->view('tampilan_home',$isi);
} else {
$this->model_security->getSecurity();
$key = $this->input->post('code');
$data['kd_prodi'] = $this->input->post['code'];
$data['prodi'] = $this->input->post['jurusan'];
$data['singkat'] = $this->input->post['singkatan'];
$data['ketua_prodi'] = $this->input->post['ketua'];
$data['nik'] = $this->input->post['nik'];
$data['akreditasi'] = $this->input->post['akreditasi'];
$this->load->model('model_jurusan');
$query = $this->model_jurusan->getdata($key);
if($query->num_rows()>0)
{
$this->model_jurusan->getupdate($key,$data);
} else {
$this->model_jurusan->getinsert($data);
}
redirect('jurusan');
}
}
Model : model_jurusan.php
class Model_jurusan extends CI_model {
public function getdata($key)
{
$this->db->where('kd_prodi',$key);
$hasil = $this->db->get('prodi');
return $hasil;
}
public function getupdate($key,$data)
{
$this->db->where('kd_prodi',$key);
$this->db->update('prodi',$data);
}
public function getinsert($data)
{
$this->db->insert('prodi',$data);
}
}
Here is the error shown :
Here is the database structure :
You have a wrong syntax in these lines:
$key = $this->input->post('code');
$data['kd_prodi'] = $this->input->post['code']; // <-- use ('code')
$data['prodi'] = $this->input->post['jurusan']; // <-- use ('jurusan')
Change this to
$this->input->post['array_key'];
this
$this->input->post('array_key');
Read : Input Class in Codeigniter
Well the problem lies in your way of accepting input parameters.
$this->input->post
is a method which accepts the variable name, not an array. So all the input parameters need to be passed as a function parameter to post method. These lines need to be altered to.
$data['kd_prodi'] = $this->input->post('code');
$data['prodi'] = $this->input->post('jurusan');
$data['singkat'] = $this->input->post('singkatan');
$data['ketua_prodi'] = $this->input->post('ketua');
$data['nik'] = $this->input->post('nik');
$data['akreditasi'] = $this->input->post('akreditasi');
Hope this solves the problem.
EDIT:
You did a var_dump($_POST) which works as it is supposed to and it will read the values of the post parameters. So either you fetch the parameters from $_POST array, or you use the $this->input->post() method. But I would suggest using the $this->input->post() method as it provides additional sanitization such as xss attack handling etc, which could be turned on an off from the config.
i have tried your code...it works. I think there some mistakes in your <input> tags, You must use <input name=""> not <input id=""> or something else. Hope it can help you out
You are try to get value from post is wrong. You should use at this way
$_POST['array value'];
i am looking at building my first real class, i've played around with bits and bobs but its time to try it for real :)
what i am trying to do is have a form class which handles all my form submissions, checks the data entered and returns with either an error message or success message.
so here one of my forms, (i have 5 of these on 1 page)
<form action="include/mform.php" method="post" name="business_listing">
<input name="biz_name" type="text" value="Business or Place Name" />
<select name="biz_department">
<option value="">Business Sector</option>
<?php
$query = $user->database->query("SELECT * FROM tbl_sectors");
while($row=$user->database->fetchArray($query))
{
$id = $row['sectorID'];
$dept = $row['sectorName'];
echo "<option value='$id'>$dept</option>";
}?>
</select>
<input name="biz_address1" type="text" value="Street Name" />
<select name="job_location">
<option value="">Location</option>
<?php
$query = $user->database->query("SELECT * FROM tbl_places");
while($row=$user->database->fetchArray($query))
{
$id = $row['placeID'];
$dept = $row['placeName'];
echo "<option value='$id'>$dept</option>";
}?>
</select>
<input name="biz_phone" type="text" value="Contact Number" />
<input name="businessSubmit" type="submit" value="Submit" />
</form>
</div>
each of the form's action is set to include/mform.php which contains my class. within the class one of the first things it does is check to see which form was submitted and the idea is then to check the data that has been submitted and do whats necessary with it
my problem is that once my class knows which form was submitted what would be the best way to check the submitted data? should i create varibles within the function to get all the post data and take it from there or should i pass those in the actual function as parameters? , or does it matter?
here is my current class file which is a little bare atm
class Mform
{
private $values = array(); //Holds submitted form field values
private $errors = array(); //Holds submitted form error messages
private $num_errors; //The number of errors in submitted form
public function __construct()
{
if(isset($_POST['businessSubmit']))
{
$this->chkBusiness();
}
if(isset($_POST['jobSubmit']))
{
$this->chkJob();
}
if(isset($_POST['accommodationSubmit']))
{
$this->chkAccommodation();
}
if(isset($_POST['tradeSubmit']))
{
$this->chkTrade();
}
if(isset($_POST['eventSubmit']))
{
$this->chkEvent();
}
}
public function chkBusiness()
{
$field = "business";
}
public function chkJob()
{
return "job";
}
public function chkAccommodation()
{
return "accommodation";
}
public function chkTrade()
{
return "trade";
}
public function chkEvent()
{
return "event";
}
/**
* setValue - Records the value typed into the given
* form field by the user.
*/
public function setValue($field, $value)
{
$this->values[$field] = $value;
}
/**
* setError - Records new form error given the form
* field name and the error message attached to it.
*/
public function setError($field, $errmsg)
{
$this->errors[$field] = $errmsg;
$this->num_errors = count($this->errors);
}
/**
* value - Returns the value attached to the given
* field, if none exists, the empty string is returned.
*/
public function value($field)
{
if(array_key_exists($field,$this->values))
{
return htmlspecialchars(stripslashes($this->values[$field]));
}
else
{
return "";
}
}
/**
* error - Returns the error message attached to the
* given field, if none exists, the empty string is returned.
*/
public function error($field)
{
if(array_key_exists($field,$this->errors))
{
return "<font size=\"2\" color=\"#ff0000\">".$this->errors[$field]."</font>";
}
else
{
return "";
}
}
/* getErrorArray - Returns the array of error messages */
public function getErrorArray()
{
return $this->errors;
}
}
/* Initialize mform */
$mform = new Mform();
most of the individual functions just have return "word" as placeholder so i dont forget to do that function at a later date.
this is what i was thinking of doing for each of the individual form functions
public function chkBusiness()
{
$field = "business";
$name = $_POST['biz_name'];// all need to be sanitized!!
$dept = $_POST['biz_dept'];
$address = $_POST['biz_address'];
$location = $_POST['biz_location'];
$phone = $_POST['biz_phone'];
//start checking the input
if(!$name || strlen($name = trim($name)) == 0)
{
$this->mform->setError($field, "* Name not entered");
}
...
...
}
any help would be appreciated
Luke
I generate a class for every table in my database; life is too short to actually write that functionality for every database table!
Each field has it's own object containing it's value, type, maxlength etc. and the fields are also added to an array so I can do really cool things with them.
Each of the table classes extend a much bigger class that allows me to insert, update, delete and display as tables and forms... I can override any functions that are non-standard although that is very rare.
The performance overhead is about 0.001ms for iterating through about 25000 good sized records.
As an example, my code to produce a datatable of document records looks like this:
//Create object
$objDocument = new cls__CMS_Document();
//Set the fields you want to display in the datatable
$objDocument->objID->Active(true);
$objDocument->objDocument_Name->Active(true);
$objDocument->objAuthorID->Active(true);
$objDocument->objVersion->Active(true);
$objDocument->objDate_Created->Active(true);
$objDocument->objDate_Last_Edited->Active(true);
//Include a hyperlink from the ID field
$objDocument->objID->HyperLink('/drilldown.php');
$objDocument->objID->Post(true);
//Pass a field through a formatting function
$objDocument->objAuthorID->OutputFunction('getAuthorFromID');
$result .= $objDocument->displayTable($sqlConditions);
unset ($objDocument);
The best bit: every step of the way, the auto-complete works:) So you type $objDocument-> and all the methods and properties pop up including all the field objects so you never misspell them.
If I get enough interest (votes), I'll make the whole thing available on the net.
That should be food for thought though when making your own.
Array values in form are always a problem for form validation in CI. Now I've to input multiple values and those array values are to be stored in DB. Now the user can keep some fields blanks by mistake as shown below in the links:
Input values.
Values in the array on submission.
I used this tutorial to add input boxes on + button click. On submission the blank values will be truncated and then not null array values will added to database. I tried this using a sample program in native PHP but could not implement it in CI.
I used the following code in native PHP to insert values in DB truncating null values:
<?php
include 'sql_connect.php';
$str = array();
for($i=0;$i<count($_POST["txtSiteName"]);$i++)
{
$str[] = $_POST["txtSiteName"][$i];
}
$str = array_filter($str, function($item) {if(!is_null($item)) return $item;});
foreach($str as $loop_str)
{
$arr_str[] = $loop_str;
}
for($k = 0; $k<count($arr_str);$k++)
{
mysql_query("INSERT INTO sitename (name) VALUES ('".$arr_str[$k]."')") or die(mysql_error());
}
print_r($arr_str);
?>
How can I achieve this in CI ?
I tried to use callback function but the array value is not being passed to the callback function.
EDIT:
The below code shows my callback function :
On entering 3 urls it is called 3 times. Is that normal ?
Also my array_walk's callback function is not working. Calling a callback function inside another callback function is not possible ?
public function null_check()
{
$urls = $this->input->post('link_name');
array_walk($urls, 'prepurl');
var_dump($urls);
}
prepurl function:
public function prepurl($item, $key)
{
$item = "http://".$item;
}
Your question is not clear to me but since you mentioned to validate multiple text boxes. So if your text boxes are something like this
<input type="text" name="txtSiteName[]" />
<input type="text" name="txtSiteName[]" />
then simply you can use
$this->form_validation->set_rules('txtSiteName[]', 'Site Name', 'required|xss_clean');
to validate all the text boxes against null or empty.
Update (TO pass an argument in to the callback)
$this->form_validation->set_rules('txtSiteName[]', 'Site Name', 'callback_sitename_check[' . $this->input->post('txtSiteName') . ']');
function sitename_check($str, $sitenames) {
// $sitenames will be your textboxe's array
}
The first argument is used by CodeIgniter by default so second argument is your parameter. Also take a look at insert_batch() to insert multiple records.
Also you can do this like
$this->form_validation->set_rules('txtSiteName[]', 'Site Name', 'callback_sitename_check');
function sitename_check() {
$sitenames = $this->input->post('txtSiteName');
}
Update: (For array_walk)
array_walk($urls, array($this, 'prepurl'));
Here is a simple process of doing it
Set message like this
$this->form_validation->set_rules('txtSiteName[]', 'Site Name', 'required|xss_clean|callback_check_array');
Here is callback
function check_array()
{
$txtSiteName = $this->input->post('txtSiteName');
$error = 0;
foreach($txtSiteName as $key => $value)
{
if(!empty($value)){
$error = $error + 1;
}
}
if($error == 0){
return TRUE;
}else{
$this->form_validation->set_message('check_array', 'All fields are empty. Please provide at leaset 1');
return FALSE;
}
}
When validation is successfull run this code or modify according to your requirements
if ($this->form_validation->run() == FALSE)
{
$this->load->view('myform');
}
else
{
$txtSiteName = $this->input->post('txtSiteName');
foreach($txtSiteName as $key => $value)
{
if(!empty($value)){
$data['name'] = $value;
$this->mymodel->insert($data);
}
}
}
Model Method
function insert($data)
{
$this-db->insert('table_name',$data);
}
I'm trying to send POST values to the controller and then pass it to the model in PHP but I'm not sure how to go about doing this.
This part of the controller is to see if the user requests for a view like ?action=game. This works.
But I'm trying to modify it to allow $_POST to be sent to it and then to the model.
function __construct()
{
if(isset($_GET['action']) && $_GET['action']!="" )
{
$url_view = str_replace("action/","",$_GET['action']);
if(file_exists("views/" . $url_view . ".php" ))
{
$viewname = $url_view;
$this->get_view($viewname . ".php");
}
else
{
$this->get_view('error.php');
}
}
else
{
$this->get_view('home.php');
}
}
Here's what I got. In the registration form page, the action of the form is ?process=register but it doesn't work.
if(isset($_POST['process']) == 'register)
{
$this->get_view('register.php')
}
Get_view function determines what model to bind with the view
function get_view($view_name)
{
$method_name = str_replace(".php","",$view_name);
if(method_exists($this->model,$method_name))
{
$data = $this->model->$method_name();
} else {
$data = $this->model->no_model();
}
$this->load->view($view_name,$data);
}
Since the action of your form is ?process=register, then process is still in the $_GET superglobal. What you can do to make it use post is add a hidden input field containing process.
With this:
<form method="post" action="script.php?process=register">
The form is POST'ed to script.php?process=register so you have $_GET['process'], not $_POST['process'].
Try this instead:
<form method="post" action="script.php">
<input type="hidden" name="process" action="register" />
To have $_POST['process']. Alternatively, you could keep the "process" in the GET and switch your if statement to check $_GET instead of $_POST.