In normal html, we could have an array field like person[]
<input name="person[]" type="text" />
<input name="person[]" type="text" />
<input name="person[]" type="text" />
As far as I know, Zend_Form doesn't have that. I read another answer that suggested it could be done using a decorator that would add the [] at the right place. This is the code for that specific question
$html = ''; // some code html
$i = 0;
foreach ($element->getMultiOptions() as $value => $label){
$html .= '<input type="checkbox" '
. 'name="'.$element->getName().'[]" '
. 'id="'$element->getName()'-'.$i.'" '
. 'value="'.$value.'" />';
$i++;
}
return $html;
This looks like a good start, but I wonder if using a decorator is enough. The values that get returned back have to be read correctly and delivered to the server, then validated on the server side. So is a decorator the wrong idea? Would a custom element make more sense here? I haven't seen a good example that shows how this can be done.
I think that ZF does not allow for creation of individual input text fields named person[], although you could do it for the whole form or a subform. However, it allows for something similar. Specifically, you could create fields named person[0], person[1], etc.
To do this, you could do the following:
$in1 = $this->createElement('text', '0');
$in2 = $this->createElement('text', '1');
$in1->setBelongsTo('person');
$in2->setBelongsTo('person');
This way you could normally attach your validators, filters, etc. to $in1 or $in2 and they would work as expected. In your action, after form validation, you could get an array of the person's input text fields as:
$values = $yourForm->getValues();
var_dump($values['person']);
Interestingly, the following will NOT work:
$in1 = $this->createElement('text', 'person[0]');
$in2 = $this->createElement('text', 'person[1]');
Hope this will help you.
Related
I've got a search function written in PHP/MySQL which works fine. What I want to happen is that when a user produces a search they can click a button which will submit the $id from the output to a table in my database.
I've copied my code below, the error is within the php echo in the form, it just displays the plain text of the php code.
Everything else works fine, I've tested this by setting value to "" and entering the id myself and then it works. I want it though to be a hidden input in future where the id automatically comes through from the search result. Multiple searches can be returned on the same page and this form is underneath each individual search result.
<?php
$conn = mysqli_connect("localhost","root","","users");
$output = '';
if(isset($_POST['search'])) {
$search = $_POST['search'];
$search = preg_replace("#[^0-9a-z]i#","", $search);
$query = mysqli_query($conn, "SELECT * FROM users WHERE main LIKE '%".$search."%'") or die ("Could not search");
$count = mysqli_num_rows($query);
if($count == 0){
$output = "There was no search results!";
}else{
while ($row = mysqli_fetch_array($query)) {
$id = $row ['id'];
$main = $row ['main'];
$postcode = $row ['postcode'];
$available = $row ['available'];
$email = $row ['email'];
$output .='<div><br><b>Player ID: </b>'.$id.'<br><b>Main:
</b>'.$main.'<br><b>Postcode: </b>'.$postcode.'<br><b>Available:
</b>'.$available.'<br>
<br>
<form action="request_player.php" action="post">
<input type="text" name="id" value="<?php echo $id ?>">
<input type="submit" value="Request Player">
</form>
</div>';
}
}
}
echo $output;
?>
<br> Back to your account
The issue Jay Blanchard highlighted and which you took a bit lightly - perhaps b/c you fear the distraction from your current problem - is actually pretty related to the issue you highlight in your question.
This btw. is nothing uncommon. In this little script you deal with at three languages: HTML, SQL and PHP. And all these are intermixed. It can happen that things jumble.
There are methods to prevent these little mistakes. What Jay highlighted was about how to encode a SQL query correctly.
The other problem is to encode a HTML string correctly. Let me highlight the part:
$output = '... <input type="text" name="id" value="<?php echo $id ?>"> ...';
In this PHP string you write "<?php echo $id ?>" verbatim, that means, this will echo'ed out then.
What you most likely meant was to write it this way:
$output = '... <input type="text" name="id" value="' . $id . '"> ...';
So this seems easy to fix. However, it's important that whether it is SQL or HTML, you need to properly encode the values if you want to use them as SQL or HTML. In the HTML case, you must ensure that the ID is properly encoded as a HTML attribute value. In PHP there is a handy function for that:
$output = '... <input type="text" name="id" value="' . htmlspecialchars($id) . '"> ...';
Or as the ID is numeric:
$output = '... <input type="text" name="id" value="' . intval($id) . '"> ...';
works similarly well.
You need to treat all user-data, that is all input - which includes what you get back from the database (!) - needs to be treated when you pass it into a different language, be it HTML, SQL or Javascript.
For the SQL Jay has linked you a good resource, for the HTML I don't have a good one at hand but it requires your own thoughtfulness and the will to learn about what you do (write) there. So sharpen your senses and imagine for each operation what happens there and how this all belongs together.
One way to keep things more apart and therefore help to concentrate on the job is to first collect all the data you want to output and then process these variables in a template for the output. That would prevent you to create large strings only to echo them later. PHP echoes automatically and a benefit of PHP is that you can use it easily for templating.
Another way is to first process the form input - again into your own variable structure - which is the programs input part and run first. Then follows the processing of the input data, in your case running and processing the database query. And after that you care about the presentation. That way you have common steps you can become more fluent in.
I hope this is understandable. It's full of further obstacles, but it pays to divide and conquer these programming problems. It will also help you to write more while you need to write less for that.
And btw., you don't need to switch to PDO, you can stick with Mysqli.
The reason it is happening is because you have put <?php echo $id ?> inside a string. You want to do the same thing you did elsewhere in your example: value="' . $id . '" It can quickly get confusing when you have single and double quotes happening together. You might be best off learning how to use PHPs multiline strings.
Also, <?= $id ?> is a useful shorthand for <?php echo $id ?> (although you don't want to use either here)
I try to run a form in Modx Revo that the form action="" then runs a PHP snippet which inserts the input name="" into a url, that page is then parsed and inserted into the db and results are to be displayed on the same page as the form. My problem is the form is either not reading the input or the script isn't running.
My form is as follows:
<form action="[[!charAll]]" method="post">Character: <input type="text" name="char" /><br /> Realm: <input type="text" name="realm" /><br /> <input type="submit" /></form>
My script is too long to post here but will give pieces of it for example.
The 'charAll' snippet:
$realm = $_POST["realm"];
$char = $_POST["char"];
$realm = rawurlencode($realm);
#$mstats = file_get_contents("http://us.battle.net/api/wow/character/$realm/$char? fields=statistics,achievements", true);
$pvp = json_decode($mstats, true);
$link = mysqli_connect("127.0.0.1","dbuser","dbpw","dbname") or die("Error " . mysqli_error($link));
$link->set_charset("utf8");
$mname = $link->real_escape_string($pvp['name']);
$mmrealm = $link->real_escape_string($pvp['realm']);
$mclass = $pvp['class'];
$mrace = $pvp['race'];
$mgender = $pvp['gender'];
$mlvl = $pvp['level'];
$mid = $pvp[""];
Has several more queries but for sake of space I will summarize
It then echo's (or returns) the data into a table structure that I would like to have on the same page but wouldn't mind it echo'ing on another. I know Modx Revo will be great once I get the hang of it but atm it is giving me a headache lol, any help would be greatly appreciated and I thank you in advance.
The form action has to be a document, not a snippet.
One method to do this is to use your form document, put action="[[~[[*id]]]]" on your form.
Check for a posted variable, then call your charAll snippet. Then display whatever you need.
This is my checkbox
<input name="interests2" type="checkbox" value="double-deep-racks" />
This is how I am trying to get that value in to a variable
$int = $_POST['interests2'];
Can you please tell me what i am doing wrong. I cant get the values I just get blank.
Try
$int = $_POST['interests2'];
If you are trying to set multiple checkboxes you can do something like,
// Your html
<input type="checkbox" name="interests[]" value="This is i">
<input type="checkbox" name="interests[]" value="Another i value">
// php
$email = "Further Information In: \n";
foreach($_POST['interests'] as $i)
$email .= $i . "\n";
The name of your checkbox is interests2. You must get the value by that name like this:
$int = $_POST['interests2'];
The name element must match what you are looking for. In your input field the name is interests2 but you are looking for interests (missing "2").
Also, you may possibly need to look in $_GET instead of $_POST, depending on the form or the AJAX method you are using (you didn't post that portion of your code).
So I have a form that has 4 inputs, 2 text, 2 hidden. I've grabbed the two text input values from the name, which are (get_me_two, get_me_three) and I've also grabbed the form action which is (get_me.php). What I'm looking to do now is grab the 2 hidden inputs, but not the values. I want to grab the inputs themselves.
E.G: Here's my form:
<form action="get_me.php" method="post">
<input type="text" name="get_me_two">
<input type="text" name="get_me_three">
<input type="hidden" name="meta_required" value="from">
<input type="hidden" name="meta_forward_vars" value="0">
</form>
And what I want to grab from here is the two hidden inputs, Not the values, the complete string.
I'm not sure how to grab these using: PHP Simple HTML DOM Parser, if anybody knows a way that would be great, if not, if there's an alternative that also would be great. Once I've grabbed these I plan on passing the 2 input values to another page with the hidden strings, and of course the form action.
Also, if anybody is interested here's my full code, which includes the simple html dom functionality.
<?php
include("simple_html_dom.php");
// Create DOM from URL or file
$html = file_get_html('form_show.php');
$html->load('
<form action="get_me.php" method="post">
<input type="text" name="get_me_two">
<input type="text" name="get_me_three">
<input type="hidden" name="meta_required" value="from">
<input type="hidden" name="meta_forward_vars" value="0">
</form>');
// Get the form action
foreach($html->find('form') as $element)
echo $element->action . '<br>';
// Get the input name
foreach($html->find('input') as $element)
echo $element->name . '<br>';
?>
So, the end result would grab the 3 values, and then the 2 hidden inputs (full strings). Help would be much appreciated as It's driving me a little mad trying to get this done.
I don't use the SimpleDom (I always go whole-hog and use DOMDocument), but couldn't you do something like ->find('input[#type=hidden]')?
If the SimpleDOM doesn't allow that sort of selector, you could simply loop over the ->find('input') results and pick out the hidden ones by comparing the attributes yourself.
If you use DomDocument, you could do the following:
<?php
$hidden_inputs = array();
$dom = new DOMDocument('1.0');
#$dom->loadHTMLFile('form_show.php');
// 1. get all inputs
$nodes = $dom->getElementsByTagName('input');
// 2. loop through elements
foreach($nodes as $node) {
if($node->hasAttributes()) {
foreach($node->attributes as $attribute) {
if($attribute->nodeName == 'type' && $attribute->nodeValue == 'hidden') {
$hidden_inputs[] = $node;
}
}
}
} unset($node);
// 3. loop through hidden inputs and print HTML
foreach($hidden_inputs as $node) {
echo "<pre>" . htmlspecialchars($dom->saveHTML($node)) . "</pre>";
} unset($node);
?>
I can't for the life of me find a form that doesn't email the results that you submit.
I'm looking to find a form that I can have users enter simple data that i can then spit back out at them in different arrangements. If they submit First and Last, I'll spit out, amongst other things, FirstLast#domain.com. I'm willing to scrounge the code manually to do this, but I cant find a simple form that would allow me to do this.
Edit: PHP or similar simple languages. I've never touched .NET before.
Form:
<form action="process.php" method="post">
First: <input type="text" name="first" />
Last: <input type="text" name="last" />
<input type="submit" />
</form>
Next page:
<?php
$first = $_POST['first'];
$last = $_POST['last']
echo $first . "." . $last . "#domain.com";
?>
See http://www.w3schools.com/php/php_forms.asp for more examples and explanation
Regardless of how you get it, always remember to never trust user input.
<?php
$sfirst = htmlentities($_POST['first']);
$slast = htmlentities($_POST['last']);
echo $first . "." . $last . "#domain.com";
?>
Also, running a validator on the final result may be helpful. But please don't write your own email address validator.
What language/platform/environment are you working in?
I guess you might be looking for a hosted script or webform (the way that people will host web-to-mail scripts I suppose) but I doubt there would be one out there that does this.
But if you have a specific framework to work in, e.g. PHP or .net, please update the question and let us know which.
Thing that simple doens't even need server-side support.
<form onsubmit="magic(this);return false">
<p><label>First <input name=first/></label>
<p><label>Last <input name=last/></label>
<input type="submit">
<div id="output"></div>
</form>
<script type="text/javascript">
var output = document.getElementById('output');
function toHTML(text)
{
return text.replace(/</g,'<');
}
function magic(form)
{
output.innerHTML = toHTML(form.first.value + form.last.value) + '#domain.com';
}
</script>
If I get your question right, sounds like this might do what you need..
Note: This PHP code doesn't require any knowledge of the fields in the form that submits to it, it just loops through all of the fields, including multiple-choice fields (like checkboxes), and spits out their values.
<?php
// loop through every form field
while( list( $field, $value ) = each( $_POST )) {
// display values
if( is_array( $value )) {
// if checkbox (or other multiple value fields)
while( list( $arrayField, $arrayValue ) = each( $value ) {
echo "<p>" . $arrayValue . "</p>\n";
}
} else {
echo "<p>" . $value . "</p>\n";
}
}
?>