Welcome! Log In Create A New Profile

Advanced

[PHP] Tutorial on Re-filling form data?

Posted by leam hall 
leam hall
[PHP] Tutorial on Re-filling form data?
June 22, 2017 08:20PM
Using PHP 5 and not OOP savvy.

I have a form that gives the user options. On submit it calls itself
and if the $_POST variable is set produces the result of the form
choices. However, it currently resets all the form options to default
values.

Is there a tutorial somewhere on how to keep the existing form choices
in place, unless the user changes the selection and resubmits?

Thanks!

Leam

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Aziz Saleh
Re: [PHP] Tutorial on Re-filling form data?
June 23, 2017 01:10AM
On Thu, Jun 22, 2017 at 2:15 PM, leam hall <[email protected]> wrote:

> Using PHP 5 and not OOP savvy.
>
> I have a form that gives the user options. On submit it calls itself
> and if the $_POST variable is set produces the result of the form
> choices. However, it currently resets all the form options to default
> values.
>
> Is there a tutorial somewhere on how to keep the existing form choices
> in place, unless the user changes the selection and resubmits?
>
> Thanks!
>
> Leam
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
You just want the ability to have the inputs pre-selected based on user
input? Shouldn't be hard by doing the same thing you did for the actual
form submit for each input.

Ex:
<input type="text" id="username" name="username" value="<?php echo
(isset($_POST['username']) ? $_POST['username'] : '';?>" />

You would do the same with radio/check/select, but in a different manner of
course.

Ps: Your email went to spam, thus the late reply.
AshleySheridan
Re: [PHP] Tutorial on Re-filling form data?
June 23, 2017 04:10AM
On Thu, 2017-06-22 at 19:07 -0400, Aziz Saleh wrote:
> On Thu, Jun 22, 2017 at 2:15 PM, leam hall <[email protected]>
> wrote:
>
> >
> > Using PHP 5 and not OOP savvy.
> >
> > I have a form that gives the user options. On submit it calls
> > itself
> > and if the $_POST variable is set produces the result of the form
> > choices. However, it currently resets all the form options to
> > default
> > values.
> >
> > Is there a tutorial somewhere on how to keep the existing form
> > choices
> > in place, unless the user changes the selection and resubmits?
> >
> > Thanks!
> >
> > Leam
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> You just want the ability to have the inputs pre-selected based on
> user
> input? Shouldn't be hard by doing the same thing you did for the
> actual
> form submit for each input.
>
> Ex:
> <input type="text" id="username" name="username" value="<?php echo
> (isset($_POST['username']) ? $_POST['username'] : '';?>" />
>
> You would do the same with radio/check/select, but in a different
> manner of
> course.
>
> Ps: Your email went to spam, thus the late reply.

And now you've just introduced an XSS vulnerability into your
application. Never, ever, ever trust user input; that includes all form
data, cookies, uploads, and even the URL they request. All it takes is
one user out of a million to be a dick, and you've got a day of
headache and problems to fix, if you're lucky. If you want to use user
input in your output, then escape it before outputting it.

This goes for all your form fields, select lists are not immune from
tampered values.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Jeffry Killen
Re: [PHP] Tutorial on Re-filling form data?
June 23, 2017 06:10AM
> On Jun 22, 2017, at 6:58 PM, AshleySheridan <[email protected]> wrote:
>
> On Thu, 2017-06-22 at 19:07 -0400, Aziz Saleh wrote:
>> On Thu, Jun 22, 2017 at 2:15 PM, leam hall <[email protected]>
>> wrote:
>>
>>>
>>> Using PHP 5 and not OOP savvy.
>>>
>>> I have a form that gives the user options. On submit it calls
>>> itself
>>> and if the $_POST variable is set produces the result of the form
>>> choices. However, it currently resets all the form options to
>>> default
>>> values.
>>>
>>> Is there a tutorial somewhere on how to keep the existing form
>>> choices
>>> in place, unless the user changes the selection and resubmits?
>>>
>>> Thanks!
>>>
>>> Leam
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>> You just want the ability to have the inputs pre-selected based on
>> user
>> input? Shouldn't be hard by doing the same thing you did for the
>> actual
>> form submit for each input.
>>
>> Ex:
>> <input type="text" id="username" name="username" value="<?php echo
>> (isset($_POST['username']) ? $_POST['username'] : '';?>" />
>>
>> You would do the same with radio/check/select, but in a different
>> manner of
>> course.
>>
>> Ps: Your email went to spam, thus the late reply.
>
> And now you've just introduced an XSS vulnerability into your
> application. Never, ever, ever trust user input; that includes all form
> data, cookies, uploads, and even the URL they request. All it takes is
> one user out of a million to be a dick, and you've got a day of
> headache and problems to fix, if you're lucky. If you want to use user
> input in your output, then escape it before outputting it.
>
> This goes for all your form fields, select lists are not immune from
> tampered values.
>

I would use various input screening techniques before printing the user input back to the
page, or setting any form element to the value submitted by user.
The common way is to use regular expressions to screen for hazardous characters in the input.

Hazardous characters are any character that is not what would be expected from legitimate
input. But there are also character sequences that could be hazardous.

You can go a long way by inspecting the source of the form input. If it is not the url of the
form itself, it is probably a bogus submission

Have your code look at $_SERVER['HTTP_REFERER']. It should be the valid url of the
form itself. Reject any that aren't, AND reject any case where there is no $_SERVER['HTTP_REFERER']
value for the submission available.

JK


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Kevin Waterson
Re: [PHP] Tutorial on Re-filling form data?
June 23, 2017 07:20AM
https://www.phpro.org/tutorials/Validating-User-Input.html

On Fri, Jun 23, 2017 at 2:03 PM, Jeffry Killen <[email protected]> wrote:

>
> > On Jun 22, 2017, at 6:58 PM, AshleySheridan <[email protected]>
> wrote:
> >
> > On Thu, 2017-06-22 at 19:07 -0400, Aziz Saleh wrote:
> >> On Thu, Jun 22, 2017 at 2:15 PM, leam hall <[email protected]>
> >> wrote:
> >>
> >>>
> >>> Using PHP 5 and not OOP savvy.
> >>>
> >>> I have a form that gives the user options. On submit it calls
> >>> itself
> >>> and if the $_POST variable is set produces the result of the form
> >>> choices. However, it currently resets all the form options to
> >>> default
> >>> values.
> >>>
> >>> Is there a tutorial somewhere on how to keep the existing form
> >>> choices
> >>> in place, unless the user changes the selection and resubmits?
> >>>
> >>> Thanks!
> >>>
> >>> Leam
> >>>
> >>> --
> >>> PHP General Mailing List (http://www.php.net/)
> >>> To unsubscribe, visit: http://www.php.net/unsub.php
> >>>
> >>>
> >> You just want the ability to have the inputs pre-selected based on
> >> user
> >> input? Shouldn't be hard by doing the same thing you did for the
> >> actual
> >> form submit for each input.
> >>
> >> Ex:
> >> <input type="text" id="username" name="username" value="<?php echo
> >> (isset($_POST['username']) ? $_POST['username'] : '';?>" />
> >>
> >> You would do the same with radio/check/select, but in a different
> >> manner of
> >> course.
> >>
> >> Ps: Your email went to spam, thus the late reply.
> >
> > And now you've just introduced an XSS vulnerability into your
> > application. Never, ever, ever trust user input; that includes all form
> > data, cookies, uploads, and even the URL they request. All it takes is
> > one user out of a million to be a dick, and you've got a day of
> > headache and problems to fix, if you're lucky. If you want to use user
> > input in your output, then escape it before outputting it.
> >
> > This goes for all your form fields, select lists are not immune from
> > tampered values.
> >
>
> I would use various input screening techniques before printing the user
> input back to the
> page, or setting any form element to the value submitted by user.
> The common way is to use regular expressions to screen for hazardous
> characters in the input.
>
> Hazardous characters are any character that is not what would be expected
> from legitimate
> input. But there are also character sequences that could be hazardous.
>
> You can go a long way by inspecting the source of the form input. If it is
> not the url of the
> form itself, it is probably a bogus submission
>
> Have your code look at $_SERVER['HTTP_REFERER']. It should be the valid
> url of the
> form itself. Reject any that aren't, AND reject any case where there is
> no $_SERVER['HTTP_REFERER']
> value for the submission available.
>
> JK
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Aziz Saleh
Re: [PHP] Tutorial on Re-filling form data?
June 23, 2017 10:20AM
On Thu, Jun 22, 2017 at 9:58 PM, AshleySheridan <[email protected]>
wrote:

> On Thu, 2017-06-22 at 19:07 -0400, Aziz Saleh wrote:
> > On Thu, Jun 22, 2017 at 2:15 PM, leam hall <[email protected]>
> > wrote:
> >
> > >
> > > Using PHP 5 and not OOP savvy.
> > >
> > > I have a form that gives the user options. On submit it calls
> > > itself
> > > and if the $_POST variable is set produces the result of the form
> > > choices. However, it currently resets all the form options to
> > > default
> > > values.
> > >
> > > Is there a tutorial somewhere on how to keep the existing form
> > > choices
> > > in place, unless the user changes the selection and resubmits?
> > >
> > > Thanks!
> > >
> > > Leam
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> > You just want the ability to have the inputs pre-selected based on
> > user
> > input? Shouldn't be hard by doing the same thing you did for the
> > actual
> > form submit for each input.
> >
> > Ex:
> > <input type="text" id="username" name="username" value="<?php echo
> > (isset($_POST['username']) ? $_POST['username'] : '';?>" />
> >
> > You would do the same with radio/check/select, but in a different
> > manner of
> > course.
> >
> > Ps: Your email went to spam, thus the late reply.
>
> And now you've just introduced an XSS vulnerability into your
> application. Never, ever, ever trust user input; that includes all form
> data, cookies, uploads, and even the URL they request. All it takes is
> one user out of a million to be a dick, and you've got a day of
> headache and problems to fix, if you're lucky. If you want to use user
> input in your output, then escape it before outputting it.
>
> This goes for all your form fields, select lists are not immune from
> tampered values.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Thanks! My bad for missing that.
Ashley Sheridan
Re: [PHP] Tutorial on Re-filling form data?
June 23, 2017 11:10AM
On 23 June 2017 05:03:09 BST, Jeffry Killen <[email protected]> wrote:
>
>> On Jun 22, 2017, at 6:58 PM, AshleySheridan
><[email protected]> wrote:
>>
>> On Thu, 2017-06-22 at 19:07 -0400, Aziz Saleh wrote:
>>> On Thu, Jun 22, 2017 at 2:15 PM, leam hall <[email protected]>
>>> wrote:
>>>
>>>>
>>>> Using PHP 5 and not OOP savvy.
>>>>
>>>> I have a form that gives the user options. On submit it calls
>>>> itself
>>>> and if the $_POST variable is set produces the result of the form
>>>> choices. However, it currently resets all the form options to
>>>> default
>>>> values.
>>>>
>>>> Is there a tutorial somewhere on how to keep the existing form
>>>> choices
>>>> in place, unless the user changes the selection and resubmits?
>>>>
>>>> Thanks!
>>>>
>>>> Leam
>>>>
>>>> --
>>>> PHP General Mailing List (http://www.php.net/)
>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>
>>>>
>>> You just want the ability to have the inputs pre-selected based on
>>> user
>>> input? Shouldn't be hard by doing the same thing you did for the
>>> actual
>>> form submit for each input.
>>>
>>> Ex:
>>> <input type="text" id="username" name="username" value="<?php echo
>>> (isset($_POST['username']) ? $_POST['username'] : '';?>" />
>>>
>>> You would do the same with radio/check/select, but in a different
>>> manner of
>>> course.
>>>
>>> Ps: Your email went to spam, thus the late reply.
>>
>> And now you've just introduced an XSS vulnerability into your
>> application. Never, ever, ever trust user input; that includes all
>form
>> data, cookies, uploads, and even the URL they request. All it takes
>is
>> one user out of a million to be a dick, and you've got a day of
>> headache and problems to fix, if you're lucky. If you want to use
>user
>> input in your output, then escape it before outputting it.
>>
>> This goes for all your form fields, select lists are not immune from
>> tampered values.
>>
>
>I would use various input screening techniques before printing the user
>input back to the
>page, or setting any form element to the value submitted by user.
>The common way is to use regular expressions to screen for hazardous
>characters in the input.
>
>Hazardous characters are any character that is not what would be
>expected from legitimate
>input. But there are also character sequences that could be hazardous.
>
>You can go a long way by inspecting the source of the form input. If it
>is not the url of the
>form itself, it is probably a bogus submission
>
>Have your code look at $_SERVER['HTTP_REFERER']. It should be the valid
>url of the
>form itself. Reject any that aren't, AND reject any case where there
>is no $_SERVER['HTTP_REFERER']
>value for the submission available.
>
>JK
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php

The referrer can be spoofed, it comes from the browser, so it absolutely cannot be trusted.

Also, as Jamie Zawinski once said:

'Some people, when confronted with a problem, think
"I know, I'll use regular expressions." Now they have two problems'

In this case regular expressions are not what you need for outputting user data to the response page, something like

filter_var($content, FILTER_SANITIZE_FULL_SPECIAL_CHARS);

will work as you need.

Thanks,
Ash

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Tedd Sperling
Re: [PHP] Tutorial on Re-filling form data?
June 23, 2017 04:40PM
> On Jun 22, 2017, at 2:15 PM, leam hall <[email protected]> wrote:
>
> Using PHP 5 and not OOP savvy.
>
> I have a form that gives the user options. On submit it calls itself
> and if the $_POST variable is set produces the result of the form
> choices. However, it currently resets all the form options to default
> values.
>
> Is there a tutorial somewhere on how to keep the existing form choices
> in place, unless the user changes the selection and resubmits?
>


Hi:

You may want to review the following link:

http://sperling.com/php/index.php

There’s no OOP, but rather simple form demo’s that show how to make your forms “sticky” with various controls.

Cheers,

tedd
_______________
tedd sperling
tedd.sperling@gmail.com






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
jomali
Re: [PHP] Tutorial on Re-filling form data?
June 23, 2017 05:30PM
You should submit the form data via AJAX, validate the data, then send back
a message indicating acceptance or rejection of the data.

On Thu, Jun 22, 2017 at 2:15 PM, leam hall <[email protected]> wrote:

> Using PHP 5 and not OOP savvy.
>
> I have a form that gives the user options. On submit it calls itself
> and if the $_POST variable is set produces the result of the form
> choices. However, it currently resets all the form options to default
> values.
>
> Is there a tutorial somewhere on how to keep the existing form choices
> in place, unless the user changes the selection and resubmits?
>
> Thanks!
>
> Leam
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Narcis Garcia
Re: [PHP] Tutorial on Re-filling form data?
June 23, 2017 06:10PM
A question about PHP language that can be solved with PHP language, is
better to not be answered talking about another language.


El 23/06/17 a les 17:23, jomali ha escrit:
> You should submit the form data via AJAX, validate the data, then send back
> a message indicating acceptance or rejection of the data.
>
> On Thu, Jun 22, 2017 at 2:15 PM, leam hall <[email protected]> wrote:
>
>> Using PHP 5 and not OOP savvy.
>>
>> I have a form that gives the user options. On submit it calls itself
>> and if the $_POST variable is set produces the result of the form
>> choices. However, it currently resets all the form options to default
>> values.
>>
>> Is there a tutorial somewhere on how to keep the existing form choices
>> in place, unless the user changes the selection and resubmits?
>>
>> Thanks!
>>
>> Leam
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Tedd Sperling
Re: [PHP] Tutorial on Re-filling form data?
June 24, 2017 04:10PM
> On Jun 23, 2017, at 11:59 AM, Narcis Garcia <[email protected]> wrote:
>
> A question about PHP language that can be solved with PHP language, is
> better to not be answered talking about another language.
>
>
> El 23/06/17 a les 17:23, jomali ha escrit:
>> You should submit the form data via AJAX, validate the data, then send back
>> a message indicating acceptance or rejection of the data.
>>

<opinion>

I’m not sure what is “better” or what “should” be done, but I am sure the typical PHP application/solution does not live in a vacuum. At the very least, we need to consider/use HTML and CSS languages to frame/present our solution for the user. Additionally, we might consider “Mobile First” and that requires some form of Javascript (i.e., jQuery, Bootstrap, etc.) — so AJAX is not that far removed from the tool set we could use.

I agree if a PHP solution can be used, it should be considered. But PHP does not solve all problems and as such we “should" consider other avenues. IMO, it is the diversity in our tool-box that makes us good programmers.

</opinion>

Cheers,

tedd
_______________
tedd sperling
tedd.sperling@gmail.com





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Sorry, only registered users may post in this forum.

Click here to login