php-general Digest 5 Jul 2010 11:36:50 -0000 Issue 6831
Topics (messages 306683 through 306686):
Re: form validation and error display
306683 by: Ashley Sheridan
Re: HTML in emails
306684 by: Paul M Foster
306685 by: Ashley Sheridan
Re: Delegating variable-length argument lists
306686 by: Jakob Günther
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On Sun, 2010-07-04 at 18:23 -0400, David Mehler wrote:
> Hello everyone,
> Thanks for your suggestions.
> For my variable in the value area of the text input field I enter
>
> value="<?php echo $name"; ?>
>
> Prior to this I assign the variable $name to:
>
> $name = stripslashes($_POST['name']);
>
> I hope this is correct.
> Sticky forms sounds exactly what i'm looking for. I've changed my
> action attribute to
>
> <?php echo $_SERVER['PHP_SELF']; ?>
>
> The first thing I do once the page is loaded is check whether or not
> submit is set, if it is not I display the form, which is in a function
> call. If submit is set I want to begtin validation, so i'm deciding to
> merge my two files in to one, I like this better. My question is say
> for example the name text field is not filled out but all the other
> required fields are how do I get the form to redisplay itself? I was
> thinking a location redirect, but this doesn't sound right.
> Thanks.
> Dave.
>
>
> On 7/4/10, Paul M Foster <[email protected]> wrote:
> > On Sun, Jul 04, 2010 at 01:57:01PM -0400, David Mehler wrote:
> >
> >> Hello,
> >> I've got a form with several required fields of different types. I
> >> want to have the php script process it only when all the required
> >> fields are present, and to redisplay the form with filled in values on
> >> failure so the user won't have to fill out the whole thing again.
> >> One of my required fields is a text input field called name. If it's
> >> not filled out the form displayed will show this:
> >>
> >> <input type="text" name="name" id="name" size="50" value="<?php
> >> echo($name); ?>" /> <br />
> >>
> >> Note, I've got $_POST* variable processing before this so am assigning
> >> that processing to short variables.
> >> If that field is filled out, but another required one is not that form
> >> field will fill in the value entered for the name field.
> >> This is working for my text input fields, but not for either select
> >> boxes or textareas. Here's the textarea also a required field:
> >>
> >> <textarea name="description" id="description" cols="50" rows="10"
> >> value="<?php echo($description); ?>"></textarea>
> >
> > Textarea fields don't work this way. To display the prior value, you
> > have to do this:
> >
> > <textarea name="description><?php echo $description; ?></textarea>
> >
> >>
> >> What this does, if a user fills out this field, but misses another, it
> >> should echo the value of what was originally submitted. It is not
> >> doing this. Same for my select boxes, here's one:
> >>
> >> <select name="type" id="type" value="<?php echo($type); ?>">
> >> <option value="0" selected="selected">-- select type --</option>
> >> <option value="meeting"> - Meeting - </option>
> >> <option value="event"> - Event - </option>
> >> </select>
> >
> > The "value" attribute of a select field won't do this for you. You have
> > to actually set up each option with an either/or choice, like this:
> >
> > <option value="0" <?php if ($type == 'meeting') echo 'selected="selected"';
> > ?>> - Meeting - </option>
> >
> > Since doing this is pretty tedious, I use a function here instead:
> >
> > function set_selected($fieldname, $value)
> > {
> > if ($_POST[$fieldname] == $value)
> > echo 'selected="selected"';
> > }
> >
> > And then
> >
> > <option value="meeting" <?php set_selected('type', 'meeting');
> > ?>>Meeting</option>
> >
> > HTH,
> >
> > Paul
> >
> > --
> > Paul M. Foster
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
$_SERVER['PHP_SELF'] is not to be trusted, and shouldn't be used as the
action of a form like this.
http://www.mc2design.com/blog/php_self-safe-alternatives explains it all
better than I can here, so it's worth a read, but it does list safe
alternatives.
One thing I do when creating sticky select lists is this:
$colours = array('red', 'green', 'blue', 'yellow', 'pink');
echo '<select name="colour">';
for($i=0; $i<count($colours); $i++)
{
$selected = (isset($_POST['colour']) && $_POST['colour'] ==
$i)?'selected="selected"':'';
echo "<option value=\"$i\" $selected>{$colours[$i]}</option>";
}
echo '</select>';
Basically, this uses PHP to not only output the list from an array
(which itself can be populated from a database maybe) and select the
right option if it exists in the $_POST array and matches the current
option in the loop that's being output.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Sun, Jul 04, 2010 at 11:44:29PM +0100, Ashley Sheridan wrote:
<snip>
>
> It is nice to be able to format emails nicely, but you have to realise
> when to restrain yourself. I've been getting loads of emails from Adobe
> lately that haven't been formatted well at all, and appear awfully in my
> email client (Evolution, which I consider to be a very good client) until
> I download all the images they've used as backgrounds. It's situations
> like this that give HTML emails an awful name.
Isn't this a popular exploit these days? I don't really watch these
things since I use Linux and view mail as straight text. But isn't there
some current exploit where images which can be downloaded as part of an
email actually contain code which can be used to sniff your system or
somesuch?
Paul
--
Paul M. Foster
--- End Message ---
--- Begin Message ---
On Sun, 2010-07-04 at 23:12 -0400, Paul M Foster wrote:
> On Sun, Jul 04, 2010 at 11:44:29PM +0100, Ashley Sheridan wrote:
>
>
> <snip>
>
> >
> > It is nice to be able to format emails nicely, but you have to realise
> > when to restrain yourself. I've been getting loads of emails from Adobe
> > lately that haven't been formatted well at all, and appear awfully in my
> > email client (Evolution, which I consider to be a very good client) until
> > I download all the images they've used as backgrounds. It's situations
> > like this that give HTML emails an awful name.
>
> Isn't this a popular exploit these days? I don't really watch these
> things since I use Linux and view mail as straight text. But isn't there
> some current exploit where images which can be downloaded as part of an
> email actually contain code which can be used to sniff your system or
> somesuch?
>
> Paul
>
> --
> Paul M. Foster
>
Probably if you're using Outlook I'd imagine so. I think the primary use
of images in an email is to track who has read it, as you can reference
an image like http://www.somedomain.com/image.php?id=123456 . That's why
I have them turned off by default, and hence why Adobes mails always
look awful.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Am 02.07.2010 19:34, schrieb Adam Richardson:
> On Fri, Jul 2, 2010 at 11:49 AM, Jakob Günther <[email protected]
> <mailto:[email protected]>> wrote:
>
>
> I did not find a solution, so i tried passing a array with references.
>
> $arr = array(&$a, &$b);
> bind_param("ii", $arr);
>
> function bind_param($types, $arr){
> array_unshift($arr, $types);
> call_user_func_array (array ($stmt, 'bind_param'), $arr);
> }
>
> This worked in a test-case in one file. But if i call the
> bind-param-method
> from another class it did not work. Do you have any suggestions on
> this?
>
>
> Am 02.07.2010 17:25, schrieb Jakob Günther:
> > Hi,
> >
> > i'm writing a custom wrapper for the mysqli_stmt class. I have to
> > override the method mysqli_stmt::bind_param. This function uses
> > "variable-length argument lists". In my function i want to
> delegate its
> > arguments to the original function.
> >
> > My first naiv implementation was that:
> >
> > function bind_param($types) {
> > $sParams=array();
> > $first=true;
> > for($i=1; i < func_num_args(); $i++) {
> > $sParams[] = func_get_arg($i);
> > }
> >
> > array_unshift ($sParams ,$types);
> > call_user_func_array (array ($this->mysqli_stmt,
> 'bind_param'),
> > $sParams);
> > }
> >
> > But this is not working, because I need to pass it by reference. Is
> > there a way to retrieve references to a variable number of
> arguments?
> >
> > Thx, Jakob
> >
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
> Hi Jakob,
>
> Try looking at this page:
> http://www.php.net/manual/en/mysqli-stmt.bind-param.php
>
> Specifically, search for a comment by 'gregg at mochabomb dot com', in
> which Gregg presents a simple wrapper class and deals with the
> referencing issue the same way you did, by setting array values by
> reference.
>
> I point this out as perhaps seeing the code will give you a clue as to
> why your code had issues in your second test. If you want help
> figuring out what's causing trouble, try posting some of the other
> code (at least the class and instance vars, connection method, and the
> query method(s)) contained within the class.
>
> Adam
>
> --
> Nephtali: PHP web framework that functions beautifully
> http://nephtaliproject.com
Hi Adam,
thanks for your suggestion. It helped me debugging my issue. The
src-code i send was correct, of cause because it worked in the
test-case, but there was a strange behavior with, what i think, the
scope of my connection-wrapping-class. If you're not interested dont
move on reading, because it works for me now. I'm only interested what
the problem realy was.
There has been three classes involved: Mysqli_Wrapper a wrapper-class
for the mysqli-connection, Prepared_Stmt_Wrapper a wrapper class for the
statement and a PhpUnit TestCase, see all classes below. The Testcase
will fail if the new created connection in the setUp-method is not saved
as a attribute. I would really like to know the reason. My guess is
something connected with the scope of variable, but if yes is there
documentation about that?
Thank you very much, Jakob
Connection-wrapping class:
class Mysqli_Wrapper {
var $mysqli;
//...
function __construct() {
$this->mysqli = new mysqli( |DB_HOST, DB_USER, DB_PASSWORD, DB_NAME| );
}
function prepare($sql) {
//...
$stmt = $this->mysqli->prepare($sql);
//...
return new Prepared_Stmt_Wrapper($stmt);
}
//...
}
Then a Wrapper for the prepared statement:
class Prepared_Stmt_Wrapper {
var $mysqli_stmt;
//...
public function __construct($mysqli_stmt) {
$this->mysqli_stmt = $mysqli_stmt;
}
public function bind_param($types, $arr) {
array_unshift($arr, $types);
call_user_func_array (array($this->mysqli_stmt,'bind_param'),$arr);
}
public function execute() {
$this->mysqli_stmt->execute();
}
public function store_result() {
$this->mysqli_stmt->store_result();
}
public function num_rows() {
return $this->mysqli_stmt->num_rows();
}
//...
}
And now the not-working test-case with the working code commented out.
class Prepared_Statement_Test extends PHPUnit_Framework_TestCase {
protected $stmt;
// protected $db;
protected function setUp() {
// $this->db = new Mysqli_Wrapper();
// $this->stmt = $this->db->prepare("Select * from users where
user_id_1=? and user_id_2=?");
$db = new Mysqli_Wrapper();
$this->stmt = $db->prepare("Select * from users where
user_id_1=? and user_id_2=?");
}
protected function tearDown() {
// $this->db->close();
}
public function testBind_param() {
$a = -1;
$b = -1;
$this->stmt->bind_param('ii', array(&$a, &$b));
$a = 80000;
$b = 1;
$this->stmt->execute();
$this->stmt->store_result();
printf("Number of rows: %d.\n",$this->stmt->num_rows());
$this->assertEquals(1,$this->stmt->num_rows());
}
//...
}
--- End Message ---
