Re: [PHP] POST action
On 7/29/13 3:02 PM, Paul M Foster wrote: On Mon, Jul 29, 2013 at 11:50:01AM -0500, Larry Garfield wrote: On 7/28/13 9:23 PM, Paul M Foster wrote: On Sun, Jul 28, 2013 at 08:46:06PM -0500, Larry Garfield wrote: [snip] Except as noted above. This is all home-grown, using native PHP functions designed to do these things, and classes I've written. I carefully examine each field when writing the POST-handling code with the idea in mind that no matter what the HTML says, the return value must conform to what *I* think it should be. No MVC framework written by others (though I do conform to MVC paradigm). Paul Then you're not writing your own form tags from the sound of it; you're writing your own Form API. Still an improvements. :-) No, I'm writing the form tags as well. I write the whole thing, soup to nuts. But as I'm writing the back end validation stuff, I realize that what I wrote in the HTML doesn't matter when it comes to hackers and script kiddies. So I use my bless and validation libraries to tackle form responses. That's the point I'm making. I understand what you're saying about using someone else's framework so you can make sure that tested code is being used to ensure against hacking attempts. But your pronouncement was so thunderous that I had to provide the exception. If you hang around here and read a book or two on security, you can write your own code that handles this stuff. Particularly if you have an example like CodeIgniter to use, to see how it's done. (There are times when I *don't* write the HTML. My wife the designer does. But I still go in and modify it to provide the validation bits which she can't do. She uses Dreamweaver, so a lot of the time, she doesn't even know what the raw HTML looks like.) Paul So you're writing your own form tags for each specific time you need a form, or you wrote your own form builder API that is writing the form tags for you? Because if the former, I claim it's insecure. The development process is insecure, so you will screw up sooner or later. You're only human. --Larry Garfield -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST action
On Thu, Aug 01, 2013 at 02:35:04PM -0500, Larry Garfield wrote: [snip] So you're writing your own form tags for each specific time you need a form, or you wrote your own form builder API that is writing the form tags for you? Unless my wife creates the form in Dreamweaver, I write the HTML for the form fields. Even when she does, I add the proper code to validate each field and the form overall, using my field validation class, etc. Because if the former, I claim it's insecure. The development process is insecure, so you will screw up sooner or later. You're only human. A-ha! That's where you're wrong, Matey! For I am SUPER-CODER! Faster than a speeding 300 baud modem! More powerful than a teletype! Able to leap tall procedural functions at a single bound! With my pocket protector and trusty slide rule, I defend the indefensible and champion the cause of spaghetti code! So there! ;-P Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST action
On 13-08-01 05:14 PM, Paul M Foster wrote: On Thu, Aug 01, 2013 at 02:35:04PM -0500, Larry Garfield wrote: [snip] So you're writing your own form tags for each specific time you need a form, or you wrote your own form builder API that is writing the form tags for you? Unless my wife creates the form in Dreamweaver, I write the HTML for the form fields. Even when she does, I add the proper code to validate each field and the form overall, using my field validation class, etc. Because if the former, I claim it's insecure. The development process is insecure, so you will screw up sooner or later. You're only human. A-ha! That's where you're wrong, Matey! For I am SUPER-CODER! Faster than a speeding 300 baud modem! More powerful than a teletype! Able to leap tall procedural functions at a single bound! With my pocket protector and trusty slide rule, I defend the indefensible and champion the cause of spaghetti code! So there! ;-P I often get paid to fix such code... keep up the questionable methodologies ;) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST action
On 7/28/13 9:23 PM, Paul M Foster wrote: On Sun, Jul 28, 2013 at 08:46:06PM -0500, Larry Garfield wrote: On 07/28/2013 12:38 PM, Ashley Sheridan wrote: On Sun, 2013-07-28 at 13:37 -0400, Jim Giner wrote: Never write your own form? I'm guilty - oh, so guilty. What exactly is a 'security hardened' form? - All forms need a valid CSRF token to avoid CSRF attacks. This needs to be matched between the submitted form and server-maintained state. Do all of your forms have that? Every single one? (A GET lookup form like a search box doesn't need it, but anything with POST does, I'd argue.) Yes. I wrote a bless class just for this purpose, which I use on all form pages. - Do you have a select element? Do you have error handling for when someone submits a value for that wasn't one of the option elements? Yes, since I realize that what comes back to me may bear no resemblence to what I coded in HTML. Thus, I always check for allowed SELECT values. - Your text input field has a max length of 20. Does your code return an error when the user enters a string of 100 characters? Yes. Same answer. Putting a max length of 20 in the HTML works okay, but the user could still submit something much longer if they are attempting to hack the page. Thus I always check for max characters on the return. - Are you checking for weird edge-case-y character encoding issues? (Some versions of some browsers can be hacked by sending UTF-7 instead of UTF-8 for certain parts of the request. I don't fully understand that stuff myself, either.) No I don't check for this. - You have a number field (HTML5). Does your PHP code handle someone submitting a string anyway? I don't use HTML5 tags like this, since they are not universally supported. However, I check that numbers look like numbers on return and strings look like strings on return. PHP has built-in functions for this. All this is part of my validation class. - Are you checking all of those correctly every single time you write a form? Except as noted above. This is all home-grown, using native PHP functions designed to do these things, and classes I've written. I carefully examine each field when writing the POST-handling code with the idea in mind that no matter what the HTML says, the return value must conform to what *I* think it should be. No MVC framework written by others (though I do conform to MVC paradigm). Paul Then you're not writing your own form tags from the sound of it; you're writing your own Form API. Still an improvements. :-) Now, let's talk about form accessibility... --Larry Garfield -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST action
On Mon, Jul 29, 2013 at 11:50:01AM -0500, Larry Garfield wrote: On 7/28/13 9:23 PM, Paul M Foster wrote: On Sun, Jul 28, 2013 at 08:46:06PM -0500, Larry Garfield wrote: [snip] Except as noted above. This is all home-grown, using native PHP functions designed to do these things, and classes I've written. I carefully examine each field when writing the POST-handling code with the idea in mind that no matter what the HTML says, the return value must conform to what *I* think it should be. No MVC framework written by others (though I do conform to MVC paradigm). Paul Then you're not writing your own form tags from the sound of it; you're writing your own Form API. Still an improvements. :-) No, I'm writing the form tags as well. I write the whole thing, soup to nuts. But as I'm writing the back end validation stuff, I realize that what I wrote in the HTML doesn't matter when it comes to hackers and script kiddies. So I use my bless and validation libraries to tackle form responses. That's the point I'm making. I understand what you're saying about using someone else's framework so you can make sure that tested code is being used to ensure against hacking attempts. But your pronouncement was so thunderous that I had to provide the exception. If you hang around here and read a book or two on security, you can write your own code that handles this stuff. Particularly if you have an example like CodeIgniter to use, to see how it's done. (There are times when I *don't* write the HTML. My wife the designer does. But I still go in and modify it to provide the validation bits which she can't do. She uses Dreamweaver, so a lot of the time, she doesn't even know what the raw HTML looks like.) Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] POST action
form action=action.php method=post pYour name: input type=text name=name //p pYour age: input type=text name=age //p pinput type=submit //p /formIn the PHP tutorial manual, it says that we can have post action to the form itself just like above coding.I would like to know in the real projects, can we have action to the same PHP file, since that we only need have one filebut not 2 files foe POST request,Your help and information is great appreciated,regards,Iccsi, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST action
On 07/28/2013 12:14 PM, iccsi wrote: form action=action.php method=post pYour name: input type=text name=name //p pYour age: input type=text name=age //p pinput type=submit //p /formIn the PHP tutorial manual, it says that we can have post action to the form itself just like above coding.I would like to know in the real projects, can we have action to the same PHP file, since that we only need have one filebut not 2 files foe POST request,Your help and information is great appreciated,regards,Iccsi, Real projects to all kinds of things. Which is best depends on who you ask. :-) I would argue that there's 3 good approaches, both of which are viable: 1) Define your form abstractly via an API, and have the API detect the presence of POST request and then process the form after it's built. That means you do submit back to the same URL. (Drupal 7 and earlier do this.) 2) Put 2 separate request handlers / controllers at the same path, one for GET and one for POST. So you submit back to the same URL but an entirely different piece of code responds to it. (This requires a good routing system that can differentiate between GET and POST.) 3) Every form is defined as its own object somewhere with a unique ID. All forms post to the same URL but include the form ID. Code at that URL looks up the form object by ID and maps the submitted data to it to know what to do with it. Note that in all 3 cases you're defining a form via an API of some kind. You are not writing form tags yourself. Don't do that. Ever. I promise you that you will have a security hole or six if you do. Use a good form handling API for building forms. That's what good Real projects do. There are a lot out there. Most fullstack frameworks or CMSes have one built in (I know Drupal and Code Ignighter do, although they're quite different), and there are reasonably stand-alone components available in both Symfony2 Components and Zend Framework. Please don't write your own. There are too many good ones (and even more bad ones, of course) already out there that have been security hardened. --Larry Garfield -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST action
On 7/28/2013 1:26 PM, Larry Garfield wrote: On 07/28/2013 12:14 PM, iccsi wrote: form action=action.php method=post pYour name: input type=text name=name //p pYour age: input type=text name=age //p pinput type=submit //p /formIn the PHP tutorial manual, it says that we can have post action to the form itself just like above coding.I would like to know in the real projects, can we have action to the same PHP file, since that we only need have one filebut not 2 files foe POST request,Your help and information is great appreciated,regards,Iccsi, Real projects to all kinds of things. Which is best depends on who you ask. :-) I would argue that there's 3 good approaches, both of which are viable: 1) Define your form abstractly via an API, and have the API detect the presence of POST request and then process the form after it's built. That means you do submit back to the same URL. (Drupal 7 and earlier do this.) 2) Put 2 separate request handlers / controllers at the same path, one for GET and one for POST. So you submit back to the same URL but an entirely different piece of code responds to it. (This requires a good routing system that can differentiate between GET and POST.) 3) Every form is defined as its own object somewhere with a unique ID. All forms post to the same URL but include the form ID. Code at that URL looks up the form object by ID and maps the submitted data to it to know what to do with it. Note that in all 3 cases you're defining a form via an API of some kind. You are not writing form tags yourself. Don't do that. Ever. I promise you that you will have a security hole or six if you do. Use a good form handling API for building forms. That's what good Real projects do. There are a lot out there. Most fullstack frameworks or CMSes have one built in (I know Drupal and Code Ignighter do, although they're quite different), and there are reasonably stand-alone components available in both Symfony2 Components and Zend Framework. Please don't write your own. There are too many good ones (and even more bad ones, of course) already out there that have been security hardened. --Larry Garfield Never write your own form? I'm guilty - oh, so guilty. What exactly is a 'security hardened' form? IN answer to OP - yes you can use a single script to handle your from return. I do that too! I start by recognizing my first time thru and send out a form/page. I process the submit back from that page, doing something based on the label of the submit button that I detect. I may then do some more processing and produce a newer version of the same form/page and repeat. Or I may end it all at that point. Depends on what the overall appl is doing. And now I'll watch and see how much I'm doing wrong. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST action
On Sun, 2013-07-28 at 13:37 -0400, Jim Giner wrote: On 7/28/2013 1:26 PM, Larry Garfield wrote: On 07/28/2013 12:14 PM, iccsi wrote: form action=action.php method=post pYour name: input type=text name=name //p pYour age: input type=text name=age //p pinput type=submit //p /formIn the PHP tutorial manual, it says that we can have post action to the form itself just like above coding.I would like to know in the real projects, can we have action to the same PHP file, since that we only need have one filebut not 2 files foe POST request,Your help and information is great appreciated,regards,Iccsi, Real projects to all kinds of things. Which is best depends on who you ask. :-) I would argue that there's 3 good approaches, both of which are viable: 1) Define your form abstractly via an API, and have the API detect the presence of POST request and then process the form after it's built. That means you do submit back to the same URL. (Drupal 7 and earlier do this.) 2) Put 2 separate request handlers / controllers at the same path, one for GET and one for POST. So you submit back to the same URL but an entirely different piece of code responds to it. (This requires a good routing system that can differentiate between GET and POST.) 3) Every form is defined as its own object somewhere with a unique ID. All forms post to the same URL but include the form ID. Code at that URL looks up the form object by ID and maps the submitted data to it to know what to do with it. Note that in all 3 cases you're defining a form via an API of some kind. You are not writing form tags yourself. Don't do that. Ever. I promise you that you will have a security hole or six if you do. Use a good form handling API for building forms. That's what good Real projects do. There are a lot out there. Most fullstack frameworks or CMSes have one built in (I know Drupal and Code Ignighter do, although they're quite different), and there are reasonably stand-alone components available in both Symfony2 Components and Zend Framework. Please don't write your own. There are too many good ones (and even more bad ones, of course) already out there that have been security hardened. --Larry Garfield Never write your own form? I'm guilty - oh, so guilty. What exactly is a 'security hardened' form? IN answer to OP - yes you can use a single script to handle your from return. I do that too! I start by recognizing my first time thru and send out a form/page. I process the submit back from that page, doing something based on the label of the submit button that I detect. I may then do some more processing and produce a newer version of the same form/page and repeat. Or I may end it all at that point. Depends on what the overall appl is doing. And now I'll watch and see how much I'm doing wrong. I don't think there's anything inherently wrong with writing your own form processing code, as long as you understand what's going on. Many frameworks do make this a lot easier though, but sometimes I find it encourages you to ignore some of the details (like security) because you know the framework handles that stuff. I would say code forms on your own first, as a learning experience, then use frameworks once you know what you're doing. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] POST action
On 7/28/2013 1:38 PM, Ashley Sheridan wrote: On Sun, 2013-07-28 at 13:37 -0400, Jim Giner wrote: On 7/28/2013 1:26 PM, Larry Garfield wrote: On 07/28/2013 12:14 PM, iccsi wrote: form action=action.php method=post pYour name: input type=text name=name //p pYour age: input type=text name=age //p pinput type=submit //p /formIn the PHP tutorial manual, it says that we can have post action to the form itself just like above coding.I would like to know in the real projects, can we have action to the same PHP file, since that we only need have one filebut not 2 files foe POST request,Your help and information is great appreciated,regards,Iccsi, Real projects to all kinds of things. Which is best depends on who you ask. :-) I would argue that there's 3 good approaches, both of which are viable: 1) Define your form abstractly via an API, and have the API detect the presence of POST request and then process the form after it's built. That means you do submit back to the same URL. (Drupal 7 and earlier do this.) 2) Put 2 separate request handlers / controllers at the same path, one for GET and one for POST. So you submit back to the same URL but an entirely different piece of code responds to it. (This requires a good routing system that can differentiate between GET and POST.) 3) Every form is defined as its own object somewhere with a unique ID. All forms post to the same URL but include the form ID. Code at that URL looks up the form object by ID and maps the submitted data to it to know what to do with it. Note that in all 3 cases you're defining a form via an API of some kind. You are not writing form tags yourself. Don't do that. Ever. I promise you that you will have a security hole or six if you do. Use a good form handling API for building forms. That's what good Real projects do. There are a lot out there. Most fullstack frameworks or CMSes have one built in (I know Drupal and Code Ignighter do, although they're quite different), and there are reasonably stand-alone components available in both Symfony2 Components and Zend Framework. Please don't write your own. There are too many good ones (and even more bad ones, of course) already out there that have been security hardened. --Larry Garfield Never write your own form? I'm guilty - oh, so guilty. What exactly is a 'security hardened' form? IN answer to OP - yes you can use a single script to handle your from return. I do that too! I start by recognizing my first time thru and send out a form/page. I process the submit back from that page, doing something based on the label of the submit button that I detect. I may then do some more processing and produce a newer version of the same form/page and repeat. Or I may end it all at that point. Depends on what the overall appl is doing. And now I'll watch and see how much I'm doing wrong. I don't think there's anything inherently wrong with writing your own form processing code, as long as you understand what's going on. Many frameworks do make this a lot easier though, but sometimes I find it encourages you to ignore some of the details (like security) because you know the framework handles that stuff. I would say code forms on your own first, as a learning experience, then use frameworks once you know what you're doing. Thanks, Ash http://www.ashleysheridan.co.uk I dont' know that i'll ever use a framework. Strictly an ex-professional here doing my own website stuff. As you say 'code your own forms first as a learning experience'. Well, once I've coded them (aside: I think you mean 'process', not code) and learned how to do it right, why should I give up that task and pick up a framework?
Re: [PHP] POST action
On 13-07-28 01:14 PM, iccsi wrote: form action=action.php method=post pYour name: input type=text name=name //p pYour age: input type=text name=age //p pinput type=submit //p /formIn the PHP tutorial manual, it says that we can have post action to the form itself just like above coding.I would like to know in the real projects, can we have action to the same PHP file, since that we only need have one filebut not 2 files foe POST request,Your help and information is great appreciated,regards,Iccsi, From my experience, I would suggest that you ALWAYS post back to the same URL. All forms I've seen that post to a different target have issues when validation fails and they suddenly need to go back to the original form-- they tend to implement weird and not so wonderful techniques to get back to that form while preserving the posted data in the session or something. If they try to go back at all... some just say fail and tell you to hit your browser's back button. Leaving the action attribute empty should cause the browser to post back to the same URL without you needing to re-iterate it programmatically in the action attribute. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST action
On 13-07-28 01:51 PM, Jim Giner wrote: On 7/28/2013 1:38 PM, Ashley Sheridan wrote: On Sun, 2013-07-28 at 13:37 -0400, Jim Giner wrote: On 7/28/2013 1:26 PM, Larry Garfield wrote: On 07/28/2013 12:14 PM, iccsi wrote: form action=action.php method=post pYour name: input type=text name=name //p pYour age: input type=text name=age //p pinput type=submit //p /formIn the PHP tutorial manual, it says that we can have post action to the form itself just like above coding.I would like to know in the real projects, can we have action to the same PHP file, since that we only need have one filebut not 2 files foe POST request,Your help and information is great appreciated,regards,Iccsi, Real projects to all kinds of things. Which is best depends on who you ask. :-) I would argue that there's 3 good approaches, both of which are viable: 1) Define your form abstractly via an API, and have the API detect the presence of POST request and then process the form after it's built. That means you do submit back to the same URL. (Drupal 7 and earlier do this.) 2) Put 2 separate request handlers / controllers at the same path, one for GET and one for POST. So you submit back to the same URL but an entirely different piece of code responds to it. (This requires a good routing system that can differentiate between GET and POST.) 3) Every form is defined as its own object somewhere with a unique ID. All forms post to the same URL but include the form ID. Code at that URL looks up the form object by ID and maps the submitted data to it to know what to do with it. Note that in all 3 cases you're defining a form via an API of some kind. You are not writing form tags yourself. Don't do that. Ever. I promise you that you will have a security hole or six if you do. Use a good form handling API for building forms. That's what good Real projects do. There are a lot out there. Most fullstack frameworks or CMSes have one built in (I know Drupal and Code Ignighter do, although they're quite different), and there are reasonably stand-alone components available in both Symfony2 Components and Zend Framework. Please don't write your own. There are too many good ones (and even more bad ones, of course) already out there that have been security hardened. --Larry Garfield Never write your own form? I'm guilty - oh, so guilty. What exactly is a 'security hardened' form? IN answer to OP - yes you can use a single script to handle your from return. I do that too! I start by recognizing my first time thru and send out a form/page. I process the submit back from that page, doing something based on the label of the submit button that I detect. I may then do some more processing and produce a newer version of the same form/page and repeat. Or I may end it all at that point. Depends on what the overall appl is doing. And now I'll watch and see how much I'm doing wrong. I don't think there's anything inherently wrong with writing your own form processing code, as long as you understand what's going on. Many frameworks do make this a lot easier though, but sometimes I find it encourages you to ignore some of the details (like security) because you know the framework handles that stuff. I would say code forms on your own first, as a learning experience, then use frameworks once you know what you're doing. Thanks, Ash http://www.ashleysheridan.co.uk I dont' know that i'll ever use a framework. Strictly an ex-professional here doing my own website stuff. As you say 'code your own forms first as a learning experience'. Well, once I've coded them (aside: I think you mean 'process', not code) and learned how to do it right, why should I give up that task and pick up a framework? Chances are, once you've done this yourself and abstracted away the implementation details, you have your own framework for performing this generally tedious task :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST action
On 07/28/2013 12:38 PM, Ashley Sheridan wrote: On Sun, 2013-07-28 at 13:37 -0400, Jim Giner wrote: Never write your own form? I'm guilty - oh, so guilty. What exactly is a 'security hardened' form? - All forms need a valid CSRF token to avoid CSRF attacks. This needs to be matched between the submitted form and server-maintained state. Do all of your forms have that? Every single one? (A GET lookup form like a search box doesn't need it, but anything with POST does, I'd argue.) - Do you have a select element? Do you have error handling for when someone submits a value for that wasn't one of the option elements? - Your text input field has a max length of 20. Does your code return an error when the user enters a string of 100 characters? - Are you checking for weird edge-case-y character encoding issues? (Some versions of some browsers can be hacked by sending UTF-7 instead of UTF-8 for certain parts of the request. I don't fully understand that stuff myself, either.) - You have a number field (HTML5). Does your PHP code handle someone submitting a string anyway? - Are you checking all of those correctly every single time you write a form? Remember, a form POST is not a form submission. It's a wide open RPC call for the entire Internet, for which you provide casual suggestions via HTML. Always assume an attacker bypasses the HTML and just POSTs variables right at your server. I'm probably forgetting a few things in the list above, too. Hence, for 98% of cases, if you're writing your own form and input tags, you're doing it wrong. :-) Maybe you end up with your own PHP library to do that for you that handles all of the above, but... why, when there are so many already that do a better job than you can on your own (because they've had dozens of smart people including security experts working on them)? I would say code forms on your own first, as a learning experience, then use frameworks once you know what you're doing. That I'll agree with. Do it manually for the learning, then use a battle-hardened tool for real work is a generally good approach to many things in programming. --Larry Garfield -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST action
On Sun, Jul 28, 2013 at 08:46:06PM -0500, Larry Garfield wrote: On 07/28/2013 12:38 PM, Ashley Sheridan wrote: On Sun, 2013-07-28 at 13:37 -0400, Jim Giner wrote: Never write your own form? I'm guilty - oh, so guilty. What exactly is a 'security hardened' form? - All forms need a valid CSRF token to avoid CSRF attacks. This needs to be matched between the submitted form and server-maintained state. Do all of your forms have that? Every single one? (A GET lookup form like a search box doesn't need it, but anything with POST does, I'd argue.) Yes. I wrote a bless class just for this purpose, which I use on all form pages. - Do you have a select element? Do you have error handling for when someone submits a value for that wasn't one of the option elements? Yes, since I realize that what comes back to me may bear no resemblence to what I coded in HTML. Thus, I always check for allowed SELECT values. - Your text input field has a max length of 20. Does your code return an error when the user enters a string of 100 characters? Yes. Same answer. Putting a max length of 20 in the HTML works okay, but the user could still submit something much longer if they are attempting to hack the page. Thus I always check for max characters on the return. - Are you checking for weird edge-case-y character encoding issues? (Some versions of some browsers can be hacked by sending UTF-7 instead of UTF-8 for certain parts of the request. I don't fully understand that stuff myself, either.) No I don't check for this. - You have a number field (HTML5). Does your PHP code handle someone submitting a string anyway? I don't use HTML5 tags like this, since they are not universally supported. However, I check that numbers look like numbers on return and strings look like strings on return. PHP has built-in functions for this. All this is part of my validation class. - Are you checking all of those correctly every single time you write a form? Except as noted above. This is all home-grown, using native PHP functions designed to do these things, and classes I've written. I carefully examine each field when writing the POST-handling code with the idea in mind that no matter what the HTML says, the return value must conform to what *I* think it should be. No MVC framework written by others (though I do conform to MVC paradigm). Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
On Mar 15, 2012, at 11:52 AM, Stuart Dallas wrote: Change your php.ini settings to log to a file and set display_errors to off. Sometimes when you ask a stupid question you end up getting a brilliant answer. I had no idea about any of this until I received your response, which got me digging. I found out that I could create a custom php.ini file for my site, and within hours of doing this, I had errors logged that I didn't even know I had and was able to fix them. I've since created a cron triggered script which e-mails me any errors on my site. So thanks, Stuart, for posting your response. So far it's caught a coding mistake (by me) and a no product found in MySQL error (because of a discontinued item). I don't mean to sound dramatic, but this changes everything for me. It's great to know that I'll be notified of any little (or big!) problem without having to manually hunt it down. Thanks again, Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] $POST and $_SESSION
Hi gang: What's a better/shorter way to write this? $first_name = $_SESSION['first_name'] ? $_SESSION['first_name'] : null; $first_name = isset($_POST['first_name']) ? $_POST['first_name'] : $first_name; $_SESSION['first_name'] = $first_name; Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
On Thu, Mar 15, 2012 at 11:04, Tedd Sperling tedd.sperl...@gmail.com wrote:
Hi gang:
What's a better/shorter way to write this?
$first_name = $_SESSION['first_name'] ? $_SESSION['first_name'] : null;
$first_name = isset($_POST['first_name']) ? $_POST['first_name'] :
$first_name;
$_SESSION['first_name'] = $first_name;
A simple reusable function and pass-through variable is one method:
?php
session_start();
$_SESSION['first_name'] = $first_name =
thisorthat(@$_POST['first_name'],null);
function thisorthat($a,$b) {
return isset($a) ? $a : $b;
}
?
--
/Daniel P. Brown
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
How about this?
$first_name = @$_POST['first_name'] or $first_name =
$_SESSION['first_name'] ? $_SESSION['first_name'] : null;
Thanks,
Michael
On Fri, Mar 16, 2012 at 2:13 AM, Daniel Brown danbr...@php.net wrote:
On Thu, Mar 15, 2012 at 11:04, Tedd Sperling tedd.sperl...@gmail.com wrote:
Hi gang:
What's a better/shorter way to write this?
$first_name = $_SESSION['first_name'] ? $_SESSION['first_name'] : null;
$first_name = isset($_POST['first_name']) ? $_POST['first_name'] :
$first_name;
$_SESSION['first_name'] = $first_name;
A simple reusable function and pass-through variable is one method:
?php
session_start();
$_SESSION['first_name'] = $first_name =
thisorthat(@$_POST['first_name'],null);
function thisorthat($a,$b) {
return isset($a) ? $a : $b;
}
?
--
/Daniel P. Brown
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
On 15 Mar 2012, at 15:13, Daniel Brown wrote:
On Thu, Mar 15, 2012 at 11:04, Tedd Sperling tedd.sperl...@gmail.com wrote:
Hi gang:
What's a better/shorter way to write this?
$first_name = $_SESSION['first_name'] ? $_SESSION['first_name'] : null;
$first_name = isset($_POST['first_name']) ? $_POST['first_name'] :
$first_name;
$_SESSION['first_name'] = $first_name;
A simple reusable function and pass-through variable is one method:
?php
session_start();
$_SESSION['first_name'] = $first_name =
thisorthat(@$_POST['first_name'],null);
function thisorthat($a,$b) {
return isset($a) ? $a : $b;
}
?
The @ prefix is banned from all code I go anywhere near - it's evil! I've used
the following 'V' function for a long time, primarily for accessing the
superglobals but it works for any array.
?php
session_start();
$_SESSION['first_name'] = $first_name = V($_SESSION, 'first_name');
function V($arr, $key, $def = null) {
return isset($arr[$key]) ? $arr[$key] : $def;
}
?
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
On 15 Mar 2012, at 18:31, Stuart Dallas wrote:
On 15 Mar 2012, at 15:13, Daniel Brown wrote:
On Thu, Mar 15, 2012 at 11:04, Tedd Sperling tedd.sperl...@gmail.com wrote:
Hi gang:
What's a better/shorter way to write this?
$first_name = $_SESSION['first_name'] ? $_SESSION['first_name'] : null;
$first_name = isset($_POST['first_name']) ? $_POST['first_name'] :
$first_name;
$_SESSION['first_name'] = $first_name;
A simple reusable function and pass-through variable is one method:
?php
session_start();
$_SESSION['first_name'] = $first_name =
thisorthat(@$_POST['first_name'],null);
function thisorthat($a,$b) {
return isset($a) ? $a : $b;
}
?
The @ prefix is banned from all code I go anywhere near - it's evil! I've
used the following 'V' function for a long time, primarily for accessing the
superglobals but it works for any array.
?php
session_start();
$_SESSION['first_name'] = $first_name = V($_SESSION, 'first_name');
function V($arr, $key, $def = null) {
return isset($arr[$key]) ? $arr[$key] : $def;
}
?
That'll teach me for not reading the code properly...
?php
session_start();
$_SESSION['first_name'] = V($_POST, 'first_name', V($_SESSION, 'first_name'));
function V($arr, $key, $def = null) {
return isset($arr[$key]) ? $arr[$key] : $def;
}
?
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
On Thu, Mar 15, 2012 at 14:31, Stuart Dallas stu...@3ft9.com wrote:
The @ prefix is banned from all code I go anywhere near - it's evil! I've
used the following 'V' function for a long time, primarily for accessing the
superglobals but it works for any array.
?php
session_start();
$_SESSION['first_name'] = $first_name = V($_SESSION, 'first_name');
function V($arr, $key, $def = null) {
return isset($arr[$key]) ? $arr[$key] : $def;
}
?
For the most part, I agree with you, but for this particular
example, it simply silences the notice for an undefined variable,
should it not be set, at the time of the function call. In nearly any
other case, though, I'm totally with you.
--
/Daniel P. Brown
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
On 15 Mar 2012, at 18:35, Daniel Brown wrote:
On Thu, Mar 15, 2012 at 14:31, Stuart Dallas stu...@3ft9.com wrote:
The @ prefix is banned from all code I go anywhere near - it's evil! I've
used the following 'V' function for a long time, primarily for accessing the
superglobals but it works for any array.
?php
session_start();
$_SESSION['first_name'] = $first_name = V($_SESSION, 'first_name');
function V($arr, $key, $def = null) {
return isset($arr[$key]) ? $arr[$key] : $def;
}
?
For the most part, I agree with you, but for this particular
example, it simply silences the notice for an undefined variable,
should it not be set, at the time of the function call. In nearly any
other case, though, I'm totally with you.
I've seen too many cases where one acceptable use of the @ leads to bugs
being hidden, regardless of the original motivation. I prefer to handle things
like this explicitly, but each to his own.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
On Mar 15, 2012, at 11:35 AM, Daniel Brown wrote: On Thu, Mar 15, 2012 at 14:31, Stuart Dallas stu...@3ft9.com wrote: The @ prefix is banned from all code I go anywhere near - it's evil! For the most part, I agree with you, Hmm... I use it on my web pages (unless I'm testing) so that if something goes wrong, my customers don't see a bunch of garbage with paths to my PHP scripts. Is there a better way to handle this situation? Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
On 15 Mar 2012, at 18:48, sono...@fannullone.us wrote: On Mar 15, 2012, at 11:35 AM, Daniel Brown wrote: On Thu, Mar 15, 2012 at 14:31, Stuart Dallas stu...@3ft9.com wrote: The @ prefix is banned from all code I go anywhere near - it's evil! For the most part, I agree with you, Hmm... I use it on my web pages (unless I'm testing) so that if something goes wrong, my customers don't see a bunch of garbage with paths to my PHP scripts. Is there a better way to handle this situation? Change your php.ini settings to log to a file and set display_errors to off. Error, warnings and notices are all telling you something - ignoring them is ill-advised. If something goes wrong your code should be able to cope with it without generating errors, warnings, or notices. Rule number one when I'm coding... expect the unexpected and make sure it's appropriately handled. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST and $_SESSION
On Thu, 2012-03-15 at 18:52 +, Stuart Dallas wrote: On 15 Mar 2012, at 18:48, sono...@fannullone.us wrote: On Mar 15, 2012, at 11:35 AM, Daniel Brown wrote: On Thu, Mar 15, 2012 at 14:31, Stuart Dallas stu...@3ft9.com wrote: The @ prefix is banned from all code I go anywhere near - it's evil! For the most part, I agree with you, Hmm... I use it on my web pages (unless I'm testing) so that if something goes wrong, my customers don't see a bunch of garbage with paths to my PHP scripts. Is there a better way to handle this situation? Change your php.ini settings to log to a file and set display_errors to off. Error, warnings and notices are all telling you something - ignoring them is ill-advised. If something goes wrong your code should be able to cope with it without generating errors, warnings, or notices. Rule number one when I'm coding... expect the unexpected and make sure it's appropriately handled. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ How about this, which I know is a horrible use of nested ternary if statements but I wouldn't take it beyond nesting 1 or 2 anyway: $first_name = (isset($_POST['first_name']))?$_POST['first_name']:( isset($_SESSION['first_name'])?$_SESSION['firstname']:null); But if this is something you're going to need for several values, I'd go with a function to do the checking for you as someone else above mentioned -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] $POST and $_SESSION
On Thu, Mar 15, 2012 at 11:04 AM, Tedd Sperling tedd.sperl...@gmail.com wrote:
Hi gang:
What's a better/shorter way to write this?
$first_name = $_SESSION['first_name'] ? $_SESSION['first_name'] : null;
$first_name = isset($_POST['first_name']) ? $_POST['first_name'] :
$first_name;
$_SESSION['first_name'] = $first_name;
When not working within my framework (which facilitates this
automatically), I tend to have a function for each just to save time:
function g($key){
return isset($_GET[$key]) ? $_GET[$key] : null;
}
function p($key){
return isset($_POST[$key]) ? $_POST[$key] : null;
}
function c($key){
return isset($_COOKIE[$key]) ? $_COOKIE[$key] : null;
}
function s($key, $val = null){
!isset($_SESSION) session_start();
if ($val === null) {
return isset($_SESSION[$key]) ? $_SESSION[$key] : null;
} else {
return $_SESSION[$key] = $val;
}
}
Then, you can just write:
$first_name = s('first_name', p('first_name'));
Adam
--
Nephtali: A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Post and Redirect
I remembered seeing this question on the list several times in the past,
so I thought I would post something I just hacked up for someone.
As we know, we can user header() to redirect the browser, but of course
we can't redirect the browser and have it post data to the new page. If
you need to do this it will require javascript. Here's a quick and
dirty function:
function http_post_redirect($url='', $data=array(), $doc=false) {
$data = json_encode($data);
if($doc) {
echo htmlhead/headbody;
}
echo
script type='text/javascript'
var data = eval('(' + '$data' + ')');
var jsForm = document.createElement('form');
jsForm.method = 'post';
jsForm.action = '$url';
for (var name in data) {
var jsInput = document.createElement('hidden');
jsInput.setAttribute('name', name);
jsInput.setAttribute('value', data[name]);
jsForm.appendChild(jsInput);
}
document.body.appendChild(jsForm);
jsForm.submit();
/script;
if($doc) {
echo /body/html;
}
exit;
}
--
Thanks!
-Shawn
http://www.spidean.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Post and Redirect
On Fri, 2010-02-26 at 13:26 -0600, Shawn McKenzie wrote:
I remembered seeing this question on the list several times in the past,
so I thought I would post something I just hacked up for someone.
As we know, we can user header() to redirect the browser, but of course
we can't redirect the browser and have it post data to the new page. If
you need to do this it will require javascript. Here's a quick and
dirty function:
function http_post_redirect($url='', $data=array(), $doc=false) {
$data = json_encode($data);
if($doc) {
echo htmlhead/headbody;
}
echo
script type='text/javascript'
var data = eval('(' + '$data' + ')');
var jsForm = document.createElement('form');
jsForm.method = 'post';
jsForm.action = '$url';
for (var name in data) {
var jsInput = document.createElement('hidden');
jsInput.setAttribute('name', name);
jsInput.setAttribute('value', data[name]);
jsForm.appendChild(jsInput);
}
document.body.appendChild(jsForm);
jsForm.submit();
/script;
if($doc) {
echo /body/html;
}
exit;
}
--
Thanks!
-Shawn
http://www.spidean.com
Someone mentioned on the whatwg mailing list that most browsers are
capable of understanding multipart content, so that you could send down
two types of content a bit like you'd send a multipart email.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] POST without POSTing
- Original Message
From: Daniel Brown danbr...@php.net
To: Paul M Foster pa...@quillandmouse.com
Cc: php-general@lists.php.net
Sent: Wednesday, September 30, 2009 9:58:18 PM
Subject: Re: [PHP] POST without POSTing
On Thu, Oct 1, 2009 at 00:41, Paul M Foster wrote:
fsockopen() appears to be part of the standard network functions in PHP,
like the header() function. Do you mean that many hosts support the
function (as part of PHP) but don't support its use with external hosts?
Is there a way to determine this support from looking at phpinfo()?
fsockopen() is a socket function, as the name suggests. Hosts can
disable the usage of sockets. In fact, check Google and you'll see
several folks complaining of their host having it disabled.
If the service provider uses jails on *BSD, then sockets are definitely
disabled for security reasons. They don't want you to hack into other people's
jail(s) ;)
As for fopen(), there's a php.ini value `allow_url_fopen` that a
lot of hosts have set to 'no,' I'm sure with the intent to increase
security but when you can still use cURL and exec('wget'), it kind
of defeats the purpose.
--
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
Paul M Foster pa...@quillandmouse.com wrote on 09/30/2009 09:29:17 PM: [PHP] POST without POSTing Paul M Foster to: php-general 09/30/2009 09:31 PM I have a form that collects certain info via POST. It is re-entrant, so when the user hits the submit button, it checks the input and does whatever sanity checks it needs to. If all is okay, it must now pass some of that info to another URL (offsite) via POST. Normally, the information would be passed via a series of GET variables or SESSION variables. But in this case the site the user is being directed to must receive the information via POST. Google posttohost rasmus. It's a classic from the Master at the turn of the century ;) Kirk
Re: [PHP] POST without POSTing
On Wed, Sep 30, 2009 at 11:36:55PM -0400, Daniel Brown wrote: On Wed, Sep 30, 2009 at 23:29, Paul M Foster pa...@quillandmouse.com wrote: I'm not sure how to do this. Please no exotic external libraries my shared hosting provider doesn't include. RTFM will be fine; just tell me which Fine Manual to Read. Nothing too exotic at all, Paul. Check out cURL: http://php.net/curl Okay, I've figured out how to shove the data through cURL to the receiving URL, but then it occurred to me that the client browser must go there *as well*. Will curl_exec() do that on its own, or is there a parameter I need to feed it? Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
On Thu, Oct 1, 2009 at 16:14, Paul M Foster pa...@quillandmouse.com wrote: Okay, I've figured out how to shove the data through cURL to the receiving URL, but then it occurred to me that the client browser must go there *as well*. Will curl_exec() do that on its own, or is there a parameter I need to feed it? So you need to have the *client* post the information? You may want to look into a JavaScript solution, like an onload/document.form.post action. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
On Thu, Oct 01, 2009 at 04:23:46PM -0400, Daniel Brown wrote: On Thu, Oct 1, 2009 at 16:14, Paul M Foster pa...@quillandmouse.com wrote: Okay, I've figured out how to shove the data through cURL to the receiving URL, but then it occurred to me that the client browser must go there *as well*. Will curl_exec() do that on its own, or is there a parameter I need to feed it? So you need to have the *client* post the information? You may want to look into a JavaScript solution, like an onload/document.form.post action. Javascript would be a bad solution. If the user has this turned off, they can't use the site. Let me be less opaque. This is a page where a user will fill in some personal information, and then select an amount to donate to this cause. The intent is to pass some information that the merchant service company needs (like merchant number and item selected) to their secure URL. The problem is that, before I just pass the information off to them, I want to make sure the user has properly filled out this form. So I have to validate it. That's done in the background on the server, naturally. But once the validating is done, it's time to send the user off to the secure site with a payload of POST variables. At that point, the user will enter credit card info and such, and continue the transaction. So I need to find a way to direct the user's browser to the secure site with their payload of POST variables. The more I look at this, the more it looks like cURL won't do it, and Javascript has the obvious down side. I'm afraid the only way to do this may be to validate everything, pass the values off to a confirmation page, where the user has to hit Proceed, and *that* page goes directly to the secure server with its POST payload. If anyone has a better idea, let me know. Hopefully I've explained it adequately to make the problem clear. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
to make sure the user has properly filled out this form. So I have to validate it. That's done in the background on the server, naturally. But once the validating is done, it's time to send the user off to the secure site with a payload of POST variables. At that point, the user will enter credit card info and such, and continue the transaction. You're describing what a 307 redirect is supposed to accomplish: header(Location: $secure_url, TRUE, 307); But I've heard that not all browsers comply with the HTTP spec on this point. Might be worth testing a bit, though -- maybe your typical audience doesn't tend to use non-compliant browsers. So I need to find a way to direct the user's browser to the secure site with their payload of POST variables. The more I look at this, the more it looks like cURL won't do it, and Javascript has the obvious down side. I'm afraid the only way to do this may be to validate everything, pass the values off to a confirmation page, where the user has to hit Proceed, and *that* page goes directly to the secure server with its POST payload. That might actually be the best solution because it's the most transparent, from the user's point-of-view. A 307 is going to cause many browsers to pop up a confirmation dialog, which will freak some users out -- and will break people's flow a lot more than would a smoothly-executed two-stage submit. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] POST without POSTing
I'm sure this has been covered before, but I'm not even sure how to search in the archives for it. I have a form that collects certain info via POST. It is re-entrant, so when the user hits the submit button, it checks the input and does whatever sanity checks it needs to. If all is okay, it must now pass some of that info to another URL (offsite) via POST. Normally, the information would be passed via a series of GET variables or SESSION variables. But in this case the site the user is being directed to must receive the information via POST. I'm not sure how to do this. Please no exotic external libraries my shared hosting provider doesn't include. RTFM will be fine; just tell me which Fine Manual to Read. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
On Wed, Sep 30, 2009 at 23:29, Paul M Foster pa...@quillandmouse.com wrote: I'm not sure how to do this. Please no exotic external libraries my shared hosting provider doesn't include. RTFM will be fine; just tell me which Fine Manual to Read. Nothing too exotic at all, Paul. Check out cURL: http://php.net/curl -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
On Wed, Sep 30, 2009 at 11:36:55PM -0400, Daniel Brown wrote: On Wed, Sep 30, 2009 at 23:29, Paul M Foster pa...@quillandmouse.com wrote: I'm not sure how to do this. Please no exotic external libraries my shared hosting provider doesn't include. RTFM will be fine; just tell me which Fine Manual to Read. Nothing too exotic at all, Paul. Check out cURL: http://php.net/curl I was afraid you were going to say that, and I wasn't sure cURL was supported on that server. But I just loaded phpinfo on that server, and it is supported. However, assuming it *wasn't*, I've found the following example from a google search (thank goodness for google's hinting or I couldn't have found it): $fp = fsockopen(www.site.com, 80); fputs($fp, POST /script.php HTTP/1.0 Host: www.site.com Content-Length: 7 q=proxy); I don't know much about doing things this way. It appears that when done this way, the body must be separated by a newline, just like email. And it appears that the content-length of 7 indicates the length of the q=proxy string. Assuming I piled on a few other passed variables the same way as q, separated by newlines (and adjusted the Content-Length accordingly), would the above work? Are there liabilities to doing it this way? Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
On Thu, Oct 1, 2009 at 00:16, Paul M Foster pa...@quillandmouse.com wrote: However, assuming it *wasn't*, I've found the following example from a google search (thank goodness for google's hinting or I couldn't have found it): $fp = fsockopen(www.site.com, 80); fputs($fp, POST /script.php HTTP/1.0 Host: www.site.com Content-Length: 7 q=proxy); I don't know much about doing things this way. It appears that when done this way, the body must be separated by a newline, just like email. And it appears that the content-length of 7 indicates the length of the q=proxy string. Assuming I piled on a few other passed variables the same way as q, separated by newlines (and adjusted the Content-Length accordingly), would the above work? Are there liabilities to doing it this way? Yes. Hosts are more likely to have cURL installed and available than fsockopen() or URL-based fopen() calls, so portability is greater with cURL. It's also a bit faster. Still, as you know, there's always more than one way to skin a cute, furry, delicious little kitten. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
On Thu, 1 Oct 2009 00:16:27 -0400 Paul M Foster pa...@quillandmouse.com wrote: On Wed, Sep 30, 2009 at 11:36:55PM -0400, Daniel Brown wrote: On Wed, Sep 30, 2009 at 23:29, Paul M Foster pa...@quillandmouse.com wrote: I'm not sure how to do this. Please no exotic external libraries my shared hosting provider doesn't include. RTFM will be fine; just tell me which Fine Manual to Read. Nothing too exotic at all, Paul. Check out cURL: http://php.net/curl I was afraid you were going to say that, and I wasn't sure cURL was supported on that server. But I just loaded phpinfo on that server, and it is supported. However, assuming it *wasn't*, I've found the following example from a google search (thank goodness for google's hinting or I couldn't have found it): $fp = fsockopen(www.site.com, 80); fputs($fp, POST /script.php HTTP/1.0 Host: www.site.com Content-Length: 7 q=proxy); I don't know much about doing things this way. It appears that when done this way, the body must be separated by a newline, just like email. And it appears that the content-length of 7 indicates the length of the q=proxy string. Assuming I piled on a few other passed variables the same way as q, separated by newlines (and adjusted the Content-Length accordingly), would the above work? Are there liabilities to doing it this way? Paul Not separated by newlines; separated by ampersands. But otherwise, that's just raw HTTP 1.1 protocol. cURL and other tools might look a bit more complicated at first, but (assuming they're available) they do shield you from the raw protocol a bit. No real liability to doing it that way other than it's a bit more work. http://developers.sun.com/mobility/midp/ttips/HTTPPost/ Regards, Torben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
On Thu, Oct 01, 2009 at 12:24:41AM -0400, Daniel Brown wrote: On Thu, Oct 1, 2009 at 00:16, Paul M Foster pa...@quillandmouse.com wrote: However, assuming it *wasn't*, I've found the following example from a google search (thank goodness for google's hinting or I couldn't have found it): $fp = fsockopen(www.site.com, 80); fputs($fp, POST /script.php HTTP/1.0 Host: www.site.com Content-Length: 7 q=proxy); I don't know much about doing things this way. It appears that when done this way, the body must be separated by a newline, just like email. And it appears that the content-length of 7 indicates the length of the q=proxy string. Assuming I piled on a few other passed variables the same way as q, separated by newlines (and adjusted the Content-Length accordingly), would the above work? Are there liabilities to doing it this way? Yes. Hosts are more likely to have cURL installed and available than fsockopen() or URL-based fopen() calls, so portability is greater with cURL. It's also a bit faster. Still, as you know, there's always more than one way to skin a cute, furry, delicious little kitten. fsockopen() appears to be part of the standard network functions in PHP, like the header() function. Do you mean that many hosts support the function (as part of PHP) but don't support its use with external hosts? Is there a way to determine this support from looking at phpinfo()? Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
On Thu, Oct 1, 2009 at 00:41, Paul M Foster pa...@quillandmouse.com wrote:
fsockopen() appears to be part of the standard network functions in PHP,
like the header() function. Do you mean that many hosts support the
function (as part of PHP) but don't support its use with external hosts?
Is there a way to determine this support from looking at phpinfo()?
fsockopen() is a socket function, as the name suggests. Hosts can
disable the usage of sockets. In fact, check Google and you'll see
several folks complaining of their host having it disabled.
As for fopen(), there's a php.ini value `allow_url_fopen` that a
lot of hosts have set to 'no,' I'm sure with the intent to increase
security but when you can still use cURL and exec('wget'), it kind
of defeats the purpose.
--
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST without POSTing
On Thu, 1 Oct 2009 00:24:41 -0400 Daniel Brown danbr...@php.net wrote: On Thu, Oct 1, 2009 at 00:16, Paul M Foster pa...@quillandmouse.com wrote: However, assuming it *wasn't*, I've found the following example from a google search (thank goodness for google's hinting or I couldn't have found it): $fp = fsockopen(www.site.com, 80); fputs($fp, POST /script.php HTTP/1.0 Host: www.site.com Content-Length: 7 q=proxy); I don't know much about doing things this way. It appears that when done this way, the body must be separated by a newline, just like email. And it appears that the content-length of 7 indicates the length of the q=proxy string. Assuming I piled on a few other passed variables the same way as q, separated by newlines (and adjusted the Content-Length accordingly), would the above work? Are there liabilities to doing it this way? Yes. Hosts are more likely to have cURL installed and available than fsockopen() or URL-based fopen() calls, so portability is greater with cURL. It's also a bit faster. Still, as you know, there's always more than one way to skin a cute, furry, delicious little kitten. I stand corrected on that point--in that way, yes, it would be a liability. Happily it's been so long since I've had to use that kind of host that I don't usually consider that a problem. But yes, if you're using free or low-end hosting then you might have to contend with that. Ugly, but true. Torben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] POST php://input
Hello All, ?I'm doing a POST using httpwebrequest in a Pocket PC C# application to send a file over a stream buffer to a php page on an Apache server. I'm able to not only get ?variablename=value via a $_REQUEST, but also the entire file over php://input. It all works, I'm just not sure it's proper or the best way to do this. Should i be getting a $_REQUEST and a file via php://input in the same php page? Other problems with doing this? Nothing seems to come over $_FILE.. when i do a print_r on that, all i get is the number 1... I was thinking the file might be handled by php and stored as a temp file, but it doesn't seem to be. Thanks for any help and suggestions, Scott
Re: [PHP] POST/GET into variables
On Mon, January 21, 2008 10:03 am, Nathan Nobbe wrote: On Jan 21, 2008 10:19 AM, Eric Butera [EMAIL PROTECTED] wrote: I don't think making a single generic function to iterate over every value in the GET/POST arrays is a very good idea. Each field on a form can contain very different pieces of data that should be handed quite differently. I know you did point out that this is just an example, but nonetheless your class is intended to iterate over everything with a generic solution. i think applying trim() to all input is appropriate. You're wrong. :-) There is at least one app where whitespace was significant. It might be for integration with some weird legacy system somewhere, but there it is. The sanitizing of any input data HAS to know what the data is supposed to look like, and should be as strict as possible. No single function can handle that without some kind of meta knowledge about the fields coming in from somewhere else. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST/GET into variables
On Jan 22, 2008 3:59 PM, Richard Lynch [EMAIL PROTECTED] wrote: On Mon, January 21, 2008 10:03 am, Nathan Nobbe wrote: On Jan 21, 2008 10:19 AM, Eric Butera [EMAIL PROTECTED] wrote: I don't think making a single generic function to iterate over every value in the GET/POST arrays is a very good idea. Each field on a form can contain very different pieces of data that should be handed quite differently. I know you did point out that this is just an example, but nonetheless your class is intended to iterate over everything with a generic solution. i think applying trim() to all input is appropriate. You're wrong. :-) fair enough; i thought about it after i said that and realized it wasnt the case. too bad somebody had to go and call me out on it ;) There is at least one app where whitespace was significant. It might be for integration with some weird legacy system somewhere, but there it is. The sanitizing of any input data HAS to know what the data is supposed to look like, and should be as strict as possible. No single function can handle that without some kind of meta knowledge about the fields coming in from somewhere else. if there is default behavior that only needs to be applied in most cases then add a parameter to the function or an instance variable that indicates the default behavior should be overridden. as i said earlier, i was not posting this class as a generic solution for all input filtration. it was mainly intended to demonstrate conversion of variables within an array to ones in the current symbol tables using variable variables. note this segment from the original question: ..work by turning all key/value pairs for both get and post into variable names of the same name as the get/post key, and the variable values as the values from the post/get.. i also had no knowledge of the extract() function which basically does the same thing. on another thread today somebody mentioned inspekt, this looks like a pretty solid validation / sanitization system. http://code.google.com/p/inspekt/ i looked at a couple of the other filtration systems eric recommended and appreciate him sharing. -nathan
Re: [PHP] POST/GET into variables
On Jan 20, 2008 10:15 PM, nihilism machine [EMAIL PROTECTED] wrote:
im trying to keep this php4 OOP. im just trying to clean the post/gets
and then make them all into variables with their names being the keys
to the get/post, and their values as the variables values.
ie: $_POST['someFormInputName'] = somevalue ... turns into
$someFormInputName = somevalue.
I am not concerned about cleaning the input as i have a function
already for that.
On Jan 20, 2008, at 10:06 PM, Nathan Nobbe wrote:
On Jan 20, 2008 9:47 PM, nihilism machine
[EMAIL PROTECTED] wrote:
how does this look? should this by me calling ... myforms = new
forms(); work by turning all key/value pairs for both get and post
into variable names of the same name as the get/post key, and the
variable values as the values from the post/get?
class forms {
// Some stuff
var $MyPosts;
var $MyGets;
var $CleanedInput;
// Connect to the database
function forms() {
foreach($_POST as $curPostKey = $curPostVal) {
CleanInput($curPostKey);
$$curPostKey = $curPostVal;
}
foreach($_GET as $curGetKey = $curGetVal) {
CleanInput($curGetKey);
$$curGetKey = $curGetVal;
}
}
// Attempt to login a user
function CleanInput($userInput) {
return $this-CleanedInput;
}
}
im a little bit lost on the comments about connecting to the
database and logging
in a user. if you are writing a class to filter data in the $_POST
and /or $_GET, then
thats all it should be responsible for.
the decision youll have to make is this; will this class simply act
as a filter for these
arrays, which means it will modify the data in those arrays, or will
it leave the contents
of those arrays unaltered and store the filtered values in instance
variables? the design
of the class will depend upon this decision.
i think if you want to keep it simple, you should shoot for the
former option. then your
class would look something like this
class InputFilter {
public static function filterInput($optionalFilter='') {
if(count($_GET) 0) {
self::filterArray($_GET, $optionalFilter);
}
if(count($_POST) 0) {
self::filterArray($_POST, $optionalFilter);
}
}
private static function filterArray($array, $optionalFilter='') {
foreach($array as $key = $value) {
$$key = self::filterValue($value);
if(!empty($optionalFilter)
is_callable($optionalFilter)) {
$$key = $optionalFilter($$key);
}
}
}
private static function filterValue($value) {
return trim(stripslashes($value));/// -- NOTE: this is
only an example
}
}
then from client space you would just say
InputFilter::filterInput();
then, subsequently you can use $_POST and $_GET directly with the
assumption
that the input has been escaped.
and, using the class above, you can also supply a custom filtering
function as well,
on a per-need basis; eg.
function filterMsql($value) {
return mysql_real_escape_string($value);
}
InputFilter::filterInput('filterMysql');
NOTE: i just typed this into my mail client, so it might not be
perfect.
-nathan
Look up extract(). This is a horrible idea you're trying to do though.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST/GET into variables
On Jan 20, 2008 10:06 PM, Nathan Nobbe [EMAIL PROTECTED] wrote:
On Jan 20, 2008 9:47 PM, nihilism machine [EMAIL PROTECTED] wrote:
how does this look? should this by me calling ... myforms = new
forms(); work by turning all key/value pairs for both get and post
into variable names of the same name as the get/post key, and the
variable values as the values from the post/get?
class forms {
// Some stuff
var $MyPosts;
var $MyGets;
var $CleanedInput;
// Connect to the database
function forms() {
foreach($_POST as $curPostKey = $curPostVal) {
CleanInput($curPostKey);
$$curPostKey = $curPostVal;
}
foreach($_GET as $curGetKey = $curGetVal) {
CleanInput($curGetKey);
$$curGetKey = $curGetVal;
}
}
// Attempt to login a user
function CleanInput($userInput) {
return $this-CleanedInput;
}
}
im a little bit lost on the comments about connecting to the database and
logging
in a user. if you are writing a class to filter data in the $_POST and /or
$_GET, then
thats all it should be responsible for.
the decision youll have to make is this; will this class simply act as a
filter for these
arrays, which means it will modify the data in those arrays, or will it
leave the contents
of those arrays unaltered and store the filtered values in instance
variables? the design
of the class will depend upon this decision.
i think if you want to keep it simple, you should shoot for the former
option. then your
class would look something like this
class InputFilter {
public static function filterInput($optionalFilter='') {
if(count($_GET) 0) {
self::filterArray($_GET, $optionalFilter);
}
if(count($_POST) 0) {
self::filterArray($_POST, $optionalFilter);
}
}
private static function filterArray($array, $optionalFilter='') {
foreach($array as $key = $value) {
$$key = self::filterValue($value);
if(!empty($optionalFilter) is_callable($optionalFilter)) {
$$key = $optionalFilter($$key);
}
}
}
private static function filterValue($value) {
return trim(stripslashes($value));/// -- NOTE: this is only an
example
}
}
then from client space you would just say
InputFilter::filterInput();
then, subsequently you can use $_POST and $_GET directly with the assumption
that the input has been escaped.
and, using the class above, you can also supply a custom filtering function
as well,
on a per-need basis; eg.
function filterMsql($value) {
return mysql_real_escape_string($value);
}
InputFilter::filterInput('filterMysql');
NOTE: i just typed this into my mail client, so it might not be perfect.
-nathan
Hi Nathan,
I don't think making a single generic function to iterate over every
value in the GET/POST arrays is a very good idea. Each field on a
form can contain very different pieces of data that should be handed
quite differently. I know you did point out that this is just an
example, but nonetheless your class is intended to iterate over
everything with a generic solution.
Say you have three fields: name, email, and comments textarea. On the
back end your script should know that the three different fields have
different character limits and they should also be validated
differently. The email should be checked to make sure it is a valid
email address. The two other fields can have constraints like the
name field has to be between 4 characters and a max of 64. Then the
comments has a minimum of 1 and a max of 65535. How do you accomplish
this with one blanket function without passing in a massive array of
options. What if there is another field that requires some sort of
number. If someone came through and typed e3 (not malicious, just a
typo) then the all in one would say that is perfect.
There are plenty of filtering libraries available such as
ext/filter[1], Zend_Filter[2], and Stubbles Validators [3]. I lean
towards the Stubbles method of applying reusable filters to data.
These libraries have many eyes on them and are tested pretty well. To
forego all this work and start your own really requires a bigger
effort than most people realize.
[1] http://php.net/filter
[2] http://framework.zend.com/manual/en/zend.filter.html
[3] http://stubbles.net/wiki/Docs/Validators
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST/GET into variables
Eric Butera schreef: ... then from client space you would just say InputFilter::filterInput(); then, subsequently you can use $_POST and $_GET directly with the assumption that the input has been escaped. BAD! assuming $_GET/$_POST are sanitized and escaped is always wrong. stick cleaned/validated request data in a new/designated container. additionally you escape data according to the context in which the escaped data will be used - if you perform mysql related escaping on some central bunch of data then things will go pear-shaped if at anytime that same data is subsequently used for other kind of output (e.g. to screen) (note that putting data into a DB is consider output from the point of view of your script) Look up extract(). This is a horrible idea you're trying to do though. I'll second that. :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST/GET into variables
On Jan 21, 2008 10:19 AM, Eric Butera [EMAIL PROTECTED] wrote: I don't think making a single generic function to iterate over every value in the GET/POST arrays is a very good idea. Each field on a form can contain very different pieces of data that should be handed quite differently. I know you did point out that this is just an example, but nonetheless your class is intended to iterate over everything with a generic solution. i think applying trim() to all input is appropriate. Say you have three fields: name, email, and comments textarea. On the back end your script should know that the three different fields have different character limits and they should also be validated differently. The email should be checked to make sure it is a valid email address. The two other fields can have constraints like the name field has to be between 4 characters and a max of 64. Then the comments has a minimum of 1 and a max of 65535. How do you accomplish this with one blanket function without passing in a massive array of options. the class i supplied could easily be extended to accept a such a configuration array, which i see no problem with either. its the same approach taken by one of the functions in the filter extension you mentioned. http://us2.php.net/manual/en/function.filter-input-array.php this was not designed to be some end-all-be-all solution, it was merely an example which illustrated primarily how to convert an array of values into first class variables. i was also unaware of the extract() function. These libraries have many eyes on them and are tested pretty well. To forego all this work and start your own really requires a bigger effort than most people realize. probly, using existing, working tools is the best choice for most cases. taking code from somebody writing it at 2 in the morning might not be so smart ;) really, i was just trying to answer the question at hand, i believe i did that. [1] http://php.net/filter [2] http://framework.zend.com/manual/en/zend.filter.html [3] http://stubbles.net/wiki/Docs/Validators thank you for the references, in particular, i was unaware of the filter extension, ill give that a closer look. -nathan
[Fwd: Re: [PHP] POST/GET into variables]
rectified ;-) Originele bericht On Jan 21, 2008 11:51 AM, Jochem Maas [EMAIL PROTECTED] wrote: yeah - you'll get used to it, mostly. it happens to everyone that they seem to be getting replies to things they didn't write - I was responding to the OP in this case - adding to your advice in affect. sorry for the confusion. It's no problem. :) Defending my honor off-list! :D -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] POST/GET into variables
how does this look? should this by me calling ... myforms = new
forms(); work by turning all key/value pairs for both get and post
into variable names of the same name as the get/post key, and the
variable values as the values from the post/get?
class forms {
// Some stuff
var $MyPosts;
var $MyGets;
var $CleanedInput;
// Connect to the database
function forms() {
foreach($_POST as $curPostKey = $curPostVal) {
CleanInput($curPostKey);
$$curPostKey = $curPostVal;
}
foreach($_GET as $curGetKey = $curGetVal) {
CleanInput($curGetKey);
$$curGetKey = $curGetVal;
}
}
// Attempt to login a user
function CleanInput($userInput) {
return $this-CleanedInput;
}
}
thanks to anyone in advance
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST/GET into variables
im trying to keep this php4 OOP. im just trying to clean the post/gets
and then make them all into variables with their names being the keys
to the get/post, and their values as the variables values.
ie: $_POST['someFormInputName'] = somevalue ... turns into
$someFormInputName = somevalue.
I am not concerned about cleaning the input as i have a function
already for that.
On Jan 20, 2008, at 10:06 PM, Nathan Nobbe wrote:
On Jan 20, 2008 9:47 PM, nihilism machine
[EMAIL PROTECTED] wrote:
how does this look? should this by me calling ... myforms = new
forms(); work by turning all key/value pairs for both get and post
into variable names of the same name as the get/post key, and the
variable values as the values from the post/get?
class forms {
// Some stuff
var $MyPosts;
var $MyGets;
var $CleanedInput;
// Connect to the database
function forms() {
foreach($_POST as $curPostKey = $curPostVal) {
CleanInput($curPostKey);
$$curPostKey = $curPostVal;
}
foreach($_GET as $curGetKey = $curGetVal) {
CleanInput($curGetKey);
$$curGetKey = $curGetVal;
}
}
// Attempt to login a user
function CleanInput($userInput) {
return $this-CleanedInput;
}
}
im a little bit lost on the comments about connecting to the
database and logging
in a user. if you are writing a class to filter data in the $_POST
and /or $_GET, then
thats all it should be responsible for.
the decision youll have to make is this; will this class simply act
as a filter for these
arrays, which means it will modify the data in those arrays, or will
it leave the contents
of those arrays unaltered and store the filtered values in instance
variables? the design
of the class will depend upon this decision.
i think if you want to keep it simple, you should shoot for the
former option. then your
class would look something like this
class InputFilter {
public static function filterInput($optionalFilter='') {
if(count($_GET) 0) {
self::filterArray($_GET, $optionalFilter);
}
if(count($_POST) 0) {
self::filterArray($_POST, $optionalFilter);
}
}
private static function filterArray($array, $optionalFilter='') {
foreach($array as $key = $value) {
$$key = self::filterValue($value);
if(!empty($optionalFilter)
is_callable($optionalFilter)) {
$$key = $optionalFilter($$key);
}
}
}
private static function filterValue($value) {
return trim(stripslashes($value));/// -- NOTE: this is
only an example
}
}
then from client space you would just say
InputFilter::filterInput();
then, subsequently you can use $_POST and $_GET directly with the
assumption
that the input has been escaped.
and, using the class above, you can also supply a custom filtering
function as well,
on a per-need basis; eg.
function filterMsql($value) {
return mysql_real_escape_string($value);
}
InputFilter::filterInput('filterMysql');
NOTE: i just typed this into my mail client, so it might not be
perfect.
-nathan
Re: [PHP] POST/GET into variables
On Jan 20, 2008 9:47 PM, nihilism machine [EMAIL PROTECTED] wrote:
how does this look? should this by me calling ... myforms = new
forms(); work by turning all key/value pairs for both get and post
into variable names of the same name as the get/post key, and the
variable values as the values from the post/get?
class forms {
// Some stuff
var $MyPosts;
var $MyGets;
var $CleanedInput;
// Connect to the database
function forms() {
foreach($_POST as $curPostKey = $curPostVal) {
CleanInput($curPostKey);
$$curPostKey = $curPostVal;
}
foreach($_GET as $curGetKey = $curGetVal) {
CleanInput($curGetKey);
$$curGetKey = $curGetVal;
}
}
// Attempt to login a user
function CleanInput($userInput) {
return $this-CleanedInput;
}
}
im a little bit lost on the comments about connecting to the database and
logging
in a user. if you are writing a class to filter data in the $_POST and /or
$_GET, then
thats all it should be responsible for.
the decision youll have to make is this; will this class simply act as a
filter for these
arrays, which means it will modify the data in those arrays, or will it
leave the contents
of those arrays unaltered and store the filtered values in instance
variables? the design
of the class will depend upon this decision.
i think if you want to keep it simple, you should shoot for the former
option. then your
class would look something like this
class InputFilter {
public static function filterInput($optionalFilter='') {
if(count($_GET) 0) {
self::filterArray($_GET, $optionalFilter);
}
if(count($_POST) 0) {
self::filterArray($_POST, $optionalFilter);
}
}
private static function filterArray($array, $optionalFilter='') {
foreach($array as $key = $value) {
$$key = self::filterValue($value);
if(!empty($optionalFilter) is_callable($optionalFilter)) {
$$key = $optionalFilter($$key);
}
}
}
private static function filterValue($value) {
return trim(stripslashes($value));/// -- NOTE: this is only an
example
}
}
then from client space you would just say
InputFilter::filterInput();
then, subsequently you can use $_POST and $_GET directly with the assumption
that the input has been escaped.
and, using the class above, you can also supply a custom filtering function
as well,
on a per-need basis; eg.
function filterMsql($value) {
return mysql_real_escape_string($value);
}
InputFilter::filterInput('filterMysql');
NOTE: i just typed this into my mail client, so it might not be perfect.
-nathan
Re: [PHP] POST/GET into variables
On Jan 20, 2008 10:15 PM, nihilism machine [EMAIL PROTECTED] wrote: im trying to keep this php4 OOP. im just trying to clean the post/gets and then make them all into variables with their names being the keys to the get/post, and their values as the variables values. then all you have to do is remove the static keyword from the code i posted (and clean any syntax errors ;)). ie: $_POST['someFormInputName'] = somevalue ... turns into $someFormInputName = somevalue. thats what the code i put out there does; did you try it yet? I am not concerned about cleaning the input as i have a function already for that. then feed it as the callback function to the InputFilter::filterInput() method and all the converted variables will be cleaned as well. -nathan
Re: [PHP] POST adding extra characters
[EMAIL PROTECTED] wrote:
Hi.. when using POSTon a text box to send info its adding an extra \
character.
form action=script.php method=POST
TEXTAREA NAME=save COLS=100 ROWS=15
dry-run:
filter: account-id = '10002'
select: key
/textarea
PbrINPUT TYPE=submit VALUE=submit
/FORM/a
That information is then written to a text file with..
$msg = $ud_save;
$f = fopen(file.txt, 'w');
fwrite($f, $msg);
fclose($f);
Whats written to the text file should be..
dry-run:
filter: account-id = '10002'
select: key
but its writting this instead..
dry-run:
filter: account-id = \'10002\'
select: key
How can I stop it addind the backslashes \
Thanks
Chris
sounds like you have magic quotes enabled.
something like this at the top of you script will fix the problem.
if ( get_magic_quotes_gpc() ) {
$_GET = array_map(stripslashes, $_GET);
$_POST = array_map(stripslashes, $_POST);
$_REQUEST = array_map(stripslashes, $_REQUEST);
}
--
Jim Lucas
Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them.
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST adding extra characters
Thanks Jim worked a treat
- Original Message -
From: Jim Lucas [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Sent: Thursday, June 21, 2007 4:03 AM
Subject: Re: [PHP] POST adding extra characters
[EMAIL PROTECTED] wrote:
Hi.. when using POSTon a text box to send info its adding an extra \
character.
form action=script.php method=POST
TEXTAREA NAME=save COLS=100 ROWS=15
dry-run:
filter: account-id = '10002'
select: key
/textarea
PbrINPUT TYPE=submit VALUE=submit
/FORM/a
That information is then written to a text file with..
$msg = $ud_save;
$f = fopen(file.txt, 'w');
fwrite($f, $msg);
fclose($f);
Whats written to the text file should be..
dry-run:
filter: account-id = '10002'
select: key
but its writting this instead..
dry-run:
filter: account-id = \'10002\'
select: key
How can I stop it addind the backslashes \
Thanks
Chris
sounds like you have magic quotes enabled.
something like this at the top of you script will fix the problem.
if ( get_magic_quotes_gpc() ) {
$_GET = array_map(stripslashes, $_GET);
$_POST = array_map(stripslashes, $_POST);
$_REQUEST = array_map(stripslashes, $_REQUEST);
}
--
Jim Lucas
Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them.
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST adding extra characters
[EMAIL PROTECTED] wrote:
Thanks Jim worked a treat
- Original Message - From: Jim Lucas [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Sent: Thursday, June 21, 2007 4:03 AM
Subject: Re: [PHP] POST adding extra characters
[EMAIL PROTECTED] wrote:
Hi.. when using POSTon a text box to send info its adding an extra \
character.
form action=script.php method=POST
TEXTAREA NAME=save COLS=100 ROWS=15
dry-run:
filter: account-id = '10002'
select: key
/textarea
PbrINPUT TYPE=submit VALUE=submit
/FORM/a
That information is then written to a text file with..
$msg = $ud_save;
$f = fopen(file.txt, 'w');
fwrite($f, $msg);
fclose($f);
Whats written to the text file should be..
dry-run:
filter: account-id = '10002'
select: key
but its writting this instead..
dry-run:
filter: account-id = \'10002\'
select: key
How can I stop it addind the backslashes \
Thanks
Chris
sounds like you have magic quotes enabled.
something like this at the top of you script will fix the problem.
if ( get_magic_quotes_gpc() ) {
$_GET = array_map(stripslashes, $_GET);
$_POST = array_map(stripslashes, $_POST);
$_REQUEST = array_map(stripslashes, $_REQUEST);
}
--
Jim Lucas
Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them.
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
The question I have for you now is, do you understand what that code
snippet does?
Jim Lucas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] post via text message?
I'm working on a site where I need to allow someone to send me a text message and let the code take their message and respond or post it in the db. Can someone point me in the right direction on how this is done? Thanks!
Re: [PHP] post via text message?
On Mon, April 16, 2007 9:14 am, blackwater dev wrote: I'm working on a site where I need to allow someone to send me a text message and let the code take their message and respond or post it in the db. Can someone point me in the right direction on how this is done? You mean like a cellphone text message? Just Google for PHP SMS -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
using mssql_fetch_assoc worked out great. I had actually typed it in before
but the code formatting didn't change the color of the text like it normally
does for my mssql functions so I assumed it wasn't valid and deleted it.
Thanks to everyone for your help!
On 3/27/07, Jim Lucas [EMAIL PROTECTED] wrote:
Dan Shirah wrote:
Okay, I thought this was VERY simple, but I cannot wrap my mind around
what
I am doing wrong.
echo $_POST['max_id']; *The echo returns the correct result
*if($_POST['max_id'] ='') { *This is suppose to run the below query if
$_POST['max_id'] is not blank*
$max_id = $_POST['max_id']; *Sets my POST value to a variable*
$info = SELECT * FROM payment_request WHERE id = '$max_id'; *Selects
record from my database by the matching ID's*
$result_info = mssql_query($info) or die(mssql_error()); *Puts the
query
results into a variable*
$row_info = ifx_fetch_row($result_info); *Makes a row in an array for
all
the returned fields from my query*
$my_info = $row_info['my_value'];
input type=Text value=?php echo $my_info; ? size=20
maxlength=16
name=my_value *However, this box returns no data.*
I should be using if($_POST['max_id'] ='') { and
notif($_POST['max_id']
!=='') { correct? Since it is a comparative function just the =
should
be correct.
Can someone take a look at this solution and tell me if this would be a
descent solution for his
problem?
I use this logic all over my code base, let me know if it is efficient,
clean, well structured, etc...
if ( isset($_POST['max_id']) ) {
$max_id = (int)$_POST['max_id'];
if ( empty($max_id) ) {
die('not a valid id');
# or some other, more graceful, way of catching the error
}
$SQL = SELECT * FROM payment_request WHERE id = '{$max_id}';
if ( ( $result_info = mssql_query($SQL) ) === false ) {
die(mssql_error());
# again, maybe something more graceful here
}
if ( mssql_num_rows( $result_info ) == 0 ) {
die('nothing to display');
# again, maybe something more graceful here
} else {
while ( $row_info = mssql_fetch_array($result_info) ) {
echo 'input type=Text
value='.$row_info['my_value'].
' size=20 maxlength=16 name=my_value';
}
}
}
--
Enjoy,
Jim Lucas
Different eyes see different things. Different hearts beat on different
strings. But there are times
for you and me when all such things agree.
- Rush
[PHP] POST + QUERY
Okay, I thought this was VERY simple, but I cannot wrap my mind around what
I am doing wrong.
echo $_POST['max_id']; *The echo returns the correct result
*if($_POST['max_id'] ='') { *This is suppose to run the below query if
$_POST['max_id'] is not blank*
$max_id = $_POST['max_id']; *Sets my POST value to a variable*
$info = SELECT * FROM payment_request WHERE id = '$max_id'; *Selects
record from my database by the matching ID's*
$result_info = mssql_query($info) or die(mssql_error()); *Puts the query
results into a variable*
$row_info = ifx_fetch_row($result_info); *Makes a row in an array for all
the returned fields from my query*
$my_info = $row_info['my_value'];
input type=Text value=?php echo $my_info; ? size=20 maxlength=16
name=my_value *However, this box returns no data.*
I should be using if($_POST['max_id'] ='') { and notif($_POST['max_id']
!=='') { correct? Since it is a comparative function just the = should
be correct.
Re: [PHP] POST + QUERY
use: $_POST['max_id'] == or even better: if (empty($_POST['max_id']))
Re: [PHP] POST + QUERY
On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote:
Okay, I thought this was VERY simple, but I cannot wrap my mind around what
I am doing wrong.
echo $_POST['max_id']; *The echo returns the correct result
*if($_POST['max_id'] ='') { *This is suppose to run the below query if
$_POST['max_id'] is not blank*
$max_id = $_POST['max_id']; *Sets my POST value to a variable*
$info = SELECT * FROM payment_request WHERE id = '$max_id'; *Selects
record from my database by the matching ID's*
$result_info = mssql_query($info) or die(mssql_error()); *Puts the query
results into a variable*
$row_info = ifx_fetch_row($result_info); *Makes a row in an array for all
the returned fields from my query*
$my_info = $row_info['my_value'];
input type=Text value=?php echo $my_info; ? size=20 maxlength=16
name=my_value *However, this box returns no data.*
I should be using if($_POST['max_id'] ='') { and notif($_POST['max_id']
!=='') { correct? Since it is a comparative function just the = should
be correct
You're wrong, = means you want to give the variable on the left the
value on the right.
This if you're using now will always return true (atleast if you don't
have very buggy server). And your $_POST['max_id'] will; have the
value ''
Use != :)
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Dan Shirah wrote:
Okay, I thought this was VERY simple, but I cannot wrap my mind around
what
I am doing wrong.
echo $_POST['max_id']; *The echo returns the correct result
*if($_POST['max_id'] ='') { *This is suppose to run the below query if
$_POST['max_id'] is not blank*
$max_id = $_POST['max_id']; *Sets my POST value to a variable*
$info = SELECT * FROM payment_request WHERE id = '$max_id'; *Selects
record from my database by the matching ID's*
$result_info = mssql_query($info) or die(mssql_error()); *Puts the query
results into a variable*
$row_info = ifx_fetch_row($result_info); *Makes a row in an array for
all
the returned fields from my query*
$my_info = $row_info['my_value'];
input type=Text value=?php echo $my_info; ? size=20
maxlength=16
name=my_value *However, this box returns no data.*
I should be using if($_POST['max_id'] ='') { and notif($_POST['max_id']
!=='') { correct? Since it is a comparative function just the =
should
be correct.
read this:
http://php.net/operators
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Em Terça 27 Março 2007 17:02, Dave Goodchild escreveu: use: $_POST['max_id'] == or even better: if (empty($_POST['max_id'])) Why not: if (!(isset($_POST[max_id))) ? -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: Around computers it is difficult to find the correct unit of time to measure progress. Some cathedrals took a century to complete. Can you imagine the grandeur and scope of a program that would take as long? -- Epigrams in Programming, ACM SIGPLAN Sept. 1982 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
So I was dancing all around it by trying !== and = but did not try
!= /??? UGH!
On 3/27/07, Tijnema ! [EMAIL PROTECTED] wrote:
On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote:
Okay, I thought this was VERY simple, but I cannot wrap my mind around
what
I am doing wrong.
echo $_POST['max_id']; *The echo returns the correct result
*if($_POST['max_id'] ='') { *This is suppose to run the below query if
$_POST['max_id'] is not blank*
$max_id = $_POST['max_id']; *Sets my POST value to a variable*
$info = SELECT * FROM payment_request WHERE id = '$max_id'; *Selects
record from my database by the matching ID's*
$result_info = mssql_query($info) or die(mssql_error()); *Puts the
query
results into a variable*
$row_info = ifx_fetch_row($result_info); *Makes a row in an array for
all
the returned fields from my query*
$my_info = $row_info['my_value'];
input type=Text value=?php echo $my_info; ? size=20
maxlength=16
name=my_value *However, this box returns no data.*
I should be using if($_POST['max_id'] ='') { and
notif($_POST['max_id']
!=='') { correct? Since it is a comparative function just the =
should
be correct
You're wrong, = means you want to give the variable on the left the
value on the right.
This if you're using now will always return true (atleast if you don't
have very buggy server). And your $_POST['max_id'] will; have the
value ''
Use != :)
Tijnema
Re: [PHP] POST + QUERY
Because isset will return true if the variable is set, even if it is blank. Empty will return true is the variable holds an empty string.
Re: [PHP] POST + QUERY
On 3/27/07, Davi [EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:02, Dave Goodchild escreveu: use: $_POST['max_id'] == or even better: if (empty($_POST['max_id'])) Why not: if (!(isset($_POST[max_id))) ? If form is left empty, it is set, but it's stil empty. So if you submit a form the normal way, then it should pass this, even if you leave it empty :) Tijnema -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: Around computers it is difficult to find the correct unit of time to measure progress. Some cathedrals took a century to complete. Can you imagine the grandeur and scope of a program that would take as long? -- Epigrams in Programming, ACM SIGPLAN Sept. 1982 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Should I use something besides mssql_fetch_row to get my result? No matter which method I use for determining if the value exists, I still get no data populated to my form. On 3/27/07, Tijnema ! [EMAIL PROTECTED] wrote: On 3/27/07, Davi [EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:02, Dave Goodchild escreveu: use: $_POST['max_id'] == or even better: if (empty($_POST['max_id'])) Why not: if (!(isset($_POST[max_id))) ? If form is left empty, it is set, but it's stil empty. So if you submit a form the normal way, then it should pass this, even if you leave it empty :) Tijnema -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: Around computers it is difficult to find the correct unit of time to measure progress. Some cathedrals took a century to complete. Can you imagine the grandeur and scope of a program that would take as long? -- Epigrams in Programming, ACM SIGPLAN Sept. 1982 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
2007. 03. 27, kedd keltezéssel 15.58-kor Dan Shirah ezt írta:
Okay, I thought this was VERY simple, but I cannot wrap my mind around what
I am doing wrong.
echo $_POST['max_id']; *The echo returns the correct result
*if($_POST['max_id'] ='') { *This is suppose to run the below query if
$_POST['max_id'] is not blank*
with that line you assign a value to $_POST['max_id']
if you want to see that $_POST['max_id'] is not blank, you should use
if ($_POST['max_id'] != '') {
greets
Zoltán Németh
$max_id = $_POST['max_id']; *Sets my POST value to a variable*
$info = SELECT * FROM payment_request WHERE id = '$max_id'; *Selects
record from my database by the matching ID's*
$result_info = mssql_query($info) or die(mssql_error()); *Puts the query
results into a variable*
$row_info = ifx_fetch_row($result_info); *Makes a row in an array for all
the returned fields from my query*
$my_info = $row_info['my_value'];
input type=Text value=?php echo $my_info; ? size=20 maxlength=16
name=my_value *However, this box returns no data.*
I should be using if($_POST['max_id'] ='') { and notif($_POST['max_id']
!=='') { correct? Since it is a comparative function just the = should
be correct.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
I have echoed something out after virtually every line of code :) When I echo out my result ($result_info) it returns Resource id#2 When I echo out my row ($row_info) it returns Array When I try to echo out a field from my array($my_info) it returns nothing at all. On 3/27/07, Brad Bonkoski [EMAIL PROTECTED] wrote: Dan Shirah wrote: Should I use something besides mssql_fetch_row to get my result? No matter which method I use for determining if the value exists, I still get no data populated to my form. Why not echo out your query before executing it, so you can run it against the back end if you have it, or at least for a sanity check to make sure you are running the correct query. On 3/27/07, Tijnema ! [EMAIL PROTECTED] wrote: On 3/27/07, Davi [EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:02, Dave Goodchild escreveu: use: $_POST['max_id'] == or even better: if (empty($_POST['max_id'])) Why not: if (!(isset($_POST[max_id))) ? If form is left empty, it is set, but it's stil empty. So if you submit a form the normal way, then it should pass this, even if you leave it empty :) Tijnema -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: Around computers it is difficult to find the correct unit of time to measure progress. Some cathedrals took a century to complete. Can you imagine the grandeur and scope of a program that would take as long? -- Epigrams in Programming, ACM SIGPLAN Sept. 1982 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Echo $info where you hold you query, to make sure that is reasonable. $result_info is the result set. $row_info ...well you can use var_dump() on this to get its contents... but if row_info prints out nothing, then there is probably a problem with the query, or your query is returning nothing.. Dan Shirah wrote: I have echoed something out after virtually every line of code :) When I echo out my result ($result_info) it returns Resource id#2 When I echo out my row ($row_info) it returns Array When I try to echo out a field from my array($my_info) it returns nothing at all. On 3/27/07, *Brad Bonkoski* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Dan Shirah wrote: Should I use something besides mssql_fetch_row to get my result? No matter which method I use for determining if the value exists, I still get no data populated to my form. Why not echo out your query before executing it, so you can run it against the back end if you have it, or at least for a sanity check to make sure you are running the correct query. On 3/27/07, Tijnema ! [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On 3/27/07, Davi [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:02, Dave Goodchild escreveu: use: $_POST['max_id'] == or even better: if (empty($_POST['max_id'])) Why not: if (!(isset($_POST[max_id))) ? If form is left empty, it is set, but it's stil empty. So if you submit a form the normal way, then it should pass this, even if you leave it empty :) Tijnema -- Davi Vidal [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Agora com fortune: Around computers it is difficult to find the correct unit of time to measure progress. Some cathedrals took a century to complete. Can you imagine the grandeur and scope of a program that would take as long? -- Epigrams in Programming, ACM SIGPLAN Sept. 1982 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Em Terça 27 Março 2007 17:40, Dan Shirah escreveu: I have echoed something out after virtually every line of code :) When I echo out my result ($result_info) it returns Resource id#2 When I echo out my row ($row_info) it returns Array When I try to echo out a field from my array($my_info) it returns nothing at all. How about: print_r($row_info); ?? -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: agaffney I want to be so bleeding edge that I cut myself! robbat2 agaffney, no, that's just emo agaffney Gentoo is emo :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
print_r($row_info) display the entire column contents of the select id However, *$first = $row_info['first_name']; echo $cc_first;* the above echo still returns nothing. On 3/27/07, Davi [EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:40, Dan Shirah escreveu: I have echoed something out after virtually every line of code :) When I echo out my result ($result_info) it returns Resource id#2 When I echo out my row ($row_info) it returns Array When I try to echo out a field from my array($my_info) it returns nothing at all. How about: print_r($row_info); ?? -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: agaffney I want to be so bleeding edge that I cut myself! robbat2 agaffney, no, that's just emo agaffney Gentoo is emo :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Sorry, had a typo. *$cc_first = $row_info['first_name']; echo $cc_first;* this echo returns nothing. On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote: print_r($row_info) display the entire column contents of the select id However, *$first = $row_info['first_name']; echo $cc_first;* the above echo still returns nothing. On 3/27/07, Davi [EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:40, Dan Shirah escreveu: I have echoed something out after virtually every line of code :) When I echo out my result ($result_info) it returns Resource id#2 When I echo out my row ($row_info) it returns Array When I try to echo out a field from my array($my_info) it returns nothing at all. How about: print_r($row_info); ?? -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: agaffney I want to be so bleeding edge that I cut myself! robbat2 agaffney, no, that's just emo agaffney Gentoo is emo :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
2007. 03. 27, kedd keltezéssel 16.56-kor Dan Shirah ezt írta: print_r($row_info) display the entire column contents of the select id However, *$first = $row_info['first_name']; echo $cc_first;* the above echo still returns nothing. yeah because you assign that value to $first, not to $cc_first what you echo out later... greets Zoltán Németh On 3/27/07, Davi [EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:40, Dan Shirah escreveu: I have echoed something out after virtually every line of code :) When I echo out my result ($result_info) it returns Resource id#2 When I echo out my row ($row_info) it returns Array When I try to echo out a field from my array($my_info) it returns nothing at all. How about: print_r($row_info); ?? -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: agaffney I want to be so bleeding edge that I cut myself! robbat2 agaffney, no, that's just emo agaffney Gentoo is emo :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
2007. 03. 27, kedd keltezéssel 16.56-kor Dan Shirah ezt írta: Sorry, had a typo. *$cc_first = $row_info['first_name']; echo $cc_first;* this echo returns nothing. and what does echo $row_info['first_name']; print out? if still nothing, then probably 1) you misspelled the field name and it's not called first_name 2) the field first_name is empty in the row greets Zoltán Németh On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote: print_r($row_info) display the entire column contents of the select id However, *$first = $row_info['first_name']; echo $cc_first;* the above echo still returns nothing. On 3/27/07, Davi [EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:40, Dan Shirah escreveu: I have echoed something out after virtually every line of code :) When I echo out my result ($result_info) it returns Resource id#2 When I echo out my row ($row_info) it returns Array When I try to echo out a field from my array($my_info) it returns nothing at all. How about: print_r($row_info); ?? -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: agaffney I want to be so bleeding edge that I cut myself! robbat2 agaffney, no, that's just emo agaffney Gentoo is emo :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
echo $row_info['first_name']; returns nothing. However I have verified the correct spelling both in the database and in the PHP code and they are identical and when I print_r it shows that there is a value in the first_name column of the record. On 3/27/07, Zoltán Németh [EMAIL PROTECTED] wrote: 2007. 03. 27, kedd keltezéssel 16.56-kor Dan Shirah ezt írta: Sorry, had a typo. *$cc_first = $row_info['first_name']; echo $cc_first;* this echo returns nothing. and what does echo $row_info['first_name']; print out? if still nothing, then probably 1) you misspelled the field name and it's not called first_name 2) the field first_name is empty in the row greets Zoltán Németh On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote: print_r($row_info) display the entire column contents of the select id However, *$first = $row_info['first_name']; echo $cc_first;* the above echo still returns nothing. On 3/27/07, Davi [EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:40, Dan Shirah escreveu: I have echoed something out after virtually every line of code :) When I echo out my result ($result_info) it returns Resource id#2 When I echo out my row ($row_info) it returns Array When I try to echo out a field from my array($my_info) it returns nothing at all. How about: print_r($row_info); ?? -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: agaffney I want to be so bleeding edge that I cut myself! robbat2 agaffney, no, that's just emo agaffney Gentoo is emo :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Send us the output of print_r($row_info) feel free to mask out any data values you may wish. Dan Shirah wrote: echo $row_info['first_name']; returns nothing. However I have verified the correct spelling both in the database and in the PHP code and they are identical and when I print_r it shows that there is a value in the first_name column of the record. On 3/27/07, Zoltán Németh [EMAIL PROTECTED] wrote: 2007. 03. 27, kedd keltezéssel 16.56-kor Dan Shirah ezt írta: Sorry, had a typo. *$cc_first = $row_info['first_name']; echo $cc_first;* this echo returns nothing. and what does echo $row_info['first_name']; print out? if still nothing, then probably 1) you misspelled the field name and it's not called first_name 2) the field first_name is empty in the row greets Zoltán Németh On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote: print_r($row_info) display the entire column contents of the select id However, *$first = $row_info['first_name']; echo $cc_first;* the above echo still returns nothing. On 3/27/07, Davi [EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:40, Dan Shirah escreveu: I have echoed something out after virtually every line of code :) When I echo out my result ($result_info) it returns Resource id#2 When I echo out my row ($row_info) it returns Array When I try to echo out a field from my array($my_info) it returns nothing at all. How about: print_r($row_info); ?? -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: agaffney I want to be so bleeding edge that I cut myself! robbat2 agaffney, no, that's just emo agaffney Gentoo is emo :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Have you tried use number instead name? Something like: echo $row_info[0]; On mysql, you've mysql_fetch_object... Does has anything like this on MS Sql Server? best regards... Em Terça 27 Março 2007 18:17, Dan Shirah escreveu: echo $row_info['first_name']; returns nothing. However I have verified the correct spelling both in the database and in the PHP code and they are identical and when I print_r it shows that there is a value in the first_name column of the record. On 3/27/07, Zoltán Németh [EMAIL PROTECTED] wrote: 2007. 03. 27, kedd keltezéssel 16.56-kor Dan Shirah ezt írta: Sorry, had a typo. *$cc_first = $row_info['first_name']; echo $cc_first;* this echo returns nothing. and what does echo $row_info['first_name']; print out? if still nothing, then probably 1) you misspelled the field name and it's not called first_name 2) the field first_name is empty in the row greets Zoltán Németh On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote: print_r($row_info) display the entire column contents of the select id However, *$first = $row_info['first_name']; echo $cc_first;* the above echo still returns nothing. On 3/27/07, Davi [EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:40, Dan Shirah escreveu: I have echoed something out after virtually every line of code :) When I echo out my result ($result_info) it returns Resource id#2 When I echo out my row ($row_info) it returns Array When I try to echo out a field from my array($my_info) it returns nothing at all. How about: print_r($row_info); ?? -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: agaffney I want to be so bleeding edge that I cut myself! robbat2 agaffney, no, that's just emo agaffney Gentoo is emo :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: [during a fishing trip] Peter Griffin: Man, some trip this turned out to be. All we caught is a tire, a boot, a tin can and this book of clich�s. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
2007. 03. 27, kedd keltezéssel 17.17-kor Dan Shirah ezt írta: echo $row_info['first_name']; returns nothing. However I have verified the correct spelling both in the database and in the PHP code and they are identical and when I print_r it shows that there is a value in the first_name column of the record. maybe paste here the complete result of: echo pre; var_dump($row_info); echo /pre; so I might have some more ideas... greets Zoltán Németh On 3/27/07, Zoltán Németh [EMAIL PROTECTED] wrote: 2007. 03. 27, kedd keltezéssel 16.56-kor Dan Shirah ezt írta: Sorry, had a typo. *$cc_first = $row_info['first_name']; echo $cc_first;* this echo returns nothing. and what does echo $row_info['first_name']; print out? if still nothing, then probably 1) you misspelled the field name and it's not called first_name 2) the field first_name is empty in the row greets Zoltán Németh On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote: print_r($row_info) display the entire column contents of the select id However, *$first = $row_info['first_name']; echo $cc_first;* the above echo still returns nothing. On 3/27/07, Davi [EMAIL PROTECTED] wrote: Em Terça 27 Março 2007 17:40, Dan Shirah escreveu: I have echoed something out after virtually every line of code :) When I echo out my result ($result_info) it returns Resource id#2 When I echo out my row ($row_info) it returns Array When I try to echo out a field from my array($my_info) it returns nothing at all. How about: print_r($row_info); ?? -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: agaffney I want to be so bleeding edge that I cut myself! robbat2 agaffney, no, that's just emo agaffney Gentoo is emo :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Here are the results of my print_r
Array ( [0] = 121 [1] = Y [2] = DS [3] = [4] = {03}
[5] = 500 [6] = *** *[7] = John* [8] = Mark [9] = Doe [10] = 123 My
Way [11] = 456 Your Place [12] = Smithville [13] = 12345 [14] = 5432
[15] = 123555 [16] = 1235550011 [17] = [EMAIL PROTECTED] [18] = Y [19]
=
These are the comments [20] = Mar 27 2007 5:26PM [21] = Dan Create [22] =
Mar 27 2007 5:26PM [23] = Dan Research [24] = Mar 27 2007 5:26PM [25] =
Dan Submit [26] = C [27] = TN )
Bold and in red is the first_name column result.
On 3/27/07, Brad Bonkoski [EMAIL PROTECTED] wrote:
Send us the output of print_r($row_info)
feel free to mask out any data values you may wish.
Dan Shirah wrote:
echo $row_info['first_name']; returns nothing.
However I have verified the correct spelling both in the database and
in the
PHP code and they are identical and when I print_r it shows that there
is a
value in the first_name column of the record.
On 3/27/07, Zoltán Németh [EMAIL PROTECTED] wrote:
2007. 03. 27, kedd keltezéssel 16.56-kor Dan Shirah ezt írta:
Sorry, had a typo.
*$cc_first = $row_info['first_name'];
echo $cc_first;*
this echo returns nothing.
and what does
echo $row_info['first_name'];
print out?
if still nothing, then probably
1) you misspelled the field name and it's not called first_name
2) the field first_name is empty in the row
greets
Zoltán Németh
On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote:
print_r($row_info) display the entire column contents of the
select id
However,
*$first = $row_info['first_name'];
echo $cc_first;*
the above echo still returns nothing.
On 3/27/07, Davi [EMAIL PROTECTED] wrote:
Em Terça 27 Março 2007 17:40, Dan Shirah escreveu:
I have echoed something out after virtually every line of
code :)
When I echo out my result ($result_info) it returns Resource
id#2
When I echo out my row ($row_info) it returns Array
When I try to echo out a field from my array($my_info) it
returns
nothing
at all.
How about:
print_r($row_info);
??
--
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
Agora com fortune:
agaffney I want to be so bleeding edge that I cut myself!
robbat2 agaffney, no, that's just emo
agaffney Gentoo is emo :P
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Here is the result from the pre/pre Once again, bold and red is the
first_name field.
array(28) {
[0]=
int(122)
[1]=
string(1) Y
[2]=
string(2) DS
[3]=
string(16)
[4]=
string(4) {03}
[5]=
float(500)
[6]=
string(4) ***
*[7]=
string(4) John*
[8]=
string(4) Mark
[9]=
string(3) Doe
[10]=
string(40) 123 My Way
[11]=
string(40) 456 Your Place
[12]=
string(40) Smithville
[13]=
string(5) 12345
[14]=
string(4) 5432
[15]=
string(10) 123555
[16]=
string(10) 1235550011
[17]=
string(7) [EMAIL PROTECTED]
[18]=
string(1) Y
[19]=
string(22) These are the comments
[20]=
string(19) Mar 27 2007 5:29PM
[21]=
string(30) Dan Create
[22]=
string(19) Mar 27 2007 5:29PM
[23]=
string(30) Dan Research
[24]=
string(19) Mar 27 2007 5:29PM
[25]=
string(30) Dan Submit
[26]=
string(1) C
[27]=
string(2) TN
}
On 3/27/07, Zoltán Németh [EMAIL PROTECTED] wrote:
2007. 03. 27, kedd keltezéssel 17.17-kor Dan Shirah ezt írta:
echo $row_info['first_name']; returns nothing.
However I have verified the correct spelling both in the database and
in the PHP code and they are identical and when I print_r it shows
that there is a value in the first_name column of the record.
maybe paste here the complete result of:
echo pre;
var_dump($row_info);
echo /pre;
so I might have some more ideas...
greets
Zoltán Németh
On 3/27/07, Zoltán Németh [EMAIL PROTECTED] wrote:
2007. 03. 27, kedd keltezéssel 16.56-kor Dan Shirah ezt írta:
Sorry, had a typo.
*$cc_first = $row_info['first_name'];
echo $cc_first;*
this echo returns nothing.
and what does
echo $row_info['first_name'];
print out?
if still nothing, then probably
1) you misspelled the field name and it's not called
first_name
2) the field first_name is empty in the row
greets
Zoltán Németh
On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote:
print_r($row_info) display the entire column contents of
the select id
However,
*$first = $row_info['first_name'];
echo $cc_first;*
the above echo still returns nothing.
On 3/27/07, Davi [EMAIL PROTECTED] wrote:
Em Terça 27 Março 2007 17:40, Dan Shirah escreveu:
I have echoed something out after virtually every line
of code :)
When I echo out my result ($result_info) it returns
Resource id#2
When I echo out my row ($row_info) it returns Array
When I try to echo out a field from my array($my_info)
it returns
nothing
at all.
How about:
print_r($row_info);
??
--
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
Agora com fortune:
agaffney I want to be so bleeding edge that I cut
myself!
robbat2 agaffney, no, that's just emo
agaffney Gentoo is emo :P
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Dan Shirah wrote:
Here are the results of my print_r
Array ( [0] = 121 [1] = Y [2] = DS [3] = [4] =
{03} [5] = 500 [6] = *** *[7] = John* [8] = Mark [9] = Doe [10]
= 123 My Way [11] = 456 Your Place [12] = Smithville [13] = 12345
[14] = 5432 [15] = 123555 [16] = 1235550011 [17] = [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] [18] = Y [19] = These are the comments [20] = Mar
27 2007 5:26PM [21] = Dan Create [22] = Mar 27 2007 5:26PM [23] =
Dan Research [24] = Mar 27 2007 5:26PM [25] = Dan Submit [26] = C
[27] = TN )
Bold and in red is the first_name column result.
use the numeric reference then...
[..] is the index into the array, so if you want John use $row_info[7]
and if you *want* to use the name or associative array
read here:
http://www.php.net/manual/en/function.mssql-fetch-array.php
-B
On 3/27/07, *Brad Bonkoski* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Send us the output of print_r($row_info)
feel free to mask out any data values you may wish.
Dan Shirah wrote:
echo $row_info['first_name']; returns nothing.
However I have verified the correct spelling both in the
database and
in the
PHP code and they are identical and when I print_r it shows that
there
is a
value in the first_name column of the record.
On 3/27/07, Zoltán Németh [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
2007. 03. 27, kedd keltezéssel 16.56-kor Dan Shirah ezt írta:
Sorry, had a typo.
*$cc_first = $row_info['first_name'];
echo $cc_first;*
this echo returns nothing.
and what does
echo $row_info['first_name'];
print out?
if still nothing, then probably
1) you misspelled the field name and it's not called first_name
2) the field first_name is empty in the row
greets
Zoltán Németh
On 3/27/07, Dan Shirah [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
print_r($row_info) display the entire column contents of the
select id
However,
*$first = $row_info['first_name'];
echo $cc_first;*
the above echo still returns nothing.
On 3/27/07, Davi [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Em Terça 27 Março 2007 17:40, Dan Shirah escreveu:
I have echoed something out after virtually every line of
code :)
When I echo out my result ($result_info) it returns
Resource
id#2
When I echo out my row ($row_info) it returns Array
When I try to echo out a field from my array($my_info) it
returns
nothing
at all.
How about:
print_r($row_info);
??
--
Davi Vidal
[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
--
Agora com fortune:
agaffney I want to be so bleeding edge that I cut myself!
robbat2 agaffney, no, that's just emo
agaffney Gentoo is emo :P
--
PHP General Mailing List (http://www.php.net/
http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
I would try an
echo $my_info[7];
[]s
Em Terça 27 Março 2007 18:28, Dan Shirah escreveu:
Here are the results of my print_r
Array ( [0] = 121 [1] = Y [2] = DS [3] = [4] = {03}
[5] = 500 [6] = *** *[7] = John* [8] = Mark [9] = Doe [10] = 123 My
Way [11] = 456 Your Place [12] = Smithville [13] = 12345 [14] = 5432
[15] = 123555 [16] = 1235550011 [17] = [EMAIL PROTECTED] [18] = Y
[19] =
These are the comments [20] = Mar 27 2007 5:26PM [21] = Dan Create [22]
= Mar 27 2007 5:26PM [23] = Dan Research [24] = Mar 27 2007 5:26PM [25]
= Dan Submit [26] = C [27] = TN )
Bold and in red is the first_name column result.
On 3/27/07, Brad Bonkoski [EMAIL PROTECTED] wrote:
Send us the output of print_r($row_info)
feel free to mask out any data values you may wish.
Dan Shirah wrote:
echo $row_info['first_name']; returns nothing.
However I have verified the correct spelling both in the database and
in the
PHP code and they are identical and when I print_r it shows that there
is a
value in the first_name column of the record.
On 3/27/07, Zoltán Németh [EMAIL PROTECTED] wrote:
2007. 03. 27, kedd keltezéssel 16.56-kor Dan Shirah ezt írta:
Sorry, had a typo.
*$cc_first = $row_info['first_name'];
echo $cc_first;*
this echo returns nothing.
and what does
echo $row_info['first_name'];
print out?
if still nothing, then probably
1) you misspelled the field name and it's not called first_name
2) the field first_name is empty in the row
greets
Zoltán Németh
On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote:
print_r($row_info) display the entire column contents of the
select id
However,
*$first = $row_info['first_name'];
echo $cc_first;*
the above echo still returns nothing.
On 3/27/07, Davi [EMAIL PROTECTED] wrote:
Em Terça 27 Março 2007 17:40, Dan Shirah escreveu:
I have echoed something out after virtually every line of
code :)
When I echo out my result ($result_info) it returns Resource
id#2
When I echo out my row ($row_info) it returns Array
When I try to echo out a field from my array($my_info) it
returns
nothing
at all.
How about:
print_r($row_info);
??
--
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
Agora com fortune:
agaffney I want to be so bleeding edge that I cut myself!
robbat2 agaffney, no, that's just emo
agaffney Gentoo is emo :P
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
Agora com fortune:
Unless hours were cups of sack, and minutes capons, and clocks the tongues
of bawds, and dials the signs of leaping houses, and the blessed sun himself
a fair, hot wench in flame-colored taffeta, I see no reason why thou shouldst
be so superfluous to demand the time of the day. I wasted time and now doth
time waste me.
-- William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
2007. 03. 27, kedd keltezéssel 17.28-kor Dan Shirah ezt írta:
Here are the results of my print_r
Array ( [0] = 121 [1] = Y [2] = DS [3] = [4] = {03}
[5] = 500 [6] = *** *[7] = John* [8] = Mark [9] = Doe [10] = 123 My
Way [11] = 456 Your Place [12] = Smithville [13] = 12345 [14] = 5432
[15] = 123555 [16] = 1235550011 [17] = [EMAIL PROTECTED] [18] = Y
[19] =
These are the comments [20] = Mar 27 2007 5:26PM [21] = Dan Create [22] =
Mar 27 2007 5:26PM [23] = Dan Research [24] = Mar 27 2007 5:26PM [25] =
Dan Submit [26] = C [27] = TN )
Bold and in red is the first_name column result.
yeah, this shows that you don't have an associative array, so you have
nothing like $row['fist_name']
you might access the fields by their number
or you could use mssql_fetch_assoc()
http://www.php.net/manual/en/function.mssql-fetch-assoc.php
greets
Zoltán Németh
On 3/27/07, Brad Bonkoski [EMAIL PROTECTED] wrote:
Send us the output of print_r($row_info)
feel free to mask out any data values you may wish.
Dan Shirah wrote:
echo $row_info['first_name']; returns nothing.
However I have verified the correct spelling both in the database and
in the
PHP code and they are identical and when I print_r it shows that there
is a
value in the first_name column of the record.
On 3/27/07, Zoltán Németh [EMAIL PROTECTED] wrote:
2007. 03. 27, kedd keltezéssel 16.56-kor Dan Shirah ezt írta:
Sorry, had a typo.
*$cc_first = $row_info['first_name'];
echo $cc_first;*
this echo returns nothing.
and what does
echo $row_info['first_name'];
print out?
if still nothing, then probably
1) you misspelled the field name and it's not called first_name
2) the field first_name is empty in the row
greets
Zoltán Németh
On 3/27/07, Dan Shirah [EMAIL PROTECTED] wrote:
print_r($row_info) display the entire column contents of the
select id
However,
*$first = $row_info['first_name'];
echo $cc_first;*
the above echo still returns nothing.
On 3/27/07, Davi [EMAIL PROTECTED] wrote:
Em Terça 27 Março 2007 17:40, Dan Shirah escreveu:
I have echoed something out after virtually every line of
code :)
When I echo out my result ($result_info) it returns Resource
id#2
When I echo out my row ($row_info) it returns Array
When I try to echo out a field from my array($my_info) it
returns
nothing
at all.
How about:
print_r($row_info);
??
--
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
Agora com fortune:
agaffney I want to be so bleeding edge that I cut myself!
robbat2 agaffney, no, that's just emo
agaffney Gentoo is emo :P
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST + QUERY
Dan Shirah wrote:
Okay, I thought this was VERY simple, but I cannot wrap my mind around what
I am doing wrong.
echo $_POST['max_id']; *The echo returns the correct result
*if($_POST['max_id'] ='') { *This is suppose to run the below query if
$_POST['max_id'] is not blank*
$max_id = $_POST['max_id']; *Sets my POST value to a variable*
$info = SELECT * FROM payment_request WHERE id = '$max_id'; *Selects
record from my database by the matching ID's*
$result_info = mssql_query($info) or die(mssql_error()); *Puts the query
results into a variable*
$row_info = ifx_fetch_row($result_info); *Makes a row in an array for all
the returned fields from my query*
$my_info = $row_info['my_value'];
input type=Text value=?php echo $my_info; ? size=20 maxlength=16
name=my_value *However, this box returns no data.*
I should be using if($_POST['max_id'] ='') { and notif($_POST['max_id']
!=='') { correct? Since it is a comparative function just the = should
be correct.
Can someone take a look at this solution and tell me if this would be a descent solution for his
problem?
I use this logic all over my code base, let me know if it is efficient, clean,
well structured, etc...
if ( isset($_POST['max_id']) ) {
$max_id = (int)$_POST['max_id'];
if ( empty($max_id) ) {
die('not a valid id');
# or some other, more graceful, way of catching the error
}
$SQL = SELECT * FROM payment_request WHERE id = '{$max_id}';
if ( ( $result_info = mssql_query($SQL) ) === false ) {
die(mssql_error());
# again, maybe something more graceful here
}
if ( mssql_num_rows( $result_info ) == 0 ) {
die('nothing to display');
# again, maybe something more graceful here
} else {
while ( $row_info = mssql_fetch_array($result_info) ) {
echo 'input type=Text value='.$row_info['my_value'].
' size=20 maxlength=16 name=my_value';
}
}
}
--
Enjoy,
Jim Lucas
Different eyes see different things. Different hearts beat on different strings. But there are times
for you and me when all such things agree.
- Rush
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] POST a variable
Okay, I feel like the correct answer to this is about 2mm back in my grey
matter.
1. I have a query that pulls the last row number when a newly inserted
record is added:
$maximum=SELECT MAX(payment_id) FROM payment_request;
$max_result=mssql_query($maximum);
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
2. I have multiple selections for the user to pick, but regardless of what
they choose I want the $max_id variable to be passed to the next page.
3. Would I go about this by assigning $max_id to a hidden field like below?
input type=hidden value=?php echo $max_id; ? size=5
maxlength=10 name=max_id /
4. And then to retrieve this value on my next page just get it out of
$_POST['max_id'] ??
Does that all sound correct?
Re: [PHP] POST a variable
2007. 03. 23, péntek keltezéssel 10.45-kor Dan Shirah ezt írta:
Okay, I feel like the correct answer to this is about 2mm back in my grey
matter.
1. I have a query that pulls the last row number when a newly inserted
record is added:
$maximum=SELECT MAX(payment_id) FROM payment_request;
$max_result=mssql_query($maximum);
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
2. I have multiple selections for the user to pick, but regardless of what
they choose I want the $max_id variable to be passed to the next page.
3. Would I go about this by assigning $max_id to a hidden field like below?
input type=hidden value=?php echo $max_id; ? size=5
maxlength=10 name=max_id /
4. And then to retrieve this value on my next page just get it out of
$_POST['max_id'] ??
Does that all sound correct?
basically yes
but if you want the id of the row you just inserted, using
mysql_insert_id() is better because if another insert is happening at
the same time, select max() may give you incorrect result
greets
Zoltán Németh
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST a variable
The reason I have to use it as I posted is because I am using Microsoft SQL
server instead of MySQL. And I haven't found a php function for MSSQL that
works the same as mysql_insert_id()
So, to come out with a comparable function with pretty reliable results, I
follow this process:
1. User enters data into form
2. User submits form
3. Save page inserts info into the database
4. Directly after the insert statement is my SELECT MAX query
5. I assign the retrieved value to a hidden field
6. I pass this value to the next form
I figure the odds of another record being inserted inbetween the time it
takes to go from step 3 to step 4 are very, very minimal. We're talking
about MAYBE a 2-3 millisecond gap?
On 3/23/07, Németh Zoltán [EMAIL PROTECTED] wrote:
2007. 03. 23, péntek keltezéssel 10.45-kor Dan Shirah ezt írta:
Okay, I feel like the correct answer to this is about 2mm back in my
grey
matter.
1. I have a query that pulls the last row number when a newly inserted
record is added:
$maximum=SELECT MAX(payment_id) FROM payment_request;
$max_result=mssql_query($maximum);
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
2. I have multiple selections for the user to pick, but regardless of
what
they choose I want the $max_id variable to be passed to the next page.
3. Would I go about this by assigning $max_id to a hidden field like
below?
input type=hidden value=?php echo $max_id; ? size=5
maxlength=10 name=max_id /
4. And then to retrieve this value on my next page just get it out of
$_POST['max_id'] ??
Does that all sound correct?
basically yes
but if you want the id of the row you just inserted, using
mysql_insert_id() is better because if another insert is happening at
the same time, select max() may give you incorrect result
greets
Zoltán Németh
RE: [PHP] POST a variable
-Original Message-
From: Németh Zoltán [mailto:[EMAIL PROTECTED]
2007. 03. 23, péntek keltezéssel 10.45-kor Dan Shirah ezt írta:
Okay, I feel like the correct answer to this is about 2mm back
in my grey
matter.
1. I have a query that pulls the last row number when a newly inserted
record is added:
$maximum=SELECT MAX(payment_id) FROM payment_request;
$max_result=mssql_query($maximum);
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
2. I have multiple selections for the user to pick, but
regardless of what
they choose I want the $max_id variable to be passed to the next page.
3. Would I go about this by assigning $max_id to a hidden
field like below?
input type=hidden value=?php echo $max_id; ? size=5
maxlength=10 name=max_id /
4. And then to retrieve this value on my next page just get it out of
$_POST['max_id'] ??
Does that all sound correct?
basically yes
Personally, I'd put it in a session variable. This reduces the amount of data
sent to/from the client and also stops anyone altering the value themselves.
but if you want the id of the row you just inserted, using
mysql_insert_id() is better because if another insert is happening at
the same time, select max() may give you incorrect result
This would be true if he was using MySQL. The code given uses MSSQL and there
is no mssql_insert_id function (in my PHP manual).
Edward
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST a variable
2007. 03. 23, péntek keltezéssel 11.07-kor Dan Shirah ezt írta:
The reason I have to use it as I posted is because I am using
Microsoft SQL server instead of MySQL. And I haven't found a php
function for MSSQL that works the same as mysql_insert_id()
you wrote something earlier as far as I can remember about a MSSQL
function scope_identity() which returns the last inserted id
why not use that?
greets
Zoltán Németh
So, to come out with a comparable function with pretty reliable
results, I follow this process:
1. User enters data into form
2. User submits form
3. Save page inserts info into the database
4. Directly after the insert statement is my SELECT MAX query
5. I assign the retrieved value to a hidden field
6. I pass this value to the next form
I figure the odds of another record being inserted inbetween the time
it takes to go from step 3 to step 4 are very, very minimal. We're
talking about MAYBE a 2-3 millisecond gap?
On 3/23/07, Németh Zoltán [EMAIL PROTECTED] wrote:
2007. 03. 23, péntek keltezéssel 10.45-kor Dan Shirah ezt
írta:
Okay, I feel like the correct answer to this is about 2mm
back in my grey
matter.
1. I have a query that pulls the last row number when a
newly inserted
record is added:
$maximum=SELECT MAX(payment_id) FROM payment_request;
$max_result=mssql_query($maximum);
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
2. I have multiple selections for the user to pick, but
regardless of what
they choose I want the $max_id variable to be passed to the
next page.
3. Would I go about this by assigning $max_id to a hidden
field like below?
input type=hidden value=?php echo $max_id; ?
size=5
maxlength=10 name=max_id /
4. And then to retrieve this value on my next page just get
it out of
$_POST['max_id'] ??
Does that all sound correct?
basically yes
but if you want the id of the row you just inserted, using
mysql_insert_id() is better because if another insert is
happening at
the same time, select max() may give you incorrect result
greets
Zoltán Németh
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST a variable
Do a 'select @@identity', it will give you the last record id. The gap in
between steps 3 and 4, brief as it may seem, is enough to get you in
trouble.
Satyam
- Original Message -
From: Dan Shirah [EMAIL PROTECTED]
To: Németh Zoltán [EMAIL PROTECTED]
Cc: php-general php-general@lists.php.net
Sent: Friday, March 23, 2007 4:07 PM
Subject: Re: [PHP] POST a variable
The reason I have to use it as I posted is because I am using Microsoft SQL
server instead of MySQL. And I haven't found a php function for MSSQL that
works the same as mysql_insert_id()
So, to come out with a comparable function with pretty reliable results, I
follow this process:
1. User enters data into form
2. User submits form
3. Save page inserts info into the database
4. Directly after the insert statement is my SELECT MAX query
5. I assign the retrieved value to a hidden field
6. I pass this value to the next form
I figure the odds of another record being inserted inbetween the time it
takes to go from step 3 to step 4 are very, very minimal. We're talking
about MAYBE a 2-3 millisecond gap?
On 3/23/07, Németh Zoltán [EMAIL PROTECTED] wrote:
2007. 03. 23, péntek keltezéssel 10.45-kor Dan Shirah ezt írta:
Okay, I feel like the correct answer to this is about 2mm back in my
grey
matter.
1. I have a query that pulls the last row number when a newly inserted
record is added:
$maximum=SELECT MAX(payment_id) FROM payment_request;
$max_result=mssql_query($maximum);
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
2. I have multiple selections for the user to pick, but regardless of
what
they choose I want the $max_id variable to be passed to the next page.
3. Would I go about this by assigning $max_id to a hidden field like
below?
input type=hidden value=?php echo $max_id; ? size=5
maxlength=10 name=max_id /
4. And then to retrieve this value on my next page just get it out of
$_POST['max_id'] ??
Does that all sound correct?
basically yes
but if you want the id of the row you just inserted, using
mysql_insert_id() is better because if another insert is happening at
the same time, select max() may give you incorrect result
greets
Zoltán Németh
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.17/730 - Release Date: 22/03/2007
7:44
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST a variable
Sorry, I was more tailoring my question to the syntax of my query. It
wasn't displaying anything for my echo.
I've changed it to this now:
$get_max = SELECT scope_identity();
$max_result = mssql_query($get_max) or die(mssql_error());
$max_id = mssql_fetch_row($max_result);
echo $max_id;
But all my echo returns is array instead of the number.
Below are brief explanations of the different _identity uses you have.
SELECT *@@IDENTITY*
Returns the last IDENTITY value produced on a connection, regardless of the
table that produced the value, and regardless of the scope of the statement
that produced the value.
SELECT *IDENT_CURRENT(*'*tablename*'*)*
This new function returns the last IDENTITY value produced in a table,
regardless of the connection that created the value, and regardless of the
scope of the statement that produced the value.
SELECT *SCOPE_IDENTITY()*
This new function returns the last IDENTITY value produced on a connection
and by a statement in the same scope, regardless of the table that produced
the value.
On 3/23/07, Satyam [EMAIL PROTECTED] wrote:
I don't really know about the scope_identity() function, neither much
about @@identity. I know that the names preceded by @@ are MSSQL internal
variables and I think that is the one you are looking for, I just checked in
the on-line MS documentation, but have no SQL server active at this moment,
nor have I dealt with one for the last few years, though I did use
auto-increment fields and I certainly was able to retrieve the last id,
somehow. I might be wrong and there might be another function or variable
that gives you the value, but it looks to me @@identity is the one you are
looking for.
There is no need in your code to do any while, if the SQL statement
doesn't fail and triggers the die(), you can rest assured you'll get a
record with a single field, even if it only contains a null, that's the way
with variables, you can't fail on them, though they might return null.
Satyam
- Original Message -
*From:* Dan Shirah [EMAIL PROTECTED]
*To:* Satyam [EMAIL PROTECTED]
*Sent:* Friday, March 23, 2007 7:14 PM
*Subject:* Re: [PHP] POST a variable
Satyam, I'm trying to retrieve the id using the identity method, but I do
not get anything returned. Do you see anything wrong with this code?
$get_max = SELECT scope_identity();
$max_result = mssql_query($get_max) or die(mssql_error());
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
echo $max_id;
On 3/23/07, Satyam [EMAIL PROTECTED] wrote:
Do a 'select @@identity', it will give you the last record id. The gap
in
between steps 3 and 4, brief as it may seem, is enough to get you in
trouble.
Satyam
- Original Message -
From: Dan Shirah [EMAIL PROTECTED]
To: Németh Zoltán [EMAIL PROTECTED]
Cc: php-general php-general@lists.php.net
Sent: Friday, March 23, 2007 4:07 PM
Subject: Re: [PHP] POST a variable
The reason I have to use it as I posted is because I am using Microsoft
SQL
server instead of MySQL. And I haven't found a php function for MSSQL
that
works the same as mysql_insert_id()
So, to come out with a comparable function with pretty reliable results,
I
follow this process:
1. User enters data into form
2. User submits form
3. Save page inserts info into the database
4. Directly after the insert statement is my SELECT MAX query
5. I assign the retrieved value to a hidden field
6. I pass this value to the next form
I figure the odds of another record being inserted inbetween the time it
takes to go from step 3 to step 4 are very, very minimal. We're talking
about MAYBE a 2-3 millisecond gap?
On 3/23/07, Németh Zoltán [EMAIL PROTECTED] wrote:
2007. 03. 23, péntek keltezéssel 10.45-kor Dan Shirah ezt írta:
Okay, I feel like the correct answer to this is about 2mm back in my
grey
matter.
1. I have a query that pulls the last row number when a newly
inserted
record is added:
$maximum=SELECT MAX(payment_id) FROM payment_request;
$max_result=mssql_query($maximum);
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
2. I have multiple selections for the user to pick, but regardless
of
what
they choose I want the $max_id variable to be passed to the next
page.
3. Would I go about this by assigning $max_id to a hidden field
like
below?
input type=hidden value=?php echo $max_id; ? size=5
maxlength=10 name=max_id /
4. And then to retrieve this value on my next page just get it out
of
$_POST['max_id'] ??
Does that all sound correct?
basically yes
but if you want the id of the row you just inserted, using
mysql_insert_id() is better because if another insert is happening at
the same time, select max() may give you incorrect result
greets
Zoltán Németh
No virus found in this incoming message
Re: [PHP] POST a variable
It seems to me @@identity should sufice, and it certainly does not need to
be any 'new' function, since it had been there for quite a while. My
feeling is that those added functions might be used for elaborate stored
procedures, where you might be dealing with multiple tables or some fancy
administrative uses. You certainly DON'T want any function that gives you
the last identity of some other connection!
$get_max = SELECT @@identity;
$max_result = mssql_query($get_max) or die(mssql_error());
$max_id = mssql_fetch_row($max_result);
echo $max_id[0];
Though the fetch will return only one record with only one field, it will
still return that as an array, even if it only contains one element, so you
still need to add the [0]. Unfortunately, PHP doesn't allow the brackets to
a function that returns an array.
You might use mssql_result instead:
$get_max = SELECT @@identity;
$max_result = mssql_query($get_max) or die(mssql_error());
$max_id = mssql_result($max_result,0,0);
echo $max_id;
Satyam
- Original Message -
From: Dan Shirah [EMAIL PROTECTED]
To: Satyam [EMAIL PROTECTED]
Cc: php-general php-general@lists.php.net
Sent: Friday, March 23, 2007 7:48 PM
Subject: Re: [PHP] POST a variable
Sorry, I was more tailoring my question to the syntax of my query. It
wasn't displaying anything for my echo.
I've changed it to this now:
$get_max = SELECT scope_identity();
$max_result = mssql_query($get_max) or die(mssql_error());
$max_id = mssql_fetch_row($max_result);
echo $max_id;
But all my echo returns is array instead of the number.
Below are brief explanations of the different _identity uses you have.
SELECT *@@IDENTITY*
Returns the last IDENTITY value produced on a connection, regardless of the
table that produced the value, and regardless of the scope of the statement
that produced the value.
SELECT *IDENT_CURRENT(*'*tablename*'*)*
This new function returns the last IDENTITY value produced in a table,
regardless of the connection that created the value, and regardless of the
scope of the statement that produced the value.
SELECT *SCOPE_IDENTITY()*
This new function returns the last IDENTITY value produced on a connection
and by a statement in the same scope, regardless of the table that produced
the value.
On 3/23/07, Satyam [EMAIL PROTECTED] wrote:
I don't really know about the scope_identity() function, neither much
about @@identity. I know that the names preceded by @@ are MSSQL internal
variables and I think that is the one you are looking for, I just checked
in
the on-line MS documentation, but have no SQL server active at this
moment,
nor have I dealt with one for the last few years, though I did use
auto-increment fields and I certainly was able to retrieve the last id,
somehow. I might be wrong and there might be another function or variable
that gives you the value, but it looks to me @@identity is the one you are
looking for.
There is no need in your code to do any while, if the SQL statement
doesn't fail and triggers the die(), you can rest assured you'll get a
record with a single field, even if it only contains a null, that's the
way
with variables, you can't fail on them, though they might return null.
Satyam
- Original Message -
*From:* Dan Shirah [EMAIL PROTECTED]
*To:* Satyam [EMAIL PROTECTED]
*Sent:* Friday, March 23, 2007 7:14 PM
*Subject:* Re: [PHP] POST a variable
Satyam, I'm trying to retrieve the id using the identity method, but I do
not get anything returned. Do you see anything wrong with this code?
$get_max = SELECT scope_identity();
$max_result = mssql_query($get_max) or die(mssql_error());
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
echo $max_id;
On 3/23/07, Satyam [EMAIL PROTECTED] wrote:
Do a 'select @@identity', it will give you the last record id. The gap
in
between steps 3 and 4, brief as it may seem, is enough to get you in
trouble.
Satyam
- Original Message -
From: Dan Shirah [EMAIL PROTECTED]
To: Németh Zoltán [EMAIL PROTECTED]
Cc: php-general php-general@lists.php.net
Sent: Friday, March 23, 2007 4:07 PM
Subject: Re: [PHP] POST a variable
The reason I have to use it as I posted is because I am using Microsoft
SQL
server instead of MySQL. And I haven't found a php function for MSSQL
that
works the same as mysql_insert_id()
So, to come out with a comparable function with pretty reliable results,
I
follow this process:
1. User enters data into form
2. User submits form
3. Save page inserts info into the database
4. Directly after the insert statement is my SELECT MAX query
5. I assign the retrieved value to a hidden field
6. I pass this value to the next form
I figure the odds of another record being inserted inbetween the time it
takes to go from step 3 to step 4 are very, very minimal. We're talking
about MAYBE a 2-3 millisecond gap?
On 3/23/07, Németh Zoltán [EMAIL PROTECTED] wrote:
2007. 03. 23, péntek
Re: [PHP] POST a variable
Ah, got it.
Thanks a lot for the help Satyam!
On 3/23/07, Satyam [EMAIL PROTECTED] wrote:
It seems to me @@identity should sufice, and it certainly does not need to
be any 'new' function, since it had been there for quite a while. My
feeling is that those added functions might be used for elaborate stored
procedures, where you might be dealing with multiple tables or some fancy
administrative uses. You certainly DON'T want any function that gives you
the last identity of some other connection!
$get_max = SELECT @@identity;
$max_result = mssql_query($get_max) or die(mssql_error());
$max_id = mssql_fetch_row($max_result);
echo $max_id[0];
Though the fetch will return only one record with only one field, it will
still return that as an array, even if it only contains one element, so
you
still need to add the [0]. Unfortunately, PHP doesn't allow the brackets
to
a function that returns an array.
You might use mssql_result instead:
$get_max = SELECT @@identity;
$max_result = mssql_query($get_max) or die(mssql_error());
$max_id = mssql_result($max_result,0,0);
echo $max_id;
Satyam
- Original Message -
From: Dan Shirah [EMAIL PROTECTED]
To: Satyam [EMAIL PROTECTED]
Cc: php-general php-general@lists.php.net
Sent: Friday, March 23, 2007 7:48 PM
Subject: Re: [PHP] POST a variable
Sorry, I was more tailoring my question to the syntax of my query. It
wasn't displaying anything for my echo.
I've changed it to this now:
$get_max = SELECT scope_identity();
$max_result = mssql_query($get_max) or die(mssql_error());
$max_id = mssql_fetch_row($max_result);
echo $max_id;
But all my echo returns is array instead of the number.
Below are brief explanations of the different _identity uses you have.
SELECT *@@IDENTITY*
Returns the last IDENTITY value produced on a connection, regardless of
the
table that produced the value, and regardless of the scope of the
statement
that produced the value.
SELECT *IDENT_CURRENT(*'*tablename*'*)*
This new function returns the last IDENTITY value produced in a table,
regardless of the connection that created the value, and regardless of the
scope of the statement that produced the value.
SELECT *SCOPE_IDENTITY()*
This new function returns the last IDENTITY value produced on a connection
and by a statement in the same scope, regardless of the table that
produced
the value.
On 3/23/07, Satyam [EMAIL PROTECTED] wrote:
I don't really know about the scope_identity() function, neither much
about @@identity. I know that the names preceded by @@ are MSSQL
internal
variables and I think that is the one you are looking for, I just
checked
in
the on-line MS documentation, but have no SQL server active at this
moment,
nor have I dealt with one for the last few years, though I did use
auto-increment fields and I certainly was able to retrieve the last id,
somehow. I might be wrong and there might be another function or
variable
that gives you the value, but it looks to me @@identity is the one you
are
looking for.
There is no need in your code to do any while, if the SQL statement
doesn't fail and triggers the die(), you can rest assured you'll get a
record with a single field, even if it only contains a null, that's the
way
with variables, you can't fail on them, though they might return null.
Satyam
- Original Message -
*From:* Dan Shirah [EMAIL PROTECTED]
*To:* Satyam [EMAIL PROTECTED]
*Sent:* Friday, March 23, 2007 7:14 PM
*Subject:* Re: [PHP] POST a variable
Satyam, I'm trying to retrieve the id using the identity method, but I
do
not get anything returned. Do you see anything wrong with this code?
$get_max = SELECT scope_identity();
$max_result = mssql_query($get_max) or die(mssql_error());
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
echo $max_id;
On 3/23/07, Satyam [EMAIL PROTECTED] wrote:
Do a 'select @@identity', it will give you the last record id. The
gap
in
between steps 3 and 4, brief as it may seem, is enough to get you in
trouble.
Satyam
- Original Message -
From: Dan Shirah [EMAIL PROTECTED]
To: Németh Zoltán [EMAIL PROTECTED]
Cc: php-general php-general@lists.php.net
Sent: Friday, March 23, 2007 4:07 PM
Subject: Re: [PHP] POST a variable
The reason I have to use it as I posted is because I am using
Microsoft
SQL
server instead of MySQL. And I haven't found a php function for MSSQL
that
works the same as mysql_insert_id()
So, to come out with a comparable function with pretty reliable
results,
I
follow this process:
1. User enters data into form
2. User submits form
3. Save page inserts info into the database
4. Directly after the insert statement is my SELECT MAX query
5. I assign the retrieved value to a hidden field
6. I pass this value to the next form
I figure the odds of another record being inserted inbetween the time
it
takes to go from step 3 to step 4 are very, very minimal
Re: [PHP] POST a variable
On Friday 23 March 2007 15:45, Dan Shirah wrote:
Okay, I feel like the correct answer to this is about 2mm back in my grey
matter.
1. I have a query that pulls the last row number when a newly inserted
record is added:
$maximum=SELECT MAX(payment_id) FROM payment_request;
$max_result=mssql_query($maximum);
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
2. I have multiple selections for the user to pick, but regardless of what
they choose I want the $max_id variable to be passed to the next page.
3. Would I go about this by assigning $max_id to a hidden field like
below?
input type=hidden value=?php echo $max_id; ? size=5
maxlength=10 name=max_id /
4. And then to retrieve this value on my next page just get it out of
$_POST['max_id'] ??
Does that all sound correct?
If it works correctly it probably is...
--
---
Børge
Kennel Arivene
http://www.arivene.net
---
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST a variable
On Fri, March 23, 2007 9:45 am, Dan Shirah wrote:
Okay, I feel like the correct answer to this is about 2mm back in my
grey
matter.
1. I have a query that pulls the last row number when a newly inserted
record is added:
$maximum=SELECT MAX(payment_id) FROM payment_request;
$max_result=mssql_query($maximum);
while($max=mssql_fetch_row($max_result)){
}
$max_id = $max[0];
DO NOT DO THIS!!!
As soon as *TWO* people hit your site at the same time, this will blow
up in your face.
Use this:
http://php.net/mysql_insert_id
2. I have multiple selections for the user to pick, but regardless of
what
they choose I want the $max_id variable to be passed to the next page.
3. Would I go about this by assigning $max_id to a hidden field like
below?
input type=hidden value=?php echo $max_id; ? size=5
maxlength=10 name=max_id /
Yes.
Though the size and maxlength are kinda silly on a hidden input...
4. And then to retrieve this value on my next page just get it out of
$_POST['max_id'] ??
Does that all sound correct?
Try it and see.
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] POST a variable
On Fri, March 23, 2007 10:07 am, Dan Shirah wrote: The reason I have to use it as I posted is because I am using Microsoft SQL server instead of MySQL. And I haven't found a php function for MSSQL that works the same as mysql_insert_id() I guarantee that there is a way to do it in MSSQL, somehow... I think it might be: SELECT @INSERT; Or maybe it was: SELECT @@INSERT Something like that. Find a SQL Server list and ask them. They'll know for sure. I figure the odds of another record being inserted inbetween the time it takes to go from step 3 to step 4 are very, very minimal. We're talking about MAYBE a 2-3 millisecond gap? No, we are NOT talking about a 2-3 millisecond gap. As soon as your server gets even a little busy, your script is getting interrupted by the other scripts trying to run, and you are just playing russian roulette on whether it happens now or tomorrow that you get this all messed up. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $POST Q
On Fri, 15 Dec 2006 23:22:13 -0600 (CST), Richard Lynch wrote: $selected = $l == $limit ? 'selected=selected' : ''; echo option value=\$l\ $selected$l/option\n; [snip] The value=x *is* optional, but you'll never convince the people who tell you it isn't, unless you force them to read the RFCs and W3C recommendations [*], so it's easier to include it than to argue with them. :-) It is indeed optional, and the HTML spec.[1] even says that if the attribute is not set, the initial value is set to the contents of the element. That's all good and well. What's not all good and well are browser implementations. If you try to retrieve the value from JavaScript (by way of option.value or select.value) in IE 5.5 [2] and several versions of Opera [3], you may find the value is simply not there *unless* you spell it out in HTML. Of course, it could be argued that there is a conceptual difference between the value attribute (as written in HTML and seen through the JS DOM) and the element value (rendered by the user agent and passed as part of a form submission). But that is a different story for a different group (or list). I fear that I have now strayed so far off topic that I should volunteer myself for killfile membership. :-) --nfe [1]: I'm not going to bother checking the XHTML spec. [2]: I don't know about other versions. [3]: The bug dates back to at least Opera 7.23. I reported it in july 2004 against 7.52, as did others before me. It was finally fixed in 9.00 preview 1, some two years after I reported it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
