subject:"\[PHP\] Session and validation"

Re: [PHP] Session and validation

2004-10-30 Thread Chris Shiflett

--- Stuart Felenstein [EMAIL PROTECTED] wrote:
 I had this thread going yesterday. Then basically
 think it reached a stalemate.

I think you need to try to simplify your code to the most basic example
that demonstrates the problem. By doing this, you'll achieve one of two
things:

1. Figure out the problem yourself.
2. Generate a perfect example that we can use to better understand your
problem and suggest a solution.

 I'm wondering has anyone setup forms using session variables
 and validation.

Yes, this is very, very common. :-)

 Validation where the validating is done on the same page, and
 the redirected on success?

This is also very, very common.

 Let me ask though if I setup just a validation page,
 then on success I'm still doing a redirect (cause it's
 a multi page form)
 
 Or if I validate on the next page and there is an
 error, I redirect back, but then I also have to
 consider how the error is going to get printed on the
 first page.

How you design this is subjective, but my opinion is that redirects are
only handy when you want to avoid the user's browser asking whether to
resubmit a POST request when they're using the history mechanism, as I
describe here:

http://www.phpmag.net/itr/online_artikel/psecom,id,637,nodeid,114.html

Aside from that case (which is your case if you're using the POST method),
I prefer to include the appropriate module rather than redirecting the
user. It seems silly for them to request a resource only to be told to go
somewhere else to find it. If we know where it is, why not just return it?
That's the basis of my opinion. :-)

Hope that helps.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming January 2004 http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session and validation

2004-10-30 Thread Stuart Felenstein


--- Chris Shiflett [EMAIL PROTECTED] wrote:

 --- Stuart Felenstein [EMAIL PROTECTED] wrote:
  I had this thread going yesterday. Then basically
  think it reached a stalemate.
 
 I think you need to try to simplify your code to the
 most basic example
 that demonstrates the problem. By doing this, you'll
 achieve one of two
 things:
 
 1. Figure out the problem yourself.
 2. Generate a perfect example that we can use to
 better understand your
 problem and suggest a solution.
 
Yes, this is exactly what I did and why I dredged up
this topic again:

Here is the example:

testarray (page1)
//Start the session
?php session_start(); 

//Check for the array on submit
if ( empty( $_SESSION['l_industry'] ) ) {
$_SESSION['l_industry']=array();
}
//Check to make sure user didnt exceed 5 selections
if (count($industry)  5) {
echo you have selected too many industries;
exit;
}
?
?php
//Redirect to results page if user stayed in 5 option
//range
if ($_SERVER[REQUEST_METHOD] == POST) {
 Header(Location:
http://www...com/TAresults.php;);
}
?!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
?php //PHP ADODB document - made with PHAkt 2.7.3?
html
head
titleUntitled Document/title
meta http-equiv=Content-Type content=text/html;
charset=iso-8859-1
/head

body
table width=500 border=1 align=center
cellpadding=2 cellspacing=2
  tr
tdform name=form1 id=form1 method=post
action=
  select name=industry[] size=10
multiple=multiple id=industry[]
option value=1 ?php if (!(strcmp(1,
Please Select))) {echo SELECTED;}
?Accounting/option
option value=2 ?php if (!(strcmp(2,
Please Select))) {echo SELECTED;}
?Entertainment/option
option value=3 ?php if (!(strcmp(3,
Please Select))) {echo SELECTED;}
?label/option
option value=4 ?php if (!(strcmp(4,
Please Select))) {echo SELECTED;} ?Advertising
/option
option value=5 ?php if (!(strcmp(5,
Please Select))) {echo SELECTED;} ?Customer
Service/option
option value=6 ?php if (!(strcmp(6,
Please Select))) {echo SELECTED;} ?Informatin
Technology/option
  /select
  input type=submit name=Submit
value=Submit
/form/td
  /tr
/table
/body
/html

TAresults (page2):

?php session_start();

if ( empty( $_SESSION['l_industry'] ) ) {
$_SESSION['l_industry']=array();
}

if ( is_array( $_REQUEST['LurkerIndustry'] ) ) {
$_SESSION['l_industry'] = array_unique(
array_merge( $_SESSION['l_industry'],
 $_REQUEST['LurkerIndustry'] )
);
}
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html;
charset=iso-8859-1 /
titleUntitled Document/title
/head

body
?php
echo The time is.br /;
echo $industry['0'].br /; 
echo $industry['1'].br /; 
echo $industry['2'].br /; 
echo $industry['3'].br /; 
echo $industry['4'].br /; 
echo $industry['5'].br /; 
echo $industry['6'].br /; 
echo $industry['7'].br /; 
echo $industry['8'].br /; 
echo $industry['9'].br /; 
echo $industry['10'].br /; 
echo $industry['11'].br /;

?
?php
unset($l_industry);
?
/body
/html

The results here, are whether the check passes or not
the variables never echo. 
If I set action on page 1 to TAresults.php , then they
echo out fine.

Stuart

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Session and validation

2004-10-30 Thread Stuart Felenstein


--- Graham Cossey [EMAIL PROTECTED] wrote:

 So, if this is the result of a form submission how
 are you getting the POST 
 variables?
 How/where is $industry being set? I appears that you
 are assuming that
 variables are 'maintained' within a script, they are
 not. You have to
 remember that although you are running the same
 script it is not the same
 'instance' of the script as a request/response has
 occurred. You MUST pass
 and retrieve SESSION/POST/GET variables if you
 intend to use them in your
 script.
 
Yes, I see your point about the instance changing. I
made the change and set session = post prior to the
redirect and it's working proper.

Now, I will need to go back and try my other scripts
to see if this holds up in them.  I thought I already
tried , but a fresh start may help.

Stuart

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Session and validation

2004-10-30 Thread Graham Cossey

[snip]

 Here is the example:

 testarray (page1)
 //Start the session
 ?php session_start();

 //Check for the array on submit
 if ( empty( $_SESSION['l_industry'] ) ) {
 $_SESSION['l_industry']=array();
 }

$industry = $_POST['industry']; // ??

 //Check to make sure user didnt exceed 5 selections
 if (count($industry)  5) {
 echo you have selected too many industries;
   exit;
 }

So, if this is the result of a form submission how are you getting the POST
variables?
How/where is $industry being set? I appears that you are assuming that
variables are 'maintained' within a script, they are not. You have to
remember that although you are running the same script it is not the same
'instance' of the script as a request/response has occurred. You MUST pass
and retrieve SESSION/POST/GET variables if you intend to use them in your
script.

$_SESSION['x'] = $_POST['x'];
$_SESSION['y'] = $_POST['y'];
etc etc...

 ?
 ?php
 //Redirect to results page if user stayed in 5 option
 //range
 if ($_SERVER[REQUEST_METHOD] == POST) {
  Header(Location:
 http://www...com/TAresults.php;);
 }

You do not appear to have set the SESSION variables before redirecting to
the next page.

 ?!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
 Transitional//EN
 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
 ?php //PHP ADODB document - made with PHAkt 2.7.3?
 html
 head
 titleUntitled Document/title
 meta http-equiv=Content-Type content=text/html;
 charset=iso-8859-1
 /head

 body
 table width=500 border=1 align=center
 cellpadding=2 cellspacing=2
   tr
 tdform name=form1 id=form1 method=post
 action=

Not sure about this... have you used action=$PHP_SELF ?

   select name=industry[] size=10
 multiple=multiple id=industry[]
 option value=1 ?php if (!(strcmp(1,
 Please Select))) {echo SELECTED;}
 ?Accounting/option
 option value=2 ?php if (!(strcmp(2,
 Please Select))) {echo SELECTED;}
 ?Entertainment/option
 option value=3 ?php if (!(strcmp(3,
 Please Select))) {echo SELECTED;}
 ?label/option
 option value=4 ?php if (!(strcmp(4,
 Please Select))) {echo SELECTED;} ?Advertising
 /option
 option value=5 ?php if (!(strcmp(5,
 Please Select))) {echo SELECTED;} ?Customer
 Service/option
 option value=6 ?php if (!(strcmp(6,
 Please Select))) {echo SELECTED;} ?Informatin
 Technology/option
   /select
   input type=submit name=Submit
 value=Submit
 /form/td
   /tr
 /table
 /body
 /html

 TAresults (page2):

 ?php session_start();

 if ( empty( $_SESSION['l_industry'] ) ) {
 $_SESSION['l_industry']=array();
 }

 if ( is_array( $_REQUEST['LurkerIndustry'] ) ) {
 $_SESSION['l_industry'] = array_unique(
 array_merge( $_SESSION['l_industry'],
  $_REQUEST['LurkerIndustry'] )
 );
 }
 ?
 !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
 Transitional//EN
 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
 html xmlns=http://www.w3.org/1999/xhtml;
 head
 meta http-equiv=Content-Type content=text/html;
 charset=iso-8859-1 /
 titleUntitled Document/title
 /head

 body
 ?php
 echo The time is.br /;
 echo $industry['0'].br /;
 echo $industry['1'].br /;
 echo $industry['2'].br /;
 echo $industry['3'].br /;
 echo $industry['4'].br /;
 echo $industry['5'].br /;
 echo $industry['6'].br /;
 echo $industry['7'].br /;
 echo $industry['8'].br /;
 echo $industry['9'].br /;
 echo $industry['10'].br /;
 echo $industry['11'].br /;

Sorry, I cannot see where $industry is being set. This may just need

$industry = $_SESSION['industry'];


 ?
 ?php
 unset($l_industry);
 ?
 /body
 /html

 The results here, are whether the check passes or not
 the variables never echo.
 If I set action on page 1 to TAresults.php , then they
 echo out fine.

 Stuart

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session and validation

2004-10-30 Thread Jason Wong

On Saturday 30 October 2004 10:27, Stuart Felenstein wrote:
 --- Chris Shiflett [EMAIL PROTECTED] wrote:
  --- Stuart Felenstein [EMAIL PROTECTED] wrote:
   I had this thread going yesterday. Then basically
   think it reached a stalemate.
 
  I think you need to try to simplify your code to the
  most basic example
  that demonstrates the problem. By doing this, you'll
  achieve one of two
  things:
 
  1. Figure out the problem yourself.
  2. Generate a perfect example that we can use to
  better understand your
  problem and suggest a solution.

 Yes, this is exactly what I did and why I dredged up
 this topic again:

 Here is the example:

In my reply to your 'dead' thread I suggested you concoct a barest minimum 
example.

Which means:

 //Check to make sure user didnt exceed 5 selections
 if (count($industry)  5) {
 echo you have selected too many industries;

No need to check for more than 5, just more than 1 would be sufficient for 
proof of concept.

 ?!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0

No need for extraneous useless HTML.

 table width=500 border=1 align=center

Ditto. What's the point of formatting it nicely?

Basically the less cruft there is the better the chance of you spotting the 
problem yourself, and the likelyhood of people actually wading through your 
code.

-- 
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design  Hosting * Internet  Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
If you ever want to get anywhere in politics, my boy, you're going to
have to get a toehold in the public eye.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Session and validation

2004-10-29 Thread Stuart Felenstein

I had this thread going yesterday.  Then basically
think it reached a stalemate.  I'm wondering has
anyone setup forms using session variables and
validation.  Validation where the validating is done
on the same page, and the redirected on success ?

Maybe that is my problem , that session variables will
get blown away when the validations are run in the
same page.  Shouldn't be right ?

Let me ask though if I setup just a validation page,
then on success I'm still doing a redirect (cause it's
a multi page form)

Or if I validate on the next page and there is an
error, I redirect back, but then I also have to
consider how the error is going to get printed on the
first page. 

Anyone ?

Stuart

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Session and validation

2004-10-29 Thread Pablo Gosse

[snip]
I had this thread going yesterday.  Then basically
think it reached a stalemate.  I'm wondering has
anyone setup forms using session variables and
validation.  Validation where the validating is done
on the same page, and the redirected on success ?
[/snip]

You need a class which will generate and validate your forms
dynamically.  Pear provides two packages (the second an extension of the
first):

http://pear.php.net/package/HTML_QuickForm
http://pear.php.net/package/HTML_QuickForm_Controller

I've never used these as I wrote my own library to handle this a few
years ago, but from what I understand these two packages will do the
trick.

Basically it will work thusly:

1)  On a page where you need a form, you declare a new form object,
specify all your inputs, how they should be validated, etc., and these
are then stored in the session.

2)  On the receiving page you call the form validation object, passing
in an identifier for which form should be validated.

3)  If it validates your script will continue unfettered, else it will
update the values in the session with the appropriate error message and
redirect you back to the original form, which, since you are using
session variables to display the inputs, will now be updated with the
error messages.

HTH,
Pablo

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Session and validation

2004-10-29 Thread Vail, Warren

You might consider another approach, if you are using php5.  It's called
PRADO, I believe it was overall winner of the PHP programming contest
sponsored by ZEND.

http://www.zend.com/php5/contest/contest.php?id=36single=1

This is how the product is described;

 snip---
PRADO is an event-driven and component-based framework for Web application
development in PHP5. 

Developing a Web application with PRADO mainly involves instantiating
prebuilt and application-specific component types, configuring them by
setting their properties, and composing them into application tasks. Some
repetitive and tedious work, such as form field validation and page state
management, can be accomplished easily in this fashion with the provided
PRADO components. Using PRADO to develop Web application will bring you
familarity of developing desktop GUI application with RAD tools such as
Borland Delphi, Visual Basic, etc. You will also find it is like ASP.NET in
many aspects. 
- snip---

I haven't tried this myself, but it looks like it may be geared to what you
are seeking.  Much of the rave seems to be it's event driven nature (unusual
for web apps).  I hope to be using it myself in the next few months.  If the
reviews are any clue, I would expect it to become part of a future release
of PHP.  Time will tell.

Warren Vail


-Original Message-
From: Pablo Gosse [mailto:[EMAIL PROTECTED] 
Sent: Friday, October 29, 2004 4:23 PM
To: Stuart Felenstein; [EMAIL PROTECTED]
Subject: RE: [PHP] Session and validation


[snip]
I had this thread going yesterday.  Then basically
think it reached a stalemate.  I'm wondering has
anyone setup forms using session variables and
validation.  Validation where the validating is done
on the same page, and the redirected on success ?
[/snip]

You need a class which will generate and validate your forms dynamically.
Pear provides two packages (the second an extension of the
first):

http://pear.php.net/package/HTML_QuickForm
http://pear.php.net/package/HTML_QuickForm_Controller

I've never used these as I wrote my own library to handle this a few years
ago, but from what I understand these two packages will do the trick.

Basically it will work thusly:

1)  On a page where you need a form, you declare a new form object, specify
all your inputs, how they should be validated, etc., and these are then
stored in the session.

2)  On the receiving page you call the form validation object, passing in an
identifier for which form should be validated.

3)  If it validates your script will continue unfettered, else it will
update the values in the session with the appropriate error message and
redirect you back to the original form, which, since you are using session
variables to display the inputs, will now be updated with the error
messages.

HTH,
Pablo

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session and validation

Re: [PHP] Session and validation

RE: [PHP] Session and validation

RE: [PHP] Session and validation

Re: [PHP] Session and validation

[PHP] Session and validation

RE: [PHP] Session and validation

RE: [PHP] Session and validation

8 matches

Site Navigation

Mail list logo

Footer information