Re: [PHP] Session and validation
--- Stuart Felenstein [EMAIL PROTECTED] wrote: I had this thread going yesterday. Then basically think it reached a stalemate. I think you need to try to simplify your code to the most basic example that demonstrates the problem. By doing this, you'll achieve one of two things: 1. Figure out the problem yourself. 2. Generate a perfect example that we can use to better understand your problem and suggest a solution. I'm wondering has anyone setup forms using session variables and validation. Yes, this is very, very common. :-) Validation where the validating is done on the same page, and the redirected on success? This is also very, very common. Let me ask though if I setup just a validation page, then on success I'm still doing a redirect (cause it's a multi page form) Or if I validate on the next page and there is an error, I redirect back, but then I also have to consider how the error is going to get printed on the first page. How you design this is subjective, but my opinion is that redirects are only handy when you want to avoid the user's browser asking whether to resubmit a POST request when they're using the history mechanism, as I describe here: http://www.phpmag.net/itr/online_artikel/psecom,id,637,nodeid,114.html Aside from that case (which is your case if you're using the POST method), I prefer to include the appropriate module rather than redirecting the user. It seems silly for them to request a resource only to be told to go somewhere else to find it. If we know where it is, why not just return it? That's the basis of my opinion. :-) Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming January 2004 http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session and validation
--- Chris Shiflett [EMAIL PROTECTED] wrote: --- Stuart Felenstein [EMAIL PROTECTED] wrote: I had this thread going yesterday. Then basically think it reached a stalemate. I think you need to try to simplify your code to the most basic example that demonstrates the problem. By doing this, you'll achieve one of two things: 1. Figure out the problem yourself. 2. Generate a perfect example that we can use to better understand your problem and suggest a solution. Yes, this is exactly what I did and why I dredged up this topic again: Here is the example: testarray (page1) //Start the session ?php session_start(); //Check for the array on submit if ( empty( $_SESSION['l_industry'] ) ) { $_SESSION['l_industry']=array(); } //Check to make sure user didnt exceed 5 selections if (count($industry) 5) { echo you have selected too many industries; exit; } ? ?php //Redirect to results page if user stayed in 5 option //range if ($_SERVER[REQUEST_METHOD] == POST) { Header(Location: http://www...com/TAresults.php;); } ?!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; ?php //PHP ADODB document - made with PHAkt 2.7.3? html head titleUntitled Document/title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 /head body table width=500 border=1 align=center cellpadding=2 cellspacing=2 tr tdform name=form1 id=form1 method=post action= select name=industry[] size=10 multiple=multiple id=industry[] option value=1 ?php if (!(strcmp(1, Please Select))) {echo SELECTED;} ?Accounting/option option value=2 ?php if (!(strcmp(2, Please Select))) {echo SELECTED;} ?Entertainment/option option value=3 ?php if (!(strcmp(3, Please Select))) {echo SELECTED;} ?label/option option value=4 ?php if (!(strcmp(4, Please Select))) {echo SELECTED;} ?Advertising /option option value=5 ?php if (!(strcmp(5, Please Select))) {echo SELECTED;} ?Customer Service/option option value=6 ?php if (!(strcmp(6, Please Select))) {echo SELECTED;} ?Informatin Technology/option /select input type=submit name=Submit value=Submit /form/td /tr /table /body /html TAresults (page2): ?php session_start(); if ( empty( $_SESSION['l_industry'] ) ) { $_SESSION['l_industry']=array(); } if ( is_array( $_REQUEST['LurkerIndustry'] ) ) { $_SESSION['l_industry'] = array_unique( array_merge( $_SESSION['l_industry'], $_REQUEST['LurkerIndustry'] ) ); } ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 / titleUntitled Document/title /head body ?php echo The time is.br /; echo $industry['0'].br /; echo $industry['1'].br /; echo $industry['2'].br /; echo $industry['3'].br /; echo $industry['4'].br /; echo $industry['5'].br /; echo $industry['6'].br /; echo $industry['7'].br /; echo $industry['8'].br /; echo $industry['9'].br /; echo $industry['10'].br /; echo $industry['11'].br /; ? ?php unset($l_industry); ? /body /html The results here, are whether the check passes or not the variables never echo. If I set action on page 1 to TAresults.php , then they echo out fine. Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session and validation
--- Graham Cossey [EMAIL PROTECTED] wrote: So, if this is the result of a form submission how are you getting the POST variables? How/where is $industry being set? I appears that you are assuming that variables are 'maintained' within a script, they are not. You have to remember that although you are running the same script it is not the same 'instance' of the script as a request/response has occurred. You MUST pass and retrieve SESSION/POST/GET variables if you intend to use them in your script. Yes, I see your point about the instance changing. I made the change and set session = post prior to the redirect and it's working proper. Now, I will need to go back and try my other scripts to see if this holds up in them. I thought I already tried , but a fresh start may help. Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session and validation
[snip] Here is the example: testarray (page1) //Start the session ?php session_start(); //Check for the array on submit if ( empty( $_SESSION['l_industry'] ) ) { $_SESSION['l_industry']=array(); } $industry = $_POST['industry']; // ?? //Check to make sure user didnt exceed 5 selections if (count($industry) 5) { echo you have selected too many industries; exit; } So, if this is the result of a form submission how are you getting the POST variables? How/where is $industry being set? I appears that you are assuming that variables are 'maintained' within a script, they are not. You have to remember that although you are running the same script it is not the same 'instance' of the script as a request/response has occurred. You MUST pass and retrieve SESSION/POST/GET variables if you intend to use them in your script. $_SESSION['x'] = $_POST['x']; $_SESSION['y'] = $_POST['y']; etc etc... ? ?php //Redirect to results page if user stayed in 5 option //range if ($_SERVER[REQUEST_METHOD] == POST) { Header(Location: http://www...com/TAresults.php;); } You do not appear to have set the SESSION variables before redirecting to the next page. ?!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; ?php //PHP ADODB document - made with PHAkt 2.7.3? html head titleUntitled Document/title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 /head body table width=500 border=1 align=center cellpadding=2 cellspacing=2 tr tdform name=form1 id=form1 method=post action= Not sure about this... have you used action=$PHP_SELF ? select name=industry[] size=10 multiple=multiple id=industry[] option value=1 ?php if (!(strcmp(1, Please Select))) {echo SELECTED;} ?Accounting/option option value=2 ?php if (!(strcmp(2, Please Select))) {echo SELECTED;} ?Entertainment/option option value=3 ?php if (!(strcmp(3, Please Select))) {echo SELECTED;} ?label/option option value=4 ?php if (!(strcmp(4, Please Select))) {echo SELECTED;} ?Advertising /option option value=5 ?php if (!(strcmp(5, Please Select))) {echo SELECTED;} ?Customer Service/option option value=6 ?php if (!(strcmp(6, Please Select))) {echo SELECTED;} ?Informatin Technology/option /select input type=submit name=Submit value=Submit /form/td /tr /table /body /html TAresults (page2): ?php session_start(); if ( empty( $_SESSION['l_industry'] ) ) { $_SESSION['l_industry']=array(); } if ( is_array( $_REQUEST['LurkerIndustry'] ) ) { $_SESSION['l_industry'] = array_unique( array_merge( $_SESSION['l_industry'], $_REQUEST['LurkerIndustry'] ) ); } ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 / titleUntitled Document/title /head body ?php echo The time is.br /; echo $industry['0'].br /; echo $industry['1'].br /; echo $industry['2'].br /; echo $industry['3'].br /; echo $industry['4'].br /; echo $industry['5'].br /; echo $industry['6'].br /; echo $industry['7'].br /; echo $industry['8'].br /; echo $industry['9'].br /; echo $industry['10'].br /; echo $industry['11'].br /; Sorry, I cannot see where $industry is being set. This may just need $industry = $_SESSION['industry']; ? ?php unset($l_industry); ? /body /html The results here, are whether the check passes or not the variables never echo. If I set action on page 1 to TAresults.php , then they echo out fine. Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session and validation
On Saturday 30 October 2004 10:27, Stuart Felenstein wrote: --- Chris Shiflett [EMAIL PROTECTED] wrote: --- Stuart Felenstein [EMAIL PROTECTED] wrote: I had this thread going yesterday. Then basically think it reached a stalemate. I think you need to try to simplify your code to the most basic example that demonstrates the problem. By doing this, you'll achieve one of two things: 1. Figure out the problem yourself. 2. Generate a perfect example that we can use to better understand your problem and suggest a solution. Yes, this is exactly what I did and why I dredged up this topic again: Here is the example: In my reply to your 'dead' thread I suggested you concoct a barest minimum example. Which means: //Check to make sure user didnt exceed 5 selections if (count($industry) 5) { echo you have selected too many industries; No need to check for more than 5, just more than 1 would be sufficient for proof of concept. ?!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 No need for extraneous useless HTML. table width=500 border=1 align=center Ditto. What's the point of formatting it nicely? Basically the less cruft there is the better the chance of you spotting the problem yourself, and the likelyhood of people actually wading through your code. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* If you ever want to get anywhere in politics, my boy, you're going to have to get a toehold in the public eye. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session and validation
I had this thread going yesterday. Then basically think it reached a stalemate. I'm wondering has anyone setup forms using session variables and validation. Validation where the validating is done on the same page, and the redirected on success ? Maybe that is my problem , that session variables will get blown away when the validations are run in the same page. Shouldn't be right ? Let me ask though if I setup just a validation page, then on success I'm still doing a redirect (cause it's a multi page form) Or if I validate on the next page and there is an error, I redirect back, but then I also have to consider how the error is going to get printed on the first page. Anyone ? Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session and validation
[snip] I had this thread going yesterday. Then basically think it reached a stalemate. I'm wondering has anyone setup forms using session variables and validation. Validation where the validating is done on the same page, and the redirected on success ? [/snip] You need a class which will generate and validate your forms dynamically. Pear provides two packages (the second an extension of the first): http://pear.php.net/package/HTML_QuickForm http://pear.php.net/package/HTML_QuickForm_Controller I've never used these as I wrote my own library to handle this a few years ago, but from what I understand these two packages will do the trick. Basically it will work thusly: 1) On a page where you need a form, you declare a new form object, specify all your inputs, how they should be validated, etc., and these are then stored in the session. 2) On the receiving page you call the form validation object, passing in an identifier for which form should be validated. 3) If it validates your script will continue unfettered, else it will update the values in the session with the appropriate error message and redirect you back to the original form, which, since you are using session variables to display the inputs, will now be updated with the error messages. HTH, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session and validation
You might consider another approach, if you are using php5. It's called PRADO, I believe it was overall winner of the PHP programming contest sponsored by ZEND. http://www.zend.com/php5/contest/contest.php?id=36single=1 This is how the product is described; snip--- PRADO is an event-driven and component-based framework for Web application development in PHP5. Developing a Web application with PRADO mainly involves instantiating prebuilt and application-specific component types, configuring them by setting their properties, and composing them into application tasks. Some repetitive and tedious work, such as form field validation and page state management, can be accomplished easily in this fashion with the provided PRADO components. Using PRADO to develop Web application will bring you familarity of developing desktop GUI application with RAD tools such as Borland Delphi, Visual Basic, etc. You will also find it is like ASP.NET in many aspects. - snip--- I haven't tried this myself, but it looks like it may be geared to what you are seeking. Much of the rave seems to be it's event driven nature (unusual for web apps). I hope to be using it myself in the next few months. If the reviews are any clue, I would expect it to become part of a future release of PHP. Time will tell. Warren Vail -Original Message- From: Pablo Gosse [mailto:[EMAIL PROTECTED] Sent: Friday, October 29, 2004 4:23 PM To: Stuart Felenstein; [EMAIL PROTECTED] Subject: RE: [PHP] Session and validation [snip] I had this thread going yesterday. Then basically think it reached a stalemate. I'm wondering has anyone setup forms using session variables and validation. Validation where the validating is done on the same page, and the redirected on success ? [/snip] You need a class which will generate and validate your forms dynamically. Pear provides two packages (the second an extension of the first): http://pear.php.net/package/HTML_QuickForm http://pear.php.net/package/HTML_QuickForm_Controller I've never used these as I wrote my own library to handle this a few years ago, but from what I understand these two packages will do the trick. Basically it will work thusly: 1) On a page where you need a form, you declare a new form object, specify all your inputs, how they should be validated, etc., and these are then stored in the session. 2) On the receiving page you call the form validation object, passing in an identifier for which form should be validated. 3) If it validates your script will continue unfettered, else it will update the values in the session with the appropriate error message and redirect you back to the original form, which, since you are using session variables to display the inputs, will now be updated with the error messages. HTH, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php