Re: [PHP] checkbox unchecked

2007-12-02 Thread Stephen 

Ronald Wiplinger wrote:

How can I force a n for not checked in the input field? or how can I
solve that?
  

Either use radio buttons  or a drop down  for the input field.

Stephen

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] checkbox unchecked

2007-12-02 Thread Ronald Wiplinger 
Stephen wrote:
 Ronald Wiplinger wrote:
 How can I force a n for not checked in the input field? or how can I
 solve that?
   
 Either use radio buttons  or a drop down  for the input field.

Thanks!


 Stephen


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] checkbox unchecked

2007-12-02 Thread Larry Garfield 
First of all, using y and n for boolean values (such as a checkbox) is 
very sloppy.  n is boolean True.  A boolean value should evaluate correctly 
in a boolean context.  For that, you should use 1 and 0 for your values.  

What I usually do is this:

input type=hidden name=foo value=0 /
input type=checkbox name=foo value=1 ?php echo $checked; ? /

Then when it gets submitted, foo will get the value of the form element that 
was submitted last that has a value.  That is, if the checkbox is checked 
then foo will be 1, otherwise it will be 0.  That gives you a nice, clean 
boolean value you can rely on being present (mostly g).  

On Sunday 02 December 2007, Ronald Wiplinger wrote:
 I have now tried to add many of the security hints on a web page and
 come to a problem.
 I am checking if the allowed fields match the sent fields.
 From the database I get the information if a checkbox is checked or not:

 ?php if($DB_a ==y) {
 $checked=checked;
 } else {
 $checked=;
 }
 ?
 input type=checkbox name=R_a value=y ?php echo $checked ?


 If the user takes out the checkmark the value will become  and the
 field will not submitted which results in a missing field.

 $allowed = array();
 $allowed[]='form';
 $allowed[]='R_a';
 $allowed[]='R_b';
 
 $sent = $array_keys($_POST);
 if($allowed == $sent) {
 ... do some checking ...
 } else {
 echo Expected input fields do not match!;
 }
 break;


 How can I force a n for not checked in the input field? or how can I
 solve that?

 bye

 Ronald


-- 
Larry Garfield  AIM: LOLG42
[EMAIL PROTECTED]   ICQ: 6817012

If nature has made any one thing less susceptible than all others of 
exclusive property, it is the action of the thinking power called an idea, 
which an individual may exclusively possess as long as he keeps it to 
himself; but the moment it is divulged, it forces itself into the possession 
of every one, and the receiver cannot dispossess himself of it.  -- Thomas 
Jefferson

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] checkbox unchecked

2007-12-02 Thread Afan Pasalic 

I did once, if I remember once, this strategy:
input type=hidden name=R_a value=n
input type=checkbox name=R_a value=y ?php echo $checked ?
If checked, you will have value y. Though, if unchecked, or it was 
checked and visitor unchecked, the value should be n.


;)

-afan


Ronald Wiplinger wrote:

I have now tried to add many of the security hints on a web page and
come to a problem.
I am checking if the allowed fields match the sent fields.
From the database I get the information if a checkbox is checked or not:

?php if($DB_a ==y) {
$checked=checked;
} else {
$checked=;
}
?
input type=checkbox name=R_a value=y ?php echo $checked ?


If the user takes out the checkmark the value will become  and the
field will not submitted which results in a missing field.

$allowed = array();
$allowed[]='form';
$allowed[]='R_a';
$allowed[]='R_b';

$sent = $array_keys($_POST);
if($allowed == $sent) {
... do some checking ...
} else {
echo Expected input fields do not match!;
}
break;


How can I force a n for not checked in the input field? or how can I
solve that?

bye

Ronald



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] checkbox unchecked

2007-12-02 Thread Steve Edberg 

Just to add my two cents -

I don't think it matters much what tokens you use to represent true 
or false, since you're going to be explicitly checking them on the 
server end anyway. I can't see much difference in principle between, 
for example:


if ($_GET['foo'] == 'y')...
and
if ($_GET['foo'] == '1')...
or even
if ($_GET['foo'] == 'Oui')...

One should really not do be doing just

if ($_GET['foo'])

anyway. Checking that a specific value is passed, rather than just 
some value that PHP evaluates to true or false, is one way to catch 
possible form hacking. For general reference, there are a number of 
php security howtos out there on how to sanitize user input, but I'll 
leave finding them as an 'excercize for the reader' at the moment. I 
suppose using 0/1 does have the advantage of 'doing the right thing' 
if a if ($_GET['foo']) creeps into your code, though. As would 
using 'Y'/''.


That being said, I've used 0/1 along with y/n in the past; it depends 
on whether I'm thinking like a programmer or a human ;)


steve


At 12:36 PM -0600 12/2/07, Larry Garfield wrote:

First of all, using y and n for boolean values (such as a checkbox) is
very sloppy.  n is boolean True.  A boolean value should evaluate correctly
in a boolean context.  For that, you should use 1 and 0 for your values. 


What I usually do is this:

input type=hidden name=foo value=0 /
input type=checkbox name=foo value=1 ?php echo $checked; ? /

Then when it gets submitted, foo will get the value of the form element that
was submitted last that has a value.  That is, if the checkbox is checked
then foo will be 1, otherwise it will be 0.  That gives you a nice, clean
boolean value you can rely on being present (mostly g). 


On Sunday 02 December 2007, Ronald Wiplinger wrote:

 I have now tried to add many of the security hints on a web page and
 come to a problem.
 I am checking if the allowed fields match the sent fields.
 From the database I get the information if a checkbox is checked or not:

 ?php if($DB_a ==y) {
 $checked=checked;
 } else {
 $checked=;
 }
 ?
 input type=checkbox name=R_a value=y ?php echo $checked ?


 If the user takes out the checkmark the value will become  and the
 field will not submitted which results in a missing field.

 $allowed = array();
 $allowed[]='form';
 $allowed[]='R_a';
 $allowed[]='R_b';
 
 $sent = $array_keys($_POST);
 if($allowed == $sent) {
 ... do some checking ...
 } else {
 echo Expected input fields do not match!;
 }
 break;


 How can I force a n for not checked in the input field? or how can I
 solve that?

 bye


  Ronald




--
+--- my people are the people of the dessert, ---+
| Steve Edberghttp://pgfsun.ucdavis.edu/ |
| UC Davis Genome Center[EMAIL PROTECTED] |
| Bioinformatics programming/database/sysadmin (530)754-9127 |
+ said t e lawrence, picking up his fork +

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] checkbox unchecked

2007-12-02 Thread Jürgen Wind 

nice!
but to avoid confusion it should read (assuming that $checked is a boolean
variable):
input type=hidden name=foo value=0/
input type=checkbox name=foo value=1?php if($checked) echo '
checked'; ?/

IMHO


Larry Garfield wrote:
 
 First of all, using y and n for boolean values (such as a checkbox) is 
 very sloppy.  n is boolean True.  A boolean value should evaluate
 correctly 
 in a boolean context.  For that, you should use 1 and 0 for your values.  
 
 What I usually do is this:
 
 input type=hidden name=foo value=0 /
 input type=checkbox name=foo value=1 ?php echo $checked; ? /
 
 Then when it gets submitted, foo will get the value of the form element
 that 
 was submitted last that has a value.  That is, if the checkbox is checked 
 then foo will be 1, otherwise it will be 0.  That gives you a nice, clean 
 boolean value you can rely on being present (mostly g).  
 
 On Sunday 02 December 2007, Ronald Wiplinger wrote:
 I have now tried to add many of the security hints on a web page and
 come to a problem.
 I am checking if the allowed fields match the sent fields.
 From the database I get the information if a checkbox is checked or not:

 ?php if($DB_a ==y) {
 $checked=checked;
 } else {
 $checked=;
 }
 ?
 input type=checkbox name=R_a value=y ?php echo $checked ?


 If the user takes out the checkmark the value will become  and the
 field will not submitted which results in a missing field.

 $allowed = array();
 $allowed[]='form';
 $allowed[]='R_a';
 $allowed[]='R_b';
 
 $sent = $array_keys($_POST);
 if($allowed == $sent) {
 ... do some checking ...
 } else {
 echo Expected input fields do not match!;
 }
 break;


 How can I force a n for not checked in the input field? or how can I
 solve that?

 bye

 Ronald
 
 
 -- 
 Larry GarfieldAIM: LOLG42
 [EMAIL PROTECTED] ICQ: 6817012
 
 If nature has made any one thing less susceptible than all others of 
 exclusive property, it is the action of the thinking power called an idea, 
 which an individual may exclusively possess as long as he keeps it to 
 himself; but the moment it is divulged, it forces itself into the
 possession 
 of every one, and the receiver cannot dispossess himself of it.  --
 Thomas 
 Jefferson
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 
 

-- 
View this message in context: 
http://www.nabble.com/checkbox-unchecked-tf4932527.html#a14119395
Sent from the PHP - General mailing list archive at Nabble.com.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] checkbox unchecked

2007-12-02 Thread tedd 

At 12:36 PM -0600 12/2/07, Larry Garfield wrote:

First of all, using y and n for boolean values (such as a checkbox) is
very sloppy.  n is boolean True.  A boolean value should evaluate correctly
in a boolean context.  For that, you should use 1 and 0 for your values. 


What I usually do is this:

input type=hidden name=foo value=0 /
input type=checkbox name=foo value=1 ?php echo $checked; ? /

Then when it gets submitted, foo will get the value of the form element that
was submitted last that has a value.  That is, if the checkbox is checked
then foo will be 1, otherwise it will be 0.  That gives you a nice, clean

boolean value you can rely on being present (mostly g).

Larry:

Not that you said otherwise, but if the programmer does not set the 
value for a checkbox, html will provide values  -- that may lead to 
confusion for newer programmers.


See here:

http://webbytedd.com//checkbox/

If you will note, without specifically setting the value, html will 
return on.


Also, I'm sure it's an oversight, but your code above should be:

?php if ($foo) echo('checked'); ?

Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] checkbox unchecked

2007-12-02 Thread Casey 
On Dec 2, 2007 1:08 PM, tedd [EMAIL PROTECTED] wrote:
 At 12:36 PM -0600 12/2/07, Larry Garfield wrote:
 First of all, using y and n for boolean values (such as a checkbox) is
 very sloppy.  n is boolean True.  A boolean value should evaluate correctly
 in a boolean context.  For that, you should use 1 and 0 for your values.
 
 What I usually do is this:
 
 input type=hidden name=foo value=0 /
 input type=checkbox name=foo value=1 ?php echo $checked; ? /
 
 Then when it gets submitted, foo will get the value of the form element that
 was submitted last that has a value.  That is, if the checkbox is checked
 then foo will be 1, otherwise it will be 0.  That gives you a nice, clean
 boolean value you can rely on being present (mostly g).

 Larry:

 Not that you said otherwise, but if the programmer does not set the
 value for a checkbox, html will provide values  -- that may lead to
 confusion for newer programmers.

 See here:

 http://webbytedd.com//checkbox/

 If you will note, without specifically setting the value, html will
 return on.

 Also, I'm sure it's an oversight, but your code above should be:

 ?php if ($foo) echo('checked'); ?

 Cheers,

 tedd

 --
 ---
 http://sperling.com  http://ancientstones.com  http://earthstones.com


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



You don't need to do anything.
input type=checkbox name=likes_pie /

When it's submitted:
?php
 if ($_GET['likes_pie']) // checked
else // not

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] checkbox unchecked

2007-12-02 Thread tedd 

At 1:23 PM -0800 12/2/07, Casey wrote:

On Dec 2, 2007 1:08 PM, tedd [EMAIL PROTECTED] wrote:

You don't need to do anything.
input type=checkbox name=likes_pie /

When it's submitted:
?php
 if ($_GET['likes_pie']) // checked
else // not


That's true unless you're pulling data in from somewhere else (i.e., a dB).

Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php