Re: [PHP] checkbox unchecked
Ronald Wiplinger wrote: How can I force a n for not checked in the input field? or how can I solve that? Either use radio buttons or a drop down for the input field. Stephen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checkbox unchecked
Stephen wrote: Ronald Wiplinger wrote: How can I force a n for not checked in the input field? or how can I solve that? Either use radio buttons or a drop down for the input field. Thanks! Stephen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checkbox unchecked
First of all, using y and n for boolean values (such as a checkbox) is very sloppy. n is boolean True. A boolean value should evaluate correctly in a boolean context. For that, you should use 1 and 0 for your values. What I usually do is this: input type=hidden name=foo value=0 / input type=checkbox name=foo value=1 ?php echo $checked; ? / Then when it gets submitted, foo will get the value of the form element that was submitted last that has a value. That is, if the checkbox is checked then foo will be 1, otherwise it will be 0. That gives you a nice, clean boolean value you can rely on being present (mostly g). On Sunday 02 December 2007, Ronald Wiplinger wrote: I have now tried to add many of the security hints on a web page and come to a problem. I am checking if the allowed fields match the sent fields. From the database I get the information if a checkbox is checked or not: ?php if($DB_a ==y) { $checked=checked; } else { $checked=; } ? input type=checkbox name=R_a value=y ?php echo $checked ? If the user takes out the checkmark the value will become and the field will not submitted which results in a missing field. $allowed = array(); $allowed[]='form'; $allowed[]='R_a'; $allowed[]='R_b'; $sent = $array_keys($_POST); if($allowed == $sent) { ... do some checking ... } else { echo Expected input fields do not match!; } break; How can I force a n for not checked in the input field? or how can I solve that? bye Ronald -- Larry Garfield AIM: LOLG42 [EMAIL PROTECTED] ICQ: 6817012 If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. -- Thomas Jefferson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checkbox unchecked
I did once, if I remember once, this strategy: input type=hidden name=R_a value=n input type=checkbox name=R_a value=y ?php echo $checked ? If checked, you will have value y. Though, if unchecked, or it was checked and visitor unchecked, the value should be n. ;) -afan Ronald Wiplinger wrote: I have now tried to add many of the security hints on a web page and come to a problem. I am checking if the allowed fields match the sent fields. From the database I get the information if a checkbox is checked or not: ?php if($DB_a ==y) { $checked=checked; } else { $checked=; } ? input type=checkbox name=R_a value=y ?php echo $checked ? If the user takes out the checkmark the value will become and the field will not submitted which results in a missing field. $allowed = array(); $allowed[]='form'; $allowed[]='R_a'; $allowed[]='R_b'; $sent = $array_keys($_POST); if($allowed == $sent) { ... do some checking ... } else { echo Expected input fields do not match!; } break; How can I force a n for not checked in the input field? or how can I solve that? bye Ronald -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checkbox unchecked
Just to add my two cents - I don't think it matters much what tokens you use to represent true or false, since you're going to be explicitly checking them on the server end anyway. I can't see much difference in principle between, for example: if ($_GET['foo'] == 'y')... and if ($_GET['foo'] == '1')... or even if ($_GET['foo'] == 'Oui')... One should really not do be doing just if ($_GET['foo']) anyway. Checking that a specific value is passed, rather than just some value that PHP evaluates to true or false, is one way to catch possible form hacking. For general reference, there are a number of php security howtos out there on how to sanitize user input, but I'll leave finding them as an 'excercize for the reader' at the moment. I suppose using 0/1 does have the advantage of 'doing the right thing' if a if ($_GET['foo']) creeps into your code, though. As would using 'Y'/''. That being said, I've used 0/1 along with y/n in the past; it depends on whether I'm thinking like a programmer or a human ;) steve At 12:36 PM -0600 12/2/07, Larry Garfield wrote: First of all, using y and n for boolean values (such as a checkbox) is very sloppy. n is boolean True. A boolean value should evaluate correctly in a boolean context. For that, you should use 1 and 0 for your values. What I usually do is this: input type=hidden name=foo value=0 / input type=checkbox name=foo value=1 ?php echo $checked; ? / Then when it gets submitted, foo will get the value of the form element that was submitted last that has a value. That is, if the checkbox is checked then foo will be 1, otherwise it will be 0. That gives you a nice, clean boolean value you can rely on being present (mostly g). On Sunday 02 December 2007, Ronald Wiplinger wrote: I have now tried to add many of the security hints on a web page and come to a problem. I am checking if the allowed fields match the sent fields. From the database I get the information if a checkbox is checked or not: ?php if($DB_a ==y) { $checked=checked; } else { $checked=; } ? input type=checkbox name=R_a value=y ?php echo $checked ? If the user takes out the checkmark the value will become and the field will not submitted which results in a missing field. $allowed = array(); $allowed[]='form'; $allowed[]='R_a'; $allowed[]='R_b'; $sent = $array_keys($_POST); if($allowed == $sent) { ... do some checking ... } else { echo Expected input fields do not match!; } break; How can I force a n for not checked in the input field? or how can I solve that? bye Ronald -- +--- my people are the people of the dessert, ---+ | Steve Edberghttp://pgfsun.ucdavis.edu/ | | UC Davis Genome Center[EMAIL PROTECTED] | | Bioinformatics programming/database/sysadmin (530)754-9127 | + said t e lawrence, picking up his fork + -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checkbox unchecked
nice! but to avoid confusion it should read (assuming that $checked is a boolean variable): input type=hidden name=foo value=0/ input type=checkbox name=foo value=1?php if($checked) echo ' checked'; ?/ IMHO Larry Garfield wrote: First of all, using y and n for boolean values (such as a checkbox) is very sloppy. n is boolean True. A boolean value should evaluate correctly in a boolean context. For that, you should use 1 and 0 for your values. What I usually do is this: input type=hidden name=foo value=0 / input type=checkbox name=foo value=1 ?php echo $checked; ? / Then when it gets submitted, foo will get the value of the form element that was submitted last that has a value. That is, if the checkbox is checked then foo will be 1, otherwise it will be 0. That gives you a nice, clean boolean value you can rely on being present (mostly g). On Sunday 02 December 2007, Ronald Wiplinger wrote: I have now tried to add many of the security hints on a web page and come to a problem. I am checking if the allowed fields match the sent fields. From the database I get the information if a checkbox is checked or not: ?php if($DB_a ==y) { $checked=checked; } else { $checked=; } ? input type=checkbox name=R_a value=y ?php echo $checked ? If the user takes out the checkmark the value will become and the field will not submitted which results in a missing field. $allowed = array(); $allowed[]='form'; $allowed[]='R_a'; $allowed[]='R_b'; $sent = $array_keys($_POST); if($allowed == $sent) { ... do some checking ... } else { echo Expected input fields do not match!; } break; How can I force a n for not checked in the input field? or how can I solve that? bye Ronald -- Larry GarfieldAIM: LOLG42 [EMAIL PROTECTED] ICQ: 6817012 If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. -- Thomas Jefferson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- View this message in context: http://www.nabble.com/checkbox-unchecked-tf4932527.html#a14119395 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checkbox unchecked
At 12:36 PM -0600 12/2/07, Larry Garfield wrote: First of all, using y and n for boolean values (such as a checkbox) is very sloppy. n is boolean True. A boolean value should evaluate correctly in a boolean context. For that, you should use 1 and 0 for your values. What I usually do is this: input type=hidden name=foo value=0 / input type=checkbox name=foo value=1 ?php echo $checked; ? / Then when it gets submitted, foo will get the value of the form element that was submitted last that has a value. That is, if the checkbox is checked then foo will be 1, otherwise it will be 0. That gives you a nice, clean boolean value you can rely on being present (mostly g). Larry: Not that you said otherwise, but if the programmer does not set the value for a checkbox, html will provide values -- that may lead to confusion for newer programmers. See here: http://webbytedd.com//checkbox/ If you will note, without specifically setting the value, html will return on. Also, I'm sure it's an oversight, but your code above should be: ?php if ($foo) echo('checked'); ? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checkbox unchecked
On Dec 2, 2007 1:08 PM, tedd [EMAIL PROTECTED] wrote: At 12:36 PM -0600 12/2/07, Larry Garfield wrote: First of all, using y and n for boolean values (such as a checkbox) is very sloppy. n is boolean True. A boolean value should evaluate correctly in a boolean context. For that, you should use 1 and 0 for your values. What I usually do is this: input type=hidden name=foo value=0 / input type=checkbox name=foo value=1 ?php echo $checked; ? / Then when it gets submitted, foo will get the value of the form element that was submitted last that has a value. That is, if the checkbox is checked then foo will be 1, otherwise it will be 0. That gives you a nice, clean boolean value you can rely on being present (mostly g). Larry: Not that you said otherwise, but if the programmer does not set the value for a checkbox, html will provide values -- that may lead to confusion for newer programmers. See here: http://webbytedd.com//checkbox/ If you will note, without specifically setting the value, html will return on. Also, I'm sure it's an oversight, but your code above should be: ?php if ($foo) echo('checked'); ? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php You don't need to do anything. input type=checkbox name=likes_pie / When it's submitted: ?php if ($_GET['likes_pie']) // checked else // not -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] checkbox unchecked
At 1:23 PM -0800 12/2/07, Casey wrote: On Dec 2, 2007 1:08 PM, tedd [EMAIL PROTECTED] wrote: You don't need to do anything. input type=checkbox name=likes_pie / When it's submitted: ?php if ($_GET['likes_pie']) // checked else // not That's true unless you're pulling data in from somewhere else (i.e., a dB). Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php