echo in form input value
This is driving me crazy and should be very easy. I am trying to pre-fill an html form with session data using echo. I can compile and run but the form field contains a / if the session data is blank. How can I get rid of the / Heres the code:
I have tried several combinations of ‘»` etc and it seems I am just missing the obvious. Thanks in advance — anyone.
- 4 Contributors
- 4 Replies
- 16K Views
- 21 Hours Discussion Span
- Latest Post 13 Years Ago Latest Post by andym67
Recommended Answers Collapse Answers
Hi andym67 and welcome to DaniWeb 🙂
A better approach is this:
if(isset($_SESSION["namevalue"])) $val = $_SESSION["namevalue"]; else $val = ""; // maybe do some validation on $val here echo "";All 4 Replies
if(isset($_SESSION["namevalue"])) $val = $_SESSION["namevalue"]; else $val = ""; // maybe do some validation on $val here echo "";Agree with Xan’s code fix
embedding php inside html, it is important to get all the quotes in.
only add a usefula(maybe) caveat to the code he provided, a recommendation to change whatever editor used to something that code highlights
It becomes easy to see when something is missing if the text is some bright colour when a(the) quote(s) Brace(s) Bracket(s) < >is(are) missing
Notepad++ Notepad2 & a bunch of good code highlighting editors without the quotes output html for a nul field is value=/> your visble backslash
with quotes a nul gives value=»»/>
but was able to determin that the previously mentioned part was where I was messing up so hence my limited code post. I am still getting used to PHP and NetBeans both so the color scheme/code completion and the exact ;,'»` where have you was throwing me off. Thanks again.! Andy
We’re a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.
Reach out to all the awesome people in our web development community by starting your own topic. We equally welcome both specific questions as well as open-ended discussions.
PHP: Possible to automatically get all POSTed data?
Simple question: Is it possible to get all the data POSTed to a page, even if you don’t know all the fields? For example, I want to write a simple script that collects any POSTed data and emails it. I can foresee that the fields in the form are likely to change a lot over time, and so to save myself some time in the long run, I was wondering if I could write something that automatically gathered everything? Is it possible?
9 Answers 9
Sure. Just walk through the $_POST array:
foreach ($_POST as $key => $value) < echo "Field ".htmlspecialchars($key)." is ".htmlspecialchars($value)."
"; > @Django Reinhardt Note that non-checked checkboxes do not appear in the $_POST array so if you use checkboxes, you will need to handle them differently by using isset for example.
No one mentioned Raw Post Data, but it’s good to know, if posted data has no key, but only value, use Raw Post Data:
$postdata = file_get_contents("php://input"); php://input is a read-only stream that allows you to read raw data from the request body. In the case of POST requests, it is preferable to use php://input instead of $HTTP_RAW_POST_DATA as it does not depend on special php.ini directives. Moreover, for those cases where $HTTP_RAW_POST_DATA is not populated by default, it is a potentially less memory intensive alternative to activating always_populate_raw_post_data. php://input is not available with enctype=»multipart/form-data».
PHP Form Handling
The PHP superglobals $_GET and $_POST are used to collect form-data.
PHP — A Simple HTML Form
The example below displays a simple HTML form with two input fields and a submit button:
Example
When the user fills out the form above and clicks the submit button, the form data is sent for processing to a PHP file named «welcome.php». The form data is sent with the HTTP POST method.
To display the submitted data you could simply echo all the variables. The «welcome.php» looks like this:
The output could be something like this:
The same result could also be achieved using the HTTP GET method:
Example
and «welcome_get.php» looks like this:
The code above is quite simple. However, the most important thing is missing. You need to validate form data to protect your script from malicious code.
Think SECURITY when processing PHP forms!
This page does not contain any form validation, it just shows how you can send and retrieve form data.
However, the next pages will show how to process PHP forms with security in mind! Proper validation of form data is important to protect your form from hackers and spammers!
GET vs. POST
Both GET and POST create an array (e.g. array( key1 => value1, key2 => value2, key3 => value3, . )). This array holds key/value pairs, where keys are the names of the form controls and values are the input data from the user.
Both GET and POST are treated as $_GET and $_POST. These are superglobals, which means that they are always accessible, regardless of scope — and you can access them from any function, class or file without having to do anything special.
$_GET is an array of variables passed to the current script via the URL parameters.
$_POST is an array of variables passed to the current script via the HTTP POST method.
When to use GET?
Information sent from a form with the GET method is visible to everyone (all variable names and values are displayed in the URL). GET also has limits on the amount of information to send. The limitation is about 2000 characters. However, because the variables are displayed in the URL, it is possible to bookmark the page. This can be useful in some cases.
GET may be used for sending non-sensitive data.
Note: GET should NEVER be used for sending passwords or other sensitive information!
When to use POST?
Information sent from a form with the POST method is invisible to others (all names/values are embedded within the body of the HTTP request) and has no limits on the amount of information to send.
Moreover POST supports advanced functionality such as support for multi-part binary input while uploading files to server.
However, because the variables are not displayed in the URL, it is not possible to bookmark the page.
Developers prefer POST for sending form data.
Next, lets see how we can process PHP forms the secure way!
Работа с формами
Одно из главнейших достоинств PHP — то, как он работает с формами HTML. Здесь основным является то, что каждый элемент формы автоматически становится доступным вашим программам на PHP. Для подробной информации об использовании форм в PHP читайте раздел Переменные из внешних источников. Вот пример формы HTML:
Пример #1 Простейшая форма HTML
В этой форме нет ничего особенного. Это обычная форма HTML без каких-либо специальных тегов. Когда пользователь заполнит форму и нажмёт кнопку отправки, будет вызвана страница action.php . В этом файле может быть что-то вроде:
Пример #2 Выводим данные формы
Пример вывода данной программы:
Здравствуйте, Сергей. Вам 30 лет.
Если не принимать во внимание куски кода с htmlspecialchars() и (int) , принцип работы данного кода должен быть прост и понятен. htmlspecialchars() обеспечивает правильную кодировку «особых» HTML-символов так, чтобы вредоносный HTML или Javascript не был вставлен на вашу страницу. Поле age, о котором нам известно, что оно должно быть число, мы можем просто преобразовать в int , что автоматически избавит нас от нежелательных символов. PHP также может сделать это автоматически с помощью модуля filter. Переменные $_POST[‘name’] и $_POST[‘age’] автоматически установлены для вас средствами PHP. Ранее мы использовали суперглобальную переменную $_SERVER , здесь же мы точно так же используем суперглобальную переменную $_POST , которая содержит все POST-данные. Заметим, что метод отправки (method) нашей формы — POST. Если бы мы использовали метод GET, то информация нашей формы была бы в суперглобальной переменной $_GET . Кроме этого, можно использовать переменную $_REQUEST , если источник данных не имеет значения. Эта переменная содержит смесь данных GET, POST, COOKIE.
В PHP можно также работать и с XForms, хотя вы найдёте работу с обычными HTML-формами довольно комфортной уже через некоторое время. Несмотря на то, что работа с XForms не для новичков, они могут показаться вам интересными. В разделе возможностей PHP у нас также есть короткое введение в обработку данных из XForms.
User Contributed Notes 3 notes
According to the HTTP specification, you should use the POST method when you’re using the form to change the state of something on the server end. For example, if a page has a form to allow users to add their own comments, like this page here, the form should use POST. If you click «Reload» or «Refresh» on a page that you reached through a POST, it’s almost always an error — you shouldn’t be posting the same comment twice — which is why these pages aren’t bookmarked or cached.
You should use the GET method when your form is, well, getting something off the server and not actually changing anything. For example, the form for a search engine should use GET, since searching a Web site should not be changing anything that the client might care about, and bookmarking or caching the results of a search-engine query is just as useful as bookmarking or caching a static HTML page.
Also, don’t ever use GET method in a form that capture passwords and other things that are meant to be hidden.