TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   General (http://www.talkphp.com/general/)
-   -   How do you handle forms? (http://www.talkphp.com/general/2459-how-do-you-handle-forms.html)

maZtah 03-11-2008 01:45 PM
How do you handle forms?
 
I'm curious how you handle submitted forms.

Like, do you just do static handling like $szName = $_POST['name']; or do you check all fields in a loop, or..?

And if you do, how do you send forms to your email-inbox?

Just curious :)


Oh, me myself.. I do it mostly the static way :)

Gareth 03-11-2008 01:50 PM
I normally use a static method. For example I may have:

PHP Code:

$vName makeSafe($_POST['name']); 
One should never directly use submitted data. It should always be sanitised by a function, i.e. makeSafe in my example above.

maZtah 03-11-2008 01:54 PM
Yeah, I always use mysql_real_escape_string when inserting submitted data into a database.

But my question was more how to process submitted forms, not how to secure them. ;)

freenity 03-11-2008 04:27 PM
PHP Code:
if ($_POST['submit'])
{
   $name $_POST['name'];
    $email $_POST['email'];
....
That's how I process them.
To send the thing to your email, just make a text, insert the post variables where needed and send that msg.
Check this code to how send mails: Gaming With PHP Blog Archive Send mails even to hotmail boxes

Gareth 03-11-2008 06:47 PM
You should read TalkPHP - Sending Emails with the Zend Framework for sending emails :)

TlcAndres 03-11-2008 07:31 PM
PHP Code:
function processArray($post=array())
{
    $misArrs true;
    foreach(array_keys($post) as $key)
    {
        if(empty($post[$key]))
        {
            $misArrs[] = $key;
        }
    }

    return $misArrs;
Haven't tried it but it should work fine and dandy.

maZtah 03-12-2008 11:49 AM
I played a abit with it, this is also a way I came up with:

PHP Code:
foreach ($_POST as $szKey => $szValue)
{
     $aForm[$szKey] = secureInput($szValue);

Then you have all the fields in the $aForm array. So when you want to echo the fields just do echo $aForm['name'];. Easy as that.

abiko 03-12-2008 12:20 PM
I use Inspekt for all my superglobals :)
Just make a POST cage and assign values
PHP Code:
$post Inspekt::makePostCage();
$name $post->getRaw('post_name'); 
Easy as that :-D

Nor 03-13-2008 01:38 PM
:)
PHP Code:
getPost("postname"); 
custom ;P

ReSpawN 03-13-2008 06:25 PM
There is such a thing of reinventing the wheel you know. :-P

Gareth 03-13-2008 06:33 PM
Nor, surely $_POST['postname']; is shorter than getPost("postname"); ?

Edit: Ahh, just thought; do you clean the input in the getPost function as well?

wiifanatic 03-14-2008 12:15 AM
PHP Code:
Forms::postDual('postname');
Forms::postHTML('postname');
Forms::postStrip('postname'); 
Yes, its a custom class.

Nor 03-14-2008 03:45 AM
Quote:
Originally Posted by Gareth (Post 12365)
Nor, surely $_POST['postname']; is shorter than getPost("postname"); ?

Edit: Ahh, just thought; do you clean the input in the getPost function as well?
yep ;).., :P

Code:
function getPost($string)
{
        if( isset($_POST[ $string ]) )
        {
                if( empty( $_POST[ $string] ) ) return null;
                return stripslashes( htmlentities( $_POST[ $string ] , ENT_QUOTES ) );
        }
        return false;
}

stewart 03-14-2008 10:13 PM
Quote:
Originally Posted by maZtah (Post 12303)
I played a abit with it, this is also a way I came up with:

PHP Code:
foreach ($_POST as $szKey => $szValue)
{
     $aForm[$szKey] = secureInput($szValue);

Then you have all the fields in the $aForm array. So when you want to echo the fields just do echo $aForm['name'];. Easy as that.
I was going to suggest that ^^

Easiest way to go through and escape all of the input/post values.


All times are GMT. The time now is 04:29 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0