How do you handle forms?

maZtah · 03-11-2008, 01:45 PM

I'm curious how you handle submitted forms.

Like, do you just do static handling like $szName = $_POST['name']; or do you check all fields in a loop, or..?

And if you do, how do you send forms to your email-inbox?

Just curious :)

Oh, me myself.. I do it mostly the static way :)

Gareth · 03-11-2008, 01:50 PM

I normally use a static method. For example I may have:

PHP Code:


			

$vName = makeSafe($_POST['name']);

One should never directly use submitted data. It should always be sanitised by a function, i.e. makeSafe in my example above.

maZtah · 03-11-2008, 01:54 PM

Yeah, I always use mysql_real_escape_string when inserting submitted data into a database.

But my question was more how to process submitted forms, not how to secure them. ;)

freenity · 03-11-2008, 04:27 PM

PHP Code:


			
if ($_POST['submit'])
{
   $name = $_POST['name'];
    $email = $_POST['email'];
....
}

That's how I process them.
To send the thing to your email, just make a text, insert the post variables where needed and send that msg.
Check this code to how send mails: Gaming With PHP Blog Archive Send mails even to hotmail boxes

Gareth · 03-11-2008, 06:47 PM

You should read TalkPHP - Sending Emails with the Zend Framework for sending emails :)

TlcAndres · 03-11-2008, 07:31 PM

PHP Code:


			
function processArray($post=array())
{
    $misArrs = true;
    foreach(array_keys($post) as $key)
    {
        if(empty($post[$key]))
        {
            $misArrs[] = $key;
        }
    }

    return $misArrs;
}

Haven't tried it but it should work fine and dandy.

maZtah · 03-12-2008, 11:49 AM

I played a abit with it, this is also a way I came up with:

PHP Code:


			
foreach ($_POST as $szKey => $szValue)

{

     $aForm[$szKey] = secureInput($szValue);

}

Then you have all the fields in the $aForm array. So when you want to echo the fields just do echo $aForm['name'];. Easy as that.

abiko · 03-12-2008, 12:20 PM

I use Inspekt for all my superglobals :)
Just make a POST cage and assign values

PHP Code:


			
$post = Inspekt::makePostCage();

$name = $post->getRaw('post_name');

Easy as that

Nor · 03-13-2008, 01:38 PM

:)

PHP Code:


			
getPost("postname");

custom ;P

ReSpawN · 03-13-2008, 06:25 PM

There is such a thing of reinventing the wheel you know.

Gareth · 03-13-2008, 06:33 PM

Nor, surely $_POST['postname']; is shorter than getPost("postname"); ?

Edit: Ahh, just thought; do you clean the input in the getPost function as well?

wiifanatic · 03-14-2008, 12:15 AM

PHP Code:


			
Forms::postDual('postname');
Forms::postHTML('postname');
Forms::postStrip('postname');

Yes, its a custom class.

Nor · 03-14-2008, 03:45 AM

Quote:

Originally Posted by Gareth

Nor, surely $_POST['postname']; is shorter than getPost("postname"); ?

Edit: Ahh, just thought; do you clean the input in the getPost function as well?

yep ;).., :P

Code:

function getPost($string)
{
	if( isset($_POST[ $string ]) )
	{
		if( empty( $_POST[ $string] ) ) return null;
		return stripslashes( htmlentities( $_POST[ $string ] , ENT_QUOTES ) );
	}
	return false;
}

stewart · 03-14-2008, 10:13 PM

Quote:

Originally Posted by maZtah

I played a abit with it, this is also a way I came up with:

PHP Code:


			
foreach ($_POST as $szKey => $szValue)

{

     $aForm[$szKey] = secureInput($szValue);

}

Then you have all the fields in the $aForm array. So when you want to echo the fields just do echo $aForm['name'];. Easy as that.

I was going to suggest that

Easiest way to go through and escape all of the input/post values.