Web lists-archives.com

Re: [PHP] Tutorial on Re-filling form data?




On Thu, 2017-06-22 at 19:07 -0400, Aziz Saleh wrote:
> On Thu, Jun 22, 2017 at 2:15 PM, leam hall <leamhall@xxxxxxxxx>
> wrote:
> 
> > 
> > Using PHP 5 and not OOP savvy.
> > 
> > I have a form that gives the user options. On submit it calls
> > itself
> > and if the $_POST variable is set produces the result of the form
> > choices. However, it currently resets all the form options to
> > default
> > values.
> > 
> > Is there a tutorial somewhere on how to keep the existing form
> > choices
> > in place, unless the user changes the selection and resubmits?
> > 
> > Thanks!
> > 
> > Leam
> > 
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> > 
> > 
> You just want the ability to have the inputs pre-selected based on
> user
> input? Shouldn't be hard by doing the same thing you did for the
> actual
> form submit for each input.
> 
> Ex:
> <input type="text" id="username" name="username" value="<?php echo
> (isset($_POST['username']) ? $_POST['username'] : '';?>" />
> 
> You would do the same with radio/check/select, but in a different
> manner of
> course.
> 
> Ps: Your email went to spam, thus the late reply.

And now you've just introduced an XSS vulnerability into your
application. Never, ever, ever trust user input; that includes all form
data, cookies, uploads, and even the URL they request. All it takes is
one user out of a million to be a dick, and you've got a day of
headache and problems to fix, if you're lucky. If you want to use user
input in your output, then escape it before outputting it.

This goes for all your form fields, select lists are not immune from
tampered values.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php