Web lists-archives.com

Re: [PHP] Tutorial on Re-filling form data?




On Thu, Jun 22, 2017 at 9:58 PM, AshleySheridan <ash@xxxxxxxxxxxxxxxxxxxx>
wrote:

> On Thu, 2017-06-22 at 19:07 -0400, Aziz Saleh wrote:
> > On Thu, Jun 22, 2017 at 2:15 PM, leam hall <leamhall@xxxxxxxxx>
> > wrote:
> >
> > >
> > > Using PHP 5 and not OOP savvy.
> > >
> > > I have a form that gives the user options. On submit it calls
> > > itself
> > > and if the $_POST variable is set produces the result of the form
> > > choices. However, it currently resets all the form options to
> > > default
> > > values.
> > >
> > > Is there a tutorial somewhere on how to keep the existing form
> > > choices
> > > in place, unless the user changes the selection and resubmits?
> > >
> > > Thanks!
> > >
> > > Leam
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> > You just want the ability to have the inputs pre-selected based on
> > user
> > input? Shouldn't be hard by doing the same thing you did for the
> > actual
> > form submit for each input.
> >
> > Ex:
> > <input type="text" id="username" name="username" value="<?php echo
> > (isset($_POST['username']) ? $_POST['username'] : '';?>" />
> >
> > You would do the same with radio/check/select, but in a different
> > manner of
> > course.
> >
> > Ps: Your email went to spam, thus the late reply.
>
> And now you've just introduced an XSS vulnerability into your
> application. Never, ever, ever trust user input; that includes all form
> data, cookies, uploads, and even the URL they request. All it takes is
> one user out of a million to be a dick, and you've got a day of
> headache and problems to fix, if you're lucky. If you want to use user
> input in your output, then escape it before outputting it.
>
> This goes for all your form fields, select lists are not immune from
> tampered values.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Thanks! My bad for missing that.